Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Fullmoon
Contributor III

Created on ‎11-16-2017 06:03 PM

WAN link failure notifications

Configured 2 or more wan links, Is there a way fortigate can send email to IT Admin whenever one of the ISP's fails?

Under Email Alert Settings>Administrative these are the options available. >Disk usage exceeds >FortiGuard renewal due within >Administrator login/logout >Configuration change Firewall authentication failure HA status change

Its a nice feature to alert the customer having bad ISP performance.

Fortigate Newbie

Fortigate Newbie
17611
0 Kudos
4 REPLIES 4
tanr
Valued Contributor II

Created on ‎11-16-2017 06:47 PM

That would be convenient.  Not sure of a simple way to do that just on the Fortigate.  Maybe SNMP like https://docs.fortinet.com/uploaded/files/1641/using-SNMP-to-monitor-the-FortiGate-unit.pdf or similar?

 

If you've got a FortiAnalyzer connected to your FortiGates, you can configure its event handlers to send emails in response to interface down events with pretty good granularity.

4751
0 Kudos
Fullmoon
Contributor III
In response to tanr

Created on ‎11-16-2017 06:57 PM

thanks @tanr.

FAZ is on his way to our network. would you mind where in FAZ settings I could do some configurations to achieve my goal? 

Fortigate Newbie

Fortigate Newbie
4751
0 Kudos
tanr
Valued Contributor II
In response to Fullmoon

Created on ‎11-16-2017 07:30 PM

On the FortiGate you'll need to have a link-monitor set up to monitor the wan ports.  You probably already have this so that you can failover from one wan to the other.

 

In the FAZ GUI (I'm running 5.4.4), go to Event Management, and choose Event Handler List from the left hand side.

 

In the lists of events you should have a default Interface Down handler, which is likely disabled.  You can create a clone of it to work with and just turn the clone On.  Mine has two filters (requiring All to match):

 

    Action    Equal to    interface-stat-change

    Action    Equal to    DOWN

 

If desired, you could add a generic text filter to match the port name in the message.

 

You can set this event handler to send an alert email to you.  You will have needed to configure your email server details for the FortiAnalyzer first (System Settings, Advanced, Mail Server).

 

BTW, if you set up the FortiAnalyzer for email notifications, you'll probably want to modify the default settings it has for UTM Antivirus Event if you are using FortiSandbox.  The default UTM Antivirus event matches not only every virus event, but also every Sandbox report that comes back "clean" meaning no virus.  To avoid that, you can modify the event by changing its generic text filter from

 

    virus!='' and virus!='N/A'

to

    virus!='' and virus!='N/A' and virus!='clean'

 

4751
0 Kudos
Fullmoon
Contributor III
In response to tanr

Created on ‎11-17-2017 01:34 AM

will try this @tanr. appreciate your inputs then.

Fortigate Newbie

Fortigate Newbie
4762
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.