Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Marcos_FDS1012
New Contributor III

Created on ‎07-16-2024 08:10 AM

Automation Configuration Receive SSL VPN E-mail

I have 60F V.7.2.8 and I'm configuring automation to receive e-mail when the user connects to the SSL VPN and when they leave, but I'm not receiving the e-mails.Captura de tela 2024-07-16 120454.pngCaptura de tela 2024-07-16 120546.pngCaptura de tela 2024-07-16 120650.png

Labels:
1012
0 Kudos
2 Solutions
Yurisk
SuperUser
SuperUser

Created on ‎07-17-2024 02:13 AM Edited on ‎07-17-2024 02:13 AM

The "Filed Filters" in the Trigger mean to filter out on values in the log, they are NOT there to limit what is included in the mail sent. Remove all the Field Filters in the 1st screenshot, and it will work.

 

You will use filters if, say, you want to get alerts on a specific user only, ignoring logins of other users. 

 

E.g. fire an email alert to admin@yurisk.info when a user connects to the Fortigate by SSL VPN AND she/he connects from IP address 185.242.6.3 The email alert will contain full body message of the log

 

  • Trigger

config system automation-trigger
    edit "TunnelisUpLog"
        set event-type event-log
        set logid 39947
        config fields
            edit 1
                set name "remip"
                set value "185.242.6.3"
            next
        end
    next
end

 

  • Action:

config system automation-action
    edit "VPNUpEmail"
        set action-type email
        set email-to "admin@yurisk.info"
        set email-from "fgt@yurisk.info"
        set email-subject "FGT AWS VPN SSL tunnel is up"
    next
end

 

  • Stitch:

config sys automation-stitch
    edit "VPNTunnelUp"
        set trigger "TunnelisUpLog"
        config actions
            edit 1
                set action "VPNUpEmail"
                set required enable
            next
        end
    next
end

 

 

If you want to dive into automation stitches, including debug and limitations, look at the stitches collection I wrote: https://github.com/yuriskinfo/Fortinet-tools/tree/main/Fortigate-automation-stitches 

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.

View solution in original post

Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
865
Marcos_FDS1012
New Contributor III
In response to Marcos_FDS1012

Created on ‎07-17-2024 06:01 AM

Hello,

I managed to make it work thanks for your help

View solution in original post

825
10 REPLIES 10
Quint021
Staff
Staff

Created on ‎07-16-2024 08:16 AM

Hello @Marcos_FDS1012 ,

If you are not receiving emails, please follow the below document for the steps to follow when troubleshooting:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Email-alert/ta-p/199344
For the "From" field, can you utilize the same domainin your "to" field?
Format, noreply@yourdomain.com 

Kind Regards, 

884
Marcos_FDS1012
New Contributor III
In response to Quint021

Created on ‎07-16-2024 08:18 AM

I've set up the same domain and it's still not working

882
0 Kudos
Marcos_FDS1012
New Contributor III
In response to Quint021

Created on ‎07-16-2024 08:22 AM

 

The first two steps are ok

Captura de tela 2024-07-16 122156.png

 

 

879
0 Kudos
Marcos_FDS1012
New Contributor III
In response to Marcos_FDS1012

Created on ‎07-16-2024 12:05 PM

I can do all the pinging but no email arrives

830
0 Kudos
Quint021
Staff
Staff

Created on ‎07-16-2024 12:07 PM

Hello @Marcos_FDS1012 ,

Thank you for confirming connectivity. Can you test by changing the email server port? In addition, can you collect the alert mail debugs as referenced in the first article?

Kind Regards,

827
Marcos_FDS1012
New Contributor III
In response to Quint021

Created on ‎07-16-2024 12:15 PM Edited on ‎07-16-2024 12:16 PM

Captura de tela 2024-07-16 161212.pngI'm using the default configuration, I don't know which port to change. I'm just starting to use this firewall and I don't know how to find the error.

824
0 Kudos
Yurisk
SuperUser
SuperUser

Created on ‎07-17-2024 02:13 AM Edited on ‎07-17-2024 02:13 AM

The "Filed Filters" in the Trigger mean to filter out on values in the log, they are NOT there to limit what is included in the mail sent. Remove all the Field Filters in the 1st screenshot, and it will work.

 

You will use filters if, say, you want to get alerts on a specific user only, ignoring logins of other users. 

 

E.g. fire an email alert to admin@yurisk.info when a user connects to the Fortigate by SSL VPN AND she/he connects from IP address 185.242.6.3 The email alert will contain full body message of the log

 

  • Trigger

config system automation-trigger
    edit "TunnelisUpLog"
        set event-type event-log
        set logid 39947
        config fields
            edit 1
                set name "remip"
                set value "185.242.6.3"
            next
        end
    next
end

 

  • Action:

config system automation-action
    edit "VPNUpEmail"
        set action-type email
        set email-to "admin@yurisk.info"
        set email-from "fgt@yurisk.info"
        set email-subject "FGT AWS VPN SSL tunnel is up"
    next
end

 

  • Stitch:

config sys automation-stitch
    edit "VPNTunnelUp"
        set trigger "TunnelisUpLog"
        config actions
            edit 1
                set action "VPNUpEmail"
                set required enable
            next
        end
    next
end

 

 

If you want to dive into automation stitches, including debug and limitations, look at the stitches collection I wrote: https://github.com/yuriskinfo/Fortinet-tools/tree/main/Fortigate-automation-stitches 

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
866
Marcos_FDS1012
New Contributor III
In response to Yurisk

Created on ‎07-17-2024 03:47 AM Edited on ‎07-17-2024 03:58 AM

Hello ,

Now I'm receiving the e-mail, but how do I set it up to receive information from the user who is logged in?

 

Captura de tela 2024-07-17 075744.png

724
0 Kudos
Marcos_FDS1012
New Contributor III
In response to Marcos_FDS1012

Created on ‎07-17-2024 06:01 AM

Hello,

I managed to make it work thanks for your help

826
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.