Skip to main content
CrysbergIT
CrysbergIT
New Member
June 19, 2023
Solved

How to stop Fortigate FG100ETK from sending notifications on invalid VPN login attempts

  • June 19, 2023
  • 1 reply
  • 11270 views

Hi Fortigate'rs

 

I have a (two actually in a HA config) FG101ETK Firewalls which I am very happy with.

 

However, it constantly sends me e-mails when people are trying to "hack" our VPN. I'd like to avoid getting those errors as they clutter my inbox and may hide important messages, and there's really nothing I can about it anyway.

 

Message meets Alert condition

date=2023-06-19 time=04:58:21 devname=FG101ETK00000000 devid=FG101ETK00000000 eventtime=1687143501487137862 tz="+0200" logid="0106037121" type="event" subtype="vpn" level="error" vd="root" logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=61.66.190.98 locip=1.2.3.4 remport=8512 locport=500 outintf="wan" cookies="3e35cd0719dfedef/0000000000000000" user="N/A" group="N/A" useralt="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A" status="failure" init="remote" mode="main" dir="inbound" stage=1 role="responder" result="ERROR"

 

How do I stop the firewall from sending those messages (only these, VPN-related ones!)

 

I'm on 7.0.9 build0444 by the way.

 

Best, 

 

Bjorn

Best answer by Yurisk

Then left is the 'old' way of configuring it - check on CLI show alertmail setting

Or in GUI (but I think in 7.0.x this option was removed from the GUI) https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-alert-email-settings/ta-p/194102 

1 reply

Yurisk
SuperUser
Yurisk
SuperUser
June 19, 2023

Hi, as this is 7.0.9 good chance you have Automation Stitch that fires each time and sends this email alert. Look in  Security Fabric -> Automation and look at the column "Trigger Count" for recently triggered stitches - one of them will be yours, you can then disable it.

 

CrysbergIT
CrysbergITAuthor
New Member
June 20, 2023

Yeah, I actually looked there, but I can only find 2 triggers that has any value above 0 in "Trigger count" - HA Failover (which is not the one) and "Security Rating Notification" which also doesnt seem to have anything to do with it.

Yurisk
SuperUser
YuriskAnswer
SuperUser
June 20, 2023

Then left is the 'old' way of configuring it - check on CLI show alertmail setting

Or in GUI (but I think in 7.0.x this option was removed from the GUI) https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-alert-email-settings/ta-p/194102 

Terms & ConditionsAccessibility statement