Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    Home FortiADC 7.2.3 Handbook
    7.2.3
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.1
    6.0.0
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.7

    Configuring Automation Actions

    Configuring Automation Actions

    On the Security Fabric > Automation > Action tab, you can view the list of available automation response actions that have been user-defined. After defining your automation actions, you can combine them with a trigger to create an automation stitch. For details, see Creating automation stitches

    FortiADC supports six response action types:

    • CLI Script — Runs a CLI script in response to the trigger. This action is not supported for the Period Block IP trigger.
    • Syslog — Generates a syslog in response to the trigger.
    • Email — Sends a custom email notification in response to the trigger.
    • SNMP Trap — Sends an SNMP trap to the specified server in response to the trigger. This action is not supported for the Schedule trigger.
    • Webhook — Sends data to another application using a REST callback in response to the trigger.
    • FortiGate IP Ban — Blocks all traffic from the source IP addresses flagged by the FortiGate in response to the trigger. This action can only be used with the Period Block IP trigger.

    CLI Script

    Use this action to run a CLI script in response to a trigger event, such as to make appropriate configuration changes. The scripts can be manually entered or uploaded as a file.

    To configure a CLI Script response action:
    1. Go to Security Fabric > Automation.
    2. Click the Action tab.
    3. Click Create New and select CLI Script to display the configuration editor.
    4. Configure the following settings:

      Setting

      Description

      NameEnter a name for the new CLI Script action. The configuration name cannot be edited once it has been saved.
      Script

      Manually enter or upload the script.

      • To manually enter the script, type it into the Script field.
      • To upload a script file, click Choose File and locate the file on your management computer.

      Maximum 256 characters.

    5. Click Save.

    Syslog

    Use this action to generate a syslog message in response to a trigger event.

    To configure a Syslog response action:
    1. Go to Security Fabric > Automation.
    2. Click the Action tab.
    3. Click Create New and select Syslog to display the configuration editor.
    4. Configure the following settings:

      Setting

      Description

      NameEnter a name for the new Email action. The configuration name cannot be edited once it has been saved.
      AddressSpecify the IP address that will receive this message.
      PortSpecify the port that will receive this message. Range: 1-65535
    5. Click Save.

    Email

    Use this action to send a custom email notification in response to a trigger event.

    To configure an Email response action:
    1. Go to Security Fabric > Automation.
    2. Click the Action tab.
    3. Click Create New and select Email to display the configuration editor.
    4. Configure the following settings:

      Setting

      Description

      NameEnter a name for the new Email action. The configuration name cannot be edited once it has been saved.
      FromSpecify the sender email address of this notification.

      To

      Specify the recipient email address of this notification.

      Email Subject

      Specify the email subject string.

      Email Body

      Write the email message in the Email Body. Maximum 256 characters.

    5. Click Save.

    SNMP Trap

    Use this action to send SNMP traps to the specified server in response to a trigger event.

    To configure an SNMP Trap response action:
    1. Go to Security Fabric > Automation.
    2. Click the Action tab.
    3. Click Create New and select SNMP Trap to display the configuration editor.
    4. Configure the following settings:

      Setting

      Description

      NameEnter a name for the new SNMP Trap action. The configuration name cannot be edited once it has been saved.
      HostsSpecify the IP address that will receive this message.
      Version

      Select the SNMP version to use

      • v1

      • v2c

      • v3

      Local PortSpecify the source port number. Default: 162 Range: 0-65535
      Remote PortSpecify the destination port number. Default: 162 Range: 0-65535

      Security Level

      The Security Level option is available if v3 is selected for Version.

      The SNMP security level to use:

      • Auth But no Privacy

      • Auth And Privacy

      • No Privacy

      Auth Algorithm

      The Auth Algorithm option is available if Auth But no Privacy or Auth And Privacy is selected for Security Level.

      The authentication algorithm to use:

      • SHA1

      • MD5

      Auth Password

      The Auth Password option is available if Auth But no Privacy or Auth And Privacy is selected for Security Level.

      The password to the authentication algorithm.

