Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config system snmp community

SNMP community configuration.

config system snmp community

Description: SNMP community configuration.

edit <id>

set name {string}

set status [enable|disable]

config hosts

Description: Configure IPv4 SNMP managers (hosts).

edit <id>

set source-ip {ipv4-address}

set ip {user}

set ha-direct [enable|disable]

set host-type [any|query|...]

next

end

config hosts6

Description: Configure IPv6 SNMP managers.

edit <id>

set source-ipv6 {ipv6-address}

set ipv6 {ipv6-prefix}

set ha-direct [enable|disable]

set host-type [any|query|...]

next

end

set query-v1-status [enable|disable]

set query-v1-port {integer}

set query-v2c-status [enable|disable]

set query-v2c-port {integer}

set trap-v1-status [enable|disable]

set trap-v1-lport {integer}

set trap-v1-rport {integer}

set trap-v2c-status [enable|disable]

set trap-v2c-lport {integer}

set trap-v2c-rport {integer}

set events {option1}, {option2}, ...

next

end

config system snmp community

Parameter

Description

Type

Size

Default

name

Community name.

string

Maximum length: 35

status

Enable/disable this SNMP community.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

query-v1-status

Enable/disable SNMP v1 queries.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

query-v1-port

SNMP v1 query port (default = 161).

integer

Minimum value: 1 Maximum value: 65535

161

query-v2c-status

Enable/disable SNMP v2c queries.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

query-v2c-port

SNMP v2c query port (default = 161).

integer

Minimum value: 0 Maximum value: 65535

161

trap-v1-status

Enable/disable SNMP v1 traps.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

trap-v1-lport

SNMP v1 trap local port (default = 162).

integer

Minimum value: 1 Maximum value: 65535

162

trap-v1-rport

SNMP v1 trap remote port (default = 162).

integer

Minimum value: 1 Maximum value: 65535

162

trap-v2c-status

Enable/disable SNMP v2c traps.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

trap-v2c-lport

SNMP v2c trap local port (default = 162).

integer

Minimum value: 1 Maximum value: 65535

162

trap-v2c-rport

SNMP v2c trap remote port (default = 162).

integer

Minimum value: 1 Maximum value: 65535

162

events

SNMP trap events.

option

-

cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open temperature-high voltage-alert power-supply-failure faz-disconnect fan-failure wc-ap-up wc-ap-down fswctl-session-up fswctl-session-down load-balance-real-server-down per-cpu-high dhcp

 

Option

Description

cpu-high

Send a trap when CPU usage is high.

mem-low

Send a trap when available memory is low.

log-full

Send a trap when log disk space becomes low.

intf-ip

Send a trap when an interface IP address is changed.

vpn-tun-up

Send a trap when a VPN tunnel comes up.

vpn-tun-down

Send a trap when a VPN tunnel goes down.

ha-switch

Send a trap after an HA failover when the backup unit has taken over.

ha-hb-failure

Send a trap when HA heartbeats are not received.

ips-signature

Send a trap when IPS detects an attack.

ips-anomaly

Send a trap when IPS finds an anomaly.

av-virus

Send a trap when AntiVirus finds a virus.

av-oversize

Send a trap when AntiVirus finds an oversized file.

av-pattern

Send a trap when AntiVirus finds file matching pattern.

av-fragmented

Send a trap when AntiVirus finds a fragmented file.

fm-if-change

Send a trap when FortiManager interface changes. Send a FortiManager trap.

fm-conf-change

Send a trap when a configuration change is made by a FortiGate administrator and the FortiGate is managed by FortiManager.

bgp-established

Send a trap when a BGP FSM transitions to the established state.

bgp-backward-transition

Send a trap when a BGP FSM goes from a high numbered state to a lower numbered state.

ha-member-up

Send a trap when an HA cluster member goes up.

ha-member-down

Send a trap when an HA cluster member goes down.

ent-conf-change

Send a trap when an entity MIB change occurs (RFC4133).

av-conserve

Send a trap when the FortiGate enters conserve mode.

av-bypass

Send a trap when the FortiGate enters bypass mode.

av-oversize-passed

Send a trap when AntiVirus passes an oversized file.

av-oversize-blocked

Send a trap when AntiVirus blocks an oversized file.

ips-pkg-update

Send a trap when the IPS signature database or engine is updated.

ips-fail-open

Send a trap when the IPS network buffer is full.

