Description | This article describes how to create alerts based on when a user disconnects from an IPsec dial-up VPN. It provides a step-by-step guide on how to set up notifications for VPN disconnections, allowing users to monitor and troubleshoot VPN connection issues. |
Scope | FortiGate, FortiClient. |
Solution |
Sometimes an alert is needed when an IPsec dial-up user is disconnecting from the VPN.
To create an alert:
Select Security Fabric -> Automation -> Trigger -> Create New.
Event to be chosen: IPsec connection status changed.
When using this log as a trigger condition, this will trigger on any IPsec tunnels going through a connection change. If the alerts are desired only for a specific tunnel, it is possible to add a filter to the trigger to only act on the desired tunnel name using the example below.
After creating a trigger, an Action can be chosen:
Once the steps above have been completed, navigate to Select Stitch -> Create New.
Logs Generated when A user connects or disconnects from the VPN:
Make sure the email server is also right under System -> Settings -> Email Service:
Alert Email received: date=2025-07-22 time=15:13:42 devid="FGVM4XXXXXXXX" devname="FGVM4XXXXXXX" eventtime=1753222422448179593 tz="-0700" logid="0101037138" type="event" subtype="vpn" level="notice" vd="root" logdesc="IPsec connection status changed" msg="IPsec connection status change" action="tunnel-up" remip=172.16.0.2 locip=192.168.16.135 remport=500 locport=500 outintf="port2" srccountry="Reserved" cookies="c99940a897c297bd/52c2d9a16a3964b0" user="172.16.0.2" group="N/A" useralt="N/A" eapuser="localuser" eapauthgroup="localgroup" assignip=10.212.134.200 vpntunnel="ipsec-dialup_0" tunnelip=10.212.134.200 tunnelid=755159287 tunneltype="ipsec" duration=0 sentbyte=0 rcvdbyte=0 nextstat=0 fctuid="1AEC0F84EAFE4F21BCCBB012AA3F36BA" advpnsc=0 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.