Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiPortal 6.0.1 Administration Guide
    6.0.1
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.8
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.0
    5.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    SNMP v3 users

    SNMP v3 users

    The FortiPortal SNMP v3 implementation includes support for queries, traps, authentication, and privacy. SNMP v3 users can be created, edited, and deleted as required.

    To create an SNMP user, use the following CLI syntax:

    config system snmp user

    edit <name>

    set auth-proto {md5 | sha}

    set auth-pwd <passwd>

    set security-level {auth-no-priv | auth-priv | no-auth-no-priv}

    set notify-hosts <ipv4_address>

    set priv-proto {aes | des}

    set priv-pwd <passwd>

    set queries {enable | disable}

    set query-port <integer>

    set events <events_list>

    end

    end

    Variable

    Description

    <name>

    Enter an SNMPv3 user name.

    auth-proto {md5 | sha}

    Authentication protocol. The security level must be set to auth-no-priv or auth-priv to use this variable. The following options are available:

    • md5: HMAC-MD5-96 authentication protocol.
    • sha: HMAC-SHA-96 authentication protocol .

    auth-pwd <passwd>

    Password for the authentication protocol. The security level must be set to auth-no-priv or auth-priv to use this variable.

    security-level {auth-no-priv | auth-priv | no-auth-no-priv}

    Security level for message authentication and encryption. The following options are available:

    • auth-no-priv: Message with authentication but no privacy (encryption).
    • auth-priv: Message with authentication and privacy (encryption).
    • no-auth-no-priv: Message with no authentication and no privacy (encryption) (default).

    notify-hosts <ipv4_address>

    The IP address or addresses of the host.

    priv-proto {aes | des}

    Privacy (encryption) protocol. The security level must be set to auth-no-priv or auth-priv to use this variable. The following options are available:

    • aes: CFB128-AES-128 symmetric encryption protocol
    • des: CBC-DES symmetric encryption protocol

    priv-pwd <passwd>

    Password for the privacy (encryption) protocol. The security level must be set to auth-no-priv or auth-priv to use this variable.

    queries {enable | disable}

    Enable/disable queries for this user. Default: enable.

    query-port <integer>

    SNMPv3 query port.

    Default: 161.

    Range: 1 to 65535.

    events <events_list>

    Enable the events that will cause SNMP traps to be sent to the SNMP manager.

    • cpu-high-exclude-nice: CPU usage exclude nice threshold.
    • cpu_high: The CPU usage is too high.
    • disk_low: The log disk is getting close to being full.
    • ha_switch: A new unit has become the primary HA.
    • intf_ip_chg: An interface IP address has changed.
    • lic-dev-quota: High licensed device quota detected.
    • lic-gbday: High licensed log GB/Day detected.
    • log-alert: Log base alert message.
    • log-data-rate: High incoming log data rate detected.
    • log-rate: High incoming log rate detected.
    • mem_low: The available memory is low.
    • raid_changed: RAID status changed.
    • sys_reboot: The FortiManager unit has rebooted.

    Default: All events enabled.

    Note: The raid_changed event is only available for devices which support RAID.

    Having set up the SNMP agent, communities, and users, you can test the configuration by using the following command:

    snmputil get <your_fpc_ip> SNMP_Com1 .1.3.6.1.2.1.1.5.0 where SNMP_Com1 is the name of the community you have set up.

    Previous
    Next

    SNMP v3 users

    SNMP v3 users

    The FortiPortal SNMP v3 implementation includes support for queries, traps, authentication, and privacy. SNMP v3 users can be created, edited, and deleted as required.

    To create an SNMP user, use the following CLI syntax:

    config system snmp user

    edit <name>

    set auth-proto {md5 | sha}

    set auth-pwd <passwd>

    set security-level {auth-no-priv | auth-priv | no-auth-no-priv}

    set notify-hosts <ipv4_address>

    set priv-proto {aes | des}

    set priv-pwd <passwd>

    set queries {enable | disable}

    set query-port <integer>

    set events <events_list>

    end

    end

    Variable

    Description

    <name>

    Enter an SNMPv3 user name.

    auth-proto {md5 | sha}

    Authentication protocol. The security level must be set to auth-no-priv or auth-priv to use this variable. The following options are available:

    • md5: HMAC-MD5-96 authentication protocol.
    • sha: HMAC-SHA-96 authentication protocol .

    auth-pwd <passwd>

    Password for the authentication protocol. The security level must be set to auth-no-priv or auth-priv to use this variable.

    security-level {auth-no-priv | auth-priv | no-auth-no-priv}

    Security level for message authentication and encryption. The following options are available:

    • auth-no-priv: Message with authentication but no privacy (encryption).
    • auth-priv: Message with authentication and privacy (encryption).
    • no-auth-no-priv: Message with no authentication and no privacy (encryption) (default).

    notify-hosts <ipv4_address>

    The IP address or addresses of the host.

    priv-proto {aes | des}

    Privacy (encryption) protocol. The security level must be set to auth-no-priv or auth-priv to use this variable. The following options are available:

    • aes: CFB128-AES-128 symmetric encryption protocol
    • des: CBC-DES symmetric encryption protocol

    priv-pwd <passwd>

    Password for the privacy (encryption) protocol. The security level must be set to auth-no-priv or auth-priv to use this variable.

    queries {enable | disable}

    Enable/disable queries for this user. Default: enable.

    query-port <integer>

    SNMPv3 query port.

    Default: 161.

    Range: 1 to 65535.

    events <events_list>

    Enable the events that will cause SNMP traps to be sent to the SNMP manager.

    • cpu-high-exclude-nice: CPU usage exclude nice threshold.
    • cpu_high: The CPU usage is too high.
    • disk_low: The log disk is getting close to being full.
    • ha_switch: A new unit has become the primary HA.
    • intf_ip_chg: An interface IP address has changed.
    • lic-dev-quota: High licensed device quota detected.
    • lic-gbday: High licensed log GB/Day detected.
    • log-alert: Log base alert message.
    • log-data-rate: High incoming log data rate detected.
    • log-rate: High incoming log rate detected.
    • mem_low: The available memory is low.
    • raid_changed: RAID status changed.
    • sys_reboot: The FortiManager unit has rebooted.

    Default: All events enabled.

    Note: The raid_changed event is only available for devices which support RAID.

    Having set up the SNMP agent, communities, and users, you can test the configuration by using the following command:

    snmputil get <your_fpc_ip> SNMP_Com1 .1.3.6.1.2.1.1.5.0 where SNMP_Com1 is the name of the community you have set up.

    Previous
    Next