Fortinet black logo

CLI Reference

system snmp user

system snmp user

Introduction.

config system snmp user
    edit {name}
    # SNMP user configuration.
        set name {string}   SNMP user name. size[32]
        set status {enable | disable}   Enable/disable this SNMP user.
        set trap-status {enable | disable}   Enable/disable traps for this SNMP user.
        set trap-lport {integer}   SNMPv3 local trap port (default = 162). range[0-65535]
        set trap-rport {integer}   SNMPv3 trap remote port (default = 162). range[0-65535]
        set queries {enable | disable}   Enable/disable SNMP queries for this user.
        set query-port {integer}   SNMPv3 query port (default = 161). range[0-65535]
        set notify-hosts {ipv4 address}   SNMP managers to send notifications (traps) to.
        set notify-hosts6 {ipv6 address}   IPv6 SNMP managers to send notifications (traps) to.
        set source-ip {ipv4 address}   Source IP for SNMP trap.
        set source-ipv6 {ipv6 address}   Source IPv6 for SNMP trap.
        set ha-direct {enable | disable}   Enable/disable direct management of HA cluster members.
        set events {option}   SNMP notifications (traps) to send.
                cpu-high                       Send a trap when CPU usage is high.
                mem-low                        Send a trap when available memory is low.
                log-full                       Send a trap when log disk space becomes low.
                intf-ip                        Send a trap when an interface IP address is changed.
                vpn-tun-up                     Send a trap when a VPN tunnel comes up.
                vpn-tun-down                   Send a trap when a VPN tunnel goes down.
                ha-switch                      Send a trap after an HA failover when the backup unit has taken over.
                ha-hb-failure                  Send a trap when HA heartbeats are not received.
                ips-signature                  Send a trap when IPS detects an attack.
                ips-anomaly                    Send a trap when IPS finds an anomaly.
                av-virus                       Send a trap when AntiVirus finds a virus.
                av-oversize                    Send a trap when AntiVirus finds an oversized file.
                av-pattern                     Send a trap when AntiVirus finds file matching pattern.
                av-fragmented                  Send a trap when AntiVirus finds a fragmented file.
                fm-if-change                   Send a trap when FortiManager interface changes. Send a FortiManager trap.
                fm-conf-change                 Send a trap when a configuration change is made by a FortiGate administrator and the FortiGate is managed by FortiManager.
                bgp-established                Send a trap when a BGP FSM transitions to the established state.
                bgp-backward-transition        Send a trap when a BGP FSM goes from a high numbered state to a lower numbered state.
                ha-member-up                   Send a trap when an HA cluster member goes up.
                ha-member-down                 Send a trap when an HA cluster member goes down.
                ent-conf-change                Send a trap when an entity MIB change occurs (RFC4133).
                av-conserve                    Send a trap when the FortiGate enters conserve mode.
                av-bypass                      Send a trap when the FortiGate enters bypass mode.
                av-oversize-passed             Send a trap when AntiVirus passes an oversized file.
                av-oversize-blocked            Send a trap when AntiVirus blocks an oversized file.
                ips-pkg-update                 Send a trap when the IPS signature database or engine is updated.
                ips-fail-open                  Send a trap when the IPS network buffer is full.
                temperature-high               Send a trap when a temperature sensor registers a temperature that is too high.
                voltage-alert                  Send a trap when a voltage sensor registers a voltage that is outside of the normal range.
                power-supply-failure           Send a trap when a power supply fails.
                faz-disconnect                 Send a trap when a FortiAnalyzer disconnects from the FortiGate.
                fan-failure                    Send a trap when a fan fails.
                wc-ap-up                       Send a trap when a managed FortiAP comes up.
                wc-ap-down                     Send a trap when a managed FortiAP goes down.
                fswctl-session-up              Send a trap when a FortiSwitch controller session comes up.
                fswctl-session-down            Send a trap when a FortiSwitch controller session goes down.
                load-balance-real-server-down  Send a trap when a server load balance real server goes down.
                device-new                     Send a trap when a new device is found.
                per-cpu-high                   Send a trap when per-CPU usage is high.
        set security-level {no-auth-no-priv | auth-no-priv | auth-priv}   Security level for message authentication and encryption.
                no-auth-no-priv  Message with no authentication and no privacy (encryption).
                auth-no-priv     Message with authentication but no privacy (encryption).
                auth-priv        Message with authentication and privacy (encryption).
        set auth-proto {md5 | sha}   Authentication protocol.
                md5  HMAC-MD5-96 authentication protocol.
                sha  HMAC-SHA-96 authentication protocol.
        set auth-pwd {password_string}   Password for authentication protocol. size[128]
        set priv-proto {aes | des | aes256 | aes256cisco}   Privacy (encryption) protocol.
                aes          CFB128-AES-128 symmetric encryption protocol.
                des          CBC-DES symmetric encryption protocol.
                aes256       CFB128-AES-256 symmetric encryption protocol.
                aes256cisco  CFB128-AES-256 symmetric encryption protocol compatible with CISCO.
        set priv-pwd {password_string}   Password for privacy (encryption) protocol. size[128]
    next
end

system snmp user

Introduction.

