| The following scenario explains how to configure a firewall policy at a specific time and delete it again. Configure a deny policy with an Automation Stitch to block traffic after working hours and allow it again when the FortiGate is in production. - Configure an Automation Stitch to add a Deny Firewall Policy.
config system automation-stitch edit "Add_Deny_Policy" set trigger "Add_Deny_Policy" config actions edit 1 set action "Deny_Policy" set required enable next end next end - Configure a 'Trigger' to be run every day after the time 17:00 (Working Hours).
config system automation-trigger edit "Add_Deny_Policy" set description "Create a new policy that will deny all the traffic after hour 17:00"
set trigger-type scheduled
set trigger-frequency daily
set trigger-hour 17
set trigger-minute 0 next end - Configure the 'Action' for creating the Deny_Policy 8.
config system automation-action edit "Deny_Policy" set action-type cli-script
set minimum-interval 1
set script "config firewall policy config firewall policy edit 8 set name "Deny_policy"
set uuid 4536ec5c-588d-51ef-add9-d94bdc4cb17d
set srcintf "port1"
set dstintf "port10"
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set logtraffic disable next end next end set execute-security-fabric enable set accprofile "super_admin" next 
- Check if the scheduled Automation Stitch for Add_Deny_Policy has been run:
diag test application autod 3
alert mail log count: 0 stitch: Add_Deny_Policy (scheduled) local hit: 1 relayed to: 0 relayed from: 0
last trigger:Mon Aug 21 17:00:00 2024
last relay:
next scheduled trigger:Tue Aug 22 17:00:00 2024
actions:
Deny_Policy:
done: 1 relayed to: 0 relayed from: 0
last trigger:Mon Aug 21 17:00:00 2024
last relay: Notice that the Automation Stitch Add_Deny_Policy has been triggered on 21 Aug at 17:00, and the next action will be on 22 Aug at 17:00. 
5. Disable the Deny_Policy 8 during the production time with another Automation Stitch.
- Configure an Automation Stitch to disable the Deny Firewall Policy.
config system automation-stitch edit "Disable the Deny_Policy" set trigger "Delete the deny_Policy" config actions edit 1 set action "Delete the Deny_Policy" set required enable next end next end - Configure a 'Trigger' to be run every day at the time 08:00 (Working Hours).
config system automation-trigger edit "Delete the deny_Policy" set description "Delete the Deny Policy at 08:00 every day."
set trigger-type scheduled
set trigger-hour 8
set trigger-minute 0 next end - Configure the 'Action' to Disable the Deny_Policy 8.
config system automation-action edit "Delete the Deny_Policy" set description "Delete the Deny policy at 08:00"
set action-type cli-script
set script "config firewall policy delete 8 next set accprofile "super_admin" next 
- Check if the scheduled Automation Stitch for disabling the Deny_Policy has been run:
diagnose test application autod 3
alert mail log count: 0 stitch: Disable the Deny_Policy (scheduled) local hit: 1 relayed to: 0 relayed from: 0
last trigger:Mon Aug 21 08:00:00 2024
last relay:
next scheduled trigger:Tue Aug 22 08:00:00 2024
actions:
Delete the Deny_Policy:
done: 1 relayed to: 0 relayed from: 0
last trigger:Mon Aug 21 08:00:00 2024
last relay: - The Automation Stitch for disabling the Deny_Policy has been triggered on 21 Aug at 08:00, and the next action will be on 22 Aug at 08:00.
- To display all settings for all the Automation Stitches, run the following command:
diagnose test application autod 2
csf: disabled root: no sync connection: connecting
version:0 sync time:
total stitches activated: 3 stitch: Add_Deny_Policy
destinations: all
trigger: Add_Deny_Policy local hit: 10 relayed to: 0 relayed from: 0
actions:
Deny_Policy type:cli-script interval:1
delay:0 required:yes
script:config firewall policy edit 8 set name "Deny_policy"
set uuid 4536ec5c-588d-51ef-add9-d94bdc4cb17d
set srcintf "port1"
set dstintf "port10"
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set logtraffic disable next end
stitch: Disable the Deny_Policy
destinations: all
trigger: Delete the deny_Policy
local hit: 10 relayed to: 0 relayed from: 0
actions:
Delete the Deny_Policy type:cli-script interval:0
delay:0 required:yes
script:config firewall policy
delete 8
next
stitch: Firmware upgrade notification
destinations: all
trigger: Auto Firmware upgrade
type:logid
logids:
- To display statistics for all Automation Stitches, run the following command:
diagnose test application autod 3
alert mail log count: 0 stitch: Add_Deny_Policy (scheduled) local hit: 10 relayed to: 0 relayed from: 0
last trigger:Wed Aug 21 02:35:12 2024
last relay:
next scheduled trigger:Thu Aug 22 02:35:00 2024
actions:
Deny_Policy:
done: 10 relayed to: 0 relayed from: 0
last trigger:Wed Aug 21 02:35:12 2024
last relay:
stitch: Disable the Deny_Policy (scheduled)
local hit: 10 relayed to: 0 relayed from: 0
last trigger:Wed Aug 21 02:39:12 2024
last relay:
next scheduled trigger:Thu Aug 22 02:39:00 2024
actions:
Delete the Deny_Policy:
done: 10 relayed to: 0 relayed from: 0
last trigger:Wed Aug 21 02:39:12 2024
last relay:
stitch: Firmware upgrade notification
local hit: 0 relayed to: 0 relayed from: 0
last trigger: last relay:
actions:
Email Notification:
done: 0 relayed to: 0 relayed from: 0
last trigger: last relay: logid to stitch mapping:
id:0 (scheduled stitches) local hit: 20 relayed hits: 0
Add_Deny_Policy
Disable the Deny_Policy - To stop all the Automation Stitches, run the following command:
execute auto-script stopall No script is running diagnose debug reset | 
