Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
truongphan
New Contributor

Created on ‎08-15-2023 01:31 AM

Email Alert Fortigate 7.0

Capture1.PNGCapture.PNG

I'm practicing with Email Alert Fortigate 7.0. My config as above picture (password is app password on gmail) but not working.

I think need more config rule on Fortigate that right ?

Labels:
1604
0 Kudos
10 REPLIES 10
abarushka
Staff
Staff

Created on ‎08-15-2023 03:56 AM

Hello,

 

You may consider to run the commands below and check debug traces:

 

diag debug console timestamp enable
diag debug application alertmail -1
diagnose log alertmail test

 

Please find more details by following the link below:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Email-alert/ta-p/199344

FortiGate
1365
0 Kudos
truongphan
New Contributor
In response to abarushka

Created on ‎08-15-2023 04:43 AM

Capture3.PNG

what is problem in this log ?

1327
0 Kudos
abarushka
Staff
Staff
In response to truongphan

Created on ‎08-15-2023 04:54 AM

Hello,

 

DNS looks good, however TLS session was not established.

 

I also noticed that SMTP server was changed from "smtp.gmail.com" to "notification.fortinet.net".

FortiGate
1320
0 Kudos
pgautam
Staff
Staff

Created on ‎08-15-2023 04:04 AM

 

Hi @truongphan 


Thank you for posting your query.

 

As per the attached screenshot configuration looks correct.

 

In the lab with the same configuration, we are getting an admin login failed event.

In the below config example, the email server is the default. Try to set up the default Fortinet server and check if you are getting the event logs or not to isolate the issue.

E.g:-

config system email-server
set server "notification.fortinet.net"
set port 465
set security smtps
end

config sys automation-stitch
edit "test123"
set trigger "adminlogin"
config actions
edit 1
set action "auto-cli-1_email"
set required enable
next
end
config sys automation-trigger
edit "adminlogin"
set event-type event-log
set logid 32002
next
end

config system automation-action
edit "auto-cli-1_email"
set action-type email
set email-to "example@abc.com"
set email-subject "CSF stitch alert"
next


When attempted failed login received below event log:-
date=2023-08-15 time=16:21:35 devid="seril_no" devname="test_lab" eventtime=1692096695636257165 tz="+0530" logid="0100032002" type="event" subtype="system" level="alert" vd="root" logdesc="Admin login failed" sn="0" user="admin" ui="https(10.5.63.254)" method="https" srcip=10.5.63.254 dstip=10.5.52.11 action="login" status="failed" reason="passwd_invalid" msg="Administrator admin login failed from https(10.5.63.254) because of invalid password"

 

Regards
Priyanka


- Have you found a solution? Then give your helper a "Kudos" and mark the solution

1356
0 Kudos
truongphan
New Contributor
In response to pgautam

Created on ‎08-15-2023 04:36 AM

This config follow your config but still not working

Capture2.PNG

System Event log I get this log 

1339
0 Kudos
pgautam
Staff
Staff
In response to truongphan

Created on ‎08-15-2023 04:40 AM

Hi @truongphan 

 

Please follow the below link for alert email-related troubleshooting

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Email-alert/ta-p/199344

 

 

Regards
Priyanka


- Have you found a solution? Then give your helper a "Kudos" and mark the solution

1332
0 Kudos
truongphan
New Contributor
In response to pgautam

Created on ‎08-15-2023 04:41 AM

I run debug i get this log 

Capture3.PNG

Have you  know this problem ?

1330
0 Kudos
pgautam
Staff
Staff
In response to truongphan

Created on ‎08-15-2023 04:57 AM

Hi @truongphan 


As per the debug logs, we were receiving this error "failed in create_ssl_ctx" while sending email alert through the fortigate firewall.

Which is pointing toward the SSL handshake-related issue.

In the email server setting use default port 25 without security and test:-

config system email-server
set type custom
set server "notification.fortinet.net"
set port 25
set source-ip 0.0.0.0
set source-ip6 ::
set authenticate disable
set security none
set interface-select-method auto
end

Once done test the alert email again.


Regards
Priyanka


- Have you found a solution? Then give your helper a "Kudos" and mark the solution

1318
0 Kudos
truongphan
New Contributor
In response to pgautam

Created on ‎08-15-2023 05:08 AM

Capture5.PNG

when i used port 25. Appear error code 221 and 530. I don't know how to fix it 

1308
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.