temperature-high

Send a trap when a temperature sensor registers a temperature that is too high.

voltage-alert

Send a trap when a voltage sensor registers a voltage that is outside of the normal range.

power-supply-failure

Send a trap when a power supply fails.

faz-disconnect

Send a trap when a FortiAnalyzer disconnects from the FortiGate.

fan-failure

Send a trap when a fan fails.

wc-ap-up

Send a trap when a managed FortiAP comes up.

wc-ap-down

Send a trap when a managed FortiAP goes down.

fswctl-session-up

Send a trap when a FortiSwitch controller session comes up.

fswctl-session-down

Send a trap when a FortiSwitch controller session goes down.

load-balance-real-server-down

Send a trap when a server load balance real server goes down.

device-new

Send a trap when a new device is found.

per-cpu-high

Send a trap when per-CPU usage is high.

dhcp

Send a trap when the DHCP server exhausts the IP pool, an IP address already is in use, or a DHCP client interface received a DHCP-NAK.

config hosts

Parameter

Description

Type

Size

Default

source-ip

Source IPv4 address for SNMP traps.

ipv4-address

Not Specified

0.0.0.0

ip

IPv4 address of the SNMP manager (host).

user

Not Specified

ha-direct

Enable/disable direct management of HA cluster members.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

host-type

Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. No traps will be sent when IP type is subnet.

option

-

any

 

Option

Description

any

Accept queries from and send traps to this SNMP manager.

query

Accept queries from this SNMP manager but do not send traps.

trap

Send traps to this SNMP manager but do not accept SNMP queries from this SNMP manager.

config hosts6

Parameter

Description

Type

Size

Default

source-ipv6

Source IPv6 address for SNMP traps.

ipv6-address

Not Specified

::

ipv6

SNMP manager IPv6 address prefix.

ipv6-prefix

Not Specified

::/0

ha-direct

Enable/disable direct management of HA cluster members.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

host-type

Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both.

option

-

any

 

Option

Description

any

Accept queries from and send traps to this SNMP manager.

query

Accept queries from this SNMP manager but do not send traps.

trap

Send traps to this SNMP manager but do not accept SNMP queries from this SNMP manager.

config system snmp community

SNMP community configuration.

config system snmp community

Description: SNMP community configuration.

edit <id>

set name {string}

set status [enable|disable]

config hosts

Description: Configure IPv4 SNMP managers (hosts).

edit <id>

set source-ip {ipv4-address}

set ip {user}

set ha-direct [enable|disable]

set host-type [any|query|...]

next

end

config hosts6

Description: Configure IPv6 SNMP managers.

edit <id>

set source-ipv6 {ipv6-address}

set ipv6 {ipv6-prefix}

set ha-direct [enable|disable]

set host-type [any|query|...]

next

end

set query-v1-status [enable|disable]

set query-v1-port {integer}

set query-v2c-status [enable|disable]

set query-v2c-port {integer}

set trap-v1-status [enable|disable]

set trap-v1-lport {integer}

set trap-v1-rport {integer}

set trap-v2c-status [enable|disable]

set trap-v2c-lport {integer}

set trap-v2c-rport {integer}

set events {option1}, {option2}, ...

next

end

config system snmp community

Parameter

Description

Type

Size

Default

name

Community name.

string

Maximum length: 35

status

Enable/disable this SNMP community.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

query-v1-status

Enable/disable SNMP v1 queries.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

query-v1-port

SNMP v1 query port (default = 161).

integer

Minimum value: 1 Maximum value: 65535

161

query-v2c-status

Enable/disable SNMP v2c queries.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

query-v2c-port

SNMP v2c query port (default = 161).

integer

Minimum value: 0 Maximum value: 65535

161

trap-v1-status

Enable/disable SNMP v1 traps.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

trap-v1-lport

SNMP v1 trap local port (default = 162).

integer

Minimum value: 1 Maximum value: 65535

162

trap-v1-rport

SNMP v1 trap remote port (default = 162).

integer

Minimum value: 1 Maximum value: 65535

162

trap-v2c-status

Enable/disable SNMP v2c traps.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

trap-v2c-lport

SNMP v2c trap local port (default = 162).

integer

Minimum value: 1 Maximum value: 65535

162

trap-v2c-rport

SNMP v2c trap remote port (default = 162).

integer

Minimum value: 1 Maximum value: 65535

162

events

SNMP trap events.

