Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Devices Managed by FortiOS

Configuring SNMP

Simple Network Management Protocol (SNMP) enables you to monitor hardware on your network.

The managed FortiSwitch SNMP implementation is read-only. SNMP v1-compliant and v2c-compliant SNMP managers have read-only access to FortiSwitch system information through queries and can receive trap messages from the managed FortiSwitch unit.

To monitor FortiSwitch system information and receive FortiSwitch traps, you must first compile the Fortinet and FortiSwitch management information base (MIB) files. A MIB is a text file that describes a list of SNMP data objects that are used by the SNMP manager. These MIBs provide information that the SNMP manager needs to interpret the SNMP trap, event, and query messages sent by the FortiSwitch SNMP agent.

FortiSwitch core MIB files are available for download by going to System > Config > SNMP > Settings and selecting the FortiSwitch MIB File download link.

You configure SNMP on a global level so that all managed FortiSwitch units use the same settings. If you want one of the FortiSwitch units to use different settings from the global settings, configure SNMP locally.

This section covers the following topics:

Configuring SNMP globally

To configure SNMP globally, configure the following settings:

  1. Configure the SNMP system information.
  2. Configure the SNMP community.
  3. Configure the SNMP trap threshold values.
  4. Configure the SNMP user.
To configure the SNMP system information globally:

config switch-controller snmp-sysinfo

set status enable

set engine-id <local_SNMP_engine_ID (the maximum is 24 characters)>

set description <system_description>

set contact-info <contact_information>

set location <FortiGate_location>

end

To configure the SNMP community globally:

config switch-controller snmp-community

edit <SNMP_community_ID>

set status enable

set query-v1-status enable

set query-v1-port <0-65535; the default is 161>

set query-v2c-status enable

set query-v2c-port <0-65535; the default is 161>

set trap-v1-status enable

set trap-v1-lport <0-65535; the default is 162>

set trap-v1-rport <0-65535; the default is 162>

set trap-v2c-status enable

set trap-v2c-lport <0-65535; the default is 162>

set trap-v2c-rport <0-65535; the default is 162>

set events {cpu-high mem-low log-full intf-ip ent-conf-change}

config hosts

edit <host_entry_ID>

set ip <IPv4_address_of_the_SNMP_manager>

end

end

To configure the SNMP trap threshold values globally:

config switch-controller snmp-trap-threshold

set trap-high-cpu-threshold <percentage_value; the default is 80>

set trap-low-memory-threshold <percentage_value; the default is 80>

set trap-log-full-threshold <percentage_value; the default is 90>

end

To configure the SNMP user globally:

config switch-controller snmp-user

edit <SNMP_user_name>

set queries enable

set query-port <0-65535; the default is 161>

set security-level {auth-priv | auth-no-priv | no-auth-no-priv}

set auth-proto {md5 | sha}

set auth-pwd <password_for_authentication_protocol>

set priv-proto {aes | des}

set priv-pwd <password_for_encryption_protocol>

end

Configuring SNMP locally

To configure SNMP for a specific FortiSwitch unit, configure the following settings:

  1. Configure the SNMP system information.
  2. Configure the SNMP community.
  3. Configure the SNMP trap threshold values.
  4. Configure the SNMP user.
To configure the SNMP system information locally:

config switch-controller managed-switch

set override-snmp-sysinfo enable

config snmp-sysinfo

set status enable

set engine-id <local_SNMP_engine_ID (the maximum is 24 characters)>

set description <system_description>

set contact-info <contact_information>

set location <FortiGate_location>

end

end

To configure the SNMP community locally:

config switch-controller managed-switch

set override-snmp-community enable

config snmp-community

edit <SNMP_community_ID>

set status enable

set query-v1-status enable

set query-v1-port <0-65535; the default is 161>

set query-v2c-status enable

set query-v2c-port <0-65535; the default is 161>

set trap-v1-status enable

set trap-v1-lport <0-65535; the default is 162>

set trap-v1-rport <0-65535; the default is 162>

set trap-v2c-status enable

set trap-v2c-lport <0-65535; the default is 162>

set trap-v2c-rport <0-65535; the default is 162>

set events {cpu-high mem-low log-full intf-ip ent-conf-change}

config hosts

edit <host_entry_ID>

set ip <IPv4_address_of_the_SNMP_manager>

end

end

To configure the SNMP trap threshold values locally:

config switch-controller managed-switch

set override-snmp-trap-threshold enable

config snmp-trap-threshold

set trap-high-cpu-threshold <percentage_value; the default is 80>

set trap-low-memory-threshold <percentage_value; the default is 80>

set trap-log-full-threshold <percentage_value; the default is 90>

end

end

To configure the SNMP user locally:

config switch-controller managed-switch

set override-snmp-user enable

config snmp-user

edit <SNMP_user_name>

set queries enable

set query-port <0-65535; the default is 161>

set security-level {auth-priv | auth-no-priv | no-auth-no-priv}

set auth-proto {md5 | sha}

set auth-pwd <password_for_authentication_protocol>

set priv-proto {aes | des}

set priv-pwd <password_for_encryption_protocol>

end

end

Configuring SNMP

Simple Network Management Protocol (SNMP) enables you to monitor hardware on your network.

