Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    7.4.5
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config system snmp user

    config system snmp user

    SNMP user configuration.

    config system snmp user
    Description: SNMP user configuration.
    edit <name>
        set auth-proto [md5|sha|...]
        set auth-pwd {password}
        set events {option1}, {option2}, ...
        set ha-direct [enable|disable]
        set mib-view {string}
        set notify-hosts {ipv4-address}
        set notify-hosts6 {ipv6-address}
        set priv-proto [aes|des|...]
        set priv-pwd {password}
        set queries [enable|disable]
        set query-port {integer}
        set security-level [no-auth-no-priv|auth-no-priv|...]
        set source-ip {ipv4-address}
        set source-ipv6 {ipv6-address}
        set status [enable|disable]
        set trap-lport {integer}
        set trap-rport {integer}
        set trap-status [enable|disable]
        set vdoms <name1>, <name2>, ...
    next
end

    config system snmp user

    Parameter

    Description

    Type

    Size

    Default

    auth-proto

    Authentication protocol.

    option

    -

    sha

    Option

    Description

    md5

    HMAC-MD5-96 authentication protocol.

    sha

    HMAC-SHA-96 authentication protocol.

    sha224

    HMAC-SHA224 authentication protocol.

    sha256

    HMAC-SHA256 authentication protocol.

    sha384

    HMAC-SHA384 authentication protocol.

    sha512

    HMAC-SHA512 authentication protocol.

    auth-pwd

    Password for authentication protocol.

    password

    Not Specified

    events

    SNMP notifications (traps) to send.

    option

    -

    cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open temperature-high voltage-alert power-supply faz-disconnect faz fan-failure wc-ap-up wc-ap-down fswctl-session-up fswctl-session-down load-balance-real-server-down per-cpu-high dhcp pool-usage ospf-nbr-state-change ospf-virtnbr-state-change **

    Option

    Description

    cpu-high

    Send a trap when CPU usage is high.

    mem-low

    Send a trap when used memory is high, free memory is low, or freeable memory is high.

    log-full

    Send a trap when log disk space becomes low.

    intf-ip

    Send a trap when an interface IP address is changed.

    vpn-tun-up

    Send a trap when a VPN tunnel comes up.

    vpn-tun-down

    Send a trap when a VPN tunnel goes down.

    ha-switch

    Send a trap after an HA failover when the backup unit has taken over.

    ha-hb-failure

    Send a trap when HA heartbeats are not received.

    ips-signature

    Send a trap when IPS detects an attack.

    ips-anomaly

    Send a trap when IPS finds an anomaly.

    av-virus

    Send a trap when AntiVirus finds a virus.

    av-oversize

    Send a trap when AntiVirus finds an oversized file.

    av-pattern

    Send a trap when AntiVirus finds file matching pattern.

    av-fragmented

    Send a trap when AntiVirus finds a fragmented file.

    fm-if-change

    Send a trap when FortiManager interface changes. Send a FortiManager trap.

    fm-conf-change

    Send a trap when a configuration change is made by a FortiGate administrator and the FortiGate is managed by FortiManager.

    bgp-established

    Send a trap when a BGP FSM transitions to the established state.

    bgp-backward-transition

    Send a trap when a BGP FSM goes from a high numbered state to a lower numbered state.

    ha-member-up

    Send a trap when an HA cluster member goes up.

    ha-member-down

    Send a trap when an HA cluster member goes down.

    ent-conf-change

    Send a trap when an entity MIB change occurs (RFC4133).

    av-conserve

    Send a trap when the FortiGate enters conserve mode.

    av-bypass

    Send a trap when the FortiGate enters bypass mode.

    av-oversize-passed

    Send a trap when AntiVirus passes an oversized file.

    av-oversize-blocked

    Send a trap when AntiVirus blocks an oversized file.

    ips-pkg-update

    Send a trap when the IPS signature database or engine is updated.

    ips-fail-open

    Send a trap when the IPS network buffer is full.

    temperature-high

    Send a trap when a temperature sensor registers a temperature that is too high.

    voltage-alert

    Send a trap when a voltage sensor registers a voltage that is outside of the normal range.

    power-supply

    Send a trap when a power supply fails or restores.

    faz-disconnect

    Send a trap when a FortiAnalyzer disconnects from the FortiGate.

    faz

    Send a trap when Fortianalyzer main server failover and alternate server take over, or alternate server failover and main server take over.

    fan-failure

    Send a trap when a fan fails.

    wc-ap-up

    Send a trap when a managed FortiAP comes up.

    wc-ap-down

    Send a trap when a managed FortiAP goes down.

    fswctl-session-up

    Send a trap when a FortiSwitch controller session comes up.

    fswctl-session-down

    Send a trap when a FortiSwitch controller session goes down.

    load-balance-real-server-down

    Send a trap when a server load balance real server goes down.

    device-new

    Send a trap when a new device is found.

    per-cpu-high

    Send a trap when per-CPU usage is high.

