system snmp community
Use this command to configure the FortiWeb appliance’s SNMP agent to belong to an SNMP version 1 or 2c community, and to select which events cause the FortiWeb appliance to generate SNMP traps.
To configure the SNMP agent as a member of a SNMP version 3 community, see system snmp user.
The FortiWeb appliance’s simple network management protocol (SNMP) agent allows queries for system information can send traps (alarms or event messages) to the computer that you designate as its SNMP manager. In this way you can use an SNMP manager to monitor the FortiWeb appliance. You can add the IP addresses of up to eight SNMP managers to each community, which designate the destination of traps and which IP addresses are permitted to query the FortiWeb appliance.
An SNMP community is a grouping of equipment for network administration purposes. You must configure your FortiWeb appliance to belong to at least one SNMP community so that community’s SNMP managers can query the FortiWeb appliance’s system information and receive SNMP traps from the FortiWeb appliance.
You can add up to three SNMP communities. Each community can have a different configuration for queries and traps, and the set of events which trigger a trap. Use SNMP traps to notify the SNMP manager of a wide variety of types of events. Event types range from basic system events, such as high usage of resources, to when an attack type is detected or a specific rule is enforced by a policy.
Before you can use SNMP, you must activate the FortiWeb appliance’s SNMP agent and add it as a member of at least one community. For details, see system snmp sysinfo. You must also enable SNMP access on the network interface through which the SNMP manager will connect. For details, see system interface.
On the SNMP manager, you must also verify that the SNMP manager is a member of the community to which the FortiWeb appliance belongs, and compile the necessary Fortinet proprietary management information blocks (MIBs) and Fortinet-supported standard MIBs. For information on MIBs, see the FortiWeb Administration Guide:
https://docs.fortinet.com/document/fortiweb
To use this command, your administrator account’s access control profile must have either w
or rw
permission to the sysgrp
area. For details, see Permissions.
Syntax
config system snmp community
edit <community_index>
set query-v1-status {enable | disable}
set query-v2c-status {enable | disable}
set trap-v1-status {enable | disable}
set trap-v2c-status {enable | disable}
config hosts
edit <snmp-manager_index>
set ip {"<manager_ipv4>" | "<manager_ipv6>"}
next
end
next
end
Variable | Description | Default |
Enter the index number of a community to which the FortiWeb appliance belongs. The valid range is 1–9,999,999,999,999,999,999. | No default. | |
Enable to activate the community. This setting takes effect only if the SNMP agent is enabled. For details, see system snmp sysinfo. |
disable
|
|
Enter the name of the SNMP community to which the FortiWeb appliance and at least one SNMP manager belongs. The maximum length is 63 characters. The FortiWeb appliance will not respond to SNMP managers whose query packets do not contain a matching community name. Similarly, trap packets from the FortiWeb appliance will include community name, and an SNMP manager may not accept the trap if its community name does not match. |
No default. | |
events {cpu-high | intf-ip | log-full | mem-low | netlink-down-status | netlink-up-status | policy-start | policy-stop | pserver-failed | sys-ha-cluster-status-change | sys-ha-member-join | sys-ha-member-leave | sys-mode-change | waf-amethod-attack | waf-hidden-fields | waf-pvalid-attack | waf-signature-detection | power-supply-failure} |
Enter one or more of the following SNMP event names in order to cause the FortiWeb appliance to send traps when those events occur. Traps will be sent to the SNMP managers in this community. Also enable traps.
|
No default. |
|
||
Enter the port number on which the FortiWeb appliance will listen for SNMP v1 queries from the SNMP managers of the community. The valid range is 1–65,535. | 161
|
|
Enable to respond to queries using the SNMP v1 version of the SNMP protocol. | enable
|
|
Enter the port number on which the FortiWeb appliance will listen for SNMP v2c queries from the SNMP managers of the community. The valid range is 1–65,535. | 161
|
|
Enable to respond to queries using the SNMP v2c version of the SNMP protocol. | enable
|
|
Enter the port number that will be the source (also called local) port number for SNMP v1 trap packets. The valid range is 1–65,535. | 162
|
|
Enter the port number that will be the destination (also called remote) port number for SNMP v1 trap packets. The valid range is 1–65,535. | 162
|
|
Enable to send traps using the SNMP v1 version of the SNMP protocol. | enable
|
|
Enter the port number that will be the source (also called local) port number for SNMP v2c trap packets. The valid range is 1–65,535. | 162
|
|
Enter the port number that will be the destination (also called remote) port number for SNMP v2c trap packets. The valid range is 1–65,535. | 162
|
|
Enable to send traps using the SNMP v2c version of the SNMP protocol. | enable
|
|
Enter the index number of an SNMP manager for the community. The valid range is 1–9,999,999,999,999,999,999. | No default. | |
Enter the IP address of the SNMP manager that, if traps and/or queries are enabled in this community:
SNMP managers have read-only access. To allow any IP address using this SNMP community name to query the FortiWeb appliance, enter Note: Entering |
No default. |
Example
For an example, see system snmp sysinfo.