FortiGate by HTTP
Overview
This template is designed for the effortless deployment of FortiGate monitoring by Zabbix via HTTP and doesn't require any external scripts.
Requirements
Zabbix version: 7.2 and higher.
Tested versions
This template has been tested on:
- FortiGate v7.4.0
Configuration
Zabbix should be configured according to the instructions in the Templates out of the box section.
Setup
- On the FortiGate GUI, select
System > Admin Profiles > Create New
. - Enter a profile name (ex. zabbix_ro) and enable all the Read permissions. Please note the profile name, it will be used a bit later.
- Go to
System > Administrators > Create New > REST API Admin
. - Enter the API-user's name and select the profile name you created in step 2.
- The trusted host can be specified to ensure that only Zabbix server can reach the FortiGate.
- Click OK and an API token will be generated. Make a note of the API token as it's only shown once and cannot be retrieved.
- Put the API token into
{$FGATE.API.TOKEN}
macro. - Set your FortiGate GUI IP/FQDN as
{$FGATE.API.FQDN}
macro value. - If FortiGate GUI uses HTTPS, put https value into
{$FGATE.SCHEME}
macro and 443 into{$FGATE.API.PORT}
macro. - If FortiGate GUI port differs from the standard one, specify it in
{$FGATE.API.PORT}
macro.
Please, refer to the vendor documentation about the FortiGate REST API Authentication.
Macros used
Name | Description | Default |
---|---|---|
{$FGATE.SCHEME} | Request scheme which may be http or https. |
http |
{$FGATE.API.FQDN} | FortiGate API FQDN/IP (ex. ngfw.example.com). |
|
{$FGATE.API.TOKEN} | FortiGate API token. |
|
{$FGATE.API.PORT} | The port of FortiGate API endpoint. |
80 |
{$FGATE.DATA.TIMEOUT} | Response timeout for an API. |
15s |
{$FGATE.HTTP.PROXY} | HTTP proxy for API requests. You can specify it using the format [protocol://][username[:password]@]proxy.example.com[:port]. See the documentation at https://www.zabbix.com/documentation/7.2/manual/config/items/itemtypes/http |
|
{$FIRMWARE.UPDATES.CONTROL} | This macro is used in "New available firmware found" trigger. |
1 |
{$CPU.UTIL.WARN} | Threshold of CPU utilization for warning trigger in %. |
85 |
{$CPU.UTIL.CRIT} | Threshold of CPU utilization for critical trigger in %. |
95 |
{$MEMORY.UTIL.WARN} | Threshold of memory utilization for warning trigger in %. |
80 |
{$MEMORY.UTIL.CRIT} | Threshold of memory utilization for critical trigger in %. |
90 |
{$DISK.FREE.WARN} | Threshold of disk free space for warning trigger in %. |
20 |
{$DISK.FREE.CRIT} | Threshold of disk free space for critical trigger in %. |
10 |
{$NET.IF.CONTROL} | Macro for operational state of the interface for "Link down" trigger. Can be used with interface name as context. |
1 |
{$NET.IF.ERRORS.WARN} | Threshold of error packets rate for warning trigger. Can be used with interface name as context. |
2 |
{$NET.IF.UTIL.MAX} | Threshold of interface bandwidth utilization for warning trigger in %. Can be used with interface name as context. |
95 |
{$NET.IF.IFDESCR.MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
.* |
{$NET.IF.IFDESCR.NOT_MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$NET.IF.IFNAME.MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
.* |
{$NET.IF.IFNAME.NOT_MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$NET.IF.IFTYPE.MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
.* |
{$NET.IF.IFTYPE.NOT_MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$NET.IF.IFALIAS.MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
.* |
{$NET.IF.IFALIAS.NOT_MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$NET.IF.IFSTATUS.MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
.* |
