How to enable SNMP on a FortiGate device

To configure SNMP on a Fortigate device, you need your login credentials to FortiGate’s graphical user interface. Once inside, follow the steps below to get SNMP up and running.

Note: The guideline below is for a FortiGate 60D-POE device. The steps may vary slightly for different models. If you’d like help configuring a specific FortiGate device, contact Auvik Support.

1. Navigate to System > Config > SNMP.
2. Click Enable the SNMP Agent.
3. Optional: Add a description, location, and contact.
4. Click Apply.
5. Navigate to System > Network > Interface > Internal > Edit.
6. Click the box next to SNMP, then Apply to save the changes.

To enable SNMP v1/2c:

1. In the SNMP v1/v2 section, select Create New.
2. Choose a Community Name.
3. Under Hosts, click Add.
4. Enter the IP address of the Auvik Collector or allow SNMP from any hosts. For example: 10.0.1.250/255.255.255.255 or 0.0.0.0/0.0.0.0.
5. Select Any as the Interface.
6. Make sure SNMP queries are assigned to port 161 and set to Enable.
7. Click OK.

To enable SNMP v3:

1. In the SNMP v3 section, select Create New.
2. Set your preferred User Name and Auth level.
3. Ensure Enable Query is checked and the port is set to 161.
4. Click OK.

SNMP is now configured on your FortiGate device in the standard manner.

 

In order to allow SNMP polling through the dedicated HA management port, the following settings need to be configured.

You must know the network interface name of the dedicated HA management port.

 

# config system interface
    # edit {HA_MGMT_PORT}

# set ip {IP_ADDRESS} {SUBNET_MASK}
# set allowaccess ping https ssh snmp fgfm

# next

# end

# config system ha

# set ha-mgmt-status enable

# config ha-mgmt-interfaces

# edit 1

# set interface {HA_MGMT_PORT}

# set gateway {GATEWAY_ADDRESS}

# next

# end

 

Configure SNMPv2:

# config system snmp community
    # edit 1

# config hosts
    # edit 1

# set ha-direct enable
# set ip {IP_ADDRESS} {SUBNET_MASK}
# next

# next

# end

 

Configure SNMPv3:

# config system snmp user
    # edit 1

        # set ha-direct enable
        # set ip {IP_ADDRESS} {SUBNET_MASK}
        # next
    # next
# end

 

In case there are more than one HA management port configured, then a specific management port can be used for SNMP communication.

In the below configuration, mgmt1 port has been used for SNMP communication.

 

# config system ha

# set ha-mgmt-status enable

# config ha-mgmt-interfaces

# edit 1

# set interface mgmt1

# set dst {IP_ADDRESS} {SUBNET_MASK}

# set gateway {GATEWAY_ADDRESS}

# next

# edit 2

# set interface mgmt2

# set gateway {GATEWAY_ADDRESS}

# next

# end

 

For more information: https://kb.fortinet.com/kb/documentLink.do?externalID=FD34731