Technical Tip: Using SNMP MIB Views to exclude specific OIDs
| Description | This article describes how to selectively exclude specific SNMP OID subtrees using SNMP MIB view on a FortiGate device. |
| Scope | FortiOS, SNMP v1/v2/v3. |
| Solution | FortiGate exposes a wide range of operational statistics through SNMP. The need may arise to restrict polling of certain OIDs. The following article can be referred to find OIDs in the FortiGate MIB file: Technical Tip: How to find OIDs in the FortiGate MIB file
SNMP MIB views allow administrators to control which OID subtrees are accessible, enabling targeted exclusion without disabling SNMP entirely.
The procedure to exclude the OIDs consists of three steps:
Create an SNMP MIB View to allow SNMP access to everything except the specified OID subtree.
config system snmp mib-view
Apply the MIB View to SNMP v1/v2 Communities:
config system snmp community edit <community_id> set mib-view restrictedOIDView next end
Apply the MIB View to SNMP v3 users:
config system snmp user edit <user_name> set mib-view restrictedOIDView next end
Example to exclude SSL-VPN stats for SBMPv3 :
config system snmp mib-view edit "bypassVpnSslStats" set include "1.3.6" set exclude "1.3.6.1.4.1.12356.101.12.2.3" <----- OID for SSL VPN stats. next end
config system snmp user edit snmp-user-1 set mib-view bypassVpnSslStats next end
With the above configuration, SNMP access is allowed for all OIDs except SSL-VPN statistics.
Download MIB files for OID lookup: Go to System -> SNMP in the GUI -> Download FortiGate MIB File. Key files: FORTINET-CORE-MIB.mib and FORTINET-FORTIGATE-MIB.mib. Use these in a user SNMP tool (e.g., iReasoning MIB Browser, Zabbix, PRTG) to browse and identify exact OIDs to exclude. |