- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
WAN link failure notifications
Configured 2 or more wan links, Is there a way fortigate can send email to IT Admin whenever one of the ISP's fails?
Under Email Alert Settings>Administrative these are the options available. >Disk usage exceeds >FortiGuard renewal due within >Administrator login/logout >Configuration change Firewall authentication failure HA status change
Its a nice feature to alert the customer having bad ISP performance.
Fortigate Newbie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That would be convenient. Not sure of a simple way to do that just on the Fortigate. Maybe SNMP like https://docs.fortinet.com/uploaded/files/1641/using-SNMP-to-monitor-the-FortiGate-unit.pdf or similar?
If you've got a FortiAnalyzer connected to your FortiGates, you can configure its event handlers to send emails in response to interface down events with pretty good granularity.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks @tanr.
FAZ is on his way to our network. would you mind where in FAZ settings I could do some configurations to achieve my goal?
Fortigate Newbie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
On the FortiGate you'll need to have a link-monitor set up to monitor the wan ports. You probably already have this so that you can failover from one wan to the other.
In the FAZ GUI (I'm running 5.4.4), go to Event Management, and choose Event Handler List from the left hand side.
In the lists of events you should have a default Interface Down handler, which is likely disabled. You can create a clone of it to work with and just turn the clone On. Mine has two filters (requiring All to match):
Action Equal to interface-stat-change
Action Equal to DOWN
If desired, you could add a generic text filter to match the port name in the message.
You can set this event handler to send an alert email to you. You will have needed to configure your email server details for the FortiAnalyzer first (System Settings, Advanced, Mail Server).
BTW, if you set up the FortiAnalyzer for email notifications, you'll probably want to modify the default settings it has for UTM Antivirus Event if you are using FortiSandbox. The default UTM Antivirus event matches not only every virus event, but also every Sandbox report that comes back "clean" meaning no virus. To avoid that, you can modify the event by changing its generic text filter from
virus!='' and virus!='N/A'
to
virus!='' and virus!='N/A' and virus!='clean'
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
will try this @tanr. appreciate your inputs then.
Fortigate Newbie
