Description | This article describes how to configure a firewall policy with an Automation Stitch at a specific time . |
Scope | FortiGate. |
Solution |
The following scenario explains how to configure a firewall policy at a specific time and delete it again.
Configure a deny policy with an Automation Stitch to block traffic after working hours and allow it again when the FortiGate is in production.
config system automation-stitch edit "Add_Deny_Policy" set trigger "Add_Deny_Policy" config actions edit 1 set action "Deny_Policy" set required enable next end next end
config system automation-trigger edit "Add_Deny_Policy" set description "Create a new policy that will deny all the traffic after hour 17:00" next end
config system automation-action edit "Deny_Policy" set action-type cli-script config firewall policy edit 8 set name "Deny_policy" next end next end set execute-security-fabric enable set accprofile "super_admin" next
diag test application autod 3 stitch: Add_Deny_Policy (scheduled) local hit: 1 relayed to: 0 relayed from: 0
Notice that the Automation Stitch Add_Deny_Policy has been triggered on 21 Aug at 17:00, and the next action will be on 22 Aug at 17:00.
5. Disable the Deny_Policy 8 during the production time with another Automation Stitch.
config system automation-stitch edit "Disable the Deny_Policy" set trigger "Delete the deny_Policy" config actions edit 1 set action "Delete the Deny_Policy" set required enable next end next end
config system automation-trigger edit "Delete the deny_Policy" set description "Delete the Deny Policy at 08:00 every day." next end
config system automation-action edit "Delete the Deny_Policy" set description "Delete the Deny policy at 08:00" delete 8 next set accprofile "super_admin" next
diagnose test application autod 3
stitch: Disable the Deny_Policy (scheduled) local hit: 1 relayed to: 0 relayed from: 0
diagnose test application autod 2 stitch: Add_Deny_Policy local hit: 10 relayed to: 0 relayed from: 0 edit 8 set name "Deny_policy" next end
local hit: 10 relayed to: 0 relayed from: 0
diagnose test application autod 3 stitch: Add_Deny_Policy (scheduled) local hit: 10 relayed to: 0 relayed from: 0
local hit: 10 relayed to: 0 relayed from: 0
local hit: 0 relayed to: 0 relayed from: 0 logid to stitch mapping:
execute auto-script stopall No script is running diagnose debug reset |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.