config system snmp user
    edit {name}
    # SNMP user configuration.
        set name {string}   SNMP user name. size[32]
        set status {enable | disable}   Enable/disable this SNMP user.
        set trap-status {enable | disable}   Enable/disable traps for this SNMP user.
        set trap-lport {integer}   SNMPv3 local trap port (default = 162). range[0-65535]
        set trap-rport {integer}   SNMPv3 trap remote port (default = 162). range[0-65535]
        set queries {enable | disable}   Enable/disable SNMP queries for this user.
        set query-port {integer}   SNMPv3 query port (default = 161). range[0-65535]
        set notify-hosts {ipv4 address}   SNMP managers to send notifications (traps) to.
        set notify-hosts6 {ipv6 address}   IPv6 SNMP managers to send notifications (traps) to.
        set source-ip {ipv4 address}   Source IP for SNMP trap.
        set source-ipv6 {ipv6 address}   Source IPv6 for SNMP trap.
        set ha-direct {enable | disable}   Enable/disable direct management of HA cluster members.
        set events {option}   SNMP notifications (traps) to send.
                cpu-high                       Send a trap when CPU usage is high.
                mem-low                        Send a trap when available memory is low.
                log-full                       Send a trap when log disk space becomes low.
                intf-ip                        Send a trap when an interface IP address is changed.
                vpn-tun-up                     Send a trap when a VPN tunnel comes up.
                vpn-tun-down                   Send a trap when a VPN tunnel goes down.
                ha-switch                      Send a trap after an HA failover when the backup unit has taken over.
                ha-hb-failure                  Send a trap when HA heartbeats are not received.
                ips-signature                  Send a trap when IPS detects an attack.
                ips-anomaly                    Send a trap when IPS finds an anomaly.
                av-virus                       Send a trap when AntiVirus finds a virus.
                av-oversize                    Send a trap when AntiVirus finds an oversized file.
                av-pattern                     Send a trap when AntiVirus finds file matching pattern.
                av-fragmented                  Send a trap when AntiVirus finds a fragmented file.
                fm-if-change                   Send a trap when FortiManager interface changes. Send a FortiManager trap.
                fm-conf-change                 Send a trap when a configuration change is made by a FortiGate administrator and the FortiGate is managed by FortiManager.
                bgp-established                Send a trap when a BGP FSM transitions to the established state.
                bgp-backward-transition        Send a trap when a BGP FSM goes from a high numbered state to a lower numbered state.
                ha-member-up                   Send a trap when an HA cluster member goes up.
                ha-member-down                 Send a trap when an HA cluster member goes down.
                ent-conf-change                Send a trap when an entity MIB change occurs (RFC4133).
                av-conserve                    Send a trap when the FortiGate enters conserve mode.
                av-bypass                      Send a trap when the FortiGate enters bypass mode.
                av-oversize-passed             Send a trap when AntiVirus passes an oversized file.
                av-oversize-blocked            Send a trap when AntiVirus blocks an oversized file.
                ips-pkg-update                 Send a trap when the IPS signature database or engine is updated.
                ips-fail-open                  Send a trap when the IPS network buffer is full.
                temperature-high               Send a trap when a temperature sensor registers a temperature that is too high.
                voltage-alert                  Send a trap when a voltage sensor registers a voltage that is outside of the normal range.
                power-supply-failure           Send a trap when a power supply fails.
                faz-disconnect                 Send a trap when a FortiAnalyzer disconnects from the FortiGate.
                fan-failure                    Send a trap when a fan fails.
                wc-ap-up                       Send a trap when a managed FortiAP comes up.
                wc-ap-down                     Send a trap when a managed FortiAP goes down.
                fswctl-session-up              Send a trap when a FortiSwitch controller session comes up.
                fswctl-session-down            Send a trap when a FortiSwitch controller session goes down.
                load-balance-real-server-down  Send a trap when a server load balance real server goes down.
                device-new                     Send a trap when a new device is found.
                per-cpu-high                   Send a trap when per-CPU usage is high.
        set security-level {no-auth-no-priv | auth-no-priv | auth-priv}   Security level for message authentication and encryption.
                no-auth-no-priv  Message with no authentication and no privacy (encryption).
                auth-no-priv     Message with authentication but no privacy (encryption).
                auth-priv        Message with authentication and privacy (encryption).
        set auth-proto {md5 | sha}   Authentication protocol.
                md5  HMAC-MD5-96 authentication protocol.
                sha  HMAC-SHA-96 authentication protocol.
        set auth-pwd {password_string}   Password for authentication protocol. size[128]
        set priv-proto {aes | des | aes256 | aes256cisco}   Privacy (encryption) protocol.
                aes          CFB128-AES-128 symmetric encryption protocol.
                des          CBC-DES symmetric encryption protocol.
                aes256       CFB128-AES-256 symmetric encryption protocol.
                aes256cisco  CFB128-AES-256 symmetric encryption protocol compatible with CISCO.
        set priv-pwd {password_string}   Password for privacy (encryption) protocol. size[128]
    next
end