Description
This article describes the procedure to configure an Automation Stitch to detect a BGP down event log and trigger the 'diagnose sys session clear' command, followed by the BGP clear soft in/out. This process is useful to avoid the traffic reaching out to the default route in BGP flap scenarios.
Scope
FortiGate.
Solution
The Automation stitch runs twice in order to detect the BGP down event log and to detect when the BGP is up again.
The following script is used:
config system automation-trigger
edit "BGP-DOWN"
set event-type event-log
set logid 20300
next
end
config system automation-action
edit "BGP-DOWN-CLI"
set action-type cli-script
set minimum-interval 120
set script "diagnose sys session clear
execute router clear bgp all soft in
execute router clear bgp all soft out"
set accprofile "super_admin"
next
end
config system automation-action
edit "BGP-DOWN-02"
set action-type cli-script
set minimum-interval 120
set script "diagnose sys session clear
execute router clear bgp all soft in
execute router clear bgp all soft out"
set accprofile "super_admin"
next
end
config system automation-action
edit "BGP-DOWN-mail"
set action-type email
set email-to "xxxxx@your_mail.com"
set email-subject "BGP-down"
set minimum-interval 400
set message "%%results%%"
next
end
config system automation-stitch
edit "BGP-DOWN"
set trigger "BGP-DOWN"
config actions
edit 1
set action "BGP-DOWN-CLI"
set delay 60
set required enable
next
edit 2
set action "BGP-DOWN-02"
set delay 60
set required enable
next
edit 3
set action "BGP-DOWN-mail"
set required enable
next
end
next
end
