Adding Fortinet 60D using SNMPv3

I've never tried with a Fortinet, but (forgive me for asking the obvious) have you configured the firewall with a rule to allow access via snmp?  If not, it won't matter what snmp version or string is used.

Other firewalls I've managed required creating allowed network source IP addresses, protocols, destination address(es) on the firewall(s), and rules that used those components to allow snmp to poll the firewall.

My personal recommendation:  never use read-write strings.  Read-only is enough for reporting & discovering a node.

Hi Rschroeder,

Thanks a lot for your reply. Yes, I allowed SNMP on my port that I'm using to communicate with SolarWinds machine. This firewall works perfectly in SNMPv2, but not v3, this means that all my policies are in place (I assume), there is just something fishy going on with v3 not sure whose to blame here!!.

Thanx again for your reply.

Best,

I've had similar challenges with V3.  Each one was overcome by simplifying the snmp-v3 string and ensuring the rules for the products involved were identical and compatible. 

In one case I discovered a product that claimed to support v3, but would only do so when the Authentication password was made the same as the Privacy/Encryption password.  That sort of bypasses the effectiveness and complexity of the protection by using the same credential twice.

Could it be that your solution requires some simplifying?  Perhaps try the shortest and simplest snmp-v3 password possible on the Fortinet, and manually key it in there, as well as manually keying it into NPM.

Wouldn't it be nice if diagnostics on products and their monitoring solutions--which require identical credentials for secure communication--offered better information about why a particular communication failed?  If a person could know they had a typo in one of those devices' strings--maybe even something as simple as an extra space at the end (a la Windows Copy & Paste)--it would sure save some frustration.

Rschroeder,

Thanx one more time for your reply!,

Simplifying the passwords to (123456) did put me in a step forward. From Solarwinds, I can discover my 60D (SNMPv3 Credentials) but still cannot discover it's (Read / Write SNMPv3 Credentials), still the test is failing with add RW credential information. From my understanding that traps should work now but not queries. Extensive Debug on the fortinet side shows (USM unknown engine ID) even though I do write the engine ID myself at the 60D.

Still looking into it, if you or someone else in here have any comment please, do not hesitate to share!!.

Best,

You will not need Read/Write, leave that area blank and you should be able to add the Node. Read/Write is not needed, you can query and get traps through Read only.

Awesome!

Thanx Sean, then my issue is resolved now .