    dhcp

    Send a trap when the DHCP server exhausts the IP pool, an IP address already is in use, or a DHCP client interface received a DHCP-NAK.

    pool-usage

    Send a trap about ippool usage.

    ospf-nbr-state-change

    Send a trap when there has been a change in the state of a non-virtual OSPF neighbor.

    ospf-virtnbr-state-change

    Send a trap when there has been a change in the state of an OSPF virtual neighbor.

    ha-direct

    Enable/disable direct management of HA cluster members.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    mib-view

    SNMP access control MIB view.

    string

    Maximum length: 32

    name

    SNMP user name.

    string

    Maximum length: 32

    notify-hosts

    SNMP managers to send notifications (traps) to.

    ipv4-address

    Not Specified

    notify-hosts6

    IPv6 SNMP managers to send notifications (traps) to.

    ipv6-address

    Not Specified

    priv-proto

    Privacy (encryption) protocol.

    option

    -

    aes

    Option

    Description

    aes

    CFB128-AES-128 symmetric encryption protocol.

    des

    CBC-DES symmetric encryption protocol.

    aes256

    CFB128-AES-256 symmetric encryption protocol.

    aes256cisco

    CFB128-AES-256 symmetric encryption protocol compatible with CISCO.

    priv-pwd

    Password for privacy (encryption) protocol.

    password

    Not Specified

    queries

    Enable/disable SNMP queries for this user.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    query-port

    SNMPv3 query port.

    integer

    Minimum value: 1 Maximum value: 65535

    161

    security-level

    Security level for message authentication and encryption.

    option

    -

    no-auth-no-priv

    Option

    Description

    no-auth-no-priv

    Message with no authentication and no privacy (encryption).

    auth-no-priv

    Message with authentication but no privacy (encryption).

    auth-priv

    Message with authentication and privacy (encryption).

    source-ip

    Source IP for SNMP trap.

    ipv4-address

    Not Specified

    0.0.0.0

    source-ipv6

    Source IPv6 for SNMP trap.

    ipv6-address

    Not Specified

    ::

    status

    Enable/disable this SNMP user.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    trap-lport

    SNMPv3 local trap port.

    integer

    Minimum value: 1 Maximum value: 65535

    162

    trap-rport

    SNMPv3 trap remote port.

    integer

    Minimum value: 1 Maximum value: 65535

    162

    trap-status

    Enable/disable traps for this SNMP user.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    vdoms <name>

    SNMP access control VDOMs.

    VDOM name.

    string

    Maximum length: 79

    ** Values may differ between models.

    Previous
    Next

    config system snmp user

    config system snmp user

    SNMP user configuration.

    config system snmp user
    Description: SNMP user configuration.
    edit <name>
        set auth-proto [md5|sha|...]
        set auth-pwd {password}
        set events {option1}, {option2}, ...
        set ha-direct [enable|disable]
        set mib-view {string}
        set notify-hosts {ipv4-address}
        set notify-hosts6 {ipv6-address}
        set priv-proto [aes|des|...]
        set priv-pwd {password}
        set queries [enable|disable]
        set query-port {integer}
        set security-level [no-auth-no-priv|auth-no-priv|...]
        set source-ip {ipv4-address}
        set source-ipv6 {ipv6-address}
        set status [enable|disable]
        set trap-lport {integer}
        set trap-rport {integer}
        set trap-status [enable|disable]
        set vdoms <name1>, <name2>, ...
    next
end

    config system snmp user

    Parameter

    Description

    Type

    Size

    Default

    auth-proto

    Authentication protocol.

    option

    -

    sha

    Option

    Description

    md5

    HMAC-MD5-96 authentication protocol.

    sha

    HMAC-SHA-96 authentication protocol.

    sha224

    HMAC-SHA224 authentication protocol.

    sha256

    HMAC-SHA256 authentication protocol.

    sha384

    HMAC-SHA384 authentication protocol.

    sha512

    HMAC-SHA512 authentication protocol.

    auth-pwd

    Password for authentication protocol.

    password

    Not Specified

    events

    SNMP notifications (traps) to send.

    option

    -

    cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open temperature-high voltage-alert power-supply faz-disconnect faz fan-failure wc-ap-up wc-ap-down fswctl-session-up fswctl-session-down load-balance-real-server-down per-cpu-high dhcp pool-usage ospf-nbr-state-change ospf-virtnbr-state-change **

    Option

    Description

    cpu-high

    Send a trap when CPU usage is high.

    mem-low

    Send a trap when used memory is high, free memory is low, or freeable memory is high.

    log-full

    Send a trap when log disk space becomes low.

    intf-ip

    Send a trap when an interface IP address is changed.

    vpn-tun-up

    Send a trap when a VPN tunnel comes up.

    vpn-tun-down

    Send a trap when a VPN tunnel goes down.

    ha-switch

    Send a trap after an HA failover when the backup unit has taken over.

    ha-hb-failure

    Send a trap when HA heartbeats are not received.

    ips-signature

    Send a trap when IPS detects an attack.

    ips-anomaly

    Send a trap when IPS finds an anomaly.

