Skip to main content
CyberFortiConquer
CyberFortiConquer
Explorer II
May 15, 2024
Question

SNMPv3 auth and encyrption settings for Fortinet

  • May 15, 2024
  • 4 replies
  • 2185 views

Hi,

I was configuring SNMPv3 across Fortigate, FortiManager and FortiAnalyzer.

On FMG and FAZ, auth and encryption just mention SHA and AES respectively.

Similarly for Fortigate, encryption gives options for AES.

What versions would these be: SHA1, SHA256, AES256?

4 replies

AEK
SuperUser
AEK
SuperUser
May 15, 2024

Hi

Which versions of FOS, FMG & FAZ?

AEK
    CyberFortiConquer
    CyberFortiConquerAuthor
    Explorer II
    May 15, 2024

    Thanks, all are on 7.2.x

    ozkanaltas
    ozkanaltas
    Valued Contributor III
    May 15, 2024

    Hello @CyberFortiConquer ,

     

    When I reviewed the document of version 7.4, FortiAnalyzer and Fortimanager still use the same encryption setting. Frankly, I don't know why they do not use a strong algorithm. Because of that, you need to use snmp with the encryption algorithm. 

     

    https://docs.fortinet.com/document/fortianalyzer/7.4.2/cli-reference/260178/snmp#snmp_user

      AEK
      SuperUser
      AEK
      SuperUser
      May 15, 2024

      Here it is:

      FG 7.2:

      • auth: HMAC-SHA-96, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512
      • enc: CFB128-AES-128, CFB128-AES-256, CFB128-AES-256

      FAZ/FMG 7.2:

      • auth: HMAC-SHA-96
      • enc: CFB128-AES-128
      AEK
        CyberFortiConquer
        CyberFortiConquerAuthor
        Explorer II
        May 15, 2024

        Many thanks

        Terms & ConditionsAccessibility statement