Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Adryan_you
Staff
Staff

Created on ‎12-28-2022 11:19 PM Edited on ‎09-07-2025 11:23 PM By Community Manager

Article Id 241359

Technical Tip: Automation Stitch to shutdown wan interface if SLA fails

 

Description This article describes how to use an automation stitch to shut down the WAN interface if SLA fails.
Scope FortiGate.
Solution

In this setup, port1 is the WAN interface. 

  1. Create an Automation Action that will shut port1.
                                                             

Adryan_you_1-1672280589961.png

 

Adryan_you_3-1672280686172.png

 

  1. Create the Automation trigger when the SLA fails, the port1 is brought down.
                                                                  

Adryan_you_5-1672280876760.png

 

Adryan_you_6-1672280958513.png

 

  1. Create Automation Stitch. When port1 SLA fails, port1 will be brought down.
                                                              

Adryan_you_8-1672281144132.png

 

Adryan_you_9-1672281257376.png

 

CLI reference:

 

config system automation-trigger

    edit "trigger-port1DOWN"

        set event-type event-log

        set logid 22933

        config fields

            edit 1

                set name "interface"

                set value "port1"

            next

            edit 2

                set name "healthcheck"

                set value "SLA8888FGT1"

            next

        end

    next

end

 

config system automation-action

    edit "port1DOWN"

        set action-type cli-script

        set script "config system interface

            edit port1

                set status down

end"

        set accprofile "super_admin"

    next

end

 

config system automation-stitch

    edit "stitch-port1DOWN"

        set trigger "trigger-port1DOWN"

        config actions

            edit 1

                set action "port1DOWN"

                set required enable

            next

        end

    next

end

 

  1. Test Result.
  • Port1 SLA failed. Port1 shuts down automatically.

 

Adryan_you_11-1672283291076.png

 

date=2022-12-29 time=10:51:33 eventtime=1672282293501050307 tz="+0800" logid="0113022933" type="event" subtype="sdwan" level="notice" vd="root" logdesc="SDWAN SLA notification" eventtype="Health Check" healthcheck="SLA8888FGT1" interface="port1" probeproto="ping" newvalue="dead" msg="SD-WAN health-check member initial state."

 

date=2022-12-29 time=10:51:34 eventtime=1672282294142945722 tz="+0800" logid="0100020099" type="event" subtype="system" level="warning" vd="root" logdesc="Interface status changed" action="interface-stat-change" status="DOWN" msg="Link monitor: Interface port1 was turned down"
5435
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.