FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
Article Id 204090
Description This article describe how to configure SNMP V3 on FortiManager and FortiAnalyzer as well as how to validate this configuration and take the debug if necessary.
Scope FortiManager, FortiAnalyzer.
  1. Enable SNMP service on the interface and configure a user SEC-TEST will be used:


config system interface

    edit port1

        set allowaccess snmp ...



config system snmp sysinfo
    set status enable


config system snmp user
(user)# edit SEC-TEST <- New entry 'SEC-TEST' added.


It is possible to choose the notification and traps:

(SEC-TEST)# set

events SNMP notifications (traps) to send.
notify-hosts Hosts to send notifications (traps) to.
notify-hosts6 IPv6 hosts to send notifications (traps) to.
queries Enable/disable queries for this user.
query-port SNMPv3 query port.
security-level Security level for message authentication and encryption.


It is possible to choose a security level.

(SEC-TEST) # set security-level



A message with authentication but no privacy (encryption):



A Message with authentication and privacy (encryption):



Message with no authentication and no privacy (encryption):


If the SNMP Trap received is and the authorization password is 'fortinet' as well as the privacy password, the below config will appear.

config system snmp use
    edit "SEC-TEST"
        set events disk_low ha_switch intf_ip_chg sys_reboot cpu_high mem_low cpu-high-exclude-nice
        set notify-hosts
        set security-level auth-priv
        set auth-pwd "fortinet"
        set priv-pwd "fortinet"


  1. Then to test it it is possible to use snmpwalk on Linux:


    If the FortiManager has IP, it will be the below command:


    snmpwalk -v3 -l authPriv -u SEC-TEST -a SHA -A "fortinet" -x AES -X "fortinet"

    iso. = ""
    iso. = OID: iso.
    iso. = Timeticks: (311316) 0:51:53.16
    iso. = ""
    iso. = STRING: "FMG-VM64"
    iso. = ""
    iso. = INTEGER: 0
    iso. = INTEGER: 12
    iso. = INTEGER: 1


  2. Use the debug below if there is any issue.


    exe tac report

    config of the FMG or FAZ <- dat backup config file.

    diag debug app snmpd 255

    diag debug enable


    In another window:


    diag sniffer packet any "port 161 and host <linux station>" 3 0 a



    Then run the snmpwalk command in step 2 and send the output of all the above commands.



    diag debug disable

    diag debug reset


Related documents:

Technical Tip: How to get and troubleshoot MIBs and OIDs from SNMP

CLI reference - snmp