Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    6.6.1
    7.0.3
    7.0.1
    7.0.0
    6.6.3
    6.6.3
    6.6.1
    6.6.0
    6.5.1
    6.5.0
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.1

    Configuring SNMP for remote alarm event trap reporting and MIB queries

    Configuring SNMP for remote alarm event trap reporting and MIB queries

    An SNMP community is a grouping of equipment for network monitoring purposes. The FortiDDoS-F SNMP agent does not respond to SNMP managers whose query packets do not contain a matching community name. Similarly, trap packets from the FortiDDoS-F agent include community name, and an SNMP manager might not accept the trap if its community name does not match.

    Fortinet Technologies Inc. strongly recommends that you do not add FortiDDoS-F to the community named public. This popular default name is well-known, and attackers that gain access to your network will often try this name first.

    This page describes setup of the FortiDDoS SNMP agent for SNMP MIB Queries and alarm Traps. Refer to the list of SNMP traps and conditions.

    For setup of Attack Log traps, please refer to Configuring SNMP trap receivers for remote DDoS attack reporting.

    Test both traps and queries (assuming you have enabled both). Traps and queries typically occur on different port numbers, and therefore verifying one does not necessarily verify that the other is also functional.

    To test queries, from your SNMP manager, query the FortiDDoS appliance. To test traps, cause one of the events that should trigger a trap.

    SNMP MIB Interface Statistics (IF-MIB)

    The standard IF-MIB is suitable only for the Mgmt ports on FortiDDoS since the FortiDDoS traffic ports have no IP addresses.

    If you wish to poll for status and traffic information on the traffic ports, import the FORTNET-FORTIDDOS-MIB and look for the fddPorts folder as shown in the image below.

    This MIB also includes the full list of Attack trap information available.
    Basic steps:
    1. Add the Fortinet and FortiDDoS MIBs to your SNMP manager.
      See Appendix C: Management Information Base (MIB).
      Note: Most users automatically use MIB II when looking for interface traffic statistics. FortiDDoS traffic ports do not support IP addresses so they do not conform to MIB II. Only the Management Ports can be polled by MIB II Queries. Use the FortiDDoS MIB for access to traffic port statistics.
    2. Go to System > SNMP and configure the SNMP agent and traps for system events.
    Before you begin:
    • On the SNMP manager, you must verify that the SNMP manager is a member of the community to which the FortiDDoS-F system belongs, and compile the necessary Fortinet Technologies Inc.-proprietary management information blocks (MIBs) and Fortinet Technologies Inc.-supported standard MIBs.
    • In the FortiDDoS interface settings, you must enable SNMP access on the network interface through which the SNMP manager connects.
    • You must have Read-Write permission for System settings.
    To configure SNMP system information:
    1. Go to System > SNMP > Config tab.
    2. Click Threshold.
    3. Complete the configuration as described in the following tables.
    4. Save the configuration.

    SNMP Threshold settings for system event reporting

    Settings Guidelines
    CPU

    The system records CPU utilization at the Sample Frequency (default, every 30 seconds) and creates an Alert if the Utilization is over the Trigger threshold (default, 80%) the number of times

    determined by the Threshold (default, 3 times) within the Sample Period (default 600 seconds)

    • Trigger—The default is 80% utilization. Minimum = 1% / Maximum = 100%.
    • Threshold—The default is 3, meaning the event is reported when the condition has been triggered 3 times over the sampling period. Minimum = 1 / Maximum = 960.
    • Sample Period—The default is 600 seconds. Minimum = 30 seconds / Maximum = 28800 seconds.
    • Sample Frequency—The default is 30 seconds. Minimum = 30 seconds / Maximum = 100 seconds.
    Memory

    The system records Memory utilization at the Sample Frequency (default, every 30 seconds) and creates an Alert if the Utilization is over the Trigger threshold (default, 80%) the number of times

    determined by the Threshold (default, 3 times) within the Sample Period (default 600 seconds)

    • Trigger—The default is 80% utilization. Minimum = 1% / Maximum = 100%.
    • Threshold—The default is 3, meaning the event is reported when the condition has been triggered 3 times over the sampling period.
    • Sample Period—The default is 600 seconds. Minimum = 30 seconds / Maximum = 28800 seconds.
    • Sample Frequency—The default is 30 seconds. Minimum = 30 seconds / Maximum = 100 seconds.
    Disk (Log disk usage)

