Fortigate Firewall interfaces show only part of the IP addresses with first octet missing in Spectrum Interfaces view
search cancel

Fortigate Firewall interfaces show only part of the IP addresses with first octet missing in Spectrum Interfaces view

book

Article ID: 231170

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

It appears that Fortigate firewalls in Spectrum are missing the first octet of the IP addresses. 

So if the actual IP addresses all start with 1xx.66.x.x for example, then they're instead shown in Spectrum starting with 66.x.x. and at the end it adds the ifindex.

Environment

DX NetOps 20.2 or later Spectrum

Cause

The issue is caused by a change on the Fortigate device itself due to the latest firmware.

Firewall Model: 501E
Firewall Version: v6.4.7 build 1911(GA)

The Fortinet devices are sending the response (1.3.6.1.2.1.4.34.1.3.1.10.115.236.21.50:50) after appending an extra IfIndex number and misses the type in response to the SNMP 1.3.6.1.2.1.4.34.1.3 OID request, which is causing this problem.

It appears that Fortinet recently added support for 1.3.6.1.2.1.4.34.1.3  OID in their latest firmware. So the Fortinet device is sending the wrong SNMP response.

Observing a WireShark packet capture for both working and non-working scenarios:

      Example: <OID>.1.4.10.5.64.130

                    | | ^^^^^^^^^^^--- ADDRESS

             TYPE __| |___ SIZE

Spectrum uses the above technique to get the correct IP address.  The following are responses from both Fortinet and Cisco for the same SNMP requests (1.3.6.1.2.1.4.34.1.3: Value (Null) & 1.3.6.1.2.1.4.34.1.4: Value (Null) ) as an example:

Fortinet Device SNMP response:
-------------------------------------------

1.3.6.1.2.1.4.34.1.3.1.10.115.236.21.50: 50
1.3.6.1.2.1.4.34.1.4.1.10.115.236.21.50: 1

Fortinet device response needs to be corrected as below,

-------------------------------------------

1.3.6.1.2.1.4.34.1.3.1.4.10.115.236.21: 50

1.3.6.1.2.1.4.34.1.4.1.4.10.115.236.21: 1
 

Cisco Device SNMP response:
---------------------------------------
1.3.6.1.2.1.4.34.1.3.1.4.4.1.1.1: 23
1.3.6.1.2.1.4.34.1.4.1.4.4.1.1.1: 1

Resolution

Fortinet have identified a bug and they have resolved it in FortiOS 7.0.4 build 0280 and further. Upgrading the Fortinet device firmware to this version and then rediscovering in Spectrum should resolve the issue.