2.3.1 Ensure SNMP agent is disabled

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The Simple Network Management Protocol (SNMP) server is used to listen for SNMP commands from an SNMP management system, execute the commands or collect the information and then send results back to the requesting system.

Rationale:

The SNMP server can communicate using SNMP v1, which transmits data in the clear and does not require authentication to execute commands. Unless absolutely necessary, it is recommended that the SNMP service not be used. If SNMP is required the server should be configured to use only SNMPv3.

Impact:

SNMP servers will not be able to query the Fortigate devices that have SNMP agents disabled.

Solution

On the CLI, run the following command to disable the agent

FGT1 # config system snmp sysinfo
FGT1 (sysinfo) # set status disable
FGT1 (sysinfo) # end

On the GUI, select System -> SNMP, disable SNMP agent

Default Value:

SNMP agent is disabled by default.

See Also

https://workbench.cisecurity.org/files/4077