Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

system snmp user

Use this command to configure SNMP v3 user settings.

SNMP v3 adds more security by using authentication and privacy encryption. You can specify an SNMP v3 user on FortiMail so that SNMP managers can connect to the FortiMail unit to view system information and receive SNMP traps.

Syntax

config system snmp user

edit <user_name>

set query-status {enable | disable}

set query-port <port_number>

set security-level {authnopriv | authpriv | noauthnopriv}

set auth-proto {sha1 | md5}

set aut-pwd <password>

set status {enable | disable}

set trap-status {enable | disable}

set trapevent {cpu | deferred-queue | ha | ip-change | logdisk | mem | raid | remote-storage | spam | system | virus}

set trapport-local <port_number>

set trapport-remote <port_number>

config host

edit <host_no>

set ip <class_ip>

end

end

Variable

Description

Default

<user_name>

Enter a name to identify the SNMP user on FortiMail.

 

query-status {enable | disable}

Enable to allow SNMP v3 query from the SNMP managers. Also configure the query port as described below.

disable

query-port <port_number>

Specify the port number used to listen to queries from the SNMP manager.

161

security-level {authnopriv | authpriv | noauthnopriv}

Choose one of the three security levels for the communication between FortiMail and the SNMP manager.

  • noauthnotpriv (no authentication, no privacy): This option is similar to SNMP v1 and v2.
  • authnopriv (authentication, no privacy): This option enables authentication only. The SNMP manager needs to supply a password that matches the password you specify on FortiMail. You must also specify the authentication protocol (either SHA1 or MD5).
  • authpriv (authentication, privacy): This option enables both authentication and encryption. You must specify the protocols and passwords. Both the protocols and passwords on the SNMP manager and FortiMail must match.

 

auth-proto {sha1 | md5}

Specify the authentication protocol if you choose authentication for the security level. Otherwise, this option is not displayed.

 

aut-pwd <password>

Specify the authentication password if you choose authentication for the security level. Otherwise, this option is not displayed.

 

status {enable | disable}

Enable or disable the SNMP v3 user on FortiMail.

disable

trap-status {enable | disable}

Enable to activate traps on FortiMail.

disable

trapevent {cpu | deferred-queue | ha | ip-change | logdisk | mem | raid | remote-storage | spam | system | virus}

Enter one or more of the following events that will generate a trap when the event occurs or when its threshold is reached:

  • cpu: CPU usage threshold
  • deferred-queue: Deferred queue threshold
  • ha: High availability (HA) event
  • ip-change: Interface IP address change
  • logdisk: Log disk space low threshold
  • maildisk: Mail disk space low threshold
  • mem: Memory low threshold
  • raid: RAID event
  • remote-storage: NAS storage related events
  • spam: Spam threshold
  • system: System events, such as a change in the state of hardware, power failure and so on.
  • virus: Virus threshold

Note: Since FortiMail checks its status in a scheduled interval, not all the events will trigger traps. For example, FortiMail checks its hardware status every 60 seconds. This means that if the power is off for a few seconds but is back on before the next status check, no system event trap will be sent.

To set SNMP trap thresholds for the event types that use them, see system snmp threshold.

Events apply only when traps are enabled in .

cpu

deferred-queue

ha

logdisk

maildisk

mem

raid

remote-storage

system

trapport-local <port_number>

Enter the local port number for sending traps.

162

trapport-remote <port_number>

Enter the remote port number that listens to SNMP traps on the SNMP manager.

162

<host_no>

Enter an index number for the SNMP manager.

 

ip <class_ip>

Enter the IP address of the SNMP manager.

 

Related topics

system snmp community

system snmp sysinfo

system snmp user

Use this command to configure SNMP v3 user settings.

SNMP v3 adds more security by using authentication and privacy encryption. You can specify an SNMP v3 user on FortiMail so that SNMP managers can connect to the FortiMail unit to view system information and receive SNMP traps.

Syntax

config system snmp user

edit <user_name>

set query-status {enable | disable}

set query-port <port_number>

set security-level {authnopriv | authpriv | noauthnopriv}

set auth-proto {sha1 | md5}

set aut-pwd <password>

set status {enable | disable}

set trap-status {enable | disable}

set trapevent {cpu | deferred-queue | ha | ip-change | logdisk | mem | raid | remote-storage | spam | system | virus}

set trapport-local <port_number>

set trapport-remote <port_number>

config host

edit <host_no>

set ip <class_ip>

end

end

Variable

Description

Default

<user_name>

Enter a name to identify the SNMP user on FortiMail.

 

query-status {enable | disable}

Enable to allow SNMP v3 query from the SNMP managers. Also configure the query port as described below.

disable

query-port <port_number>

Specify the port number used to listen to queries from the SNMP manager.

161

security-level {authnopriv | authpriv | noauthnopriv}

Choose one of the three security levels for the communication between FortiMail and the SNMP manager.

  • noauthnotpriv (no authentication, no privacy): This option is similar to SNMP v1 and v2.
  • authnopriv (authentication, no privacy): This option enables authentication only. The SNMP manager needs to supply a password that matches the password you specify on FortiMail. You must also specify the authentication protocol (either SHA1 or MD5).
  • authpriv (authentication, privacy): This option enables both authentication and encryption. You must specify the protocols and passwords. Both the protocols and passwords on the SNMP manager and FortiMail must match.

 

auth-proto {sha1 | md5}

Specify the authentication protocol if you choose authentication for the security level. Otherwise, this option is not displayed.

 

aut-pwd <password>

Specify the authentication password if you choose authentication for the security level. Otherwise, this option is not displayed.

 

status {enable | disable}

Enable or disable the SNMP v3 user on FortiMail.

disable

trap-status {enable | disable}

Enable to activate traps on FortiMail.

disable

trapevent {cpu | deferred-queue | ha | ip-change | logdisk | mem | raid | remote-storage | spam | system | virus}

Enter one or more of the following events that will generate a trap when the event occurs or when its threshold is reached:

  • cpu: CPU usage threshold
  • deferred-queue: Deferred queue threshold
  • ha: High availability (HA) event
  • ip-change: Interface IP address change
  • logdisk: Log disk space low threshold
  • maildisk: Mail disk space low threshold
  • mem: Memory low threshold
  • raid: RAID event
  • remote-storage: NAS storage related events
  • spam: Spam threshold
  • system: System events, such as a change in the state of hardware, power failure and so on.
  • virus: Virus threshold

Note: Since FortiMail checks its status in a scheduled interval, not all the events will trigger traps. For example, FortiMail checks its hardware status every 60 seconds. This means that if the power is off for a few seconds but is back on before the next status check, no system event trap will be sent.

To set SNMP trap thresholds for the event types that use them, see system snmp threshold.

Events apply only when traps are enabled in .

cpu

deferred-queue

ha

logdisk

maildisk

mem

raid

remote-storage

system

trapport-local <port_number>

Enter the local port number for sending traps.

162

trapport-remote <port_number>

Enter the remote port number that listens to SNMP traps on the SNMP manager.

162

<host_no>

Enter an index number for the SNMP manager.

 

ip <class_ip>

Enter the IP address of the SNMP manager.

 

Related topics

system snmp community

system snmp sysinfo