This article describes how to resolve an issue where SNMP is not established after completing the initial configuration in FortiGate.

FortiGate v6.x.x, and v7.x.x.

Upon attempting to connect the SNMP client (FortiGate) to the SNMP manager (Oputils), the connection fails.

As can be seen in the Sniffer and Wireshark captures, no response is seen from the FortiGate:

If using VDOMs, ensure that the interface being used for SNMP is in the management VDOM:

config global
show full system global | grep management-vdom

show system interface | grep -f <interface>

To make sure the SNMP process sees the incoming packet, take the following debug:

diagnose debug application snmpd -1

diagnose debug enable

Nothing is seen in the output or the following continuously. For example:

snmpd: updating cache: idx_cache

snmpd: updating cache: idx_cache

snmpd: updating cache: idx_cache

snmpd: updating cache: idx_cache

snmpd: updating cache: idx_cache

snmpd: updating cache: idx_cache

The conditions described in Technical Tip: How to configure FortiGate SNMP Agent for monitoring have been met. 

The guide has been verified as per SNMP v1/v2c communities - FortiGate documentation.

This issue can occur if the SNMP agent is disabled.

It is necessary to enable the SNMP agent to send the traps and receive queries, which is disabled by default:

config system snmp sysinfo

    set status enable

end

This setting in the GUI is under System -> SNMP:

After changing to enable, traffic will be seen on 161 from FortiGate and also the following debug output: