如何配置HA模式的防火墙,使cacti可以snmp监控

有两台1500D,防护墙划分了vdom,config global 配置了snmp 如下:
config system snmp community
    edit 1
        set name "2010"
            config hosts
                edit 1
                    set ip 192.168.2.1 255.255.255.255
                next
接口启用了snmp,snmp v1、v2c

cacti server snmp 连接失败

测试防火墙已经打开了UDP 161 ,允许所有主机访问

除此,防火墙还需要配置其他的吗

 
已邀请:

卜婵敏 - Fortient-卜婵敏

赞同来自: kmliu

如果要连接SNMP,需要进行如下设置:

FortiGate-VM64 # config global

FortiGate-VM64(global) # config system snmp community

FortiGate-VM64(global) # edit 1

FortiGate-VM64 (1) # config hosts

FortiGate-VM64 (1) # edit 1

FortiGate-VM64 (1) # set ha-direct enable

FortiGate-VM64 (1) # end

FortiGate-VM64 (1) # end

kmliu - Fortinet-TAC

赞同来自:

KB链接记录:
FortiGate SNMP polling via the dedicated HA management port

config system ha
    set ha-mgmt-status enable
    set ha-mgmt-interface "mgmt1"
    set ha-mgmt-interface-gateway 10.100.200.254
end

config system interface
    edit "mgmt1"
        set ip 10.100.200.1 255.255.255.0
        set allowaccess ping https ssh snmp fgfm
    next
end

config system snmp community
    edit 1
            config hosts
                edit 1
                    set ha-direct enable
                    set ip 10.100.100.0 255.255.255.0
                next
    next
end

要回复问题请先登录注册