Dear Fortinet Community.
I have a question regarding the creation of triggers when it comes to a violation against our Application Control. Means we have blocked a specific Category in the Application Control settings. And if a person wants to use this Application from the category it gets an answer (shown as webpage while surfing) from the fortigate that the use of this applicaion is against internet usage policy. It looks like this:
Now I would like to create an e-mail notification via Security Fabric -> Automation. I cannot find a trigger for that event. Can anyone help me to setup such a Stitch or Trigger?
Model: Fortigate 100F
Version: 7.4.4
With kindest regards
FortiLover
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
We need to state that we wanted this because we have not used FortiAnalyzer. Without Fortianalyzer and without a firewall with a harddisc inside we had no chance to view reports for a longer period of time. So we had the idea to use these kind of triggers. We now have installed FortiAnalyzer and this helped us to give us a chance to comprehend attempts to use services in WAN which are not in line with our policies and rules. It is no real solution for the request. But it is a solution for us. FortiAnalyzer is a nice tool. Everyone who is using a Fortigate should have this product. FortiAnlyzer is a lovely tool :)
I thought you can use the log IDs from here
https://docs.fortinet.com/document/fortigate/7.6.0/fortios-log-message-reference/270/app-ctrl
of interest could be 28705, and create this in a trigger.
But testing this in Fortigate I get an "Unrecognized logid" message.
So maybe there is another way, or I should have the App Control enabled in some policy prior to creating this trigger.
Just checked it. When creating a trigger and choosed FortiOS Event Log it seems so that there is no entry for 28705. Looks like this:
Did I do it wrong?
No, you did nothing wrong. But I was also not able to do it this way (as I mentioned, I got an error). I think there are only certain log IDs that can be used there.
We need to state that we wanted this because we have not used FortiAnalyzer. Without Fortianalyzer and without a firewall with a harddisc inside we had no chance to view reports for a longer period of time. So we had the idea to use these kind of triggers. We now have installed FortiAnalyzer and this helped us to give us a chance to comprehend attempts to use services in WAN which are not in line with our policies and rules. It is no real solution for the request. But it is a solution for us. FortiAnalyzer is a nice tool. Everyone who is using a Fortigate should have this product. FortiAnlyzer is a lovely tool :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.