Fortinet white logo
Fortinet white logo

Administration Guide

System action

System action

The system action can be used to back up the configuration of the FortiGate, reboot the FortiGate, or shut down the FortiGate.

These actions can occur even if the FortiGate is in conserve mode, and allows the automation stitch to bypass the CLI user confirmation prompts, which the CLI script action does not support.

config system automation-action
    edit <name>
        set action-type system-actions
        set system-action {reboot | shutdown | backup-config}
    next
end

Example

In this example, an automation stitch is created that uses a low-memory event trigger, a backup-config action to back up the configuration to the FortiGate's disk (see Configuration backups for more details), and then a reboot action to reboot the FortiGate. There is a 120-second delay between the two actions.

To configure an automation stitch with system actions in the GUI:
  1. Configure the trigger:
    1. Go to Security Fabric > Automation, select the Trigger tab, and click Create New.

    2. In the System section, click Conserve Mode.

    3. Enter a name (conserver-mode).

    4. Click OK.

  2. Configure the back up action:
    1. Go to Security Fabric > Automation, select the Action tab, and click Create New.

    2. In the General section, click System Action and enter the following:

      Name

      Backup Config Disk

      Description

      Default automation action configuration for backing up the configuration on disk.

      Action

      Backup configuration

    3. Click OK.

  3. Configure the reboot action:
    1. Go to Security Fabric > Automation, select the Action tab, and click Create New.

    2. In the General section, click System Action and enter the following:

      Name

      Reboot FortiGate

      Description

      Default automation action configuration for rebooting this FortiGate unit.

      Action

      Reboot

      Minimum interval

      5 minutes

    3. Click OK.

  4. Configure the stitch:
    1. Go to Security Fabric > Automation, select the Stitch tab, and click Create New.

    2. Enter the name, system-action-stitch.

    3. Click Add Trigger. Select conserver-mode and click Apply.

    4. Click Add Action. Select Backup Config Disk and click Apply.

    5. Click Add Action. Select Reboot FortiGate and click Apply.

    6. Click Add delay (between the actions). Enter 120 and click OK.

    7. Click OK.

To configure an automation stitch with system actions in the CLI:
  1. Configure the trigger:

    config system automation-trigger
        edit "conserver-mode"
            set event-type low-memory
        next
    end
  2. Configure the back up and reboot actions:

    config system automation-action
        edit "Backup Config Disk"
            set description "Default automation action configuration for backing up the configuration on disk."
            set action-type system-actions
            set system-action backup-config
        next
        edit "Reboot FortiGate"
            set description "Default automation action configuration for rebooting this FortiGate unit."
            set action-type system-actions
            set system-action reboot
            set minimum-interval 300
        next
    end
  3. Configure the stitch:

    config system automation-stitch
        edit "system-action-stitch"
            set trigger "conserver-mode"
            config actions
                edit 1
                    set action "Backup Config Disk"
                    set required enable
                next
                edit 2
                    set action "Reboot FortiGate"
                    set delay 120
                    set required enable
                next
            end
        next
    end

Verification

When the FortiGate enters conserve mode due to low memory, the automation stitch will be triggered and it will back up the configuration to the FortiGate disk, then reboot the FortiGate.

To confirm that the stitch was triggered in the GUI:
  1. Go to Security Fabric > Automation and select the Stitch tab.
  2. Verify the Last Triggered column.
To confirm that the stitch was triggered in the CLI:
# diagnose test application autod 3
alert mail log count: 0

stitch: system-action-stitch

    local hit: 1 relayed to: 0 relayed from: 0
    last trigger:Thu Jun 23 11:31:25 2022
    last relay:
    actions:
        Backup Config Disk:
            done: 1 relayed to: 0 relayed from: 0
            last trigger:Thu Jun 23 11:31:25 2022
            last relay:
        Reboot FortiGate:
            done: 0 relayed to: 0 relayed from: 0
            last trigger:Thu Jun 23 11:31:25 2022
            last relay:

logid to stitch mapping:
id:22011  local hit: 1 relayed hits: 0
    system-action-stitch

log category to stitch mapping:
To locate the backed up configuration in the GUI:
  1. Click on the user name in the upper right-hand corner of the screen and select Configuration > Revisions.
  2. Click the + in the table to expand and view more details.
To locate the backed up configuration in the CLI:
# execute revision list config
Last Firmware Version: V0.0.0-build000-REL0
1   2022-04-01 09:27:26    daemon_admin      V7.2.0-build1157-REL0      Automatic backup (upgrade)
2   2022-06-20 13:41:02    daemon_admin      V7.2.1-build1254-REL0      Automatic backup (upgrade)
3   2022-06-23 11:31:25    daemon_admin      V7.2.1-build1254-REL0      Autod backup config by stitch: system-action-stitch

System action

System action

The system action can be used to back up the configuration of the FortiGate, reboot the FortiGate, or shut down the FortiGate.

