Technical Tip: How to configure automation Stitches settings with Microsoft Office365
Description
This article describes how to configure email alerts because sometimes the FortiGate cannot access the account in order to send the email alert.
Debug shows:
2021-07-09 11:27:13 resolve smtp.office365.com to 1 IP
2021-07-09 11:27:13 <----- Send mail.
2021-07-09 11:27:13 connecting to 40.101.137.82 port 587
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: greeting, code: 220
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: ehlo, code: 250
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: starttls, code: 220
2021-07-09 11:27:13 rsp_starttls: creating ssl structure for session 0x18488f20
2021-07-09 11:27:13 create_ssl: 0x1852fac0
2021-07-09 11:27:13 sessionn 0x18488f20, SSL connected
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: ehlo, code: 250
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: auth, code: 334
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: auth2, code: 235
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: mail, code: 250
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: rcpt, code: 250
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: data, code: 354
2021-07-09 11:27:13 === send: FGT[FGT80Fxxxxxxxx] Automation Stitch:Admin Fail is triggered. 2021-07-09 11:27:38 _session_on_destroy
2021-07-09 11:27:38 <----- Send mail failed, m = 0x18502ff0 s = 0x18557ac0.
Scope
FortiGate.
Solution
- This is an example of the configuration in FortiGate.
Go to System -> Settings -> Email Service.
SMTP SERVER: smtp.office365.com
PORT: 587
AUTHENTICATION: example@domain.it
Password: xxxxxxxxx
SECURITY MODE: STARTTLS.
Default Reply To: Email sender address
-
To configure a custom email service in the CLI.
config system email-server
set type custom
set reply-to "helpdesk@fortinet.com"
set server "smtp.office365.com"
set port 587
set source-ip 0.0.0.0 <----- This is an important field to set (source IP which is used to send out the email traffic).
set source-ip6 ::
set authenticate enable
set validate-server disable
set username "example@domain.it"
set security starttls
set ssl-min-proto-version default
end
- On the root FortiGate, go to Security Fabric -> Automation and select 'Create New'.
- Enter a name for the stitch, such as 'Test Stitch'.
- Select Add Trigger -> Create -> Schedule. Enter Name, Frequency, Hour, and Minute, and select OK.
- Select Add Action -> Create -> Email. Configure the Email settings and select OK:
- In the To field, enter the email recipient addresses, such as admin@example.com and testuser@anymail.com.
- Enter the Email subject, such as Test Config Email.
- Edit the Email body as required. By default, the email body will include all the fields from the log event that triggered the stitch.
-
Select 'OK'.
edit "Test Schedule"
set trigger-type scheduled
set trigger-hour 1
next
end
edit "Test Stitch_email"
set action-type email
set email-to "testuser@anymail.com"
set email-from helpdesk@fortinet.com <----- This is an important field to set: Email sender address.
set email-subject "Test Config Email"
set message "%%log%%"
set minimum-interval 0
set delay 0
set required disable
next
end
edit "Test Stitch"
set trigger "Test Schedule"
config actions
edit 1
set action "Test Email"
set required enable
next
end
next
end
Related articles:
Technical Tip: Use FortiGate automation stitches for alert emails