| Description | This article describes how to configure an automation stitch to provide email alerts when SSL VPN login failures appear in the logs. |
| Scope | FortiOS 6.4 or above. |
| Solution |
Create an Automation stitch under Security Fabric -> Automation -> Stitch -> Create New.
Give it the name and trigger shown in the screenshot below:
Configure the action in the screenshot below:
Next, test the stitch by entering the wrong user ID or password. Check the status from the firewall and check for an email.
The CLI part after configuration is as follows:
Stitch:
config system automation-stitch edit "SSL VPN Login-Failure" set trigger "SSL-VPN-Login" config actions edit 1 set action "SSL-VPN-Failed" next end next end
Trigger:
config system automation-trigger edit "SSL-VPN-Login" set event-type event-log next end
Action:
config system automation-action edit "SSL-VPN-Login-Failed" set action-type email next end
Log: The email will contain the following log: date=2023-11-24 time=09:39:36 devid="FGT61FTK22059174" devname="FGT" eventtime=1700847576403329440 tz="-0800" logid="0101039426" type="event" subtype="vpn" level="alert" vd="root" logdesc="SSL VPN login fail" action="SSL-VPN-Failed" tunneltype="ssl-web" tunnelid=0 remip=209.87.240.230 srccountry="Canada" user="user01" group="N/A" dst_host="N/A" reason="sslvpn_login_permissio |
