System monitoring : SNMP traps & queries : Configuring an SNMP community
 
Configuring an SNMP community
An SNMP community is a grouping of equipment for network administration purposes. You must configure your FortiRecorder appliance to belong to at least one SNMP community so that community’s SNMP managers can query the FortiRecorder appliance’s system information and receive SNMP traps from the FortiRecorder appliance.
On FortiRecorder, SNMP communities are also where you enable the traps that will be sent to that group of hosts.
You can add up to three SNMP communities. Each community can have a different configuration for queries and traps, and the set of events that trigger a trap. You can also add the IP addresses of up to 8 SNMP managers to each community to designate the destination of traps and which IP addresses are permitted to query the FortiRecorder appliance.
To add an SNMP community via the web UI
1. Go to System > Configuration > SNMP.
2. If you have not already configured the agent, do so before continuing. See “To configure the SNMP agent via the web UI”.
3. Under Community, click New.
A dialog appears.
4. Configure these settings:
Setting name
Description
Name
Type the name of the SNMP community to which the FortiRecorder appliance and at least one SNMP manager belongs, such as public.
The FortiRecorder appliance will not respond to SNMP managers whose query packets do not contain a matching community name. Similarly, trap packets from the FortiRecorder appliance will include community name, and an SNMP manager may not accept the trap if its community name does not match.
Caution: Fortinet strongly recommends that you do not add FortiRecorder to the community named public. This popular default name is well-known, and attackers that gain access to your network will often try this name first.
Enable
Enable this community entry.
Community Hosts
 
 
IP Address
Type the IP address of the SNMP manager that, if traps or queries are enabled in this community:
will receive traps from the FortiRecorder appliance
will be permitted to query the FortiRecorder appliance
SNMP managers have read-only access. You can add up to 8.
To allow any IP address using this SNMP community name to query the FortiRecorder appliance, enter 0.0.0.0. For security best practice reasons, however, this is not recommended.
Caution: FortiRecorder sends security-sensitive traps, which should be sent only over a trusted network, and only to administrative equipment.
Note: If there are no other host IP entries, entering only 0.0.0.0 effectively disables traps because there is no specific destination for trap packets. If you do not want to disable traps, you must add at least one other entry that specifies the IP address of an SNMP manager.
Queries
Type each port number (161 by default) on which the FortiRecorder appliance listens for SNMP queries from the SNMP managers in this community, then enable it. Port numbers vary by SNMP v1 and SNMP v2c.
Traps
Type each port number (162 by default) that will be the source (Local) port number and destination (Remote) port number for trap packets sent to SNMP managers in this community, then enable it. Port numbers vary by SNMP v1 and SNMP v2c.
SNMP Event
Enable the types of SNMP traps that you want the FortiRecorder appliance to send to the SNMP managers in this community.
System events (system reboot, system reload, system upgrade, log disk formatting, and video disk formatting)
Remote storage event
Interface IP change
Camera events (enabling, disabling, communication failure, recording failure, IP change, and camera reboot)
While most trap events are described by their names, the following events occur when a threshold has been exceeded:
CPU Overusage
Memory Low
Log Disk Usage Threshold
Video Disk Usage Threshold
To configure their thresholds, see “To configure the SNMP agent via the web UI”. For more information on supported traps and queries, see “MIB support”.
5. Click OK.
6. To verify your SNMP configuration and network connectivity between your SNMP manager and your FortiRecorder appliance, be sure to test both traps and queries (assuming you have enabled both). Traps and queries typically occur on different port numbers, and therefore verifying one does not necessarily verify that the other is also functional. To test queries, from your SNMP manager, query the FortiRecorder appliance. To test traps, cause one of the events that should trigger a trap.
See also
Configuring SNMP v3 users
SNMP traps & queries