Fortigate firewall check package for Check_MK updated

I've updated the package to the version 1.6. This version contains an additional check of IPSec tunnel status of a Fortigate firewall. It works for FGT-300C and FGT-60C units. Other models can work as well, but I could not test.

You can download the new package at the known place from the Check MK Exchange repository.

6 Kommentare :: Fortigate firewall check package for Check_MK updated

  1. Hi Hermann,

    I just tried to install your FortiGate plugin, but it doesn't work:

    OMD[site]:~/tmp/downloads$ check_mk -vP install fortigate-1.6.mkp
    Traceback (most recent call last):
    File "/omd/sites/site/share/check_mk/modules/", line 4845, in
    File "/omd/sites/site/share/check_mk/modules/", line 98, in do_packaging
    File "/omd/sites/site/share/check_mk/modules/", line 334, in package_install
    tar =, "r:gz")
    File "/usr/lib/python2.7/", line 1678, in open
    return func(name, filemode, fileobj, **kwargs)
    File "/usr/lib/python2.7/", line 1729, in gzopen
    raise ReadError("not a gzip file")
    tarfile.ReadError: not a gzip file

    Do you know this issue? I googled around and found similar problems of other users, but no answers to it.

    Many thanks,

  2. It sounds like the downloaded mkp file is corrupted. Please download it again and look at the file size. It should be 2.550 Bytes.

  3. You were right, the install now worked! Thanks for your help :)

  4. Hello Hermann,

    i'm having a problem with the fortigate_ipsec check.
    I hope you can help me, I already created a new thread in the monitoring forum, there is a detailed problem description ->

    Thanks in advance and thank you very much,


  5. Hey Martin,

    I haven't verify this yet, BUT the easiest and surely dirtiest way to change the check's behavior to detect a down of an IPsec tunnel like a warning and not like am error status, is to change the second line:

    fortigate_ipcec_status_map = { '1': 'DOWN', '2': 'UP' }
    fortigate_ipsec_status2nagios_map = { 'UP': 0, 'DOWN': 2, }

    to this:
    fortigate_ipcec_status_map = { '1': 'DOWN', '2': 'UP' }
    fortigate_ipsec_status2nagios_map = { 'UP': 0, 'DOWN': 1, }

    Maybe I will implement some kind of parameter check in one of the next versions.
    Let me know, if the workaround above has worked for you.

    Hermann Maurer

  6. Hello Hermann,

    your suggestion certainly worked, but did not solve my problem, that I only want some of the checked ipsec tunnels to give a warning if they go down and others to give a critical warning.

    My idea is to prioritize the tunnels, some of them are going down every now and then caused by idle timeouts some partners won't change.

    I would be very pleased if parameter support would find a way into a new version of your check.

    My last thought to display this logic at this moment is to try Check_MKs Business Intelligence function.

    Thanks a lot!

    Kind regards,


Post a Comment