Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
mdeparisse_FTNT
Staff
Staff

Created on ‎02-02-2022 08:56 AM Edited on ‎09-20-2023 07:22 AM By Moderator

Article Id 204090

Technical Tip: How to configure and test SNMPv3 config on FortiManager/FortiAnalyzer

Description This article describe how to configure SNMP V3 on FortiManager and FortiAnalyzer as well as how to validate this configuration and take the debug if necessary.
Scope FortiManager, FortiAnalyzer.
Solution
  1. Enable SNMP service on the interface and configure a user SEC-TEST will be used:

 

config system interface

    edit port1

        set allowaccess snmp ...

    next

end


config system snmp sysinfo
    set status enable
end

 

config system snmp user
(user)# edit SEC-TEST <- New entry 'SEC-TEST' added.

 

It is possible to choose the notification and traps:


(SEC-TEST)# set


events SNMP notifications (traps) to send.
notify-hosts Hosts to send notifications (traps) to.
notify-hosts6 IPv6 hosts to send notifications (traps) to.
queries Enable/disable queries for this user.
query-port SNMPv3 query port.
security-level Security level for message authentication and encryption.

 

It is possible to choose a security level.


(SEC-TEST) # set security-level


auth-no-priv

 

A message with authentication but no privacy (encryption):


auth-priv

 

A Message with authentication and privacy (encryption):


no-auth-no-priv

 

Message with no authentication and no privacy (encryption):

 

If the SNMP Trap received is 10.5.53.226 and the authorization password is 'fortinet' as well as the privacy password, the below config will appear.


config system snmp use
    edit "SEC-TEST"
        set events disk_low ha_switch intf_ip_chg sys_reboot cpu_high mem_low cpu-high-exclude-nice
        set notify-hosts 10.5.53.226
        set security-level auth-priv
        set auth-pwd "fortinet"
        set priv-pwd "fortinet"
    next
end

 

  1. Then to test it it is possible to use snmpwalk on Linux:

     

    If the FortiManager has IP 10.5.53.205, it will be the below command:

     

    snmpwalk -v3 -l authPriv -u SEC-TEST -a SHA -A "fortinet" -x AES -X "fortinet" 10.5.53.205


    iso.3.6.1.2.1.1.1.0 = ""
    iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.12356.103.1.64
    iso.3.6.1.2.1.1.3.0 = Timeticks: (311316) 0:51:53.16
    iso.3.6.1.2.1.1.4.0 = ""
    iso.3.6.1.2.1.1.5.0 = STRING: "FMG-VM64"
    iso.3.6.1.2.1.1.6.0 = ""
    iso.3.6.1.2.1.1.7.0 = INTEGER: 0
    iso.3.6.1.2.1.2.1.0 = INTEGER: 12
    iso.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1

     

  2. Use the debug below if there is any issue.

     

    exe tac report

    config of the FMG or FAZ <- dat backup config file.

    diag debug app snmpd 255

    diag debug enable

     

    In another window:

     

    diag sniffer packet any "port 161 and host <linux station>" 3 0 a

    ----

     

    Then run the snmpwalk command in step 2 and send the output of all the above commands.

     

    ----

    diag debug disable

    diag debug reset

     

Related documents:

Technical Tip: How to get and troubleshoot MIBs and OIDs from SNMP

CLI reference - snmp 
7345
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.