Fortigate SNMP Integration SolarWinds NPM VS PRTG

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Aurra gate SNMP integration SolarWinds network performance monitor vs PRTG in this video we will compare two of the most famous SNMP product an SNMP is a famous Network protocol that allows you to monitor network interfaces Network Devices and network services and create metrics and incidents and track the performance over time Oh SNMP is a very important component of any network infrastructure and for this video we will compare two of the most famous product which are SolarWinds network performance monitor versus PRTG which is a free option with some limitation on how much sensors you can use in the free version so let's see how we can integrate our photogate using different SNMP services and starting with PRTG you can install this in a local Windows environment this is the main dashboard that you get once you install your environment the first device will try to automatically Auto discover all the environment component in your network and creates alarms and different sensors automatically for you for example right now we see that we have 24 alarms sitting down and six warnings and 23 alarms are showing up status so first let's see what the PRTG discovers so far in our environment and start configuring our 40 gate with our SNP server and under devices we will see all the devices that PRTG was able to discover so far if we take a quick look our root device which is the server that contained this installation the 192 168 dot one dot 111 and we can see already that there are specific sensors or specific checks that have been configured automatically like the core health of the device the disk space alarms the network monitoring we also have an Internet HTTP sensor which automatically tries to communicate with the internet to make sure there is Internet connectivity once we hover over any of our sensors we can see an overtime graph of our uptime and downtime performance for this specific sensor and once we go down we can see here our on-premises firewall the 192 168 dot 1.99 we have already eight sensors configured on this device out of which six of them are showing an alarm state so let's see what we have here so far first we have an IMAP and Bing sensors that are showing an up status but this is just trying to broke the interface on the firewall to communicate on these services and it's getting a good response now we are getting certain SSL certificate related issues on this aura gate unit and in this case if we don't care about this SSL certificate if we are not using this port we can actually go under this sensor or SSL security sensor and we can either acknowledge indefinitely or we can boss this sensor or we can completely delete this sensor we can also multiple select all these sensors that we don't need and we can delete them and now we only have Vinc running and if we check the bank status we see that we have 100% uptime we can see that the PRTG is able to bring this interface at all time and we can even see details like the millisecond the minimum the maximum and average and we can see all kind of nice graphs or this specific sensor now let's go back to our devices and if we go down we even see that our PRTG installation is able to broke the clients found on our VMware environment it's able to read the virtual machines inside the VMware Workstation and if you have V Center or if you have hyper-v it's able to read this as well but our concern now is to configure SNMP between the FortiGate and the PRTG as we see SNMP is part of the administrative access rules that we need to configure on each interface for example right now we only have ping HTTP ssh for management and for e manager access we can also enable SNMP on this interface so now to get the full functionality for our SNMP protocol we need to go under our on-premises firewall first and we can edit our device settings we can change the name from this generic name to our on-premises firewall and we can also go down we can customize it with a new icon we can also define our service URL we can put the URL that launches our photogate GUI we can change this to the correct board we are using now we can configure our SNMP server and we can use version 2 so we have to give it a community name and we can call this our FortiGate community and for the IP address we need to define the IP address that is running our PRTG distance so it will be this IP address can accept queries and send traps to this IP address who queries will be using port 161 and that's when PRTG is communicating to the photogate unit and traps as the other way around that's when 48 is sending SNMP traps to PRTG it will use board 162 and those are all the different SNMP events that are included and SNMP community oh it will send us information related to a CPU usage memory by an lo VPN Status artbeads terrace and IPS antivirus related status oh this is going to be very useful for us to monitor and analyze our network traffic and our device health and now we have our SNMP server configured now we need to do the same under our PRT G by going into our on-premises firewall and if we go under edit settings we will see an option for SNMP devices we can turn off the inherit from network infrastructure and we can configure it to use version 2 which is the recommended option the community string or the community name we change this to photogate on the photogate side and this has to match and the same for our ports we'll use port 161 and now once we hit ok now we have configured SNMP also on the PRTG side and now we can install the FortiGate extension for PRTG we can get all the sensors ready for our photogate monitoring and once we download the PRTG extension for 40 net we can take all the files from the zip file and we can extract it to the PRTG folder and now the files have been added to the PRTG folder we just need to come to our PRTG server and we need to restart our core services to take effect who under Administrative Tools we can restart our core server from here and when the server comes back up we can go to our firewall object again and this time we want to right-click on our firewall and choose auto-discovery width template