Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
msanjaypadma
Staff
Staff

Created on ‎11-21-2025 12:26 AM Edited on ‎11-21-2025 12:27 AM By Moderator

Article Id 419834

Technical Tip: Automating SSL VPN user disconnection using automation stitch on FortiGate

Description

 

This article describes a step-by-step guide to configure an Automation Stitch on FortiGate to automatically disconnect all active SSL VPN users at a specified time.

 

Scope

 

FortiGate Firewall.

 

Solution

 

The solution involves creating an Automation Stitch that triggers at a scheduled time to execute a CLI command, disconnecting all SSL VPN users. The process encompasses defining a trigger based on a schedule, creating an action to run the CLI script, and assembling these components into a stitch.

Step 1: Access the Automation Section.

  • Navigate to Security Fabric -> Automation tab.


0.PNG

 

Step 2: Create a New Stitch.

  • Select Create New to initiate a new Automation Stitch.
  • Enter a meaningful Name and Description.
  • Set Status to Enabled.
  • Choose Action Execution as Sequential to ensure orderly execution of steps.


6.PNG
Step 3: Define the Trigger.

  • Select the Trigger tab within the stitch configuration.
  • Select Create to define a new trigger.
  • Choose Schedule as the trigger type.


7.PNG

8.PNG
Step 4: Configure Schedule Trigger.

  • Provide a Name for the trigger.
  • Specify the Frequency (e.g., daily, weekly) and set the exact Time (e.g., 06:00 AM) when the disconnection should occur.
  • Select OK to save the trigger.

    9.PNG

Note: For this example, the trigger is configured to activate daily at 6:00 AM.

Step 5: Associate Trigger with Stitch.

  • Return to the main stitch configuration screen.
  • Select the newly created trigger from the list to associate it with the stitch.

 

10.PNG

 

Step 6: Define the Action.

  • Select the Action tab.
  • Select Create, then select CLI Script as the action type.

 

11.PNG

 

Step 7: Input CLI Script.

  • Enter a Name for the action.
  • In the script field, input the following command:


execute vpn sslvpn del-all

This command disconnects all active SSL VPN users.

  • Select OK to save the action.


12.PNG

 

Step 8: Finalize and Enable.
Confirm all settings and select OK to create the Automation Stitch.

 

Verification : 

To verify the configuration, run the following CLI command : 

get vpn ssl monitor
diagnose test application autod 3


1.PNG

 

3.PNG

 

4.PNG

 

5.PNG


13.PNG

69
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.