SNMP
Enable the SNMP agent on the FortiAnalyzer device so it can send traps to and receive queries from the computer that is designated as its SNMP manager. This allows for monitoring the FortiAnalyzer with an SNMP manager.
SNMP has two parts – the SNMP agent that is sending traps, and the SNMP manager that monitors those traps. The SNMP communities on monitored FortiGate devices are hard coded and configured by the FortiAnalyzer system – they are not user configurable.
The FortiAnalyzer SNMP implementation is read-only — SNMP v1, v2c, and v3 compliant SNMP manager applications, such as those on your local computer, have read-only access to FortiAnalyzer system information and can receive FortiAnalyzer system traps.
SNMP agent
The SNMP agent sends SNMP traps originating on the FortiAnalyzer system to an external monitoring SNMP manager defined in a SNMP community. Typically an SNMP manager is an application on a local computer that can read the SNMP traps and generate reports or graphs from them.
The SNMP manager can monitor the FortiAnalyzer system to determine if it is operating properly, or if there are any critical events occurring. The description, location, and contact information for this FortiAnalyzer system will be part of the information an SNMP manager will have — this information is useful if the SNMP manager is monitoring many devices, and it will enable faster responses when the FortiAnalyzer system requires attention.
Go to System Settings > Advanced > SNMP to configure the SNMP agent.
The following information and options are available:
SNMP Agent | Select to enable the SNMP agent. When this is enabled, it sends FortiAnalyzer SNMP traps. | ||
Description | Optionally, type a description of this FortiAnalyzer system to help uniquely identify this unit. | ||
Location | Optionally, type the location of this FortiAnalyzer system to help find it in the event it requires attention. | ||
Contact | Optionally, type the contact information for the person in charge of this FortiAnalyzer system. | ||
SNMP v1/2c | The list of SNMP v1/v2c communities added to the FortiAnalyzer configuration. | ||
Create New | Select Create New to add a new SNMP community. If SNMP agent is not selected, this control will not be visible.
For more information, see SNMP v1/v2c communities on page 205. |
||
Edit | Edit the selected SNMP community. | ||
Delete | Delete the selected SNMP community or communities. | ||
Community Name | The name of the SNMP community. | ||
Queries | The status of SNMP queries for each SNMP community. The enabled icon indicates that at least one query is enabled. The disabled icon indicates that all queries are disabled. | ||
Traps | The status of SNMP traps for each SNMP community. The enabled icon indicates that at least one trap is enabled. The disabled icon indicates that all traps are disabled. | ||
Enable | Enable or disable the SNMP community. | ||
SNMP v3 | The list of SNMPv3 users added to the configuration. | ||
Create New | Select Create New to add a new SNMP user. If SNMP agent is not selected, this control will not be visible.
For more information, see SNMP v3 users on page 208. |
||
Edit | Edit the selected SNMP user. | ||
Delete | Delete the selected SNMP user or users. | ||
User Name | The user name for the SNMPv3 user. | ||
Security Level | The security level assigned to the SNMPv3 user. | ||
Notification Hosts | The notification host or hosts assigned to the SNMPv3 user. | ||
Queries | The status of SNMP queries for each SNMP user. The enabled icon indicates queries are enabled. The disabled icon indicates they are disabled. | ||
SNMP v1/v2c communities
An SNMP community is a grouping of equipment for network administration purposes. You must configure your FortiAnalyzer to belong to at least one SNMP community so that community’s SNMP managers can query the FortiAnalyzer system information and receive SNMP traps from it.
Each community can have a different configuration for SNMP traps and can be configured to monitor different events. You can add the IP addresses of up to eight hosts to each community. Hosts can receive SNMP device traps and information.
To create a new SNMP community:
- Go to System Settings > Advanced > SNMP and ensure the SNMP agent is enabled.
- In the SNMP v1/v2c section, click Create New in the toolbar. The New SNMP Community pane opens.
- Configure the following options, then click OK to create the community.
Name | Enter a name to identify the SNMP community. This name cannot be edited later. | |
Hosts | The list of hosts that can use the settings in this SNMP community to monitor the FortiAnalyzer system.
When you create a new SNMP community, there are no host entries. Select Add to create a new entry that broadcasts the SNMP traps and information to the network connected to the specified interface. |
|
IP
Address/Netmask |
Enter the IP address and netmask of an SNMP manager.
