Fortinet black logo

Administration Guide

System actions

System actions

The system actions can be used to back up the configuration of the FortiGate, reboot the FortiGate, or shut down the FortiGate.

These actions can occur even if the FortiGate is in conserve mode, and allows the automation stitch to bypass the CLI user confirmation prompts, which the CLI script action does not support.

config system automation-action
    edit "Backup Config Disk"
        set action-type system-actions
        set system-action backup-config
    next
    edit "Reboot FortiGate"
        set action-type system-actions
        set system-action reboot
    next
    edit "Shutdown FortiGate"
        set action-type system-actions
        set system-action shutdown
    next
end

Example

In this example, an automation stitch is created that uses the Conserve Mode trigger, a Backup Config Disk action to back up the configuration to the FortiGate's disk (see Configuration backups and reset for more details), and then a Reboot FortiGate action. There is a 120-second delay between the two actions.

To configure an automation stitch with system actions in the GUI:
  1. Go to Security Fabric > Automation, select the Stitch tab, and click Create New.

  2. Enter the name, system-action-stitch.

  3. Click Add Trigger. Select Conserve Mode and click Apply.

  4. Click Add Action. Select Backup Config Disk and click Apply.

  5. Click Add Action. Select Reboot FortiGate and click Apply.

  6. Click Add delay (between the actions). Enter 120 and click OK.

  7. Click OK.

To configure an automation stitch with system actions in the CLI:
  1. Configure the trigger:

    config system automation-trigger
        edit "Conserve Mode"
            set event-type low-memory
        next
    end
  2. Configure the back up and reboot actions:

    config system automation-action
        edit "Backup Config Disk"
            set description "Backup the configuration on disk."
            set action-type system-actions
            set system-action backup-config
        next
        edit "Reboot FortiGate"
            set description "Reboot this FortiGate unit."
            set action-type system-actions
            set system-action reboot
            set minimum-interval 300
        next
    end
  3. Configure the stitch:

    config system automation-stitch
        edit "system-action-stitch"
            set trigger "Conserve Mode"
            config actions
                edit 1
                    set action "Backup Config Disk"
                    set required enable
                next
                edit 2
                    set action "Reboot FortiGate"
                    set delay 120
                    set required enable
                next
            end
        next
    end

Verification

When the FortiGate enters conserve mode due to low memory, the automation stitch will be triggered and it will back up the configuration to the FortiGate disk, then reboot the FortiGate.

To confirm that the stitch was triggered in the GUI:
  1. Go to Security Fabric > Automation and select the Stitch tab.
  2. Verify the Last Triggered column.
To confirm that the stitch was triggered in the CLI:
# diagnose test application autod 3
alert mail log count: 0

stitch: system-action-stitch

    local hit: 1 relayed to: 0 relayed from: 0
    last trigger:Thu Jun 23 11:31:25 2022
    last relay:
    actions:
        Backup Config Disk:
            done: 1 relayed to: 0 relayed from: 0
            last trigger:Thu Jun 23 11:31:25 2022
            last relay:
        Reboot FortiGate:
            done: 0 relayed to: 0 relayed from: 0
            last trigger:Thu Jun 23 11:31:25 2022
            last relay:

logid to stitch mapping:
id:22011  local hit: 1 relayed hits: 0
    system-action-stitch

log category to stitch mapping:
To locate the backed up configuration in the GUI:
  1. Click on the user name in the upper right-hand corner of the screen and select Configuration > Revisions.
  2. Click the + in the table to expand and view more details.
To locate the backed up configuration in the CLI:
# execute revision list config
Last Firmware Version: V0.0.0-build000-REL0
1   2022-04-01 09:27:26    daemon_admin      V7.2.0-build1157-REL0      Automatic backup (upgrade)
2   2022-06-20 13:41:02    daemon_admin      V7.2.1-build1254-REL0      Automatic backup (upgrade)
3   2022-06-23 11:31:25    daemon_admin      V7.2.1-build1254-REL0      Autod backup config by stitch: system-action-stitch

System actions

The system actions can be used to back up the configuration of the FortiGate, reboot the FortiGate, or shut down the FortiGate.

