1.  Configure the mail server on FortiGate via GUI under System -> Settings and use custom settings or via CLI:

config system email-server
    set reply-to "admin@universe-esx41.fortiserver.com"
    set server "universe-esx41.fortiserver.com"
    set port 25
end

Note.

Check that the Mail server is accessible from FortiGate:

Spoke1-Master # execute ping universe-esx41.fortiserver.com
PING universe-esx41.fortiserver.com (10.125.5.129): 56 data bytes
64 bytes from 10.125.5.129: icmp_seq=0 ttl=128 time=0.6 ms
64 bytes from 10.125.5.129: icmp_seq=1 ttl=128 time=1.0 ms
64 bytes from 10.125.5.129: icmp_seq=2 ttl=128 time=1.0 ms
64 bytes from 10.125.5.129: icmp_seq=3 ttl=128 time=0.9 ms
64 bytes from 10.125.5.129: icmp_seq=4 ttl=128 time=1.0 ms

--- universe-esx41.fortiserver.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.6/0.9/1.0 ms

2. Configure automation action via GUI under Security Fabric -> Automation- > Action, select 'Create New' -> Email, and fill in the required fields or via CLI as follows:

config system automation-action
    edit "sdwan-SLA-mailalert"
        set action-type email
        set email-to "zilan@universe-esx41.fortiserver.com"
        set email-from "admin@universe-esx41.fortiserver.com"
        set email-subject "SLA-Perf"
    next
end

3. Configure the automation trigger via GUI under Security Fabric -> Automation -> Trigger, select 'Create New' -> FortiOS Event Log,  select 'Event', filter the events to SD-WAN, and then, enable required event logs from the available SD-WAN event logs. The minimum required would be SD-WAN SLA information warning and SD-WAN SLA notification.

    

   

    

    

Or configure via CLI:

config system automation-trigger
    edit "sdwan-sla-events"
        set event-type event-log
        set logid 22925 22931 22933 22934 22930
    next
end

Note.

Log ID 22933 is for log message 'SD-WAN SLA notification', this log message is generated when SD-WAN interface status is changed from up to down and vice versa (post firmware 7.2.x, 22931 is required to log up to down, and 22933 will log down to up).

For more information regarding the SD-WAN Message IDs, see the corresponding FortiOS Log Message Reference page.

4. Configure an automation stitch via the GUI under Security Fabric -> Automation, select 'Create New', add a name, trigger, and action, or configure via CLI:

config system automation-stitch
    edit "sdwan-stitch"
        set trigger "sdwan-sla-events"
            config actions
                edit 1
                    set action "sdwan-SLA-mailalert"
                    set required enable
                next
            end
        next
    end

Follow the next steps in this article to troubleshoot the above alert email configs. Alert email daemon debugging output is used to check if the alert email is sending successfully, and the following debug logs are generated when the status of the SD-WAN member is changed from up to down and then back up again:

Spoke1-Master # diagnose debug disable
Spoke1-Master # diagnose debug reset
Spoke1-Master # diagnose debug application alertmail -1
Debug messages will be on for 30 minutes.

Spoke1-Master # diagnose debug console timestamp enable
Spoke1-Master # diagnose debug enable

Spoke1-Master # 2023-08-29 22:55:29 Arrived msg(type 9, 456 bytes):zilan@universe-esx41.fortiserver.com;
admin@universe-esx41.fortiserver.com
SLA-Perf
date=2023-08-29 time=22:55:29 devid="FG101ETK19003793" devname="Spoke1-Master" eventtime=1693342529825417348 tz="+0200" logid="0113022933" type="event" subtype="sdwan" level="notice" vd="root" logdesc="SDWAN SLA notification" eventtype="Health Check" healthcheck="sla" interface="wan2" probeproto="ping" newvalue="dead" msg="SD-WAN health-check member initial state."

