snmp
Use the following commands to configure SNMP related settings.
snmp community
Use this command to configure SNMP communities on your FortiManager unit.
You add SNMP communities so that SNMP managers, typically applications running on computers to monitor SNMP status information, can connect to the FortiManager unit (the SNMP agent) to view system information and receive SNMP traps. SNMP traps are triggered when system events happen such as when there is a system restart, or when the log disk is almost full.
You can add up to three SNMP communities, and each community can have a different configuration for SNMP queries and traps. Each community can be configured to monitor the FortiManager unit for a different set of events.
Hosts are the SNMP managers that make up this SNMP community. Host information includes the IPv4 address and interface that connects it to the FortiManager unit.
For more information on SNMP traps and variables, see the Fortinet Document Library.
Part of configuring an SNMP manager is to list it as a host in a community on the FortiManager unit that it will be monitoring. Otherwise that SNMP manager will not receive any traps or events from the FortiManager unit, and will be unable to query the FortiAnalyzer unit as well. |
Syntax
config system snmp community
edit <index_number>
set events <events_list>
set name <community_name>
set query-v1-port <integer>
set query-v1-status {enable | disable}
set query-v2c-port <integer>
set query-v2c-status {enable | disable}
set status {enable | disable}
set trap-v1-rport <integer>
set trap-v1-status {enable | disable}
set trap-v2c-rport <integer>
set trap-v2c-status {enable | disable}
config hosts
edit <host_number>
set interface <interface_name>
set ip <ipv4_address>
next
config hosts6
edit <host_number>
set interface <interface_name>
set ip <ipv6_address>
end
end
Variable |
Description |
---|---|
<index_number> |
Enter the index number of the community in the SNMP communities table. Enter an unused index number to create a new SNMP community. |
events <events_list> |
Enable the events for which the FortiManager unit should send traps to the SNMP managers in this community (default = All events enabled). The
|
name <community_name> |
Enter the name of the SNMP community. Names can be used to distinguish between the roles of the hosts in the groups. For example the Logging and Reporting group would be interested in the The name is included in SNMPv2c trap packets to the SNMP manager, and is also present in query packets from, the SNMP manager. |
query-v1-port <integer> |
Enter the SNMPv1 query port number used when SNMP managers query the FortiManager unit (1 - 65535, default = 161). |
query-v1-status {enable | disable} |
Enable/disable SNMPv1 queries for this SNMP community (default = enable). |
query-v2c-port <integer> |
Enter the SNMP v2c query port number used when SNMP managers query the FortiManager unit. SNMP v2c queries will include the name of the community (1 - 65535, default = 161). |
query-v2c-status {enable | disable} |
Enable/disable SNMPv2c queries for this SNMP community (default = enable). |
status {enable | disable} |
Enable/disable this SNMP community (default = enable). |
trap-v1-rport <integer> |
Enter the SNMPv1 remote port number used for sending traps to the SNMP managers (1 - 65535, default = 162). |
trap-v1-status {enable | disable} |
Enable/disable SNMPv1 traps for this SNMP community (default = enable). |
trap-v2c-rport <integer> |
Enter the SNMPv2c remote port number used for sending traps to the SNMP managers (1 - 65535, default = 162). |
trap-v2c-status {enable | disable} |
Enable/disable SNMPv2c traps for this SNMP community. SNMP v2c traps sent out to SNMP managers include the community name (default = enable). |
Variables for |
|
<host_number> |
Enter the index number of the host in the table. Enter an unused index number to create a new host. |
interface <interface_name> |
Enter the name of the FortiManager unit that connects to the SNMP manager (default = any). |
ip <ipv4_address> |
Enter the IPv4 address of the SNMP manager. |
Variables for |
|
<host_number> |
Enter the index number of the host in the table. Enter an unused index number to create a new host. |
interface <interface_name> |
Enter the name of the FortiManager unit that connects to the SNMP manager (default = any). |
ip <ipv6_address> |
Enter the IPv6 address of the SNMP manager. |
Example
This example shows how to add a new SNMP community named SNMP_Com1. The default configuration can be used in most cases with only a few modifications. In the example below the community is added, given a name, and then because this community is for an SNMP manager that is SNMP v1 compatible, all v2c functionality is disabled. After the community is configured the SNMP manager, or host, is added. The SNMP manager IPv4 address is 192.168.20.34 and it connects to the FortiManager unit internal interface.
config system snmp community
edit 1
set name SNMP_Com1
set query-v2c-status disable
set trap-v2c-status disable
config hosts
edit 1
set interface internal
set ip 192.168.10.34/24
end
end
snmp sysinfo
Use this command to enable the FortiManager SNMP agent and to enter basic system information used by the SNMP agent. Enter information about the FortiManager unit to identify it. When your SNMP manager receives traps from the FortiManager unit, you will know which unit sent the information. Some SNMP traps indicate high CPU usage, log full, or low memory.
For more information on SNMP traps and variables, see the Fortinet Document Library.
Syntax
config system snmp sysinfo
set contact-info <string>
set description <description>
set engine-id <string>
set location <location>
set status {enable | disable}
set trap-high-cpu-threshold <percentage>
set trap-low-memory-threshold <percentage>
set trap-cpu-high-exclude-nice-threshold <percentage>
end
Variable |
Description |
---|---|
contact-info <string> |
Add the contact information for the person responsible for this FortiManager unit (character limit = 255). |
description <description> |
Add a name or description of the FortiManager unit (character limit = 255). |
engine-id <string> |
Local SNMP engine ID string (character limit = 24). |
location <location> |
Describe the physical location of the FortiManager unit (character limit = 255). |
status {enable | disable} |
Enable/disable the FortiManager SNMP agent (default = disable). |
trap-cpu-high-exclude-nice-threshold <percentage> |
SNMP trap for CPU usage threshold (excluding NICE processes), in percent (default = 80). |
trap-high-cpu-threshold <percentage> |
SNMP trap for CPU usage threshold, in percent (default = 80). |
trap-low-memory-threshold <percentage> |
SNMP trap for memory usage threshold, in percent (default = 80). |
Example
This example shows how to enable the FortiManager SNMP agent and add basic SNMP information.
config system snmp sysinfo
set status enable
set contact-info 'System Admin ext 245'
set description 'Internal network unit'
set location 'Server Room A121'
end
snmp user
Use this command to configure SNMPv3 users on your FortiManager unit. To use SNMPv3, you will first need to enable the FortiManager SNMP agent. For more information, see snmp sysinfo. There should be a corresponding configuration on the SNMP server in order to query to or receive traps from FortiManager.
For more information on SNMP traps and variables, see the Fortinet Document Library.
Syntax
config system snmp user
edit <name>
set auth-proto {md5 | sha | sha224 | sha256 | sha384 | sha512}
set auth-pwd <passwd>
set events <events_list>
set notify-hosts <ipv4_address>
set notify-hosts6 <ipv6_address>
set priv-proto {aes | aes256 | aes256cisco | des}
set priv-pwd <passwd>
set queries {enable | disable}
set query-port <integer>
set security-level {auth-no-priv | auth-priv | no-auth-no-priv}
end
end
Variable |
Description |
---|---|
<name> |
Enter a SNMPv3 user name to add, edit, or delete. |
auth-proto {md5 | sha | sha224 | sha256 | sha384 | sha512} |
Authentication protocol. The security level must be set to
|
auth-pwd <passwd> |
Password for the authentication protocol. The security level must be set to |
events <events_list> |
Enable the events for which the FortiManager unit should send traps to the SNMPv3 managers in this community (default = All events enabled). The
|
notify-hosts <ipv4_address> |
Hosts to send notifications (traps) to. |
notify-hosts6 <ipv6_address> |
Hosts to send notifications (traps) to. |
priv-proto {aes | aes256 | aes256cisco | des} |
Privacy (encryption) protocol. The security level must be set to
|
priv-pwd <passwd> |
Password for the privacy (encryption) protocol. The security level must be set to |
queries {enable | disable} |
Enable/disable queries for this user (default = enable) |
query-port <integer> |
SNMPv3 query port (1 - 65535, default = 161). |
security-level {auth-no-priv | auth-priv | no-auth-no-priv} |
Security level for message authentication and encryption:
|