FortiGate by HTTP
Overview
This template is designed for the effortless deployment of FortiGate monitoring by Zabbix via HTTP and doesn't require any external scripts.
Requirements
Zabbix version: 7.4 and higher.
Tested versions
This template has been tested on:
- FortiGate v7.6.4
Configuration
Zabbix should be configured according to the instructions in the Templates out of the box section.
Setup
- On the FortiGate GUI, select
System > Admin Profiles > Create New
. - Enter a profile name (ex. zabbix_ro) and enable all the Read permissions. Please note the profile name, it will be used a bit later.
- Go to
System > Administrators > Create New > REST API Admin
. - Enter the API-user's name and select the profile name you created in step 2.
- The trusted host can be specified to ensure that only Zabbix server can reach the FortiGate.
- Click OK and an API token will be generated. Make a note of the API token as it's only shown once and cannot be retrieved.
- Put the API token into
{$FGATE.API.TOKEN}
macro. - Set your FortiGate GUI IP/FQDN as
{$FGATE.API.FQDN}
macro value. - If FortiGate GUI uses HTTPS, put https value into
{$FGATE.SCHEME}
macro and 443 into{$FGATE.API.PORT}
macro. - If FortiGate GUI port differs from the standard one, specify it in
{$FGATE.API.PORT}
macro.
NOTE: Starting from template version '7.4-1', the API token is used in the request header. For older template versions (where the API token is passed in the URL query parameter), when using FortiGate v7.4.5+, you must enable the following global setting: Using APIs
For added security, it is strongly recommended to use the latest template version, which passes the API token in the request header instead of the URL parameter.
Please, refer to the vendor documentation about the FortiGate REST API Authentication.
Macros used
Name | Description | Default |
---|---|---|
{$FGATE.SCHEME} | Request scheme which may be http or https. |
http |
{$FGATE.API.FQDN} | FortiGate API FQDN/IP (ex. ngfw.example.com). |
|
{$FGATE.API.TOKEN} | FortiGate API token. |
|
{$FGATE.API.PORT} | The port of FortiGate API endpoint. |
80 |
{$FGATE.DATA.TIMEOUT} | Response timeout for an API. |
15s |
{$FGATE.HTTP.PROXY} | HTTP proxy for API requests. You can specify it using the format [protocol://][username[:password]@]proxy.example.com[:port]. See the documentation at https://www.zabbix.com/documentation/7.4/manual/config/items/itemtypes/http |
|
{$FIRMWARE.UPDATES.CONTROL} | This macro is used in "New available firmware found" trigger. |
1 |
{$CPU.UTIL.WARN} | Threshold of CPU utilization for warning trigger in %. |
85 |
{$CPU.UTIL.CRIT} | Threshold of CPU utilization for critical trigger in %. |
95 |
{$MEMORY.UTIL.WARN} | Threshold of memory utilization for warning trigger in %. |
80 |
{$MEMORY.UTIL.CRIT} | Threshold of memory utilization for critical trigger in %. |
90 |
{$DISK.FREE.WARN} | Threshold of disk free space for warning trigger in %. |
20 |
{$DISK.FREE.CRIT} | Threshold of disk free space for critical trigger in %. |
10 |
{$NET.IF.CONTROL} | Macro for operational state of the interface for "Link down" trigger. Can be used with interface name as context. |
1 |
{$NET.IF.ERRORS.WARN} | Threshold of error packets rate for warning trigger. Can be used with interface name as context. |
2 |
{$NET.IF.UTIL.MAX} | Threshold of interface bandwidth utilization for warning trigger in %. Can be used with interface name as context. |
95 |
{$NET.IF.IFDESCR.MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
.* |
{$NET.IF.IFDESCR.NOT_MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$NET.IF.IFNAME.MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
.* |
{$NET.IF.IFNAME.NOT_MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$NET.IF.IFTYPE.MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
