Configuring SNMP v3 users

If your SNMP manager supports SNMP v3, you can specify which of its user accounts is permitted to access information about your FortiRecorder appliance. This provides greater granularity of control over who can access potentially sensitive system information.


Setting name	Description
User name	Type the name of the SNMP user. This must match the name of the account as it is configured on your SNMP manager. You can add up to 16 users.
Enable	Enable this user entry.
Security level	Choose one of the three security levels: • No authentication, no privacy — Causes SNMP v3 to behave similar to SNMP v1 and v2, which provides neither secrecy nor guarantees authenticity, and therefore is not secure. This option should only be used on private management networks. • Authentication, no privacy — Enables authentication only, guaranteeing the authenticity of the message, but not safeguarding it from eavesdropping. Also configure Authentication protocol. • Authentication, privacy — Enables both authentication and encryption, guaranteeing authenticity as well as secrecy. Also configure Privacy protocol.
Authentication protocol	Select either SHA-1 or MD5 hashes for authentication. Also configure a salt in Password. Both the protocols and passwords on the SNMP manager and FortiRecorder must match.
Privacy protocol	Select either AES or DES encryption algorithms. Also configure a salt in Password. Both the protocols and passwords on the SNMP manager and FortiRecorder must match.

7. To verify your SNMP configuration and network connectivity between your SNMP manager and your FortiRecorder appliance, be sure to test both traps and queries (assuming you have enabled both). Traps and queries typically occur on different port numbers, and therefore verifying one does not necessarily verify that the other is also functional. To test queries, from your SNMP manager, query the FortiRecorder appliance. To test traps, cause one of the events that should trigger a trap.