Skip to main content
tpatel
Staff
tpatel
Staff
February 11, 2026

Troubleshooting Tip: Automation Stitch Fails to Ban IP Addresses Due to Auto‑Script Table Limit Reached

  • February 11, 2026
  • 0 replies
  • 403 views
Description

This article explains an issue where a FortiGate automation stitch fails to ban source IP addresses. Although the stitch triggers successfully, the action does not execute. The root cause is that the system.auto-script table has reached its maximum allowed number of entries, preventing new CLI‑script actions from being created.

A step‑by‑step procedure is provided to diagnose and resolve the issue.
Scope FortiGate.
Solution

An automation stitch is created to ban source IP addresses using a FortiAnalyzer event handler, based on IPS event logs.

 

Configuration example: 

 

  1. Create the Automation Action.

 

config system automation-action
    edit "BAN_IP_CUSTOM_10_MINUTES"
        set action-type cli-script
        set script "diagnose user banned-ip add src4 %%log.srcip%% 600 admin"  <----- 600 seconds which is 10 minutes.
        set execute-security-fabric enable
        set accprofile "super_admin"
    next
end

 

  1. Create the Automation Trigger.

 

config system automation-trigger
    edit "FAZ logs"
        set event-type faz-event
        set faz-event-name "IPS events logs"
    next
end

 

  1. Create the Automation Stitch.

config system automation-stitch
    edit "BAN IP ADDRESS-FAZ-6-SCANNER-LOG"
        set trigger "FAZ logs"
            config actions
                edit 1
                    set action "BAN_IP_CUSTOM_10_MINUTES"
                    set required enable
                next
            end
        next
    end

The automation stitch shows as triggered in system event logs, but the source IP address does not appear in:

 
   diagnose user <banned-ip> list
 
Troubleshooting: Debug Output.
 

Run the automation stitch debugging processes: 

   diagnose debug application autod -1
   diagnose debug enable

 

Example output:

pid:5763-__handle_pkg_logs()-356: Subscriber:4 processing package size:486530 logs:460 pickup:2
pid:5763-__subscr_close_cur_pkg()-140: close package size:486530 logs:460
Too many entries in all tables of 'system.auto-script' in vdom global: 256 / vdom-max = 256
__run_script()-66: Failed to create auto script:diagnose user banned-ip add src4 192.168.1.12 600 admin.
__action_cli_script_open()-164: Failed to run script.

 

Root cause:

 

The error message 'Too many entries in all tables of 'system.auto-script' in vdom global: 256 / vdom-max = 256' occurs when the maximum number of automation scripts permitted in the global VDOM has been reached.

 

To determine the maximum number of automation scripts supported by a FortiGate device, run 'print tablesizecommand and check for the system.auto-script entry in the output to see how many auto-scripts are supported on the FortiGate.

 

print tablesize
...

system.auto-script: 0 256 512

...

 

In example output above , 256 represents per VDOM limit whereas 512 represents Global limit (Technical Tip: FortiGate maximum values table).

Resolution:

 

List existing Auto-Scripts:

 

show config system auto-script

Delete unused or obsolete entries:

 

config system auto-script
delete <script_name>

 

Once the number of auto-scripts falls below the system limit, automation stitches resume normal operation and source IP addresses are successfully added to the banned list.

 

Related articles:
Terms & ConditionsAccessibility statement