Description
This article describes the configuration of email alerts on the FortiGate and the VPN event ID which can be used to monitor IPsec VPN events.
Solution
Make sure that the IPsec tunnel is up and running before configuring the FortiGate to monitor the IPsec VPN status.
The default SMTP configuration will be used on the FortiGate and therefore, configure custom SMTP to use the SMTP server.
- Create an Automation Stitch under:
Security Fabric -> Automation and create 'New Automation Stitch'.
-
Select 'Add Trigger' and Create a new trigger.
-
Select 'FortiOS Event Log'.
-
Search for Event ID 37138 and select 'OK'.
-
It is possible to see the trigger being added as above. Next, proceed to 'Add Action'.
-
Create a new action.
-
Select 'Email'.
-
Configure the action name and recipient email address. Select 'OK' to save all configurations.
Important Notes.
23101 LOG_ID_IPSEC_TUNNEL_UP
23102 LOG_ID_IPSEC_TUNNEL_DOWN
23103 LOG_ID_IPSEC_TUNNEL_STAT
The above logs are obsolete and cannot be used. Avoid using the above Event IDs to configure as the Automation Trigger.
Moving forward, need to use the event IDs below instead for setting up as triggers for IPsec VPN.
37138 - MESGID_CONN_UPDOWN
37139 - MESGID_P2_UPDOWN
