Technical Tip: Source-address for SNMPv3 traps on FortiSwitch

Description

This article describes the unavailability of the source-address option for SNMPv3 traps on FortiSwitch.

Scope

FortiSwitch, FortiOS.

Solution

Currently, there is no option to specify the source-address for system generated traps from a FortiSwitch device using SNMPV3. 

The option is available for SNMPv1/v2. 

SNMPv1/V2:

config system snmp community

<Output redacted.>

edit <host_number>
   set interface <interface_name>
   set ip <IPv4_address/mask>
   set source-ip <IPv4_address> <<<<
end

SNMPV3:

config system snmp user
   edit <index_number>
      set queries enable
      set query-port <port_number>
      set security-level [auth-priv | auth-no-priv | no-auth-no-priv}
      set auth-proto {md5 | sha1 | sha224 | sha256 | sha384 | sha512}
      set events {cpu-high | ent-conf-change | fan-detect | fsTrapStitch1 | fsTrapStitch2 | fsTrapStitch3 |                   fsTrapStitch4 | fsTrapStitch5 | intf-ip | ip-conflict | l2mac | llv | log-full | mem-low | psu-status |             sensor-alarm       | sensor-fault | storm-control | tkmem-hb-oo-sync}
      set notify-hosts <IP_address>
      set auth-pwd <password>
      set priv-proto {aes128 | aes192 | aes192c | aes256 | aes256c | des}
      set priv-pwd <password>
   end

This is an expected behavior and will require an NFR to be raised if the user requires this feature.