.* |
{$NET.IF.IFTYPE.NOT_MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$NET.IF.IFALIAS.MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
.* |
{$NET.IF.IFALIAS.NOT_MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$NET.IF.IFSTATUS.MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
.* |
{$NET.IF.IFSTATUS.NOT_MATCHES} | This macro is used in Network interfaces discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$FWP.FWACTION.MATCHES} | This macro is used in Firewall policies discovery. Can be overridden on the host or linked template level. |
.* |
{$FWP.FWACTION.NOT_MATCHES} | This macro is used in Firewall policies discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$FWP.FWTYPE.MATCHES} | This macro is used in Firewall policies discovery. Can be overridden on the host or linked template level. |
.* |
{$FWP.FWTYPE.NOT_MATCHES} | This macro is used in Firewall policies discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$FWP.FWNAME.MATCHES} | This macro is used in Firewall policies discovery. Can be overridden on the host or linked template level. |
.* |
{$FWP.FWNAME.NOT_MATCHES} | This macro is used in Firewall policies discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SERVICE.EXPIRY.WARN} | Number of days until the license expires. |
7 |
{$SERVICE.LICENSE.CONTROL} | This macro is used in Service discovery. Can be used with interface name as context. |
1 |
{$SERVICE.KEY.MATCHES} | This macro is used in Service discovery. Can be overridden on the host or linked template level. |
.* |
{$SERVICE.KEY.NOT_MATCHES} | This macro is used in Service discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SERVICE.STATUS.MATCHES} | This macro is used in Service discovery. Can be overridden on the host or linked template level. |
.* |
{$SERVICE.STATUS.NOT_MATCHES} | This macro is used in Service discovery. Can be overridden on the host or linked template level. |
(no_support|no_license) |
{$SERVICE.TYPE.MATCHES} | This macro is used in Service discovery. Can be overridden on the host or linked template level. |
.* |
{$SERVICE.TYPE.NOT_MATCHES} | This macro is used in Service discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.MEMBER.IF.CONTROL} | Macro for the interface state for "Link down" trigger. Can be used with interface name as context. |
1 |
{$SDWAN.MEMBER.ID.MATCHES} | This macro is used in SD-WAN members discovery. Can be overridden on the host or linked template level. |
.* |
{$SDWAN.MEMBER.ID.NOT_MATCHES} | This macro is used in SD-WAN members discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.MEMBER.NAME.MATCHES} | This macro is used in SD-WAN members discovery. Can be overridden on the host or linked template level. |
.* |
{$SDWAN.MEMBER.NAME.NOT_MATCHES} | This macro is used in SD-WAN members discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.MEMBER.STATUS.MATCHES} | This macro is used in SD-WAN members discovery. Can be overridden on the host or linked template level. |
.* |
{$SDWAN.MEMBER.STATUS.NOT_MATCHES} | This macro is used in SD-WAN members discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.MEMBER.ZONE.MATCHES} | This macro is used in SD-WAN members discovery. Can be overridden on the host or linked template level. |
.* |
{$SDWAN.MEMBER.ZONE.NOT_MATCHES} | This macro is used in SD-WAN members discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.HEALTH.IF.CONTROL} | Macro for the interface state for "Link down" trigger. Can be used with interface name as context. |
1 |
{$SDWAN.HEALTH.ID.MATCHES} | This macro is used in SD-WAN health-checks discovery. Can be overridden on the host or linked template level. |
.* |
