Description | This article describes how to perform queries using SNMPv3 to non-management VDOMs |
Scope | 7.6.0, SNMPv3 |
Solution |
When FortiGate is configured in multi-VDOM mode, SNMP queries can only be performed for a management VDOM. FortiOS 7.6.0 introduced a new feature which allows non-management VDOMs to answer SNMPv3 queries .
The root VDOM is acting as a management VDOM. The vdom_1 is non-management VDOM. Port wan1 with IP address 10.191.20.48 belongs to vdom_1.
When the SNMP station performs an SNMPv3 query, FortiGate does not respond. FortiOS 7.6.0 GA introduced a new feature which allows to do an SNMPv3 queries to non-management VDOM, this can be adjusted using the following CLI commands:
config global config system snmp sysinfo set non-mgmt-vdom-query enable end
The default value for 'non-mgmt-vdom-query' is disabled. Once enabled, non-management VDOMs can respond to SNMPv3 queries. Keep in mind that the 'snmp' needs to be allowed under the interface which the SNMP station queries.
config system interface
Before the change:
diagnose sniffer packet any " host 10.191.19.9" 4
After implementing the change:
diagnose sniffer packet any " host 10.191.19.9" 4 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.