Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiWiFi and FortiAP Cookbook

    Home FortiAP / FortiWiFi 6.4.0 FortiWiFi and FortiAP Cookbook
    6.4.0
    6.4.0
    6.2.0

    Direct SNMP monitor

    Direct SNMP monitor

    You can enable SNMP directly on FortiAP by implementing a SNMPD daemon/subagent on the FortiAP side.

    To configure SNMP operation settings per VDOM:
    config wireless-controller snmp
    set engine-id "fap-fortinet"
    set contact-info "user@example.com"
    set trap-high-cpu-threshold 80
    set trap-high-mem-threshold 80
    config community
        edit 1
            set name "fap-comm-1"
            set status enable
            set query-v1-status enable
            set query-v2c-status enable
            set trap-v1-status enable
            set trap-v2c-status enable
            config hosts
                edit 1
                    set ip 192.168.1.168 255.255.255.0
                next
            end
        next
    end
    config user
        edit "fap"
            set status enable
            set queries enable
            set trap-status enable
            set security-level no-auth-no-priv
            set notify-hosts 192.168.1.168
        next
    end
end
    To allow SNMP access in FortiAP profiles or per FortiAP device:
    config wireless-controller wtp-profile
    edit FAP423E-default
        append allowaccess snmp
    next
end
    To disallow SNMP access in FortiAP profiles or per FortiAP device:
    config wireless-controller wtp-profile
    edit FAP423E-default
        unselect allowaccess snmp
    next
end

    FortiAP SNMP implementation

    FortiAP-S and FortiAP-W2 6.2 and later support SNMP query and trap messages according to the wireless controller SNMP settings pushed from the FortiGate device.

    The example below shows an Ubuntu-OS querying a FortiAP 222E unit with the snmpwalk command. The SNMP agent software has the FORTINET-FORTIAP-MIB already imported.

    tester@ControlPC:~$ snmpwalk -v 2c -c QAMikeAn 172.18.56.32 .1.3.6.1.4.1.12356.120.1
FORTINET-FORTIAP-MIB::fapVersion.0 = STRING: FP222E-v6.2-build0231
FORTINET-FORTIAP-MIB::fapSerialNum.0 = STRING: FP222E3X17000073
FORTINET-FORTIAP-MIB::fapHostName.0 = STRING: FortiAP-222E
FORTINET-FORTIAP-MIB::fapRegionCode.0 = STRING: A
FORTINET-FORTIAP-MIB::fapBaseMacAddr.0 = STRING: 70:4c:a5:5d:ea:d0
FORTINET-FORTIAP-MIB::fapBiosVer.0 = STRING: 04000002
FORTINET-FORTIAP-MIB::fapBiosDataVer.0 = INTEGER: 3
FORTINET-FORTIAP-MIB::fapSysPartNum.0 = STRING: 20844-04

    Five kinds of trap messages can be sent by the FortiAP-S and FortiAP-W2 devices:

    • fapDevUp: Indicates that the specified AP device is up.
    • CpuOverloadfap: Indicates that the CPU usage of the specified AP has exceeded the configured threshold.
    • MemOverload: Indicates that the memory usage of the specified AP has exceeded the configured threshold.
    • fapDevDown: Indicates that the specified AP device is down.
    • fapfapAcConnected: Indicates that the specified AP device has connected to the specified AC.

    The following screenshot shows an SNMP trap receiver (SnmpB) that has received one fapDevUp trap message from a FortiAP unit (serial number: FP222E3X17000000).

    Previous
    Next

    Direct SNMP monitor

    Direct SNMP monitor

    You can enable SNMP directly on FortiAP by implementing a SNMPD daemon/subagent on the FortiAP side.

    To configure SNMP operation settings per VDOM:
    config wireless-controller snmp
    set engine-id "fap-fortinet"
    set contact-info "user@example.com"
    set trap-high-cpu-threshold 80
    set trap-high-mem-threshold 80
    config community
        edit 1
            set name "fap-comm-1"
            set status enable
            set query-v1-status enable
            set query-v2c-status enable
            set trap-v1-status enable
            set trap-v2c-status enable
            config hosts
                edit 1
                    set ip 192.168.1.168 255.255.255.0
                next
            end
        next
    end
    config user
        edit "fap"
            set status enable
            set queries enable
            set trap-status enable
            set security-level no-auth-no-priv
            set notify-hosts 192.168.1.168
        next
    end
end
    To allow SNMP access in FortiAP profiles or per FortiAP device:
    config wireless-controller wtp-profile
    edit FAP423E-default
        append allowaccess snmp
    next
end
    To disallow SNMP access in FortiAP profiles or per FortiAP device:
    config wireless-controller wtp-profile
    edit FAP423E-default
        unselect allowaccess snmp
    next
end

    FortiAP SNMP implementation

    FortiAP-S and FortiAP-W2 6.2 and later support SNMP query and trap messages according to the wireless controller SNMP settings pushed from the FortiGate device.

    The example below shows an Ubuntu-OS querying a FortiAP 222E unit with the snmpwalk command. The SNMP agent software has the FORTINET-FORTIAP-MIB already imported.

    tester@ControlPC:~$ snmpwalk -v 2c -c QAMikeAn 172.18.56.32 .1.3.6.1.4.1.12356.120.1
FORTINET-FORTIAP-MIB::fapVersion.0 = STRING: FP222E-v6.2-build0231
FORTINET-FORTIAP-MIB::fapSerialNum.0 = STRING: FP222E3X17000073
FORTINET-FORTIAP-MIB::fapHostName.0 = STRING: FortiAP-222E
FORTINET-FORTIAP-MIB::fapRegionCode.0 = STRING: A
FORTINET-FORTIAP-MIB::fapBaseMacAddr.0 = STRING: 70:4c:a5:5d:ea:d0
FORTINET-FORTIAP-MIB::fapBiosVer.0 = STRING: 04000002
FORTINET-FORTIAP-MIB::fapBiosDataVer.0 = INTEGER: 3
FORTINET-FORTIAP-MIB::fapSysPartNum.0 = STRING: 20844-04

    Five kinds of trap messages can be sent by the FortiAP-S and FortiAP-W2 devices:

    • fapDevUp: Indicates that the specified AP device is up.
    • CpuOverloadfap: Indicates that the CPU usage of the specified AP has exceeded the configured threshold.
    • MemOverload: Indicates that the memory usage of the specified AP has exceeded the configured threshold.
    • fapDevDown: Indicates that the specified AP device is down.
    • fapfapAcConnected: Indicates that the specified AP device has connected to the specified AC.

    The following screenshot shows an SNMP trap receiver (SnmpB) that has received one fapDevUp trap message from a FortiAP unit (serial number: FP222E3X17000000).

    Previous
    Next