    The system records Log Disk utilization at the Sample Frequency (default, every 3600 seconds) and creates an Alert if the Utilization is over the Trigger threshold (default, 90%) the number of times

    determined by the Threshold (default, once) within the Sample Period (default 3600 seconds)

    • Trigger—The default is 90% utilization. Minimum = 1% / Maximum = 100%.
    • Threshold—The default is 1, meaning the event is reported each time the condition is triggered. Minimum = 1 / Maximum = 8.
    • Sample Period—The default is 7200 seconds. Minimum = 3600 seconds / Maximum = 28800 seconds.
    • Sample Frequency—The default is 3600 seconds. Minimum = 3600 seconds / Maximum = 7200 seconds.
    Use similar CLI commands to configure SNMP thresholds:

    config system snmp threshold

    set cpu 1 1 30 30

    set mem 1 3 30 30

    end

    SNMPv1/v2x settings for system event reporting

    Settings Guidelines
    Name Name of the SNMP community to which the FortiDDoS-F system and at least one SNMP manager belongs, such as management.

    You must configure the FortiDDoS-F system to belong to at least one SNMP community so that community’s SNMP managers can query system information and receive SNMP traps. You can add up to three SNMP communities. Each community can have a different configuration for queries and traps, and the set of events that trigger a trap. You can also add the IP addresses of up to eight SNMP managers to each community to designate the destination of traps and which IP addresses are permitted to query the FortiDDoS-F system.

    Name can be up to 35 characters long and contain only letters (a-z, A-Z), numbers, hyphens ( - ) and underscores ( _ ).
    Status Select to enable the configuration.

    Restrict Hosts

    Enable to allow restricted Hosts below.

    Note: The initial configuration must be saved and reopened in order to add Hosts when this option is enabled.
    Queries Port number on which the system listens for SNMP queries from the SNMP managers in this community. The default is 161.
    Enable queries for SNMP v1, SNMP v2c, or both. SNMP v3 Query settings are available under User tab.
    Traps Source (Local) port number and destination (Remote) port number for trap packets sent to SNMP managers in this community. The default is 162. SNMP v3 Trap settings are available under User tab.

    Enable traps for SNMP v1, SNMP v2c, or both.
    See SNMP traps and conditions.
    SNMP Event Select to enable SNMP event reporting for the following thresholds:

    • CPU—CPU usage has exceeded the Threshold set above (default 80%).
    • Memory—Memory (RAM) usage has exceeded the Threshold set above.
    • Disk—Disk space usage for the log partition or disk has exceeded the Threshold set above.
    Hosts IP address of the SNMP manager to receive traps and be permitted to query the FortiDDoS system. SNMP managers have read-only access. You can add up to 8 SNMP managers to each community.

    Caution: The system sends security-sensitive traps, which should be sent only over a trusted network, and only to administrative equipment.

    To configure SNMPv1/v2 with CLI:

    config system snmp community

    edit 1

    set name public

    set status enable

    set queryv1-status enable

    set trapv1-status enable

    config host

    edit 1

    set ip <ip address>

    next

    edit 2

    set ip <ip address>

    next

    end

    next

    end

    SNMP v3 settings for system event reporting

    Settings Guidelines
    Name User name that the SNMP Manager uses to communicate with the SNMP Agent. After you initially save the configuration, you cannot edit the name.
    Name can be up to 35 characters long and contain only letters (a-z, A-Z), numbers, hyphens ( - ) and underscores ( _ ).
    Status Enable/disable the configuration.

    Restrict Hosts

    Enable to allow restricted Hosts below.

