Fortinet black logo

Administration Guide

Home FortiNDR 7.4.3 Administration Guide
7.4.3
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

SNMP

SNMP

FortiNDR system information and system status can be monitored by utilizing SNMP. When configuring SNMP manager to connect to FortiNDR’s SNMP agent, you must add the Fortinet proprietary MIBs to have access to Fortinet specific information.

The FortiNDR SNMP implementation is read-only. SNMP v1, v2c and v3 compliant SNMP managers have read-only access to FortiNDR system information and can receive FortiNDR traps.

Basic Configuration

To configure SNMP in the GUI:
  1. Configure interface access:
    1. Go to Network > Interface and double-click the port1 interface to edit it.
    2. Under Administrative Access, enable SNMP.
    3. Click OK.
  2. Configure the SNMP agent:
    1. Enable SNMP Agent and configure the following settings:

      Description

      Description of the SNMP agent.

      Location

      The location of the FortiNDR.

      Contact

      Contact for the SNMP agent or FortiNDR.

    2. Click Apply.
  3. Configure an SNMP V1/V2C community:
    1. In the SNMP V1/V2C table, click Create New. The New SNMP Community pane opens.
    2. Configure the community:

      Community Name

      Enter the name of the community.

      Hosts

      IP Address: Click the plus sign (+) to enter the IP address for each SNMP manager.

      Queries

      Enable or disable v1 and v2c queries, then enter the port numbers that the SNMP managers in this community will use.

      Traps

      Enable or disable v1 and v2c traps, then enter the local and remote port numbers that the SNMP managers in this community will use.

      SNMP Trap Events

      Enable or disable the events that activate traps in this community.

    3. Click OK.
  4. Configure an SNMP v3 user:
    1. In the SNMP v3 table, click Create New. The New SNMP User pane opens.
    2. Configure the user settings:

      User Name

      Enter the user name.

      Security Level

      Configure the security level:

      • No Authentication: No authentication or encryption.
      • Authentication: Select the authentication algorithm and password.
      • Authentication and Private: Select both the authentication and encryption algorithms and password.

      Hosts

      IP Address: Click the plus sign (+) to enter the IP address for each SNMP manager.

      Queries

      Enable or disable queries, then enter the port number that the SNMP managers will use.

      Traps

      Enable or disable traps, then enter the local and remote port numbers that the SNMP managers will use.

      SNMP Trap Events

      Enable or disable the events that activate traps.

    3. Click OK.

SNMP MIB files

The FortiNDR SNMP agent supports Fortinet proprietary MIBs as well as standard RFC 1213 and RFC 2665 MIBs. RFC support includes support for the parts of RFC 2665 (Ethernet-like MIB) and the parts of RFC 1213 (MIB II) that apply to FortiNDR unit configuration.

The FortiNDR MIBs are listed in the following table. You can obtain these MIB files from Fortinet Technical Support. To communicate with the SNMP agent, you must load these MIBs into your SNMP manager.

Your SNMP manager may already include standard and private MIBs in a compiled database that is ready to use. You must add the Fortinet proprietary MIB to this database. If the standard MIBs used by the Fortinet SNMP agent are already compiled into your SNMP manager you do not have to compile them again.

MIB file name

Description

FORTINET-CORE-MIB.mib

The Fortinet core MIB includes all system configuration and trap information that is common to all Fortinet products.

Your SNMP manager requires this information to monitor Fortinet device settings and receive traps from the FortiNDR SNMP agent.

FORTINET-FORTINDR-MIB.mib

The FortiNDR MIB includes all system configuration and trap information that is specific to FortiNDR product.

Your SNMP manager requires this information to receive traps from the FortiNDR SNMP agent.

SNMP Traps

FortiNDR supports the following SNMP traps that will be sent to SNMP managers. To receive traps, you must pre-load the FortiNDR trap MIB into the SNMP manager.

Trap

Description

fndrTrapCpuHighThreshold

Trap sent if CPU usage became too high.

fndrTrapMemLowThreshold

Trap sent if memory usage became too high.

fndrTrapLogDiskHighThreshold

Trap sent if log disk usage became too high.

fndrTrapDataDiskHighThreshold

Trap sent if data disk usage became too high.
Example:

The following is an example of how to configure the trap threshold with the CLI. For more information, see config system snmp threshold in the FortiNDR CLI Reference.

config system snmp threshold

set cpu 80 3 600 30

set mem 80 3 600 30

set logdisk 90 1 7200 3600

set datadisk 90 1 7200 3600

end

Previous
Next

SNMP

FortiNDR system information and system status can be monitored by utilizing SNMP. When configuring SNMP manager to connect to FortiNDR’s SNMP agent, you must add the Fortinet proprietary MIBs to have access to Fortinet specific information.