and now we will see two new options for 40 net1 for the 48 health and one for custom switch we can hit okay and this will auto discover the device using this template that we just installed and the PRTG directory and then in a few second our firewall will start having additional sensors added automatically and inside we will see different metrics such as our CPU usage our bing time now we can see different statistics from each core on the CPU on the FortiGate we are also seeing a V bein alert that our VPN is no longer up and we also see a sensor for 48 heartbeat but we don't really have heartbeat configured on this device so we can just come to this specific custom sensor and we can remove it from our list we can remove the alarms associated with this and if we refresh the page now we are also getting additional alerts for our individual interfaces we have our when 2 interface graphic and internal traffic and land traffic and if we go into one of the interfaces we can see the speed that is going through the interface right now what was the lowest value and what was the highest value and we can see a graph over time for the bandwidths usage now let's go back to our alarms and we are seeing this 48 vbn alarm because our status is down so PRTG server send an SNMP query to the firewall inquiring about that specific interface and the firewall responded back to the SNMP server that this device is no longer up there for PRTG is alarming us in here and also in the global alarms that we are not able to reach this fully gate VPN from our on-premises firewall and here we can see the same we can see the minimum the maximum the bandwidth traffic and charts for all our information we can see historic data for this specific sensor or a period of time for example if we want to see last week and we do a start this will show us a report directly for our status on the VPN for the past week in this generated HTML file and it has time stamp for every day but this is very useful to confirm with SLA and get a historical data of performance over your interfaces and services but also PRTG comes fully equipped with a full incident response system you can find us under the ticket system but now we are just seeing informational data but if we go back to our vbn failure and if we try to configure a notification trigger for example if we add a state trigger we can say if the sensor is down for at least 60 second we can either send an email or both notification or we can also open a ticket in our ticketing system we can add this ticket notification for our vbn and we just need to wait one minute and come back to see if PRTG was able to submit a ticket and our ticketing system and now after one minute we see updated tickets notification on the top and if we hit that now we can see a ticket created automatically for us that says on-premises firewall vbn has been showing down and if we go down we can see that the time that the interface have gone down or reborns it down and we can see which device is associated with this infrastructure and which group and which probe it has been using and it chooses the total downtime and a total uptime so now you can use this ticketing system to assign these ticket to your network administrator and say use reboot tunnel or breeze take care of this incident and it's going to show you a comment in the ticket like that so other administrator can look into it and can see the history of the ticket now let's see how fast the system respond to changes and interface settings and now our tunnel is an up status if we go in here and we start watching the VPN sensor in our PRTG in less than 10 second the FortiGate VPN interface has been updated in the SNMP logs and PRTG and now it's showing in up status and if we go back in here we can see the minimum is now down but the maximum has been up and we are actually seeing the traffic in and out of this VPN interface ob OTG is very lightweight and very quick when it comes to incident response and monitoring for your interfaces and devices now if we go back to our ticketing system we don't even see the ticket anymore for the VPN if we change the status from open to all we will see that the default setting for PRTG is to close the ticket automatically when the issue get resolved so right now if we check our ticket updates once we ask our administrator team to reboot the tunnel now we are see that conditions have cleared closing ticket automatically so with PRTG you can configure all kind of alarms and triggers and you can configure the actions to email or open a ticket automatically in your ticketing system and we are not just talking about interfaces we can configure triggers based on CPU usage or RAM usage even for when traffic or land traffic we have all Liberty to create all kind of monitoring system using PRTG and it's highly recommended product we can also do the same from our AWS account we can configure our forty gate on AWS to communicate with SNMP to this local on-premises PRTG server if we don't want to use the AWS built-in tools and we can also do it the other way around so we can configure our AWS cloud watch to talk to SNMP server on-premises on our forty gate unit and we can use AWS cloud watch to aggregate the logs in there and create alarms or SNS topics and also if we check our email address PRTG would be informing us with all these incidents and all these events by email by default and it does not require any SMTP settings it directly uses the SMTP settings configured on the device so this is very useful to get alerted with all your information and forward all these events to your administrator email addresses you can get a quick response and quick acknowledgement of network monitoring solutions now we have to review with the main functionality of PRTG platform and now let's see how we can configure the same from our SolarWinds platform once we set our password for the Orion system we will be forwarded to this Orion configuration wizard for the first time so now we can start outlining our network and what this will do is it will ask us to provide either individual IP addresses or blocks of networks so we can add our subnets by a cider mask so we can go ahead and add our first subnet 192 and 