Clear-Text SNMP in Use. This article for where determined that the clear-text SNMP versions were enabled on Fortigate device.
SNMP is an industry standard protocol for monitoring and managing a variety of devices. SNMP services typically offer detailed information that includes a device’s operating system, network interfaces, memory, system counters and system users. With write access to SNMP, it is possible to re-configure networking, system properties and even shutdown a device.
There are multiple versions of SNMP and versions prior to version 3 offer no encryption of either the authentication or data network traffic.
An attacker or malicious user who can monitor the unencrypted SNMP network traffic would capture the SNMP community string used to authenticate access to the SNMP agent service. Additionally, they would capture all the information transferred using the unencrypted connection.
NetsecAddict recommends that, if not required, SNMP should be disabled. However, if SNMP access is required, only SNMP version 3 should be configured with strong authentication and privacy passwords.
Now procedure for how to enable SNMP and configure SNMP version 3. Also integrate SNMP MIB file in Alcatel NMS or third party NMS software.
For configuration of SNMP kindly follow the below step.
Step1: Enable SNMP Agent
Login Fortinet Device > System > SNMP > Enable SNMP Agent
Download Fortigate MIB file from SNMP tab and uploading on NMS software.
Step2: Create new SNMP v3 profile
Step3: Provide details as require.
User Name: Provide new SNMP user name which need to integrate with NMS system. If you having user name and password of NMS system profile where SNMP profile created.
Security Level: Must select Authentication. It is require for authenticate SNMP string. Select authentication algorithm SHA1 (MD5 is not recommended) and set password for authentication. Password should be strong.
Private: Authentication should be select as private because SNMP packet should be send in encrypted form which is more secure. Set AES authentication and Password.
Host: Provide host IP which is NMS hostname or IP.
Port: enter as per set in NMS and it should be allowed from your server farm or firewall so that SNMP communication with NMS server.
SNMP Event: Kindly select as per you requirement.
Note: Communication port 161 must be allow from Fortigate Device to NMS server destination. If having access restriction of Fortigate Admin console from Admin console need to allow your NMS server IP address or hostname in Admin restriction.
If you get any assistance using this article, Please like, Share and comment in the below message box.