Description

This article describes how to configure SNMP on a Managed FortiSwitch.

Related link: FortiSwitch.

Refer switch admin and CLI guide to know more about SNMP configuration:
Page# 53 : FortiSwitchOS Administration Guide— Standalone Mode.
Page# 193: FortiSwitchOS CLI Reference.

Refer managed FSW guide to know more about custom commands:
Page# 131 FortiSwitch - Managed by FortiOS 6.2

Scope

FortiSwitch, FortiGate.

Solution

Starting from FortiOS v6.2.1, configuring SNMP on FortiGate is possible. Refer to page 71 FortiSwitch - Managed by FortiOS 6.2.

Before FortiOS v6.2.1, use custom-commands on FortiGate to push SNMP configuration to FortiSwitch.

Configuration example:

1. Allow SNMP on the switch internal interface. It is possible to configure this globally on the FortiGate switch-controller, which will be pushed to all switches.

Or by creating a custom command and pushing the config to the individual switches.

1. Using switch-controller global config. Refer to page 70 FortiSwitch - Managed by FortiOS 6.2.

config switch-controller security-policy local-access

    edit "default"

(default) # set mgmt-allowaccess https ping ssh snmp

(default) # set internal-allowaccess https ping ssh snmp

(default) # end

2. Using a custom command on FortiGate to allow SNMP.

config switch-controller custom-command

(custom-command)edit snmp1

(snmp1)set command “config system interface %0a edit internal %0a set allowaccess http https ping snmp ssh telnet %0a end %0a"

(snmp1)next

2. Configure SNMP details like community name, SNMP server IP address, etc.

(custom-command)edit snmp2
(snmp2) # set command "config system snmp community %0a edit 2 %0a config hosts %0a edit 1 %0a set interface internal %0a set ip 1.1.1.1 255.255.255.0 %0a next %0a end %0a set name community %0a next %0a end %0a"

Here as an example, 1.1.1.1 is IP of snmp server and 255.255.255.0 is subnet mask.
Community is the SNMP community name.

(snmp2)next
(custom-command)edit snmp3
(snmp3)set command "config system snmp sysinfo %0a set contact-info test2 %0a set description test %0a set location test1 %0a set status enable %0a end %0a"
(snmp3)end

3. Push the commands to the switches: (the serial number is the switch(s) serial number).

config switch-controller managed-switch
    edit "S124EN591801029"
        config custom-command
            edit "1"
                set command-name " snmp1"
            next
            edit "2"
                set command-name " snmp2"
            next
            edit "3"
                set command-name " snmp3"
            next

4. Create a policy from FortiGate CLI with the incoming interface as the FortiLink interface and the outgoing interface where snmp server is connected:

config firewall policy
    edit 1
        set srcintf <fortilink interface name>
        set dstintf <interface name where SNMP server is located>
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "SNMP" "ALL_ICMP" "PING"
        set nat enable
end

Note: 

• The FortiLink interface (interface used to manage FortiSwitch) is not visible in the GUI, Policy -> Source/Destination Interface, which is why creating the policy from CLI is necessary. Refer to thise article to configure policy: Technical Tip: FortiLink interface is not listed under FortiGate Firewall policy from GUI.
  
  
• Download MIB files from the support site.
  Firmware Images
  Image File Path / FortiSwitch / v6.00 / 6.2 / 6.2.0 / MIB /.

On the following link, it is possible to find MIBs and OIDs for any Fortinet Product using iReasoning MIB Browser:

Technical Tip: How to get and troubleshoot MIBs and OIDs from SNMP 

Related article:

Technical Tip: Downloading FortiSwitch and Core MIB files

Note:

v5.0 up to v6.4 are out of engineering support. So these commands might be different on higher versions. Consider upgrading the firmware level on the device to a supported version (v7.0 up to v7.6). Check the firmware path and compatibility depending on the hardware with the Upgrade Path Tool Table - FortiGate.