I currently have event triggers working on the FortiGate to ban IP's when the event handler on the FortiAnalyzer sees a matching event from the FortiGate. I also have an alert working within FortiAnalyzer for FortiMail when the event handler sees a matching event from the FortiMail.
I recall reading somewhere, when the FortiGate Event Handler is triggered, it only notifies the device from where it originated, which explains why I cannot get it to trigger on the FortiGate since it originated from FortiMail.
I'm trying to determine how I can ban an IP on the FortiGate from and event captured on the FortiMail using FortiAnalyzer. Is this possible? Has anyone done anything similar?
NOTE: In the images below, I have email alert configured instead ban IP for testing purposes.
Working Email Alert In FortiAnalyzer
Not Working FortiGate Automation Stitch
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Without making any changes to the automation stich, I was able to get this working by adding the FortiMail as a downstream device in the FortiGate Security Fabric.
Hello likewesc1,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Without making any changes to the automation stich, I was able to get this working by adding the FortiMail as a downstream device in the FortiGate Security Fabric.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.