Description
This article describes how to allow SNMP polling through the dedicated HA management port.
Scope
FortiGate v5.6 and above.
Solution
Configure the following settings. In the example below, the network interface name of the dedicated HA management port is 'mgmt1':
NOTE: If trusted hosts are configured in the FortiGate's admin users, the SNMP server IP must match at least one of the trusted hosts.
# config system interface
edit "mgmt1"
set ip 10.100.200.1 255.255.255.0
set allowaccess ping https ssh snmp fgfm
next
end
# config system ha
set ha-mgmt-status enable
# config ha-mgmt-interfaces
edit 1
set interface mgmt1
set gateway 10.100.200.254
next
end
Configure SNMPv2:
# config system snmp community
edit 1
# config hosts
edit 1
set ha-direct enable <-
set ip 10.100.100.0 255.255.255.0
next
next
end
Configure SNMPv3:
# config system snmp user
edit 1
set ha-direct enable <-
set ip 10.100.100.0 255.255.255.0
next
end
If there is more than one HA management port configured, a specific management port can be used for SNMP communication.
In the below configuration, the 'mgmt1' port has been used for SNMP communication.
# config system ha
set ha-mgmt-status enable
# config ha-mgmt-interfaces
edit 1
set interface mgmt1
set dst 10.100.100.0 255.255.255.0 <-
set gateway 10.100.200.254
next
edit 2
set interface mgmt2
set gateway 10.100.200.254
next
end
