Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nevan
Staff
Staff

Created on ‎11-10-2025 02:49 AM Edited on ‎11-10-2025 06:56 AM By Moderator

Article Id 418292

Technical Tip: Automation stitch for cloud server connection and disconnection events

Description This article describes how to create an automation stitch for cloud server connection and disconnection events. Also, the event can be sent to the email services through the automation action.
Scope FortiGate, FortiGate VMx.
Solution

The cloud server connection and disconnection log ID events can be found in the FortiGate/FortiOS Document Library in the section FortiOS Log Message Reference. The connection logs are with logid 22915  and description 'LOG_ID_FDS_SRV_CON', and the disconnections are with logid 22913 and with description 'LOG_ID_FDS_SRV_DISCON'. The automation configuration is shared below.

 

Automation Trigger (CLI):

 

config system automation-trigger
    edit "Cloud_Server_Connected"
        set event-type event-log
        set logid 22915
    next
    edit "Cloud_Server_Disconnected"
        set event-type event-log
        set logid 22913
    next
end

 

Automation Trigger (GUI):

 

Cloud connected.PNG

 

Automation Action (CLI):

 

config system automation-action
    edit "Email_Cloud_Connected"
        set action-type email
        set email-to "admin@example.com"
        set email-subject "FortiGate Cloud Connected"
        set message "FortiGate Cloud server connected(LOG_ID 22915)."
    next
    edit "Email_Cloud_Disconnected"
        set action-type email
        set email-to "admin@example.com"
        set email-subject "FortiGate Cloud Disconnected"
        set message "FortiGate Cloud server disconnected (LOG_ID 22913)."
    next
end

 

Automation Action (GUI):

 

email connected.PNG


Automation Stitch (CLI):

 

config system automation-stitch
    edit "FortiGate_Cloud_Connected"
        set trigger "Cloud_Server_Connected"
            config actions
                edit 1
                    set action "Email_Cloud_Connected"
                    set required enable
                next
            end
    next
    edit "FortiGate_Cloud_Disconnected"
        set trigger "Cloud_Server_Disconnected"
            config actions
                edit 1
                    set action "Email_Cloud_Disconnected"
                    set required enable
                next
            end
    next
end

 

Automation Stitch (GUI):

 

sitch connected.PNG

 

To test the automation stitch the following commands can be executed on the CLI.


CLI: 

 

diagnose automation test <automation_stitch_name>

 

Related article:
Technical Tip: Diagnose automation stiches
130
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.