Fortinet white logo
Fortinet white logo

CLI Reference

config system snmp user

config system snmp user

Use this command to manage SNMP settings.

Before you begin:

  • You must have read-write permission for system settings.

Syntax

config system snmp user

edit <name>

set query-status {enable|disable}

set queryport <integer>

set security-level {authnopriv | authpriv | noauthnopriv}

set auth-proto {sha1|md5}

set auth-pwd <passwd>

set priv-proto {aes|des}

set priv-pwd <passwd>

set status {enable|disable}

config host

edit <name>

set ip <subnet>

next

end

next

end

query-status

Enable/disable SNMP queries.

queryport

Port number on which the system listens for SNMP queries from the SNMP managers in this community. The default is 161.

security-level

  • authnopriv—Authenticated but unencrypted.
  • authpriv—Authenticated and encrypted.
  • noauthnopriv—Unauthenticated and unencrypted.

auth-proto

  • SHA1
  • MD5

auth-pwd

Passphrase used to generate the key.

priv-proto

  • AES
  • DES

priv-pwd

Passphrase used to generate the key.

status

Enable/disable the user configuration.

config host

ip

Specify a subnet address for the SNMP manager to receive traps and be permitted to query the FortiADC system.

SNMP managers have read-only access. You can add up to 8 SNMP managers for a user.

To allow any IP address using this SNMP username to query the FortiADC system, enter 0.0.0.0/0. For security best practice reasons, however, this is not recommended.

Caution: The system sends security-sensitive traps, which should be sent only over a trusted network, and only to administrative equipment.

Note: If there are no other host IP entries, entering only 0.0.0.0/0 effectively disables traps because there is no specific destination for trap packets. If you do not want to disable traps, you must add at least one other entry that specifies the IP address of an SNMP manager.

Example

FortiADC-VM # config system snmp user

FortiADC-VM (user) # edit docs

Add new entry 'docs' for node 1152

FortiADC-VM (docs) # set status enable

FortiADC-VM (docs) # end

FortiADC-VM # get system snmp user docs

status : enable

security-level :

query-status : disable

queryport : 161

trap-status : disable

trapport-local : 162

trapport-remote : 162

trapevent : cpu mem logdisk system raid ha remote-storage

config system snmp user

config system snmp user

Use this command to manage SNMP settings.

Before you begin:

  • You must have read-write permission for system settings.

Syntax

config system snmp user

edit <name>

set query-status {enable|disable}

set queryport <integer>

set security-level {authnopriv | authpriv | noauthnopriv}

set auth-proto {sha1|md5}

set auth-pwd <passwd>

set priv-proto {aes|des}

set priv-pwd <passwd>

set status {enable|disable}

config host

edit <name>

set ip <subnet>

next

end

next

end

query-status

Enable/disable SNMP queries.

queryport

Port number on which the system listens for SNMP queries from the SNMP managers in this community. The default is 161.

security-level

  • authnopriv—Authenticated but unencrypted.
  • authpriv—Authenticated and encrypted.
  • noauthnopriv—Unauthenticated and unencrypted.

auth-proto

  • SHA1
  • MD5

auth-pwd

Passphrase used to generate the key.

priv-proto

  • AES
  • DES

priv-pwd

Passphrase used to generate the key.

status

Enable/disable the user configuration.

config host

ip

Specify a subnet address for the SNMP manager to receive traps and be permitted to query the FortiADC system.

SNMP managers have read-only access. You can add up to 8 SNMP managers for a user.

To allow any IP address using this SNMP username to query the FortiADC system, enter 0.0.0.0/0. For security best practice reasons, however, this is not recommended.

Caution: The system sends security-sensitive traps, which should be sent only over a trusted network, and only to administrative equipment.

Note: If there are no other host IP entries, entering only 0.0.0.0/0 effectively disables traps because there is no specific destination for trap packets. If you do not want to disable traps, you must add at least one other entry that specifies the IP address of an SNMP manager.

Example

FortiADC-VM # config system snmp user

FortiADC-VM (user) # edit docs

Add new entry 'docs' for node 1152

FortiADC-VM (docs) # set status enable

FortiADC-VM (docs) # end

FortiADC-VM # get system snmp user docs

status : enable

security-level :

query-status : disable

queryport : 161

trap-status : disable

trapport-local : 162

trapport-remote : 162

trapevent : cpu mem logdisk system raid ha remote-storage