Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config system snmp user

SNMP user configuration.

config system snmp user

Description: SNMP user configuration.

edit <name>

set status [enable|disable]

set trap-status [enable|disable]

set trap-lport {integer}

set trap-rport {integer}

set queries [enable|disable]

set query-port {integer}

set notify-hosts {ipv4-address}

set notify-hosts6 {ipv6-address}

set source-ip {ipv4-address}

set source-ipv6 {ipv6-address}

set ha-direct [enable|disable]

set events {option1}, {option2}, ...

set security-level [no-auth-no-priv|auth-no-priv|...]

set auth-proto [md5|sha|...]

set auth-pwd {password}

set priv-proto [aes|des|...]

set priv-pwd {password}

next

end

config system snmp user

Parameter

Description

Type

Size

Default

status

Enable/disable this SNMP user.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

trap-status

Enable/disable traps for this SNMP user.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

trap-lport

SNMPv3 local trap port (default = 162).

integer

Minimum value: 0 Maximum value: 65535

162

trap-rport

SNMPv3 trap remote port (default = 162).

integer

Minimum value: 0 Maximum value: 65535

162

queries

Enable/disable SNMP queries for this user.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

query-port

SNMPv3 query port (default = 161).

integer

Minimum value: 0 Maximum value: 65535

161

notify-hosts

SNMP managers to send notifications (traps) to.

ipv4-address

Not Specified

notify-hosts6

IPv6 SNMP managers to send notifications (traps) to.

ipv6-address

Not Specified

source-ip

Source IP for SNMP trap.

ipv4-address

Not Specified

0.0.0.0

source-ipv6

Source IPv6 for SNMP trap.

ipv6-address

Not Specified

::

ha-direct

Enable/disable direct management of HA cluster members.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

events

SNMP notifications (traps) to send.

option

-

cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open temperature-high voltage-alert power-supply-failure faz-disconnect fan-failure wc-ap-up wc-ap-down fswctl-session-up fswctl-session-down load-balance-real-server-down per-cpu-high dhcp

 

Option

Description

cpu-high

Send a trap when CPU usage is high.

mem-low

Send a trap when available memory is low.

log-full

Send a trap when log disk space becomes low.

intf-ip

Send a trap when an interface IP address is changed.

vpn-tun-up

Send a trap when a VPN tunnel comes up.

vpn-tun-down

Send a trap when a VPN tunnel goes down.

ha-switch

Send a trap after an HA failover when the backup unit has taken over.

ha-hb-failure

Send a trap when HA heartbeats are not received.

ips-signature

Send a trap when IPS detects an attack.

ips-anomaly

Send a trap when IPS finds an anomaly.

av-virus

Send a trap when AntiVirus finds a virus.

av-oversize

Send a trap when AntiVirus finds an oversized file.

av-pattern

Send a trap when AntiVirus finds file matching pattern.

av-fragmented

Send a trap when AntiVirus finds a fragmented file.

fm-if-change

Send a trap when FortiManager interface changes. Send a FortiManager trap.

fm-conf-change

Send a trap when a configuration change is made by a FortiGate administrator and the FortiGate is managed by FortiManager.

bgp-established

Send a trap when a BGP FSM transitions to the established state.

bgp-backward-transition

Send a trap when a BGP FSM goes from a high numbered state to a lower numbered state.

ha-member-up

Send a trap when an HA cluster member goes up.

ha-member-down

Send a trap when an HA cluster member goes down.

ent-conf-change

Send a trap when an entity MIB change occurs (RFC4133).

av-conserve

Send a trap when the FortiGate enters conserve mode.

av-bypass

Send a trap when the FortiGate enters bypass mode.

av-oversize-passed

Send a trap when AntiVirus passes an oversized file.

av-oversize-blocked

Send a trap when AntiVirus blocks an oversized file.

ips-pkg-update

Send a trap when the IPS signature database or engine is updated.

ips-fail-open

Send a trap when the IPS network buffer is full.

temperature-high

Send a trap when a temperature sensor registers a temperature that is too high.

voltage-alert

Send a trap when a voltage sensor registers a voltage that is outside of the normal range.

