Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiSIEM Discussions
- Fortinet Community
- Community Groups
- FortiSIEM
- Discussions
- RE: Remediations Acton Issue
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Remediations Acton Issue
hello,
I have FortiSEM FS-1000F with a perpetual license but the support is expired now, I had notification rule includes run script FortiGate--after5.2 to block the source IP when the incident "Permitted traffic from suspicions external source " is generated. the problem is when I view the running task the script is a freeze on 0%.is this issue caus my support is expired?
I have FortiSEM FS-1000F with a perpetual license but the support is expired now, I had notification rule includes run script FortiGate--after5.2 to block the source IP when the incident "Permitted traffic from suspicions external source " is generated. the problem is when I view the running task the script is a freeze on 0%.is this issue caus my support is expired?
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There isn't a FSM 1000F appliance, there is 500F Collector, 2000F Super and 3500F Super. Expired support should not impact remediations, but would advise to get it back under support for the latest updates and fixes.
I typically use the "Block IP FortiOS API" remediation, you just need to make sure you an https credential associated with the device.
In the FSM GUI go to Admin / Setup / Credentials and create the following credentials under "Step 1: Enter Credentials"
As well as having SNMP and ideally SSH credentials defined, also create an HTTPS credential for example:
Then associate that credential with the FGT IP.
After that, rediscover the device and try remediating with the API remediation option.-------------------------------------------
Original Message:
Sent: 09-26-2019 02:11
From: Mohammed Abureesh
Subject: Remediations Acton Issue
hello,
I have FortiSEM FS-1000F with a perpetual license but the support is expired now, I had notification rule includes run script FortiGate--after5.2 to block the source IP when the incident "Permitted traffic from suspicions external source " is generated. the problem is when I view the running task the script is a freeze on 0%.is this issue caus my support is expired?
I typically use the "Block IP FortiOS API" remediation, you just need to make sure you an https credential associated with the device.
In the FSM GUI go to Admin / Setup / Credentials and create the following credentials under "Step 1: Enter Credentials"
As well as having SNMP and ideally SSH credentials defined, also create an HTTPS credential for example:
HTTPS
- Name: HTTPS - Fortigate
- Device Type: Fortinet FortiOS
- Access Protocol: HTTPS
- Port: 443
- Password config: Manual
- User Name: admin
- Password: FortiSIEM
- Save.
Then associate that credential with the FGT IP.
After that, rediscover the device and try remediating with the API remediation option.
Original Message:
Sent: 09-26-2019 02:11
From: Mohammed Abureesh
Subject: Remediations Acton Issue
hello,
I have FortiSEM FS-1000F with a perpetual license but the support is expired now, I had notification rule includes run script FortiGate--after5.2 to block the source IP when the incident "Permitted traffic from suspicions external source " is generated. the problem is when I view the running task the script is a freeze on 0%.is this issue caus my support is expired?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry, is 2000F .i seen this remediation action needs SSH access only from resources tabs. is necessary to enable
-------------------------------------------
Original Message:
Sent: 09-26-2019 06:19
From: Daniel Hanman
Subject: Remediations Acton Issue
There isn't a FSM 1000F appliance, there is 500F Collector, 2000F Super and 3500F Super. Expired support should not impact remediations, but would advise to get it back under support for the latest updates and fixes.
I typically use the "Block IP FortiOS API" remediation, you just need to make sure you an https credential associated with the device.
In the FSM GUI go to Admin / Setup / Credentials and create the following credentials under "Step 1: Enter Credentials"
As well as having SNMP and ideally SSH credentials defined, also create an HTTPS credential for example:
Then associate that credential with the FGT IP.
After that, rediscover the device and try remediating with the API remediation option.
Original Message:
Sent: 09-26-2019 02:11
From: Mohammed Abureesh
Subject: Remediations Acton Issue
hello,
I have FortiSEM FS-1000F with a perpetual license but the support is expired now, I had notification rule includes run script FortiGate--after5.2 to block the source IP when the incident "Permitted traffic from suspicions external source " is generated. the problem is when I view the running task the script is a freeze on 0%.is this issue caus my support is expired?
-------------------------------------------
Original Message:
Sent: 09-26-2019 06:19
From: Daniel Hanman
Subject: Remediations Acton Issue
There isn't a FSM 1000F appliance, there is 500F Collector, 2000F Super and 3500F Super. Expired support should not impact remediations, but would advise to get it back under support for the latest updates and fixes.