{$NET.IF.IFSTATUS.NOT_MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$FWP.FWACTION.MATCHES} | This macro is used in Firewall policies discovery. Can be overridden on the host or linked template level. |
.* |
{$FWP.FWACTION.NOT_MATCHES} | This macro is used in Firewall policies discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$FWP.FWTYPE.MATCHES} | This macro is used in Firewall policies discovery. Can be overridden on the host or linked template level. |
.* |
{$FWP.FWTYPE.NOT_MATCHES} | This macro is used in Firewall policies discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$FWP.FWNAME.MATCHES} | This macro is used in Firewall policies discovery. Can be overridden on the host or linked template level. |
.* |
{$FWP.FWNAME.NOT_MATCHES} | This macro is used in Firewall policies discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SERVICE.EXPIRY.WARN} | Number of days until the license expires. |
7 |
{$SERVICE.LICENSE.CONTROL} | This macro is used in Service discovery. Can be used with interface name as context. |
1 |
{$SERVICE.KEY.MATCHES} | This macro is used in Service discovery. Can be overridden on the host or linked template level. |
.* |
{$SERVICE.KEY.NOT_MATCHES} | This macro is used in Service discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SERVICE.STATUS.MATCHES} | This macro is used in Service discovery. Can be overridden on the host or linked template level. |
.* |
{$SERVICE.STATUS.NOT_MATCHES} | This macro is used in Service discovery. Can be overridden on the host or linked template level. |
(no_support|no_license) |
{$SERVICE.TYPE.MATCHES} | This macro is used in Service discovery. Can be overridden on the host or linked template level. |
.* |
{$SERVICE.TYPE.NOT_MATCHES} | This macro is used in Service discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.MEMBER.IF.CONTROL} | Macro for the interface state for "Link down" trigger. Can be used with interface name as context. |
1 |
{$SDWAN.MEMBER.ID.MATCHES} | This macro is used in SD-WAN members discovery. Can be overridden on the host or linked template level. |
.* |
{$SDWAN.MEMBER.ID.NOT_MATCHES} | This macro is used in SD-WAN members discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.MEMBER.NAME.MATCHES} | This macro is used in SD-WAN members discovery. Can be overridden on the host or linked template level. |
.* |
{$SDWAN.MEMBER.NAME.NOT_MATCHES} | This macro is used in SD-WAN members discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.MEMBER.STATUS.MATCHES} | This macro is used in SD-WAN members discovery. Can be overridden on the host or linked template level. |
.* |
{$SDWAN.MEMBER.STATUS.NOT_MATCHES} | This macro is used in SD-WAN members discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.MEMBER.ZONE.MATCHES} | This macro is used in SD-WAN members discovery. Can be overridden on the host or linked template level. |
.* |
{$SDWAN.MEMBER.ZONE.NOT_MATCHES} | This macro is used in SD-WAN members discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.HEALTH.IF.CONTROL} | Macro for the interface state for "Link down" trigger. Can be used with interface name as context. |
1 |
{$SDWAN.HEALTH.ID.MATCHES} | This macro is used in SD-WAN health-checks discovery. Can be overridden on the host or linked template level. |
.* |
{$SDWAN.HEALTH.ID.NOT_MATCHES} | This macro is used in SD-WAN health-checks discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.HEALTH.NAME.MATCHES} | This macro is used in SD-WAN health-checks discovery. Can be overridden on the host or linked template level. |
.* |
{$SDWAN.HEALTH.NAME.NOT_MATCHES} | This macro is used in SD-WAN health-checks discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.HEALTH.IFNAME.MATCHES} | This macro is used in SD-WAN health-checks discovery. Can be overridden on the host or linked template level. |
