|
FortiGate exposes a wide range of operational statistics through SNMP. The need may arise to restrict polling of certain OIDs.
SNMP MIB views allow administrators to control which OID subtrees are accessible, enabling targeted exclusion without disabling SNMP entirely.
The procedure to exclude the OIDs consists of three steps:
- Create an SNMP MIB view that excludes the desired OID subtree.
- Apply the MIB view to SNMP v1/v2 communities.
- Apply the MIB view to SNMP v3 users.
Create an SNMP MIB View to allow SNMP access to everything except the specified OID subtree.
config system snmp mib-view
edit "restrictedOIDView"
set include "1.3.6"
set exclude "<OID_to_be_excluded>"
next
end
- set include "1.3.6": Allows access to most standard and enterprise SNMP OIDs.
- set exclude "<OID_to_be_excluded>": Explicitly blocks the specified OID subtree.
Apply the MIB View to SNMP v1/v2 Communities:
config system snmp community
edit <community_id>
set mib-view restrictedOIDView
next
end
Apply the MIB View to SNMP v3 users:
config system snmp user
edit <user_name>
set mib-view restrictedOIDView
next
end
Example to exclude SSL-VPN stats for SBMPv3 :
config system snmp mib-view
edit "bypassVpnSslStats"
set include "1.3.6"
set exclude "1.3.6.1.4.1.12356.101.12.2.3" <----- OID for SSL VPN stats
next
end
config system snmp user
edit snmp-user-1
set mib-view bypassVpnSslStats
next
end
With the above configuration, SNMP access is allowed for all OIDs except SSL-VPN statistics.
|
