Description
This article describes how to use automation stitches to automatically send alert emails if the user disconnects the SSL-VPN tunnel connection and how to disable the notification.
Scope
FortiGate v6.2,FortiGate v6.4,FortiGate v7.0.
Solution
1) Create a new automation stitch: Go to Security Fabric -> Automation and select ‘Create New’.
2) Assign a name, select Trigger ‘Event Log’, and action ‘Email’. Optionally, decide on which FortiGates in the Fabric will have the Automation stitch.
3) Select the Event as SSL-VPN tunnel Down (Event id – 39425) and save it.
4) As soon as the user disconnects the VPN email alert will be triggered.
Refer to the below-mentioned debug output from CLI.
FGT[FGVM010000-----7] Automation Stitch:tunnel down is triggered.5) The below-mentioned is an example of an alert email.
SSL VPN tunnel down(Manual down)
mail_info:
from:notification.fortinet.net user:noreply
mail_info:
reverse path:noreply@notification.fortinet.net
Note:
For the alert email to be sent when the automation stitch is triggered, an email server needs to be configured, check the ‘To configure email server’ section via this link:
There might be cases when it is desired to disable the notification emails sent on SSL login.
This can be achieved by running the following commands:
# config alertemail setting
set sslvpn-authentication-errors-logs disable
Note:
There are two possible settings for 'filter-mode' - 'category' and 'threshold'.
If the filter mode is set to 'threshold', only commands for threshold criteria can be used and the following error message will be displayed:
# set sslvpn-authentication-errors-logs disable
command parse error before 'sslvpn-authentication-errors-logs'
Command fail. Return code -61
The solution is to change it to 'category':
# config alertemail setting
set filter-mode category
set sslvpn-authentication-errors-logs disable
end