These actions can occur even if the FortiGate is in conserve mode, and allows the automation stitch to bypass the CLI user confirmation prompts, which the CLI script action does not support.

config system automation-action
    edit <name>
        set action-type system-actions
        set system-action {reboot | shutdown | backup-config}
    next
end

Example

In this example, an automation stitch is created that uses a low-memory event trigger, a backup-config action to back up the configuration to the FortiGate's disk (see Configuration backups for more details), and then a reboot action to reboot the FortiGate. There is a 120-second delay between the two actions.

To configure an automation stitch with system actions in the GUI:
  1. Configure the trigger:
    1. Go to Security Fabric > Automation, select the Trigger tab, and click Create New.

    2. In the System section, click Conserve Mode.

    3. Enter a name (conserver-mode).

    4. Click OK.

  2. Configure the back up action:
    1. Go to Security Fabric > Automation, select the Action tab, and click Create New.

    2. In the General section, click System Action and enter the following:

      Name

      Backup Config Disk

      Description

      Default automation action configuration for backing up the configuration on disk.

      Action

      Backup configuration

    3. Click OK.

  3. Configure the reboot action:
    1. Go to Security Fabric > Automation, select the Action tab, and click Create New.

    2. In the General section, click System Action and enter the following:

      Name

      Reboot FortiGate

      Description

      Default automation action configuration for rebooting this FortiGate unit.

      Action

      Reboot

      Minimum interval

      5 minutes

    3. Click OK.

  4. Configure the stitch:
    1. Go to Security Fabric > Automation, select the Stitch tab, and click Create New.

    2. Enter the name, system-action-stitch.

    3. Click Add Trigger. Select conserver-mode and click Apply.

    4. Click Add Action. Select Backup Config Disk and click Apply.

    5. Click Add Action. Select Reboot FortiGate and click Apply.

    6. Click Add delay (between the actions). Enter 120 and click OK.

    7. Click OK.

To configure an automation stitch with system actions in the CLI:
  1. Configure the trigger:

    config system automation-trigger
        edit "conserver-mode"
            set event-type low-memory
        next
    end
  2. Configure the back up and reboot actions:

    config system automation-action
        edit "Backup Config Disk"
            set description "Default automation action configuration for backing up the configuration on disk."
            set action-type system-actions
            set system-action backup-config
        next
        edit "Reboot FortiGate"
            set description "Default automation action configuration for rebooting this FortiGate unit."
            set action-type system-actions
            set system-action reboot
            set minimum-interval 300
        next
    end
  3. Configure the stitch:

    config system automation-stitch
        edit "system-action-stitch"
            set trigger "conserver-mode"
            config actions
                edit 1
                    set action "Backup Config Disk"
                    set required enable
                next
                edit 2
                    set action "Reboot FortiGate"
                    set delay 120
                    set required enable
                next
            end
        next
    end

Verification

When the FortiGate enters conserve mode due to low memory, the automation stitch will be triggered and it will back up the configuration to the FortiGate disk, then reboot the FortiGate.

To confirm that the stitch was triggered in the GUI:
  1. Go to Security Fabric > Automation and select the Stitch tab.
  2. Verify the Last Triggered column.
To confirm that the stitch was triggered in the CLI:
# diagnose test application autod 3
alert mail log count: 0

stitch: system-action-stitch

    local hit: 1 relayed to: 0 relayed from: 0
    last trigger:Thu Jun 23 11:31:25 2022
    last relay:
    actions:
        Backup Config Disk:
            done: 1 relayed to: 0 relayed from: 0
            last trigger:Thu Jun 23 11:31:25 2022
            last relay:
        Reboot FortiGate:
            done: 0 relayed to: 0 relayed from: 0
            last trigger:Thu Jun 23 11:31:25 2022
            last relay:

logid to stitch mapping:
id:22011  local hit: 1 relayed hits: 0
    system-action-stitch

log category to stitch mapping:
To locate the backed up configuration in the GUI:
  1. Click on the user name in the upper right-hand corner of the screen and select Configuration > Revisions.
  2. Click the + in the table to expand and view more details.
To locate the backed up configuration in the CLI:
# execute revision list config
Last Firmware Version: V0.0.0-build000-REL0
1   2022-04-01 09:27:26    daemon_admin      V7.2.0-build1157-REL0      Automatic backup (upgrade)
2   2022-06-20 13:41:02    daemon_admin      V7.2.1-build1254-REL0      Automatic backup (upgrade)
3   2022-06-23 11:31:25    daemon_admin      V7.2.1-build1254-REL0      Autod backup config by stitch: system-action-stitch