Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Rosalyn
Staff
Staff

Created on ‎03-24-2025 12:30 AM Edited on ‎03-25-2025 12:07 AM By Community Manager

Article Id 384056

Technical Tip: How to configure CLI traceroute action with email output when SD-WAN member out of SLA

 

Description

This article describes how to configure CLI traceroute action and email, when an SDWAN member is out of SLA, using the automation stitch feature.

 

  1. Current SLA health configuration:


12.jpg

 

  1. SD-WAN member config:

 

SG (members) # show

config members

    edit 1

        set interface "port4"

        set zone "WAN"

        set gateway 10.47.31.254

    next

    edit 2

        set interface "port1"

        set zone "WAN"

        set gateway 10.47.15.254

    next

end

 

  1. When port4 SLA fail, there is an event:


date=2025-03-22 time=08:31:20 eventtime=1742603480462245688 tz="+0800" logid="0113022923" type="event" subtype="sdwan" level="notice" vd="root" logdesc="SDWAN status" eventtype="Health Check" healthcheck="wan_health_check" slatargetid=1 member="1" msg="Member status changed. Member out-of-sla."
Scope FortiGate.
Solution

Create the trigger based on the SDWAN event log: Go to Security Fabric -> Automation select Trigger, and Create New Miscellaneous: FortiOS Event Log.


The trigger event is based on logid 22923:

 

121.jpg

 

Here are the 2 triggers with filters:


122.jpg


123.jpg

 

If there is no VDOM enabled on FortiGate, the filter vd: root is not required.

 

After that, create the action:
The first action is under the CLI command to execute the traceroute:


124.jpg

 

If there is no VDOM enabled on FortiGate,'config vdom' and 'edit root' are not required.

Second action is to email the output to recipients:


125.jpg

Email body change to %%results%%. Repeat the same actions for another SD-WAN member port1.

Create a stitch to add the trigger and action together.


126.jpg
127.jpg
The trigger count will show how many times it is being executed.

 

An email of the output will be sent to the recipient:

 

128.jpg

Related documents

Automation stitches

Technical Tip: Use FortiGate automation stitches for alert emails
176
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.