Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

SNMP user configuration.

  config system snmp user
      Description: SNMP user configuration.
      edit <name>
          set status [enable|disable]
          set trap-status [enable|disable]
          set trap-lport {integer}
          set trap-rport {integer}
          set queries [enable|disable]
          set query-port {integer}
          set notify-hosts {ipv4-address}
          set notify-hosts6 {ipv6-address}
          set source-ip {ipv4-address}
          set source-ipv6 {ipv6-address}
          set ha-direct [enable|disable]
          set events {option1}, {option2}, ...
          set security-level [no-auth-no-priv|auth-no-priv|...]
          set auth-proto [md5|sha]
          set auth-pwd {password}
          set priv-proto [aes|des|...]
          set priv-pwd {password}
      next
  end

config system snmp user

Parameter Name Description Type Size
status Enable/disable this SNMP user.
enable: Enable setting.
disable: Disable setting.
option -
trap-status Enable/disable traps for this SNMP user.
enable: Enable setting.
disable: Disable setting.
option -
trap-lport SNMPv3 local trap port (default = 162). integer Minimum value: 0 Maximum value: 65535
trap-rport SNMPv3 trap remote port (default = 162). integer Minimum value: 0 Maximum value: 65535
queries Enable/disable SNMP queries for this user.
enable: Enable setting.
disable: Disable setting.
option -
query-port SNMPv3 query port (default = 161). integer Minimum value: 0 Maximum value: 65535
notify-hosts SNMP managers to send notifications (traps) to. ipv4-address Not Specified
notify-hosts6 IPv6 SNMP managers to send notifications (traps) to. ipv6-address Not Specified
source-ip Source IP for SNMP trap. ipv4-address Not Specified
source-ipv6 Source IPv6 for SNMP trap. ipv6-address Not Specified
ha-direct Enable/disable direct management of HA cluster members.
enable: Enable setting.
disable: Disable setting.
option -
events SNMP notifications (traps) to send.
cpu-high: Send a trap when CPU usage is high.
mem-low: Send a trap when available memory is low.
log-full: Send a trap when log disk space becomes low.
intf-ip: Send a trap when an interface IP address is changed.
vpn-tun-up: Send a trap when a VPN tunnel comes up.
vpn-tun-down: Send a trap when a VPN tunnel goes down.
ha-switch: Send a trap after an HA failover when the backup unit has taken over.
ha-hb-failure: Send a trap when HA heartbeats are not received.
ips-signature: Send a trap when IPS detects an attack.
ips-anomaly: Send a trap when IPS finds an anomaly.
av-virus: Send a trap when AntiVirus finds a virus.
av-oversize: Send a trap when AntiVirus finds an oversized file.
av-pattern: Send a trap when AntiVirus finds file matching pattern.
av-fragmented: Send a trap when AntiVirus finds a fragmented file.
fm-if-change: Send a trap when FortiManager interface changes. Send a FortiManager trap.
fm-conf-change: Send a trap when a configuration change is made by a FortiGate administrator and the FortiGate is managed by FortiManager.
bgp-established: Send a trap when a BGP FSM transitions to the established state.
bgp-backward-transition: Send a trap when a BGP FSM goes from a high numbered state to a lower numbered state.
ha-member-up: Send a trap when an HA cluster member goes up.
ha-member-down: Send a trap when an HA cluster member goes down.
ent-conf-change: Send a trap when an entity MIB change occurs (RFC4133).
av-conserve: Send a trap when the FortiGate enters conserve mode.
av-bypass: Send a trap when the FortiGate enters bypass mode.
av-oversize-passed: Send a trap when AntiVirus passes an oversized file.
av-oversize-blocked: Send a trap when AntiVirus blocks an oversized file.
ips-pkg-update: Send a trap when the IPS signature database or engine is updated.
ips-fail-open: Send a trap when the IPS network buffer is full.
faz-disconnect: Send a trap when a FortiAnalyzer disconnects from the FortiGate.
wc-ap-up: Send a trap when a managed FortiAP comes up.
wc-ap-down: Send a trap when a managed FortiAP goes down.
fswctl-session-up: Send a trap when a FortiSwitch controller session comes up.
fswctl-session-down: Send a trap when a FortiSwitch controller session goes down.
load-balance-real-server-down: Send a trap when a server load balance real server goes down.
device-new: Send a trap when a new device is found.
per-cpu-high: Send a trap when per-CPU usage is high.
option -
security-level Security level for message authentication and encryption.
no-auth-no-priv: Message with no authentication and no privacy (encryption).
auth-no-priv: Message with authentication but no privacy (encryption).
auth-priv: Message with authentication and privacy (encryption).
option -
auth-proto Authentication protocol.
md5: HMAC-MD5-96 authentication protocol.
sha: HMAC-SHA-96 authentication protocol.
option -
auth-pwd Password for authentication protocol. password Not Specified
priv-proto Privacy (encryption) protocol.
aes: CFB128-AES-128 symmetric encryption protocol.
des: CBC-DES symmetric encryption protocol.
aes256: CFB128-AES-256 symmetric encryption protocol.
aes256cisco: CFB128-AES-256 symmetric encryption protocol compatible with CISCO.
option -
priv-pwd Password for privacy (encryption) protocol. password Not Specified

