riskersen · Mohdsuhailpgdi · Mar 2, 2026
diff --git a/fortigate/check_fortigate.pl b/fortigate/check_fortigate.pl
@@ -196,6 +196,7 @@
 ## OIDs ##
 my $oid_unitdesc         = ".1.3.6.1.2.1.1.5.0";                   # Location of Fortinet device description... (String)
 my $oid_serial           = ".1.3.6.1.4.1.12356.100.1.1.1.0";       # Location of Fortinet serial number (String)
+my $oid_fex_serial       = ".1.3.6.1.4.1.12356.121.21.1.1.5.0";    # Location of FortiExtender serial number (String)
 my $oid_firmware         = ".1.3.6.1.4.1.12356.101.4.1.1.0";       # Location of Fortinet firmware
 
 # fg ha info / Cluster member
@@ -264,6 +265,12 @@
 #  my $oid_fad_load       = ".1.3.6.1.4.1.12356.112.1.40.0";       # "SNMP No Such Object"
 my $oid_fad_cpu           = ".1.3.6.1.4.1.12356.112.1.4.0";        # Location of CPU for FortiADC (%)
 
+## FortiExtender OIDs ##
+my $oid_fex_data          = ".1.3.6.1.4.1.12356.121.21.3.3.1.6.1"; # Location of Data Usage for FortiExtender
+my $oid_fex_data_pct      = ".1.3.6.1.4.1.12356.121.21.3.3.1.7.1"; # Location of Data Percentage for FortiExtender
+my $oid_fex_data_plan     = ".1.3.6.1.4.1.12356.121.21.3.3.1.8.1"; # Location of Data Plan for FortiExtender
+my $oid_fex_conn          = ".1.3.6.1.4.1.12356.121.21.3.1.1.32.1";# Location of Modem Connection State for FortiExtender
+
 # Cluster
 my $oid_cluster_type       = ".1.3.6.1.4.1.12356.101.13.1.1.0";      # Location of Fortinet cluster type (String)
 my $oid_cluster_serials    = ".1.3.6.1.4.1.12356.101.13.2.1.1.2";    # Location of Cluster serials (String)
@@ -350,7 +357,10 @@
 
 my $curr_serial = '';
 
-if ( $curr_device=~/100A/) {
+if ( lc($type) eq "data" || lc($type) eq "conn" ) {
+    # Direct FortiExtender checks completely bypass the FortiGate Serial OID
+    $curr_serial = get_snmp_value($session, $oid_fex_serial);
+} elsif ( $curr_device=~/100A/) {
     $curr_serial = get_snmp_value($session, $oid_legacy_serial);
 } else {
     # Check SNMP connection and get the serial of the device...
@@ -429,6 +439,15 @@
     } else {
         ($return_state, $return_string) = ('UNKNOWN', "UNKNOWN: This device supports only selected type -T cpu|mem|ldisk|load, $curr_device is a FortiADC (S/N: $curr_serial)");
     }
+} elsif ( $curr_serial =~ /^FX|^FEX/ ) { # FX|FEX = FortiExtender
+    my $type_lc = lc($type);
+    if ( $type_lc eq "data" ) {
+        ($return_state, $return_string) = get_fex_data_health($oid_fex_data, $oid_fex_data_pct, $oid_fex_data_plan);
+    } elsif ( $type_lc eq "conn" ) {
+        ($return_state, $return_string) = get_fex_conn_state($oid_fex_conn);
+    } else {
+        ($return_state, $return_string) = ('UNKNOWN', "UNKNOWN: This device supports only selected type -T data|conn, $curr_device is a FortiExtender (S/N: $curr_serial)");
+    }
 } elsif ( $curr_serial =~ /^FG100A/ ) { # 100A = Legacy Device
     my $type_lc = lc($type);
     if ( $type_lc eq "cpu" ) {
@@ -579,6 +598,55 @@ sub get_disk_usage {
   return ($return_state, $return_string);
 }
 
