Fortinet black logo

Administration Guide

SNMP traps & queries

SNMP traps & queries

System > Config > SNMP enables you to configure the FortiWeb appliance’s simple network management protocol (SNMP) agent to allow queries for system information and to send traps (alarms or event messages) to the computer that you designate as its SNMP manager. In this way you can use an SNMP manager to monitor the FortiWeb appliance.

Before you can use SNMP, you must activate the FortiWeb appliance’s SNMP agent and add it as a member of at least one community. You must also enable SNMP access on the network interface through which the SNMP manager connects. For details, see Configuring the network interfaces.

On the SNMP manager, you must also verify that the SNMP manager is a member of the community to which the FortiWeb appliance belongs, and compile the necessary Fortinet-proprietary management information blocks (MIBs) and Fortinet-supported standard MIBs. For details about MIBs, see MIB support.

Failure to configure the SNMP manager as a host in a community to which the FortiWeb appliance belongs, or to supply it with required MIBs, will make the SNMP monitor unable to query or receive traps from the FortiWeb appliance.
To configure the SNMP agent

Add the MIBs to your SNMP manager so that you will be able to receive traps and perform queries. For instructions, see the documentation for your SNMP manager.

Go to System > Config > SNMP.

To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the System Configuration category. For details, see Permissions.

Configure the following settings:

SNMP Agent

Enable to activate the SNMP agent, so that the FortiWeb appliance can send traps and receive queries for the communities in which you enabled queries and traps.

For details about communities, see Configuring an SNMP community.

Description Type a comment about the FortiWeb appliance, such as dont-reboot. The description can be up to 35 characters long, and can contain only letters (a-z, A-Z), numbers, hyphens ( - ) and underscores ( _ ).
Location Type the physical location of the FortiWeb appliance, such as floor2. The location can be up to 35 characters long, and can contain only letters (a-z, A-Z), numbers, hyphens ( - ) and underscores ( _ ).
Contact Type the contact information for the administrator or other person responsible for this FortiWeb appliance, such as a phone number (555-5555) or name (jdoe). The contact information can be up to 35 characters long, and can contain only letters (a-z, A-Z), numbers, hyphens ( - ) and underscores ( _ ).

Click Apply.

Create at least one SNMP community to define which hosts are allowed to query, and which hosts will receive traps. For details, see Configuring an SNMP community.

See also

Configuring an SNMP community

An SNMP community is a grouping of equipment for network administration purposes. You must configure your FortiWeb appliance to belong to at least one SNMP community so that community’s SNMP managers can query the FortiWeb appliance’s system information and receive SNMP traps from the FortiWeb appliance.

On FortiWeb, SNMP communities are also where you enable the traps that will be sent to that group of hosts.

You can add up to three SNMP communities. Each community can have a different configuration for queries and traps, and the set of events that trigger a trap. You can also add the IP addresses of up to eight SNMP managers to each community to designate the destination of traps and which IP addresses are permitted to query the FortiWeb appliance.

To add an SNMP community to the FortiWeb appliance’s SNMP agent

Go to System > Config > SNMP.

To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the System Configuration category. For details, see Permissions.

If you have not already configured the agent, do so before continuing. For details, see To configure the SNMP agent.

Do one of the following:

  • To create a SNMP version 1 or 2c community, under SNMP v1/v2c, click Create New.
  • To create a SNMP version 3 community, under SNMP v3, click Create New.

    SNMP v3 adds more security by using authentication and privacy encryption.

Configure these settings:

Community Name

Type the name of the SNMP community to which the FortiWeb appliance and at least one SNMP manager belongs, such as public.

The FortiWeb appliance will not respond to SNMP managers whose query packets do not contain a matching community name. Similarly, trap packets from the FortiWeb appliance will include community name, and an SNMP manager may not accept the trap if its community name does not match.

Caution: Fortinet strongly recommends that you do not add FortiWeb to the community named public. This popular default name is well-known, and attackers that gain access to your network will often try this name first.

Available for SNMP version 1 or 2 communities only.

User Name

Type the name that identifies the SNMP user.

Available for SNMP version 3 communities only.

Security Level

Choose one of the following three security levels:

  • No Authentication, No Privacy—Enables no additional authentication or encryption compared to SNMP v1 and v2.
  • Authentication, No Privacy—Enables authentication only. The SNMP manager needs to supply the password specified in this community configuration. Also specify Authentication Algorithm and the associated password.
  • Authentication, Privacy—Enables both authentication and encryption. Also specify Authentication Algorithm, Privacy Algorithm and the associated passwords. Ensure that the SNMP manager and FortiWeb use the same protocols and passwords.

