FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff

Description


This article describes how to allow SNMP polling through the dedicated HA management port, the following settings need to be configured.

 

Scope

 

FortiGate v5.6 and above.


Solution

 

In the example below, the network interface name of the dedicated HA management port is 'mgmt1':

 

NOTE: If trusted hosts are configured in the FortiGate's admin users, the SNMP server IP must match at least one of the trusted hosts.

 

# config system interface
     edit "mgmt1"

 set ip 10.100.200.1 255.255.255.0
 set allowaccess ping https ssh snmp fgfm

 next

  end


# config system ha

 set ha-mgmt-status enable

 config ha-mgmt-interfaces

 edit 1

 set interface mgmt1

 set gateway 10.100.200.254

 next

 end

 

Configure SNMPv2:

 

# config system snmp community
     edit 1

 config hosts
     edit 1

 set ha-direct enable
 set ip 10.100.100.0 255.255.255.0
 next

 next

  end

 

Configure SNMPv3:

 

# config system snmp user
     edit 1

         set ha-direct enable
         set ip 10.100.100.0 255.255.255.0
         next
     next
 end



In case there are more than one HA management port configured, then a specific management port can be used for SNMP communication.

In the below configuration, mgmt1 port has been used for SNMP communication.

 

# config system ha

 set ha-mgmt-status enable

 config ha-mgmt-interfaces

 edit 1

 set interface mgmt1

 set dst 10.100.100.0 255.255.255.0

 set gateway 10.100.200.254

 next

 edit 2

 set interface mgmt2

 set gateway 10.100.300.254

 next

  end

Contributors