Technical Tip: Changing default ports for SNMP

Description
This article describes the default ports used for SNMP traffic on the FortiGate platforms and how to change them.
Further information on SNMP can be found here

Scope

FortiGate.

Solution

The FortiGate SNMP traffic is by default configured to use ports 161 (for queries) and 162 (for traps). Use the following commands to change these default ports:

config system snmp community
    edit <index_number>
        set query-v1-port <port_number>        <---- port that the FortiGate should open for queries
        set trap-v1-lport <port_number>        <---- local port for traps
        set trap-v1-rport <port_number>        <---- remote port for traps
        set query-v2c-port <port_number>
        set trap-v2c-lport <port_number>
        set trap-v2c-rport <port_number>
end

The option is also available on the GUI, as shown below:

In SNMPv3, local and remote trap ports can be changed as follows:

GUI:

CLI:

FG61F-Home # config system snmp user

FG61F-Home (user) # edit Test
FG61F-Home (Test) # set trap-lport 164

FG61F-Home (Test) # set trap-rport 1045

Related article:

Technical Tip: Configuring SNMP when VDOM is enabled