{$SDWAN.HEALTH.ID.NOT_MATCHES} | This macro is used in SD-WAN health-checks discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.HEALTH.NAME.MATCHES} | This macro is used in SD-WAN health-checks discovery. Can be overridden on the host or linked template level. |
.* |
{$SDWAN.HEALTH.NAME.NOT_MATCHES} | This macro is used in SD-WAN health-checks discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.HEALTH.IFNAME.MATCHES} | This macro is used in SD-WAN health-checks discovery. Can be overridden on the host or linked template level. |
.* |
{$SDWAN.HEALTH.IFNAME.NOT_MATCHES} | This macro is used in SD-WAN health-checks discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.HEALTH.STATUS.MATCHES} | This macro is used in SD-WAN health-checks discovery. Can be overridden on the host or linked template level. |
.* |
{$SDWAN.HEALTH.STATUS.NOT_MATCHES} | This macro is used in SD-WAN health-checks discovery. Can be overridden on the host or linked template level. |
CHANGE_IF_NEEDED |
{$SDWAN.HEALTH.IF.LOSS.WARN} | Threshold of packets loss for warning trigger in %. Can be used with interface name as context. |
20 |
Items
Name | Description | Type | Key and additional info |
---|---|---|---|
Check port availability | Simple check | net.tcp.service["{$FGATE.SCHEME}","{$FGATE.API.FQDN}","{$FGATE.API.PORT}"] Preprocessing
|
|
Get system info | Item for gathering device system info from FortiGate API. |
HTTP agent | fgate.system.get_data Preprocessing
|
Device system info item errors | Item for gathering errors of the device system info. |
Dependent item | fgate.system.data_errors Preprocessing
|
API availability status | Checking API availability by response. |
Dependent item | fgate.api.status Preprocessing
|
Get firmware info | Item for gathering device firmware info from FortiGate API. |
HTTP agent | fgate.firmware.get_data Preprocessing
|
Device firmware info item errors | Item for gathering errors of the device firmware info. |
Dependent item | fgate.firmware.data_errors Preprocessing
|
Get service licenses | Item for gathering information about service licenses from FortiGate API. |
Script | fgate.service.get_data |
Service licenses item errors | Item for gathering errors of the service licenses data. |
Dependent item | fgate.service.data_errors Preprocessing
|
Get resources data | Item for gathering device resource data from FortiGate API. |
Script | fgate.resources.get_data |
Device resources item errors | Item for gathering errors of the device resources. |
Dependent item | fgate.resources.data_errors Preprocessing
|
Get interfaces data | Item for gathering network interfaces info from FortiGate API. |
Script | fgate.netif.get_data |
Device interfaces item errors | Item for gathering errors of network interfaces. |
Dependent item | fgate.netif.data_errors Preprocessing
|
Get SD-WAN data | Item for gathering SD-WAN information from FortiGate API. |
Script | fgate.sdwan.get_data |
Get SD-WAN item errors | Item for gathering errors of SD-WAN. |
Dependent item | fgate.sdwan.data_errors Preprocessing
|
Get firewall data | Item for gathering firewall policies info from FortiGate API. |
Script | fgate.fwp.get_data |
Firewall data item errors | Item for gathering errors of firewall policies. |
Dependent item | fgate.fwp.data_errors Preprocessing
|
Available firmware versions | Number of available firmware versions to download. |
Dependent item | fgate.device.firmwares_avail Preprocessing
|
Device firmware version | Current version of the device firmware. |
Dependent item | fgate.device.firmware Preprocessing
|
Device model name | The model name of the device. |
Dependent item | fgate.device.model Preprocessing
|
Device serial number | The device serial number. |
Dependent item | fgate.device.serialnumber Preprocessing
|
Current VDOM | Name of the current Virtual Domain. |
