Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
esalija
Staff
Staff

Created on ‎08-18-2025 07:25 AM Edited on ‎08-18-2025 08:23 AM By Staff

Article Id 406975

Technical Tip: Receive an email for a Link Monitor when Multiple Link monitor are configured in an automation stitch

Description This article describes the configuration side of the Automation Stitch when Multiple Link Monitors are implemented and receive an email for a specific Link monitor change.
Scope FortiGate.
Solution

When one of the link monitors goes down (LINK-MONITOR_1) three actions will be triggered, and 3 emails will be received for all the Link_Monitors.

 

  • Automation Stitch configuration:

config system automation-stitch
    edit "LINK-MONITOR_DOWN_STITCH"
        set trigger "LINK-MONITOR_DOWN_TRIGGER"
            config actions
                edit 1
                    set action "LINK-MONITOR_DOWN_ACTION"
                    set required enable
                next
            end

 

  • Automation Stitch Trigger and Action configuration.


config system automation-trigger
    edit "LINK-MONITOR_DOWN_TRIGGER"
        set event-type event-log
        set logid 22922
            config fields
                edit 1
                    set name "msg"
                    set value "*from 0 to 1*"
                next
            end

config system automation-action
    edit "LINK-MONITOR_DOWN_ACTION"
        set action-type email
        set email-to "test2#fortinet.com"
        set email-from "test1@fortinet.com"
        set email-subject "LINK-MONITOR DOWN"
    next
end

 

3 Link monitors are configured:


config system link-monitor
    edit "LINK-MONITOR_1"
        set srcintf "port1"
        set server "17.38.237.22"
        set source-ip 17.38.237.11
        set interval 3000
        set probe-timeout 30
        set failtime 2
        set recoverytime 1
        set update-policy-route disable
        set service-detection enable
    next
    edit "LINK-MONITOR_2"
        set srcintf "port2"
        set server "10.252.8.22"
        set source-ip 10.252.8.11
        set interval 2000
        set probe-timeout 20
        set failtime 1
        set recoverytime 1
        set update-policy-route disable
        set service-detection enable
    next
    edit "LINK-MONITOR_3"
        set srcintf "port3"
        set server "8.8.8.8"
        set source-ip 17.38.237.11
        set interval 2000
        set probe-timeout 20
        set failtime 1
        set recoverytime 1
        set update-policy-route disable
        set service-detection enable
    next
end

 

  • To receive an email only for the Link Monitor that will go down, another field should be added on the automation-trigger and specify the Link Monitor name. 

 

config system automation-trigger
    edit "LINK-MONITOR_DOWN_TRIGGER"
        set event-type event-log
        set logid 22922
            config fields
                edit 1
                    set name "msg"
                    set value "*from 0 to 1*"
                next
                edit 2
                    set name "LINK-MONITOR_1"" <----- Link-monitor name used. This is required if there are multiple link monitors configured.
                    set value "LINK-MONITOR_1"  <-----
                next
end
154
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.