Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSandbox 4.2.3 Administration Guide
    4.2.3
    5.0.0
    4.4.6
    4.4.5
    4.4.4
    4.4.3
    4.4.2
    4.4.1
    4.4.0
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.0.5
    4.0.4
    4.0.3
    4.0.2
    4.0.1
    4.0.0
    3.2.4
    3.2.3
    3.2.2
    3.2.1
    3.2.0
    3.1.5
    3.1.4
    3.1.3
    3.1.2
    3.1.1
    3.1.0
    3.0.7
    3.0.6

    Configuring the SNMP agent

    Configuring the SNMP agent

    The SNMP agent sends SNMP traps that originate on the FortiSandbox system to an external monitoring SNMP manager defined in one of the FortiSandbox SNMP communities. Typically an SNMP manager is an application on a local computer that can read the SNMP traps and generate reports or graphs from them.

    The SNMP manager can monitor the FortiSandbox system to determine if it is operating properly, or if there are any critical events occurring. The description, location, and contact information for this FortiSandbox system will be part of the information an SNMP manager will have. This information is useful if the SNMP manager is monitoring many devices, and it will enable faster responses when the FortiSandbox system requires attention.

    To configure the SNMP agent:
    1. Go to System > SNMP to configure the SNMP agent.
    2. Configure the following settings:

      SNMP Agent

      Select to enable the FortiSandbox SNMP agent. When this is enabled, it sends FortiSandbox SNMP traps.

      Description

      Enter a description of this FortiSandbox system to help uniquely identify this unit.

      Location

      Enter the location of this FortiSandbox system to help find it in the event it requires attention.

      Contact

      Enter the contact information for the person in charge of this FortiSandbox system.

      SNMP v1/v2c

      Create new, edit, or delete SNMP v1 and v2c communities. You can select to enable or disable communities in the edit page. The following columns are displayed: Community Name, Queries, Traps, Enable.

      SNMP v3

      Create new, edit, or delete SNMP v3 entries. You can select to enable or disable queries in the edit page. The following columns are displayed: User Name, Security Level, Notification Host, Queries.

    To create a new SNMP v1/v2c community:
    1. Go to System > SNMP.
    2. In the SNMP v1/v2c section of the screen select Create New from the toolbar.
    3. Configure the following settings:

      Enable

      Select to enable the SNMP community.

      Community Name

      Enter a name to identify the SNMP community.

      Hosts

      The list of hosts that can use the settings in this SNMP community to monitor the FortiSandbox system.

      IP/Netmask

      Enter the IP address and netmask of the SNMP hosts. Select the Add button to add additional hosts.

      Queries v1

      Enter the port number and select to enable. Enable queries for each SNMP version that the FortiSandbox system uses.

      Queries v2c

      Enter the port number and select to enable. Enable queries for each SNMP version that the FortiSandbox system uses.

      Traps v1

      Enter the local port number, remote port number, and select to enable. Enable traps for each SNMP version that the FortiSandbox system uses.

      Traps v2c

      Enter the local port number, remote port number, and select to enable. Enable traps for each SNMP version that the FortiSandbox system uses.

      SNMP Events

      Enable the events that will cause the FortiSandbox unit to send SNMP traps to the community.

      • CPU usage is high

        This event is triggered when CPU usage is higher than 90%. The trap is sent every minute.

      • Memory is low

        This event is triggered when memory usage is higher than 90%. The trap is sent every minute.

      • Hard disk usage is high

        This event is triggered when hard disk usage is higher than 80%. The trap is sent every minute.

      • RAID disk information

        The trap message is delivered every hour.

      • Average scan time

        The average scan time is the last hour. The trap is sent every hour.

      • Topology map and health check status for cluster has changed
      • Interface is up or down
      • Power Supply failure (not available on FSA-500F model)
      • Malware is detected
      • License or contract is close to expiry

        This event is triggered 1, 2, 3, 7, 15, and 30 days at 00:00:05 hours before a FortiSandbox license or contract is to expire. For example, an event is triggered:

        • 30 days at 00:00:05 hours before a VM license is to expire.

