Technical Tip: SNMP V3 trap configuration with FortiGate running HA
Description
This article describes that when a FortiGate is running on HA, the SNMP trap sent by the Secondary unit will not be able to be recognized by Trap Viewer. This is because, by default setting, the engine-id will use the serial number of the FortiGate.
As both of the HA units are using the same IP address to send out the trap, only the trap sent by the Primary can be accepted and the trap sent by the Secondary with engine-id as different from the Primary will be dropped.
As both of the HA units are using the same IP address to send out the trap, only the trap sent by the Primary can be accepted and the trap sent by the Secondary with engine-id as different from the Primary will be dropped.
Scope
FortiGate in HA.
Solution
This issue can be resolved by using the following command to make both engine-ids to be same for the Primary and the Secondary.
This CLI command needs to be run only in the Primary unit.
This CLI command needs to be run only in the Primary unit.
config system snmp sysinfo
set engine-id xxxx <----- xxxx can be any number or alphabet.
end
set engine-id xxxx <----- xxxx can be any number or alphabet.
end