How to enable SNMP V3 on Forti Gate Device and VAPT of SNMP ?

Vulnerability:

Clear-Text SNMP in Use. This article for where determined that the clear-text SNMP versions were enabled on Fortigate device.

Description:

SNMP is an industry standard protocol for monitoring and managing a variety of devices. SNMP services typically offer detailed information that includes a device’s operating system, network interfaces, memory, system counters and system users. With write access to SNMP, it is possible to re-configure networking, system properties and even shutdown a device.

There are multiple versions of SNMP and versions prior to version 3 offer no encryption of either the authentication or data network traffic.

Impact:

An attacker or malicious user who can monitor the unencrypted SNMP network traffic would capture the SNMP community string used to authenticate access to the SNMP agent service. Additionally, they would capture all the information transferred using the unencrypted connection.

 netsec2

 

 Solution:

NetsecAddict recommends that, if not required, SNMP should be disabled. However, if SNMP access is required, only SNMP version 3 should be configured with strong authentication and privacy passwords.

Now procedure for how to enable SNMP and configure SNMP version 3. Also integrate SNMP MIB file in Alcatel NMS or third party NMS software.

For configuration of SNMP kindly follow the below step.

Step1: Enable SNMP Agent

Login Fortinet Device   > System > SNMP > Enable SNMP Agent

netsec3

Download Fortigate MIB file from SNMP tab and uploading on NMS software.

Step2: Create new SNMP v3 profile

 netsec4

 

Step3: Provide details as require.

User Name:  Provide new SNMP user name which need to integrate with NMS system. If you having user name and password of NMS system profile where SNMP profile created.

Enable It

Security Level: Must select Authentication. It is require for authenticate SNMP string. Select authentication algorithm SHA1 (MD5 is not recommended) and set password for authentication. Password should be strong.

Private: Authentication should be select as private because SNMP packet should be send in encrypted form which is more secure. Set AES authentication and Password.

Host: Provide host IP which is NMS hostname or IP.

Port: enter as per set in NMS and it should be allowed from your server farm or firewall so that SNMP communication with NMS server.

SNMP Event: Kindly select as per you requirement.

Step4: Apply.

netsec5

Note: Communication port 161 must be allow from Fortigate Device to NMS server destination. If having access restriction of Fortigate Admin console from Admin console need to allow your NMS server IP address or hostname in Admin restriction.

 

If you get any assistance using this article, Please like, Share and comment in the below message box.

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: