Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    6.3.3
    7.0.3
    7.0.1
    7.0.0
    6.6.3
    6.6.3
    6.6.1
    6.6.0
    6.5.1
    6.5.0
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.1

    Configuring SNMP trap receivers for remote DDoS attack reporting

    Configuring SNMP trap receivers for remote DDoS attack reporting

    You must configure SNMP trap receivers for FortiDDoS attack events separately from the system event trap receivers.

    Attack Event Trap Receivers allow you to have separate configurations for each SPP, if necessary. You can configure up-to two SNMP trap receivers per SPP. The same trap receiver can be used by multiple SPPs but it must be configured for each SPP.

    Before you begin:

    • You must have Read-Write permission for Log & Report settings.
    To configure SNMP trap receivers:
    1. Go to Log & Report > Log Configuration > SNMP Trap Receivers.
    2. Click Add to display the configuration editor.
    3. Complete the configuration as described in the table below.
    4. Save the configuration.

    SNMP Trap Receivers configuration guidelines

    Settings Guidelines
    Name Identifies this SNMP trap receiver in the list of receivers.
    Enable Enable the configuration.
    SPP Select the SPP for the configuration.
    IP Address IP address of the SNMP manager that receives attack log traps.
    Port Listening port of the SNMP manager. The default value is 162.
    Community Username String that specifies the SNMP community to which the FortiDDoS system and the SNMP manager at the specified address belong.
    SNMP Version
    • v2c
    • v3
    SNMPv3
    Engine ID

    ID that uniquely identifies the SNMP agent.

    If the Engine ID is not entered by the user, the MAC address of the management port is used to generate the Engine ID. For example, if the MAC address is: 08:5b:0e:9f:05:f0, the Engine ID will be: 8000304404085b0e9f05f0 which is the concatenation of the MAC address and Fortinet’s IANA-registered Private Enterprise Number: 8000304404.

    To see the default or user-entered Engine ID, use the CLI command get snmp engine-id. The MAC address can be obtained using the CLI command get system interface mgmt1 which displays information about the management port.
    v3 Access Type

    Three SNMPv3 security modes are available:

    • No Authentication
    • Authentication - enter Authentication Passphrase as required by the SNMP Manager.
    • Privacy - enter BOTH Authentication and Privacy Passphrases required by the SNMP Manager.

    The security protocols for SNMPv3 Attack Log Traps are fixed as:

    • Authentication Protocol is SHA1 (MD5 is not available)
    • Privacy Protocol is AES (DES is not available)
    Authentication Passphrase If Authentication is required, enter the authentication passphrase required by the SNMP manager.
    Privacy Passphrase If Privacy is required, enter the privacy passphrase required by the SNMP manager. Privacy Mode also requires an Authentication Passphrase.

    SNMP trap receiver page

    To configure with the CLI:

    config log setting ddos-attack-snmp-trap-receivers

    edit Attack_trap_receiver

    set status enable

    set spp default

    set ip-address 172.30.153.155

    set community-username public

    next

    end
    Previous
    Next

    Configuring SNMP trap receivers for remote DDoS attack reporting

    Configuring SNMP trap receivers for remote DDoS attack reporting

    You must configure SNMP trap receivers for FortiDDoS attack events separately from the system event trap receivers.

    Attack Event Trap Receivers allow you to have separate configurations for each SPP, if necessary. You can configure up-to two SNMP trap receivers per SPP. The same trap receiver can be used by multiple SPPs but it must be configured for each SPP.

    Before you begin:

    • You must have Read-Write permission for Log & Report settings.
    To configure SNMP trap receivers:
    1. Go to Log & Report > Log Configuration > SNMP Trap Receivers.
    2. Click Add to display the configuration editor.
    3. Complete the configuration as described in the table below.
    4. Save the configuration.

    SNMP Trap Receivers configuration guidelines

    Settings Guidelines
    Name Identifies this SNMP trap receiver in the list of receivers.
    Enable Enable the configuration.
    SPP Select the SPP for the configuration.
    IP Address IP address of the SNMP manager that receives attack log traps.
    Port Listening port of the SNMP manager. The default value is 162.
    Community Username String that specifies the SNMP community to which the FortiDDoS system and the SNMP manager at the specified address belong.
    SNMP Version
    • v2c
    • v3
    SNMPv3
    Engine ID

    ID that uniquely identifies the SNMP agent.

    If the Engine ID is not entered by the user, the MAC address of the management port is used to generate the Engine ID. For example, if the MAC address is: 08:5b:0e:9f:05:f0, the Engine ID will be: 8000304404085b0e9f05f0 which is the concatenation of the MAC address and Fortinet’s IANA-registered Private Enterprise Number: 8000304404.

    To see the default or user-entered Engine ID, use the CLI command get snmp engine-id. The MAC address can be obtained using the CLI command get system interface mgmt1 which displays information about the management port.
    v3 Access Type

    Three SNMPv3 security modes are available:

    • No Authentication
    • Authentication - enter Authentication Passphrase as required by the SNMP Manager.
    • Privacy - enter BOTH Authentication and Privacy Passphrases required by the SNMP Manager.

    The security protocols for SNMPv3 Attack Log Traps are fixed as:

    • Authentication Protocol is SHA1 (MD5 is not available)
    • Privacy Protocol is AES (DES is not available)
    Authentication Passphrase If Authentication is required, enter the authentication passphrase required by the SNMP manager.
    Privacy Passphrase If Privacy is required, enter the privacy passphrase required by the SNMP manager. Privacy Mode also requires an Authentication Passphrase.

    SNMP trap receiver page

    To configure with the CLI:

    config log setting ddos-attack-snmp-trap-receivers

    edit Attack_trap_receiver

    set status enable

    set spp default

    set ip-address 172.30.153.155

    set community-username public

    next

    end
    Previous
    Next