Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
tanishasharma
Staff
Staff

Created on ‎11-08-2021 01:55 AM Edited on ‎05-30-2025 06:57 AM By Community Manager

Article Id 194799

Technical Tip: How to enable the email alerts when the Interface is down and up

Description

 

This article describes how to enable the email alerts when the Interface is going down as well as when it restored in UP state. Same stitch cannot be useful here when it is necessary to receive the email alerts for Interface down and Interface up state.
 
Scope
 
FortiGate.


Solution

 

While enabling the email alerts for Network down, we only receive the email alerts when the Interface is going down. Below is the default configuration for Network down stitch:
 
Network down.
 
config system automation-trigger
config system automation-trigger
    edit "Network Down"
set trigger-type event-based
set event-type event-log
set logid 20099
config fields
    edit 1
set name "status"
set value "DOWN"
    next
end
next
end
next
end
 
The field value is added as 'DOWN' and will trigger the event only when it matches the field value. 
 
Hence, with the default configuration, there will be no email alert when the Interface is coming UP.  It is necessary to configure a different Automation Stitch to get the email alerts forthe  Interface UP state. 
 
This can be achieved by the below configuration:
 
Add a new Automation Stitch for 'Interface status Changed':
 
 
 
 
It is possible to mention the field name and Value. 
Make sure to enter the Field name in Caps like: 'UP' or 'DOWN'. 
 
These field filters must match for the stitch to be triggered.
 
Note:
This option is only available on GUI for 7.0 versions. 
For previous versions, configure through CLI.
 
config system automation-trigger
config system automation-trigger
    edit "Network UP"
set trigger-type event-based
set event-type event-log
set logid 20099
config fields
    edit 1
set name "status"
set value "UP"
    next
end
next
end

 

Note:

Starting with v7.4.4, the default email server has been switched from notification.fortinet.net to fortinet-notifications.com. This default server is only available to registered devices with an active FortiCare support contract. The reply-to field in the source email is automatically updated to DoNotReply@fortinet-notifications.com for all servers, including custom ones.


Related articles:
Troubleshooting Tip: Email alert 

Troubleshooting Tip: Alert mail queries

Technical Tip: How to configure alert email settings

Technical Tip: Email alert when WAN interface went down 

4075
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.