config system snmp user

SNMP user configuration.

config system snmp user
    Description: SNMP user configuration.
    edit <name>
        set auth-proto [md5|sha|...]
        set auth-pwd {password}
        set events {option1}, {option2}, ...
        set ha-direct [enable|disable]
        set notify-hosts {ipv4-address}
        set notify-hosts6 {ipv6-address}
        set priv-proto [aes|des|...]
        set priv-pwd {password}
        set queries [enable|disable]
        set query-port {integer}
        set security-level [no-auth-no-priv|auth-no-priv|...]
        set source-ip {ipv4-address}
        set source-ipv6 {ipv6-address}
        set status [enable|disable]
        set trap-lport {integer}
        set trap-rport {integer}
        set trap-status [enable|disable]
    next
end

config system snmp user

Parameter

Description

Type

Size

auth-proto

Authentication protocol.

option

Option	Description
md5	HMAC-MD5-96 authentication protocol.
sha	HMAC-SHA-96 authentication protocol.
sha224	HMAC-SHA224 authentication protocol.
sha256	HMAC-SHA256 authentication protocol.
sha384	HMAC-SHA384 authentication protocol.
sha512	HMAC-SHA512 authentication protocol.

auth-pwd

Password for authentication protocol.

password

Not Specified

events

SNMP notifications (traps) to send.

option

Option	Description
cpu-high	Send a trap when CPU usage is high.
mem-low	Send a trap when available memory is low.
log-full	Send a trap when log disk space becomes low.
intf-ip	Send a trap when an interface IP address is changed.
vpn-tun-up	Send a trap when a VPN tunnel comes up.
vpn-tun-down	Send a trap when a VPN tunnel goes down.
ha-switch	Send a trap after an HA failover when the backup unit has taken over.
ha-hb-failure	Send a trap when HA heartbeats are not received.
ips-signature	Send a trap when IPS detects an attack.
ips-anomaly	Send a trap when IPS finds an anomaly.
av-virus	Send a trap when AntiVirus finds a virus.
av-oversize	Send a trap when AntiVirus finds an oversized file.
av-pattern	Send a trap when AntiVirus finds file matching pattern.
av-fragmented	Send a trap when AntiVirus finds a fragmented file.
fm-if-change	Send a trap when FortiManager interface changes. Send a FortiManager trap.
fm-conf-change	Send a trap when a configuration change is made by a FortiGate administrator and the FortiGate is managed by FortiManager.
bgp-established	Send a trap when a BGP FSM transitions to the established state.
bgp-backward-transition	Send a trap when a BGP FSM goes from a high numbered state to a lower numbered state.
ha-member-up	Send a trap when an HA cluster member goes up.
ha-member-down	Send a trap when an HA cluster member goes down.
ent-conf-change	Send a trap when an entity MIB change occurs (RFC4133).
av-conserve	Send a trap when the FortiGate enters conserve mode.
av-bypass	Send a trap when the FortiGate enters bypass mode.
av-oversize-passed	Send a trap when AntiVirus passes an oversized file.
av-oversize-blocked	Send a trap when AntiVirus blocks an oversized file.
ips-pkg-update	Send a trap when the IPS signature database or engine is updated.
ips-fail-open	Send a trap when the IPS network buffer is full.
temperature-high	Send a trap when a temperature sensor registers a temperature that is too high.
voltage-alert	Send a trap when a voltage sensor registers a voltage that is outside of the normal range.
power-supply-failure	Send a trap when a power supply fails.
faz-disconnect	Send a trap when a FortiAnalyzer disconnects from the FortiGate.
fan-failure	Send a trap when a fan fails.
wc-ap-up	Send a trap when a managed FortiAP comes up.
wc-ap-down	Send a trap when a managed FortiAP goes down.
fswctl-session-up	Send a trap when a FortiSwitch controller session comes up.
fswctl-session-down	Send a trap when a FortiSwitch controller session goes down.
load-balance-real-server-down	Send a trap when a server load balance real server goes down.
device-new	Send a trap when a new device is found.
per-cpu-high	Send a trap when per-CPU usage is high.

ha-direct

Enable/disable direct management of HA cluster members.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

name

SNMP user name.

string

Maximum length: 32

notify-hosts

SNMP managers to send notifications (traps) to.

ipv4-address

Not Specified

notify-hosts6

IPv6 SNMP managers to send notifications (traps) to.

ipv6-address

Not Specified

priv-proto

Privacy (encryption) protocol.

option

Option	Description
aes	CFB128-AES-128 symmetric encryption protocol.
des	CBC-DES symmetric encryption protocol.
aes256	CFB128-AES-256 symmetric encryption protocol.
aes256cisco	CFB128-AES-256 symmetric encryption protocol compatible with CISCO.

priv-pwd

Password for privacy (encryption) protocol.

password

Not Specified

queries

Enable/disable SNMP queries for this user.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

query-port

SNMPv3 query port.

integer

Minimum value: 0 Maximum value: 65535

security-level

Security level for message authentication and encryption.

option

Option	Description
no-auth-no-priv	Message with no authentication and no privacy (encryption).
auth-no-priv	Message with authentication but no privacy (encryption).
auth-priv	Message with authentication and privacy (encryption).

source-ip

Source IP for SNMP trap.

ipv4-address

Not Specified

source-ipv6

Source IPv6 for SNMP trap.

ipv6-address

Not Specified

status

Enable/disable this SNMP user.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

trap-lport

SNMPv3 local trap port.

integer

Minimum value: 0 Maximum value: 65535

trap-rport

SNMPv3 trap remote port.

integer

Minimum value: 0 Maximum value: 65535

trap-status

Enable/disable traps for this SNMP user.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

config system snmp user

SNMP user configuration.

