Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
npaiva
Staff
Staff

Created on ‎01-16-2025 04:52 AM

Article Id 370657

Technical Tip: Looping Automation Stitch in Security Fabric Setup

Description

 

This article describes a condition that may occur in a Security Fabric Setup, where an Automation Stitch may loop multiple times.

For the demonstration, this Automation Stitch is configured:

 

config system automation-stitch
     edit "new-backup"
          set trigger "2-hour"
            config actions
                edit 1
                   set action "backup"
                   set required enable

                next
            end
     next
end

 

config system automation-action
     edit "backup"
         set action-type cli-script
         set script "execute backup config ftp %%devname%%-%%date%%-%%time%%.conf 192.168.132.28 fortinet fortinet"
         set execute-security-fabric enable
         set accprofile "super_admin"
     next

end

 

config system automation-trigger
     edit "2-hour"
         set trigger-type scheduled
         set trigger-hour 12
         set trigger-minute 17
     next
end

 

When this stitch runs at the Fabric Root, it will loop several times, and the FTP server will end up with multiple backup files:

 

-rw------- 1 fortinet fortinet 376132 Jan 8 12:17 delorean-kvm36-root-2025-01-08-12:17:16.conf
-rw------- 1 fortinet fortinet 376132 Jan 8 12:17 delorean-kvm36-root-2025-01-08-12:17:28.conf
-rw------- 1 fortinet fortinet 376132 Jan 8 12:18 delorean-kvm36-root-2025-01-08-12:17:58.conf

-rw------- 1 fortinet fortinet 365015 Jan 8 12:17 jaguar-kvm13-spoke-2025-01-08-12:17:16.conf
-rw------- 1 fortinet fortinet 365015 Jan 8 12:17 jaguar-kvm13-spoke-2025-01-08-12:17:28.conf
-rw------- 1 fortinet fortinet 365015 Jan 8 12:18 jaguar-kvm13-spoke-2025-01-08-12:17:58.conf

 

Scope

 

FortiGate.

 

Solution

 

The issue with this configuration is that the Automation Action has the command 'execute-security-fabric enable' configured.

 

The use case for 'execute-security-fabric' is when there is a Stitch that is ONLY triggered by trigger-type 'event-based' on a particular FortiGate in the Security Fabric, but it is required that the CLI script action inside the stitch must run on all FortiGate Appliances in the Security Fabric.
If 'execute-security-fabric' is enabled (default value is disabled), when the stitch is triggered on any FortiGate of the Security Fabric, all FortiGate Appliances will try to relay the log and CLI script action to each other.

272
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.