system snmp user
Use this command to configure the FortiWeb appliance’s SNMP agent to belong to an SNMP version 3 community, and to select which events cause the FortiWeb appliance to generate SNMP traps.
To configure the SNMP agent as a member of a SNMP version version 1 or 2c community and for more information on the SNMP agent, see system snmp community.
To use this command, your administrator account’s access control profile must have either w
or rw
permission to the sysgrp
area. For details, see Permissions.
Syntax
config system snmp user
edit name "<user_str>"
set security-level { noauthnopriv | authnopriv | authpriv >
set auth-pwd "<auth-password_str>"
set priv-pwd "<priv-password_str>"
set query-status {enable | disable}
set trap-status {enable | disable}
set trapport-remote <port_int>
config hosts
set {"<manager_ipv4> | <manager_ipv6>"}
next
end
next
end
Variable | Description | Default |
Enter the name of the SNMP user to which the FortiWeb appliance and at least one SNMP manager belongs. The maximum length is 63 characters. The FortiWeb appliance does not respond to SNMP managers whose query packets do not contain a matching community name. Similarly, trap packets from the FortiWeb appliance include the community name, and an SNMP manager may not accept the trap if its community name does not match. |
No default. | |
Enable to activate the community. This setting takes effect only if the SNMP agent is enabled. For details, see system snmp sysinfo. |
disable
|
|
Enter the security level.
|
No default. | |
If the |
sha1
|
|
If the |
No default. | |
If the |
aes
|
|
If the |
No default. | |
Enable to respond to queries using the SNMP v3 version of the SNMP protocol. |
enable
|
|
Enter the port number on which the FortiWeb appliance listens for SNMP v3 queries from the SNMP managers of the community. The valid range is 1–65,535. |
161
|
|
Enable to send traps using the SNMP v3 version of the SNMP protocol. |
enable
|
|
Enter the port number that is the source (also called local) port number for SNMP v3 trap packets. The valid range is 1–65,535. |
162
|
|
Enter the port number that is the destination (also called remote) port number for SNMP v3 trap packets. The valid range is 1–65,535. |
162
|
|
trapevent {cpu-high | intf-ip | log-full | mem-low | netlink-down-status | netlink-up-status | policy-start | policy-stop | pserver-failed | sys-ha-cluster-status-change | sys-ha-member-join | sys-ha-member-leave | sys-mode-change | waf-access-attack | waf-amethod-attack | waf-blogin-attack |waf-hidden-fields | waf-pvalid-attack | waf-signature-detection | waf-url-access-attack | waf-spage-attack} |
Enter the name of one or more the SNMP events. When FortiWeb detects the specified events, it sends traps to the SNMP managers in this community. Also enable
|
No default. |
|
||
Enter the index number of an SNMP manager for the community. The valid range is 1–9,999,999,999,999,999,999. | No default. | |
Enter the IP address of the SNMP manager that can do the following when you enable traps, queries, or both in this community:
SNMP managers have read-only access. To allow any IP address using this SNMP community name to query the FortiWeb appliance, enter Note: Entering |
No default. |
Example
For an example, see system snmp sysinfo.