What's new in FortiOS Version 4.0 MR1
SNMPv3 enhancements
Support for snmpEngineID
Authentication and privacy
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
FortiOS 4.0 introduced basic support for SNMPv3, the latest version of the Simple
Network Management Protocol. FortiOS Version 4.0 MR1 adds support for
•
snmpEngineID
•
user authentication and encryption capabilities.
You can configure these new features only in the CLI.
FortiOS Version 4.0 MR1 adds the SNMPv3 snmpEngineID value defined in RFC3414.
Each SNMP engine maintains a value, snmpEngineID, which uniquely identifies the
SNMP engine. This value is included in each message sent to or from the SNMP engine.
In FortiOS, the snmpEngineID is composed of two parts:
•
Fortinet prefix 0x8000304404
•
the engine-id string, 24 characters maximum, defined in the CLI
config system snmp sysinfo command
The snmpEngineID is optional, so you are not required to define an engine-id value.
To specify engine-id
config system snmp sysinfo
set engine-id <string>
end
FortiOS Version 4.0 MR1 implements the user security model of RFC 3414. You can
require the user to authenticate with a password and you can use encryption to protect the
communication with the user.
Syntax
The following syntax description includes only the new keywords related to security.
config system snmp user
edit <username>
set
security-level <slevel>
set
auth-proto {md5 | sha}
set
auth-pwd <password>
set
priv-proto {aes | des}
set
priv-pwd <key>
end
Variable
Description
Set security level to one of:
security-level
no-auth-no-priv — no authentication or privacy
<slevel>
auth-no-priv — authentication but no privacy
auth-priv — authentication and privacy
Select authentication protocol:
auth-proto
md5 — HMAC-MD5-96 authentication protocol
{md5 | sha}
sha — HMAC-SHA-96 authentication protocol
This is available if security-level is auth-priv
or auth-no-priv.
SNMPv3 enhancements
Default
no-auth-no-priv
sha
87