These actions can occur even if the FortiGate is in conserve mode, and allows the automation stitch to bypass the CLI user confirmation prompts, which the CLI script action does not support.

config system automation-action
    edit "Backup Config Disk"
        set action-type system-actions
        set system-action backup-config
    next
    edit "Reboot FortiGate"
        set action-type system-actions
        set system-action reboot
    next
    edit "Shutdown FortiGate"
        set action-type system-actions
        set system-action shutdown
    next
end

Example

In this example, an automation stitch is created that uses the Conserve Mode trigger, a Backup Config Disk action to back up the configuration to the FortiGate's disk (see Configuration backups and reset for more details), and then a Reboot FortiGate action. There is a 120-second delay between the two actions.

To configure an automation stitch with system actions in the GUI:
  1. Go to Security Fabric > Automation, select the Stitch tab, and click Create New.

  2. Enter the name, system-action-stitch.

  3. Click Add Trigger. Select Conserve Mode and click Apply.

  4. Click Add Action. Select Backup Config Disk and click Apply.

  5. Click Add Action. Select Reboot FortiGate and click Apply.

  6. Click Add delay (between the actions). Enter 120 and click OK.

  7. Click OK.

To configure an automation stitch with system actions in the CLI:
  1. Configure the trigger:

    config system automation-trigger
        edit "Conserve Mode"
            set event-type low-memory
        next
    end
  2. Configure the back up and reboot actions:

    config system automation-action
        edit "Backup Config Disk"
            set description "Backup the configuration on disk."
            set action-type system-actions
            set system-action backup-config
        next
        edit "Reboot FortiGate"
            set description "Reboot this FortiGate unit."
            set action-type system-actions
            set system-action reboot
            set minimum-interval 300
        next
    end
  3. Configure the stitch:

    config system automation-stitch
        edit "system-action-stitch"
            set trigger "Conserve Mode"
            config actions
                edit 1
                    set action "Backup Config Disk"
                    set required enable
                next
                edit 2
                    set action "Reboot FortiGate"
                    set delay 120
                    set required enable
                next
            end
        next
    end

Verification

When the FortiGate enters conserve mode due to low memory, the automation stitch will be triggered and it will back up the configuration to the FortiGate disk, then reboot the FortiGate.

To confirm that the stitch was triggered in the GUI:
  1. Go to Security Fabric > Automation and select the Stitch tab.
  2. Verify the Last Triggered column.
To confirm that the stitch was triggered in the CLI:
# diagnose test application autod 3
alert mail log count: 0

stitch: system-action-stitch

    local hit: 1 relayed to: 0 relayed from: 0
    last trigger:Thu Jun 23 11:31:25 2022
    last relay:
    actions:
        Backup Config Disk:
            done: 1 relayed to: 0 relayed from: 0
            last trigger:Thu Jun 23 11:31:25 2022
            last relay:
        Reboot FortiGate:
            done: 0 relayed to: 0 relayed from: 0
            last trigger:Thu Jun 23 11:31:25 2022
            last relay:

logid to stitch mapping:
id:22011  local hit: 1 relayed hits: 0
    system-action-stitch

log category to stitch mapping:
To locate the backed up configuration in the GUI:
  1. Click on the user name in the upper right-hand corner of the screen and select Configuration > Revisions.
  2. Click the + in the table to expand and view more details.
To locate the backed up configuration in the CLI:
# execute revision list config
Last Firmware Version: V0.0.0-build000-REL0
1   2022-04-01 09:27:26    daemon_admin      V7.2.0-build1157-REL0      Automatic backup (upgrade)
2   2022-06-20 13:41:02    daemon_admin      V7.2.1-build1254-REL0      Automatic backup (upgrade)
3   2022-06-23 11:31:25    daemon_admin      V7.2.1-build1254-REL0      Autod backup config by stitch: system-action-stitch