Available for SNMP version 3 communities only.

Authentication Algorithm If the Security Level value includes authentication, specify the authentication protocol and password.

Ensure that the SNMP manager and FortiWeb use the same protocol and password.
Privacy Algorithm If Security Level is Authentication and Privacy, specify the encryption protocol and password.

Ensure that the SNMP manager and FortiWeb use the same protocol and password.
Hosts
IP Address

Type the IP address of the SNMP manager that, if traps or queries are enabled in this community:

  • Will receive traps from the FortiWeb appliance
  • Will be permitted to query the FortiWeb appliance

SNMP managers have read-only access.

To allow any IP address using this SNMP community name to query the FortiWeb appliance, enter 0.0.0.0. For security best practice reasons, however, this is not recommended.

Caution:FortiWeb sends security-sensitive traps, which should be sent only over a trusted network, and only to administrative equipment.

Note: If there are no other host IP entries, entering only 0.0.0.0 effectively disables traps because there is no specific destination for trap packets. If you do not want to disable traps, you must add at least one other entry that specifies the IP address of an SNMP manager. You can add up to 8 SNMP managers.

Queries

For each protocol the community uses, enter the port number (161 by default) on which the FortiWeb appliance listens for SNMP queries from the SNMP managers in this community, then enable queries for that protocol.

For supported queries, see the FortiWeb MIB file and MIB support.

Traps For each protocol the community uses, enter the port number (162 by default) for the source port (Local) and destination port (Remote) for trap packets sent to SNMP managers in this community, then enable traps for that protocol.

Enable traps for the SNMP events that you want FortiWeb to notify your SNMP managers.

While most trap events are described by their names, the following events occur when a threshold has been exceeded:

  • CPU usage is high —CPU usage has exceeded 80%.
  • Memory usage is high —Memory (RAM) usage has exceeded 80%.
  • Log disk space low—Disk space usage for the log partition/disk has exceeded 80%.

For details about supported traps and queries, see MIB support.

Click OK.

To verify your SNMP configuration and network connectivity between your SNMP manager and your FortiWeb appliance, be sure to test both traps and queries (assuming you have enabled both). Traps and queries typically occur on different port numbers, and therefore verifying one does not necessarily verify that the other is also functional. To test queries, from your SNMP manager, query the FortiWeb appliance. To test traps, cause one of the events that should trigger a trap.

MIB support

The FortiWeb SNMP agent supports a few management information blocks (MIBs).

Supported MIBs
Fortinet Core MIB This Fortinet-proprietary MIB enables your SNMP manager to query for system information and to receive traps that are common to multiple Fortinet devices.
FortiWeb MIB This Fortinet-proprietary MIB enables your SNMP manager to query for FortiWeb-specific information such as the utilization of each CPU, and to receive FortiWeb-specific traps, such as when an attack is detected by a signature.
RFC-1213 (MIB II)

The FortiWeb SNMP agent supports MIB II groups, except:

  • There is no support for the EGP group from MIB II. See RFC 1213 (HTTP://tools.ietf.org/html/rfc1213), section 3.11 and 6.10.
  • Protocol statistics returned for MIB II groups (IP, ICMP, TCP, UDP, and so on.) do not accurately capture all FortiWeb traffic activity. More accurate information can be obtained from the information reported by the FortiWeb MIB.
RFC-2665 (Ethernet-like MIB) The FortiWeb SNMP agent supports Ethernet-like MIB information, except the dot3Tests and dot3Errors groups. See RFC 2665 (HTTPs://tools.ietf.org/html/rfc2665).

To obtain these MIB files, go to System > Config > SNMP and click the following links:

  • Download FortiWeb MIB File
  • Download Fortinet Core MIB File

To communicate with your FortiWeb appliance’s SNMP agent, first compile these MIBs into your SNMP manager. If the standard MIBs used by the SNMP agent are already compiled into your SNMP manager, you do not have to compile them again.

To view a trap or query’s name, object identifier (OID), and description, open its MIB file in a plain text editor.

All traps sent include the message, the FortiWeb appliance’s serial number, and host name.

For instructions on how to configure traps and queries, see SNMP traps & queries.

