A failover/redundant pair of FortiGate Edge Firewall VMware virtual machines are setup forming an active/standby High Availability (HA) cluster. The individual nodes share an IP address. Configuration is:

However, discovery via SNMP v3 fails – the primary is discovered via SNMPv3 however, the secondary is just discovered as a pingable VM. Traps from the secondary are therefore not processed even if it takes over as the active unit in the HA pair.

DX NetOps Spectrum all supported releases

Issue is that both Firewalls, primary & secondary of the HA pair share the same IP address but are configured with different EngineIDs so when traps or SNMPv3 GET_RESPONSEs are received from the secondary, Spectrum doesn't recognise it as valid as the EngineID from the secondary conflicts with that of the Primary.

As the Fortigate Firewalls are configured as a HA pair, they need to be configured with the same SNMPv3 EngineID and then discovered in Spectrum as a single device, as per the following advisory KB from FortiGate:

FortiGate : Technical Note : SNMP V3 trap configuration with FortiGate running HA

The FortiGate Firewalls do the work of distinguishing between each other while Spectrum sees both of them, and all incoming traps, as a singular device.