InformationEnsuring that only SNMPv3 service is enabled and SNMPv1, SNMPv2c are disabled.
SNMP Version 3 provides security enhancements that are not available in SNMP Version 1 or SNMP Version 2c. SNMP Versions 1 and 2c transmit data between the SNMP server and SNMP agent in clear text. SNMP Version 3 adds authentication and privacy options to secure protocol operations. Some firewalls need to be constantly monitored of its performance and status. Especially if the firewalls are critical to the operation. Enabling SNMPv3 will ensure that the firewall is monitored properly.
Some older SNMP server that only run SNMPv1 or SNMPv2C will not be able to query to this firewall.
SolutionTo enable SNMP agent
FGT1 # config system snmp sysinfo
FGT1 (sysinfo) # set status enable
FGT1 (sysinfo) # end
In GUI, go to System -> SNMP and enable SNMP Agent.
To delete SNMPv1/2c communities
In this example, we'll delete community 'public'
FGT1 # config system snmp community
FGT1 (community) # delete public
FGT1 (community) # end
In the GUI, go to System -> SNMP, select the community and click on the Delete button.
To add SNMPv3 User
FGT1 # config system snmp user
FGT1 (user) # edit 'snmp_test'
FGT1 (snmp_test) # set security-level auth-priv
FGT1 (snmp_test) # set auth-proto sha256
FGT1 (snmp_test) # set auth-pwd xxxx
FGT1 (snmp_test) # set priv-proto aes256
FGT1 (snmp_test) # set priv_pwd xxxx
FGT1 (snmp_test) # end
In the GUI, go to System -> SNMP, under SNMPv3, click on 'Create New' button. Select 'Authentication' and choose SHA256 as Authentication algorithm. Click 'Change' to type in the password. ALso select option 'Private', choose AES256 as Encryption Algorithm. Click on Change to change the password. Click 'OK' to add the new user. Click apply to apply the new setting into the current config.
By default, SNMP agent is disabled.