Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Fullmoon
Contributor III

WAN link failure notifications

Configured 2 or more wan links, Is there a way fortigate can send email to IT Admin whenever one of the ISP's fails?

Under Email Alert Settings>Administrative these are the options available. >Disk usage exceeds >FortiGuard renewal due within >Administrator login/logout >Configuration change Firewall authentication failure HA status change

Its a nice feature to alert the customer having bad ISP performance.

Fortigate Newbie

Fortigate Newbie
4 REPLIES 4
tanr
Valued Contributor II

That would be convenient.  Not sure of a simple way to do that just on the Fortigate.  Maybe SNMP like https://docs.fortinet.com/uploaded/files/1641/using-SNMP-to-monitor-the-FortiGate-unit.pdf or similar?

 

If you've got a FortiAnalyzer connected to your FortiGates, you can configure its event handlers to send emails in response to interface down events with pretty good granularity.

Fullmoon
Contributor III

thanks @tanr.

FAZ is on his way to our network. would you mind where in FAZ settings I could do some configurations to achieve my goal? 

Fortigate Newbie

Fortigate Newbie
tanr
Valued Contributor II

On the FortiGate you'll need to have a link-monitor set up to monitor the wan ports.  You probably already have this so that you can failover from one wan to the other.

 

In the FAZ GUI (I'm running 5.4.4), go to Event Management, and choose Event Handler List from the left hand side.

 

In the lists of events you should have a default Interface Down handler, which is likely disabled.  You can create a clone of it to work with and just turn the clone On.  Mine has two filters (requiring All to match):

 

    Action    Equal to    interface-stat-change

    Action    Equal to    DOWN

 

If desired, you could add a generic text filter to match the port name in the message.

 

You can set this event handler to send an alert email to you.  You will have needed to configure your email server details for the FortiAnalyzer first (System Settings, Advanced, Mail Server).

 

BTW, if you set up the FortiAnalyzer for email notifications, you'll probably want to modify the default settings it has for UTM Antivirus Event if you are using FortiSandbox.  The default UTM Antivirus event matches not only every virus event, but also every Sandbox report that comes back "clean" meaning no virus.  To avoid that, you can modify the event by changing its generic text filter from

 

    virus!='' and virus!='N/A'

to

    virus!='' and virus!='N/A' and virus!='clean'

 

Fullmoon
Contributor III

will try this @tanr. appreciate your inputs then.

Fortigate Newbie

Fortigate Newbie
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors