In order to debug the process of SNMP internally over the FortiGate, run the following commands:

diagnose debug application snmpd -1

diagnose debug console timestamp enable

diagnose debug enable

After that, and sending a test of connection from the SNMP, the debugs will be shown and will depend on the issue the next could be shown:

• If the user is correct, but the password is wrong:

SNMPv3 does not use community; that is for SNMPv1 and v2c. Because of that, SNMPv3 uses a user and a password as an authentication cipher. In case the cipher protocols (used for authentication and encryption) are wrong or the password is wrong, the following will be shown:

If the debug output shows the username correctly but the message 'Message authentication or checking failed' persists with the reason 'USM unsupported security level', see Troubleshooting Tip: SNMPv3 walk failure due to 'Message authentication or checking failed (USM auth....

• If the user is incorrect, but the password and cipher protocols are correct

In case the user is wrong, the same message will be shown as before, but the reason will be 'unknown username'. It will be necessary to check the user that the FortiGate is receiving in order to compare if it is correct.

• After sending the debug, no lines are shown in the CLI console.

This could mean that there are trusted hosts enabled for the Administrators users, or the SNMP service is not enabled over the interface that should be listening to the UDP request. Check that configuration and change it if needed.

• If another type of version of SNMP (v1 or v2c) is being used instead of SNMPv3:

If the v3 is not being used, use SNMPv3. As mentioned previously, the log with an attempt to authenticate will be shown. Remember that the use of community is only for SNMPv1 and v2c.