This article describes two issues that may arise in FortiGate units running FortiOS version 7.2.5 or 7.4.0.
FortiOS v7.2.5, FortiOS v7.4.0, SSO Administrator, Trusted Hosts.
Traffic for SNMP monitoring in FortiGate is also controlled by Administrators' trusted host's configuration as per the documents below:
Technical Tip: SNMP access to FortiGate.
Troubleshooting Tip: SNMP fails due to trusted hosts configuration.
Starting with FortiOS 7.2.5 and 7.4.0, a new banner was added to warn Administrators that the SNMP manager IP must be listed in at least one administrator.
However, this code change may cause two issues that are being currently investigated by Development.
Issue #1: FortiGate does not reply to SNMP queries.
Prior to this change, if the SNMP Manager IP was included in a subnet defined in an administrator-trusted host, it was sufficient to allow SNMP queries.
In FortiOS v7.2.5 or v7.4.0, the IP address must be specified as /32, otherwise, FortiGate will drop the traffic.
Workaround: Add the SNMP Manager IP Address to at least one administrator.
Issue #2: Unable to load SNMP page from FortiGate Web management interface. This issue does not impact SNMP queries.
This issue may occur if an SSO Administrator is used.
Workaround: Log in with a non-SSO administrator or use CLI.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.