Fortinet black logo

Administration Guide

Home FortiProxy 7.2.0 Administration Guide
7.2.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

SNMP

SNMP

The Simple Network Management Protocol (SNMP) allows you to monitor hardware on your network. You can configure the hardware, such as the FortiProxy SNMP agent, to report system information and traps.

SNMP traps alert you to events that happen, such as a log disk becoming full, or a virus being detected. These traps are sent to the SNMP managers. An SNMP manager (or host) is typically a computer running an application that can read the incoming traps and event messages from the agent and can send out SNMP queries to the SNMP agents. A FortiManager unit can act as an SNMP manager to one or more FortiProxy units.

By using an SNMP manager, you can access SNMP traps and data from any FortiProxy interface configured for SNMP management access. Part of configuring an SNMP manager is to list it as a host in a community on the FortiProxy unit it will be monitoring. Otherwise, the SNMP monitor will not receive any traps from, and be unable to query, that FortiProxy unit.

When using SNMP, you must also ensure you have added the correct Management Information Base (MIB) files to the unit, regardless of whether or not your SNMP manager already includes standard and private MIBs in a ready-to-use, compiled database. A MIB is a text file that describes a list of SNMP data objects used by the SNMP manager. See Fortinet MIBs for more information.

The FortiProxy SNMP implementation is read-only. SNMP v1, v2c, and v3 compliant SNMP managers have read-only access to FortiProxy system information through queries and can receive trap messages from the unit.

The FortiProxy SNMP v3 implementation includes support for queries, traps, authentication, and privacy. Authentication and encryption are configured in the CLI.

note icon

FortiProxy supports Low crypto (LENC) mode for LENC models.

Before a remote SNMP manager can connect to the FortiProxy agent, you must configure one or more FortiProxy interfaces to accept SNMP connections. Interfaces are configured in Network > Interfaces. See Interfaces.

For security reasons, Fortinet recommends that neither “public” nor “private” be used for SNMP community names.

When the unit is in virtual domain mode, SNMP traps can only be sent on interfaces in the management virtual domain.

If you want to allow SNMP access on an interface, you must go to Network > Interfaces and select SNMP in the Access field in the settings for the interface that you want the SNMP manager to connect to.

For SNMP configuration, go to System > SNMP.

Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

Configure the following settings and select Apply:

Download FortiProxy MIB File

Download the FortiProxy MIB file. See Fortinet MIBs.

Download Fortinet Core MIB File

Download the Fortinet MIB file. See Fortinet MIBs.

SNMP Agent

Enable the FortiProxy SNMP agent. See SNMP agent.

SNMP v1/v2c

Lists the communities for SNMP v1/v2c. From within this section, you can create, edit or remove SNMP communities.

Create New

Creates a new SNMP community. When you select Create New, the New SNMP Community page opens. See Create or edit an SNMP community.

Edit

Modifies settings within an SNMP community. When you click Edit, the Edit SNMP Community page opens.

Delete

Removes an SNMP community from the list.

To remove multiple SNMP communities, select multiple rows in the list by holding down the Ctrl or Shift keys and then select Delete.

Status

Enable or disable the SNMP community.

Community Name

The name of the community.

Queries

Indicates whether queries protocols (v1 and v2c) are enabled or disabled. A check mark indicates that queries are enabled; a gray x indicates that queries are disabled. If one query is disabled and another one enabled, there will still be a check mark.

Traps

Indicates whether trap protocols (v1 and v2c) are enabled or disabled. A check mark indicates that traps are enabled; a gray x indicates that traps are disabled. If one query is disabled and another one enabled, there will still be a check mark.

Hosts

Number of hosts that are part of the SNMP community.

Events

Number of events that have occurred.

Status

Indicates whether the SNMP community is enabled or disabled.

SNMP v3

Lists the SNMP v3 users. From within this section, you can edit, create or remove an SNMP v3 user.

Create New

Creates a new SNMP v3 user. When you select Create New, the Create New SNMP User page opens. See Create or edit an SNMP user.

Edit

Modifies settings within the SNMP v3 user. When you click Edit, the Edit SNMP User page opens.

Delete

Removes an SNMP v3 user from the page.

To remove multiple SNMP v3 users, select multiple rows in the list by holding down the Ctrl or Shift keys and then select Delete.

Status

Enable or disable the SNMP v3 user.

User Name

The name of the SNMP v3 user.

Security Level

The security level of the user.

Queries

Indicates whether queries are enabled or disabled. A green check mark indicates that queries are enabled; a gray x indicates that queries are disabled.

Hosts

Number of hosts.

Events

Number of SNMP events associated with the SNMPv3 user.

