Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
llewesc1
New Contributor III

Created on ‎07-24-2025 01:43 PM Edited on ‎07-24-2025 01:44 PM

Reboot Downstream FortiGate on Fabric via Automation

I am trying to reboot a downstream device in the fabric, but the automation stitch is not triggering.

 

The trigger is a weekly schedule at hour 3 (3am - see image below). For action, I've tried using the system action (included with v7.2 onward) as well as a CLI Script for the reboot.

 

Interesting points to note:

 

 

  • If I use the system action and click on the Test Automation Stitch, it reboots the downstream device.
  • If I use the CLI Script and click on the Test Automation Stitch, it reboots the root and downstream device.
  • Waiting for the trigger to reboot in either instance never occurs. 

Any help is appreciated.

 

All devices are running 7.6.3

Root device is a 600E

Downstream device is a 40F

 

I have followed the below, but this does not mention if it can be used for a downstream device in a fabric.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-Automation-Stitch-to-schedule-restar...

 

Trigger Reboot.png

Labels:
368
0 Kudos
1 Solution
llewesc1
New Contributor III

Created on ‎08-01-2025 07:06 AM Edited on ‎08-01-2025 07:10 AM

Working with TAC, we determined the issue was related to the time zone setting (System > System > Time zone). For the automation stitch to work, the downstream FortiGate time had to match the root.

 

So even if your root FortiGate is in Toronto (GMT-5) and your satellite is in Vancouver (GMT-8), the time zones still have to match, so that the actual time on the firewall match.

 

I would've thought there'd be mention of it under Schedule trigger and wasn't able to find documentation anywhere else citing this caveat. If someone reads this ands knows where to find it please post.

 

Another item worth mentioning, our root FortiGate is not configured to be an NTP server for the downstream devices.

 

- Thanks

View solution in original post

240
0 Kudos
8 REPLIES 8
RosenlindPer
New Contributor II

Created on ‎07-27-2025 11:08 PM

Hi,

You can choose which device in the fabric that the stitch should be applied on, so just chose your downstream fortigate.

 

/PR

per@fortiknight.com
per@fortiknight.com
312
llewesc1
New Contributor III
In response to RosenlindPer

Created on ‎07-28-2025 05:24 AM

To clarify, the downstream device is selected. Recall, when using the system action and clicking on the Test Automation Stitch, it reboots the downstream device. I've opened a ticket with TAC.

297
0 Kudos
RosenlindPer
New Contributor II
In response to llewesc1

Created on ‎07-28-2025 05:59 AM

For your TAC ticket, make sure you follow the steps here and attach the logs in the ticket.

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Troubleshooting-Security-Fabric-Issu...

 

Unless it solves the issue for you :)

/PR

per@fortiknight.com
per@fortiknight.com
289
0 Kudos
llewesc1
New Contributor III

Created on ‎08-01-2025 07:06 AM Edited on ‎08-01-2025 07:10 AM

Working with TAC, we determined the issue was related to the time zone setting (System > System > Time zone). For the automation stitch to work, the downstream FortiGate time had to match the root.

 

So even if your root FortiGate is in Toronto (GMT-5) and your satellite is in Vancouver (GMT-8), the time zones still have to match, so that the actual time on the firewall match.

 

I would've thought there'd be mention of it under Schedule trigger and wasn't able to find documentation anywhere else citing this caveat. If someone reads this ands knows where to find it please post.

 

Another item worth mentioning, our root FortiGate is not configured to be an NTP server for the downstream devices.

 

- Thanks

241
0 Kudos
RosenlindPer
New Contributor II
In response to llewesc1

Created on ‎08-03-2025 07:42 AM

So timezones have to match, it just doesn't trigger on the "root fortigates timezone"? 

per@fortiknight.com
per@fortiknight.com
211
0 Kudos
llewesc1
New Contributor III
In response to RosenlindPer

Created on ‎08-05-2025 08:56 AM

Yes, the time zone (or just the time possibly) have to match. When trying with the root set to America/Toronto and the downstream set to America/Vancouver it would not trigger via the schedule. When we set the downstream to America/Toronto, it worked as scheduled.

183
0 Kudos
RosenlindPer
New Contributor II
In response to llewesc1

Created on ‎08-07-2025 09:29 AM

Did you get any bugid on this one? 

 

per@fortiknight.com
per@fortiknight.com
160
0 Kudos
llewesc1
New Contributor III
In response to RosenlindPer

Created on ‎08-07-2025 10:52 AM

They did not provide one.

148
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.