Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mattchow_FTNT
Staff
Staff

Created on ‎09-04-2024 09:45 PM Edited on ‎10-16-2025 06:48 AM By Community Manager

Article Id 339159

Technical Tip: SNMP message authentication or checking failed

Description This article describes what is the meaning of 'the message authentication or checking failed (asn.1 parse error) in SNMP version 3 polling found in FortiGate's system event log.
Scope FortiGate.
Solution

ASN.1 in the message means that Abstract Syntax Notation One data structure and the parsing process log fail from FortiGate's system event log are shown as an example below:

date=2024-09-03 time=10:04:02 id=7410231810229010996 itime="2024-09-03 10:04:02" euid=3 epid=3 dsteuid=3 dstepid=3 logver=700159346 logid=0100029021 type="event" subtype="system" level="warning" srcip=XXXX dstip=XXXX msg="Message authentication or checking failed (ASN.1 parse error)." logdesc="SNMP query failed" user="5GFGTuS3rN1CKV" version="SNMP_v3" srcport=6372 dstport=161 eventtime=1725329042733320693 tz="+0800" devid="XXXXX" vd="root" dtime="2024-09-03 10:04:02" itime_t=1725329042 devname="XXXXX"

 

One of the example of SNMP daemon debug is shown below:

 

snmpd: <msg> 225 bytes X.X.X.X:27628 -> X.X.X.X:161 (itf 4.4)
snmpd: v3 recv parse: packet (225 left) 
snmpd: v3 recv parse: version: 3 (219 left)
snmpd: v3 recv parse: msgGlobalData (202 left)
.
snmpd: v3 recv parse: msgFlags: 0x07
snmpd: usm recv parse: packet (202 left)
snmpd: usm recv parse: msgSecurityParameters: sz=76 left=124
snmpd: usm secparams parse: msgSecurityParameters: sz=74 left=0
.

.
snmpd: usm secparams parse: msgUserName: 5GFGTuS3rN1CKV (24 left)
snmpd: cannot locate vdom with name vsys_hamgmt
snmpd: usm scopedpdu decrypt: priv params (salt) :-
snmpd: data [(8) (1b 4e 09 f7 92 3e bb 0b )(.N...>..)]
snmpd: usm scopedpdu decrypt: encrypted scopedPDU :-
.

.
snmpd: usm scopedpdu parse: msgData (0 left)
snmpd: usm scopedpdu parse: msgType: 0xa0 (93 left)
snmpd: usm scopedpdu parse: b_vars: <>(81) (0 left)
snmpd: v3 recv: parse failed. errno=-23 (ASN.1 parse error)
snmpd: </msg> 0

 

The 'recv' is a message from the SNMP manager. The error number will be variable due to how what SNMP manager responds to FortiGate.

It is required to check the configuration settings related to SNMP authentication, to ensure SNMP message format due to ASN.1 standard is correct and verify the shared secret keys if using SNMP version 3 authentication and encryption. It is also required to work with SNMP manager to figure out errors.

 

Related articles:
3265
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.