Description
This article describes how to configure email alerts because sometimes the FortiGate cannot access the account in order to send the email alert.
Debug shows:
2021-07-09 11:27:13 resolve smtp.office365.com to 1 IP
2021-07-09 11:27:13 <----- Send mail.
2021-07-09 11:27:13 connecting to 40.101.137.82 port 587
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: greeting, code: 220
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: ehlo, code: 250
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: starttls, code: 220
2021-07-09 11:27:13 rsp_starttls: creating ssl structure for session 0x18488f20
2021-07-09 11:27:13 create_ssl: 0x1852fac0
2021-07-09 11:27:13 sessionn 0x18488f20, SSL connected
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: ehlo, code: 250
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: auth, code: 334
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: auth2, code: 235
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: mail, code: 250
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: rcpt, code: 250
2021-07-09 11:27:13 session: 0x18488f20, rsp_state: data, code: 354
2021-07-09 11:27:13 === send: FGT[FGT80Fxxxxxxxx] Automation Stitch:Admin Fail is triggered. 2021-07-09 11:27:38 _session_on_destroy
2021-07-09 11:27:38 <----- Send mail failed, m = 0x18502ff0 s = 0x18557ac0.
Scope
FortiGate.
Solution
- This is an example of the configuration in FortiGate.
Go to System -> Settings -> Email Service.
SMTP SERVER: smtp.office365.com
PORT: 587
AUTHENTICATION: example@domain.it
Password: xxxxxxxxx
SECURITY MODE: STARTTLS.
Default Reply To: Email sender address
-
To configure a custom email service in the CLI.
config system email-server
set type custom
set reply-to "helpdesk@fortinet.com"
set server "smtp.office365.com"
set port 587
set source-ip 0.0.0.0 <----- This is an important field to set (source IP which is used to send out the email traffic).
set source-ip6 ::
set authenticate enable
set validate-server disable
set username "example@domain.it"
set security starttls
set ssl-min-proto-version default
end
To configure the automation stitch in the GUI.
- On the root FortiGate, go to Security Fabric -> Automation and select 'Create New'.
- Enter a name for the stitch, such as 'Test Stitch'.
- Select Add Trigger -> Create -> Schedule. Enter Name, Frequency, Hour, and Minute, and select OK.
- Select Add Action -> Create -> Email. Configure the Email settings and select OK:
- In the To field, enter the email recipient addresses, such as admin@example.com and testuser@anymail.com.
- Enter the Email subject, such as Test Config Email.
- Edit the Email body as required. By default, the email body will include all the fields from the log event that triggered the stitch.
-
Select 'OK'.
To configure the automation stitch in the CLI.
config system automation-trigger
edit "Test Schedule"
set trigger-type scheduled
set trigger-hour 1
next
end
edit "Test Schedule"
set trigger-type scheduled
set trigger-hour 1
next
end
config system automation-action
edit "Test Stitch_email"
set action-type email
set email-to "testuser@anymail.com"
set email-from helpdesk@fortinet.com <----- This is an important field to set: Email sender address.
set email-subject "Test Config Email"
set message "%%log%%"
set minimum-interval 0
set delay 0
set required disable
next
end
edit "Test Stitch_email"
set action-type email
set email-to "testuser@anymail.com"
set email-from helpdesk@fortinet.com <----- This is an important field to set: Email sender address.
set email-subject "Test Config Email"
set message "%%log%%"
set minimum-interval 0
set delay 0
set required disable
next
end
config system automation-stitch
edit "Test Stitch"
set trigger "Test Schedule"
config actions
edit 1
set action "Test Email"
set required enable
next
end
next
end
edit "Test Stitch"
set trigger "Test Schedule"
config actions
edit 1
set action "Test Email"
set required enable
next
end
next
end
Related articles:
Technical Tip: Use FortiGate automation stitches for alert emails