See also

SNMP traps & queries

System > Config > SNMP enables you to configure the FortiWeb appliance’s simple network management protocol (SNMP) agent to allow queries for system information and to send traps (alarms or event messages) to the computer that you designate as its SNMP manager. In this way you can use an SNMP manager to monitor the FortiWeb appliance.

Before you can use SNMP, you must activate the FortiWeb appliance’s SNMP agent and add it as a member of at least one community. You must also enable SNMP access on the network interface through which the SNMP manager connects. For details, see Configuring the network interfaces.

On the SNMP manager, you must also verify that the SNMP manager is a member of the community to which the FortiWeb appliance belongs, and compile the necessary Fortinet-proprietary management information blocks (MIBs) and Fortinet-supported standard MIBs. For details about MIBs, see MIB support.

Failure to configure the SNMP manager as a host in a community to which the FortiWeb appliance belongs, or to supply it with required MIBs, will make the SNMP monitor unable to query or receive traps from the FortiWeb appliance.
To configure the SNMP agent

Add the MIBs to your SNMP manager so that you will be able to receive traps and perform queries. For instructions, see the documentation for your SNMP manager.

Go to System > Config > SNMP.

To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the System Configuration category. For details, see Permissions.

Configure the following settings:

SNMP Agent

Enable to activate the SNMP agent, so that the FortiWeb appliance can send traps and receive queries for the communities in which you enabled queries and traps.

For details about communities, see Configuring an SNMP community.

Description Type a comment about the FortiWeb appliance, such as dont-reboot. The description can be up to 35 characters long, and can contain only letters (a-z, A-Z), numbers, hyphens ( - ) and underscores ( _ ).
Location Type the physical location of the FortiWeb appliance, such as floor2. The location can be up to 35 characters long, and can contain only letters (a-z, A-Z), numbers, hyphens ( - ) and underscores ( _ ).
Contact Type the contact information for the administrator or other person responsible for this FortiWeb appliance, such as a phone number (555-5555) or name (jdoe). The contact information can be up to 35 characters long, and can contain only letters (a-z, A-Z), numbers, hyphens ( - ) and underscores ( _ ).

Click Apply.

Create at least one SNMP community to define which hosts are allowed to query, and which hosts will receive traps. For details, see Configuring an SNMP community.

See also

Configuring an SNMP community

An SNMP community is a grouping of equipment for network administration purposes. You must configure your FortiWeb appliance to belong to at least one SNMP community so that community’s SNMP managers can query the FortiWeb appliance’s system information and receive SNMP traps from the FortiWeb appliance.

On FortiWeb, SNMP communities are also where you enable the traps that will be sent to that group of hosts.

You can add up to three SNMP communities. Each community can have a different configuration for queries and traps, and the set of events that trigger a trap. You can also add the IP addresses of up to eight SNMP managers to each community to designate the destination of traps and which IP addresses are permitted to query the FortiWeb appliance.

To add an SNMP community to the FortiWeb appliance’s SNMP agent

Go to System > Config > SNMP.

To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the System Configuration category. For details, see Permissions.

If you have not already configured the agent, do so before continuing. For details, see To configure the SNMP agent.

Do one of the following:

  • To create a SNMP version 1 or 2c community, under SNMP v1/v2c, click Create New.
  • To create a SNMP version 3 community, under SNMP v3, click Create New.

    SNMP v3 adds more security by using authentication and privacy encryption.

Configure these settings:

Community Name

Type the name of the SNMP community to which the FortiWeb appliance and at least one SNMP manager belongs, such as public.

The FortiWeb appliance will not respond to SNMP managers whose query packets do not contain a matching community name. Similarly, trap packets from the FortiWeb appliance will include community name, and an SNMP manager may not accept the trap if its community name does not match.

Caution: Fortinet strongly recommends that you do not add FortiWeb to the community named public. This popular default name is well-known, and attackers that gain access to your network will often try this name first.

Available for SNMP version 1 or 2 communities only.

User Name

Type the name that identifies the SNMP user.

Available for SNMP version 3 communities only.

Security Level

Choose one of the following three security levels:

  • No Authentication, No Privacy—Enables no additional authentication or encryption compared to SNMP v1 and v2.
  • Authentication, No Privacy—Enables authentication only. The SNMP manager needs to supply the password specified in this community configuration. Also specify Authentication Algorithm and the associated password.
  • Authentication, Privacy—Enables both authentication and encryption. Also specify Authentication Algorithm, Privacy Algorithm and the associated passwords. Ensure that the SNMP manager and FortiWeb use the same protocols and passwords.

