system : snmp community
 
snmp community
Use this command to configure SNMP communities on your FortiGate unit. You add SNMP communities so that SNMP managers can connect to the FortiGate unit to view system information and receive SNMP traps. SNMP traps are triggered when system events happen such as when antivirus checking is bypassed, or when the log disk is almost full.
You can add up to three SNMP communities. Each community can have a different configuration for SNMP queries and traps. Each community can be configured to monitor the FortiGate unit for a different set of events. You can also the add IP addresses of up to 8 SNMP managers to each community.
 
Part of configuring an SNMP manager is to list it as a host in a community on the FortiGate unit it will be monitoring. Otherwise the SNMP monitor will not receive any traps from that FortiGate unit, or be able to query it.
Syntax
config system snmp community
edit <index_number>
set events <events_list>
set name <community_name>
set query-v1-port <port_number>
set query-v1-status {enable | disable}
set query-v2c-port <port_number>
set query-v2c-status {enable | disable}
set status {enable | disable}
set trap-v1-lport <port_number>
set trap-v1-rport <port_number>
set trap-v1-status {enable | disable}
set trap-v2c-lport <port_number>
set trap-v2c-rport <port_number>
set trap-v2c-status {enable | disable}
config hosts
edit <host_number>
set elbc-management {enable | disable}
set ha-direct {enable | disable}
set host-type {any | query | trap}
set interface <if_name>
set ip <address_ipv4>
set source-ip <address_ipv4/mask>
end
config hosts6
edit <host_number>
set ha-direct {enable | disable}
set interface <if_name>
set ip6 <address_ipv6>
set source-ip6 <address_ipv6>
end
end
 
Variable
Description
Default
edit <index_number>
Enter the index number of the community in the SNMP communities table. Enter an unused index number to create a new SNMP community.
 
events <events_list>
Enable the events for which the FortiGate unit should send traps to the SNMP managers in this community.
av-bypass — FortiGate unit has entered bypass mode.
See “set av-failopen pass” under “global”.
av-conserve — System enters conserve mode.
av-fragmented — A fragmented file has been detected.
av-oversize — An oversized file has been detected.
av-oversize-blocked — An oversized file has been blocked.
av-oversize-passed — An oversized file has passed through.
av-pattern — An file matching the AV pattern is detected.
av-virus — A virus is detected.
bgp-backward-transition — BGP FSM from a high-numbered to a low-numbered state.
bgp-established — BGP FSM enters the established state.
cpu-high — CPU usage exceeds threshold. Default is 80%.
Automatic smoothing ensures only prolonged high CPU usage will trigger this trap, not a momentary spike.
All events enabled.
 
ent-conf-change — entity config change (rfc4133)
fan-failure — A cooling fan has failed.
faz-disconnect — A FortiAnalyzer device has disconnected from the FortiGate unit.
fm-conf-change — FortiGate unit is managed by FortiManager, but the FortiGate administrator has modified the configuration directly.
fm-if-change — FortiManager interface changes.
ha-hb-failure — The HA heartbeat interface has failed.
ha-member-down — The HA cluster member stops.
ha-member-up — The HA cluster members starts.
ha-switch — The primary unit in a HA cluster fails and is replaced with a new HA unit.
intf-ip — The IP address of a FortiGate interface changes.
ips-anomaly — IPS detects an anomaly.
ips-fail-open — IPS network buffer is full.
ips-pkg-update — IPS package has been updated.
ips-signature — IPS detects an attack.
 
 
load-balance-real-server-down — real server is down.
log-full — Hard drive usage exceeds threshold. Default is 90%.
mem-low — Memory usage exceeds threshold. Default is 80%.
 
 
power-supply-failure — Power outage detected on monitored power supply. Available only on some models.
vpn-tun-down — A VPN tunnel stops.
vpn-tun-up — A VPN tunnel starts.
wc-ap-down — A WiFi access point is down.
wc-ap-up — A WiFi access point is up.
 
name <community_name>
Enter the name of the SNMP community.
No default.
query-v1-port <port_number>
Enter the SNMP v1 query port number used for SNMP manager queries.
161
query-v1-status {enable | disable}
Enable or disable SNMP v1 queries for this SNMP community.
enable
query-v2c-port <port_number>
Enter the SNMP v2c query port number used for SNMP manager queries.
161
query-v2c-status {enable | disable}
Enable or disable SNMP v2c queries for this SNMP community.
enable
status {enable | disable}
Enable or disable the SNMP community.
enable
trap-v1-lport <port_number>
Enter the SNMP v1 local port number used for sending traps to the SNMP managers.
162
trap-v1-rport <port_number>
Enter the SNMP v1 remote port number used for sending traps to the SNMP managers.
162
trap-v1-status {enable | disable}
Enable or disable SNMP v1 traps for this SNMP community.
enable
trap-v2c-lport <port_number>
Enter the SNMP v2c local port number used for sending traps to the SNMP managers.
162
trap-v2c-rport <port_number>
Enter the SNMP v2c remote port number used for sending traps to the SNMP managers.
162
trap-v2c-status
{enable | disable}
Enable or disable SNMP v2c traps for this SNMP community.
enable
hosts, hosts6 variables
edit <host_number>
Enter the index number of the host in the table. Enter an unused index number to create a new host.
 
elbc-management {enable | disable}
Enable to allow use of snmp over the base channel and front panel ports in ELBC mode.
 
ha-direct {enable | disable}
Enable direct management of cluster members.
Enabling ha-direct in non-HA environments may disrupt SNMP.
disable
host-type {any | query | trap}
Set permitted actions for this host:
query—make queries only
trap—receive traps only
any—any SMTP action
any
interface <if_name>
Enter the name of the FortiGate interface to which the SNMP manager connects.
No default.
ip <address_ipv4>
Enter the IPv4 IP address of the SNMP manager (for hosts).
0.0.0.0
ip6 <address_ipv6>
Enter the IPv6 IP address of the SNMP manager (for hosts6).
::
source-ip <address_ipv4/mask>
Enter the source IPv4 IP address for SNMP traps sent by the FortiGate unit (for hosts).
0.0.0.0/ 0.0.0.0
source-ip6 <address_ipv6>
Enter the source IPv6 IP address for SNMP traps sent by the FortiGate unit (for hosts6).
::