Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kvimaladevi
Staff
Staff

Created on ‎05-09-2022 06:34 AM Edited on ‎08-06-2025 11:12 PM By Moderator

Article Id 211515

Technical Tip: Automation stitch configuration for inbound and outbound bandwidth rate exceeded event (FIPS-CC mode only)

Description

This article describes how to create an Automation Stitch that triggers when inbound and/or outbound bandwidth rates are exceeded.
Scope FortiGate, Automation Stitch, FIPS-CC Mode.
Solution

Important note before beginning:

While this article discusses Automation Stitches primarily, it is dependent on two particular System Event log entries:

 

It is critical to point out that these event logs are only ever generated when the FortiGate is running in FIPS-CC mode, as this feature was implemented solely to meet an NDcPP requirement for FIPS-CC certification. Note that this feature is available when running FIPS-CC mode on GA firmware as well as on the FIPS Certified/CVE-Patched firmware.

 

What this ultimately means is that these logs will not be generated on regular FortiGates running standard firmware, and so this Automation Stitch will not trigger for non-FIPS-mode FortiGates. Additionally, FIPS-CC mode on the FortiGate is not generally recommended to be enabled unless there is a specific business requirement to meet FIPS regulations, as it imposes a number of restrictions on the FortiGate's behavior to meet these regulations (see also: Fortinet - Federal Information Processing Standards).

 

Implementation:

The steps to configure this Automation Stitch are as follows:

  1. Create a new Automation Stitch: Go to Security Fabric -> Automation and select 'Create New'.
  2. Assign a name, then select Trigger ‘FortiOS Event Log’ and Event as ‘Inbound bandwidth rate exceeded’ or ‘Outbound bandwidth rate exceeded’.

 

Automation.png

 

  1. Set the Action as 'Email' and specify the email address that should receive the email. Set the Email body to '%%logid%%', which is a variable that includes the contents of the event log.

    Automation2.png

 

  1. On the network interface to be monitored, go into the CLI and set the outbandwidth and inbandwidth limits (measured in Kbps):

 

config system interface

    edit port1

        set inbandwidth <0-80000000 in kbps>

        set outbandwidth <0-80000000 in kbps>

    next

end

 

When the bandwidth crossing the interface exceeds the configured outbandwidth or inbandwidth, an event log will be generated, which triggers the Automation Stitch to send an email containing the log's contents to the configured email address. Note that an Email server needs to be configured under System -> Advanced before an alert email can be sent when the Automation stitch is triggered.
6213
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.