FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vsahu
Staff
Staff

Description

 

This article describes how to configure Admin login-logout Automation Stitch with an email notification action.

The main use case is to be notified by email if any admin login to the firewall or logout from the firewall.

 

Scope

 

FortiGate.

 

Solution

 

A Network admin might want to have a notification set when someone login to the firewall or logout from the firewall.

To achieve this follow the below steps:

 

On the GUI  System - > Email Service.

 

-  Check and configure the Email service configuration one can use either the default setting or if any custom service is available that can be used.


Note.

 Default Reply To is Optional, enter the reply to an email address, such as noreply@example.com. This address will override the 'from email' address that is configured for an alert email.

 

Default reply to.PNG

 

Trigger Configuration:

 

On the GUI Security Fabric - >Automation - > Create new.

Configure the Name and Action execution as per the requirement.

 

2.PNG

 

Next, choose Add Trigger - > Create - > (Use the FortiOS Event Log In the Miscellaneous section ) - > Name it and add Description - > In the Event section select the 'Admin login successful & Admin login successful' select OK -> select the newly created Trigger and select Apply.

 

3.PNG

 

              4.PNG

 

5.PNG

 

Action Configuration:

Go to Add Action - > Create - > use Email, Webhook, Slack, Teams, etc. In this Document, Email is used.

 

Add Name, Description, To -> email-to (Email addresses), From -> email-from (Email sender name), Subject -> (Email subject.)

 

6.PNG

 

7.PNG

 

8.PNG

 

CLI Configuration:

 

# config system automation-action
    edit "Admin login-logout"
       set description "Admin login-logout"
       set action-type email
       set email-to "xyz@fortinet.com"
       set email-from "no-reply@fortinet.com"
       set email-subject "Admin login-logout event triggered"
    next
  end

# config system automation-trigger
    edit "Admin login-logout"
       set description "Admin login-logout"
       set event-type event-log
       set logid 32001 32003
    next
  end

# config system automation-stitch
    edit "Admin login-logout"
       set description "Admin login-logout"
       set trigger "Admin login-logout"
       config actions
           edit 1
               set action "Admin login-logout"
               set required enable
           next
       end
    next
  end

 

Email Alert Logs: 

 

9.PNG

 

Related link:

https://docs.fortinet.com/document/fortigate/7.2.1/administration-guide/139441/automation-stitches
https://docs.fortinet.com/document/fortigate/6.4.5/administration-guide/526019/email-alerts

Contributors