FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
CarlosColombini
Article Id 266378
Description

 

This article describes two issues that may arise in FortiGate units running FortiOS version 7.2.5 or 7.4.0.

 

Scope

 

FortiOS v7.2.5, FortiOS v7.4.0, SSO Administrator, Trusted Hosts.

 

Solution

 

Traffic for SNMP monitoring in FortiGate is also controlled by Administrators' trusted host's configuration as per the documents below:
Technical Tip: SNMP access to FortiGate.
Troubleshooting Tip: SNMP fails due to trusted hosts configuration.

Starting with FortiOS 7.2.5 and 7.4.0, a new banner was added to warn Administrators that the SNMP manager IP must be listed in at least one administrator.

 

snmp-trut.png

 

However, this code change may cause two issues that are being currently investigated by Development.

Issue #1: FortiGate does not reply to SNMP queries. 

Prior to this change, if the SNMP Manager IP was included in a subnet defined in an administrator-trusted host, it was sufficient to allow SNMP queries.


In FortiOS v7.2.5 or v7.4.0, the IP address must be specified as /32, otherwise, FortiGate will drop the traffic.


Workaround: Add the SNMP Manager IP Address to at least one administrator.

 

Issue #2: Unable to load SNMP page from FortiGate Web management interface. This issue does not impact SNMP queries.

This issue may occur if an SSO Administrator is used.

 

Workaround: Log in with a non-SSO administrator or use CLI.

 

snmp-sso2.png


snmp-sso.png