I typically use the "Block IP FortiOS API" remediation, you just need to make sure you an https credential associated with the device.
In the FSM GUI go to Admin / Setup / Credentials and create the following credentials under "Step 1: Enter Credentials"
As well as having SNMP and ideally SSH credentials defined, also create an HTTPS credential for example:
HTTPS
- Name: HTTPS - Fortigate
- Device Type: Fortinet FortiOS
- Access Protocol: HTTPS
- Port: 443
- Password config: Manual
- User Name: admin
- Password: FortiSIEM
- Save.
Then associate that credential with the FGT IP.
After that, rediscover the device and try remediating with the API remediation option.
Original Message:
Sent: 09-26-2019 02:11
From: Mohammed Abureesh
Subject: Remediations Acton Issue
hello,
I have FortiSEM FS-1000F with a perpetual license but the support is expired now, I had notification rule includes run script FortiGate--after5.2 to block the source IP when the incident "Permitted traffic from suspicions external source " is generated. the problem is when I view the running task the script is a freeze on 0%.is this issue caus my support is expired?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use SSH remediation or the API remediation. API connects in over HTTPS. But you must have the appropriate credential associated and discovered with the device.-------------------------------------------
Original Message:
Sent: 09-26-2019 06:33
From: Mohammed Abureesh
Subject: Remediations Acton Issue
Sorry, is 2000F .i seen this remediation action needs SSH access only from resources tabs. is necessary to enable
Original Message:
Sent: 09-26-2019 06:19
From: Daniel Hanman
Subject: Remediations Acton Issue
There isn't a FSM 1000F appliance, there is 500F Collector, 2000F Super and 3500F Super. Expired support should not impact remediations, but would advise to get it back under support for the latest updates and fixes.
I typically use the "Block IP FortiOS API" remediation, you just need to make sure you an https credential associated with the device.
In the FSM GUI go to Admin / Setup / Credentials and create the following credentials under "Step 1: Enter Credentials"
As well as having SNMP and ideally SSH credentials defined, also create an HTTPS credential for example:
Then associate that credential with the FGT IP.
After that, rediscover the device and try remediating with the API remediation option.
Original Message:
Sent: 09-26-2019 02:11
From: Mohammed Abureesh
Subject: Remediations Acton Issue
hello,
I have FortiSEM FS-1000F with a perpetual license but the support is expired now, I had notification rule includes run script FortiGate--after5.2 to block the source IP when the incident "Permitted traffic from suspicions external source " is generated. the problem is when I view the running task the script is a freeze on 0%.is this issue caus my support is expired?
Original Message:
Sent: 09-26-2019 06:33
From: Mohammed Abureesh
Subject: Remediations Acton Issue
Sorry, is 2000F .i seen this remediation action needs SSH access only from resources tabs. is necessary to enable
Original Message:
Sent: 09-26-2019 06:19
From: Daniel Hanman
Subject: Remediations Acton Issue
There isn't a FSM 1000F appliance, there is 500F Collector, 2000F Super and 3500F Super. Expired support should not impact remediations, but would advise to get it back under support for the latest updates and fixes.
I typically use the "Block IP FortiOS API" remediation, you just need to make sure you an https credential associated with the device.
In the FSM GUI go to Admin / Setup / Credentials and create the following credentials under "Step 1: Enter Credentials"
As well as having SNMP and ideally SSH credentials defined, also create an HTTPS credential for example:
HTTPS
- Name: HTTPS - Fortigate
- Device Type: Fortinet FortiOS
- Access Protocol: HTTPS
- Port: 443
- Password config: Manual
- User Name: admin
- Password: FortiSIEM
- Save.
Then associate that credential with the FGT IP.
After that, rediscover the device and try remediating with the API remediation option.
Original Message:
Sent: 09-26-2019 02:11
From: Mohammed Abureesh
Subject: Remediations Acton Issue
hello,
I have FortiSEM FS-1000F with a perpetual license but the support is expired now, I had notification rule includes run script FortiGate--after5.2 to block the source IP when the incident "Permitted traffic from suspicions external source " is generated. the problem is when I view the running task the script is a freeze on 0%.is this issue caus my support is expired?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just one point on API (HTTPS) remediation with the FGT, the FGT needs to be licensed.-------------------------------------------
Original Message:
Sent: 09-26-2019 07:24
From: Daniel Hanman
Subject: Remediations Acton Issue
You can use SSH remediation or the API remediation. API connects in over HTTPS. But you must have the appropriate credential associated and discovered with the device.
