SSL VPN alert

bw1 · ‎04-26-2022

Hello,

Would anyone know a method within Fortinet to create an email alert when a specific SSL-VPN portal is logged into?

I have a tried using the security fabric automation on the event 'SSL VPN Tunnel UP' but I cant see a way to specify which tunnel I want the alert for, as we have a few.

I am running version: 6.4.8

Many thanks,

seshuganesh · ‎04-26-2022

Hi Team,

As per my knowledge there is no feature for your request.

Lets wait for our team to confirm the same

Debbie_FTNT · ‎04-27-2022

Hey bw1,

you could certainly do an alert via FortiAnalyzer:

-> you have a lot of filtering options to trigger an alert email being sent, including looking for specific strings in log messages (such as 'logid=0101039424 and user~"<some_user>"')

-> you would have to check what raw log messages you want to trigger the alert exactly

If you don't have a FortiAnalyzer, only a FortiGate, there are additional options in FortiOS 7.0 and higher, I believe:

You could set a field-filter for specific usernames, or a similar criterion.

FortiGate does not log the specific SSLVPN portal a user goes through, though, but portals should be triggered by specific users, so that would probably be a way to go about it.

-> you would need to find something in the VPN logs that is unique to that specific portal being accessed (such as the username)

-> you could then create a handler on FortiAnalyzer or an automation stitch on FortiGate to trigger on VPN tunnel-up log coupled with that specific username.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++