Created on 02-02-2022 08:56 AM Edited on 09-26-2022 06:23 AM By Anthony_E
|Description||This article describe how to configure SNMP V3 on FortiManager and FortiAnalyzer as well as how to validate this configuration and take the debug if necessary.|
1) Enable SNMP service on interface and configure a user SEC-TEST will be used:
# config system interface
set allowaccess snmp ...
# config system snmp user
It is possible choose the notification and traps:
It is possible to choose security level.
Message with authentication but no privacy (encryption).
Message with authentication and privacy (encryption).
Message with no authentication and no privacy (encryption).
If the SNMP Trap receive is 10.5.53.226 and the authorization password is 'fortinet' as well as the privacy password ,the below config will appear.
2) Then to test it it is possible to use snmpwalk on linux:
If the FortiManager has IP 10.5.53.205, it will be the below command:
# snmpwalk -v3 -l authPriv -u SEC-TEST -a SHA -A "fortinet" -x AES -X "fortinet" 10.5.53.205
3) Use the debug below if there is any issue.
# exe tac report
# config of the FMG or FAZ<----- dat backup config file.
# diag debug app snmpd 255
# diag debug enable
In another window.
# diag sniffer packet any "port 161 and host <linux station>" 3 0 a
Then run the snmpwalk command in step2 and send the output of all above commands.
# diag debug disable
# diag debug reset
How to get and troubleshoot MIBs and OIDs from SNMP
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.