Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
chaithrar
Staff
Staff

Created on ‎12-02-2015 11:44 AM Edited on ‎04-07-2025 10:45 PM By Community Manager

Article Id 194853

Technical Tip: Configuring SNMP when VDOM is enabled

 

Description


This article describes how to check the prerequisite for using SNMP when VDOM is enabled.


Scope


FortiGate v7.2 and later with VDOM enabled.


Solution

 

While configuring the SNMP, the interface should be in the management VDOM to get the response from the Firewall to the SNMP Monitoring tool.

 

Configuration.

 

GUI configuration:

SNMP agent can be configured in the GUI under System-->SNMP, under the Global VDOM. Reference article: Technical Tip: How to Configure FortiGate SNMP Agent for Monitoring

 

CLI configuration:

 

Set the intended VDOM to retrieve information for the SNMP v1/2 community or SNMPv3 user. Note this command is only available in v7.2 and later.:

 

SNMPv1/2:


config global

    config system snmp community
        edit <ID>
            set vdoms <your_VDOM>

        next

    end

end

 

SNMPv3:


config global
    config system snmp user
        edit <user>
            set vdoms <your_VDOM>

        next

    end

end

 

Other Required Configuration:

 

  1. Make sure that the interface where the polling is set belongs to the management VDOM and allows SNMP processing:

 

config global
    config system interface
        edit <SNMP_interface>
            append allowaccess snmp
            set vdom <management_VDOM>

        next

    end

end

 

  1. Make sure that the correct VDOM is selected as management VDOM:

     

    config global

        config system global
            set management-vdom <management_VDOM>
        end
    end 

     

  2. If trusted hosts are configured in FortiGate, ensure the user belongs to the management_VDOM.

     

config system admin
    edit "test_user"
        set trusthost1 80.80.80.0 255.255.255.0  <----- IP from SNMPmanager.
        set accprofile "super_admin_readonly"
        set vdom "root"   <---- Select the management VDOM.
    next
end

 

Troubleshooting.

Checking the current management VDOM:

 

config global
show full system global | grep management-vdom

 

Live diagnostics.

 

SSH1:


diagnose debug reset
diagnose debug console timestamp enable
diagnose debug application snmpd -1
diagnose debug enable

 

SSH2:


diagnose sniffer packet any 'host <SNMPmanagerIP> and port 161' 6 0 l

 

Note.

SSH1 and SSH2 are separate simultaneous SSH connections.

 

Note:

While running v7.4 or earlier releases, an SNMP User with the VDOM Parameter configured cannot query an interface that does not belong to the management VDOM. Starting from FortiOS v7.6, an SNMPv3 user can send queries to a non-management interface, see Technical Tip: How to perform queries using SNMPv3 to non-management VDOMs for details.

 

Related SNMP Articles:

Technical Tip: FortiGate SNMP Resource List
FortiGate SNMP MIB overview

FortiOS v7.6.2 Administration Guide: Important SNMP traps

Labels:
43776
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.