Wednesday, November 19, 2014

A HOWTO: Fortigate ipv6 snmp configurations

In this post,  we will look at the basic ipv6  snmp communities settings that's required.


1st my big warning, you need to configure the communities hosts6 via the cli. The address input via the WebGUI as of 5.2.2 is only for a ipv4 address. There's no provisions for doing this under the WebGUI. You typically will list the SNMP management hosts(s) in this section.


The basic snmp configuration would look similar to  the following screen

Config > snmp 




Now let's looking at my final ipv6 cfg for snmp queries. ( CLI )
 



NOTE: remember to enable snmp under the allowaccess for both ipv6 config.
e.g   set ip6-allowaccess ping https ssh


Now to query a ipv6  snmp  enabled fortigate, you need to include single quotation for the ipv6 address & within your snmpwalk/set/get.


e.g1  


e.g2



If you run into problems a combination of diag sniffer packet, diag debug app snmpd -1  or diag debug flow filter6 161 could shed some light into the issues.

Here's a snapshot on what happens if you don't allowaccess the snmp services;



Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
   ^      ^
=(  $  $ )=
       o 
      /  \

No comments:

Post a Comment