option

-

cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open temperature-high voltage-alert power-supply-failure faz-disconnect fan-failure wc-ap-up wc-ap-down fswctl-session-up fswctl-session-down load-balance-real-server-down per-cpu-high dhcp

 

Option

Description

cpu-high

Send a trap when CPU usage is high.

mem-low

Send a trap when available memory is low.

log-full

Send a trap when log disk space becomes low.

intf-ip

Send a trap when an interface IP address is changed.

vpn-tun-up

Send a trap when a VPN tunnel comes up.

vpn-tun-down

Send a trap when a VPN tunnel goes down.

ha-switch

Send a trap after an HA failover when the backup unit has taken over.

ha-hb-failure

Send a trap when HA heartbeats are not received.

ips-signature

Send a trap when IPS detects an attack.

ips-anomaly

Send a trap when IPS finds an anomaly.

av-virus

Send a trap when AntiVirus finds a virus.

av-oversize

Send a trap when AntiVirus finds an oversized file.

av-pattern

Send a trap when AntiVirus finds file matching pattern.

av-fragmented

Send a trap when AntiVirus finds a fragmented file.

fm-if-change

Send a trap when FortiManager interface changes. Send a FortiManager trap.

fm-conf-change

Send a trap when a configuration change is made by a FortiGate administrator and the FortiGate is managed by FortiManager.

bgp-established

Send a trap when a BGP FSM transitions to the established state.

bgp-backward-transition

Send a trap when a BGP FSM goes from a high numbered state to a lower numbered state.

ha-member-up

Send a trap when an HA cluster member goes up.

ha-member-down

Send a trap when an HA cluster member goes down.

ent-conf-change

Send a trap when an entity MIB change occurs (RFC4133).

av-conserve

Send a trap when the FortiGate enters conserve mode.

av-bypass

Send a trap when the FortiGate enters bypass mode.

av-oversize-passed

Send a trap when AntiVirus passes an oversized file.

av-oversize-blocked

Send a trap when AntiVirus blocks an oversized file.

ips-pkg-update

Send a trap when the IPS signature database or engine is updated.

ips-fail-open

Send a trap when the IPS network buffer is full.

temperature-high

Send a trap when a temperature sensor registers a temperature that is too high.

voltage-alert

Send a trap when a voltage sensor registers a voltage that is outside of the normal range.

power-supply-failure

Send a trap when a power supply fails.

faz-disconnect

Send a trap when a FortiAnalyzer disconnects from the FortiGate.

fan-failure

Send a trap when a fan fails.

wc-ap-up

Send a trap when a managed FortiAP comes up.

wc-ap-down

Send a trap when a managed FortiAP goes down.

fswctl-session-up

Send a trap when a FortiSwitch controller session comes up.

fswctl-session-down

Send a trap when a FortiSwitch controller session goes down.

load-balance-real-server-down

Send a trap when a server load balance real server goes down.

device-new

Send a trap when a new device is found.

per-cpu-high

Send a trap when per-CPU usage is high.

dhcp

Send a trap when the DHCP server exhausts the IP pool, an IP address already is in use, or a DHCP client interface received a DHCP-NAK.

config hosts

Parameter

Description

Type

Size

Default

source-ip

Source IPv4 address for SNMP traps.

ipv4-address

Not Specified

0.0.0.0

ip

IPv4 address of the SNMP manager (host).

user

Not Specified

ha-direct

Enable/disable direct management of HA cluster members.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

host-type

Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both. No traps will be sent when IP type is subnet.

option

-

any

 

Option

Description

any

Accept queries from and send traps to this SNMP manager.

query

Accept queries from this SNMP manager but do not send traps.

trap

Send traps to this SNMP manager but do not accept SNMP queries from this SNMP manager.

config hosts6

Parameter

Description

Type

Size

Default

source-ipv6

Source IPv6 address for SNMP traps.

ipv6-address

Not Specified

::

ipv6

SNMP manager IPv6 address prefix.

ipv6-prefix

Not Specified

::/0

ha-direct

Enable/disable direct management of HA cluster members.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

host-type

Control whether the SNMP manager sends SNMP queries, receives SNMP traps, or both.

option

-

any

 

Option

Description

any

Accept queries from and send traps to this SNMP manager.

query

Accept queries from this SNMP manager but do not send traps.

trap

Send traps to this SNMP manager but do not accept SNMP queries from this SNMP manager.