Fortinet black logo

Cookbook

SNMP v3 users

Copy Link
Copy Doc ID af0e75e9-211f-11ea-9384-00505692583a:457149
Download PDF

SNMP v3 users

Authentication is used to ensure the identity of users. Privacy allows for encryption of SNMP v3 messages to ensure confidentiality of data. These protocols provide a higher level of security than is available in SNMP v1 and v2c, which use community strings for security. Both authentication and privacy are optional.

To create a n SNMP v3 user in the GUI:

  1. Go to System > SNMP.
  2. In the SNMP v3 table, click Create New.

  3. Enter a Use Name and enable the user.
  4. In the Security Level section, configure the security level:
    • No Authentication: No authentication or encryption.
    • Authentication: Select the authentication algorithm and password.
    • Authentication and Private: Select both the authentication and encryption algorithms and password.
  5. In the Hosts section, enter the IP Address for each SNMP manager.
  6. In the Queries section, enable or disable queries, then enter the port number that the SNMP managers use for them.
  7. In the Traps section, enable or disable traps, then enter the local and remote port numbers that the SNMP managers use for them.
  8. In the SNMP Events section, enable or disable the events that activate traps.
  9. Click OK.

To create an SNMP v3 user in the CLI:

config system snmp user
    edit <user>
        set status {enable | disable}
        set trap-status {enable | disable}
        set trap-lport <port_number>
        set trap-rport <port_number>
        set queries {enable | disable}
        set query-port <port_number>
        set notify-hosts <class_ip> ... <class_ip>
        set source-ip <class_ip>
        set ha-direct {enable | disable}
        set events <events>
        set security-level {no-auth-no-priv | auth-no-priv | auth-priv}
        set auth-proto {md5 | sha}
        set auth-pwd <password>
        set prive-proto {aes | des | aes256 | aes256cisco}
        set priv-pwd <password>
    next
end

SNMP v3 users

Authentication is used to ensure the identity of users. Privacy allows for encryption of SNMP v3 messages to ensure confidentiality of data. These protocols provide a higher level of security than is available in SNMP v1 and v2c, which use community strings for security. Both authentication and privacy are optional.

To create a n SNMP v3 user in the GUI:

  1. Go to System > SNMP.
  2. In the SNMP v3 table, click Create New.

  3. Enter a Use Name and enable the user.
  4. In the Security Level section, configure the security level:
    • No Authentication: No authentication or encryption.
    • Authentication: Select the authentication algorithm and password.
    • Authentication and Private: Select both the authentication and encryption algorithms and password.
  5. In the Hosts section, enter the IP Address for each SNMP manager.
  6. In the Queries section, enable or disable queries, then enter the port number that the SNMP managers use for them.
  7. In the Traps section, enable or disable traps, then enter the local and remote port numbers that the SNMP managers use for them.
  8. In the SNMP Events section, enable or disable the events that activate traps.
  9. Click OK.

To create an SNMP v3 user in the CLI:

config system snmp user
    edit <user>
        set status {enable | disable}
        set trap-status {enable | disable}
        set trap-lport <port_number>
        set trap-rport <port_number>
        set queries {enable | disable}
        set query-port <port_number>
        set notify-hosts <class_ip> ... <class_ip>
        set source-ip <class_ip>
        set ha-direct {enable | disable}
        set events <events>
        set security-level {no-auth-no-priv | auth-no-priv | auth-priv}
        set auth-proto {md5 | sha}
        set auth-pwd <password>
        set prive-proto {aes | des | aes256 | aes256cisco}
        set priv-pwd <password>
    next
end