Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ChrisTan
Staff
Staff

Created on ‎01-27-2025 10:09 PM

Article Id 372998

Technical Tip: Configuring SNMP communities for HA mgmt and Root vdom loopback

Description This article explains how to configure the connectivity from an HA mgmt and loopback interface to an SNMP Server.
Scope FortiGate.
Solution

In FortiGate SNMP configuration, the ha-redirect needs to be enabled so that can reach the HA mgmt interfaces:

 

config system snmp community
    edit 3
        set name "public"
            config hosts
                edit 1

                FortiWiFi-home (1) # set ha-direct
                enable Enable setting.    <----- Use the vsys_hamgmt routes.
                disable Disable setting.  <----- Use the root routes.

 

The below log will indicate the interface changes in 'dia deb app snmpd -1' when ha-direct enabled:

 

snmpd: Successfully removed interface operation status file: /tmp/snmpd.intf_op_info
snmpd: updating cache: idx_cache

 

It will cause issues if the same SNMP server queries other interfaces, such as loopback in the default Root VDOM. It is necessary to create multiple SNMP communities for the same SNMP server so that it can inquiry HA mgmt and loopback interface:

 

2025-01-16_09h45_33.png
210
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.