Dependent item | fgate.device.vdom Preprocessing
|
System name | The system host name. |
Dependent item | fgate.name Preprocessing
|
System uptime | The system uptime is calculated on the basis of boot time. |
Dependent item | fgate.uptime Preprocessing
|
Number of CPUs | Number of processors according to the current license. |
Dependent item | fgate.cpu.num Preprocessing
|
CPU utilization | CPU utilization, expressed in %. |
Dependent item | fgate.cpu.util Preprocessing
|
Total memory | Total memory, expressed in bytes. |
Dependent item | fgate.memory.total Preprocessing
|
Memory utilization | Memory utilization, expressed in %. |
Dependent item | fgate.memory.util Preprocessing
|
Total disk space | The total space of the current disk, in bytes. |
Dependent item | fgate.fs.total Preprocessing
|
Used disk space | The used space of the current disk, in bytes. |
Dependent item | fgate.fs.used Preprocessing
|
Free disk space | The free space of the current disk, in bytes. |
Dependent item | fgate.fs.free Preprocessing
|
Disk utilization | Disk utilization, expressed in %. |
Dependent item | fgate.fs.util Preprocessing
|
Triggers
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
FortiGate: Port {$FGATE.API.PORT} is unavailable | last(/FortiGate by HTTP/net.tcp.service["{$FGATE.SCHEME}","{$FGATE.API.FQDN}","{$FGATE.API.PORT}"])=0 |
Average | Manual close: Yes | |
FortiGate: There are errors in the 'Get system info' metric | length(last(/FortiGate by HTTP/fgate.system.data_errors))>0 and length(last(/FortiGate by HTTP/fgate.system.data_errors,#1:now-1m))>0 and nodata(/FortiGate by HTTP/fgate.system.data_errors,2m)=0 |
Warning | Depends on:
|
|
FortiGate: Unexpected response from API | Received an unexpected response from API. It may be unavailable. |
last(/FortiGate by HTTP/fgate.api.status)=0 |
Average | Depends on:
|
FortiGate: There are errors in the 'Get firmware info' metric | length(last(/FortiGate by HTTP/fgate.firmware.data_errors))>0 and length(last(/FortiGate by HTTP/fgate.firmware.data_errors,#1:now-1m))>0 and nodata(/FortiGate by HTTP/fgate.firmware.data_errors,2m)=0 |
Warning | Depends on:
|
|
FortiGate: There are errors in the 'Get service licenses' metric | length(last(/FortiGate by HTTP/fgate.service.data_errors))>0 and length(last(/FortiGate by HTTP/fgate.service.data_errors,#1:now-1m))>0 and nodata(/FortiGate by HTTP/fgate.service.data_errors,2m)=0 |
Warning | Depends on:
|
|
FortiGate: There are errors in the 'Get resources data' metric | length(last(/FortiGate by HTTP/fgate.resources.data_errors))>0 and length(last(/FortiGate by HTTP/fgate.resources.data_errors,#1:now-1m))>0 and nodata(/FortiGate by HTTP/fgate.resources.data_errors,2m)=0 |
Warning | Depends on:
|
|
FortiGate: There are errors in the 'Get interfaces data' metric | length(last(/FortiGate by HTTP/fgate.netif.data_errors))>0 and length(last(/FortiGate by HTTP/fgate.netif.data_errors,#1:now-1m))>0 and nodata(/FortiGate by HTTP/fgate.netif.data_errors,2m)=0 |
Warning | Depends on:
|
|
FortiGate: There are errors in the 'Get SD-WAN data' metric | length(last(/FortiGate by HTTP/fgate.sdwan.data_errors))>0 and length(last(/FortiGate by HTTP/fgate.sdwan.data_errors,#1:now-1m))>0 and nodata(/FortiGate by HTTP/fgate.sdwan.data_errors,2m)=0 |
Warning | Depends on:
|
|
FortiGate: There are errors in the 'Get firewall policies data' metric | length(last(/FortiGate by HTTP/fgate.fwp.data_errors))>0 and length(last(/FortiGate by HTTP/fgate.fwp.data_errors,#1:now-1m))>0 and nodata(/FortiGate by HTTP/fgate.fwp.data_errors,2m)=0 |
Warning | Depends on:
|
|
FortiGate: New available firmware found | New available firmware versions found to download. |
{$FIRMWARE.UPDATES.CONTROL}=1 and last(/FortiGate by HTTP/fgate.device.firmwares_avail)>0 |
