Would anyone know a method within Fortinet to create an email alert when a specific SSL-VPN portal is logged into?
I have a tried using the security fabric automation on the event 'SSL VPN Tunnel UP' but I cant see a way to specify which tunnel I want the alert for, as we have a few.
I am running version: 6.4.8
As per my knowledge there is no feature for your request.
Lets wait for our team to confirm the same
you could certainly do an alert via FortiAnalyzer:
-> you have a lot of filtering options to trigger an alert email being sent, including looking for specific strings in log messages (such as 'logid=0101039424 and user~"<some_user>"')
-> you would have to check what raw log messages you want to trigger the alert exactly
If you don't have a FortiAnalyzer, only a FortiGate, there are additional options in FortiOS 7.0 and higher, I believe:
You could set a field-filter for specific usernames, or a similar criterion.
FortiGate does not log the specific SSLVPN portal a user goes through, though, but portals should be triggered by specific users, so that would probably be a way to go about it.
-> you would need to find something in the VPN logs that is unique to that specific portal being accessed (such as the username)
-> you could then create a handler on FortiAnalyzer or an automation stitch on FortiGate to trigger on VPN tunnel-up log coupled with that specific username.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.