Configuring SNMP for remote alarm event trap reporting and MIB queries
An SNMP community is a grouping of equipment for network monitoring purposes. The FortiDDoS-F SNMP agent does not respond to SNMP managers whose query packets do not contain a matching community name. Similarly, trap packets from the FortiDDoS-F agent include community name, and an SNMP manager might not accept the trap if its community name does not match.
Fortinet Technologies Inc. strongly recommends that you do not add FortiDDoS-F to the community named |
This page describes setup of the FortiDDoS SNMP agent for SNMP MIB Queries and alarm Traps. Refer to the list of SNMP traps and conditions.
For setup of Attack Log traps, please refer to Configuring SNMP trap receivers for remote DDoS attack reporting. |
Test both traps and queries (assuming you have enabled both). Traps and queries typically occur on different port numbers, and therefore verifying one does not necessarily verify that the other is also functional. To test queries, from your SNMP manager, query the FortiDDoS appliance. To test traps, cause one of the events that should trigger a trap. |
Basic steps:
- Add the Fortinet and FortiDDoS MIBs to your SNMP manager.
See Appendix C: Management Information Base (MIB). - Go to System > SNMP and configure the SNMP agent and traps for system events.
Before you begin:
- On the SNMP manager, you must verify that the SNMP manager is a member of the community to which the FortiDDoS-F system belongs, and compile the necessary Fortinet Technologies Inc.-proprietary management information blocks (MIBs) and Fortinet Technologies Inc.-supported standard MIBs.
- In the FortiDDoS interface settings, you must enable SNMP access on the network interface through which the SNMP manager connects.
- You must have Read-Write permission for System settings.
To configure SNMP system information:
- Go to System > SNMP > Config > Threshold/ SNMPv1v2/SNMPv3.
- Complete the configuration as described in the following tables.
- Save the configuration.
SNMP Threshold settings for system event reporting
Settings | Guidelines |
---|---|
CPU |
The system records CPU utilization at the Sample Frequency (default, every 30 seconds) and creates an Alert if the Utilization is over the Trigger threshold (default, 80%) the number of times determined by the Threshold (default, 3 times) within the Sample Period (default 600 seconds)
Note: CPU utilization is for the Management and Reporting Plane CPUs only. All Data Plane processing is done via the TP2 Security Processing Units. TP2 are designed to work to the maximum packet and data rates that can presented on 2x10GE links. The Capacity can be seen on the Dashboard > Data Path Resources table. There are currently no threshold traps for Data Path Resources. In the unlikely event of memory problems Out of Memory attack events will be seen in the Attack Logs. |
Memory |
The system records Memory utilization at the Sample Frequency (default, every 30 seconds) and creates an Alert if the Utilization is over the Trigger threshold (default, 80%) the number of times determined by the Threshold (default, 3 times) within the Sample Period (default 600 seconds)
|
Disk (Log disk usage) |
The system records Log Disk utilization at the Sample Frequency (default, every 3600 seconds) and creates an Alert if the Utilization is over the Trigger threshold (default, 90%) the number of times determined by the Threshold (default, once) within the Sample Period (default 3600 seconds)
|
Use similar CLI commands to configure SNMP thresholds:
config system snmp threshold
end |
SNMP Community settings for system event reporting
Settings | Guidelines |
---|---|
Name |
Name of the SNMP community to which the FortiDDoS-F system and at least one SNMP manager belongs, such as management . You must configure the FortiDDoS-F system to belong to at least one SNMP community so that community’s SNMP managers can query system information and receive SNMP traps. You can add up to three SNMP communities. Each community can have a different configuration for queries and traps, and the set of events that trigger a trap. You can also add the IP addresses of up to eight SNMP managers to each community to designate the destination of traps and which IP addresses are permitted to query the FortiDDoS-F system. Name can be up to 35 characters long and contain only letters (a-z, A-Z), numbers, hyphens ( - ) and underscores ( _ ). |
Status | Select to enable the configuration. |
Queries | Port number on which the system listens for SNMP queries from the SNMP managers in this community. The default is 161. Enable queries for SNMP v1, SNMP v2c, or both. SNMP v3 Query settings are available under User tab. |
Traps | Source (Local) port number and destination (Remote) port number for trap packets sent to SNMP managers in this community. The default is 162. SNMP v3 Trap settings are available under User tab. Enable traps for SNMP v1, SNMP v2c, or both. See SNMP traps and conditions. |
SNMP Event | Select to enable SNMP event reporting for the following thresholds:
|
Hosts | IP address of the SNMP manager to receive traps and be permitted to query the FortiDDoS system. SNMP managers have read-only access. You can add up to 8 SNMP managers to each community. Caution: The system sends security-sensitive traps, which should be sent only over a trusted network, and only to administrative equipment. |
To configure SNMPv1/v2 with CLI: config system snmp community
end |
Settings | Guidelines |
---|---|
Name | User name that the SNMP Manager uses to communicate with the SNMP Agent. After you initially
save the configuration, you cannot edit the name. Name can be up to 35 characters long and contain only letters (a-z, A-Z), numbers, hyphens ( - ) and underscores ( _ ). |
Status | Enable/disable the configuration. |
Security Level |
|
Query | Port number on which the system listens for SNMP v3 queries from the SNMP managers for this user. The default is 161. Enable queries for SNMP v3. |
Traps | Source (Local) port number and destination (Remote) port number for SNMP v3 trap packets sent to
SNMP managers for this user. The default is 162.
Enable traps for SNMP v3. See SNMP traps and conditions. |
Events | Select to enable SNMP event reporting for the following thresholds:
|
Hosts | IP Address—Subnet address for the SNMP manager to receive traps and be permitted to
query the FortiDDoS system. SNMP managers have read-only access. You can add up to 8
SNMP managers to each community. Caution: The system sends security-sensitive traps, which should be sent only over a trusted network, and only to administrative equipment. |
Restrict Hosts Checkbox | Host Configured | Host SNMP Query Restrictions | Trap Receivers | Comments |
Enabled | No | No restrictions (any host) | None | |
Yes | Restricted to configured hosts (up to 8) | Sent to configured Hosts (up to 8) | Managers and Trap receivers must be shared | |
Disabled | No | No restrictions | None | |
Yes | No restrictions | Sent to configured Hosts (up to 8) |
System SNMP traps and conditions
SNMP traps | Conditions |
---|---|
Power supply failure | In dual power supply systems, one supply has failed. |
Cold restart | System reboots due to power supply cycle. |
Warm restart | User reboots the system. |
Link down | Data port goes down. |
Link UP | Data port comes up. |
IP change | Management port IP is changed. |
CPU usage | CPU usage goes above the configured threshold. See SNMP Thresholds above. |
Memory usage | Memory usage goes above the configured threshold. See SNMP Thresholds above. |
Disk usage | Disk usage goes above the configured threshold. See SNMP Thresholds above. |
Use similar CLI commands to configure SNMP user: config system snmp user
end |