FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the command needed to source SNMP traffic from FortiGate using an internal address routable in the IPsec VPN tunnel to reach a SNMP server on a remote network.
Scope
FortiGate.
Solution
By default, the FortiGate will use the routing table to send SNMP traffic. To route the traffic via the tunnel interface, the 'set source-ip' command needs to be added as follows:
config system snmp community edit <ID>
set name <community name>
config hosts
edit <ID>
set source-ip x.x.x.x <- Set an address which belongs to a local network in VPN phase2 selectors.
next
end
next
end
For SNMPv3:
config system snmp user edit <ID>
set source-ip x.x.x.x <- Set an address which belongs to a local network in VPN phase2 selectors.