.* |
{$SDWAN.HEALTH.IFNAME.NOT_MATCHES} | This macro is used in SD-WAN health-checks discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.HEALTH.STATUS.MATCHES} | This macro is used in SD-WAN health-checks discovery. Can be overridden on the host or linked template level. |
.* |
{$SDWAN.HEALTH.STATUS.NOT_MATCHES} | This macro is used in SD-WAN health-checks discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.HEALTH.IF.LOSS.WARN} | Threshold of packets loss for warning trigger in %. Can be used with interface name as context. |
20 |
Items
Name | Description | Type | Key and additional info |
---|---|---|---|
Check port availability | Simple check | net.tcp.service["{$FGATE.SCHEME}","{$FGATE.API.FQDN}","{$FGATE.API.PORT}"] Preprocessing
|
|
Get system info | Item for gathering device system info from FortiGate API. |
HTTP agent | fgate.system.get_data Preprocessing
|
Device system info item errors | Item for gathering errors of the device system info. |
Dependent item | fgate.system.data_errors Preprocessing
|
API availability status | Checking API availability by response. |
Dependent item | fgate.api.status Preprocessing
|
Get firmware info | Item for gathering device firmware info from FortiGate API. |
HTTP agent | fgate.firmware.get_data Preprocessing
|
Device firmware info item errors | Item for gathering errors of the device firmware info. |
Dependent item | fgate.firmware.data_errors Preprocessing
|
Get service licenses | Item for gathering information about service licenses from FortiGate API. |
Script | fgate.service.get_data |
Service licenses item errors | Item for gathering errors of the service licenses data. |
Dependent item | fgate.service.data_errors Preprocessing
|
Get resources data | Item for gathering device resource data from FortiGate API. |
Script | fgate.resources.get_data |
Device resources item errors | Item for gathering errors of the device resources. |
Dependent item | fgate.resources.data_errors Preprocessing
|
Get interfaces data | Item for gathering network interfaces info from FortiGate API. |
Script | fgate.netif.get_data |
Device interfaces item errors | Item for gathering errors of network interfaces. |
Dependent item | fgate.netif.data_errors Preprocessing
|
Get SD-WAN data | Item for gathering SD-WAN information from FortiGate API. |
Script | fgate.sdwan.get_data |
Get SD-WAN item errors | Item for gathering errors of SD-WAN. |
Dependent item | fgate.sdwan.data_errors Preprocessing
|
Get firewall data | Item for gathering firewall policies info from FortiGate API. |
Script | fgate.fwp.get_data |
Firewall data item errors | Item for gathering errors of firewall policies. |
Dependent item | fgate.fwp.data_errors Preprocessing
|
Available firmware versions | Number of available firmware versions to download. |
Dependent item | fgate.device.firmwares_avail Preprocessing
|
Device firmware version | Current version of the device firmware. |
Dependent item | fgate.device.firmware Preprocessing
|
Device model name | The model name of the device. |
Dependent item | fgate.device.model Preprocessing
|
Device serial number | The device serial number. |
Dependent item | fgate.device.serialnumber Preprocessing
|
Current VDOM | Name of the current Virtual Domain. |
Dependent item | fgate.device.vdom Preprocessing
|
System name | The system host name. |
Dependent item | fgate.name Preprocessing
|
System uptime | The system uptime is calculated on the basis of boot time. |
Dependent item | fgate.uptime Preprocessing
|
Number of CPUs | Number of processors according to the current license. |