    Note: The initial configuration must be saved and reopened in order to add Hosts when this option is enabled.
    Security Level
    • No Auth And No Privacy—Do not require authentication or encryption.
    • Auth But No Privacy—Authentication based on MD5 or SHA algorithms. Select an algorithm and specify a password.
    • Auth And Privacy—Authentication based on MD5 or SHA algorithms, and encryption based on AES or DES algorithms. Select an Auth Algorithm and specify an Auth Password; and select a Private Algorithm and specify a Private Password.
    Query Port number on which the system listens for SNMP v3 queries from the SNMP managers for this user. The default is 161. Enable queries for SNMP v3.
    Traps Source (Local) port number and destination (Remote) port number for SNMP v3 trap packets sent to SNMP managers for this user. The default is 162. Enable traps for SNMP v3.
    See SNMP traps and conditions.
    Events Select to enable SNMP event reporting for the following thresholds:
    • CPU—CPU usage has exceeded the Threshold set above (default 80%).
    • Memory—Memory (RAM) usage has exceeded the Threshold set above.
    • Disk—Disk space usage for the log partition or disk has exceeded the Threshold set above.
    Hosts IP Address—Subnet address for the SNMP manager to receive traps and be permitted to query the FortiDDoS system. SNMP managers have read-only access. You can add up to 8 SNMP managers to each community.

    Caution: The system sends security-sensitive traps, which should be sent only over a trusted network, and only to administrative equipment.
    Restrict Hosts Checkbox Host Configured Host SNMP Query Restrictions Trap Receivers Comments
    Enabled No No restrictions (any host) None
    Yes Restricted to configured hosts (up to 8) Sent to configured Hosts (up to 8) Managers and Trap receivers must be shared
    Disabled No No restrictions None
    Yes No restrictions Sent to configured Hosts (up to 8)

    System SNMP traps and conditions

    SNMP traps Conditions
    Power supply failure In dual power supply systems, one supply has failed.
    Cold restart System reboots due to power supply cycle.
    Warm restart User reboots the system.
    Link down Data port goes down.
    Link UP Data port comes up.
    IP change Management port IP is changed.
    CPU usage CPU usage goes above the configured threshold. See SNMP Thresholds above.
    Memory usage Memory usage goes above the configured threshold. See SNMP Thresholds above.
    Disk usage Disk usage goes above the configured threshold. See SNMP Thresholds above.

    Use similar CLI commands to configure SNMP user:

    config system snmp user

    edit 1

    set name bob

    set status enable

    set security-level authnopriv

    set auth-proto sha1

    set auth-pwd <password>

    set query-status enable

    set trap-status enable

    config host

    edit 1

    set ip <ip address>

    next

    edit 2

    set ip <ip address>

    next

    end

    next

    end
    Previous
    Next

    Configuring SNMP for remote alarm event trap reporting and MIB queries

    Configuring SNMP for remote alarm event trap reporting and MIB queries

    An SNMP community is a grouping of equipment for network monitoring purposes. The FortiDDoS-F SNMP agent does not respond to SNMP managers whose query packets do not contain a matching community name. Similarly, trap packets from the FortiDDoS-F agent include community name, and an SNMP manager might not accept the trap if its community name does not match.

    Fortinet Technologies Inc. strongly recommends that you do not add FortiDDoS-F to the community named public. This popular default name is well-known, and attackers that gain access to your network will often try this name first.

    This page describes setup of the FortiDDoS SNMP agent for SNMP MIB Queries and alarm Traps. Refer to the list of SNMP traps and conditions.

    For setup of Attack Log traps, please refer to Configuring SNMP trap receivers for remote DDoS attack reporting.

    Test both traps and queries (assuming you have enabled both). Traps and queries typically occur on different port numbers, and therefore verifying one does not necessarily verify that the other is also functional.

    To test queries, from your SNMP manager, query the FortiDDoS appliance. To test traps, cause one of the events that should trigger a trap.

    SNMP MIB Interface Statistics (IF-MIB)

    The standard IF-MIB is suitable only for the Mgmt ports on FortiDDoS since the FortiDDoS traffic ports have no IP addresses.

    If you wish to poll for status and traffic information on the traffic ports, import the FORTNET-FORTIDDOS-MIB and look for the fddPorts folder as shown in the image below.