Status

Indicates whether the SNMPv3 user is enabled or disabled.
Previous
Next

SNMP

The Simple Network Management Protocol (SNMP) allows you to monitor hardware on your network. You can configure the hardware, such as the FortiProxy SNMP agent, to report system information and traps.

SNMP traps alert you to events that happen, such as a log disk becoming full, or a virus being detected. These traps are sent to the SNMP managers. An SNMP manager (or host) is typically a computer running an application that can read the incoming traps and event messages from the agent and can send out SNMP queries to the SNMP agents. A FortiManager unit can act as an SNMP manager to one or more FortiProxy units.

By using an SNMP manager, you can access SNMP traps and data from any FortiProxy interface configured for SNMP management access. Part of configuring an SNMP manager is to list it as a host in a community on the FortiProxy unit it will be monitoring. Otherwise, the SNMP monitor will not receive any traps from, and be unable to query, that FortiProxy unit.

When using SNMP, you must also ensure you have added the correct Management Information Base (MIB) files to the unit, regardless of whether or not your SNMP manager already includes standard and private MIBs in a ready-to-use, compiled database. A MIB is a text file that describes a list of SNMP data objects used by the SNMP manager. See Fortinet MIBs for more information.

The FortiProxy SNMP implementation is read-only. SNMP v1, v2c, and v3 compliant SNMP managers have read-only access to FortiProxy system information through queries and can receive trap messages from the unit.

The FortiProxy SNMP v3 implementation includes support for queries, traps, authentication, and privacy. Authentication and encryption are configured in the CLI.

note icon

FortiProxy supports Low crypto (LENC) mode for LENC models.

Before a remote SNMP manager can connect to the FortiProxy agent, you must configure one or more FortiProxy interfaces to accept SNMP connections. Interfaces are configured in Network > Interfaces. See Interfaces.

For security reasons, Fortinet recommends that neither “public” nor “private” be used for SNMP community names.

When the unit is in virtual domain mode, SNMP traps can only be sent on interfaces in the management virtual domain.

If you want to allow SNMP access on an interface, you must go to Network > Interfaces and select SNMP in the Access field in the settings for the interface that you want the SNMP manager to connect to.

For SNMP configuration, go to System > SNMP.

Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

Configure the following settings and select Apply:

Download FortiProxy MIB File

Download the FortiProxy MIB file. See Fortinet MIBs.

Download Fortinet Core MIB File

Download the Fortinet MIB file. See Fortinet MIBs.

SNMP Agent

Enable the FortiProxy SNMP agent. See SNMP agent.

SNMP v1/v2c

Lists the communities for SNMP v1/v2c. From within this section, you can create, edit or remove SNMP communities.

Create New

Creates a new SNMP community. When you select Create New, the New SNMP Community page opens. See Create or edit an SNMP community.

Edit

Modifies settings within an SNMP community. When you click Edit, the Edit SNMP Community page opens.

Delete

Removes an SNMP community from the list.

To remove multiple SNMP communities, select multiple rows in the list by holding down the Ctrl or Shift keys and then select Delete.

Status

Enable or disable the SNMP community.

Community Name

The name of the community.

Queries

Indicates whether queries protocols (v1 and v2c) are enabled or disabled. A check mark indicates that queries are enabled; a gray x indicates that queries are disabled. If one query is disabled and another one enabled, there will still be a check mark.

Traps

Indicates whether trap protocols (v1 and v2c) are enabled or disabled. A check mark indicates that traps are enabled; a gray x indicates that traps are disabled. If one query is disabled and another one enabled, there will still be a check mark.

Hosts

Number of hosts that are part of the SNMP community.

Events

Number of events that have occurred.

Status

Indicates whether the SNMP community is enabled or disabled.

SNMP v3

Lists the SNMP v3 users. From within this section, you can edit, create or remove an SNMP v3 user.

Create New

Creates a new SNMP v3 user. When you select Create New, the Create New SNMP User page opens. See Create or edit an SNMP user.

Edit

Modifies settings within the SNMP v3 user. When you click Edit, the Edit SNMP User page opens.

Delete

Removes an SNMP v3 user from the page.

To remove multiple SNMP v3 users, select multiple rows in the list by holding down the Ctrl or Shift keys and then select Delete.

Status

Enable or disable the SNMP v3 user.

User Name

The name of the SNMP v3 user.

Security Level

The security level of the user.

Queries

Indicates whether queries are enabled or disabled. A green check mark indicates that queries are enabled; a gray x indicates that queries are disabled.

Hosts

Number of hosts.

Events

Number of SNMP events associated with the SNMPv3 user.

Status

Indicates whether the SNMPv3 user is enabled or disabled.
Previous
Next