Dependent item | fgate.cpu.num Preprocessing
|
CPU utilization | CPU utilization, expressed in %. |
Dependent item | fgate.cpu.util Preprocessing
|
Total memory | Total memory, expressed in bytes. |
Dependent item | fgate.memory.total Preprocessing
|
Memory utilization | Memory utilization, expressed in %. |
Dependent item | fgate.memory.util Preprocessing
|
Total disk space | The total space of the current disk, in bytes. |
Dependent item | fgate.fs.total Preprocessing
|
Used disk space | The used space of the current disk, in bytes. |
Dependent item | fgate.fs.used Preprocessing
|
Free disk space | The free space of the current disk, in bytes. |
Dependent item | fgate.fs.free Preprocessing
|
Disk utilization | Disk utilization, expressed in %. |
Dependent item | fgate.fs.util Preprocessing
|
Triggers
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
FortiGate: Port {$FGATE.API.PORT} is unavailable | last(/FortiGate by HTTP/net.tcp.service["{$FGATE.SCHEME}","{$FGATE.API.FQDN}","{$FGATE.API.PORT}"])=0 |
Average | Manual close: Yes | |
FortiGate: There are errors in the 'Get system info' metric | length(last(/FortiGate by HTTP/fgate.system.data_errors))>0 and length(last(/FortiGate by HTTP/fgate.system.data_errors,#1:now-1m))>0 and nodata(/FortiGate by HTTP/fgate.system.data_errors,2m)=0 |
Warning | Depends on:
|
|
FortiGate: Unexpected response from API | Received an unexpected response from API. It may be unavailable. |
last(/FortiGate by HTTP/fgate.api.status)=0 |
Average | Depends on:
|
FortiGate: There are errors in the 'Get firmware info' metric | length(last(/FortiGate by HTTP/fgate.firmware.data_errors))>0 and length(last(/FortiGate by HTTP/fgate.firmware.data_errors,#1:now-1m))>0 and nodata(/FortiGate by HTTP/fgate.firmware.data_errors,2m)=0 |
Warning | Depends on:
|
|
FortiGate: There are errors in the 'Get service licenses' metric | length(last(/FortiGate by HTTP/fgate.service.data_errors))>0 and length(last(/FortiGate by HTTP/fgate.service.data_errors,#1:now-1m))>0 and nodata(/FortiGate by HTTP/fgate.service.data_errors,2m)=0 |
Warning | Depends on:
|
|
FortiGate: There are errors in the 'Get resources data' metric | length(last(/FortiGate by HTTP/fgate.resources.data_errors))>0 and length(last(/FortiGate by HTTP/fgate.resources.data_errors,#1:now-1m))>0 and nodata(/FortiGate by HTTP/fgate.resources.data_errors,2m)=0 |
Warning | Depends on:
|
|
FortiGate: There are errors in the 'Get interfaces data' metric | length(last(/FortiGate by HTTP/fgate.netif.data_errors))>0 and length(last(/FortiGate by HTTP/fgate.netif.data_errors,#1:now-1m))>0 and nodata(/FortiGate by HTTP/fgate.netif.data_errors,2m)=0 |
Warning | Depends on:
|
|
FortiGate: There are errors in the 'Get SD-WAN data' metric | length(last(/FortiGate by HTTP/fgate.sdwan.data_errors))>0 and length(last(/FortiGate by HTTP/fgate.sdwan.data_errors,#1:now-1m))>0 and nodata(/FortiGate by HTTP/fgate.sdwan.data_errors,2m)=0 |
Warning | Depends on:
|
|
FortiGate: There are errors in the 'Get firewall policies data' metric | length(last(/FortiGate by HTTP/fgate.fwp.data_errors))>0 and length(last(/FortiGate by HTTP/fgate.fwp.data_errors,#1:now-1m))>0 and nodata(/FortiGate by HTTP/fgate.fwp.data_errors,2m)=0 |
Warning | Depends on:
|
|
FortiGate: New available firmware found | New available firmware versions found to download. |
{$FIRMWARE.UPDATES.CONTROL}=1 and last(/FortiGate by HTTP/fgate.device.firmwares_avail)>0 |
Info | Manual close: Yes |
FortiGate: Device has been replaced | Device serial number has changed. Acknowledge to close the problem manually. |
last(/FortiGate by HTTP/fgate.device.serialnumber,#1)<>last(/FortiGate by HTTP/fgate.device.serialnumber,#2) and length(last(/FortiGate by HTTP/fgate.device.serialnumber))>0 |
