This article describes what to check on FortiGate when polling from SNMP manager does not work.

Network topology

1. The SNMP must be configured (for versions 1 and 2c, the same community string must be used), and the SNMP manager must be within the range configured. (Particular IP or range containing the IP must be configured)

SNMP configuration

2. The SNMP must be enabled on the ingress interface.

Interface configuration

3. If for all the admin accounts, trust host configuration is used, the IP address of the SNMP manager must be part of any admin accounts trust host configuration: Troubleshooting Tip: FortiGate HTTPS, SSH access if the trusted hosts feature is enabled

4. In case SNMP v3 is enabled, it will not allow adding networks  ( only hosts). Unlike SNMPv2, the hosts option under SNMPv3 is to notify hosts for sending SNMP traps only. Restricting SNMP managers(hosts) from polling the FortiGate on SNMPv3 can only be achieved through either Trusted-hosts configuration or Local-in Policy.

As a workaround, if the trusted host is enabled on all administrative access, make sure the SNMP host IP is included in at least one of these trusted IP/subnets.

Related articles:  
Technical Tip: How to Configure FortiGate SNMP Agent for Monitoring

Troubleshooting Tip: How to use snmpd debug to troubleshoot SNMP