SNMPv3 auth and encyrption settings for Fortinet

CyberFortiConquer · ‎05-15-2024

Hi,

I was configuring SNMPv3 across Fortigate, FortiManager and FortiAnalyzer.

On FMG and FAZ, auth and encryption just mention SHA and AES respectively.

Similarly for Fortigate, encryption gives options for AES.

What versions would these be: SHA1, SHA256, AES256?

AEK · ‎05-15-2024

Hi

Which versions of FOS, FMG & FAZ?

AEK

CyberFortiConquer · ‎05-15-2024

Thanks, all are on 7.2.x

ozkanaltas · ‎05-15-2024

Hello @CyberFortiConquer ,

When I reviewed the document of version 7.4, FortiAnalyzer and Fortimanager still use the same encryption setting. Frankly, I don't know why they do not use a strong algorithm. Because of that, you need to use snmp with the encryption algorithm.

https://docs.fortinet.com/document/fortianalyzer/7.4.2/cli-reference/260178/snmp#snmp_user

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

AEK · ‎05-15-2024

Here it is:

FG 7.2:

auth: HMAC-SHA-96, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512
enc: CFB128-AES-128, CFB128-AES-256, CFB128-AES-256

FAZ/FMG 7.2:

auth: HMAC-SHA-96
enc: CFB128-AES-128

AEK

CyberFortiConquer · ‎05-15-2024

Many thanks

SNMPv3 auth and encyrption settings for Fortinet

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website