Info | Manual close: Yes |
FortiGate: System name has changed | The name of the system has changed. Acknowledge to close the problem manually. |
last(/FortiGate by HTTP/fgate.name,#1)<>last(/FortiGate by HTTP/fgate.name,#2) and length(last(/FortiGate by HTTP/fgate.name))>0 |
Info | Manual close: Yes |
FortiGate: Device has been restarted | Uptime is less than 10 minutes. |
last(/FortiGate by HTTP/fgate.uptime)<10m |
Info | Manual close: Yes |
FortiGate: CPU utilization is too high | The CPU utilization is too high. The system might be slow to respond. |
min(/FortiGate by HTTP/fgate.cpu.util,5m)>{$CPU.UTIL.CRIT} |
High | |
FortiGate: CPU utilization is high | The CPU utilization is high. |
min(/FortiGate by HTTP/fgate.cpu.util,5m)>{$CPU.UTIL.WARN} |
Warning | Depends on:
|
FortiGate: Memory utilization is too high | Free memory size is too low. |
min(/FortiGate by HTTP/fgate.memory.util,5m)>{$MEMORY.UTIL.CRIT} |
High | |
FortiGate: Memory utilization is high | The system is running out of free memory. |
min(/FortiGate by HTTP/fgate.memory.util,5m)>{$MEMORY.UTIL.WARN} |
Average | Depends on:
|
FortiGate: Free disk space is too low | Left disk space is too low. |
(100-last(/FortiGate by HTTP/fgate.fs.util))<{$DISK.FREE.CRIT} |
High | |
FortiGate: Free disk space is low | Left disk space is not enough. |
(100-last(/FortiGate by HTTP/fgate.fs.util))<{$DISK.FREE.WARN} |
Warning | Depends on:
|
LLD rule Firewall policies discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Firewall policies discovery | Discovery for FortiGate firewall policies. |
Dependent item | fgate.fwp.discovery Preprocessing
|
Item prototypes for Firewall policies discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
FW Policy [{#FWNAME}]: Get data | Item for gathering data for the {#FWNAME} firewall policy. |
Dependent item | fgate.fwp.get_data[{#FWUUID}] Preprocessing
|
FW Policy [{#FWNAME}]: Active sessions | Number of active sessions covered by this rule. |
Dependent item | fgate.fwp.sessions[{#FWUUID}] Preprocessing
|
FW Policy [{#FWNAME}]: Software processed bytes | Number of bytes processed only by the software firewall. |
Dependent item | fgate.fwp.sw_bytes[{#FWUUID}] Preprocessing
|
FW Policy [{#FWNAME}]: Hardware processed bytes | Number of bytes processed only by the hardware (ASIC) firewall. |
Dependent item | fgate.fwp.hw_bytes[{#FWUUID}] Preprocessing
|
FW Policy [{#FWNAME}]: Total bytes processed | Number of bytes processed by both the software and hardware (ASIC) firewall. |
Dependent item | fgate.fwp.bytes[{#FWUUID}] Preprocessing
|
FW Policy [{#FWNAME}]: Hits into the policy | Number of packets hit into the firewall policy per second. |
Dependent item | fgate.fwp.hits[{#FWUUID}] Preprocessing
|
FW Policy [{#FWNAME}]: Last using time | The time at which the firewall policy was used the last time. |
Dependent item | fgate.fwp.last_used[{#FWUUID}] Preprocessing
|
FW Policy [{#FWNAME}]: Action | The firewall policy action (accept / deny / ipsec). |
Dependent item | fgate.fwp.action[{#FWUUID}] Preprocessing
|
FW Policy [{#FWNAME}]: Status | The firewall policy status. |
Dependent item | fgate.fwp.status[{#FWUUID}] Preprocessing
|
LLD rule Service discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Service discovery | Discovery for FortiGate services. |
Dependent item | fgate.service.discovery Preprocessing
|
Item prototypes for Service discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Service [{#NAME}]: Get data | Item for gathering data about license for the {#NAME} service. |
Dependent item | fgate.service.get_data["{#KEY}"] Preprocessing
|
Service [{#NAME}]: License status | Current license status of the {#NAME} service. |
