Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bw1
New Contributor

SSL VPN alert

Hello,

 

Would anyone know a method within Fortinet to create an email alert when a specific SSL-VPN portal is logged into?

 

I have a tried using the security fabric automation on the event 'SSL VPN Tunnel UP' but I cant see a way to specify which tunnel I want the alert for, as we have a few. 

 

I am running version: 6.4.8

 

Many thanks,

2 REPLIES 2
seshuganesh
Staff
Staff

Hi Team,

 

As per my knowledge there is no feature for your request.

Lets wait for our team to confirm the same

Debbie_FTNT
Staff
Staff

Hey bw1,

you could certainly do an alert via FortiAnalyzer:

-> you have a lot of filtering options to trigger an alert email being sent, including looking for specific strings in log messages (such as 'logid=0101039424 and user~"<some_user>"')

-> you would have to check what raw log messages you want to trigger the alert exactly

Debbie_FTNT_0-1651045076731.pngDebbie_FTNT_1-1651045092045.png

If you don't have a FortiAnalyzer, only a FortiGate, there are additional options in FortiOS 7.0 and higher, I believe:

Debbie_FTNT_2-1651045272478.png

You could set a field-filter for specific usernames, or a similar criterion.

FortiGate does not log the specific SSLVPN portal a user goes through, though, but portals should be triggered by specific users, so that would probably be a way to go about it.

-> you would need to find something in the VPN logs that is unique to that specific portal being accessed (such as the username)

-> you could then create a handler on FortiAnalyzer or an automation stitch on FortiGate to trigger on VPN tunnel-up log coupled with that specific username.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++