    This MIB also includes the full list of Attack trap information available.
    Basic steps:
    1. Add the Fortinet and FortiDDoS MIBs to your SNMP manager.
      See Appendix C: Management Information Base (MIB).
      Note: Most users automatically use MIB II when looking for interface traffic statistics. FortiDDoS traffic ports do not support IP addresses so they do not conform to MIB II. Only the Management Ports can be polled by MIB II Queries. Use the FortiDDoS MIB for access to traffic port statistics.
    2. Go to System > SNMP and configure the SNMP agent and traps for system events.
    Before you begin:
    • On the SNMP manager, you must verify that the SNMP manager is a member of the community to which the FortiDDoS-F system belongs, and compile the necessary Fortinet Technologies Inc.-proprietary management information blocks (MIBs) and Fortinet Technologies Inc.-supported standard MIBs.
    • In the FortiDDoS interface settings, you must enable SNMP access on the network interface through which the SNMP manager connects.
    • You must have Read-Write permission for System settings.
    To configure SNMP system information:
    1. Go to System > SNMP > Config tab.
    2. Click Threshold.
    3. Complete the configuration as described in the following tables.
    4. Save the configuration.

    SNMP Threshold settings for system event reporting

    Settings Guidelines
    CPU

    The system records CPU utilization at the Sample Frequency (default, every 30 seconds) and creates an Alert if the Utilization is over the Trigger threshold (default, 80%) the number of times

    determined by the Threshold (default, 3 times) within the Sample Period (default 600 seconds)

    • Trigger—The default is 80% utilization. Minimum = 1% / Maximum = 100%.
    • Threshold—The default is 3, meaning the event is reported when the condition has been triggered 3 times over the sampling period. Minimum = 1 / Maximum = 960.
    • Sample Period—The default is 600 seconds. Minimum = 30 seconds / Maximum = 28800 seconds.
    • Sample Frequency—The default is 30 seconds. Minimum = 30 seconds / Maximum = 100 seconds.
    Memory

    The system records Memory utilization at the Sample Frequency (default, every 30 seconds) and creates an Alert if the Utilization is over the Trigger threshold (default, 80%) the number of times

    determined by the Threshold (default, 3 times) within the Sample Period (default 600 seconds)

    • Trigger—The default is 80% utilization. Minimum = 1% / Maximum = 100%.
    • Threshold—The default is 3, meaning the event is reported when the condition has been triggered 3 times over the sampling period.
    • Sample Period—The default is 600 seconds. Minimum = 30 seconds / Maximum = 28800 seconds.
    • Sample Frequency—The default is 30 seconds. Minimum = 30 seconds / Maximum = 100 seconds.
    Disk (Log disk usage)

    The system records Log Disk utilization at the Sample Frequency (default, every 3600 seconds) and creates an Alert if the Utilization is over the Trigger threshold (default, 90%) the number of times

    determined by the Threshold (default, once) within the Sample Period (default 3600 seconds)

    • Trigger—The default is 90% utilization. Minimum = 1% / Maximum = 100%.
    • Threshold—The default is 1, meaning the event is reported each time the condition is triggered. Minimum = 1 / Maximum = 8.
    • Sample Period—The default is 7200 seconds. Minimum = 3600 seconds / Maximum = 28800 seconds.
    • Sample Frequency—The default is 3600 seconds. Minimum = 3600 seconds / Maximum = 7200 seconds.
    Use similar CLI commands to configure SNMP thresholds:

    config system snmp threshold

    set cpu 1 1 30 30

    set mem 1 3 30 30

    end

    SNMPv1/v2x settings for system event reporting

    Settings Guidelines
    Name Name of the SNMP community to which the FortiDDoS-F system and at least one SNMP manager belongs, such as management.

    You must configure the FortiDDoS-F system to belong to at least one SNMP community so that community’s SNMP managers can query system information and receive SNMP traps. You can add up to three SNMP communities. Each community can have a different configuration for queries and traps, and the set of events that trigger a trap. You can also add the IP addresses of up to eight SNMP managers to each community to designate the destination of traps and which IP addresses are permitted to query the FortiDDoS-F system.

    Name can be up to 35 characters long and contain only letters (a-z, A-Z), numbers, hyphens ( - ) and underscores ( _ ).
    Status Select to enable the configuration.

    Restrict Hosts

    Enable to allow restricted Hosts below.

    Note: The initial configuration must be saved and reopened in order to add Hosts when this option is enabled.
    Queries Port number on which the system listens for SNMP queries from the SNMP managers in this community. The default is 161.
    Enable queries for SNMP v1, SNMP v2c, or both. SNMP v3 Query settings are available under User tab.
    Traps Source (Local) port number and destination (Remote) port number for trap packets sent to SNMP managers in this community. The default is 162. SNMP v3 Trap settings are available under User tab.

