Created on 02-02-2022 08:56 AM Edited on 12-04-2024 05:59 AM By Anthony_E
Description | This article describes how to configure and test SNMPv3 and SNMPv2 config on FortiManager/FortiAnalyzer. |
Scope | FortiManager, FortiAnalyzer. |
Solution |
How to configure SNMP V3:
config system interface edit port1 set allowaccess snmp ... next end
config system snmp user
It is possible to choose the notification and traps:
It is possible to choose a security level.
If the SNMP Trap received is 10.5.53.226 and the authorization password is 'Fortinet' as well as the privacy password, the below config will appear.
set query-port 161 (SNMPv3 query port (1 - 65535, default = 161)
Note: SNMPv1 and SNMPv2 support custom trap and query ports. However, SNMPv3 only supports custom query ports. Then to test it, it is possible to use 'snmpwalk' on Linux:
If the FortiManager has IP 10.5.53.205, it will be the below command:
snmpwalk -v3 -l authPriv -u SEC-TEST -a SHA -A "fortinet" -x AES -X "fortinet" 10.5.53.205
Use the debug below if there is any issue:
exe tac report config of the FMG or FAZ <----- Backup config file. diag debug app snmpd 255 diag debug enable
In another window:
diag sniffer packet any "port 161 and host <linux station>" 3 0 a
Then run the 'snmpwalk' command in step 2 and send the output of all the above commands.
diag debug disable diag debug reset
How to configure SNMP V2:
config system interface edit port1 set allowaccess snmp ... next end
config system snmp user
It is possible to choose the notification and traps:
It is possible to choose a security level.
If the SNMP Trap received is 10.5.209.160 and the authorization password is 'Fortinet' as well as the privacy password, the below config will appear.
set query-port 161 (SNMPv2 query port (1 - 65535, default = 161)
config system snmp community (community)# edit 1 (1)# set name SNMP-Linux (1)# set query_v2c_status enable (1)# set query_v2c_port 161 (1)# config hosts (hosts)# edit 1 (1)# set interface port1
2. Then to test it, it is possible to use snmpwalk on Linux. If the FortiManager has IP '10.5.49.115', it will be the below command:
snmpwalk -v2c -c "SNMP-Linux" -l authPriv -u FORTI-SNMP -a SHA -A "fortinet" -x AES -X "fortinet" 10.5.49.115
Fortinet supports only 'SNM' v2c 'community version'. Use the debug below if there is any issue.
exe tac report config of the FMG or FAZ <----- Backup config file. diag debug app snmpd 255 diag debug enable
In another window:
diag sniffer packet any "port 161 and host <linux station>" 3 0 a
Then run the 'snmpwalk' command in step 2 and send the output of all the above commands.
diag debug disable diag debug reset
Related documents: Technical Tip: How to get and troubleshoot MIBs and OIDs from SNMP Troubleshooting Tip: Testing FortiManager and FortiAnalyzer SNMPv3 from a Linux |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.