Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nathan_h
Staff & Editor
Staff & Editor

Created on ‎09-18-2024 04:58 AM Edited on ‎09-18-2024 09:02 PM By Community Manager

Article Id 341788

Technical Tip: How to automatically delete local user when it disconnects on the FortiAP with FortiGate automation stitch

Description

 

This article describes how to configure auto delete Wi-Fi local user when it disconnects on the FortiAP. This setup required FortiGate as a Wireless Controller and local users are configured on FortiGate. Automation Stitch will be used for deleting the user.

 

Scope

 

FortiGate, FortiAP.

 

Solution

 

  1. Ensure to have already added FortiAP on FortiGate under WiFi Controller -> Managed FortiAPs.

 

FAP.png

 

  1. Configure Local Users and Groups under User & Authentication -> User Groups -> Select Group > Edit.

 

Groups.png

 

  1. Configure SSID settings and Firewall Policy under WiFi Controller -> SSIDs -> Create New -> SSID.

 

SSID_1.png

 

SSID_2.png

 

Go under Policy & Objects -> Firewall Policy -> Create new.

 

2024-09-16 16 42 57.png

  1. Configure Automation Stitch.

 

From GUI.

 

Trigger under Security Fabric -> Automation -> Select Trigger -> Create New.

 

trigger.png

Action under Security Fabric -> Automation -> Select Action -> Create New.

 

action.png

 

Stitch: under Security Fabric -> Automation -> Select Stitch -> Create New.

 

stitich.png

 

From CLI.

 

Trigger:

 

config system automation-trigger
     edit "Wireless_disconnected"
          set event-type event-log
          set logid 43581
          config fields
               edit 1
               set name "action"
               set value "client-disconnected-by-wtp"
               next
          end
     next
end

 

Action:

 

config system automation-action
     edit "Delete_Guest_Username"
          set action-type cli-script
          set script "config user group
edit %%log.group%%
unselect member %%log.user%%
end
config user local
delete %%log.user%%
end

 

diagnose firewall auth filter user %%log.user%%
diagnose firewall auth clear"
          set accprofile "super_admin"
     next
end

 

Stitch:

 

config system automation-stitch
     edit "Wireless_Auto_Delete"
          set trigger "Wireless_disconnected"
          config actions
               edit 1
               set action "Delete_Guest_Username"
               set required enable
               next
          end
     next
end

 

  1. Connect on the Guest-Wifi SSID.

 

User showing connected:

 

2024-09-16 16 56 23.png

  1. Disconnect on the Guest-Wifi SSID.

 

The user showing it is not connected:

 

2024-09-16 17 03 09.png

System Event logs under Log & Report -> Security Events -> Logs.

 

2024-09-16 16 57 27.png

Automation Stitch is showing it triggered under Security Fabric -> Automation.

 

stitch_rtriggered.png

The user group shows that the guest2 user was deleted under User & Authentication -> User Groups -> Select -> Edit.

 

2024-09-16 17 01 23.png

350
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.