config system snmp user
    Description: SNMP user configuration.
    edit <name>
        set auth-proto [md5|sha|...]
        set auth-pwd {password}
        set events {option1}, {option2}, ...
        set ha-direct [enable|disable]
        set notify-hosts {ipv4-address}
        set notify-hosts6 {ipv6-address}
        set priv-proto [aes|des|...]
        set priv-pwd {password}
        set queries [enable|disable]
        set query-port {integer}
        set security-level [no-auth-no-priv|auth-no-priv|...]
        set source-ip {ipv4-address}
        set source-ipv6 {ipv6-address}
        set status [enable|disable]
        set trap-lport {integer}
        set trap-rport {integer}
        set trap-status [enable|disable]
    next
end

config system snmp user

Parameter

Description

Type

Size

auth-proto

Authentication protocol.

option

Option	Description
md5	HMAC-MD5-96 authentication protocol.
sha	HMAC-SHA-96 authentication protocol.
sha224	HMAC-SHA224 authentication protocol.
sha256	HMAC-SHA256 authentication protocol.
sha384	HMAC-SHA384 authentication protocol.
sha512	HMAC-SHA512 authentication protocol.

auth-pwd

Password for authentication protocol.

password

Not Specified

events

SNMP notifications (traps) to send.

option

Option	Description
cpu-high	Send a trap when CPU usage is high.
mem-low	Send a trap when available memory is low.
log-full	Send a trap when log disk space becomes low.
intf-ip	Send a trap when an interface IP address is changed.
vpn-tun-up	Send a trap when a VPN tunnel comes up.
vpn-tun-down	Send a trap when a VPN tunnel goes down.
ha-switch	Send a trap after an HA failover when the backup unit has taken over.
ha-hb-failure	Send a trap when HA heartbeats are not received.
ips-signature	Send a trap when IPS detects an attack.
ips-anomaly	Send a trap when IPS finds an anomaly.
av-virus	Send a trap when AntiVirus finds a virus.
av-oversize	Send a trap when AntiVirus finds an oversized file.
av-pattern	Send a trap when AntiVirus finds file matching pattern.
av-fragmented	Send a trap when AntiVirus finds a fragmented file.
fm-if-change	Send a trap when FortiManager interface changes. Send a FortiManager trap.
fm-conf-change	Send a trap when a configuration change is made by a FortiGate administrator and the FortiGate is managed by FortiManager.
bgp-established	Send a trap when a BGP FSM transitions to the established state.
bgp-backward-transition	Send a trap when a BGP FSM goes from a high numbered state to a lower numbered state.
ha-member-up	Send a trap when an HA cluster member goes up.
ha-member-down	Send a trap when an HA cluster member goes down.
ent-conf-change	Send a trap when an entity MIB change occurs (RFC4133).
av-conserve	Send a trap when the FortiGate enters conserve mode.
av-bypass	Send a trap when the FortiGate enters bypass mode.
av-oversize-passed	Send a trap when AntiVirus passes an oversized file.
av-oversize-blocked	Send a trap when AntiVirus blocks an oversized file.
ips-pkg-update	Send a trap when the IPS signature database or engine is updated.
ips-fail-open	Send a trap when the IPS network buffer is full.
temperature-high	Send a trap when a temperature sensor registers a temperature that is too high.
voltage-alert	Send a trap when a voltage sensor registers a voltage that is outside of the normal range.
power-supply-failure	Send a trap when a power supply fails.
faz-disconnect	Send a trap when a FortiAnalyzer disconnects from the FortiGate.
fan-failure	Send a trap when a fan fails.
wc-ap-up	Send a trap when a managed FortiAP comes up.
wc-ap-down	Send a trap when a managed FortiAP goes down.
fswctl-session-up	Send a trap when a FortiSwitch controller session comes up.
fswctl-session-down	Send a trap when a FortiSwitch controller session goes down.
load-balance-real-server-down	Send a trap when a server load balance real server goes down.
device-new	Send a trap when a new device is found.
per-cpu-high	Send a trap when per-CPU usage is high.

ha-direct

Enable/disable direct management of HA cluster members.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

name

SNMP user name.

string

Maximum length: 32

notify-hosts

SNMP managers to send notifications (traps) to.

ipv4-address

Not Specified

notify-hosts6

IPv6 SNMP managers to send notifications (traps) to.

ipv6-address

Not Specified

priv-proto

Privacy (encryption) protocol.

option

Option	Description
aes	CFB128-AES-128 symmetric encryption protocol.
des	CBC-DES symmetric encryption protocol.
aes256	CFB128-AES-256 symmetric encryption protocol.
aes256cisco	CFB128-AES-256 symmetric encryption protocol compatible with CISCO.

priv-pwd

Password for privacy (encryption) protocol.

password

Not Specified

queries

Enable/disable SNMP queries for this user.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

query-port

SNMPv3 query port.

integer

Minimum value: 0 Maximum value: 65535

security-level

Security level for message authentication and encryption.

option

Option	Description
no-auth-no-priv	Message with no authentication and no privacy (encryption).
auth-no-priv	Message with authentication but no privacy (encryption).
auth-priv	Message with authentication and privacy (encryption).

source-ip

Source IP for SNMP trap.

ipv4-address

Not Specified

source-ipv6

Source IPv6 for SNMP trap.

ipv6-address

Not Specified

status

Enable/disable this SNMP user.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

trap-lport

SNMPv3 local trap port.

integer

Minimum value: 0 Maximum value: 65535

trap-rport

SNMPv3 trap remote port.

integer

Minimum value: 0 Maximum value: 65535

trap-status

Enable/disable traps for this SNMP user.

option

Option	Description
enable	Enable setting.
disable	Disable setting.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

config system snmp user

config system snmp user

config system snmp user

config system snmp user

config system snmp user

config system snmp user