power-supply-failure

Send a trap when a power supply fails.

faz-disconnect

Send a trap when a FortiAnalyzer disconnects from the FortiGate.

fan-failure

Send a trap when a fan fails.

wc-ap-up

Send a trap when a managed FortiAP comes up.

wc-ap-down

Send a trap when a managed FortiAP goes down.

fswctl-session-up

Send a trap when a FortiSwitch controller session comes up.

fswctl-session-down

Send a trap when a FortiSwitch controller session goes down.

load-balance-real-server-down

Send a trap when a server load balance real server goes down.

device-new

Send a trap when a new device is found.

per-cpu-high

Send a trap when per-CPU usage is high.

dhcp

Send a trap when the DHCP server exhausts the IP pool, an IP address already is in use, or a DHCP client interface received a DHCP-NAK.

security-level

Security level for message authentication and encryption.

option

-

no-auth-no-priv

 

Option

Description

no-auth-no-priv

Message with no authentication and no privacy (encryption).

auth-no-priv

Message with authentication but no privacy (encryption).

auth-priv

Message with authentication and privacy (encryption).

auth-proto

Authentication protocol.

option

-

sha

 

Option

Description

md5

HMAC-MD5-96 authentication protocol.

sha

HMAC-SHA-96 authentication protocol.

sha224

HMAC-SHA224 authentication protocol.

sha256

HMAC-SHA256 authentication protocol.

sha384

HMAC-SHA384 authentication protocol.

sha512

HMAC-SHA512 authentication protocol.

auth-pwd

Password for authentication protocol.

password

Not Specified

priv-proto

Privacy (encryption) protocol.

option

-

aes

 

Option

Description

aes

CFB128-AES-128 symmetric encryption protocol.

des

CBC-DES symmetric encryption protocol.

aes256

CFB128-AES-256 symmetric encryption protocol.

aes256cisco

CFB128-AES-256 symmetric encryption protocol compatible with CISCO.

priv-pwd

Password for privacy (encryption) protocol.

password

Not Specified

config system snmp user

SNMP user configuration.

config system snmp user

Description: SNMP user configuration.

edit <name>

set status [enable|disable]

set trap-status [enable|disable]

set trap-lport {integer}

set trap-rport {integer}

set queries [enable|disable]

set query-port {integer}

set notify-hosts {ipv4-address}

set notify-hosts6 {ipv6-address}

set source-ip {ipv4-address}

set source-ipv6 {ipv6-address}

set ha-direct [enable|disable]

set events {option1}, {option2}, ...

set security-level [no-auth-no-priv|auth-no-priv|...]

set auth-proto [md5|sha|...]

set auth-pwd {password}

set priv-proto [aes|des|...]

set priv-pwd {password}

next

end

config system snmp user

Parameter

Description

Type

Size

Default

status

Enable/disable this SNMP user.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

trap-status

Enable/disable traps for this SNMP user.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

trap-lport

SNMPv3 local trap port (default = 162).

integer

Minimum value: 0 Maximum value: 65535

162

trap-rport

SNMPv3 trap remote port (default = 162).

integer

Minimum value: 0 Maximum value: 65535

162

queries

Enable/disable SNMP queries for this user.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

query-port

SNMPv3 query port (default = 161).

integer

Minimum value: 0 Maximum value: 65535

161

notify-hosts

SNMP managers to send notifications (traps) to.

ipv4-address

Not Specified

notify-hosts6

IPv6 SNMP managers to send notifications (traps) to.

ipv6-address

Not Specified

source-ip

Source IP for SNMP trap.

ipv4-address

Not Specified

0.0.0.0

source-ipv6

Source IPv6 for SNMP trap.

ipv6-address

Not Specified

::

ha-direct

Enable/disable direct management of HA cluster members.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

events

SNMP notifications (traps) to send.

option

-

cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open temperature-high voltage-alert power-supply-failure faz-disconnect fan-failure wc-ap-up wc-ap-down fswctl-session-up fswctl-session-down load-balance-real-server-down per-cpu-high dhcp

 

