Skip to main content
hbac
Staff
hbac
Staff
May 5, 2025

Technical Tip: How to activate/deactivate an Automation Stitch at a specified time

  • May 5, 2025
  • 0 replies
  • 900 views
Description

This article describes how to activate/deactivate an Automation Stitch at a specified time. In this example, an Automation Stitch is configured to send email alerts when there is a failed admin login attempt. However, the FortiGate administrator only wants to get the email alerts during non-working hours (from 5 PM to 9 AM). 

 

admin stitch.PNG

 

CLI configuration:

 

config system automation-trigger
    edit "Admin login failed"
        set event-type event-log
        set logid 32002
    next
end

config system automation-action
    edit "Default Email"
        set action-type email
        set email-to "test@fortinet.com"
        set email-subject "%%log.logdesc%%"
        set message "%%log%%"
    next
end

config system automation-stitch
    edit "Email_alert_admin_login_failed"
        set trigger "Admin login failed"
            config actions
                edit 1
                    set action "Default Email"
                    set required enable
                next
            end
    next
end
Scope FortiGate.
Solution

Since the Automation Trigger is set to 'Admin login failed', it is not possible to add another Trigger for 'Schedule'. 

 

In this scenario, it is necessary to create two more Automation Stitches. One to schedule a CLI script to enable the 'Email_alert_admin_login_failed' Automation Stitch at 5 PM, and another one to disable it at 9 AM. 

 

Example of an Automation Stitch to schedule a CLI script to enable the 'Email_alert_admin_login_failed' Automation Stitch at 5 PM. 

 

enable stitch.PNG

action enble.PNG

 

CLI configuration: 

 

config system automation-trigger
    edit "Enable_Email_admin_login_failed"
        set trigger-type scheduled
        set trigger-hour 17
    next
end

config system automation-action
    edit "Enable_Email_admin_login_failed"
        set action-type cli-script
        set script "config system automation-stitch
    edit Email_alert_admin_login_failed
        set status enable
end"
        set accprofile "super_admin"
    next
end

config system automation-stitch
    edit "Enable_Email_admin_login_failed"
        set trigger "Enable_Email_admin_login_failed"
            config actions
                edit 1
                    set action "Enable_Email_admin_login_failed"
                    set required enable
                next
            end
    next
end

 

Example of an Automation Stitch to schedule a CLI script to disable the 'Email_alert_admin_login_failed' Automation Stitch at 9 AM. 

 

disable trigger.PNG

disable action.PNG

 

CLI configuration: 

 

config system automation-trigger
    edit "Disable_Email_admin_login_failed"
        set trigger-type scheduled
        set trigger-hour 9
    next
end

config system automation-action
    edit "Disable_Email_admin_login_failed"
        set action-type cli-script
        set script "config system automation-stitch
            edit Email_alert_admin_login_failed
                set status disable
    end"
        set accprofile "super_admin"
    next
end

config system automation-stitch
    edit "Disable_Email_admin_login_failed"
        set trigger "Disable_Email_admin_login_failed"
            config actions
                edit 1
                    set action "Disable_Email_admin_login_failed"
                    set required enable
                next
            end
    next
end

 

Related documents: 

Technical Tip: Configure a new policy with an Automation Stitch at a specific time and delete it again

Automation stitches
Terms & ConditionsAccessibility statement