Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Vedaant
Staff
Staff

Created on ‎05-19-2025 06:23 AM Edited on ‎06-09-2025 09:46 PM By Community Manager

Article Id 379330

Technical Tip: Configure automation stitch to receive email alert for HA peer failed

Description

This article describes how to configure an automation stitch to receive email alerts for a failed HA peer member.
Scope FortiGate, all versions.
Solution

Create an automation stitch for email notifications to get alerts when the HA peer member fails under Security Fabric -> Automation Stitch, and  select Create New.

ha automation stitch.PNG

Create a trigger to detect the HA interface peer information.

 

ha event automation.PNG
Trigger configuration:

  • Select the event HA device interface peer information.

Email configuration:

  • Configure the action to receive email notifications when the HA peer member interface goes down.

email automation.PNG

 

Automation stitch trigger:

 

automation stitch output.PNG

If the HA port status goes down and FortiGate loses an HA peer member, the automation stitch will be triggered, and the user will receive an email notification.

Event logs:


date=2025-02-26 time=20:18:54 eventtime=1740622733696340051 tz="-0600" logid="0108037892" type="event" subtype="ha" level="notice" vd="root" logdesc="Virtual cluster member state moved" msg="Virtual cluster's member state moved" ha_role="primary" vcluster=1 vcluster_state="work" vcluster_member=0 hostname="Endeavour-kvm67" sn="FGVM02TMYYYYYYYY"

date=2025-02-26 time=20:18:51 eventtime=1740622731694937776 tz="-0600" logid="0108037893" type="event" subtype="ha" level="critical" vd="root" logdesc="Virtual cluster member dead" msg="Virtual cluster detected member dead" vcluster=1 ha_group=110 sn="FGVM02TMXXXXXXXX"

date=2025-02-26 time=20:18:51 eventtime=1740622731692102529 tz="-0600" logid="0108037910" type="event" subtype="ha" level="critical" vd="root" logdesc="Heartbeat packet lost" msg="Heartbeat packet lost" ha_role="primary" devintfname="port5"

date=2025-02-26 time=20:18:47 eventtime=1740622727800384882 tz="-0600" logid="0108037901" type="event" subtype="ha" level="critical" vd="root" logdesc="Heartbeat device interface down" msg="Heartbeat device(interface) down" ha_role="primary" devintfname="port5"

CLI configuration:

config system automation-stitch

    edit "HA status down"

        set trigger "HA status down"

        config actions

            edit 1

                set action "HA status failed"

                set required enable

            next

        end

    next

end

Trigger configuration using the CLI:

 

config system automation-trigger

    edit "HA status down"

        set description ''

        set trigger-type event-based

        set event-type event-log

        set logid 37899

    next

end

Email Action configuration using the CLI:


edit "HA status failed"

        set description ''

        set action-type email

        set forticare-email disable

        set email-to "xyz@fortinet.com"

        set email-from ''

        set email-subject "HA status failed"

        set minimum-interval 0

        set message "%%log%%"

        set replacement-message disable

    next

end

 

Related documents:

Automation stitches
Creating automation stitches.
264
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.