Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

Handbook

Configuring SNMP

Many organizations use SNMP (simple network management protocol) to track the health of their systems. FortiADC supports SNMP v1, v2c, and v3.

SNMP depends on network devices that maintain standard management information bases (MIBs). MIBs describe the structure of the management data maintained on the device. Some MIB definitions are standard for all network devices, and some are vendor and product-family specific.

The FortiADC system runs an SNMP agent to communicate with the SNMP manager. The agent enables the system to respond to SNMP queries for system information to the SNMP manager.

SNMP communication illustrates the basic communication.

SNMP communication

With SNMP v1 and v2c managers, you configure SNMP communities to connect FortiADC and the SNMP manager. The SNMP Manager sends the community string along with all SNMP requests. If the community string is correct, the device responds with the requested information. If the community string is incorrect, the device simply discards the request and does not respond.

caution icon Fortinet strongly recommends that you do not add FortiADC to the community named public. This default name is well-known, and attackers that attempt to gain access to your network often try this name first.

With SNMPv3 managers, you configure SNMP users to connect FortiADC and the SNMP manager. Queries and traps include username/password authentication, along with an encryption key. FortiADC implements the user security model described in RFC 3414.

Before you begin:

  • On the SNMP manager, you must verify that the SNMP manager is a member of the community to which the FortiADC system belongs, and you must compile the necessary Fortinet-proprietary management information blocks (MIBs) and Fortinet-supported standard MIBs. For information on Fortinet MIBs, see Appendix A: Fortinet MIBs.
  • In the FortiADC interface settings, you must enable SNMP access on the network interface through which the SNMP manager connects.
  • You must have Read-Write permission for System settings.
To configure SNMP system information:
  1. Go to System > SNMP.
  2. Click the System Information tab.
  3. Complete the configuration as described in SNMP settings.
  4. Save the configuration.

SNMP settings

Settings Guidelines
SNMP Agent Disabled by default. Enable to activate the SNMP agent so that the system can d receive SNMP queries.
Description A description or comment about the system, such as dont‑reboot. The description can be up to 35 characters long, and can contain only letters (a-z, A-Z), numbers, hyphens ( ‑ ) and underscores ( _ ).
Contact Contact information for the administrator or other person responsible for this system, such as a phone number (555-5555) or name (jdoe). The contact information can be up to 35 characters long, and can contain only letters (a-z, A-Z), numbers, hyphens ( ‑ ) and underscores ( _ ).
Location Physical location of the appliance, such as floor2. The location can be up to 35 characters long, and can contain only letters (a-z, A-Z), numbers, hyphens ( ‑ ) and underscores ( _ ).
Downloading SNMP MIB files

You can download the FortiADC SNMP MIB file or the Fortinet core MIB file using the links at the bottom of the page.

For more information, refer to Appendix A: Fortinet MIBs.

 

Configuring SNMP

Many organizations use SNMP (simple network management protocol) to track the health of their systems. FortiADC supports SNMP v1, v2c, and v3.

SNMP depends on network devices that maintain standard management information bases (MIBs). MIBs describe the structure of the management data maintained on the device. Some MIB definitions are standard for all network devices, and some are vendor and product-family specific.

The FortiADC system runs an SNMP agent to communicate with the SNMP manager. The agent enables the system to respond to SNMP queries for system information to the SNMP manager.

SNMP communication illustrates the basic communication.

SNMP communication

With SNMP v1 and v2c managers, you configure SNMP communities to connect FortiADC and the SNMP manager. The SNMP Manager sends the community string along with all SNMP requests. If the community string is correct, the device responds with the requested information. If the community string is incorrect, the device simply discards the request and does not respond.

caution icon Fortinet strongly recommends that you do not add FortiADC to the community named public. This default name is well-known, and attackers that attempt to gain access to your network often try this name first.

With SNMPv3 managers, you configure SNMP users to connect FortiADC and the SNMP manager. Queries and traps include username/password authentication, along with an encryption key. FortiADC implements the user security model described in RFC 3414.

Before you begin:

  • On the SNMP manager, you must verify that the SNMP manager is a member of the community to which the FortiADC system belongs, and you must compile the necessary Fortinet-proprietary management information blocks (MIBs) and Fortinet-supported standard MIBs. For information on Fortinet MIBs, see Appendix A: Fortinet MIBs.
  • In the FortiADC interface settings, you must enable SNMP access on the network interface through which the SNMP manager connects.
  • You must have Read-Write permission for System settings.
To configure SNMP system information:
  1. Go to System > SNMP.
  2. Click the System Information tab.
  3. Complete the configuration as described in SNMP settings.
  4. Save the configuration.

SNMP settings

Settings Guidelines
SNMP Agent Disabled by default. Enable to activate the SNMP agent so that the system can d receive SNMP queries.
Description A description or comment about the system, such as dont‑reboot. The description can be up to 35 characters long, and can contain only letters (a-z, A-Z), numbers, hyphens ( ‑ ) and underscores ( _ ).
Contact Contact information for the administrator or other person responsible for this system, such as a phone number (555-5555) or name (jdoe). The contact information can be up to 35 characters long, and can contain only letters (a-z, A-Z), numbers, hyphens ( ‑ ) and underscores ( _ ).
Location Physical location of the appliance, such as floor2. The location can be up to 35 characters long, and can contain only letters (a-z, A-Z), numbers, hyphens ( ‑ ) and underscores ( _ ).
Downloading SNMP MIB files

You can download the FortiADC SNMP MIB file or the Fortinet core MIB file using the links at the bottom of the page.

For more information, refer to Appendix A: Fortinet MIBs.