FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes why FortiGate responds SNMP query for non-notified hosts.
Solution As per the FortiGate SNMPv3 feature 'notify-hosts' ONLY affects which hosts SNMPv3 notifications will be sent to. Instead, if authentication is needed, use the security-level (default: no-auth-no-priv)
# config system snmp user edit "test-snmp" set security-level ?
security-level: Security level for message authentication and encryption. no-auth-no-priv: Message with no authentication and no privacy (encryption). auth-no-priv: Message with authentication but no privacy (encryption). auth-priv: Message with authentication and privacy (encryption).
For example, if only authentication is needed, try:
# config system snmp user edit "test-snmp" set security-level auth-no-priv set auth-proto sha set auth-pwd password next end
Once configured, the SNMP Manager has to query with the correct authentication credentials. Otherwise, SNMP Server will not respond to the query and will report an error as the following:
As per the FortiGate SNMPv3 feature 'notify-hosts' ONLY affects which hosts SNMPv3 notifications will be sent to the traps so this is not affect the host which is request for snmp query so FortiGate responses if Authentication matches.