Original Message:
Sent: 09-26-2019 06:33
From: Mohammed Abureesh
Subject: Remediations Acton Issue
Sorry, is 2000F .i seen this remediation action needs SSH access only from resources tabs. is necessary to enable
Original Message:
Sent: 09-26-2019 06:19
From: Daniel Hanman
Subject: Remediations Acton Issue
There isn't a FSM 1000F appliance, there is 500F Collector, 2000F Super and 3500F Super. Expired support should not impact remediations, but would advise to get it back under support for the latest updates and fixes.
I typically use the "Block IP FortiOS API" remediation, you just need to make sure you an https credential associated with the device.
In the FSM GUI go to Admin / Setup / Credentials and create the following credentials under "Step 1: Enter Credentials"
As well as having SNMP and ideally SSH credentials defined, also create an HTTPS credential for example:
Then associate that credential with the FGT IP.
After that, rediscover the device and try remediating with the API remediation option.
Original Message:
Sent: 09-26-2019 02:11
From: Mohammed Abureesh
Subject: Remediations Acton Issue
hello,
I have FortiSEM FS-1000F with a perpetual license but the support is expired now, I had notification rule includes run script FortiGate--after5.2 to block the source IP when the incident "Permitted traffic from suspicions external source " is generated. the problem is when I view the running task the script is a freeze on 0%.is this issue caus my support is expired?
Original Message:
Sent: 09-26-2019 07:24
From: Daniel Hanman
Subject: Remediations Acton Issue
You can use SSH remediation or the API remediation. API connects in over HTTPS. But you must have the appropriate credential associated and discovered with the device.
Original Message:
Sent: 09-26-2019 06:33
From: Mohammed Abureesh
Subject: Remediations Acton Issue
Sorry, is 2000F .i seen this remediation action needs SSH access only from resources tabs. is necessary to enable
Original Message:
Sent: 09-26-2019 06:19
From: Daniel Hanman
Subject: Remediations Acton Issue
There isn't a FSM 1000F appliance, there is 500F Collector, 2000F Super and 3500F Super. Expired support should not impact remediations, but would advise to get it back under support for the latest updates and fixes.
I typically use the "Block IP FortiOS API" remediation, you just need to make sure you an https credential associated with the device.
In the FSM GUI go to Admin / Setup / Credentials and create the following credentials under "Step 1: Enter Credentials"
As well as having SNMP and ideally SSH credentials defined, also create an HTTPS credential for example:
HTTPS
- Name: HTTPS - Fortigate
- Device Type: Fortinet FortiOS
- Access Protocol: HTTPS
- Port: 443
- Password config: Manual
- User Name: admin
- Password: FortiSIEM
- Save.
Then associate that credential with the FGT IP.
After that, rediscover the device and try remediating with the API remediation option.
Original Message:
Sent: 09-26-2019 02:11
From: Mohammed Abureesh
Subject: Remediations Acton Issue
hello,
I have FortiSEM FS-1000F with a perpetual license but the support is expired now, I had notification rule includes run script FortiGate--after5.2 to block the source IP when the incident "Permitted traffic from suspicions external source " is generated. the problem is when I view the running task the script is a freeze on 0%.is this issue caus my support is expired?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes I had the credential and the remediation scripts worked before, and I want to be added the notification rule didn't send the emails or run the script now. so do you think is support issue?-------------------------------------------
Original Message:
Sent: 09-26-2019 07:24
From: Daniel Hanman
Subject: Remediations Acton Issue
You can use SSH remediation or the API remediation. API connects in over HTTPS. But you must have the appropriate credential associated and discovered with the device.
Original Message:
Sent: 09-26-2019 06:33
From: Mohammed Abureesh
Subject: Remediations Acton Issue
Sorry, is 2000F .i seen this remediation action needs SSH access only from resources tabs. is necessary to enable
Original Message:
Sent: 09-26-2019 06:19
From: Daniel Hanman
Subject: Remediations Acton Issue
There isn't a FSM 1000F appliance, there is 500F Collector, 2000F Super and 3500F Super. Expired support should not impact remediations, but would advise to get it back under support for the latest updates and fixes.
I typically use the "Block IP FortiOS API" remediation, you just need to make sure you an https credential associated with the device.