      Private Algorithm

      The Private Algorithm option is available if Auth And Privacy is selected for Security Level.

      The private algorithm to use:

      • AES

      • DES

      Private Password

      The Private Password option is available if Auth And Privacy is selected for Security Level.

      The password to the private algorithm.

      User

      Specify the User.

    5. Click Save.

    Webhook

    Use this action to send data to another application using a REST callback in response to a trigger event.

    To configure a Webhook response action:
    1. Go to Security Fabric > Automation.
    2. Click the Action tab.
    3. Click Create New and select Webhook to display the configuration editor.
    4. Configure the following settings:

      Setting

      Description

      NameEnter a name for the new Webhook action. The configuration name cannot be edited once it has been saved.
      Protocol

      Select the request protocol to use:

      • HTTP

      • HTTP

      Method

      Specify the request method:

      • POST

      • PUT

      • GET

      • PATCH

      • DELETE

      URLSpecify the request URL. For example, 10.106.155.130:90/test
      HTTP Body

      Specify the request body. For example, 'msg': 'abc', 'user': 'jack'

      HTTP HeaderSpecify the HTTP request header name and value. For example, customerheader1:value1 customerheader2:value2
    5. Click Save.

    FortiGate IP Ban

    Use this action to block all traffic from the source addresses flagged by the FortiGate in response to the Period Block IP trigger. See FortiGate IP Ban action for details.

    To configure a FortiGate IP Ban response action:
    1. Go to Security Fabric > Automation.
    2. Click the Action tab.
    3. Click Create New and select FortiGate IP Ban to display the configuration editor.
    4. Configure the following settings:

      Setting

      Description

      NameEnter a name for the new FortiGate IP Ban action. The configuration name cannot be edited once it has been saved.
      TypeToken
      FortiGate Token

      Specify the FortiGate Token.

      To get the token, log in to FortiGate, go to System> Administrator, create a new REST API Administrator, then generate API key.

      FortiGate URLSpecify the IP address of the FortiGate URL. For example, https://10.106.155.107
    5. Click Save.
    Previous
    Next

    Configuring Automation Actions

    Configuring Automation Actions

    On the Security Fabric > Automation > Action tab, you can view the list of available automation response actions that have been user-defined. After defining your automation actions, you can combine them with a trigger to create an automation stitch. For details, see Creating automation stitches

    FortiADC supports six response action types:

    • CLI Script — Runs a CLI script in response to the trigger. This action is not supported for the Period Block IP trigger.
    • Syslog — Generates a syslog in response to the trigger.
    • Email — Sends a custom email notification in response to the trigger.
    • SNMP Trap — Sends an SNMP trap to the specified server in response to the trigger. This action is not supported for the Schedule trigger.
    • Webhook — Sends data to another application using a REST callback in response to the trigger.
    • FortiGate IP Ban — Blocks all traffic from the source IP addresses flagged by the FortiGate in response to the trigger. This action can only be used with the Period Block IP trigger.

    CLI Script

    Use this action to run a CLI script in response to a trigger event, such as to make appropriate configuration changes. The scripts can be manually entered or uploaded as a file.

    To configure a CLI Script response action:
    1. Go to Security Fabric > Automation.
    2. Click the Action tab.
    3. Click Create New and select CLI Script to display the configuration editor.
    4. Configure the following settings:

      Setting

      Description

      NameEnter a name for the new CLI Script action. The configuration name cannot be edited once it has been saved.
      Script

      Manually enter or upload the script.

      • To manually enter the script, type it into the Script field.
      • To upload a script file, click Choose File and locate the file on your management computer.

      Maximum 256 characters.

    5. Click Save.

    Syslog

    Use this action to generate a syslog message in response to a trigger event.

    To configure a Syslog response action:
    1. Go to Security Fabric > Automation.
    2. Click the Action tab.
    3. Click Create New and select Syslog to display the configuration editor.
    4. Configure the following settings:

      Setting

      Description

      NameEnter a name for the new Email action. The configuration name cannot be edited once it has been saved.
      AddressSpecify the IP address that will receive this message.
      PortSpecify the port that will receive this message. Range: 1-65535
    5. Click Save.

