On FortiGate:

• Go to Global (this step is only needed if the firewall is divided into VDOMs).
• Go to Network -> Interfaces, 'double-click' on the interface that will be used to communicate with the SNMP Manager (WhatsUp Gold) and enable the SNMP service:

• Select 'OK'.
• Go to System -> SNMP, enable 'SNMP Agent' and in the SNMPv3 section, select 'Create New'.
• Configure the settings as in the following picture (password used to simulate the scenario: fortinet).

Be careful to select AES256 Cisco as Encryption Algorithm (instead of AES256). WhatsUp Gold uses a different way from what FortiGate supported to extend the size of the localized key of SNMPv3 encryption protocol AES256. WhatsUp Gold can work with CISCO's SNMPv3 AES256. 

On WhatsUp Gold (WEB GUI)

• Go to Settings -> System Setting -> SNMP MIB Manager -> '+'.

• Select Choose File, select the FORTINET-CORE-MIB.mib previously downloaded -> Open, and select 'OK' Continue on the SNMP MIB Manager screen then select '+' once again.
• Choose File, select the FORTINET-FORTIGATE-MIB.mib previously downloaded -> Open, and select 'OK'.
• The new MIBs will result now available (successfully validate) under the SNMP MIB Manager.

• Go to Settings -> Library -> Credentials -> '+' -> SNMPv3 and configure the settings as in the following picture (password used to simulate the scenario: fortinet):

• Go to Discover -> New Scan.

(Start section):

• Keep selected 'Single device, multiple dev…'.
• Enter the IP address of the target FortiGate in the text box.
• Uncheck the other fields:

(Expand section):

• Uncheck all fields and select 'Next':

(Limit section):

• Leave all fields unchecked and select 'Next':

(Credential Section):

• Be sure that 'Use all current and feature credentials is unchecked'.
• Select “SNMPv3 Credentials” (previous created).
• Select 'Next'.

(Options Section):

• Do not apply any changes and select 'Next':

(Schedule Section):

• Do not apply any changes and select 'Next':

(Review & Run Section):

• Add a Name and select 'Save & run now':

The scan process may take few minutes.

After the scan has been completed something like the below picture will be visible. Switch to the 'Device List' view.

Once the scan is completed the device appears on the list, select the related row and see the right box that appears. Expand the 'Credentials' and 'More Device Information' sections. Be sure that the device has been discovered using SNMPv3.

Select 'Start Monitoring':

After few seconds the device icon should change (a green circle appears). Now the FortiGate is monitored. To confirm this, go to My Network, select the device, and select the Status icon (on the right box).

The status of the device is showed on the ANALYZE screen.

To allow WhatsUp Gold to intercepts traps received from FortiGate, go to Settings -> System Settings -> Passive Monitor Listeners

Flag 'Listen for messages' (Port 162) and 'Accept unsolicited SNM traps'.

Select 'Save'.

Assign the monitor to the device under My Network, select the FortiGate, select the 'Properties' button on the right box.

Select the 'Passive monitors' tab and select' +'.

Select 'SNMP Trap' as type and 'Any Trap' as monitor:

Select 'Next'and  select '+” on the screen 'Actions for this passive monitor'.

Select 'Default Web Alarm':

Select 'OK' and 'Finish'. The screen should be similar to the following:

WhatsUp Gold is now configured to monitor the FortiGate state.  

To test the integration, for example, temporarily disable a FortiGate interface, then re-enable it after a few seconds. After some time, WhatsUp Gold will display an alert similar to the one shown in the image below.

Go to Analyze -> Logs -> SNMP Traps to see the details of the trap:

FortiGate Troubleshooting:

On FortiGate, it is possible to analyze the SNMP daemon activity with the following commands:

diag debug reset

diag debug application snmpd -1

diag debug enable

Or listen the SNMP requests, with the command:

diagnose sniffer packet any 'port 161' 4 0 l

Related documents:

FortiOS 7.2.7 Administration Guide (SNMP): https://docs.fortinet.com/document/fortigate/7.2.7/administration-guide/62595/snmp

RFC2574: https://www.ietf.org/rfc/rfc2574.txt

WhatsUp Gold: https://docs.progress.com/bundle/whatsupgold-user-help-24-0/page/SNMPv3.html