Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
chrispng
New Contributor III

Created on ‎09-01-2025 08:28 AM

AUTO STITCH FOR IPSEV VPN TUNNEL

Hello,

 

I am trying to find a way to make an auto stitch to trigger and work when a user disconects or connects on a remote ipsec tunnel and send an email. I have it set up but cant see emails comming. Any ideas?

 

 

FGT60F # config system automation-stitch

FGT60F(automation-stitch) # edit "VPNIPSEC"

FGT60F (VPNIPSEC) # show
config system automation-stitch
edit "VPNIPSEC"
set trigger "IPSEC VPN UP"
config actions
edit 1
set action "Email Notification"
set required enable
next
end
next
end

FGT60F (VPNIPSEC) #

 

 

config system automation-trigger

FGT60F (automation-trigger) # edit "VPNIPSEC"
new entry 'VPNIPSEC' added

FGT60F (VPNIPSEC) # show
config system automation-trigger
edit "VPNIPSEC"
next
end

 

config system automation-action

FGT60F (automation-action) # edit "VPNIPSEC"
new entry 'VPNIPSEC' added

FGT60F (VPNIPSEC) # show
config system automation-action
edit "VPNIPSEC"
next
end

Labels:
275
0 Kudos
1 Solution
AEK
SuperUser
SuperUser
In response to chrispng

Created on ‎09-03-2025 06:06 AM

Probably a filter issue.

Can you remove the 3 filters and see if the event is triggered? If it works then add one by one to find which one is causing the issue.

AEK

View solution in original post

AEK
156
0 Kudos
8 REPLIES 8
AEK
SuperUser
SuperUser

Created on ‎09-01-2025 01:55 PM

Hi Chris

First of all, under the automation menu, check if the related trigger count is incrementing when the needed IPsec event occurs. If not then you are using the wrong trigger.

Also the below tech tip may help.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Email-alert-notification-when-IPsec-VPN-tu...

AEK
AEK
256
chrispng
New Contributor III
In response to AEK

Created on ‎09-02-2025 04:49 AM

I tried the guide as stated too. trigger count is 0

231
0 Kudos
AEK
SuperUser
SuperUser
In response to chrispng

Created on ‎09-02-2025 06:12 AM

It means you are probably using the wrong trigger.

Try check in the VPN logs which message is generated when your event occurs. Once you find it you can use the same id in the trigger and it should work.

AEK
AEK
217
chrispng
New Contributor III
In response to AEK

Created on ‎09-03-2025 12:40 AM

i am trying to track certain users logging in vpn and out so i use xauth and username,BUT with no avail. Is that the correct source for the trigger or should i use smthng else?

200
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎09-03-2025 02:30 AM

In the VPN logs do you see such messages?

ipsec_event.png

This is the event id you should use in your trigger.

AEK
AEK
183
chrispng
New Contributor III
In response to AEK

Created on ‎09-03-2025 06:03 AM

εικόνα_2025-09-03_160253039.png

 

thats what i am using and not working right now

160
0 Kudos
AEK
SuperUser
SuperUser
In response to chrispng

Created on ‎09-03-2025 06:06 AM

Probably a filter issue.

Can you remove the 3 filters and see if the event is triggered? If it works then add one by one to find which one is causing the issue.

AEK
AEK
157
0 Kudos
chrispng
New Contributor III
In response to AEK

Created on ‎09-03-2025 06:55 AM

It seems it cant handle 3 users in the same trigger, i created different stiches and triggers in order to work for multiple users

147
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.