Fortinet white logo
Fortinet white logo

Handbook

Configuring SNMP trap receivers for remote DDoS attack reporting

Configuring SNMP trap receivers for remote DDoS attack reporting

You must configure SNMP trap receivers for FortiDDoS attack events separately from the system event trap receivers.

Attack Event Trap Receivers allow you to have separate configurations for each SPP, if necessary. You can configure up-to two SNMP trap receivers per SPP. The same trap receiver can be used by multiple SPPs but it must be configured for each SPP.

Before you begin:

  • You must have Read-Write permission for Log & Report settings.
To configure SNMP trap receivers:
  1. Go to Log & Report > Log Configuration > SNMP Trap Receivers.
  2. Click Add to display the configuration editor.
  3. Complete the configuration as described in the table below.
  4. Save the configuration.

SNMP Trap Receivers configuration guidelines

Settings Guidelines
Name Identifies this SNMP trap receiver in the list of receivers.
Enable Enable the configuration.
SPP Select the SPP for the configuration.
IP Address IP address of the SNMP manager that receives attack log traps.
Port Listening port of the SNMP manager. The default value is 162.
Community Username String that specifies the SNMP community to which the FortiDDoS system and the SNMP manager at the specified address belong.
SNMP Version
  • v2c
  • v3
SNMPv3
Engine ID

ID that uniquely identifies the SNMP agent.

If the Engine ID is not entered by the user, the MAC address of the management port is used to generate the Engine ID. For example, if the MAC address is: 08:5b:0e:9f:05:f0, the Engine ID will be: 8000304404085b0e9f05f0 which is the concatenation of the MAC address and Fortinet’s IANA-registered Private Enterprise Number: 8000304404.

To see the default or user-entered Engine ID, use the CLI command get snmp engine-id. The MAC address can be obtained using the CLI command get system interface mgmt1 which displays information about the management port.

v3 Access Type

Three SNMPv3 security modes are available:

  • No Authentication
  • Authentication - enter Authentication Passphrase as required by the SNMP Manager.
  • Privacy - enter BOTH Authentication and Privacy Passphrases required by the SNMP Manager.

The security protocols for SNMPv3 Attack Log Traps are fixed as:

  • Authentication Protocol is SHA1 (MD5 is not available)
  • Privacy Protocol is AES (DES is not available)
Authentication Passphrase If Authentication is required, enter the authentication passphrase required by the SNMP manager.
Privacy Passphrase If Privacy is required, enter the privacy passphrase required by the SNMP manager. Privacy Mode also requires an Authentication Passphrase.

SNMP trap receiver page

To configure with the CLI:

config log setting ddos-attack-snmp-trap-receivers

edit Attack_trap_receiver

set status enable

set spp default

set ip-address 172.30.153.155

set community-username public

next

end

Configuring SNMP trap receivers for remote DDoS attack reporting

Configuring SNMP trap receivers for remote DDoS attack reporting

You must configure SNMP trap receivers for FortiDDoS attack events separately from the system event trap receivers.

Attack Event Trap Receivers allow you to have separate configurations for each SPP, if necessary. You can configure up-to two SNMP trap receivers per SPP. The same trap receiver can be used by multiple SPPs but it must be configured for each SPP.

Before you begin:

  • You must have Read-Write permission for Log & Report settings.
To configure SNMP trap receivers:
  1. Go to Log & Report > Log Configuration > SNMP Trap Receivers.
  2. Click Add to display the configuration editor.
  3. Complete the configuration as described in the table below.
  4. Save the configuration.

SNMP Trap Receivers configuration guidelines

Settings Guidelines
Name Identifies this SNMP trap receiver in the list of receivers.
Enable Enable the configuration.
SPP Select the SPP for the configuration.
IP Address IP address of the SNMP manager that receives attack log traps.
Port Listening port of the SNMP manager. The default value is 162.
Community Username String that specifies the SNMP community to which the FortiDDoS system and the SNMP manager at the specified address belong.
SNMP Version
  • v2c
  • v3
SNMPv3
Engine ID

ID that uniquely identifies the SNMP agent.

If the Engine ID is not entered by the user, the MAC address of the management port is used to generate the Engine ID. For example, if the MAC address is: 08:5b:0e:9f:05:f0, the Engine ID will be: 8000304404085b0e9f05f0 which is the concatenation of the MAC address and Fortinet’s IANA-registered Private Enterprise Number: 8000304404.

To see the default or user-entered Engine ID, use the CLI command get snmp engine-id. The MAC address can be obtained using the CLI command get system interface mgmt1 which displays information about the management port.

v3 Access Type

Three SNMPv3 security modes are available:

  • No Authentication
  • Authentication - enter Authentication Passphrase as required by the SNMP Manager.
  • Privacy - enter BOTH Authentication and Privacy Passphrases required by the SNMP Manager.

The security protocols for SNMPv3 Attack Log Traps are fixed as:

  • Authentication Protocol is SHA1 (MD5 is not available)
  • Privacy Protocol is AES (DES is not available)
Authentication Passphrase If Authentication is required, enter the authentication passphrase required by the SNMP manager.
Privacy Passphrase If Privacy is required, enter the privacy passphrase required by the SNMP manager. Privacy Mode also requires an Authentication Passphrase.

SNMP trap receiver page

To configure with the CLI:

config log setting ddos-attack-snmp-trap-receivers

edit Attack_trap_receiver

set status enable

set spp default

set ip-address 172.30.153.155

set community-username public

next

end