- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Email Alert Fortigate 7.0
I'm practicing with Email Alert Fortigate 7.0. My config as above picture (password is app password on gmail) but not working.
I think need more config rule on Fortigate that right ?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
You may consider to run the commands below and check debug traces:
diag debug console timestamp enable
diag debug application alertmail -1
diagnose log alertmail test
Please find more details by following the link below:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Email-alert/ta-p/199344
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
what is problem in this log ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
DNS looks good, however TLS session was not established.
I also noticed that SMTP server was changed from "smtp.gmail.com" to "notification.fortinet.net".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @truongphan
Thank you for posting your query.
As per the attached screenshot configuration looks correct.
In the lab with the same configuration, we are getting an admin login failed event.
In the below config example, the email server is the default. Try to set up the default Fortinet server and check if you are getting the event logs or not to isolate the issue.
E.g:-
config system email-server
set server "notification.fortinet.net"
set port 465
set security smtps
end
config sys automation-stitch
edit "test123"
set trigger "adminlogin"
config actions
edit 1
set action "auto-cli-1_email"
set required enable
next
end
config sys automation-trigger
edit "adminlogin"
set event-type event-log
set logid 32002
next
end
config system automation-action
edit "auto-cli-1_email"
set action-type email
set email-to "example@abc.com"
set email-subject "CSF stitch alert"
next
When attempted failed login received below event log:-
date=2023-08-15 time=16:21:35 devid="seril_no" devname="test_lab" eventtime=1692096695636257165 tz="+0530" logid="0100032002" type="event" subtype="system" level="alert" vd="root" logdesc="Admin login failed" sn="0" user="admin" ui="https(10.5.63.254)" method="https" srcip=10.5.63.254 dstip=10.5.52.11 action="login" status="failed" reason="passwd_invalid" msg="Administrator admin login failed from https(10.5.63.254) because of invalid password"
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This config follow your config but still not working
System Event log I get this log
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @truongphan
Please follow the below link for alert email-related troubleshooting
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Email-alert/ta-p/199344
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I run debug i get this log
Have you know this problem ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @truongphan
As per the debug logs, we were receiving this error "failed in create_ssl_ctx" while sending email alert through the fortigate firewall.
Which is pointing toward the SSL handshake-related issue.
In the email server setting use default port 25 without security and test:-
config system email-server
set type custom
set server "notification.fortinet.net"
set port 25
set source-ip 0.0.0.0
set source-ip6 ::
set authenticate disable
set security none
set interface-select-method auto
end
Once done test the alert email again.
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
when i used port 25. Appear error code 221 and 530. I don't know how to fix it