FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mzainuddinahm
Description
This article describes how to configure email alerts because sometimes the FortiGate cannot access to the account in order to send the email alert.

Debug shows.
2021-07-09 11:27:13 resolve smtp.office365.com to 1 IP
2021-07-09 11:27:13                           <----- Send mail.
2021-07-09 11:27:13 connecting to 40.101.137.82 port 587

2021-07-09 11:27:13 session: 0x18488f20, rsp_state: greeting, code: 220
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: ehlo, code: 250
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: starttls, code: 220
2021-07-09 11:27:13 rsp_starttls: creating ssl structure for session 0x18488f20
2021-07-09 11:27:13 create_ssl: 0x1852fac0
2021-07-09 11:27:13 sessionn 0x18488f20, SSL connected
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: ehlo, code: 250
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: auth, code: 334
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: auth2, code: 235
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: mail, code: 250
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: rcpt, code: 250
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: data, code: 354
2021-07-09 11:27:13 === send: FGT[FGT80Fxxxxxxxx] Automation Stitch:Admin Fail is triggered.   2021-07-09 11:27:38 _session_on_destroy
2021-07-09 11:27:38                           <----- Send mail failed, m = 0x18502ff0 s = 0x18557ac0

Solution
1) This is an example of the configuration in FortiGate.

Go to System -> Advanced -> Email Service option. (System -> Settings from 6.2.x, 6.4.x).
 SMTP SERVER: smtp.office365.com
 PORT: 587
 AUTHENTICATION: example@domain.it
 Password: xxxxxxxxx
 SECURITY MODE: STARTTLS.
Default Reply To: Email sender address
2) To configure a custom email service in the CLI.
# config system email-server
    set type custom
    set reply-to "helpdesk@fortinet.com"
    set server "smtp.office365.com"
    set port 587
    set source-ip 0.0.0.0               <----- This is an important field to set (source IP which is used to send out the email traffic).
    set source-ip6 ::
    set authenticate enable
    set validate-server disable
    set username "example@domain.it"
    set security starttls
    set ssl-min-proto-version default
end





To configure the automation stitch in the GUI.

1) On the root FortiGate, go to Security Fabric -> Automation and select 'Create New'.

2) Enter a name for the stitch, such as 'Test Stitch'.

3) In the Trigger section, select 'Schedule'.

4) In the Action section, select 'Email'.

5) Configure the Email settings:
- In the To field, select  the plus icon, then enter the email recipients' addresses, such as admin@example.com and testuser@anymail.com.
- Enter the Email subject, such as Test 'Config Email'.
- Edit the Email body as required. By default, the email body will include all the fields from the log event that triggered the stitch.

6) Select 'OK'.





To configure the automation stitch in the CLI.

1) Create automation actions to send the email messages:
# config system automation-action
    edit "Test Stitch_email"
        set action-type email
        set email-to "testuser@anymail.com"
        set email-from helpdesk@fortinet.com <----- This is an important field to set: Email sender address.
        set email-subject "Test Config Email"
        set email-body "%%log%%"
        set minimum-interval 0
        set delay 0
        set required disable
    next
end

Contributors