Dependent item | fgate.service.license["{#KEY}"] Preprocessing
|
Service [{#NAME}]: Service type | Current type of the {#NAME} service. |
Dependent item | fgate.service.type["{#KEY}"] Preprocessing
|
Service [{#NAME}]: Service version | Current version of the {#NAME} service. |
Dependent item | fgate.service.version["{#KEY}"] Preprocessing
|
Service [{#NAME}]: Expiration date | Expiration date for the license of the current service. |
Dependent item | fgate.service.expire["{#KEY}"] Preprocessing
|
Service [{#NAME}]: Last update time | Last update time of the current service. |
Dependent item | fgate.service.update_time["{#KEY}"] Preprocessing
|
Service [{#NAME}]: Last attempt to update | Last update attempt time of the current service. |
Dependent item | fgate.service.update_attempt["{#KEY}"] Preprocessing
|
Service [{#NAME}]: Update method | Current update method of the {#NAME} service. |
Dependent item | fgate.service.update_method["{#KEY}"] Preprocessing
|
Service [{#NAME}]: Update result | Last update result of the {#NAME} service. |
Dependent item | fgate.service.update_result["{#KEY}"] Preprocessing
|
Trigger prototypes for Service discovery
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
FortiGate: Service [{#NAME}]: License status is unsuccessful | This trigger expression works as follows: |
{$SERVICE.LICENSE.CONTROL:"{#KEY}"}=1 and last(/FortiGate by HTTP/fgate.service.license["{#KEY}"])>5 |
Average | Manual close: Yes |
FortiGate: Service [{#NAME}]: License expires soon | This trigger expression works as follows: |
{$SERVICE.LICENSE.CONTROL:"{#KEY}"}=1 and (last(/FortiGate by HTTP/fgate.service.expire["{#KEY}"]) - now()) / 86400 < {$SERVICE.EXPIRY.WARN:"{#KEY}"} and last(/FortiGate by HTTP/fgate.service.expire["{#KEY}"]) > now() |
Warning | Manual close: Yes |
LLD rule SD-WAN members discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
SD-WAN members discovery | Discovery for FortiGate SD-WAN members. |
Dependent item | fgate.sdwan_member.discovery Preprocessing
|
Item prototypes for SD-WAN members discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
SD-WAN [{#ZONE}]:[{#NAME}]: Get data | Item for gathering data about the {#NAME} interface in the {#ZONE} zone. |
Dependent item | fgate.sdwan_member.get_data[{#ID}] Preprocessing
|
SD-WAN [{#ZONE}]:[{#NAME}]: Member status | Current status of the {#NAME} interface in the {#ZONE} zone. |
Dependent item | fgate.sdwan_member.status[{#ID}] Preprocessing
|
SD-WAN [{#ZONE}]:[{#NAME}]: Link status | Current link status of the {#NAME} interface in the {#ZONE} zone. |
Dependent item | fgate.sdwan_member.link_status[{#ID}] Preprocessing
|
SD-WAN [{#ZONE}]:[{#NAME}]: Sessions | Number of active sessions opened through the {#NAME} interface in the {#ZONE} zone. |
Dependent item | fgate.sdwan_member.sessions[{#ID}] Preprocessing
|
SD-WAN [{#ZONE}]:[{#NAME}]: Bytes sent per second | Bytes sent through the {#NAME} interface in the {#ZONE} zone per second. |
Dependent item | fgate.sdwan_member.tx_bytes[{#ID}] Preprocessing
|
SD-WAN [{#ZONE}]:[{#NAME}]: Bytes received per second | Bytes received from the {#NAME} interface in the {#ZONE} zone per second. |
Dependent item | fgate.sdwan_member.rx_bytes[{#ID}] Preprocessing
|
SD-WAN [{#ZONE}]:[{#NAME}]: Output bandwidth | Transmitting bandwidth of the {#NAME} interface in the {#ZONE} zone. |
Dependent item | fgate.sdwan_member.tx_bandwidth[{#ID}] Preprocessing
|
SD-WAN [{#ZONE}]:[{#NAME}]: Input bandwidth | Receiving bandwidth of the {#NAME} interface in the {#ZONE} zone. |
Dependent item | fgate.sdwan_member.rx_bandwidth[{#ID}] Preprocessing
|
