Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
salmas
Staff
Staff

Created on ‎02-26-2025 04:24 AM Edited on ‎03-10-2025 06:49 AM By Moderator

Article Id 377963

Technical Tip: Automation stitch to add an address object group based on a predetermined schedule and append it to SSL VPN block automation stitch

Description This article describes how to make an Automation stitch that will create an address object group based on a schedule and update into SSL VPN block automation stitch.
Scope FortiGate, SSL VPN
Solution

Based on the article Technical Tip: How to permanently block SSL VPN failed logins using an Automation Stitch, the following solution features a stitch to add groups on a weekly basis.

 

  1. Create a trigger for schedule:

Trigger_weekly.png

 

CLI configuration:

 

config system automation-trigger

    edit "weekly"

        set trigger-type scheduled

        set trigger-frequency weekly

        set trigger-weekday friday

        set trigger-hour 23

    next

end

 

  1. Create an automation action:

Action_update_group.png

   

CLI configuration: 

 

config system automation-action

    edit "update_addrgrp"

        set action-type cli-script

        set script "config firewall addrgrp

            edit VPN_Failed_Login_%%date%%

            end
            config firewall local-in-policy

            edit 3

                append srcaddr VPN_Failed_Login_%%date%%

            end"

        set accprofile "super_admin"

    next

end

  1. Update the actual automation-action which is already configured as 'BAN-SSLVPN-IP'.

Ban-ssl-vpn-ip.png

   

CLI configuration: 

 

config system automation-action

    edit "BAN-SSLVPN-IP"

        set action-type cli-script

        set script "config firewall address

            edit SSLVPN-Block-%%log.remip%%

                set color 6

                set subnet %%log.remip%%/32

            end

            config firewall addrgrp

                edit VPN_Failed_Login_%%date%%

                append member SSLVPN-Block-%%log.remip%%

            end"

        set accprofile "super_admin"

    next

end

 

  1. Now, create the new stitch for creating the groups weekly.

 

Whole_Stitch.png

 

CLI configuration:

 

config system automation-stitch

    edit "update addrgrp"

        set trigger "weekly"

            config actions

                edit 1

                    set action "update_addrgrp"

                    set required enable

                next

            end

        next

    end

 

  1. Right-click on the stitch 'update addrgrp' and select 'Test Automation Stitch'. The group should be created immediately.

Group_Created.png

 

  1. Attempt a failed login on SSL VPN. The trigger will add this new failed login remote-ip to a new address object group and will add it to the local in policy as well.

 

Failed_login_IP.png

 

Local_in_Policy.png

 

CLI references for the steps above are already mentioned in the original article. Refer to that article for the CLI and VDOM references for the above steps.
500
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.