Fortinet black logo

CLI Reference

config system snmp community

config system snmp community

Use this command to configure SNMP community settings.

Before you begin:

  • You must have read-write permission for system settings.

Syntax

config system snmp community

edit <No.>

set name <string>

set queryportv1 <integer>

set queryportv2c <integer>

set queryv1-status {enable|disable}

set queryv2c-status {enable|disable}

set status {enable|disable}

config host

edit <No.>

set host-type <query>

set ip <subnet>

next

end

next

end

name

Name of the SNMP community to which the FortiADC system and at least one SNMP manager belongs, such as management.

You must configure the FortiADC system to belong to at least one SNMP community so that community’s SNMP managers can query system information and receive SNMP traps.

You can add up to three SNMP communities. Each community can have a different configuration for queries and traps, and the set of events that trigger a trap. You can also add the IP addresses of up to eight SNMP managers to each community to designate the destination of traps and which IP addresses are permitted to query the FortiADC system.

queryportv1

Port number on which the system listens for SNMP queries from the SNMP managers in this community. The default is 161.

queryportv2c

Port number on which the system listens for SNMP queries from the SNMP managers in this community. The default is 161.

queryv1-status

Enable/disable SNMP v1 queries.

queryv2c-status

Enable/disable SNMP v2c queries.

status

Enable/disable the configuration.

config host

host-type
  • query—Accept queries from this host.

ip

Specify a subnet address for the SNMP manager to receive traps and be permitted to query the FortiADC system.

SNMP managers have read-only access. You can add up to 8 SNMP managers for a user.

To allow any IP address using this SNMP username to query the FortiADC system, enter 0.0.0.0/0. For security best practice reasons, however, this is not recommended.

Caution: The system sends security-sensitive traps, which should be sent only over a trusted network, and only to administrative equipment.

Note: If there are no other host IP entries, entering only 0.0.0.0/0 effectively disables traps because there is no specific destination for trap packets. If you do not want to disable traps, you must add at least one other entry that specifies the IP address of an SNMP manager.

Example

FortiADC-VM # config system snmp community

FortiADC-VM (community) # edit 1

Add new entry '1' for node 318

FortiADC-VM (1) # get

name :

status : enable

queryv1-status : enable

queryportv1 : 161

queryv2c-status : enable

queryportv2c : 161

trapv1-status : enable

FortiADC-VM (1) # set name community1

FortiADC-VM (1) # config host

<Enter>

FortiADC-VM (1) # config host

FortiADC-VM (host) # edit 1

Add new entry '1' for node 333

FortiADC-VM (1) # get

ip : 0.0.0.0

host-type : any

FortiADC-VM (1) # set ip 192.0.2.1/32

FortiADC-VM (1) # end

FortiADC-VM (1) # end

config system snmp community

Use this command to configure SNMP community settings.

Before you begin:

  • You must have read-write permission for system settings.

Syntax

config system snmp community

edit <No.>

set name <string>

set queryportv1 <integer>

set queryportv2c <integer>

set queryv1-status {enable|disable}

set queryv2c-status {enable|disable}

set status {enable|disable}

config host

edit <No.>

set host-type <query>

set ip <subnet>

next

end

next

end

name

Name of the SNMP community to which the FortiADC system and at least one SNMP manager belongs, such as management.

You must configure the FortiADC system to belong to at least one SNMP community so that community’s SNMP managers can query system information and receive SNMP traps.

You can add up to three SNMP communities. Each community can have a different configuration for queries and traps, and the set of events that trigger a trap. You can also add the IP addresses of up to eight SNMP managers to each community to designate the destination of traps and which IP addresses are permitted to query the FortiADC system.

queryportv1

Port number on which the system listens for SNMP queries from the SNMP managers in this community. The default is 161.

queryportv2c

Port number on which the system listens for SNMP queries from the SNMP managers in this community. The default is 161.

queryv1-status

Enable/disable SNMP v1 queries.

queryv2c-status

Enable/disable SNMP v2c queries.

status

Enable/disable the configuration.

config host

host-type
  • query—Accept queries from this host.

ip

Specify a subnet address for the SNMP manager to receive traps and be permitted to query the FortiADC system.

SNMP managers have read-only access. You can add up to 8 SNMP managers for a user.

To allow any IP address using this SNMP username to query the FortiADC system, enter 0.0.0.0/0. For security best practice reasons, however, this is not recommended.

Caution: The system sends security-sensitive traps, which should be sent only over a trusted network, and only to administrative equipment.

Note: If there are no other host IP entries, entering only 0.0.0.0/0 effectively disables traps because there is no specific destination for trap packets. If you do not want to disable traps, you must add at least one other entry that specifies the IP address of an SNMP manager.

Example

FortiADC-VM # config system snmp community

FortiADC-VM (community) # edit 1

Add new entry '1' for node 318

FortiADC-VM (1) # get

name :

status : enable

queryv1-status : enable

queryportv1 : 161

queryv2c-status : enable

queryportv2c : 161

trapv1-status : enable

FortiADC-VM (1) # set name community1

FortiADC-VM (1) # config host

<Enter>

FortiADC-VM (1) # config host

FortiADC-VM (host) # edit 1

Add new entry '1' for node 333

FortiADC-VM (1) # get

ip : 0.0.0.0

host-type : any

FortiADC-VM (1) # set ip 192.0.2.1/32

FortiADC-VM (1) # end

FortiADC-VM (1) # end