Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pkavin
Staff
Staff

Created on ‎04-04-2022 10:32 PM Edited on ‎04-05-2022 09:15 AM By Anonymous

Article Id 208461

Technical Tip: 'Test Automation Stitch' button is greyed out when trying to test a newly created automation stitch

Description This article describes why some automation stitches would not give an option to test it from the GUI as the 'Test Automation Stitch' button would be greyed out.
Scope FortiGate.
Solution

FortiGate gives an option to configure automation stitches which helps to automate the activities between the different components in the Security Fabric, decreasing the response times to security events.

 

Events from any source in the Security Fabric can be monitored, and action responses can be set up to any destination.

 

An automation stitch consists of two parts, the trigger and the actions.

The trigger is the condition or event on the FortiGate that activates the action, for example, a specific log, or a failed log-in attempt.

 

The action is what FortiGate does in response to the trigger.

 

'Test Automation Stitch' is an option on FortiGate to test the new automation stitches created on FortiGates as shown below:

 

config_change.jpg

Sometimes, depending on the trigger or condition of the automation stitch, it could show 'Test Automation Stitch' greyed out as shown below:

 

pkavin_2-1649109690698.jpeg

 

When FortiOS Event Log is selected as the trigger, the 'Test Automation Stitch' button would be greyed out and the automation stitch test from the CLI would also fail as shown below:

 

# diagnose automation test test_event_log3
automation test failed(2). stitch:test_event_log3

 

This is expected behaviour as the Automation Stitch needs the actual log to be passed in addition to the stitched name.

 

If no log is included in the command it will fail.

So, the GUI is greyed out.

 

The only way to test the event log trigger in the automation stitch is to use the CLI and supply the actual log to the FortiGate as shown below:

 

# diagnose automation test test_event_log3 "logid=\"0100032001\" type=\"event\" subtype=\"system\" level=\"information\" vd=\"root\" eventtime=1555443953642472388 logdesc=\"Admin login successful\" sn=\"1555443953\" user=\"admin\" ui=\"telnet(10.10.78.78)\" method=\"telnet\" srcip=10.10.78.78 dstip=10.10.78.12 action=\"login\" status=\"success\" reason=\"none\" profile=\"super_admin\" msg=\"Administrator admin logged in successfully from telnet(10.10.78.78)\""

automation test is done. stitch:test_event_log3

 

Below are the other triggers that will show an option the button 'Test Automation Stitch' in the GUI that does not need a FortiAnalyzer connection:

 

- Security Rating Summary.

- Configuration Change.

- Reboot.

- License Expiry.

- HA Failover.

- AV & IPS DB Update.

- Schedule.

 

- Incoming Webhook (The 'Test Automation Stitch' button would not be greyed out for this trigger, but depending on the configuration, the test might not complete successfully).
4908
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.