The managed FortiSwitch SNMP implementation is read-only. SNMP v1-compliant and v2c-compliant SNMP managers have read-only access to FortiSwitch system information through queries and can receive trap messages from the managed FortiSwitch unit.

To monitor FortiSwitch system information and receive FortiSwitch traps, you must first compile the Fortinet and FortiSwitch management information base (MIB) files. A MIB is a text file that describes a list of SNMP data objects that are used by the SNMP manager. These MIBs provide information that the SNMP manager needs to interpret the SNMP trap, event, and query messages sent by the FortiSwitch SNMP agent.

FortiSwitch core MIB files are available for download by going to System > Config > SNMP > Settings and selecting the FortiSwitch MIB File download link.

You configure SNMP on a global level so that all managed FortiSwitch units use the same settings. If you want one of the FortiSwitch units to use different settings from the global settings, configure SNMP locally.

This section covers the following topics:

Configuring SNMP globally

To configure SNMP globally, configure the following settings:

  1. Configure the SNMP system information.
  2. Configure the SNMP community.
  3. Configure the SNMP trap threshold values.
  4. Configure the SNMP user.
To configure the SNMP system information globally:

config switch-controller snmp-sysinfo

set status enable

set engine-id <local_SNMP_engine_ID (the maximum is 24 characters)>

set description <system_description>

set contact-info <contact_information>

set location <FortiGate_location>

end

To configure the SNMP community globally:

config switch-controller snmp-community

edit <SNMP_community_ID>

set status enable

set query-v1-status enable

set query-v1-port <0-65535; the default is 161>

set query-v2c-status enable

set query-v2c-port <0-65535; the default is 161>

set trap-v1-status enable

set trap-v1-lport <0-65535; the default is 162>

set trap-v1-rport <0-65535; the default is 162>

set trap-v2c-status enable

set trap-v2c-lport <0-65535; the default is 162>

set trap-v2c-rport <0-65535; the default is 162>

set events {cpu-high mem-low log-full intf-ip ent-conf-change}

config hosts

edit <host_entry_ID>

set ip <IPv4_address_of_the_SNMP_manager>

end

end

To configure the SNMP trap threshold values globally:

config switch-controller snmp-trap-threshold

set trap-high-cpu-threshold <percentage_value; the default is 80>

set trap-low-memory-threshold <percentage_value; the default is 80>

set trap-log-full-threshold <percentage_value; the default is 90>

end

To configure the SNMP user globally:

config switch-controller snmp-user

edit <SNMP_user_name>

set queries enable

set query-port <0-65535; the default is 161>

set security-level {auth-priv | auth-no-priv | no-auth-no-priv}

set auth-proto {md5 | sha}

set auth-pwd <password_for_authentication_protocol>

set priv-proto {aes | des}

set priv-pwd <password_for_encryption_protocol>

end

Configuring SNMP locally

To configure SNMP for a specific FortiSwitch unit, configure the following settings:

  1. Configure the SNMP system information.
  2. Configure the SNMP community.
  3. Configure the SNMP trap threshold values.
  4. Configure the SNMP user.
To configure the SNMP system information locally:

config switch-controller managed-switch

set override-snmp-sysinfo enable

config snmp-sysinfo

set status enable

set engine-id <local_SNMP_engine_ID (the maximum is 24 characters)>

set description <system_description>

set contact-info <contact_information>

set location <FortiGate_location>

end

end

To configure the SNMP community locally:

config switch-controller managed-switch

set override-snmp-community enable

config snmp-community

edit <SNMP_community_ID>

set status enable

set query-v1-status enable

set query-v1-port <0-65535; the default is 161>

set query-v2c-status enable

set query-v2c-port <0-65535; the default is 161>

set trap-v1-status enable

set trap-v1-lport <0-65535; the default is 162>

set trap-v1-rport <0-65535; the default is 162>

set trap-v2c-status enable

set trap-v2c-lport <0-65535; the default is 162>

set trap-v2c-rport <0-65535; the default is 162>

set events {cpu-high mem-low log-full intf-ip ent-conf-change}

config hosts

edit <host_entry_ID>

set ip <IPv4_address_of_the_SNMP_manager>

end

end

To configure the SNMP trap threshold values locally:

config switch-controller managed-switch

set override-snmp-trap-threshold enable

config snmp-trap-threshold

set trap-high-cpu-threshold <percentage_value; the default is 80>

set trap-low-memory-threshold <percentage_value; the default is 80>

set trap-log-full-threshold <percentage_value; the default is 90>

end

end

To configure the SNMP user locally:

config switch-controller managed-switch

set override-snmp-user enable

config snmp-user

edit <SNMP_user_name>

set queries enable

set query-port <0-65535; the default is 161>

set security-level {auth-priv | auth-no-priv | no-auth-no-priv}

set auth-proto {md5 | sha}

set auth-pwd <password_for_authentication_protocol>

set priv-proto {aes | des}

set priv-pwd <password_for_encryption_protocol>

end

end