SNMP
Simple Network Management Protocol (SNMP) enables you to monitor hardware on your network. You can configure the hardware, such as the FortiAuthenticator SNMP agent, to report system information and send traps (alarms or event messages) to SNMP managers. An SNMP manager, or host, is typically a computer running an application that can read the incoming trap and event messages from the agent, and send out SNMP queries to the SNMP agents.
By using an SNMP manager, you can access SNMP traps and data from any FortiAuthenticator interface configured for SNMP management access. Part of configuring an SNMP manager is listing it as a host in a community on the FortiAuthenticator device it will be monitoring. Otherwise, the SNMP monitor will not receive any traps from that device, or be able to query that device.
The FortiAuthenticator SNMP implementation is read-only. SNMP v1, v2c, and v3 compliant SNMP managers have read-only access to system information through queries and can receive trap messages from FortiAuthenticator.
To monitor FortiAuthenticator system information and receive FortiAuthenticator traps, your SNMP manager needs the Fortinet and FortiAuthenticator Management Information Base (MIB) files. A MIB is a text file that lists the SNMP data objects that apply to the monitored device. These MIBs provide information that the SNMP manager needs to interpret the SNMP trap, event, and query messages sent by FortiAuthenticator SNMP agent.
The Fortinet implementation of SNMP includes support for most of RFC 2665 (Ethernet‑like MIB) and most of RFC 1213 (MIB II). RFC support for SNMP v3 includes Architecture for SNMP Frameworks (RFC 3411), and partial support of User-based Security Model (RFC 3414).
SNMP traps alert you to important events that occur, such as overuse of memory or a high rate of authentication failures.
SNMP fields contain information about FortiAuthenticator, such as CPU usage percentage or the number of sessions. This information is useful for monitoring the condition of the unit on an ongoing basis and to provide more information when a trap occurs.
Configuring SNMP
Before a remote SNMP manager can connect to the Fortinet agent, you must configure one or more interfaces to accept SNMP connections by going to System > Network > Interfaces. Edit the interface, and under Admin access, enable SNMP. See Network.
You can also set the thresholds that trigger various SNMP traps. Note that a setting of zero disables the trap.
To configure SNMP settings:
- Go to System > Administration > SNMP.
- Enter the following information:
- Select OK to apply the changes.
To create a new SNMP community:
- Go to System > Administration > SNMP.
- Select Create New under SNMP v1/v2c. The Create New SNMP V1/v2c window opens.
- Enter the following information in the SNMPv1/v2c section:
Community name The name of the SNMP community. Events Select the events for which traps are enabled. Options include:
- CPU usage is high
- Memory is low
- Interface IP is changed
- Auth users threshold exceeded
- Auth group threshold exceeded
- Radius NAS threshold exceeded
- Auth event rate threshold exceeded
- Auth failure rate threshold exceeded
- User lockout detected
- HA status is changed
- Power Supply Unit failure
The Power Supply Unit failure event is available with hardware units that support the Power Supply Monitor widget. See Power supply monitor widget.
- Disk usage is high
- HA sync activity is low
- RAID status changed
- In SNMP Hosts, select Add another SNMP Host and enter the following information:
IP/Netmask Enter the IP address and netmask of the host. Queries Select if this host uses queries. Traps Select if this host uses traps. Delete Select to delete the host. - Select OK to create the new SNMP community.
To create a new SNMP user:
- Go to System > Administration > SNMP.
- Select Create New under SNMP v3. The Create New SNMP V3 window opens.
- Enter the following information in the General section:
Username The name of the SNMP user. Security level Select the security level from the dropdown menu:
- None: No authentication or encryption.
- Authentication only: Select the Authentication method then enter the authentication key in the Authentication key field.
- Encryption and authentication: Select the Authentication method, enter the authentication key in the Authentication key field, then select the Encryption method and enter the encryption key in the Encryption key field. This option is set by default.
Events Select the events for which traps are enabled. See Events. - In SNMP Notification Hosts, select Add another SNMP Notification Host and enter the following information:
IP/Netmask Enter the IP address and netmask of the notification host. Delete Select to delete the notification host. - Select OK to create the new SNMP V3 user.
To download MIB files:
- Go to System > Administration > SNMP.
- Under FortiAuthenticator SNMP MIB, select the MIB file you need to download, options include the FortiAuthenticator MIB and Fortinet Core MIB files.