Monitor the FortiGate firewall in an efficient way: Step-by-step guide

In this guide, I’ll show you how to monitor your FortiGate firewall using SNMP and HTTP API in Zabbix. This will help you track performance, detect issues early, and stay in control.

Why Monitor FortiGate with Zabbix?

• Real-time Insights: Keeps you updated on traffic, health, and performance.
• Custom Alerts: Get notified before a small issue becomes a disaster.
• Centralized Monitoring: Manage all your network devices from one place.
• Cost-Effective: Zabbix is free and open-source!

Requirements:

1. Zabbix server (6.0 or above)
2. Fortigate Firewall Access (Enable SNMP)
3. Port 161 ( FortiGate SNMP Access)

How to monitor the FortiGate firewall?

We can achieve by Two methods

1. SNMP
2. REST API (HTTP)

You can choose any one method as per your requirements.

For Full blog check out here

Method 1: Monitor Fortigate Firewall by SNMP

STEP 1: Allow SNMP from the Firewall interface

• Login into your FortiGate firewall and navigate to the interface
• Add the SNMP protocol where the Zabbix network presents the interface.
• In Administrative Access Enable SNMP and click OK.

STEP 2: Enable SNMP Agent on Fortigate

Navigate to System → SNMP and add Create new SNMP configure.

• Community Name: zabbix (← Same should be used in Zabbix)
• IP Address: 192.168.1.1 (← Zabbix IP Address)
• Host Type: Accept queries and send traps

Note: You can also add multiple SNMP client servers here.

• Enable SNMP v2c and Port 161 for queries and 162 traps
• Scroll to the bottom select the metrics as a wish (OR), and leave the default as its.
• Save the config and Apply.

STEP 3: Install SNMP and Verify Connection in Zabbix

Install SNMP on the Zabbix server

Login to the Zabbix server with root access and install SNMP

# ubuntu
apt install snmp snmp-mibs-downloader -y

#Redhat/CentOS/Rocky
yum install snmp snmp-mibs-downloader  -y        

Now verify using snmpwalk

snmpwalk -v2c -c <community_string> <firewall_IP>         

snmpwalk -v2c -c zabbix 13.232.156.45        

Once got above the output. Add host in Zabbix.

Note: If you get no response error, verify your SNMP community name in the firewall config.

STEP 4: Add Fortigate in Zabbix

• Login to Zabbix UI and Navigate Data Collection → hosts →create host
• Hostname: fortigate-firewall
• Templates: Fortigate By SNMP
• Host groups: firewall ( < — as per wish
• Interfaces: Click agent As SNMP
• SNMP: 13.232.156.45 (firewall-IP)
• Port: 161
• SNMP version= SNMPv2
• SNMP Community: zabbix (←same as firewall SNMP config)
• Monitor By: Server (change as per your setup)

For Full blog check out here

Method 2: Monitor Fortigate by HTTP (REST API)

Unlike SNMP, the REST API method has very minimal effort, and with easy configuration, we can monitor Fortigate from Zabbix.

Requirements:

1. FortiGate URL Access ( Zabbix must have a connection to FortiGate web UI)
2. Fortigate API Token

STEP 1: Create API Token on Fortigate Firewall

Login to Firewall and navigate to System →Administrators →Create new user

• Choose as REST API admin

Configure REST API for Zabbix

• username: zabbix
• Administrator profile: super_admin_readonly

and click OK.

Note: We can use the Trusted Hosts section to mention the Zabbix IP for security purposes.

• Now copy the REST API Token. Save into a safe place.

STEP 2: Configure Fortigate on Zabbix UI

Same SNMP device configuration as previously we did.

But minimal configuration configuration changes.

Create a host

• Hostname: Fortigate-firewall-http
• Template: Fortigate by HTTP (← choose HTTP template)
• Host group: firewall (←as you wish)

Configure Fortigate Token

Navigate to the Macros Section

click Inherited and host macros and change the below values accordingly

• {$FGATE.API.FQDN} → 13.232.156.45 (← same as Fortigate URL)

ex: myfortigate.com

• {$FGATE.API.PORT} → 80 (←depends on URL)

If the URL is HTTPS use 443, for HTTP use 80.

• {$FGATE.API.TOKEN} → <Your FortiGate toke here>

Save by clicking Add.

STEP 3: Verify Latest Data

Navigate to Monitoring → Latest data → select the host we created

we can see the metrics are receiving successfully via REST API.

Final Words

Congratulations, you’re now a Zabbix ninja for FortiGate monitoring! By setting up SNMP and HTTP API, you’ve ensured that your firewall is always under watchful eyes. Whether it’s CPU spikes, suspicious traffic, or interface failures, Zabbix has your back.

• Follow: | LinkedIn | Newsletter | LinkedIn Group | GitHub
• More content at DevSecOps — Community