Technical Tip: Automation stitch configuration for inbound and outbound bandwidth rate exceeded event

This article describes how inbound and outbound bandwidth rate exceeded automation stitch works.

FortiOS 6.0 introduces Automation Stitches as part of the Security Fabric.

The configuration is as follows:

1. Create a new Automation Stitch: Go to Security Fabric -> Automation and select 'Create New'.
2. Assign a name, select Trigger ‘FortiOS Event Log’ and Event as ‘Inbound bandwidth rate exceeded’ or ‘outbound bandwidth exceeded’.

3. Set the Action as 'Email' and mention the email address to which the email has to be sent.
   
   

1. Edit the interface to get the trigger and set the upstream and downstream bandwidth as per requirement:
   
   

5. When the above mentioned bandwidth exceeds, an event will be generated in the automation stitch and an email will be sent to the configured email address.

Note.

For the alert email to be sent when the Automation stitch is triggered, an Email server needs to be configured under System -> Advanced.

The Outbound bandwidth and Inbound bandwidth rate exceeded event will get generated only when FIPS-CC is enabled as per design.

Only certain versions and models are FIPS-CC certified and the configuration has to be done while the unit is in factory default settings.

Browse to support.fortinet.com/Download/FirmwareImages.aspx  for the FIPS-CC-Certified images.

For units where FIPS-CC is not enabled, the above configuration will not work.