FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff

Description:
This article describes how to allow SNMP polling through the dedicated HA management port, the following settings need to be configured.

 

Scope:

Fortigate v5.6 and above


Solution:

In the example below, the network interface name of the dedicated HA management port is "mgmt1":

 

# config system interface
    # edit "mgmt1"

# set ip 10.100.200.1 255.255.255.0
# set allowaccess ping https ssh snmp fgfm

# next

# end


# config system ha

# set ha-mgmt-status enable

# config ha-mgmt-interfaces

# edit 1

# set interface mgmt1

# set gateway 10.100.200.254

# next

# end

 

Configure SNMPv2:

# config system snmp community
    # edit 1

# config hosts
    # edit 1

set ha-direct enable
# set ip 10.100.100.0 255.255.255.0
# next

# next

# end

 

Configure SNMPv3:

# config system snmp user
    # edit 1

        # set ha-direct enable
        # set ip 10.100.100.0 255.255.255.0
        # next
    # next
# end



In case there are more than one HA management port configured, then a specific management port can be used for SNMP communication.

In the below configuration, mgmt1 port has been used for SNMP communication.

 

# config system ha

# set ha-mgmt-status enable

# config ha-mgmt-interfaces

# edit 1

# set interface mgmt1

# set dst 10.100.100.0 255.255.255.0

# set gateway 10.100.200.254

# next

# edit 2

# set interface mgmt2

# set gateway 10.100.300.254

# next

# end