+sub get_fex_data_health {
+  my $used_oid = $_[0];
+  my $pct_oid = $_[1];
+  my $plan_oid = $_[2];
+
+  my $used_value = get_snmp_value($session, $used_oid);
+  my $pct_value = get_snmp_value($session, $pct_oid);
+  my $plan_value = get_snmp_value($session, $plan_oid);
+
+  # strip any leading or trailing non zeros
+  $used_value =~ s/\D*(\d+)\D*/$1/g if defined $used_value;
+  $pct_value =~ s/\D*(\d+)\D*/$1/g if defined $pct_value;
+  $plan_value =~ s/\D*(\d+)\D*/$1/g if defined $plan_value;
+
+  if ( $pct_value >= $crit ) {
+    $return_state = "CRITICAL";
+    $return_string = "Data Usage is critical: " . $pct_value . "% (" . $used_value . " MB / " . $plan_value . " MB)";
+  } elsif ( $pct_value >= $warn ) {
+    $return_state = "WARNING";
+    $return_string = "Data Usage is warning: " . $pct_value . "% (" . $used_value . " MB / " . $plan_value . " MB)";
+  } else {
+    $return_state = "OK";
+    $return_string = "Data Usage is okay: " . $pct_value . "% (" . $used_value . " MB / " . $plan_value . " MB)";
+  }
+
+  $perf = "|'data'=" . $pct_value . "%;" . $warn . ";" . $crit . " 'data_mb'=" . $used_value . "MB;; 'plan_mb'=" . $plan_value . "MB;;";
+  $return_string = $return_state . ": " . $curr_device . " (Current device: " . $curr_serial .") " . $return_string . $perf;
+
+  return ($return_state, $return_string);
+}
+
+sub get_fex_conn_state {
+  my $conn_oid = $_[0];
+
+  my $conn_value = get_snmp_value($session, $conn_oid);
+
+  if ( defined $conn_value && $conn_value =~ /CONN_STATE_CONNECTED/i ) {
+    $return_state = "OK";
+    $return_string = "Modem Connection is UP (" . $conn_value . ")";
+  } else {
+    $return_state = "CRITICAL";
+    $return_string = "Modem Connection is DOWN (" . (defined $conn_value ? $conn_value : "Unknown") . ")";
+  }
+
+  $return_string = $return_state . ": " . $curr_device . " (Current device: " . $curr_serial .") " . $return_string;
+
+  return ($return_state, $return_string);
+}
+
 sub get_pktloss_value {
   my $value = get_snmp_value($session, $oid_chklink_pktloss1);
   if ( $value >= $crit ) {
@@ -691,13 +759,21 @@ sub get_health_value {
   my $label = $_[1];
   my $UOM   = $_[2];
 
-  if ( $slave == 1 ) {
+  # Protect scalar nodes ending in .0 from having .1 or .2 erroneously appended
+  if ( $_[0] =~ /\.0$/ ) {
+      $oid = $_[0];
+      $label = "slave_" . $label if ($slave == 1);
+  } elsif ( $slave == 1 ) {
       $oid = $_[0] . ".2";
       $label = "slave_" . $label;
   } elsif ( $curr_serial =~ /^FG100A/ ) {
       $oid = $_[0];
   } elsif ( $curr_serial =~ /^FG201/ ) {
       $oid = $_[0];
+  } elsif ( $curr_serial =~ /^FGT/ ) {
+      $oid = $_[0];
+  } elsif ( $curr_serial =~ /^FG80F/ ) {
+      $oid = $_[0];   
   } elsif ( $curr_serial =~ /^FG/ ) {
       $oid = $_[0] . ".1";
   } else {
@@ -1646,7 +1722,7 @@ =head2 Other
 =over
 
 =item B<-T|--type>
-STRING - CPU, MEM, cpu-sys, mem-sys, ses, VPN, net, disk, ha, hasync, uptime, Cluster, wtp, switch, hw, fazcpu, fazmem, fazdisk, sdwan-hc, pktloss, pktloss2, fmgdevice, license, license-version, linkmonitor-hc
+STRING - CPU, MEM, cpu-sys, mem-sys, ses, VPN, net, disk, data, conn, ha, hasync, uptime, Cluster, wtp, switch, hw, fazcpu, fazmem, fazdisk, sdwan-hc, pktloss, pktloss2, fmgdevice, license, license-version, linkmonitor-hc
 
 =item B<-S|--serial>
 STRING - Primary serial number.