Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Marcos_FDS1012
Contributor

Created on ‎07-16-2024 08:10 AM

Automation Configuration Receive SSL VPN E-mail

I have 60F V.7.2.8 and I'm configuring automation to receive e-mail when the user connects to the SSL VPN and when they leave, but I'm not receiving the e-mails.Captura de tela 2024-07-16 120454.pngCaptura de tela 2024-07-16 120546.pngCaptura de tela 2024-07-16 120650.png

Labels:
1954
0 Kudos
2 Solutions
Yurisk
SuperUser
SuperUser

Created on ‎07-17-2024 02:13 AM Edited on ‎07-17-2024 02:13 AM

The "Filed Filters" in the Trigger mean to filter out on values in the log, they are NOT there to limit what is included in the mail sent. Remove all the Field Filters in the 1st screenshot, and it will work.

 

You will use filters if, say, you want to get alerts on a specific user only, ignoring logins of other users. 

 

E.g. fire an email alert to admin@yurisk.info when a user connects to the Fortigate by SSL VPN AND she/he connects from IP address 185.242.6.3 The email alert will contain full body message of the log

 

  • Trigger

config system automation-trigger
    edit "TunnelisUpLog"
        set event-type event-log
        set logid 39947
        config fields
            edit 1
                set name "remip"
                set value "185.242.6.3"
            next
        end
    next
end

 

  • Action:

config system automation-action
    edit "VPNUpEmail"
        set action-type email
        set email-to "admin@yurisk.info"
        set email-from "fgt@yurisk.info"
        set email-subject "FGT AWS VPN SSL tunnel is up"
    next
end

 

  • Stitch:

config sys automation-stitch
    edit "VPNTunnelUp"
        set trigger "TunnelisUpLog"
        config actions
            edit 1
                set action "VPNUpEmail"
                set required enable
            next
        end
    next
end

 

 

If you want to dive into automation stitches, including debug and limitations, look at the stitches collection I wrote: https://github.com/yuriskinfo/Fortinet-tools/tree/main/Fortigate-automation-stitches 

 

Yuri Slobodyanyuk

View solution in original post

Yuri Slobodyanyuk
1807
Marcos_FDS1012
Contributor
In response to Marcos_FDS1012

Created on ‎07-17-2024 06:01 AM

Hello,

I managed to make it work thanks for your help

View solution in original post

1767
10 REPLIES 10
Yurisk
SuperUser
SuperUser
In response to Marcos_FDS1012

Created on ‎07-17-2024 06:07 AM

Yes, the best way to include specific parts of log in the email body is to take the real log from Fortigate as raw log, and see what log fields are important to you. You can use them in Message part:

 

config sys automation-action
    edit ""AdminLoggedIn"
        set action-type email
        set email-to "admin@yurisk.info"
        set email-from "fgt@yurisk.info"
        set email-subject "Admin user %%user%% logged in"
        set message  "Source IP: %%srcip%%
Time: %%time%%"
    next
end
Yuri Slobodyanyuk
Yuri Slobodyanyuk
257
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.