Hi all,
it's possible to create an email warning message (on the fortigate or fortianalyzer) when the interface limit has been exceeded over 2 minute?
Thank's in advance
Maurizio
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @Rizio
FortiGate allows you to define custom alert conditions based on various criteria. In this case, you want to trigger an alert when the interface traffic exceeds a certain threshold for more than 2 minutes. You would typically use the FortiGate scripting language, called FortiScript, to create this custom condition. Here's a simplified example:
In this script, we define a condition that checks if the traffic on a specific interface exceeds a certain threshold for 2 minutes. When this condition is met, it triggers a script that sends an email alert
Regards
Verender
Hello @Rizio
FortiGate allows you to define custom alert conditions based on various criteria. In this case, you want to trigger an alert when the interface traffic exceeds a certain threshold for more than 2 minutes. You would typically use the FortiGate scripting language, called FortiScript, to create this custom condition. Here's a simplified example:
In this script, we define a condition that checks if the traffic on a specific interface exceeds a certain threshold for 2 minutes. When this condition is met, it triggers a script that sends an email alert
Regards
Verender
Thank you so much KumarV.
Do you think this solution may be applied also in Fortianalyzer, in the event handler section? (to avoid to do it on all my firewalls)
its is working in fortianalyzer ?
Created on 07-31-2024 05:04 AM Edited on 07-31-2024 05:05 AM
Hello obulareddy,
nope, in my fortianalyzer (7.0.12) doesn't work.
Rizio
Hello Verender,
I've been try to implement your script on one fortigate but I'm unable to complete a command.
After "config sys" I don't see "eventhandler" section.
Which version of FortiOS you have?
On my fortinet run 6.4.14 and 7.0.12 FortiOS.
Regards
Maurizio
then how you are configured ?
I don't have configure any warning.
It's impossbile to configure in any fortigate, you MUST have a particular FIPS image.
As fortinet support told me in one support ticket:
"The Outbound bandwidth and Inbound bandwidth rate exceeded event will get generated only when FIPS-CC is enabled as per design.
Only certain versions and model are FIPS-CC certified and the configuration has to be done while the unit is in factory default settings.Browse to support.fortinet.com/Download/FirmwareImages.aspx for the FIPS-CC-Certified images.
For units where FIPS-CC is not enabled, the above configuration will not work."
Rizio
thanks for the replying and it is possible to do it in Forti analyzer latest version ?
Hi obulareddy,
I don't know, I don't have tested on my fortianalyzer, sorry.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1667 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.