By default, the IP address is 0.0.0.0 so that any SNMP manager can use this SNMP community. |
|
Interface | Select the interface that connects to the network where this SNMP manager is located from the dropdown list. This must be done if the SNMP manager is on the Internet or behind a router. | |
Delete | Click the delete icon to remove this SNMP manager entry. | |
Add | Select to add another entry to the Hosts list. Up to eight SNMP manager entries can be added for a single community. | |
Queries | Enter the port number (161 by default) the FortiAnalyzer system uses to send v1 and v2c queries to the FortiAnalyzer in this community. Enable queries for each SNMP version that the FortiAnalyzer system uses. | |
Traps | Enter the Remote port number (162 by default) the FortiAnalyzer system uses to send v1 and v2c traps to the FortiAnalyzer in this community. Enable traps for each SNMP version that the FortiAnalyzer system uses. | |
SNMP Event | Enable the events that will cause SNMP traps to be sent to the community.
l Interface IP changed l Log disk space low l CPU Overuse l Memory Low l System Restart l CPU usage exclude NICE threshold l RAID Event (only available for devices that support RAID) l PowerSupply Failed (only available on supported hardware devices) l Fan Speed Out of Range l Temperature Out of Range l Voltage Out of Range l High licensed device quota l High licensed log GB/day l Log Alert l Log Rate l Data Rate FortiAnalyzer feature set SNMP events: |
To edit an SNMP community:
- Go to System Settings > Advanced > SNMP.
- In the SNMP v1/v2c section, double-click on a community, right-click on a community then select Edit, or select a community then click Edit in the toolbar. The Edit SNMP Community pane opens.
- Edit the settings as required, then click OK to apply your changes.
To delete an SNMP community or communities:
- Go to System Settings > Advanced > SNMP.
- In the SNMP v1/v2c section, select the community or communities you need to delete.
- Click Delete in the toolbar, or right-click and select Delete.
- Click OK in the confirmation dialog box to delete the selected community or communities.
SNMP v3 users
The FortiAnalyzer SNMP v3 implementation includes support for queries, traps, authentication, and privacy. SNMP v3 users can be created, edited, and deleted as required.
To create a new SNMP user:
- Go to System Settings > Advanced > SNMP and ensure the SNMP agent is enabled.
- In the SNMP v3 section, click Create New in the toolbar. The New SNMP User pane opens.
- Configure the following options, then click OK to create the community.
User Name | The name of the SNMP v3 user. | |
Security Level | The security level of the user. Select one of the following:
l No Authentication, No Privacy l Authentication, No Privacy: Select the Authentication Algorithm (SHA1, MD5) and enter the password. l Authentication, Privacy: Select the Authentication Algorithm (SHA1, MD5), the Private Algorithm (AES, DES), and enter the passwords. |
|
Queries | Select to enable queries then enter the port number. The default port is 161. | |
Notification Hosts | The IP address or addresses of the host. Click the add icon to add multiple IP addresses. | |
SNMP Event | Enable the events that will cause SNMP traps to be sent to the SNMP manager.
l Interface IP changed l Log disk space low l CPU Overuse l Memory Low l System Restart l CPU usage exclude NICE threshold l RAID Event (only available for devices that support RAID) l PowerSupply Failed (only available on supported hardware devices) l High licensed device quota l High licensed log GB/day l Log Alert l Log Rate l Data Rate l Fan Speed Out of Range l Temperature Out of Range l Voltage Out of Range FortiAnalyzer feature set SNMP events: |
To edit an SNMP user:
- Go to System Settings > Advanced > SNMP.
- In the SNMP v3 section, double-click on a user, right-click on a user then select Edit, or select a user then click Edit in the toolbar. The Edit SNMP User pane opens.
- Edit the settings as required, then click OK to apply your changes.
To delete an SNMP user or users:
- Go to System Settings > Advanced > SNMP.
- In the SNMP v3 section, select the user or users you need to delete.
- Click Delete in the toolbar, or right-click and select Delete.
- Click OK in the confirmation dialog box to delete the selected user or users.
SNMP MIBs
The Fortinet and FortiAnalyzer MIBs, along with the two RFC MIBs, can be obtained from Customer Service & Support
(https://support.fortinet.com). You can download the FORTINET-FORTIMANAGER-FORTIANALYZER-MIB.mib
MIB file in the firmware image file folder. The FORTINET-CORE-MIB.mib file is located in the main FortiAnalyzer 5.00 file folder.
RFC support for SNMP v3 includes Architecture for SNMP Frameworks (RFC 3411), and partial support of User-based Security Model (RFC 3414).
To be able to communicate with the SNMP agent, you must include all of these MIBs into your SNMP manager.
Generally your SNMP manager will be an application on your local computer. Your SNMP manager might already
include standard and private MIBs in a compiled database that is ready to use. You must add the Fortinet and FortiAnalyzer proprietary MIBs to this database.
MIB file name or RFC | Description |
FORTINET-CORE-MIB.mib | The proprietary Fortinet MIB includes all system configuration information and trap information that is common to all Fortinet products.
