FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 267910
Description This article describes how to troubleshoot an issue where SNMP traps do not get generated from the firewall.
Scope All FortiGate firewalls.

The first thing to do is to verify if there is an SNMP manager server configured in the firewall as shown below:




After configuring this setting, the user should send the traps.


Make sure that under System -> SNMP, the agent option is enabled and the description fields are filled as shown below:




If it is still not generating, execute these commands:

diag debug application snmp -1
diag debug enable


After executing these commands, try to disable some interfaces in the downtime. Logs should be centered. Execute 'diag debug disable'. It is possible to share the logs when opening the TAC ticket.


FortiOS provides a mechanism to generate a test SNMP trap which is sent to a configured SNMP server :


diagnose snmp trap sent


To see if that test SNMP trap is sent to remote server, you can open 3 SSH sessions :


SSH No1:


diag debug application snmp -1

diag debug enable


SSH No2:


diagnose snmp trap sent


SSH No3:


diagnose sniffer packet any "host x.x.x.x " 6 0 l <- Where x.x.x.x is the IP address of the SNMP server.