68 that one that 0/24 and we also running this instance on this 192 and 68 17 etwork and now we have our two main networks we can go ahead and click Next and similar to PRTG we are giving an option to add VMware or hyper-v instance and next we can define our SNMP credential similar to PRTG we can use one of these or we can just create a new credential and we can choose to use this SNMP community string and now we have our SNMP configured on the SolarWinds so we can go next and optionally we can use this to monitor when the system by using a credential to get into Windows servers and Windows clients and this will use WMI to collect information about the Windows host but we just need to monitor the firewall for this specific instance and in this step it's gonna ask us what is the default polling method that will be used with devices discovered in our network if you are using mainly Windows clients or Windows servers you need to use WMI and in our case we are using SNMP so we can keep this option - SNMP and we can go next and in here we can define our threshold for our SNMP timeouts and Windows timeouts we can tune these to our needs and for the final step is going to ask us how often do you want to run the discovery on the network so we can do it only for the first time or we can run it additional times to keep discovering more devices if we have a dynamic environment all right now we only need to do it once and we're gonna do this discovery now once we hit discovery it will start sending traffic to both networks as we see the 192 168 at 1.0 and one into 168 at 17.0 and it will kind of warts candies host to try to discover which operating system dear on and which services are live on all these devices so we're gonna give it a few minutes until the discovery is done and once the discovery has been done our SolarWinds system was able to detect our Windows server running this SolarWinds instance and the foreign aid firewall with the logo so we can go ahead and do next and under interfaces tab we can see that the solar wind was able to detect even the interfaces on the firewall for example we see an Ethernet interface and we have our one interface and up status and when one interface is admin disabled which is correct and we can see the monitoring type is SNMP we can also see in here our cloud which is our vbn interface and we can also see our land interface or our virtual interface and it's labeled under transport bridge interface but it's actually just the virtual interfaces on the firewall we can go ahead and do next and we will also be monitoring the RAM the virtual memory and the fixed disk on the windows server and once we go next we have here our list or our discover devices so this is our Windows Server and this is our 40 Gate firewall and we can do import and once this is finished now we can see a summary of our network discovery we are running monitoring on two nodes three volumes and five interfaces let's go ahead and go to our Orion home and this is the home page for our solar winds monitoring tool first we have all nodes so we can see a blog that contains all the nodes we are monitoring next we see the alerts that are associated with our device and we can see already a sensor that has been triggered automatically by the solar winds we can come here and we can see when was this alarm triggered how long has it been running for and what severity is this belong to we can come here and acknowledge this error and say this is a false alarm because we have another connectivity we don't have anything to worry about reaching Google so the way we can acknowledge the alarm will shut down that lurtz associated with this so if we go back to our summary now we no longer see it as alert in here now let's expand our four unit node on SolarWinds we see everything is shown up but if we go down we can see more information about our node our node is up this is the manufacturing of the device and those are the different interfaces on the device so we have our LAN interface our SSL VPN interface our virtual interfaces and finally our VPN interface who all the interfaces we have right now are up this node is actually showing as wireless controller but this is indeed a 48 unit with wireless controller on it we can see the main metrics like the response time we can see the percentage of packet loss CPU load and memory usage and we can see all these metrics over time on this bar and when we go down we can choose different option for example we can edit this node we can rename the device to photogate and we can modify our SNMP settings or anything that we need to modify in the specific profile like add location information or add specific notes and finally we can submit can also request a new update for the metrics or rediscovery of the firewall configuration we can SSH directly to the FortiGate using this built-in SSH client and also use the performance analyzer which is an add-on for SolarWinds NPM and finally if we are doing a maintenance on the site for example if we are moving cables around and expecting certain outages as part of our maintenance window we can define this to mute alerts for a specific period of time so that we don't create incidents when a specific work is scheduled to go through in this time by going into schedule and choosing a defiant window and in this time if there is interfaces going up and down or different traps are coming from the FortiGate those alarms will be muted by the solar wind system automatically I know if we go down we will see our list of interfaces on the FortiGate unit perfect from our web interface our virtual interface for SSL VPN portal and our virtual interface for internal and for LAN and finally our VPN interface with the cloud firewall if we check any specific interface for example our VPN interface we can see the current bandwidth go on on the interface and if we go down we will see a nice short for our interface downtime and as the time goes through this bar will start filling up green from the right to the left and it will be a very nice visualization to see the information about your interfaces over the last 24 hours or so now let's try to create an outage to see how fast will the solar when they take the