2023-08-29 22:55:29 mail_info:
from:universe-esx41.fortiserver.com user:admin@universe-esx41.fortiserver.com
2023-08-29 22:55:29 mail_info:
reverse path:admin@universe-esx41.fortiserver.com
user name:admin
2023-08-29 22:55:29 to[0]:zilan@universe-esx41.fortiserver.com
2023-08-29 22:55:29 <==_init_mail_info
2023-08-29 22:55:29 create session
2023-08-29 22:55:29 resolve universe-esx41.fortiserver.com to 1 IP
2023-08-29 22:55:29 ==> send mail
2023-08-29 22:55:29 connecting to 10.125.5.129 port 25
2023-08-29 22:55:29 send mail 0x6d38c40 session 0x6d48398
2023-08-29 22:55:29 session: 0x6d48398, rsp_state: greeting, code: 220
2023-08-29 22:55:29 session: 0x6d48398, rsp_state: ehlo, code: 250
2023-08-29 22:55:29 session: 0x6d48398, rsp_state: mail, code: 250
2023-08-29 22:55:29 session: 0x6d48398, rsp_state: rcpt, code: 250
2023-08-29 22:55:29 session: 0x6d48398, rsp_state: data, code: 354
2023-08-29 22:55:29 === send: date=2023-08-29 time=22:55:29 devid="FG101ETK19003793" devname="Spoke1-Master" eventtime=1693342529825417348 tz="+0200" logid="0113022933" type="event" subtype="sdwan" level="notice" vd="root" logdesc="SDWAN SLA notification" eventtype="Health Check" healthcheck="sla" interface="wan2" probeproto="ping" newvalue="dead" msg="SD-WAN health-check member initial state."

2023-08-29 22:55:29 session: 0x6d48398, rsp_state: data2, code: 250
2023-08-29 22:55:29 session: 0x6d48398, rsp_state: quit, code: 221
2023-08-29 22:55:29 session finined
2023-08-29 22:55:29 _session_on_destroy
2023-08-29 22:55:29 <== send mail success, m = 0x6d38c40 s = 0x6d48398

Now, the following logs will show the SD-WAN member is up again:

Spoke1-Master # 2023-08-29 23:24:20 Arrived msg(type 9, 457 bytes):zilan@universe-esx41.fortiserver.com;
admin@universe-esx41.fortiserver.com
SLA-Perf
date=2023-08-29 time=23:24:20 devid="FG101ETK19003793" devname="Spoke1-Master" eventtime=1693344259618547240 tz="+0200" logid="0113022933" type="event" subtype="sdwan" level="notice" vd="root" logdesc="SDWAN SLA notification" eventtype="Health Check" healthcheck="sla" interface="wan2" probeproto="ping" newvalue="alive" msg="SD-WAN health-check member initial state."

2023-08-29 23:24:20 mail_info:
from:universe-esx41.fortiserver.com user:admin@universe-esx41.fortiserver.com
2023-08-29 23:24:20 mail_info:
reverse path:admin@universe-esx41.fortiserver.com
user name:admin
2023-08-29 23:24:20 to[0]:zilan@universe-esx41.fortiserver.com
2023-08-29 23:24:20 <==_init_mail_info
2023-08-29 23:24:20 create session
2023-08-29 23:24:20 resolve universe-esx41.fortiserver.com to 1 IP
2023-08-29 23:24:20 ==> send mail
2023-08-29 23:24:20 connecting to 10.125.5.129 port 25
2023-08-29 23:24:20 send mail 0x6d3c618 session 0x6d48398
2023-08-29 23:24:20 session: 0x6d48398, rsp_state: greeting, code: 220
2023-08-29 23:24:20 session: 0x6d48398, rsp_state: ehlo, code: 250
2023-08-29 23:24:20 session: 0x6d48398, rsp_state: mail, code: 250
2023-08-29 23:24:20 session: 0x6d48398, rsp_state: rcpt, code: 250
2023-08-29 23:24:20 session: 0x6d48398, rsp_state: data, code: 354
2023-08-29 23:24:20 === send: date=2023-08-29 time=23:24:20 devid="FG101ETK19003793" devname="Spoke1-Master" eventtime=1693344259618547240 tz="+0200" logid="0113022933" type="event" subtype="sdwan" level="notice" vd="root" logdesc="SDWAN SLA notification" eventtype="Health Check" healthcheck="sla" interface="wan2" probeproto="ping" newvalue="alive" msg="SD-WAN health-check member initial state."

2023-08-29 23:24:20 session: 0x6d48398, rsp_state: data2, code: 250
2023-08-29 23:24:20 session: 0x6d48398, rsp_state: quit, code: 221
2023-08-29 23:24:20 session finined
2023-08-29 23:24:20 _session_on_destroy
2023-08-29 23:24:20 <== send mail success, m = 0x6d3c618 s = 0x6d48398

Related articles:

• Technical Tip: How to configure email alert when interface status is changed
• Technical Tip: How to configure alert email for interface status change event per interface using au...
• Troubleshooting Tip: Email alert