SD-WAN [{#ZONE}]:[{#NAME}]: State changing time | Last state changing time of the {#NAME} interface in the {#ZONE} zone. |
Dependent item | fgate.service.state_changed[{#ID}] Preprocessing
|
Trigger prototypes for SD-WAN members discovery
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
FortiGate: SD-WAN [{#ZONE}]:[{#NAME}]: Link down | This trigger expression works as follows: |
{$SDWAN.MEMBER.IF.CONTROL:"{#NAME}"}=1 and last(/FortiGate by HTTP/fgate.sdwan_member.link_status[{#ID}])=1 and (last(/FortiGate by HTTP/fgate.sdwan_member.link_status[{#ID}],#1)<>last(/FortiGate by HTTP/fgate.sdwan_member.link_status[{#ID}],#2)) |
Average | Manual close: Yes |
LLD rule SD-WAN health-checks discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
SD-WAN health-checks discovery | Discovery for FortiGate SD-WAN health-checks. |
Dependent item | fgate.sdwan_health.discovery Preprocessing
|
Item prototypes for SD-WAN health-checks discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
SD-WAN [{#NAME}]:[{#IFNAME}]: Get data | Item for gathering data about the {#IFNAME} interface in the {#NAME} health-check. |
Dependent item | fgate.sdwan_health.get_data["{#HID}.{#MID}"] Preprocessing
|
SD-WAN [{#NAME}]:[{#IFNAME}]: Interface status | Current status of the {#IFNAME} interface in the {#NAME} health-check. |
Dependent item | fgate.sdwan_health.status["{#HID}.{#MID}"] Preprocessing
|
SD-WAN [{#NAME}]:[{#IFNAME}]: Jitter | Current jitter value for the {#IFNAME} interface in the {#NAME} health-check. |
Dependent item | fgate.sdwan_health.jitter["{#HID}.{#MID}"] Preprocessing
|
SD-WAN [{#NAME}]:[{#IFNAME}]: Latency | Current latency value for the {#IFNAME} interface in the {#NAME} health-check. |
Dependent item | fgate.sdwan_health.latency["{#HID}.{#MID}"] Preprocessing
|
SD-WAN [{#NAME}]:[{#IFNAME}]: Packets loss | Percent of lost packets for the {#IFNAME} interface in the {#NAME} health-check. |
Dependent item | fgate.sdwan_health.loss["{#HID}.{#MID}"] Preprocessing
|
SD-WAN [{#NAME}]:[{#IFNAME}]: Packets sent per second | Number of packets sent through the {#IFNAME} interface in the {#NAME} health-check per second. |
Dependent item | fgate.sdwan_health.sent["{#HID}.{#MID}"] Preprocessing
|
SD-WAN [{#NAME}]:[{#IFNAME}]: Packets received per second | Number of packets received from the {#IFNAME} interface in the {#NAME} health-check per second. |
Dependent item | fgate.sdwan_health.received["{#HID}.{#MID}"] Preprocessing
|
Trigger prototypes for SD-WAN health-checks discovery
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
FortiGate: SD-WAN [{#NAME}]:[{#IFNAME}]: Link down | This trigger expression works as follows: |
{$SDWAN.HEALTH.IF.CONTROL:"{#NAME}"}=1 and last(/FortiGate by HTTP/fgate.sdwan_health.status["{#HID}.{#MID}"])=1 and (last(/FortiGate by HTTP/fgate.sdwan_health.status["{#HID}.{#MID}"],#1)<>last(/FortiGate by HTTP/fgate.sdwan_health.status["{#HID}.{#MID}"],#2)) |
Average | Manual close: Yes |
FortiGate: SD-WAN [{#NAME}]:[{#IFNAME}]: Link state is error | This trigger expression works as follows: |
{$SDWAN.HEALTH.IF.CONTROL:"{#IFNAME}"}=1 and last(/FortiGate by HTTP/fgate.sdwan_health.status["{#HID}.{#MID}"])=2 and (last(/FortiGate by HTTP/fgate.sdwan_health.status["{#HID}.{#MID}"],#1)<>last(/FortiGate by HTTP/fgate.sdwan_health.status["{#HID}.{#MID}"],#2)) |
Average | Manual close: Yes |
FortiGate: SD-WAN [{#NAME}]:[{#IFNAME}]: High packets loss | High level of packets loss detected. |
min(/FortiGate by HTTP/fgate.sdwan_health.loss["{#HID}.{#MID}"],5m)>{$SDWAN.HEALTH.IF.LOSS.WARN:"{#IFNAME}"} |
Warning |
LLD rule Network interfaces discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Network interfaces discovery | Discovery for FortiGate network interfaces. |