    av-virus

    Send a trap when AntiVirus finds a virus.

    av-oversize

    Send a trap when AntiVirus finds an oversized file.

    av-pattern

    Send a trap when AntiVirus finds file matching pattern.

    av-fragmented

    Send a trap when AntiVirus finds a fragmented file.

    fm-if-change

    Send a trap when FortiManager interface changes. Send a FortiManager trap.

    fm-conf-change

    Send a trap when a configuration change is made by a FortiGate administrator and the FortiGate is managed by FortiManager.

    bgp-established

    Send a trap when a BGP FSM transitions to the established state.

    bgp-backward-transition

    Send a trap when a BGP FSM goes from a high numbered state to a lower numbered state.

    ha-member-up

    Send a trap when an HA cluster member goes up.

    ha-member-down

    Send a trap when an HA cluster member goes down.

    ent-conf-change

    Send a trap when an entity MIB change occurs (RFC4133).

    av-conserve

    Send a trap when the FortiGate enters conserve mode.

    av-bypass

    Send a trap when the FortiGate enters bypass mode.

    av-oversize-passed

    Send a trap when AntiVirus passes an oversized file.

    av-oversize-blocked

    Send a trap when AntiVirus blocks an oversized file.

    ips-pkg-update

    Send a trap when the IPS signature database or engine is updated.

    ips-fail-open

    Send a trap when the IPS network buffer is full.

    temperature-high

    Send a trap when a temperature sensor registers a temperature that is too high.

    voltage-alert

    Send a trap when a voltage sensor registers a voltage that is outside of the normal range.

    power-supply

    Send a trap when a power supply fails or restores.

    faz-disconnect

    Send a trap when a FortiAnalyzer disconnects from the FortiGate.

    faz

    Send a trap when Fortianalyzer main server failover and alternate server take over, or alternate server failover and main server take over.

    fan-failure

    Send a trap when a fan fails.

    wc-ap-up

    Send a trap when a managed FortiAP comes up.

    wc-ap-down

    Send a trap when a managed FortiAP goes down.

    fswctl-session-up

    Send a trap when a FortiSwitch controller session comes up.

    fswctl-session-down

    Send a trap when a FortiSwitch controller session goes down.

    load-balance-real-server-down

    Send a trap when a server load balance real server goes down.

    device-new

    Send a trap when a new device is found.

    per-cpu-high

    Send a trap when per-CPU usage is high.

    dhcp

    Send a trap when the DHCP server exhausts the IP pool, an IP address already is in use, or a DHCP client interface received a DHCP-NAK.

    pool-usage

    Send a trap about ippool usage.

    ospf-nbr-state-change

    Send a trap when there has been a change in the state of a non-virtual OSPF neighbor.

    ospf-virtnbr-state-change

    Send a trap when there has been a change in the state of an OSPF virtual neighbor.

    ha-direct

    Enable/disable direct management of HA cluster members.

    option

    -

    disable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    mib-view

    SNMP access control MIB view.

    string

    Maximum length: 32

    name

    SNMP user name.

    string

    Maximum length: 32

    notify-hosts

    SNMP managers to send notifications (traps) to.

    ipv4-address

    Not Specified

    notify-hosts6

    IPv6 SNMP managers to send notifications (traps) to.

    ipv6-address

    Not Specified

    priv-proto

    Privacy (encryption) protocol.

    option

    -

    aes

    Option

    Description

    aes

    CFB128-AES-128 symmetric encryption protocol.

    des

    CBC-DES symmetric encryption protocol.

    aes256

    CFB128-AES-256 symmetric encryption protocol.

    aes256cisco

    CFB128-AES-256 symmetric encryption protocol compatible with CISCO.

    priv-pwd

    Password for privacy (encryption) protocol.

    password

    Not Specified

    queries

    Enable/disable SNMP queries for this user.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    query-port

    SNMPv3 query port.

    integer

    Minimum value: 1 Maximum value: 65535

    161

    security-level

    Security level for message authentication and encryption.

    option

    -

    no-auth-no-priv

    Option

    Description

    no-auth-no-priv

    Message with no authentication and no privacy (encryption).

    auth-no-priv

    Message with authentication but no privacy (encryption).

    auth-priv

    Message with authentication and privacy (encryption).

    source-ip

    Source IP for SNMP trap.

    ipv4-address

    Not Specified

    0.0.0.0

    source-ipv6

    Source IPv6 for SNMP trap.

    ipv6-address

    Not Specified

    ::

    status

    Enable/disable this SNMP user.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    trap-lport

    SNMPv3 local trap port.

    integer

    Minimum value: 1 Maximum value: 65535

    162

    trap-rport

    SNMPv3 trap remote port.

    integer

    Minimum value: 1 Maximum value: 65535

    162

    trap-status

    Enable/disable traps for this SNMP user.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    vdoms <name>

    SNMP access control VDOMs.

    VDOM name.

    string

    Maximum length: 79

    ** Values may differ between models.

    Previous
    Next