Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    6.2.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    system snmp user

    SNMP user configuration.

      config system snmp user
      Description: SNMP user configuration.
      edit <name>
          set status [enable|disable]
          set trap-status [enable|disable]
          set trap-lport {integer}
          set trap-rport {integer}
          set queries [enable|disable]
          set query-port {integer}
          set notify-hosts {ipv4-address}
          set notify-hosts6 {ipv6-address}
          set source-ip {ipv4-address}
          set source-ipv6 {ipv6-address}
          set ha-direct [enable|disable]
          set events {option1}, {option2}, ...
          set security-level [no-auth-no-priv|auth-no-priv|...]
          set auth-proto [md5|sha]
          set auth-pwd {password}
          set priv-proto [aes|des|...]
          set priv-pwd {password}
      next
  end

    config system snmp user

    Parameter Name Description Type Size
    status Enable/disable this SNMP user.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    trap-status Enable/disable traps for this SNMP user.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    trap-lport SNMPv3 local trap port (default = 162). integer Minimum value: 0 Maximum value: 65535
    trap-rport SNMPv3 trap remote port (default = 162). integer Minimum value: 0 Maximum value: 65535
    queries Enable/disable SNMP queries for this user.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    query-port SNMPv3 query port (default = 161). integer Minimum value: 0 Maximum value: 65535
    notify-hosts SNMP managers to send notifications (traps) to. ipv4-address Not Specified
    notify-hosts6 IPv6 SNMP managers to send notifications (traps) to. ipv6-address Not Specified
    source-ip Source IP for SNMP trap. ipv4-address Not Specified
    source-ipv6 Source IPv6 for SNMP trap. ipv6-address Not Specified
    ha-direct Enable/disable direct management of HA cluster members.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    events SNMP notifications (traps) to send.
    cpu-high: Send a trap when CPU usage is high.
    mem-low: Send a trap when available memory is low.
    log-full: Send a trap when log disk space becomes low.
    intf-ip: Send a trap when an interface IP address is changed.
    vpn-tun-up: Send a trap when a VPN tunnel comes up.
    vpn-tun-down: Send a trap when a VPN tunnel goes down.
    ha-switch: Send a trap after an HA failover when the backup unit has taken over.
    ha-hb-failure: Send a trap when HA heartbeats are not received.
    ips-signature: Send a trap when IPS detects an attack.
    ips-anomaly: Send a trap when IPS finds an anomaly.
    av-virus: Send a trap when AntiVirus finds a virus.
    av-oversize: Send a trap when AntiVirus finds an oversized file.
    av-pattern: Send a trap when AntiVirus finds file matching pattern.
    av-fragmented: Send a trap when AntiVirus finds a fragmented file.
    fm-if-change: Send a trap when FortiManager interface changes. Send a FortiManager trap.
    fm-conf-change: Send a trap when a configuration change is made by a FortiGate administrator and the FortiGate is managed by FortiManager.
    bgp-established: Send a trap when a BGP FSM transitions to the established state.
    bgp-backward-transition: Send a trap when a BGP FSM goes from a high numbered state to a lower numbered state.
    ha-member-up: Send a trap when an HA cluster member goes up.
    ha-member-down: Send a trap when an HA cluster member goes down.
    ent-conf-change: Send a trap when an entity MIB change occurs (RFC4133).
    av-conserve: Send a trap when the FortiGate enters conserve mode.
    av-bypass: Send a trap when the FortiGate enters bypass mode.
    av-oversize-passed: Send a trap when AntiVirus passes an oversized file.
    av-oversize-blocked: Send a trap when AntiVirus blocks an oversized file.
    ips-pkg-update: Send a trap when the IPS signature database or engine is updated.
    ips-fail-open: Send a trap when the IPS network buffer is full.
    faz-disconnect: Send a trap when a FortiAnalyzer disconnects from the FortiGate.
    wc-ap-up: Send a trap when a managed FortiAP comes up.
    wc-ap-down: Send a trap when a managed FortiAP goes down.
    fswctl-session-up: Send a trap when a FortiSwitch controller session comes up.
    fswctl-session-down: Send a trap when a FortiSwitch controller session goes down.
    load-balance-real-server-down: Send a trap when a server load balance real server goes down.
    device-new: Send a trap when a new device is found.
    per-cpu-high: Send a trap when per-CPU usage is high.
    		 option -
    security-level Security level for message authentication and encryption.
    no-auth-no-priv: Message with no authentication and no privacy (encryption).
    auth-no-priv: Message with authentication but no privacy (encryption).
    auth-priv: Message with authentication and privacy (encryption).
    		 option -
    auth-proto Authentication protocol.
    md5: HMAC-MD5-96 authentication protocol.
    sha: HMAC-SHA-96 authentication protocol.
    		 option -
    auth-pwd Password for authentication protocol. password Not Specified
    priv-proto Privacy (encryption) protocol.
    aes: CFB128-AES-128 symmetric encryption protocol.
    des: CBC-DES symmetric encryption protocol.
    aes256: CFB128-AES-256 symmetric encryption protocol.
    aes256cisco: CFB128-AES-256 symmetric encryption protocol compatible with CISCO.
    		 option -
    priv-pwd Password for privacy (encryption) protocol. password Not Specified
    Previous
    Next

    system snmp user

    SNMP user configuration.

      config system snmp user
      Description: SNMP user configuration.
      edit <name>
          set status [enable|disable]
          set trap-status [enable|disable]
          set trap-lport {integer}
          set trap-rport {integer}
          set queries [enable|disable]
          set query-port {integer}
          set notify-hosts {ipv4-address}
          set notify-hosts6 {ipv6-address}
          set source-ip {ipv4-address}
          set source-ipv6 {ipv6-address}
          set ha-direct [enable|disable]
          set events {option1}, {option2}, ...
          set security-level [no-auth-no-priv|auth-no-priv|...]
          set auth-proto [md5|sha]
          set auth-pwd {password}
          set priv-proto [aes|des|...]
          set priv-pwd {password}
      next
  end

    config system snmp user

    Parameter Name Description Type Size
    status Enable/disable this SNMP user.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    trap-status Enable/disable traps for this SNMP user.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    trap-lport SNMPv3 local trap port (default = 162). integer Minimum value: 0 Maximum value: 65535
    trap-rport SNMPv3 trap remote port (default = 162). integer Minimum value: 0 Maximum value: 65535
    queries Enable/disable SNMP queries for this user.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    query-port SNMPv3 query port (default = 161). integer Minimum value: 0 Maximum value: 65535
    notify-hosts SNMP managers to send notifications (traps) to. ipv4-address Not Specified
    notify-hosts6 IPv6 SNMP managers to send notifications (traps) to. ipv6-address Not Specified
    source-ip Source IP for SNMP trap. ipv4-address Not Specified
    source-ipv6 Source IPv6 for SNMP trap. ipv6-address Not Specified
    ha-direct Enable/disable direct management of HA cluster members.
    enable: Enable setting.
    disable: Disable setting.
    		 option -
    events SNMP notifications (traps) to send.
    cpu-high: Send a trap when CPU usage is high.
    mem-low: Send a trap when available memory is low.
    log-full: Send a trap when log disk space becomes low.
    intf-ip: Send a trap when an interface IP address is changed.
    vpn-tun-up: Send a trap when a VPN tunnel comes up.
    vpn-tun-down: Send a trap when a VPN tunnel goes down.
    ha-switch: Send a trap after an HA failover when the backup unit has taken over.
    ha-hb-failure: Send a trap when HA heartbeats are not received.
    ips-signature: Send a trap when IPS detects an attack.
    ips-anomaly: Send a trap when IPS finds an anomaly.
    av-virus: Send a trap when AntiVirus finds a virus.
    av-oversize: Send a trap when AntiVirus finds an oversized file.
    av-pattern: Send a trap when AntiVirus finds file matching pattern.
    av-fragmented: Send a trap when AntiVirus finds a fragmented file.
    fm-if-change: Send a trap when FortiManager interface changes. Send a FortiManager trap.
    fm-conf-change: Send a trap when a configuration change is made by a FortiGate administrator and the FortiGate is managed by FortiManager.
    bgp-established: Send a trap when a BGP FSM transitions to the established state.
    bgp-backward-transition: Send a trap when a BGP FSM goes from a high numbered state to a lower numbered state.
    ha-member-up: Send a trap when an HA cluster member goes up.
    ha-member-down: Send a trap when an HA cluster member goes down.
    ent-conf-change: Send a trap when an entity MIB change occurs (RFC4133).
    av-conserve: Send a trap when the FortiGate enters conserve mode.
    av-bypass: Send a trap when the FortiGate enters bypass mode.
    av-oversize-passed: Send a trap when AntiVirus passes an oversized file.
    av-oversize-blocked: Send a trap when AntiVirus blocks an oversized file.
    ips-pkg-update: Send a trap when the IPS signature database or engine is updated.
    ips-fail-open: Send a trap when the IPS network buffer is full.
    faz-disconnect: Send a trap when a FortiAnalyzer disconnects from the FortiGate.
    wc-ap-up: Send a trap when a managed FortiAP comes up.
    wc-ap-down: Send a trap when a managed FortiAP goes down.
    fswctl-session-up: Send a trap when a FortiSwitch controller session comes up.
    fswctl-session-down: Send a trap when a FortiSwitch controller session goes down.
    load-balance-real-server-down: Send a trap when a server load balance real server goes down.
    device-new: Send a trap when a new device is found.
    per-cpu-high: Send a trap when per-CPU usage is high.
    		 option -
    security-level Security level for message authentication and encryption.
    no-auth-no-priv: Message with no authentication and no privacy (encryption).
    auth-no-priv: Message with authentication but no privacy (encryption).
    auth-priv: Message with authentication and privacy (encryption).
    		 option -
    auth-proto Authentication protocol.
    md5: HMAC-MD5-96 authentication protocol.
    sha: HMAC-SHA-96 authentication protocol.
    		 option -
    auth-pwd Password for authentication protocol. password Not Specified
    priv-proto Privacy (encryption) protocol.
    aes: CFB128-AES-128 symmetric encryption protocol.
    des: CBC-DES symmetric encryption protocol.
    aes256: CFB128-AES-256 symmetric encryption protocol.
    aes256cisco: CFB128-AES-256 symmetric encryption protocol compatible with CISCO.
    		 option -
    priv-pwd Password for privacy (encryption) protocol. password Not Specified
    Previous
    Next