Dependent item | fgate.netif.discovery Preprocessing
|
Item prototypes for Network interfaces discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Interface [{#IFNAME}({#IFALIAS})]: Get data | Item for gathering data for the {#IFKEY} interface. |
Dependent item | fgate.netif.get_data[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Link status | Current link status of the interface. |
Dependent item | fgate.netif.status[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Bits received | The total number of octets received on the interface per second. |
Dependent item | fgate.netif.in[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Inbound packets | The total number of packets received on the interface per second. |
Dependent item | fgate.netif.in_packets[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Bits sent | The total number of octets transmitted out of the interface. |
Dependent item | fgate.netif.out[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Outbound packets | The total number of packets transmitted out of the interface per second. |
Dependent item | fgate.netif.out_packets[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Inbound packets with errors | The total number of errors received. |
Dependent item | fgate.netif.in_errors[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Outbound packets with errors | The total number of errors transmitted. |
Dependent item | fgate.netif.out_errors[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Interface type | Type of the interface. |
Dependent item | fgate.netif.type[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Speed | Speed of the interface. |
Dependent item | fgate.netif.speed[{#IFKEY}] Preprocessing
|
Trigger prototypes for Network interfaces discovery
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
FortiGate: Interface [{#IFNAME}({#IFALIAS})]: Link down | This trigger expression works as follows: |
{$NET.IF.CONTROL:"{#IFNAME}"}=1 and last(/FortiGate by HTTP/fgate.netif.status[{#IFKEY}])=1 and (last(/FortiGate by HTTP/fgate.netif.status[{#IFKEY}],#1)<>last(/FortiGate by HTTP/fgate.netif.status[{#IFKEY}],#2)) |
Average | Manual close: Yes |
FortiGate: Interface [{#IFNAME}({#IFALIAS})]: High bandwidth usage | The utilization of the network interface is close to its estimated maximum bandwidth. |
(avg(/FortiGate by HTTP/fgate.netif.in[{#IFKEY}],15m)>({$NET.IF.UTIL.MAX:"{#IFNAME}"}/100)*last(/FortiGate by HTTP/fgate.netif.speed[{#IFKEY}]) or avg(/FortiGate by HTTP/fgate.netif.out[{#IFKEY}],15m)>({$NET.IF.UTIL.MAX:"{#IFNAME}"}/100)*last(/FortiGate by HTTP/fgate.netif.speed[{#IFKEY}])) and last(/FortiGate by HTTP/fgate.netif.speed[{#IFKEY}])>0 |
Warning | Manual close: Yes Depends on:
|
FortiGate: Interface [{#IFNAME}({#IFALIAS})]: High error rate | It recovers when it is below 80% of the |
min(/FortiGate by HTTP/fgate.netif.in_errors[{#IFKEY}],5m)>{$NET.IF.ERRORS.WARN:"{#IFKEY}"} or min(/FortiGate by HTTP/fgate.netif.in_errors[{#IFKEY}],5m)>{$NET.IF.ERRORS.WARN:"{#IFKEY}"} |
Warning | Manual close: Yes Depends on:
|
FortiGate: Interface [{#IFNAME}({#IFALIAS})]: Ethernet has changed to lower speed than it was before | This Ethernet connection has transitioned down from its known maximum speed. This might be a sign of autonegotiation issues. Acknowledge to close the problem manually. |
change(/FortiGate by HTTP/fgate.netif.speed[{#IFKEY}])<0 and last(/FortiGate by HTTP/fgate.netif.speed[{#IFKEY}])>0 and last(/FortiGate by HTTP/fgate.netif.status[{#IFKEY}])<>0 |
Info | Manual close: Yes Depends on:
|
Feedback
Please report any issues with the template at https://support.zabbix.com
You can also provide feedback, discuss the template, or ask for help at ZABBIX forums