Info | Manual close: Yes |
FortiGate: Device has been replaced | Device serial number has changed. Acknowledge to close the problem manually. |
last(/FortiGate by HTTP/fgate.device.serialnumber,#1)<>last(/FortiGate by HTTP/fgate.device.serialnumber,#2) and length(last(/FortiGate by HTTP/fgate.device.serialnumber))>0 |
Info | Manual close: Yes |
FortiGate: System name has changed | The name of the system has changed. Acknowledge to close the problem manually. |
last(/FortiGate by HTTP/fgate.name,#1)<>last(/FortiGate by HTTP/fgate.name,#2) and length(last(/FortiGate by HTTP/fgate.name))>0 |
Info | Manual close: Yes |
FortiGate: Device has been restarted | Uptime is less than 10 minutes. |
last(/FortiGate by HTTP/fgate.uptime)<10m |
Info | Manual close: Yes |
FortiGate: CPU utilization is too high | The CPU utilization is too high. The system might be slow to respond. |
min(/FortiGate by HTTP/fgate.cpu.util,5m)>{$CPU.UTIL.CRIT} |
High | |
FortiGate: CPU utilization is high | The CPU utilization is high. |
min(/FortiGate by HTTP/fgate.cpu.util,5m)>{$CPU.UTIL.WARN} |
Warning | Depends on:
|
FortiGate: Memory utilization is too high | Free memory size is too low. |
min(/FortiGate by HTTP/fgate.memory.util,5m)>{$MEMORY.UTIL.CRIT} |
High | |
FortiGate: Memory utilization is high | The system is running out of free memory. |
min(/FortiGate by HTTP/fgate.memory.util,5m)>{$MEMORY.UTIL.WARN} |
Average | Depends on:
|
FortiGate: Free disk space is too low | Left disk space is too low. |
(100-last(/FortiGate by HTTP/fgate.fs.util))<{$DISK.FREE.CRIT} |
High | |
FortiGate: Free disk space is low | Left disk space is not enough. |
(100-last(/FortiGate by HTTP/fgate.fs.util))<{$DISK.FREE.WARN} |
Warning | Depends on:
|
LLD rule Firewall policies discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Firewall policies discovery | Discovery for FortiGate firewall policies. |
Dependent item | fgate.fwp.discovery Preprocessing
|
Item prototypes for Firewall policies discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
FW Policy [{#FWNAME}]: Get data | Item for gathering data for the {#FWNAME} firewall policy. |
Dependent item | fgate.fwp.get_data[{#FWUUID}] Preprocessing
|
FW Policy [{#FWNAME}]: Active sessions | Number of active sessions covered by this rule. |
Dependent item | fgate.fwp.sessions[{#FWUUID}] Preprocessing
|
FW Policy [{#FWNAME}]: Software processed bytes | Number of bytes processed only by the software firewall. |
Dependent item | fgate.fwp.sw_bytes[{#FWUUID}] Preprocessing
|
FW Policy [{#FWNAME}]: Hardware processed bytes | Number of bytes processed only by the hardware (ASIC) firewall. |
Dependent item | fgate.fwp.hw_bytes[{#FWUUID}] Preprocessing
|
FW Policy [{#FWNAME}]: Total bytes processed | Number of bytes processed by both the software and hardware (ASIC) firewall. |
Dependent item | fgate.fwp.bytes[{#FWUUID}] Preprocessing
|
FW Policy [{#FWNAME}]: Hits into the policy | Number of packets hit into the firewall policy per second. |
Dependent item | fgate.fwp.hits[{#FWUUID}] Preprocessing
|
FW Policy [{#FWNAME}]: Last using time | The time at which the firewall policy was used the last time. |
Dependent item | fgate.fwp.last_used[{#FWUUID}] Preprocessing
|
FW Policy [{#FWNAME}]: Action | The firewall policy action (accept / deny / ipsec). |
Dependent item | fgate.fwp.action[{#FWUUID}] Preprocessing
|
FW Policy [{#FWNAME}]: Status | The firewall policy status. |
Dependent item | fgate.fwp.status[{#FWUUID}] Preprocessing
|
LLD rule Service discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Service discovery | Discovery for FortiGate services. |
Dependent item | fgate.service.discovery Preprocessing
|
Item prototypes for Service discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Service [{#NAME}]: Get data | Item for gathering data about license for the {#NAME} service. |
