Ad Widget

Collapse

FortiGate by HTTP Link Down trigger issue

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • hepi62
    Junior Member
    • Sep 2022
    • 10
    #1

    FortiGate by HTTP Link Down trigger issue

    Hello,

    I'm using the FortiGate by HTTP template to monitor our FortiGate firewalls.(A few firewalls monitored by the FortiGate by SNMP where I don't have this issue.)
    The problem is, if an interface link goes down, the trigger activates, but doesn't recover automatically.
    The problem expression and recovery expression in below:

    Click image for larger version Name: image.png Views: 707 Size: 97.2 KB ID: 480426

    The link went down for a moment, then come back, but the problem is still active.

    Can you help me what I need to change to make it work, please?
    Tags: None
    • oefulveal
      Junior Member
      • Mar 2024
      • 1
      #2
      It seems like your FortiGate monitoring using the HTTP template has a recovery issue. Have you considered adjusting the recovery expression to ensure it properly recognizes when the link is restored? Double-check the conditions in your recovery expression and make sure they align with the actual recovery state.

        Comment

        • hepi62
          Junior Member
          • Sep 2022
          • 10
          #3
          Hi oefulveal,

          In my understanding, the Recovery expression in this case means:

          last(/FortiGate by HTTP/fgate.netif.status[{#IFKEY}])<>1 - The last status ins the link not down
          or
          {$NET.IF.CONTROL:"{#IFNAME}"}=0 - The trigger has been disabled.

          However, I'm not sure if it wasn't just a one-time issue, as I haven't seen this issue since then. I deleted this interface and re-discovered it to clear the alert.

            Comment

            • hepi62
              Junior Member
              • Sep 2022
              • 10
              #4
              Hi everyone.

              Finally, I found the issue with the template. If you have the same issue, modify in the “Network interfaces discovery” the “Interface [{#IFNAME}({#IFALIAS})]: Link down” trigger as below (changes higlighted in red):

              {$NET.IF.CONTROL:"{#IFNAME}"}=1 and last(/FortiGate by HTTP/fgate.netif.status[{#IFKEY}])=0 and (last(/FortiGate by HTTP/fgate.netif.status[{#IFKEY}],#1)<>last(/FortiGate by HTTP/fgate.netif.status[{#IFKEY}],#2))
              And the recovery expression
              last(/FortiGate by HTTP/fgate.netif.status[{#IFKEY}])=1 or {$NET.IF.CONTROL:"{#IFNAME}"}=0

              Same issue in the “SD-WAN members discovery” / “SD-WAN [{#ZONE}]:[{#NAME}]: Link down” trigger.
              {$SDWAN.MEMBER.IF.CONTROL:"{#NAME}"}=1 and last(/FortiGate by HTTP/fgate.sdwan_member.link_status[{#ID}])=0 and (last(/FortiGate by HTTP/fgate.sdwan_member.link_status[{#ID}],#1)<>last(/FortiGate by HTTP/fgate.sdwan_member.link_status[{#ID}],#2))
              And the recovery expression
              last(/FortiGate by HTTP/fgate.sdwan_member.link_status[{#ID}])=1 or {$SDWAN.MEMBER.IF.CONTROL:"{#NAME}"}<>1

              In the value mapping, you can see, the interface status 0 means the interface is up and 1 means the interface is down, but the link status 0 means the link is down and 1 means the link is up.
              The interface status check is used in the "SD-WAN health-checks discovery" triggers correctly, but not in the two above.

              As I don't have any support contract, I don't know how to report this issue

                Comment

                Previous template Next
                Working...