Created on
‎02-02-2022
08:56 AM
Edited on
‎12-04-2024
05:59 AM
By
Anthony_E
Description | This article describes how to configure and test SNMPv3 and SNMPv2 config on FortiManager/FortiAnalyzer. |
Scope | FortiManager, FortiAnalyzer. |
Solution |
How to configure SNMP V3:
config system interface edit port1 set allowaccess snmp ... next end
config system snmp user
It is possible to choose the notification and traps:
It is possible to choose a security level.
If the SNMP Trap received is 10.5.53.226 and the authorization password is 'Fortinet' as well as the privacy password, the below config will appear.
set query-port 161 (SNMPv3 query port (1 - 65535, default = 161)
Note: SNMPv1 and SNMPv2 support custom trap and query ports. However, SNMPv3 only supports custom query ports. Then to test it, it is possible to use 'snmpwalk' on Linux:
If the FortiManager has IP 10.5.53.205, it will be the below command:
snmpwalk -v3 -l authPriv -u SEC-TEST -a SHA -A "fortinet" -x AES -X "fortinet" 10.5.53.205
Use the debug below if there is any issue:
exe tac report config of the FMG or FAZ <----- Backup config file. diag debug app snmpd 255 diag debug enable
In another window:
diag sniffer packet any "port 161 and host <linux station>" 3 0 a
Then run the 'snmpwalk' command in step 2 and send the output of all the above commands.
diag debug disable diag debug reset
How to configure SNMP V2:
config system interface edit port1 set allowaccess snmp ... next end
config system snmp user
It is possible to choose the notification and traps:
It is possible to choose a security level.
If the SNMP Trap received is 10.5.209.160 and the authorization password is 'Fortinet' as well as the privacy password, the below config will appear.
set query-port 161 (SNMPv2 query port (1 - 65535, default = 161)
config system snmp community (community)# edit 1 (1)# set name SNMP-Linux (1)# set query_v2c_status enable (1)# set query_v2c_port 161 (1)# config hosts (hosts)# edit 1 (1)# set interface port1
2. Then to test it, it is possible to use snmpwalk on Linux. If the FortiManager has IP '10.5.49.115', it will be the below command:
snmpwalk -v2c -c "SNMP-Linux" -l authPriv -u FORTI-SNMP -a SHA -A "fortinet" -x AES -X "fortinet" 10.5.49.115
Fortinet supports only 'SNM' v2c 'community version'. Use the debug below if there is any issue.
exe tac report config of the FMG or FAZ <----- Backup config file. diag debug app snmpd 255 diag debug enable
In another window:
diag sniffer packet any "port 161 and host <linux station>" 3 0 a
Then run the 'snmpwalk' command in step 2 and send the output of all the above commands.
diag debug disable diag debug reset
Related documents: Technical Tip: How to get and troubleshoot MIBs and OIDs from SNMP Troubleshooting Tip: Testing FortiManager and FortiAnalyzer SNMPv3 from a Linux |