The FortiNDR SNMP implementation is read-only. SNMP v1, v2c and v3 compliant SNMP managers have read-only access to FortiNDR system information and can receive FortiNDR traps.

Basic Configuration

To configure SNMP in the GUI:
  1. Configure interface access:
    1. Go to Network > Interface and double-click the port1 interface to edit it.
    2. Under Administrative Access, enable SNMP.
    3. Click OK.
  2. Configure the SNMP agent:
    1. Enable SNMP Agent and configure the following settings:

      Description

      Description of the SNMP agent.

      Location

      The location of the FortiNDR.

      Contact

      Contact for the SNMP agent or FortiNDR.

    2. Click Apply.
  3. Configure an SNMP V1/V2C community:
    1. In the SNMP V1/V2C table, click Create New. The New SNMP Community pane opens.
    2. Configure the community:

      Community Name

      Enter the name of the community.

      Hosts

      IP Address: Click the plus sign (+) to enter the IP address for each SNMP manager.

      Queries

      Enable or disable v1 and v2c queries, then enter the port numbers that the SNMP managers in this community will use.

      Traps

      Enable or disable v1 and v2c traps, then enter the local and remote port numbers that the SNMP managers in this community will use.

      SNMP Trap Events

      Enable or disable the events that activate traps in this community.

    3. Click OK.
  4. Configure an SNMP v3 user:
    1. In the SNMP v3 table, click Create New. The New SNMP User pane opens.
    2. Configure the user settings:

      User Name

      Enter the user name.

      Security Level

      Configure the security level:

      • No Authentication: No authentication or encryption.
      • Authentication: Select the authentication algorithm and password.
      • Authentication and Private: Select both the authentication and encryption algorithms and password.

      Hosts

      IP Address: Click the plus sign (+) to enter the IP address for each SNMP manager.

      Queries

      Enable or disable queries, then enter the port number that the SNMP managers will use.

      Traps

      Enable or disable traps, then enter the local and remote port numbers that the SNMP managers will use.

      SNMP Trap Events

      Enable or disable the events that activate traps.

    3. Click OK.

SNMP MIB files

The FortiNDR SNMP agent supports Fortinet proprietary MIBs as well as standard RFC 1213 and RFC 2665 MIBs. RFC support includes support for the parts of RFC 2665 (Ethernet-like MIB) and the parts of RFC 1213 (MIB II) that apply to FortiNDR unit configuration.

The FortiNDR MIBs are listed in the following table. You can obtain these MIB files from Fortinet Technical Support. To communicate with the SNMP agent, you must load these MIBs into your SNMP manager.

Your SNMP manager may already include standard and private MIBs in a compiled database that is ready to use. You must add the Fortinet proprietary MIB to this database. If the standard MIBs used by the Fortinet SNMP agent are already compiled into your SNMP manager you do not have to compile them again.

MIB file name

Description

FORTINET-CORE-MIB.mib

The Fortinet core MIB includes all system configuration and trap information that is common to all Fortinet products.

Your SNMP manager requires this information to monitor Fortinet device settings and receive traps from the FortiNDR SNMP agent.

FORTINET-FORTINDR-MIB.mib

The FortiNDR MIB includes all system configuration and trap information that is specific to FortiNDR product.

Your SNMP manager requires this information to receive traps from the FortiNDR SNMP agent.

SNMP Traps

FortiNDR supports the following SNMP traps that will be sent to SNMP managers. To receive traps, you must pre-load the FortiNDR trap MIB into the SNMP manager.

Trap

Description

fndrTrapCpuHighThreshold

Trap sent if CPU usage became too high.

fndrTrapMemLowThreshold

Trap sent if memory usage became too high.

fndrTrapLogDiskHighThreshold

Trap sent if log disk usage became too high.

fndrTrapDataDiskHighThreshold

Trap sent if data disk usage became too high.
Example:

The following is an example of how to configure the trap threshold with the CLI. For more information, see config system snmp threshold in the FortiNDR CLI Reference.

config system snmp threshold

set cpu 80 3 600 30

set mem 80 3 600 30

set logdisk 90 1 7200 3600

set datadisk 90 1 7200 3600

end

Previous
Next