In the FSM GUI go to Admin / Setup / Credentials and create the following credentials under "Step 1: Enter Credentials"
As well as having SNMP and ideally SSH credentials defined, also create an HTTPS credential for example:
Then associate that credential with the FGT IP.
After that, rediscover the device and try remediating with the API remediation option.
Original Message:
Sent: 09-26-2019 02:11
From: Mohammed Abureesh
Subject: Remediations Acton Issue
hello,
I have FortiSEM FS-1000F with a perpetual license but the support is expired now, I had notification rule includes run script FortiGate--after5.2 to block the source IP when the incident "Permitted traffic from suspicions external source " is generated. the problem is when I view the running task the script is a freeze on 0%.is this issue caus my support is expired?
Original Message:
Sent: 09-26-2019 07:24
From: Daniel Hanman
Subject: Remediations Acton Issue
You can use SSH remediation or the API remediation. API connects in over HTTPS. But you must have the appropriate credential associated and discovered with the device.
Original Message:
Sent: 09-26-2019 06:33
From: Mohammed Abureesh
Subject: Remediations Acton Issue
Sorry, is 2000F .i seen this remediation action needs SSH access only from resources tabs. is necessary to enable
Original Message:
Sent: 09-26-2019 06:19
From: Daniel Hanman
Subject: Remediations Acton Issue
There isn't a FSM 1000F appliance, there is 500F Collector, 2000F Super and 3500F Super. Expired support should not impact remediations, but would advise to get it back under support for the latest updates and fixes.
I typically use the "Block IP FortiOS API" remediation, you just need to make sure you an https credential associated with the device.
In the FSM GUI go to Admin / Setup / Credentials and create the following credentials under "Step 1: Enter Credentials"
As well as having SNMP and ideally SSH credentials defined, also create an HTTPS credential for example:
HTTPS
- Name: HTTPS - Fortigate
- Device Type: Fortinet FortiOS
- Access Protocol: HTTPS
- Port: 443
- Password config: Manual
- User Name: admin
- Password: FortiSIEM
- Save.
Then associate that credential with the FGT IP.
After that, rediscover the device and try remediating with the API remediation option.
Original Message:
Sent: 09-26-2019 02:11
From: Mohammed Abureesh
Subject: Remediations Acton Issue
hello,
I have FortiSEM FS-1000F with a perpetual license but the support is expired now, I had notification rule includes run script FortiGate--after5.2 to block the source IP when the incident "Permitted traffic from suspicions external source " is generated. the problem is when I view the running task the script is a freeze on 0%.is this issue caus my support is expired?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If the Incident triggered and fired a notification then depending on the Notification Window defined in the Rule it won't trigger a notification again until either the Incident is cleared or the Notification Window expires.
Suggest try clearing the Incident and triggering it again.-------------------------------------------
Original Message:
Sent: 09-26-2019 08:10
From: Mohammed Abureesh
Subject: Remediations Acton Issue
yes I had the credential and the remediation scripts worked before, and I want to be added the notification rule didn't send the emails or run the script now. so do you think is support issue?
Original Message:
Sent: 09-26-2019 07:24
From: Daniel Hanman
Subject: Remediations Acton Issue
You can use SSH remediation or the API remediation. API connects in over HTTPS. But you must have the appropriate credential associated and discovered with the device.
Original Message:
Sent: 09-26-2019 06:33
From: Mohammed Abureesh
Subject: Remediations Acton Issue
Sorry, is 2000F .i seen this remediation action needs SSH access only from resources tabs. is necessary to enable
Original Message:
Sent: 09-26-2019 06:19
From: Daniel Hanman
Subject: Remediations Acton Issue
There isn't a FSM 1000F appliance, there is 500F Collector, 2000F Super and 3500F Super. Expired support should not impact remediations, but would advise to get it back under support for the latest updates and fixes.
I typically use the "Block IP FortiOS API" remediation, you just need to make sure you an https credential associated with the device.
In the FSM GUI go to Admin / Setup / Credentials and create the following credentials under "Step 1: Enter Credentials"
As well as having SNMP and ideally SSH credentials defined, also create an HTTPS credential for example:
Then associate that credential with the FGT IP.
After that, rediscover the device and try remediating with the API remediation option.
