Fortinet white logo
Fortinet white logo

Administration Guide

SNMP v3 users

SNMP v3 users

The FortiPortal SNMP v3 implementation includes support for queries, traps, authentication, and privacy. SNMP v3 users can be created, edited, and deleted as required.

To create an SNMP user, use the following CLI syntax:

config system snmp user

edit <name>

set auth-proto {md5 | sha}

set auth-pwd <passwd>

set security-level {auth-no-priv | auth-priv | no-auth-no-priv}

set notify-hosts <ipv4_address>

set priv-proto {aes | des}

set priv-pwd <passwd>

set queries {enable | disable}

set query-port <integer>

set events <events_list>

end

end

Variable

Description

<name>

Enter an SNMPv3 user name.

auth-proto {md5 | sha}

Authentication protocol. The security level must be set to auth-no-priv or auth-priv to use this variable. The following options are available:

  • md5: HMAC-MD5-96 authentication protocol.
  • sha: HMAC-SHA-96 authentication protocol .

auth-pwd <passwd>

Password for the authentication protocol. The security level must be set to auth-no-priv or auth-priv to use this variable.

security-level {auth-no-priv | auth-priv | no-auth-no-priv}

Security level for message authentication and encryption. The following options are available:

  • auth-no-priv: Message with authentication but no privacy (encryption).
  • auth-priv: Message with authentication and privacy (encryption).
  • no-auth-no-priv: Message with no authentication and no privacy (encryption) (default).

notify-hosts <ipv4_address>

The IP address or addresses of the host.

priv-proto {aes | des}

Privacy (encryption) protocol. The security level must be set to auth-no-priv or auth-priv to use this variable. The following options are available:

  • aes: CFB128-AES-128 symmetric encryption protocol
  • des: CBC-DES symmetric encryption protocol

priv-pwd <passwd>

Password for the privacy (encryption) protocol. The security level must be set to auth-no-priv or auth-priv to use this variable.

queries {enable | disable}

Enable/disable queries for this user. Default: enable.

query-port <integer>

SNMPv3 query port.

Default: 161.

Range: 1 to 65535.

events <events_list>

Enable the events that will cause SNMP traps to be sent to the SNMP manager.

  • cpu-high-exclude-nice: CPU usage exclude nice threshold.
  • cpu_high: The CPU usage is too high.
  • disk_low: The log disk is getting close to being full.
  • ha_switch: A new unit has become the HA master.
  • intf_ip_chg: An interface IP address has changed.
  • lic-dev-quota: High licensed device quota detected.
  • lic-gbday: High licensed log GB/Day detected.
  • log-alert: Log base alert message.
  • log-data-rate: High incoming log data rate detected.
  • log-rate: High incoming log rate detected.
  • mem_low: The available memory is low.
  • raid_changed: RAID status changed.
  • sys_reboot: The FortiManager unit has rebooted.

Default: All events enabled.

Note: The raid_changed event is only available for devices which support RAID.

Having set up the SNMP agent, communities, and users, you can test the configuration by using the following command:

snmputil get <your_fpc_ip> SNMP_Com1 .1.3.6.1.2.1.1.5.0 where SNMP_Com1 is the name of the community you have set up.

SNMP v3 users

SNMP v3 users

The FortiPortal SNMP v3 implementation includes support for queries, traps, authentication, and privacy. SNMP v3 users can be created, edited, and deleted as required.

To create an SNMP user, use the following CLI syntax:

config system snmp user

edit <name>

set auth-proto {md5 | sha}

set auth-pwd <passwd>

set security-level {auth-no-priv | auth-priv | no-auth-no-priv}

set notify-hosts <ipv4_address>

set priv-proto {aes | des}

set priv-pwd <passwd>

set queries {enable | disable}

set query-port <integer>

set events <events_list>

end

end

Variable

Description

<name>

Enter an SNMPv3 user name.

auth-proto {md5 | sha}

Authentication protocol. The security level must be set to auth-no-priv or auth-priv to use this variable. The following options are available:

  • md5: HMAC-MD5-96 authentication protocol.
  • sha: HMAC-SHA-96 authentication protocol .

auth-pwd <passwd>

Password for the authentication protocol. The security level must be set to auth-no-priv or auth-priv to use this variable.

security-level {auth-no-priv | auth-priv | no-auth-no-priv}

Security level for message authentication and encryption. The following options are available:

  • auth-no-priv: Message with authentication but no privacy (encryption).
  • auth-priv: Message with authentication and privacy (encryption).
  • no-auth-no-priv: Message with no authentication and no privacy (encryption) (default).

notify-hosts <ipv4_address>

The IP address or addresses of the host.

priv-proto {aes | des}

Privacy (encryption) protocol. The security level must be set to auth-no-priv or auth-priv to use this variable. The following options are available:

  • aes: CFB128-AES-128 symmetric encryption protocol
  • des: CBC-DES symmetric encryption protocol

priv-pwd <passwd>

Password for the privacy (encryption) protocol. The security level must be set to auth-no-priv or auth-priv to use this variable.

queries {enable | disable}

Enable/disable queries for this user. Default: enable.

query-port <integer>

SNMPv3 query port.

Default: 161.

Range: 1 to 65535.

events <events_list>

Enable the events that will cause SNMP traps to be sent to the SNMP manager.

  • cpu-high-exclude-nice: CPU usage exclude nice threshold.
  • cpu_high: The CPU usage is too high.
  • disk_low: The log disk is getting close to being full.
  • ha_switch: A new unit has become the HA master.
  • intf_ip_chg: An interface IP address has changed.
  • lic-dev-quota: High licensed device quota detected.
  • lic-gbday: High licensed log GB/Day detected.
  • log-alert: Log base alert message.
  • log-data-rate: High incoming log data rate detected.
  • log-rate: High incoming log rate detected.
  • mem_low: The available memory is low.
  • raid_changed: RAID status changed.
  • sys_reboot: The FortiManager unit has rebooted.

Default: All events enabled.

Note: The raid_changed event is only available for devices which support RAID.

Having set up the SNMP agent, communities, and users, you can test the configuration by using the following command:

snmputil get <your_fpc_ip> SNMP_Com1 .1.3.6.1.2.1.1.5.0 where SNMP_Com1 is the name of the community you have set up.