        • 15 days at 00:00:05 hours before a custom VM contract is to expire.

    4. Click OK to create the SNMP community.
    To create a new SNMP v3 user:
    1. Go to System > SNMP.
    2. In the SNMP v3 section of the screen, select Create New from the toolbar.
    3. Configure the following settings:

      Username

      Enter the name of the SNMPv3 user.

      Security Level

      Select the security level of the user. Select one of the following:

      • None
      • Authentication only
      • Encryption and authentication

      Authentication

      Authentication is required when Security Level is either Authentication only or Encryption and authentication.

      Method

      Select the authentication method. Select either:

      • MD5 (Message Digest 5 algorithm)
      • SHA1 (Secure Hash algorithm)

      Password

      Enter the authentication password. The password must be a minimum of 8 characters.

      Encryption

      Encryption is required when Security Level is Encryption and authentication.

      Method

      Select the encryption method, either DES or AES.

      Key

      Enter the encryption key. The encryption key value must be a minimum of 8 characters.

      Notification Hosts (Traps)

      IP/Netmask

      Enter the IP address and netmask. Click the Add button to add additional hosts.

      Query

      Port

      Enter the port number. Select to Enable the query port.

      SNMP v3 Events

      Select the SNMP events that will be associated with that user.

      • CPU usage is high

        This event is triggered when CPU usage is higher than 90%. The trap is sent every minute.

      • Memory is low

        This event is triggered when memory usage is higher than 90%. The trap is sent every minute.

      • Hard disk usage is high

        This event is triggered when hard disk usage is higher than 80%. The trap is sent every minute.

      • RAID disk information

        The trap message is delivered every hour.

      • Average scan time

        The average scan time is the last hour. The trap is sent every hour.

      • Topology map and health check status for cluster has changed
      • Interface is up or down
      • Power Supply failure (not available on FSA-500F model)
      • Malware is detected
      • License or contract is close to expiry

        This event is triggered 1, 2, 3, 7, 15, and 30 days at 00:00:05 hours before a FortiSandbox license or contract is to expire. For example, an event is triggered:

        • 30 days at 00:00:05 hours before a VM license is to expire.

        • 15 days at 00:00:05 hours before a custom VM contract is to expire.

    4. Click OK to create the SNMP community.
    Previous
    Next

    Configuring the SNMP agent

    Configuring the SNMP agent

    The SNMP agent sends SNMP traps that originate on the FortiSandbox system to an external monitoring SNMP manager defined in one of the FortiSandbox SNMP communities. Typically an SNMP manager is an application on a local computer that can read the SNMP traps and generate reports or graphs from them.

    The SNMP manager can monitor the FortiSandbox system to determine if it is operating properly, or if there are any critical events occurring. The description, location, and contact information for this FortiSandbox system will be part of the information an SNMP manager will have. This information is useful if the SNMP manager is monitoring many devices, and it will enable faster responses when the FortiSandbox system requires attention.

    To configure the SNMP agent:
    1. Go to System > SNMP to configure the SNMP agent.
    2. Configure the following settings:

      SNMP Agent

      Select to enable the FortiSandbox SNMP agent. When this is enabled, it sends FortiSandbox SNMP traps.

      Description

      Enter a description of this FortiSandbox system to help uniquely identify this unit.

      Location

      Enter the location of this FortiSandbox system to help find it in the event it requires attention.

      Contact

      Enter the contact information for the person in charge of this FortiSandbox system.

      SNMP v1/v2c

      Create new, edit, or delete SNMP v1 and v2c communities. You can select to enable or disable communities in the edit page. The following columns are displayed: Community Name, Queries, Traps, Enable.

      SNMP v3

      Create new, edit, or delete SNMP v3 entries. You can select to enable or disable queries in the edit page. The following columns are displayed: User Name, Security Level, Notification Host, Queries.

    To create a new SNMP v1/v2c community:
    1. Go to System > SNMP.
    2. In the SNMP v1/v2c section of the screen select Create New from the toolbar.
    3. Configure the following settings:

      Enable

      Select to enable the SNMP community.

