Description
This article describes how to use automation stitches to automatically send alert emails if the status of the VPN tunnel changes.
Scope
FortiGate.
Solution
- Create a new Automation Stitch: Go to Security Fabric -> Automation and select 'Create New'.
- Assign a name, select Add Trigger -> Create -> FortiOS Event Log, select 'IPsec connection status changed' in the Event field, and select Apply.
If multiple IPsec tunnels are configured, use the vpntunnel filter in the Field Filter(s) section to filter for a particular tunnel.
Specify the email address that the alerts will be sent to and select Apply:
Select OK to save the changes. Flushing the tunnel will trigger the event and send the email alert:
CLI Reference:
config system automation-trigger
edit "IPsec connection status changed"
set event-type event-log
set logid 37138
config fields
edit 1
set name "vpntunnel"
set value "IpsecTunnel"
next
end
next
end
config system automation-action
edit "Default Email"
set action-type email
set email-to "test@example.com"
set email-subject "%%log.logdesc%%"
set message "%%log%%"
next
end
config system automation-stitch
edit "IPS Update Stitch"
set trigger "AV & IPS DB update"
config actions
edit 1
set action "CLI Script"
set required enable
next
edit 2
set action "Default Email"
set required enable
next
end
next
end
The alert email is received:
The following commands can be used for debugging:
diagnose debug reset
diagnose debug application alertmail -1
diagnose debug enable
diagnose debug application alertmail -1
diagnose debug enable
