Technical Tip: How to configure automation Stitches settings with Microsoft Office365

mzainuddinahm · ‎07-13-2021

Description
This article describes how to configure email alerts because sometimes the FortiGate cannot access to the account in order to send the email alert.

Debug shows.

2021-07-09 11:27:13 resolve smtp.office365.com to 1 IP
2021-07-09 11:27:13                           <----- Send mail.
2021-07-09 11:27:13 connecting to 40.101.137.82 port 587
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: greeting, code: 220
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: ehlo, code: 250
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: starttls, code: 220
2021-07-09 11:27:13 rsp_starttls: creating ssl structure for session 0x18488f20
2021-07-09 11:27:13 create_ssl: 0x1852fac0
2021-07-09 11:27:13 sessionn 0x18488f20, SSL connected
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: ehlo, code: 250
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: auth, code: 334
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: auth2, code: 235
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: mail, code: 250
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: rcpt, code: 250
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: data, code: 354
2021-07-09 11:27:13 === send: FGT[FGT80Fxxxxxxxx] Automation Stitch:Admin Fail is triggered.   2021-07-09 11:27:38 _session_on_destroy
2021-07-09 11:27:38                           <----- Send mail failed, m = 0x18502ff0 s = 0x18557ac0

Solution
1) This is an example of the configuration in FortiGate.

Go to System -> Advanced -> Email Service option. (System -> Settings from 6.2.x, 6.4.x).

SMTP SERVER: smtp.office365.com
PORT: 587
AUTHENTICATION: example@domain.it
Password: xxxxxxxxx
SECURITY MODE: STARTTLS.
Default Reply To: Email sender address

2) To configure a custom email service in the CLI.

# config system email-server
   set type custom
   set reply-to "helpdesk@fortinet.com"
   set server "smtp.office365.com"
   set port 587
   set source-ip 0.0.0.0               <----- This is an important field to set (source IP which is used to send out the email traffic).
   set source-ip6 ::
   set authenticate enable
   set validate-server disable
   set username "example@domain.it"
   set security starttls
   set ssl-min-proto-version default
end

To configure the automation stitch in the GUI.

1) On the root FortiGate, go to Security Fabric -> Automation and select 'Create New'.

2) Enter a name for the stitch, such as 'Test Stitch'.

3) In the Trigger section, select 'Schedule'.

4) In the Action section, select 'Email'.

5) Configure the Email settings:
- In the To field, select the plus icon, then enter the email recipients' addresses, such as admin@example.com and testuser@anymail.com.
- Enter the Email subject, such as Test 'Config Email'.
- Edit the Email body as required. By default, the email body will include all the fields from the log event that triggered the stitch.

6) Select 'OK'.

To configure the automation stitch in the CLI.

1) Create automation actions to send the email messages:

# config system automation-action
    edit "Test Stitch_email"
        set action-type email
        set email-to "testuser@anymail.com"
        set email-from helpdesk@fortinet.com <----- This is an important field to set: Email sender address.
        set email-subject "Test Config Email"
        set email-body "%%log%%"
        set minimum-interval 0
        set delay 0
        set required disable
    next
end