No socket found. Drop.

Posted by
Facebooktwitterredditpinterestlinkedintumblr

Issue: I get an error when I performed an SNMP walk on VDOMs. Debug flow logs showed “No socket found. Drop.”. Security and SNMP policies are set to allow SNMP query.

id=20085 trace_id=1131 msg="vd-vdom_test received a packet(proto=17, 172.28.254.3:41678->10.151.30.42:161) from port1.3041."
id=20085 trace_id=1131 msg="Find an existing session, id-0026d36d, original direction"
id=20085 trace_id=1131 msg="No socket found. Drop."
id=20085 trace_id=1132 msg="vd-vdom_test received a packet(proto=17, 172.28.254.3:41678->10.151.30.42:161) from port1.3041."
id=20085 trace_id=1132 msg="Find an existing session, id-0026d36d, original direction"
id=20085 trace_id=1132 msg="No socket found. Drop."
id=20085 trace_id=1133 msg="vd-vdom_test received a packet(proto=17, 172.28.254.3:41678->10.151.30.42:161) from port1.3041."
id=20085 trace_id=1133 msg="Find an existing session, id-0026d36d, original direction"
id=20085 trace_id=1133 msg="No socket found. Drop."
id=20085 trace_id=1134 msg="vd-vdom_test received a packet(proto=17, 172.28.254.3:54345->10.151.30.42:161) from port1.3041."
id=20085 trace_id=1134 msg="allocate a new session-0026d386"
id=20085 trace_id=1134 msg="No socket found. Drop."

Platform: Fortinet Fortigate UTM running FortiOS 5.x.

Solution: I don’t have a solution for this yet. If you come across of the solution please share by commenting.
I found the solution. As stated on FortiOS Handbook Virtual Domains for FortiOS 5.0 documentation:

Management systems such as SNMP, logging, alert email, FDN-based updates, and NTP-based time setting use addresses and routing in the management VDOM to communicate
with the network. They can connect only to network resources that communicate with the management VDOM. Using a separate VDOM for management traffic enables easier
management of the FortiGate unit global settings, and VDOM administrators can also manage their VDOMs more easily

So by following the guidelines above, I can query the Fortigate via SNMP on any interface that belongs to root VDOM without any issue. This is presented by red circle on the diagram below.

Fortigate VDOM

4 comments

  1. Hi Rejohn,
    We have a similar issue.

    Root VDOM has a default route. The SNMP traffic is coming in via mgmt interface but the traffic is dropped with the message (line=980 msg=”No socket found. Drop.”)

    Can you provide your solution, i could not understand the diagram.

    Thanks.

  2. There is a typo on the diagram. I’ll update it later. Diagram updated.

    With my issue, if I SNMP query any interfaces that don’t belong to root VDOM (using my diagram that would be querying red and blue VDOMs) the query failed and I got a “No socket found. Drop.” message. The solution is to only query the interfaces that belongs root VDOM designated by the red circles on the diagram.

    Could you share your entire config (post it on pastebin and share the link here).

  3. Hi,

    Fortigate sent “No socket found. Drop”. Finally, I find that the interface SNMP has to be in Management VDOM (Usually Root).

    Bye,

  4. If the snmp engine is not enabled that error can occur as well:

    ceagfw01_slc04 (global) # show system snmp sysinfo | grep status
    set status disable

Leave a Reply

Your email address will not be published. Required fields are marked *

*