Your SNMP manager requires this information to monitor Fortinet unit configuration settings and receive traps from the Fortinet SNMP agent. |
FORTINET-FORTIMANAGERMIB.mib | The proprietary FortiAnalyzer MIB includes system information and trap information for FortiAnalyzer units. |
RFC-1213 (MIB II) | The Fortinet SNMP agent supports MIB II groups with the following exceptions.
l No support for the EGP group from MIB II (RFC 1213, section 3.11 and 6.10). l Protocol statistics returned for MIB II groups (IP/ICMP/TCP/UDP/etc.) do not accurately capture all Fortinet traffic activity. More accurate information can be obtained from the information reported by the Fortinet MIB. |
RFC-2665 (Ethernet-like MIB) | The Fortinet SNMP agent supports Ethernet-like MIB information with the following exception.
No support for the dot3Tests and dot3Errors groups. |
SNMP traps
Fortinet devices share SNMP traps, but each type of device also has traps specific to that device type. For example FortiAnalyzer units have FortiAnalyzer specific SNMP traps. To receive Fortinet device SNMP traps, you must load and compile the FORTINET-CORE-MIB into your SNMP manager.
Traps sent include the trap message as well as the unit serial number (fnSysSerial) and host name (sysName). The Trap Message column includes the message that is included with the trap, as well as the SNMP MIB field name to help locate the information about the trap.
Trap message | Description |
ColdStart, WarmStart, LinkUp, LinkDown | Standard traps as described in RFC 1215. |
CPU usage high
(fnTrapCpuThreshold) |
CPU usage exceeds the set percent. This threshold can be set in the CLI using the following commands:
config system snmp sysinfo set trap-high-cpu-threshold <percentage value> end |
CPU usage excluding NICE processes
(fmSysCpuUsageExcludedNice) |
CPU usage excluding NICE processes exceeds the set percentage. This threshold can be set in the CLI using the following commands:
config system snmp sysinfo set trap-cpu-high-exclude-nice-threshold <percentage value> end |
Trap message | Description |
Memory low
(fnTrapMemThreshold) |
Memory usage exceeds 90 percent. This threshold can be set in the CLI using the following commands:
config system snmp sysinfo set trap-low-memory-threshold <percentage value> end |
Log disk too full
(fnTrapLogDiskThreshold) |
Log disk usage has exceeded the configured threshold. Only available on devices with log disks. |
Temperature too high
(fnTrapTempHigh) |
A temperature sensor on the device has exceeded its threshold. Not all devices have thermal sensors. See manual for specifications. |
Voltage outside acceptable range
(fnTrapVoltageOutOfRange) |
Power levels have fluctuated outside of normal levels. Not all devices have voltage monitoring instrumentation. |
Power supply failure
(fnTrapPowerSupplyFailure) |
Power supply failure detected. Available on some devices that support redundant power supplies. |
Interface IP change
(fnTrapIpChange) |
The IP address for an interface has changed. The trap message includes the name of the interface, the new IP address and the serial number of the Fortinet unit. You can use this trap to track interface IP address changes for interfaces with dynamic IP addresses set using DHCP or PPPoE. |
Log rate too high
(fmTrapLogRateThreshold) |
The incoming log rate has exceeded the peak log rate threshold.
To determine the peak log rate, use the following CLI command: get system loglimits |
Data rate too high
(fmTrapLogDataRateThreshold) |
The incoming data rate has exceeded the peak data rate threshold.
The peak data rate is calculated using the peak log rate x 512 bytes (average log size). |
Fortinet & FortiAnalyzer MIB fields
The Fortinet MIB contains fields reporting current Fortinet unit status information. The below tables list the names of the MIB fields and describe the status information available for each one. You can view more details about the information available from all Fortinet MIB fields by compiling the fortinet.3.00.mib file into your SNMP manager and browsing the Fortinet MIB fields.
System MIB fields:
MIB field | Description |
fnSysSerial | Fortinet unit serial number. |
Administrator accounts:
MIB field | Description | |
fnAdminNumber | The number of administrators on the Fortinet unit. | |
fnAdminTable | Table of administrators. | |
fnAdminIndex | Administrator account index number. | |
fnAdminName | The user name of the administrator account. | |
fnAdminAddr | An address of a trusted host or subnet from which this administrator account can be used. | |
fnAdminMask | The netmask for fnAdminAddr. |
Custom messages:
MIB field | Description |
fnMessages | The number of custom messages on the Fortinet unit. |
MIB fields and traps | |
MIB field | Description |
fmModel | A table of all FortiAnalyzer models. |
Can SNMP Agent send traps inform. That is, wait for a confirmation of receipt of the trap, otherwise retry n times or throw an error.