Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tutek
Contributor

Link monitor status do not work

Hi,

I have in "Automation" configured event "Link Monitor Event" with action email notification, now I have multiple ipsec tunnels with performance sla applied, these tunnel often turn off / tur on but I never get any email notification. Email service is working for sure. How to troubleshoot this?

18 REPLIES 18
gfleming
Staff
Staff

Can you show details of your Automation trigger?

 

show system automation-trigger <TRIGGER_NAME>

Cheers,
Graham
Tutek
Contributor

FGT # show system automation-trigger Link\ Monitor\ Status 
config system automation-trigger
    edit "Link Monitor Status"
        set event-type event-log
        set logid 22922
    next
end

FGT # show system automation-trigger Network\ Down 
config system automation-trigger
    edit "Network Down"
        set event-type event-log
        set logid 20099
        config fields
            edit 1
                set name "status"
                set value "DOWN"
            next
        end
    next
end
gfleming

AFAIK the link down log ID 22922  is for physical links. 

 

You may want to look at log id 0101037138 instead for monitoring your IPSec tunnels. More info here: https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/834425/understanding-vpn-rel...

Cheers,
Graham
Tutek

I need to have sd-wan IPsec interfaces notification when they are down, what options in fortigate I have to achieve this?

gfleming

Create a new trigger based on the IPSec log ID i posted above. And then create a new stitch based on that trigger. Similar to what you have now for Network Down / link monitor.

Cheers,
Graham
Tutek

I have tried to configure trigger with your login but then I get error:

FGT (automation-trigger) # edit Ipsec\ VPN\ tunnel\ down 

FGT (Ipsec VPN tunnel~own) # set logid 0101037138
The logid value 101037138 must be in the range of 1-65535.

value parse error before '0101037138'
Command fail. Return code -61
funkylicious

Hi,

 

Try:

 

23101 - LOG_ID_IPSEC_TUNNEL_UP

23102 - LOG_ID_IPSEC_TUNNEL_DOWN

geek
geek
Tutek

Hi,

yes I have this configured

 

edit "Ipsec VPN tunnel down"
        set event-type event-log
        set logid 23102
    next

 

but I don't get any email notifications.

 

funkylicious

Hi,

Can you please post a sanitized log w/ all the details, that you see on the FGT when the tunnel is down?

 

geek
geek
Labels
Top Kudoed Authors