outage and report it to us so I want to go ahead into my BBN and I want to break the VPN connection so this tunnel would come down had gone down right now so if we come here and if we go back to our summary dashboard and now finally in about two minutes the SolarWinds was able to detect that a node is in warning or critical status on the photogate unit and if we open this up this alarm had been triggered and it's showing in critical status now if we look into the history of our lords on this node we can see that dollar arm have been triggered and then there was an attempt to send an email address so this is alarming us that the node 40 gate is in warning and it's showing us all this information but it doesn't focus on the interface that is going down in other words I didn't see any single events in here that mentioned that the cloud VPN is down I'm seeing an indication that maybe the whole firewall is going down so this is not ideal for us if we want to monitor our network traffic we need more details about our information and now let's go back to fix our Viviane interface and see how long would the solar wind take to detect this change in status and after about one minute now the 14 it is showing an up status and if we check our fully gate again and we go down to the interfaces now we see that cloud interfaces back up and if we check on this interface now we can see the time that we got the outage over time and when was the service come back up and also in this bar we will see a green areas for connected and in the red areas for the time we had the downtime this is very nice visualization and when you have data from many many weeks this will be very nice to run a total analysis on the health of your device and help of your interfaces now finally from our solar winds we can go under dashboard and we can see the top 10 and in here we will see different metrics related to our infrastructure in total including interfaces rated by bandwidths our CPU load and memory load by device so this is an overall nice picture of how the system can gather data from a lot of different types of devices and collected together and do analysis on it and we are seeing all this data just from two devices so if you add all your network devices to this monitoring system or a period of time you will be able to gather a lot of intelligence data and a lot of metrics to monitor and analyze your devices and the health of your systems and now to wrap it up for the comparison between solar winds and PRTG and with solar winds will see advantage when it comes to easy integration with a lot of devices including a lot of enterprise devices from different companies and also it's able to integrate natively with the FortiGate with the built-in database without having to import the MIB file also the solar wind has a very nice design and layout so it stands out when it compared to PRTG when it comes to design now when it comes to this advantage of solar wind you do not allow you to import nem IPS in fact you have to contact their support system and if they agree to the changes we are proposing they will include this MIP in the global database and release it in the next update also this is very heavy application as solar winds download a sequel server MQ server it comes with tons of utilities and application you can run directly from the windows server like a now sales diagnostics but the main disadvantage we see with solar wind is its slow to response to network outages and recovery this is the main point we are using SNMP for who need a program that is able to quickly notify us of serious and critical issues we are talking about a few second notification at max if not sub second and also the alerting has a measured flow because it doesn't show the interface name that is in problem who mentioned you have a big FortiGate device with 32 different interfaces and you get this alarm that is showing a misleading title that the whole device is down but in fact you have to go inside the device and you have to look which interface or the total 32 interfaces you have to see which interface is down which is kind of inconvenient now on the other hand for PRTG we actually have a free version with limited number of sensor support also this is a much lighter application than solar wind when it comes to size or when it comes to the component accomodate and best of all it's very fast to response to network changes a lot better than SolarWinds and an extra point for having a built-in ticketing system so you don't have to use ServiceNow or other help the solution at least in the beginning phase and the disadvantage to PRTG is that we have to install the photogate it might be manually and also we would not have the for support for all kind of devices such as SolarWinds but this is the comparison between solar winds and PRTG in this case PRTG wins the comparison because it provide much faster connection time much lighter application and acceptable and nice design as well so our choice is tu is PRTG for network monitoring thank you for watching
Info
Channel: ElastiCourse
Views: 5,803
Rating: undefined out of 5
Keywords: fortigate, fortinet, snmp, server, network, monitoring, prtg, solarwinds, npm, mib, OUD, network alarm, comparison
Id: WrDFTxqLWt8
Channel Id: undefined
Length: 28min 14sec (1694 seconds)
Published: Wed Mar 18 2020
Related Videos
SolarWinds Network Performance Monitoring Training: NPM 12.0 Upgrade
solarwindsinc
57K
Fortigate firewall training for beginners
Forti Tip
5.5K
How SNMP Works - a quick guide
nagiosvideo
194K
How Well Do You Know the Orion Platform? Tips, Tricks, and How-Tos – SolarWinds Lab Episode #85
solarwindsinc
2.6K
How to monitor Fortigate Firewalls Using PRTG Network Monitor
CYBERSKY
3.7K
Advancing Cybersecurity with Trusted Partnerships w/ Renee Tarun, Fortinet & Kevin Kerr, ORNL
Dots and Bridges
359
pfSense - Basic LAN Firewall Rules
Gateway IT Tutorials
32K
NetCrunch 9.3 Network Monitoring System Live Demo
Adrem Software, Inc.
17K
Port 17777: Introduction to the SolarWinds API
solarwindsinc
17K
Enable the SNMP Agent on Raspberry Pi
Mike S
3.1K
How to create Virtual Domains or VDOMs on Fortigate Firewall
ElastiCourse
7K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.