We have several FortiGate firewalls on our remote sites, which have a primary and backup VPN link to our DC firewall.

Ordinary status of the remote VPNs are the primary WAN interface VPN is up and the secondary WAN interface VPN is down.

I've seen several questions around people requesting a "VPN down" status to be reported as green (inverse to what it currently does), and I understand Paessler don't feel this should be an available customisation for customers.

So my question is, can I set up a Business Process Sensor (or anything else), which will report green (up) for VPN1 being up and VPN2 being down, yellow (warning) for VPN1 being down and VPN2 being up, and red (down) for both VPN1 and VPN2 being down....but, in the sensors summary in the top right of the screen, not have any red (down) being reported for just when VPN2 sensors are down (i.e. it isn't actively reporting on this sensor globally, only reporting on it for the Business Process Sensor)?

It may seem a bit of a strange question, but I'm trying to look at ways of working around not being able to flip the reported state of a sensor (down being good), and not having red on the screen when a specific VPN is down (which to us is good!). No-one likes to see red on their monitoring platform, especially when it is normal to them!

Many thanks.

Article Comments

Hi there,

Which sensor are you using for monitoring VPN status? If the sensor uses a so-called lookup for showing the VPN status, this lookup can be customized about how to act on certain return values.

Kind regards,

Erhard


Nov, 2019 - Permalink

Hi Erhard,

We use the sensors generated in the "Custom FortiGate Health v0.6" template, which was downloaded from your site.

The settings show:

SNMP Table : Table oid : 1.3.6.1.4.1.12356.101.12.2.2 Table Specific: Identification column : fgVpnTunEntPhase2Name Sensor Channel #1 Name : Status Sensor Channel #1 Column : fgVpnTunEntStatus Sensor Channel #1 Value Type : Absolute Sensor Channel #1 Unit : Lookup Value Sensor Channel #1 Value Lookup : oid.fortinet-fortigate-mib.fgvpn.tun.fgvpntunentstatus

Thanks, Dave.


Nov, 2019 - Permalink

Hi Dave,

"oid.fortinet-fortigate-mib.fgvpn.tun.fgvpntunentstatus" is a lookup file located in PRTG's installation path in "lookups\custom". The file has file extension ".ovl", you can open it with a simple text editor and create an adjusted version for it to use in the sensor where you don't want the sensor to show down:
https://www.paessler.com/manuals/prtg/define_lookups

Kind regards,

Erhard


Nov, 2019 - Permalink