What’s new in FortiOS Version 4.0 MR1 SNMPv3 enhancements
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 87
http://docs.fortinet.com/ • Feedback
SNMPv3 enhancements
FortiOS 4.0 introduced basic support for SNMPv3, the latest version of the Simple
Network Management Protocol. FortiOS Version 4.0 MR1 adds support for
• snmpEngineID
• user authentication and encryption capabilities.
You can configure these new features only in the CLI.
Support for snmpEngineID
FortiOS Version 4.0 MR1 adds the SNMPv3 snmpEngineID value defined in RFC3414.
Each SNMP engine maintains a value, snmpEngineID, which uniquely identifies the
SNMP engine. This value is included in each message sent to or from the SNMP engine.
In FortiOS, the snmpEngineID is composed of two parts:
• Fortinet prefix 0x8000304404
•the engine-id string, 24 characters maximum, defined in the CLI
config system snmp sysinfo command
The snmpEngineID is optional, so you are not required to define an engine-id value.
To specify engine-id
config system snmp sysinfo
set engine-id <string>
end
Authentication and privacy
FortiOS Version 4.0 MR1 implements the user security model of RFC 3414. You can
require the user to authenticate with a password and you can use encryption to protect the
communication with the user.
Syntax
The following syntax description includes only the new keywords related to security.
config system snmp user
edit <username>
set security-level <slevel>
set auth-proto {md5 | sha}
set auth-pwd <password>
set priv-proto {aes | des}
set priv-pwd <key>
end
Variable Description Default
security-level
<slevel>
Set security level to one of:
no-auth-no-priv — no authentication or privacy
auth-no-priv — authentication but no privacy
auth-priv — authentication and privacy
no-auth-no-priv
auth-proto
{md5 | sha}
Select authentication protocol:
md5 — HMAC-MD5-96 authentication protocol
sha — HMAC-SHA-96 authentication protocol
This is available if security-level is auth-priv
or auth-no-priv.
sha
To Next Page
Loading...
Need help?
General