    Enable traps for SNMP v1, SNMP v2c, or both.
    See SNMP traps and conditions.
    SNMP Event Select to enable SNMP event reporting for the following thresholds:

    • CPU—CPU usage has exceeded the Threshold set above (default 80%).
    • Memory—Memory (RAM) usage has exceeded the Threshold set above.
    • Disk—Disk space usage for the log partition or disk has exceeded the Threshold set above.
    Hosts IP address of the SNMP manager to receive traps and be permitted to query the FortiDDoS system. SNMP managers have read-only access. You can add up to 8 SNMP managers to each community.

    Caution: The system sends security-sensitive traps, which should be sent only over a trusted network, and only to administrative equipment.

    To configure SNMPv1/v2 with CLI:

    config system snmp community

    edit 1

    set name public

    set status enable

    set queryv1-status enable

    set trapv1-status enable

    config host

    edit 1

    set ip <ip address>

    next

    edit 2

    set ip <ip address>

    next

    end

    next

    end

    SNMP v3 settings for system event reporting

    Settings Guidelines
    Name User name that the SNMP Manager uses to communicate with the SNMP Agent. After you initially save the configuration, you cannot edit the name.
    Name can be up to 35 characters long and contain only letters (a-z, A-Z), numbers, hyphens ( - ) and underscores ( _ ).
    Status Enable/disable the configuration.

    Restrict Hosts

    Enable to allow restricted Hosts below.

    Note: The initial configuration must be saved and reopened in order to add Hosts when this option is enabled.
    Security Level
    • No Auth And No Privacy—Do not require authentication or encryption.
    • Auth But No Privacy—Authentication based on MD5 or SHA algorithms. Select an algorithm and specify a password.
    • Auth And Privacy—Authentication based on MD5 or SHA algorithms, and encryption based on AES or DES algorithms. Select an Auth Algorithm and specify an Auth Password; and select a Private Algorithm and specify a Private Password.
    Query Port number on which the system listens for SNMP v3 queries from the SNMP managers for this user. The default is 161. Enable queries for SNMP v3.
    Traps Source (Local) port number and destination (Remote) port number for SNMP v3 trap packets sent to SNMP managers for this user. The default is 162. Enable traps for SNMP v3.
    See SNMP traps and conditions.
    Events Select to enable SNMP event reporting for the following thresholds:
    • CPU—CPU usage has exceeded the Threshold set above (default 80%).
    • Memory—Memory (RAM) usage has exceeded the Threshold set above.
    • Disk—Disk space usage for the log partition or disk has exceeded the Threshold set above.
    Hosts IP Address—Subnet address for the SNMP manager to receive traps and be permitted to query the FortiDDoS system. SNMP managers have read-only access. You can add up to 8 SNMP managers to each community.

    Caution: The system sends security-sensitive traps, which should be sent only over a trusted network, and only to administrative equipment.
    Restrict Hosts Checkbox Host Configured Host SNMP Query Restrictions Trap Receivers Comments
    Enabled No No restrictions (any host) None
    Yes Restricted to configured hosts (up to 8) Sent to configured Hosts (up to 8) Managers and Trap receivers must be shared
    Disabled No No restrictions None
    Yes No restrictions Sent to configured Hosts (up to 8)

    System SNMP traps and conditions

    SNMP traps Conditions
    Power supply failure In dual power supply systems, one supply has failed.
    Cold restart System reboots due to power supply cycle.
    Warm restart User reboots the system.
    Link down Data port goes down.
    Link UP Data port comes up.
    IP change Management port IP is changed.
    CPU usage CPU usage goes above the configured threshold. See SNMP Thresholds above.
    Memory usage Memory usage goes above the configured threshold. See SNMP Thresholds above.
    Disk usage Disk usage goes above the configured threshold. See SNMP Thresholds above.

    Use similar CLI commands to configure SNMP user:

    config system snmp user

    edit 1

    set name bob

    set status enable

    set security-level authnopriv

    set auth-proto sha1

    set auth-pwd <password>

    set query-status enable

    set trap-status enable

    config host

    edit 1

    set ip <ip address>

    next

    edit 2

    set ip <ip address>

    next

    end

    next

    end
    Previous
    Next