Variable | Description | Default |
<community_index> | Type the index number of a community to which the FortiWeb appliance belongs. The valid range is from 1 to 9,999,999,999,999,999,999. | No default. |
status {enable | disable} | Enable to activate the community. This setting takes effect only if the SNMP agent is enabled. For details, see “config system snmp sysinfo”. | disable |
name <community_str> | Type the name of the SNMP community to which the FortiWeb appliance and at least one SNMP manager belongs. The maximum length is 35 characters. The FortiWeb appliance will not respond to SNMP managers whose query packets do not contain a matching community name. Similarly, trap packets from the FortiWeb appliance will include community name, and an SNMP manager may not accept the trap if its community name does not match. | No default. |
events {cpu-high | intf-ip | log‑full | mem‑low | netlink-down-status | netlink-up-status | policy-start | policy-stop | pserver-failed | sys‑ha-hbfail | sys‑mode-change | waf‑access-attack | waf-amethod-attack | waf-blogin-attack |waf-hidden-fields | waf-pvalid-attack | waf-signature-detection | waf-url-access-attack | waf-spage-attack | Type one or more of the following SNMP event names in order to cause the FortiWeb appliance to send traps when those events occur. Traps will be sent to the SNMP managers in this community. Also enable traps. • cpu-high — CPU usage has exceeded 80%. • log-full — Local log disk space usage has exceeded 80%. If the space is consumed and a new log message is triggered, the FortiWeb appliance will either drop it or overwrite the oldest log message, depending on your configuration. See “config log disk”. • mem-low — Memory (RAM) usage has exceeded 80%. • netlink-down-status — A network interface has been brought down (disabled). This could be due to either an administrator changing the network interface’s settings, or due to HA executing a failover. • netlink-up-status — A network interface has been brought up (enabled).This could be due to either an administrator changing the network interface’s settings, or due to HA executing a failover. • pserver-failed — A server health check has determined that a physical server that is a member of a server farm is now unavailable. See “config server-policy policy”. • waf-amethod-attack — FortiWeb enforced an allowed methods restriction. See “config waf web-protection-profile inline-protection”, “config waf web-protection-profile offline-protection”, and “config waf allow-method-exceptions”. • waf-blogin-attack — FortiWeb detected a brute force login attack. See “config waf brute-force-login”. • waf-hidden-fields — FortiWeb detected a hidden fields attack. • waf-pvalid-attack — FortiWeb enforced an input/parameter validation rule. See “config waf parameter-validation-rule”. | No default. |
• waf-url-access-attack — FortiWeb enforced a URL access rule. See “config waf url-access url-access-rule”. new | ||
query-v1-port <port_int> | Type the port number on which the FortiWeb appliance will listen for SNMP v1 queries from the SNMP managers of the community. The valid range is from 1 to 65,535. | 161 |
query-v1-status {enable | disable} | Enable to respond to queries using the SNMP v1 version of the SNMP protocol. | enable |
query-v2c-port <port_int> | Type the port number on which the FortiWeb appliance will listen for SNMP v2c queries from the SNMP managers of the community. The valid range is from 1 to 65,535. | 161 |
query-v2c-status {enable | disable} | Enable to respond to queries using the SNMP v2c version of the SNMP protocol. | enable |
trap-v1-lport <port_int> | Type the port number that will be the source (also called local) port number for SNMP v1 trap packets. The valid range is from 1 to 65,535. | 162 |
trap-v1-rport <port_int> | Type the port number that will be the destination (also called remote) port number for SNMP v1 trap packets. The valid range is from 1 to 65,535. | 162 |
trap-v1-status {enable | disable} | Enable to send traps using the SNMP v1 version of the SNMP protocol. | enable |
trap-v2c-lport <port_int> | Type the port number that will be the source (also called local) port number for SNMP v2c trap packets. The valid range is from 1 to 65,535. | 162 |
trap-v2c-rport <port_int> | Type the port number that will be the destination (also called remote) port number for SNMP v2c trap packets. The valid range is from 1 to 65,535. | 162 |
trap-v2c-status {enable | disable} | Enable to send traps using the SNMP v2c version of the SNMP protocol. | enable |
<snmp-manager_index> | Type the index number of an SNMP manager for the community. The valid range is from 1 to 9,999,999,999,999,999,999. | No default. |
interface <interface_name> | Type the name of the network interface from which the FortiWeb appliance will send traps and reply to queries. The maximum length is 35 characters. Note: You must select a specific network interface if the SNMP manager is not on the same subnet as the FortiWeb appliance. This can occur if the SNMP manager is on the Internet or behind a router. Note: This setting only applies to the interface sending SNMP traffic. To configure the receiving interface, see config system interface. | No default. |
ip <manager_ipv4> | Type the IP address of the SNMP manager that, if traps and/or queries are enabled in this community: • will receive traps from the FortiWeb appliance • will be permitted to query the FortiWeb appliance SNMP managers have read-only access. To allow any IP address using this SNMP community name to query the FortiWeb appliance, enter 0.0.0.0. Note: Entering 0.0.0.0 effectively disables traps if there are no other host IP entries, because there is no specific destination for trap packets. If you do not want to disable traps, you must add at least one other entry that specifies the IP address of an SNMP manager. | No default. |