Dependent item | fgate.service.get_data["{#KEY}"] Preprocessing
|
Service [{#NAME}]: License status | Current license status of the {#NAME} service. |
Dependent item | fgate.service.license["{#KEY}"] Preprocessing
|
Service [{#NAME}]: Service type | Current type of the {#NAME} service. |
Dependent item | fgate.service.type["{#KEY}"] Preprocessing
|
Service [{#NAME}]: Service version | Current version of the {#NAME} service. |
Dependent item | fgate.service.version["{#KEY}"] Preprocessing
|
Service [{#NAME}]: Expiration date | Expiration date for the license of the current service. |
Dependent item | fgate.service.expire["{#KEY}"] Preprocessing
|
Service [{#NAME}]: Last update time | Last update time of the current service. |
Dependent item | fgate.service.update_time["{#KEY}"] Preprocessing
|
Service [{#NAME}]: Last attempt to update | Last update attempt time of the current service. |
Dependent item | fgate.service.update_attempt["{#KEY}"] Preprocessing
|
Service [{#NAME}]: Update method | Current update method of the {#NAME} service. |
Dependent item | fgate.service.update_method["{#KEY}"] Preprocessing
|
Service [{#NAME}]: Update result | Last update result of the {#NAME} service. |
Dependent item | fgate.service.update_result["{#KEY}"] Preprocessing
|
Trigger prototypes for Service discovery
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
FortiGate: Service [{#NAME}]: License status is unsuccessful | This trigger expression works as follows: |
{$SERVICE.LICENSE.CONTROL:"{#KEY}"}=1 and last(/FortiGate by HTTP/fgate.service.license["{#KEY}"])>5 |
Average | Manual close: Yes |
FortiGate: Service [{#NAME}]: License expires soon | This trigger expression works as follows: |
{$SERVICE.LICENSE.CONTROL:"{#KEY}"}=1 and (last(/FortiGate by HTTP/fgate.service.expire["{#KEY}"]) - now()) / 86400 < {$SERVICE.EXPIRY.WARN:"{#KEY}"} and last(/FortiGate by HTTP/fgate.service.expire["{#KEY}"]) > now() |
Warning | Manual close: Yes |
LLD rule SD-WAN members discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
SD-WAN members discovery | Discovery for FortiGate SD-WAN members. |
Dependent item | fgate.sdwan_member.discovery Preprocessing
|
Item prototypes for SD-WAN members discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
SD-WAN [{#ZONE}]:[{#NAME}]: Get data | Item for gathering data about the {#NAME} interface in the {#ZONE} zone. |
Dependent item | fgate.sdwan_member.get_data[{#ID}] Preprocessing
|
SD-WAN [{#ZONE}]:[{#NAME}]: Member status | Current status of the {#NAME} interface in the {#ZONE} zone. |
Dependent item | fgate.sdwan_member.status[{#ID}] Preprocessing
|
SD-WAN [{#ZONE}]:[{#NAME}]: Link status | Current link status of the {#NAME} interface in the {#ZONE} zone. |
Dependent item | fgate.sdwan_member.link_status[{#ID}] Preprocessing
|
SD-WAN [{#ZONE}]:[{#NAME}]: Sessions | Number of active sessions opened through the {#NAME} interface in the {#ZONE} zone. |
Dependent item | fgate.sdwan_member.sessions[{#ID}] Preprocessing
|
SD-WAN [{#ZONE}]:[{#NAME}]: Bytes sent per second | Bytes sent through the {#NAME} interface in the {#ZONE} zone per second. |
Dependent item | fgate.sdwan_member.tx_bytes[{#ID}] Preprocessing
|
SD-WAN [{#ZONE}]:[{#NAME}]: Bytes received per second | Bytes received from the {#NAME} interface in the {#ZONE} zone per second. |
Dependent item | fgate.sdwan_member.rx_bytes[{#ID}] Preprocessing
|
SD-WAN [{#ZONE}]:[{#NAME}]: Output bandwidth | Transmitting bandwidth of the {#NAME} interface in the {#ZONE} zone. |
Dependent item | fgate.sdwan_member.tx_bandwidth[{#ID}] Preprocessing
|
SD-WAN [{#ZONE}]:[{#NAME}]: Input bandwidth | Receiving bandwidth of the {#NAME} interface in the {#ZONE} zone. |
