Skip to main content
llewesc1
llewesc1
New Member
July 24, 2025
Solved

Reboot Downstream FortiGate on Fabric via Automation

  • July 24, 2025
  • 2 replies
  • 1345 views

I am trying to reboot a downstream device in the fabric, but the automation stitch is not triggering.

 

The trigger is a weekly schedule at hour 3 (3am - see image below). For action, I've tried using the system action (included with v7.2 onward) as well as a CLI Script for the reboot.

 

Interesting points to note:

 

 

  • If I use the system action and click on the Test Automation Stitch, it reboots the downstream device.
  • If I use the CLI Script and click on the Test Automation Stitch, it reboots the root and downstream device.
  • Waiting for the trigger to reboot in either instance never occurs. 

Any help is appreciated.

 

All devices are running 7.6.3

Root device is a 600E

Downstream device is a 40F

 

I have followed the below, but this does not mention if it can be used for a downstream device in a fabric.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-Automation-Stitch-to-schedule-restart-reboot/ta-p/19185

 

Trigger Reboot.png

Best answer by llewesc1

Working with TAC, we determined the issue was related to the time zone setting (System > System > Time zone). For the automation stitch to work, the downstream FortiGate time had to match the root.

 

So even if your root FortiGate is in Toronto (GMT-5) and your satellite is in Vancouver (GMT-8), the time zones still have to match, so that the actual time on the firewall match.

 

I would've thought there'd be mention of it under Schedule trigger and wasn't able to find documentation anywhere else citing this caveat. If someone reads this ands knows where to find it please post.

 

Another item worth mentioning, our root FortiGate is not configured to be an NTP server for the downstream devices.

 

- Thanks

2 replies

RosenlindPer
RosenlindPer
Explorer
July 28, 2025

Hi,

You can choose which device in the fabric that the stitch should be applied on, so just chose your downstream fortigate.

 

/PR

    llewesc1
    llewesc1Author
    New Member
    July 28, 2025

    To clarify, the downstream device is selected. Recall, when using the system action and clicking on the Test Automation Stitch, it reboots the downstream device. I've opened a ticket with TAC.

    RosenlindPer
    RosenlindPer
    Explorer
    July 28, 2025

    For your TAC ticket, make sure you follow the steps here and attach the logs in the ticket.

    https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Troubleshooting-Security-Fabric-Issues/ta-p/230103

     

    Unless it solves the issue for you :)

    /PR

    llewesc1
    llewesc1AuthorAnswer
    New Member
    August 1, 2025

    Working with TAC, we determined the issue was related to the time zone setting (System > System > Time zone). For the automation stitch to work, the downstream FortiGate time had to match the root.

     

    So even if your root FortiGate is in Toronto (GMT-5) and your satellite is in Vancouver (GMT-8), the time zones still have to match, so that the actual time on the firewall match.

     

    I would've thought there'd be mention of it under Schedule trigger and wasn't able to find documentation anywhere else citing this caveat. If someone reads this ands knows where to find it please post.

     

    Another item worth mentioning, our root FortiGate is not configured to be an NTP server for the downstream devices.

     

    - Thanks

    RosenlindPer
    RosenlindPer
    Explorer
    August 3, 2025

    So timezones have to match, it just doesn't trigger on the "root fortigates timezone"? 

    llewesc1
    llewesc1Author
    New Member
    August 5, 2025

    Yes, the time zone (or just the time possibly) have to match. When trying with the root set to America/Toronto and the downstream set to America/Vancouver it would not trigger via the schedule. When we set the downstream to America/Toronto, it worked as scheduled.

    Terms & ConditionsAccessibility statement