Restrict SNMP access:
Fortinet strongly recommends restricting SNMP access to authorized monitoring systems only.

Default SNMP behavior:
By default, the SNMP daemon listens on UDP port 161 on all interfaces and accepts requests from any source IP with valid credentials, unless access restrictions are explicitly configured.

SNMP v1/v2C configuration: 

The following procedure can be used if the IT monitoring platform supports SNMP v1/v2C:

1. Configure the community string on each FortiSIEM node.  Modify file /etc/snmp/snmpd.conf and add the following line:

rocommunity <community> default

Below is an example:

2. Start the SNMPD service by running the following commands:

systemctl start snmpd
systemctl status snmpd

Below is an example:

SNMP v3 configuration: The following procedure can be used if the IT monitoring platform supports SNMP v3:

1. Stop the SNMPD service if it is running:

systemctl stop snmpd

2. Execute the following command:

net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass][-x DES|AES] [username]

Below is an example:

Start the SNMPD service, and run the following commands:

systemctl start snmpd
systemctl status snmpd 

Below is an example:

Limitations:
SNMP monitoring does not provide visibility into FortiSIEM internal services, event processing status, or application-level health.

Best practice:
Fortinet recommends using FortiSIEM native monitoring and alerting mechanisms for operational health and event processing visibility.

SNMP monitoring should be used only as a complementary method for infrastructure-level monitoring when required by external tools.