Before a remote SNMP manager can connect to the FortiGate agent, you must configure one or more FortiGate interfaces to accept SNMP connections by going to System > Network > Interface. Select the interface, and in the Administrative Access, select SNMP.
To configure SNMP settings, go to System > Config > SNMP.
When the FortiGate unit is in virtual domain mode, SNMP traps can only be sent on interfaces in the management virtual domain. Traps cannot be sent over other interfaces. IPv6 is supported for SNMP configuration on FortiGate units running FortiOS 4.0 MR3.
SNMP Agent Select to enable SNMP communication.
Description Enter descriptive information about the FortiGate unit. The description
can be up to 35 characters.
Location Enter the physical location of the FortiGate unit. The system location
description can be up to 35 characters long.
Contact Enter the contact information for the person responsible for this FortiGate
unit. The contact information can be up to 35 characters.
SNMP v1/v2c section
To create a new SNMP community, see New SNMP Community page.
Community Name
SNMP Monitoring
Queries
Indicates whether queries protocols (v1 and v2c) are enabled or disabled. A green checkmark indicates queries are enabled; a gray x indicates queries are disabled. If one query is disabled and another one enabled, there will still be a green checkmark.
Traps
Indicates whether trap protocols (v1 and v2c) are enabled or disabled. A green checkmark indicates traps are enabled; a gray x indicates traps are disabled. If one query is disabled and another one enabled, there will still be a green checkmark.
Enable Select the check box to enable or disable the community.
SNMP v3 section
To create a new SNMP community, see Create New SNMP V3 User.
User Name The name of the SNMPv3 user.
Security Level
The security level of the user.
Notification Host
The IP address or addresses of the host.
Queries Indicates whether queries are enabled or disabled. A green checkmark
indicates queries are enabled; a gray x indicates queries are disabled.
New SNMP Community page
Community Name
Enter a name to identify the SNMP community.
Hosts (section)
IP Address
Enter the IP address and Identify the SNMP managers that can use the settings in this SNMP community to monitor the FortiGate unit.
You can also set the IP address to 0.0.0.0 to so that any SNMP manager can use this SNMP community.
Interface
Optionally select the name of the interface that this SNMP manager uses to connect to the FortiGate unit. You only have to select the interface if the SNMP manager is not on the same subnet as the FortiGate unit. This can occur if the SNMP manager is on the Internet or behind a router. In virtual domain mode, the interface must belong to the management VDOM to be able to pass SNMP traps.
Delete Removes an SNMP manager from the list within the Hosts section.
Add Select to add a blank line to the Hosts list. You can add up to eight SNMP
managers to a single community.
Queries (section)
Protocol The SNMP protocol. In the v1 row, this means that the settings are for
Monitoring SNMP
Port
Enter the port number (161 by default) that the SNMP managers in this community use for SNMP v1 and SNMP v2c queries to receive
configuration information from the FortiGate unit. Select the Enable check box to activate queries for each SNMP version.
Note: The SNMP client software and the FortiGate unit must use the same port for queries.
Enable Select to enable that SNMP protocol
Traps (section)
Protocol The SNMP protocol. In the v1 row, this means that the settings are for
SNMP v1. In the v2c row, this means that the settings are for SNMP v2c.
Local
Enter the remote port numbers (port 162 for each by default) that the FortiGate unit uses to send SNMP v1 or SNMP v2c traps to the SNMP managers in this community. Select the Enable check box to activate traps for each SNMP version.
Note: The SNMP client software and the FortiGate unit must use the same port for traps.
Remote
Enter the remote port number (port 162 is default) that the FortiGate unit uses to send SNMP v1 or v2c traps to the SNMP managers in this community.
Note: The SNMP client software and the FortiGate unit must use the same port for queries.
Enable Select to activate traps for each SNMP version.
SNMP Event
Enable each SNMP event for which the FortiGate unit should send traps to the SNMP managers in this community.
CPU Overusage traps sensitivity is slightly reduced, by spreading values out over 8 polling cycles. This prevents sharp spikes due to CPU
intensive short-term events such as changing a policy.
Power Supply Failure event trap is available only on some models. AMC interfaces enter bypass mode event trap is available only on models that support AMC modules.
Enable Select to enable the SNMP event.
Create New SNMP V3 User
User Name Enter the name of the user.
Security Level
Select the type of security level the user will have.
Notification Host
Enter the IP address of the notification host. If you want to add more than one host, after entering the IP address of the first host, select the plus sign to add another host.
Enable Query
Select to enable or disable the query. By default, the query is enabled.
Port Enter the port number in the field.
SNMP Monitoring