Option

Description

cpu-high

Send a trap when CPU usage is high.

mem-low

Send a trap when available memory is low.

log-full

Send a trap when log disk space becomes low.

intf-ip

Send a trap when an interface IP address is changed.

vpn-tun-up

Send a trap when a VPN tunnel comes up.

vpn-tun-down

Send a trap when a VPN tunnel goes down.

ha-switch

Send a trap after an HA failover when the backup unit has taken over.

ha-hb-failure

Send a trap when HA heartbeats are not received.

ips-signature

Send a trap when IPS detects an attack.

ips-anomaly

Send a trap when IPS finds an anomaly.

av-virus

Send a trap when AntiVirus finds a virus.

av-oversize

Send a trap when AntiVirus finds an oversized file.

av-pattern

Send a trap when AntiVirus finds file matching pattern.

av-fragmented

Send a trap when AntiVirus finds a fragmented file.

fm-if-change

Send a trap when FortiManager interface changes. Send a FortiManager trap.

fm-conf-change

Send a trap when a configuration change is made by a FortiGate administrator and the FortiGate is managed by FortiManager.

bgp-established

Send a trap when a BGP FSM transitions to the established state.

bgp-backward-transition

Send a trap when a BGP FSM goes from a high numbered state to a lower numbered state.

ha-member-up

Send a trap when an HA cluster member goes up.

ha-member-down

Send a trap when an HA cluster member goes down.

ent-conf-change

Send a trap when an entity MIB change occurs (RFC4133).

av-conserve

Send a trap when the FortiGate enters conserve mode.

av-bypass

Send a trap when the FortiGate enters bypass mode.

av-oversize-passed

Send a trap when AntiVirus passes an oversized file.

av-oversize-blocked

Send a trap when AntiVirus blocks an oversized file.

ips-pkg-update

Send a trap when the IPS signature database or engine is updated.

ips-fail-open

Send a trap when the IPS network buffer is full.

temperature-high

Send a trap when a temperature sensor registers a temperature that is too high.

voltage-alert

Send a trap when a voltage sensor registers a voltage that is outside of the normal range.

power-supply-failure

Send a trap when a power supply fails.

faz-disconnect

Send a trap when a FortiAnalyzer disconnects from the FortiGate.

fan-failure

Send a trap when a fan fails.

wc-ap-up

Send a trap when a managed FortiAP comes up.

wc-ap-down

Send a trap when a managed FortiAP goes down.

fswctl-session-up

Send a trap when a FortiSwitch controller session comes up.

fswctl-session-down

Send a trap when a FortiSwitch controller session goes down.

load-balance-real-server-down

Send a trap when a server load balance real server goes down.

device-new

Send a trap when a new device is found.

per-cpu-high

Send a trap when per-CPU usage is high.

dhcp

Send a trap when the DHCP server exhausts the IP pool, an IP address already is in use, or a DHCP client interface received a DHCP-NAK.

security-level

Security level for message authentication and encryption.

option

-

no-auth-no-priv

 

Option

Description

no-auth-no-priv

Message with no authentication and no privacy (encryption).

auth-no-priv

Message with authentication but no privacy (encryption).

auth-priv

Message with authentication and privacy (encryption).

auth-proto

Authentication protocol.

option

-

sha

 

Option

Description

md5

HMAC-MD5-96 authentication protocol.

sha

HMAC-SHA-96 authentication protocol.

sha224

HMAC-SHA224 authentication protocol.

sha256

HMAC-SHA256 authentication protocol.

sha384

HMAC-SHA384 authentication protocol.

sha512

HMAC-SHA512 authentication protocol.

auth-pwd

Password for authentication protocol.

password

Not Specified

priv-proto

Privacy (encryption) protocol.

option

-

aes

 

Option

Description

aes

CFB128-AES-128 symmetric encryption protocol.

des

CBC-DES symmetric encryption protocol.

aes256

CFB128-AES-256 symmetric encryption protocol.

aes256cisco

CFB128-AES-256 symmetric encryption protocol compatible with CISCO.

priv-pwd

Password for privacy (encryption) protocol.

password

Not Specified