Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hjezzapaula
Staff
Staff

Created on ‎12-08-2025 11:29 PM Edited on ‎12-19-2025 12:45 AM By Community Manager

Article Id 421752

Technical Tip: Configure Automation stitch when WAN link-monitor status changes from alive to dead

Description This article describes how to configure automation stitch to disable and re-enable the WAN interface when the link-monitor changes status from alive to dead.
Scope FortiGate.
Solution

config system link-monitor
    edit "wan-link-monitor"
        set srcintf "port1"      <----- WAN Interface.
        set server "8.8.8.8"
        set gateway-ip X.X.X.X <----- WAN Gateway.
    next

 

Configure the automation trigger. In the example below, the automation stitch will only trigger once the link-monitor changes status from 'Alive' to 'Dead'. It will not trigger the automation-stitch if the initial state of the link-monitor is  'Dead'.


CLI:

config system automation-trigger
    edit "WAN-Link Down"
        set event-type event-log
        set logid 22922
            config fields
                edit 1
                    set name "name"
                    set value "wan-link-monitor"   <----- Link-Monitor Name.
                next
                edit 2
                    set name "msg"
                    set value "Link Monitor changed state from alive to dead, protocol: ping."
                next
            end
    next
end

 

GUI:

 

trigger1.png

 

Configure the automation Action CLI script to disable and enable the WAN port.


CLI:

config system automation-action
    edit "Disable WAN port"
        set action-type cli-script
        set script "config system interface
            edit port1
                set status down
        end"
        set accprofile "super_admin"
    next

    edit "Enable WAN port"
        set action-type cli-script
        set script "config system interface
            edit port1
                set status up
        end"
        set accprofile "super_admin"
    next
end


GUI:

action1.png


action2.png

 

Configure the Automation-Stitch:

CLI:

 

config system automation-stitch
    edit "Bounce_WAN"
        set trigger "WAN-Link Down"
            config actions
                edit 1
                    set action "Disable WAN port"
                    set required enable
                next
                edit 2
                    set action "Enable WAN port"
                    set delay 10
                    set required enable
                next
            end
    next
end


GUI:

stitch.png

 

Set the delay to 10s. Once the automation stitch is triggered, it will disable the interface and enable it back after 10 seconds.
155
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.