SNMP user configuration.

  config system snmp user
      Description: SNMP user configuration.
      edit <name>
          set status [enable|disable]
          set trap-status [enable|disable]
          set trap-lport {integer}
          set trap-rport {integer}
          set queries [enable|disable]
          set query-port {integer}
          set notify-hosts {ipv4-address}
          set notify-hosts6 {ipv6-address}
          set source-ip {ipv4-address}
          set source-ipv6 {ipv6-address}
          set ha-direct [enable|disable]
          set events {option1}, {option2}, ...
          set security-level [no-auth-no-priv|auth-no-priv|...]
          set auth-proto [md5|sha]
          set auth-pwd {password}
          set priv-proto [aes|des|...]
          set priv-pwd {password}
      next
  end

config system snmp user

Parameter Name Description Type Size
status Enable/disable this SNMP user.
enable: Enable setting.
disable: Disable setting.
option -
trap-status Enable/disable traps for this SNMP user.
enable: Enable setting.
disable: Disable setting.
option -
trap-lport SNMPv3 local trap port (default = 162). integer Minimum value: 0 Maximum value: 65535
trap-rport SNMPv3 trap remote port (default = 162). integer Minimum value: 0 Maximum value: 65535
queries Enable/disable SNMP queries for this user.
enable: Enable setting.
disable: Disable setting.
option -
query-port SNMPv3 query port (default = 161). integer Minimum value: 0 Maximum value: 65535
notify-hosts SNMP managers to send notifications (traps) to. ipv4-address Not Specified
notify-hosts6 IPv6 SNMP managers to send notifications (traps) to. ipv6-address Not Specified
source-ip Source IP for SNMP trap. ipv4-address Not Specified
source-ipv6 Source IPv6 for SNMP trap. ipv6-address Not Specified
ha-direct Enable/disable direct management of HA cluster members.
enable: Enable setting.
disable: Disable setting.
option -
events SNMP notifications (traps) to send.
cpu-high: Send a trap when CPU usage is high.
mem-low: Send a trap when available memory is low.
log-full: Send a trap when log disk space becomes low.
intf-ip: Send a trap when an interface IP address is changed.
vpn-tun-up: Send a trap when a VPN tunnel comes up.
vpn-tun-down: Send a trap when a VPN tunnel goes down.
ha-switch: Send a trap after an HA failover when the backup unit has taken over.
ha-hb-failure: Send a trap when HA heartbeats are not received.
ips-signature: Send a trap when IPS detects an attack.
ips-anomaly: Send a trap when IPS finds an anomaly.
av-virus: Send a trap when AntiVirus finds a virus.
av-oversize: Send a trap when AntiVirus finds an oversized file.
av-pattern: Send a trap when AntiVirus finds file matching pattern.
av-fragmented: Send a trap when AntiVirus finds a fragmented file.
fm-if-change: Send a trap when FortiManager interface changes. Send a FortiManager trap.
fm-conf-change: Send a trap when a configuration change is made by a FortiGate administrator and the FortiGate is managed by FortiManager.
bgp-established: Send a trap when a BGP FSM transitions to the established state.
bgp-backward-transition: Send a trap when a BGP FSM goes from a high numbered state to a lower numbered state.
ha-member-up: Send a trap when an HA cluster member goes up.
ha-member-down: Send a trap when an HA cluster member goes down.
ent-conf-change: Send a trap when an entity MIB change occurs (RFC4133).
av-conserve: Send a trap when the FortiGate enters conserve mode.
av-bypass: Send a trap when the FortiGate enters bypass mode.
av-oversize-passed: Send a trap when AntiVirus passes an oversized file.
av-oversize-blocked: Send a trap when AntiVirus blocks an oversized file.
ips-pkg-update: Send a trap when the IPS signature database or engine is updated.
ips-fail-open: Send a trap when the IPS network buffer is full.
faz-disconnect: Send a trap when a FortiAnalyzer disconnects from the FortiGate.
wc-ap-up: Send a trap when a managed FortiAP comes up.
wc-ap-down: Send a trap when a managed FortiAP goes down.
fswctl-session-up: Send a trap when a FortiSwitch controller session comes up.
fswctl-session-down: Send a trap when a FortiSwitch controller session goes down.
load-balance-real-server-down: Send a trap when a server load balance real server goes down.
device-new: Send a trap when a new device is found.
per-cpu-high: Send a trap when per-CPU usage is high.
option -
security-level Security level for message authentication and encryption.
no-auth-no-priv: Message with no authentication and no privacy (encryption).
auth-no-priv: Message with authentication but no privacy (encryption).
auth-priv: Message with authentication and privacy (encryption).
option -
auth-proto Authentication protocol.
md5: HMAC-MD5-96 authentication protocol.
sha: HMAC-SHA-96 authentication protocol.
option -
auth-pwd Password for authentication protocol. password Not Specified
priv-proto Privacy (encryption) protocol.
aes: CFB128-AES-128 symmetric encryption protocol.
des: CBC-DES symmetric encryption protocol.
aes256: CFB128-AES-256 symmetric encryption protocol.
aes256cisco: CFB128-AES-256 symmetric encryption protocol compatible with CISCO.
option -
priv-pwd Password for privacy (encryption) protocol. password Not Specified