Original Message:
Sent: 09-26-2019 02:11
From: Mohammed Abureesh
Subject: Remediations Acton Issue
hello,
I have FortiSEM FS-1000F with a perpetual license but the support is expired now, I had notification rule includes run script FortiGate--after5.2 to block the source IP when the incident "Permitted traffic from suspicions external source " is generated. the problem is when I view the running task the script is a freeze on 0%.is this issue caus my support is expired?
Suggest try clearing the Incident and triggering it again.-------------------------------------------
Original Message:
Sent: 09-26-2019 08:10
From: Mohammed Abureesh
Subject: Remediations Acton Issue
yes I had the credential and the remediation scripts worked before, and I want to be added the notification rule didn't send the emails or run the script now. so do you think is support issue?
Original Message:
Sent: 09-26-2019 07:24
From: Daniel Hanman
Subject: Remediations Acton Issue
You can use SSH remediation or the API remediation. API connects in over HTTPS. But you must have the appropriate credential associated and discovered with the device.
Original Message:
Sent: 09-26-2019 06:33
From: Mohammed Abureesh
Subject: Remediations Acton Issue
Sorry, is 2000F .i seen this remediation action needs SSH access only from resources tabs. is necessary to enable
Original Message:
Sent: 09-26-2019 06:19
From: Daniel Hanman
Subject: Remediations Acton Issue
There isn't a FSM 1000F appliance, there is 500F Collector, 2000F Super and 3500F Super. Expired support should not impact remediations, but would advise to get it back under support for the latest updates and fixes.
I typically use the "Block IP FortiOS API" remediation, you just need to make sure you an https credential associated with the device.
In the FSM GUI go to Admin / Setup / Credentials and create the following credentials under "Step 1: Enter Credentials"
As well as having SNMP and ideally SSH credentials defined, also create an HTTPS credential for example:
HTTPS
- Name: HTTPS - Fortigate
- Device Type: Fortinet FortiOS
- Access Protocol: HTTPS
- Port: 443
- Password config: Manual
- User Name: admin
- Password: FortiSIEM
- Save.
Then associate that credential with the FGT IP.
After that, rediscover the device and try remediating with the API remediation option.
Original Message:
Sent: 09-26-2019 02:11
From: Mohammed Abureesh
Subject: Remediations Acton Issue
hello,
I have FortiSEM FS-1000F with a perpetual license but the support is expired now, I had notification rule includes run script FortiGate--after5.2 to block the source IP when the incident "Permitted traffic from suspicions external source " is generated. the problem is when I view the running task the script is a freeze on 0%.is this issue caus my support is expired?
Announcements
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
Labels
-
FortiSIEM
166 -
Parsers
7 -
Rules
5 -
ClickHouse
4 -
fortisiem v7.2.0
4 -
FortiSIEM v6.x
4 -
integration
4 -
API
4 -
Agent Linux
3 -
database
3 -
Agent
3 -
FortiSIEM Cloud
3 -
Collector
3 -
External System Integration
3 -
FortiGate
3 -
lookuptables
2 -
FortiAnalyzer
2 -
Source Code
2 -
Collector Agent
2 -
Supervisor
2 -
FortiSiem 7.1
2 -
watchlist
2 -
SAML
2 -
Analytics & Reporting
2 -
GUI
2 -
Incidents
2 -
CMDB
2 -
Redhat 8
1 -
eventdb
1 -
Impact
1 -
"FortiSIEM Incidents"
1 -
Rocky Linux 8
1 -
Oracle Linux 8
1 -
Partnership Inquiry
1 -
lookups
1 -
o
1 -
OPManager
1 -
RBAC
1 -
User Control
1 -
Audit log
1 -
CMMC
1 -
Reference Files
1 -
Hi
1 -
cisco wsa
1 -
Audit
1 -
Report-Rules-Dashboards
1 -
FortiClient
1 -
FortiAuthenticator v5.5
1 -
upgrade
1 -
IPsec
1 -
Migration
1 -
External Connectors
1 -
LDAP
1 -
Report
1 -
Microsoft Office365
1 -
Azure
1 -
Cisco
1 -
discovery
1 -
Reference Material
1 -
Alma Linux 8
1 -
Notifications
1 -
Expressions
1 -
Architecture
1 -
FortiSASE
1 -
Status
1 -
MySQL
1 -
Internet service database
1 -
Dashboard
1 -
Usage
1 -
Certificate
1 -
enrichement
1 -
Windows Defender
1
Top Kudoed Authors
| User | Count |
|---|---|
| 72 | |
| 25 | |
| 15 | |
| 10 | |
| 10 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.