| Description | This article describes how to troubleshoot an issue where SNMP traps do not get generated from the firewall. |
| Scope | All FortiGate firewalls. |
| Solution |
The first thing to do is to verify if there is an SNMP manager server configured in the firewall as shown below:
After configuring this setting, the user should send the traps.
Make sure that under System -> SNMP, the agent option is enabled and the description fields are filled as shown below:
If it is still not generating, execute these commands:
After executing these commands, try to disable some interfaces in the downtime. Logs should be centered. Execute 'diag debug disable'. It is possible to share the logs when opening the TAC ticket.
FortiOS provides a mechanism to generate a test SNMP trap which is sent to a configured SNMP server :
diagnose snmp trap sent
To see if that test SNMP trap is sent to remote server, you can open 3 SSH sessions :
SSH No1:
diag debug application snmp -1 diag debug enable
SSH No2:
diagnose snmp trap sent
SSH No3:
diagnose sniffer packet any "host x.x.x.x " 6 0 l <- Where x.x.x.x is the IP address of the SNMP server. |
