Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Fortilover
Contributor

Created on ‎09-18-2024 01:57 AM

Creation of Trigger for Violation against Application Control Settings

Dear Fortinet Community.

 

I have a question regarding the creation of triggers when it comes to a violation against our Application Control. Means we have blocked a specific Category in the Application Control settings. And if a person wants to use this Application from the category it gets an answer (shown as webpage while surfing) from the fortigate that the use of this applicaion is against internet usage policy. It looks like this:

Screenshot 2024-09-18 105219.png

 

Now I would like to create an e-mail notification via Security Fabric -> Automation. I cannot find a trigger for that event. Can anyone help me to setup such a Stitch or Trigger?

 

Model: Fortigate 100F

Version: 7.4.4

 

With kindest regards

FortiLover

619
0 Kudos
1 Solution
Fortilover
Contributor
In response to AlexC-FTNT

Created on ‎10-08-2024 02:40 AM

We need to state that we wanted this because we have not used FortiAnalyzer. Without Fortianalyzer and without a firewall with a harddisc inside we had no chance to view reports for a longer period of time. So we had the idea to use these kind of triggers. We now have installed FortiAnalyzer and this helped us to give us a chance to comprehend attempts to use services in WAN which are not in line with our policies and rules. It is no real solution for the request. But it is a solution for us. FortiAnalyzer is a nice tool. Everyone who is using a Fortigate should have this product. FortiAnlyzer is a lovely tool :)

View solution in original post

244
0 Kudos
4 REPLIES 4
AlexC-FTNT
Staff
Staff

Created on ‎09-18-2024 02:39 AM Edited on ‎09-18-2024 02:41 AM

I thought you can use the log IDs from here

https://docs.fortinet.com/document/fortigate/7.6.0/fortios-log-message-reference/270/app-ctrl

of interest could be 28705, and create this in a trigger.

But testing this in Fortigate I get an "Unrecognized logid" message.

 

 

So maybe there is another way, or I should have the App Control enabled in some policy prior to creating this trigger.

 


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
Preview file
64 KB
606
Fortilover
Contributor
In response to AlexC-FTNT

Created on ‎09-18-2024 03:07 AM

Just checked it. When creating a trigger and choosed FortiOS Event Log it seems so that there is no entry for 28705. Looks like this:

 

Screenshot 2024-09-18 120605.png

 

Did I do it wrong?

587
0 Kudos
AlexC-FTNT
Staff
Staff
In response to Fortilover

Created on ‎09-19-2024 01:21 AM

No, you did nothing wrong. But I was also not able to do it this way (as I mentioned, I got an error). I think there are only certain log IDs that can be used there.


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
500
Fortilover
Contributor
In response to AlexC-FTNT

Created on ‎10-08-2024 02:40 AM

We need to state that we wanted this because we have not used FortiAnalyzer. Without Fortianalyzer and without a firewall with a harddisc inside we had no chance to view reports for a longer period of time. So we had the idea to use these kind of triggers. We now have installed FortiAnalyzer and this helped us to give us a chance to comprehend attempts to use services in WAN which are not in line with our policies and rules. It is no real solution for the request. But it is a solution for us. FortiAnalyzer is a nice tool. Everyone who is using a Fortigate should have this product. FortiAnlyzer is a lovely tool :)

245
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.