Note:

In this example, the Event Handler will be configured to be triggered when the FortiGate CPU value exceeds 5% for testing purposes; this can be changed accordingly.

In FortiAnalyzer, create a new handler for high CPU (ensure the Automation Stitch option is enabled). Event Handler can be created by going under Incidents & Events -> Event Handlers -> Event Handlers, and select 'Create New'.

An example of the handler is shown below:

An example of the rule is shown below:

On the FortiGate side, configure the Automation Stitch by going under Security Fabric -> Automation. Choose the trigger as FortiAnalyzer Event Handler and choose the previously created handler as shown below:

Configure the Action for failover as shown below:

Configure the Automation Stitch as shown below:

If the CPU in the FortiGate reaches 5% or more, the Event Handler in FortiAnalyzer will trigger, which will then trigger the failover Automation Stitch in the FortiGate.

This can also be configured alternatively, using FortiAnalyzer Playbooks. Refer to the following KB article: Technical Tip: FortiGate HA failover using FortiAnalyzer automation