Dependent item | fgate.sdwan_member.rx_bandwidth[{#ID}] Preprocessing
|
SD-WAN [{#ZONE}]:[{#NAME}]: State changing time | Last state changing time of the {#NAME} interface in the {#ZONE} zone. |
Dependent item | fgate.service.state_changed[{#ID}] Preprocessing
|
Trigger prototypes for SD-WAN members discovery
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
FortiGate: SD-WAN [{#ZONE}]:[{#NAME}]: Link down | This trigger expression works as follows: |
{$SDWAN.MEMBER.IF.CONTROL:"{#NAME}"}=1 and last(/FortiGate by HTTP/fgate.sdwan_member.link_status[{#ID}])=1 and (last(/FortiGate by HTTP/fgate.sdwan_member.link_status[{#ID}],#1)<>last(/FortiGate by HTTP/fgate.sdwan_member.link_status[{#ID}],#2)) |
Average | Manual close: Yes |
LLD rule SD-WAN health-checks discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
SD-WAN health-checks discovery | Discovery for FortiGate SD-WAN health-checks. |
Dependent item | fgate.sdwan_health.discovery Preprocessing
|
Item prototypes for SD-WAN health-checks discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
SD-WAN [{#NAME}]:[{#IFNAME}]: Get data | Item for gathering data about the {#IFNAME} interface in the {#NAME} health-check. |
Dependent item | fgate.sdwan_health.get_data["{#HID}.{#MID}"] Preprocessing
|
SD-WAN [{#NAME}]:[{#IFNAME}]: Interface status | Current status of the {#IFNAME} interface in the {#NAME} health-check. |
Dependent item | fgate.sdwan_health.status["{#HID}.{#MID}"] Preprocessing
|
SD-WAN [{#NAME}]:[{#IFNAME}]: Jitter | Current jitter value for the {#IFNAME} interface in the {#NAME} health-check. |
Dependent item | fgate.sdwan_health.jitter["{#HID}.{#MID}"] Preprocessing
|
SD-WAN [{#NAME}]:[{#IFNAME}]: Latency | Current latency value for the {#IFNAME} interface in the {#NAME} health-check. |
Dependent item | fgate.sdwan_health.latency["{#HID}.{#MID}"] Preprocessing
|
SD-WAN [{#NAME}]:[{#IFNAME}]: Packets loss | Percent of lost packets for the {#IFNAME} interface in the {#NAME} health-check. |
Dependent item | fgate.sdwan_health.loss["{#HID}.{#MID}"] Preprocessing
|
SD-WAN [{#NAME}]:[{#IFNAME}]: Packets sent per second | Number of packets sent through the {#IFNAME} interface in the {#NAME} health-check per second. |
Dependent item | fgate.sdwan_health.sent["{#HID}.{#MID}"] Preprocessing
|
SD-WAN [{#NAME}]:[{#IFNAME}]: Packets received per second | Number of packets received from the {#IFNAME} interface in the {#NAME} health-check per second. |
Dependent item | fgate.sdwan_health.received["{#HID}.{#MID}"] Preprocessing
|
Trigger prototypes for SD-WAN health-checks discovery
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
FortiGate: SD-WAN [{#NAME}]:[{#IFNAME}]: Link down | This trigger expression works as follows: |
{$SDWAN.HEALTH.IF.CONTROL:"{#NAME}"}=1 and last(/FortiGate by HTTP/fgate.sdwan_health.status["{#HID}.{#MID}"])=1 and (last(/FortiGate by HTTP/fgate.sdwan_health.status["{#HID}.{#MID}"],#1)<>last(/FortiGate by HTTP/fgate.sdwan_health.status["{#HID}.{#MID}"],#2)) |
Average | Manual close: Yes |
FortiGate: SD-WAN [{#NAME}]:[{#IFNAME}]: Link state is error | This trigger expression works as follows: |
{$SDWAN.HEALTH.IF.CONTROL:"{#IFNAME}"}=1 and last(/FortiGate by HTTP/fgate.sdwan_health.status["{#HID}.{#MID}"])=2 and (last(/FortiGate by HTTP/fgate.sdwan_health.status["{#HID}.{#MID}"],#1)<>last(/FortiGate by HTTP/fgate.sdwan_health.status["{#HID}.{#MID}"],#2)) |
Average | Manual close: Yes |
FortiGate: SD-WAN [{#NAME}]:[{#IFNAME}]: High packets loss | High level of packets loss detected. |
min(/FortiGate by HTTP/fgate.sdwan_health.loss["{#HID}.{#MID}"],5m)>{$SDWAN.HEALTH.IF.LOSS.WARN:"{#IFNAME}"} |
Warning |
LLD rule Network interfaces discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Network interfaces discovery | Discovery for FortiGate network interfaces. |