Available for SNMP version 3 communities only.

Authentication Algorithm If the Security Level value includes authentication, specify the authentication protocol and password.

Ensure that the SNMP manager and FortiWeb use the same protocol and password.
Privacy Algorithm If Security Level is Authentication and Privacy, specify the encryption protocol and password.

Ensure that the SNMP manager and FortiWeb use the same protocol and password.
Hosts
IP Address

Type the IP address of the SNMP manager that, if traps or queries are enabled in this community:

  • Will receive traps from the FortiWeb appliance
  • Will be permitted to query the FortiWeb appliance

SNMP managers have read-only access.

To allow any IP address using this SNMP community name to query the FortiWeb appliance, enter 0.0.0.0. For security best practice reasons, however, this is not recommended.

Caution:FortiWeb sends security-sensitive traps, which should be sent only over a trusted network, and only to administrative equipment.

Note: If there are no other host IP entries, entering only 0.0.0.0 effectively disables traps because there is no specific destination for trap packets. If you do not want to disable traps, you must add at least one other entry that specifies the IP address of an SNMP manager. You can add up to 8 SNMP managers.

Queries

For each protocol the community uses, enter the port number (161 by default) on which the FortiWeb appliance listens for SNMP queries from the SNMP managers in this community, then enable queries for that protocol.

For supported queries, see the FortiWeb MIB file and MIB support.

Traps For each protocol the community uses, enter the port number (162 by default) for the source port (Local) and destination port (Remote) for trap packets sent to SNMP managers in this community, then enable traps for that protocol.

Enable traps for the SNMP events that you want FortiWeb to notify your SNMP managers.

While most trap events are described by their names, the following events occur when a threshold has been exceeded:

  • CPU usage is high —CPU usage has exceeded 80%.
  • Memory usage is high —Memory (RAM) usage has exceeded 80%.
  • Log disk space low—Disk space usage for the log partition/disk has exceeded 80%.

For details about supported traps and queries, see MIB support.

Click OK.

To verify your SNMP configuration and network connectivity between your SNMP manager and your FortiWeb appliance, be sure to test both traps and queries (assuming you have enabled both). Traps and queries typically occur on different port numbers, and therefore verifying one does not necessarily verify that the other is also functional. To test queries, from your SNMP manager, query the FortiWeb appliance. To test traps, cause one of the events that should trigger a trap.

MIB support

The FortiWeb SNMP agent supports a few management information blocks (MIBs).

Supported MIBs
Fortinet Core MIB This Fortinet-proprietary MIB enables your SNMP manager to query for system information and to receive traps that are common to multiple Fortinet devices.
FortiWeb MIB This Fortinet-proprietary MIB enables your SNMP manager to query for FortiWeb-specific information such as the utilization of each CPU, and to receive FortiWeb-specific traps, such as when an attack is detected by a signature.
RFC-1213 (MIB II)

The FortiWeb SNMP agent supports MIB II groups, except:

  • There is no support for the EGP group from MIB II. See RFC 1213 (HTTP://tools.ietf.org/html/rfc1213), section 3.11 and 6.10.
  • Protocol statistics returned for MIB II groups (IP, ICMP, TCP, UDP, and so on.) do not accurately capture all FortiWeb traffic activity. More accurate information can be obtained from the information reported by the FortiWeb MIB.
RFC-2665 (Ethernet-like MIB) The FortiWeb SNMP agent supports Ethernet-like MIB information, except the dot3Tests and dot3Errors groups. See RFC 2665 (HTTPs://tools.ietf.org/html/rfc2665).

To obtain these MIB files, go to System > Config > SNMP and click the following links:

  • Download FortiWeb MIB File
  • Download Fortinet Core MIB File

To communicate with your FortiWeb appliance’s SNMP agent, first compile these MIBs into your SNMP manager. If the standard MIBs used by the SNMP agent are already compiled into your SNMP manager, you do not have to compile them again.

To view a trap or query’s name, object identifier (OID), and description, open its MIB file in a plain text editor.

All traps sent include the message, the FortiWeb appliance’s serial number, and host name.

For instructions on how to configure traps and queries, see SNMP traps & queries.

See also