NetXMS Support Forum

Hi, my Fortigate is detected with two ip addresses on each interface.

Example:
209   FL-Signage      135 (l2vlan)   33      1500   1 Gbps      08:5B:0E:5D:9D:C3   168.188.1.33/0, 192.168.188.1/24                  UP   UP   UP   Normal

The 168.188.1.33/0 throws a warning in NetXMS about wrong subnetmask
Its only configured address on the Fortigate is the 192.168.188.1/24

Why is the other address being detected, and any suggestions on how to fix?

Thanks

Hi,

could you please provide output of SNMP walk for the following OIDs for this device:

.1.3.6.1.2.1.4.20.1
.1.3.6.1.2.1.4.34.1
.1.3.6.1.2.1.4.32.1
.1.3.6.1.2.1.2.2.1

Best regards,
Victor

Hi Victor, sorry for my late reply

I've attached .csv's for the SNMP walks. .1.3.6.1.2.1.4.32.1 did not return anything.

Thanks

This is really strange. In your first post you mention interface FL-Signage with index 209 as having wrong IP address, but I don't see such interface in walk output. Could you please send me screenshot of overview page and interfaces page for that node? You can send it in PM if it contains sensitive information.

Best regards,
Victor

Hi,

I have identified the issue. Problem is in how Fortigate builds index for ipAddressTable. For example, for address 192.168.188.1 OID in ipAddressTable looks like this:

.1.3.6.1.2.1.4.34.1.3.1.192.168.188.1.33

where .1.3.6.1.2.1.4.34.1.3 is base OID, 1 is address type (ipv4 in that case), 192.168.188.1 is IP address, and 33 is interface index (which is also strange because IP MIB does not specify interface index here). But the problem is that generic driver expects IP address prefixed with length, like in this example (taken from H3C switch):

.1.3.6.1.2.1.4.34.1.3.2.16.32.1.4.112.223.51.0.1.0.0.0.0.0.0.0.1

Here 2 is address type (ipv6), 16 is address length, and 32.1.4.112.223.51.0.1.0.0.0.0.0.0.0.1 is an address.

So when driver reads interface list from Fortigate it gets correct addresses from ipAddrTable and then picks incorrect addresses from ipAddressTable (168.188.1.33 in this example, shifted by one byte because server skips the one expected to hold address length).

I don't know what format is correct and what is not. Most devices that I have encountered does not support ipAddressTable at all and those that do returns addresses with length prefix. If somebody has better knowledge on this subject - please comment. For now I have added additional checks when reading ipAddressTable for correct value in length field - this should fix issue for Fortigate devices. It will be included into upcoming 3.3 release.

Best regards,
Victor

Just installed version 3.3.285 and can confirm that this resolved the issue for us.

Thanks