    Email

    Use this action to send a custom email notification in response to a trigger event.

    To configure an Email response action:
    1. Go to Security Fabric > Automation.
    2. Click the Action tab.
    3. Click Create New and select Email to display the configuration editor.
    4. Configure the following settings:

      Setting

      Description

      NameEnter a name for the new Email action. The configuration name cannot be edited once it has been saved.
      FromSpecify the sender email address of this notification.

      To

      Specify the recipient email address of this notification.

      Email Subject

      Specify the email subject string.

      Email Body

      Write the email message in the Email Body. Maximum 256 characters.

    5. Click Save.

    SNMP Trap

    Use this action to send SNMP traps to the specified server in response to a trigger event.

    To configure an SNMP Trap response action:
    1. Go to Security Fabric > Automation.
    2. Click the Action tab.
    3. Click Create New and select SNMP Trap to display the configuration editor.
    4. Configure the following settings:

      Setting

      Description

      NameEnter a name for the new SNMP Trap action. The configuration name cannot be edited once it has been saved.
      HostsSpecify the IP address that will receive this message.
      Version

      Select the SNMP version to use

      • v1

      • v2c

      • v3

      Local PortSpecify the source port number. Default: 162 Range: 0-65535
      Remote PortSpecify the destination port number. Default: 162 Range: 0-65535

      Security Level

      The Security Level option is available if v3 is selected for Version.

      The SNMP security level to use:

      • Auth But no Privacy

      • Auth And Privacy

      • No Privacy

      Auth Algorithm

      The Auth Algorithm option is available if Auth But no Privacy or Auth And Privacy is selected for Security Level.

      The authentication algorithm to use:

      • SHA1

      • MD5

      Auth Password

      The Auth Password option is available if Auth But no Privacy or Auth And Privacy is selected for Security Level.

      The password to the authentication algorithm.

      Private Algorithm

      The Private Algorithm option is available if Auth And Privacy is selected for Security Level.

      The private algorithm to use:

      • AES

      • DES

      Private Password

      The Private Password option is available if Auth And Privacy is selected for Security Level.

      The password to the private algorithm.

      User

      Specify the User.

    5. Click Save.

    Webhook

    Use this action to send data to another application using a REST callback in response to a trigger event.

    To configure a Webhook response action:
    1. Go to Security Fabric > Automation.
    2. Click the Action tab.
    3. Click Create New and select Webhook to display the configuration editor.
    4. Configure the following settings:

      Setting

      Description

      NameEnter a name for the new Webhook action. The configuration name cannot be edited once it has been saved.
      Protocol

      Select the request protocol to use:

      • HTTP

      • HTTP

      Method

      Specify the request method:

      • POST

      • PUT

      • GET

      • PATCH

      • DELETE

      URLSpecify the request URL. For example, 10.106.155.130:90/test
      HTTP Body

      Specify the request body. For example, 'msg': 'abc', 'user': 'jack'

      HTTP HeaderSpecify the HTTP request header name and value. For example, customerheader1:value1 customerheader2:value2
    5. Click Save.

    FortiGate IP Ban

    Use this action to block all traffic from the source addresses flagged by the FortiGate in response to the Period Block IP trigger. See FortiGate IP Ban action for details.

    To configure a FortiGate IP Ban response action:
    1. Go to Security Fabric > Automation.
    2. Click the Action tab.
    3. Click Create New and select FortiGate IP Ban to display the configuration editor.
    4. Configure the following settings:

      Setting

      Description

      NameEnter a name for the new FortiGate IP Ban action. The configuration name cannot be edited once it has been saved.
      TypeToken
      FortiGate Token

      Specify the FortiGate Token.

      To get the token, log in to FortiGate, go to System> Administrator, create a new REST API Administrator, then generate API key.

      FortiGate URLSpecify the IP address of the FortiGate URL. For example, https://10.106.155.107
    5. Click Save.
    Previous
    Next