Create an automation stitch for email notifications to get alerts when the HA peer member fails under Security Fabric -> Automation Stitch, and  select Create New.

Create a trigger to detect the HA interface peer information.

Trigger configuration:

• Select the event 'HA device interface peer information' to only receive an alert when a pair fails completely in the cluster.
• If there are multiple heartbeat interfaces configured, select the event 'HA device interface failed' to generate an alert if a heartbeat interface fails.
• Both events can be used in the same trigger or different depending on the requirements of the environment.

Email configuration:

• Configure the action to receive email notifications when the HA peer member interface goes down.
  
  

Automation stitch trigger:

If the HA port status goes down or the FortiGate loses an HA peer member, the automation stitch will be triggered, and the user will receive an email notification.

Example event logs:

date=2025-02-26 time=20:18:54 eventtime=1740622733696340051 tz="-0600" logid="0108037892" type="event" subtype="ha" level="notice" vd="root" logdesc="Virtual cluster member state moved" msg="Virtual cluster's member state moved" ha_role="primary" vcluster=1 vcluster_state="work" vcluster_member=0 hostname="Endeavour-kvm67" sn="FGVM02TMYYYYYYYY"

date=2025-02-26 time=20:18:51 eventtime=1740622731694937776 tz="-0600" logid="0108037893" type="event" subtype="ha" level="critical" vd="root" logdesc="Virtual cluster member dead" msg="Virtual cluster detected member dead" vcluster=1 ha_group=110 sn="FGVM02TMXXXXXXXX"

date=2025-02-26 time=20:18:51 eventtime=1740622731692102529 tz="-0600" logid="0108037910" type="event" subtype="ha" level="critical" vd="root" logdesc="Heartbeat packet lost" msg="Heartbeat packet lost" ha_role="primary" devintfname="port5"

date=2025-02-26 time=20:18:47 eventtime=1740622727800384882 tz="-0600" logid="0108037901" type="event" subtype="ha" level="critical" vd="root" logdesc="Heartbeat device interface down" msg="Heartbeat device(interface) down" ha_role="primary" devintfname="port5"

CLI configuration:

config system automation-stitch

    edit "HA status down"

        set trigger "HA status down"

        config actions

            edit 1

                set action "HA status failed"

                set required enable

            next

        end

    next

end

Trigger configuration using the CLI:

config system automation-trigger

    edit "HA status down"

        set description ''

        set trigger-type event-based

        set event-type event-log

        set logid 37899

    next

end

Email Action configuration using the CLI:

edit "HA status failed"

        set description ''

        set action-type email

        set forticare-email disable

        set email-to "xyz@fortinet.com"

        set email-from ''

        set email-subject "HA status failed"

        set minimum-interval 0

        set message "%%log%%"

        set replacement-message disable

    next

end

Related documents:

Automation stitches - FortiGate administration guide
Creating automation stitches - FortiGate administration guide