Dependent item | fgate.netif.discovery Preprocessing
|
Item prototypes for Network interfaces discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Interface [{#IFNAME}({#IFALIAS})]: Get data | Item for gathering data for the {#IFKEY} interface. |
Dependent item | fgate.netif.get_data[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Link status | Current link status of the interface. |
Dependent item | fgate.netif.status[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Bits received | The total number of octets received on the interface per second. |
Dependent item | fgate.netif.in[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Inbound packets | The total number of packets received on the interface per second. |
Dependent item | fgate.netif.in_packets[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Bits sent | The total number of octets transmitted out of the interface. |
Dependent item | fgate.netif.out[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Outbound packets | The total number of packets transmitted out of the interface per second. |
Dependent item | fgate.netif.out_packets[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Inbound packets with errors | The total number of errors received. |
Dependent item | fgate.netif.in_errors[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Outbound packets with errors | The total number of errors transmitted. |
Dependent item | fgate.netif.out_errors[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Interface type | Type of the interface. |
Dependent item | fgate.netif.type[{#IFKEY}] Preprocessing
|
Interface [{#IFNAME}({#IFALIAS})]: Speed | Speed of the interface. |
Dependent item | fgate.netif.speed[{#IFKEY}] Preprocessing
|
Trigger prototypes for Network interfaces discovery
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
FortiGate: Interface [{#IFNAME}({#IFALIAS})]: Link down | This trigger expression works as follows: |
{$NET.IF.CONTROL:"{#IFNAME}"}=1 and last(/FortiGate by HTTP/fgate.netif.status[{#IFKEY}])=1 and (last(/FortiGate by HTTP/fgate.netif.status[{#IFKEY}],#1)<>last(/FortiGate by HTTP/fgate.netif.status[{#IFKEY}],#2)) |
Average | Manual close: Yes |
FortiGate: Interface [{#IFNAME}({#IFALIAS})]: High bandwidth usage | The utilization of the network interface is close to its estimated maximum bandwidth. |
(avg(/FortiGate by HTTP/fgate.netif.in[{#IFKEY}],15m)>({$NET.IF.UTIL.MAX:"{#IFNAME}"}/100)*last(/FortiGate by HTTP/fgate.netif.speed[{#IFKEY}]) or avg(/FortiGate by HTTP/fgate.netif.out[{#IFKEY}],15m)>({$NET.IF.UTIL.MAX:"{#IFNAME}"}/100)*last(/FortiGate by HTTP/fgate.netif.speed[{#IFKEY}])) and last(/FortiGate by HTTP/fgate.netif.speed[{#IFKEY}])>0 |
Warning | Manual close: Yes Depends on:
|
FortiGate: Interface [{#IFNAME}({#IFALIAS})]: High error rate | It recovers when it is below 80% of the |
min(/FortiGate by HTTP/fgate.netif.in_errors[{#IFKEY}],5m)>{$NET.IF.ERRORS.WARN:"{#IFKEY}"} or min(/FortiGate by HTTP/fgate.netif.in_errors[{#IFKEY}],5m)>{$NET.IF.ERRORS.WARN:"{#IFKEY}"} |
Warning | Manual close: Yes Depends on:
|
FortiGate: Interface [{#IFNAME}({#IFALIAS})]: Ethernet has changed to lower speed than it was before | This Ethernet connection has transitioned down from its known maximum speed. This might be a sign of autonegotiation issues. Acknowledge to close the problem manually. |
change(/FortiGate by HTTP/fgate.netif.speed[{#IFKEY}])<0 and last(/FortiGate by HTTP/fgate.netif.speed[{#IFKEY}])>0 and last(/FortiGate by HTTP/fgate.netif.status[{#IFKEY}])<>0 |
Info | Manual close: Yes Depends on:
|
Feedback
Please report any issues with the template at https://support.zabbix.com
You can also provide feedback, discuss the template, or ask for help at ZABBIX forums