Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
azaan
New Contributor

Created on ‎10-10-2017 06:13 AM

Block access to SNMP service from internet

Hi, 

 

Can anyone guide me how to block SNMP service from internet on fortinet. 

 

Thanks 

 

6414
0 Kudos
4 REPLIES 4
emnoc
Esteemed Contributor III

Created on ‎10-10-2017 08:11 AM

We are assuming snmp access to the FGT? Use the snmp host entries and enable SNMP allowaccess  only on the  interface(s) that you need.

 

e.g cli

 

 config hosts                 edit 1                     set ip 12.130.11.0 255.255.255.0                 next                 edit 2                     set ip 207.18.1.8 255.255.255.255                 next

                edit 3                     set ip 207.19.1.89 255.255.255.255                 next             end

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
3334
0 Kudos
azaan
New Contributor
In response to emnoc

Created on ‎10-10-2017 08:41 AM

Hi, 

 

Thanks for your reply, 

 

Can we block ports like TC/UDP - 161, 162 for any incoming traffic from internet. or is there any other way to do this. 

 

 

3334
0 Kudos
oheigl
Contributor II
In response to azaan

Created on ‎10-11-2017 12:49 AM

Like emnoc said: Just disable the SNMP in the allow access settings of your WAN interface. This way the FortiGate doesn't listen on the SNMP ports anymore for this interface

3334
0 Kudos
rwpatterson
Valued Contributor III
In response to oheigl

Created on ‎10-11-2017 05:53 AM

Unless explicitly allowed, the Fortigate will silently dump any traffic pointed at it. If you don't open that interface to SNMP, it won't do anything with it but simply ignore it. From the GUI, simply allow the common protocols you wish to expose to the Internet. For security, I only allow HTTPS and PING. If I want secure shell, I open an SSL VPN tunnel and come in from the inside. HTTP on the outside interface is just plain silly.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
3334
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.