Skip to main content
fwilliams
Staff & Editor
fwilliams
Staff & Editor
August 30, 2022

Technical Tip: How to configure Automation Stitch to trigger after the FortiGate reboots

  • August 30, 2022
  • 0 replies
  • 2283 views
Description

This article describes the behavior of the Reboot Automation Trigger, why it does not trigger after the FortiGate reboots, and how to configure an alternative so that an Automation Stitch can be triggered after a FortiGate is rebooted.
Scope

FortiGate, Automation Stitch
Solution

In certain scenarios it can be useful to have the FortiGate take automated action after a reboot has occurred. For example, it might be desirable to have the FortiGate send an email out or run a CLI script just after an unexpected reboot occurs.

 

The built-in Reboot Automation Trigger would seem like a good fit for this use-case. However, this particular trigger only takes place just before a controlled reboot is performed (i.e. when an administrator purposefully reboots the FortiGate); it does not trigger after a reboot has occurred or when the reboot was unexpected (e.g. power-loss event, kernel panic, etc.)

 

Instead of using the existing Reboot Automation Trigger, the recommendation is to use the FortiOS Event Log trigger type and combine it with Log ID 32009 (LOG_ID_SYSTEM_START, aka 'FortiGate started'). With this change, the Automation Stitch can be triggered after a reboot has occurred, allowing for emails and other messages/actions to be taken.

 

Configuration via CLI:

 

  1. The Trigger:

 

config system automation-trigger

edit "reboot-trigger"

set event-type event-log

set logid 32009

next

end

 

  1. The Action:

 

config system automation-action

edit "Default Email"

set description "Default automation action configuration for sending an email with basic information on the log event."

set action-type email

set email-to "xxxxxx@yyyymail.com"

set email-subject "testing reboot automation stitch"

set message "reboot automation stitch  successful"

next

end

 

  1. The Stitch:

config system automation-stitch

edit "send-email-when-FTG-reboot"

set trigger "reboot-trigger"

config actions

edit 1

set action "Default Email"

next

end

next

end

 

Configuration via GUI:

  1. Navigate to Security Fabric -> Automation, then change to the Trigger tab and select Create New.
fwilliams_0-1661873886462.png

 

  1. In the Create New Automation Trigger page, select FortiOS Event Log, specify an appropriate name for the Trigger, then select the Event section. Search for '32009' and select the 'FortiGate started' entry, then select OK to complete the trigger configuration.

 

fwilliams_1-1661873896615.png

 

  1. Navigate back to the Stitch tab and select Create New. Specify an appropriate name for the Automation Stitch, then select the Add Trigger button and select/apply the new Trigger created in Step 2. Finally, select the Add Action button and add an appropriate action (such as the Default Email Action) and select OK to commit the configuration.

 

fwilliams_2-1661873908974.png

 

With the above configuration, the FortiGate Automation Stitch will now trigger after a reboot (since the 'FortiGate started' log is always generated after the FortiGate completes boot-up), and an action (such as sending out an alert email) can be taken.

 

Related documents:

Technical Tip: 'Test Automation Stitch' button is greyed out when trying to test a newly created automation stitch

FortiOS Log Message Reference - 32009 (LOG_ID_SYSTEM_START)
Terms & ConditionsAccessibility statement