      Community Name

      Enter a name to identify the SNMP community.

      Hosts

      The list of hosts that can use the settings in this SNMP community to monitor the FortiSandbox system.

      IP/Netmask

      Enter the IP address and netmask of the SNMP hosts. Select the Add button to add additional hosts.

      Queries v1

      Enter the port number and select to enable. Enable queries for each SNMP version that the FortiSandbox system uses.

      Queries v2c

      Enter the port number and select to enable. Enable queries for each SNMP version that the FortiSandbox system uses.

      Traps v1

      Enter the local port number, remote port number, and select to enable. Enable traps for each SNMP version that the FortiSandbox system uses.

      Traps v2c

      Enter the local port number, remote port number, and select to enable. Enable traps for each SNMP version that the FortiSandbox system uses.

      SNMP Events

      Enable the events that will cause the FortiSandbox unit to send SNMP traps to the community.

      • CPU usage is high

        This event is triggered when CPU usage is higher than 90%. The trap is sent every minute.

      • Memory is low

        This event is triggered when memory usage is higher than 90%. The trap is sent every minute.

      • Hard disk usage is high

        This event is triggered when hard disk usage is higher than 80%. The trap is sent every minute.

      • RAID disk information

        The trap message is delivered every hour.

      • Average scan time

        The average scan time is the last hour. The trap is sent every hour.

      • Topology map and health check status for cluster has changed
      • Interface is up or down
      • Power Supply failure (not available on FSA-500F model)
      • Malware is detected
      • License or contract is close to expiry

        This event is triggered 1, 2, 3, 7, 15, and 30 days at 00:00:05 hours before a FortiSandbox license or contract is to expire. For example, an event is triggered:

        • 30 days at 00:00:05 hours before a VM license is to expire.

        • 15 days at 00:00:05 hours before a custom VM contract is to expire.

    4. Click OK to create the SNMP community.
    To create a new SNMP v3 user:
    1. Go to System > SNMP.
    2. In the SNMP v3 section of the screen, select Create New from the toolbar.
    3. Configure the following settings:

      Username

      Enter the name of the SNMPv3 user.

      Security Level

      Select the security level of the user. Select one of the following:

      • None
      • Authentication only
      • Encryption and authentication

      Authentication

      Authentication is required when Security Level is either Authentication only or Encryption and authentication.

      Method

      Select the authentication method. Select either:

      • MD5 (Message Digest 5 algorithm)
      • SHA1 (Secure Hash algorithm)

      Password

      Enter the authentication password. The password must be a minimum of 8 characters.

      Encryption

      Encryption is required when Security Level is Encryption and authentication.

      Method

      Select the encryption method, either DES or AES.

      Key

      Enter the encryption key. The encryption key value must be a minimum of 8 characters.

      Notification Hosts (Traps)

      IP/Netmask

      Enter the IP address and netmask. Click the Add button to add additional hosts.

      Query

      Port

      Enter the port number. Select to Enable the query port.

      SNMP v3 Events

      Select the SNMP events that will be associated with that user.

      • CPU usage is high

        This event is triggered when CPU usage is higher than 90%. The trap is sent every minute.

      • Memory is low

        This event is triggered when memory usage is higher than 90%. The trap is sent every minute.

      • Hard disk usage is high

        This event is triggered when hard disk usage is higher than 80%. The trap is sent every minute.

      • RAID disk information

        The trap message is delivered every hour.

      • Average scan time

        The average scan time is the last hour. The trap is sent every hour.

      • Topology map and health check status for cluster has changed
      • Interface is up or down
      • Power Supply failure (not available on FSA-500F model)
      • Malware is detected
      • License or contract is close to expiry

        This event is triggered 1, 2, 3, 7, 15, and 30 days at 00:00:05 hours before a FortiSandbox license or contract is to expire. For example, an event is triggered:

        • 30 days at 00:00:05 hours before a VM license is to expire.

        • 15 days at 00:00:05 hours before a custom VM contract is to expire.

    4. Click OK to create the SNMP community.
    Previous
    Next