Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiWeb 7.6.5 Administration Guide
    7.6.5
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    5.7.0
    5.6.1
    5.6.0
    5.6.0

    Use case: Real-time incident alerts

    Use case: Real-time incident alerts

    Scenario

    An application experiences a sudden spike in traffic during a promotional sale, causing high CPU usage of FortiWeb.

    How FortiWeb responses to this issue
    1. Trigger Detection: FortiWeb detects that its CPU usage exceeds 85%.
    2. Diagnose: FortiWeb runs diagnose commands automatically to print detailed performance information.
    3. Notification: FortiWeb sends an alert to the designated Microsoft Teams channels, notifying the IT team of the high CPU usage and the debug information.

    This automation stitch ensures that the IT team is immediately aware of performance issues and can quickly address them, minimizing downtime and maintaining a smooth user experience for customers.

    Configurations on FortiWeb

    Before performing the following steps, make sure you have already got the URL of the Teams channel you want to send notifications to. For how to get the URL, see Microsoft Teams Notification action.

    Perform the following steps on FortiWeb:

    1. Switch the Administrative Domain to Global.
    2. Go to Log&Report > Log Config > Other Log Settings.
    3. Set CPU Utilization to 85%. It will act as the threshold for the CPU Usage trigger.
    4. Click Apply.
    5. Go to Security Fabric > Automation.
    6. Select the Action Tab.
    7. Click Create New to create a CLI Script action.
    8. Select CLI Script.
    9. Enter a name and description.
    10. Enter the following command:

      diagnose policy total-conn-psec list

      diagnose policy total-session list

      diagnose hardware cpu list

      diagnose system top delay 10

    11. Click OK.
    12. Click Create New to create a notification action.
    13. Select Microsoft Teams Notification. Configure the settings:
      Name

      Enter a name.

      Description

      Enter a description.

      URLPaste the webhook URL you got from Teams.
    14. Please leave the "https://" out when you paste the URL because the system will automatically append "https://" to the URL you enter.
      15. Message TypeText
      Message

      The CPU usage of FortiWeb XXXXXX is higher than 85%.

      Refer to the following log:

      %%log%%

      The following is the printout of the diagnose commands:

      %%results%%

    15. Click OK.
    16. Select the Stitch tab.
    17. Enter a name and brief description for this stitch. Enable the status.
    18. Click Add Trigger, select High_CPU, then click Apply.
    19. Click Add Action, select the CLI Script action you just created, then click Apply.
    20. Click Add Action, select the Microsoft Teams Notification action you just created, then click Apply.
    21. Click OK.

    When this automation stitch is triggered, you will receive the following message in Microsoft Teams (below is only a snippet of the full message):

    Previous
    Next

    Related Videos

    sidebar video

    FortiWeb: Automation Stitches Real-Time Incident Alerts

    • 179 views
    • 1 years ago

    Use case: Real-time incident alerts

    Use case: Real-time incident alerts

    Scenario

    An application experiences a sudden spike in traffic during a promotional sale, causing high CPU usage of FortiWeb.

    How FortiWeb responses to this issue
    1. Trigger Detection: FortiWeb detects that its CPU usage exceeds 85%.
    2. Diagnose: FortiWeb runs diagnose commands automatically to print detailed performance information.
    3. Notification: FortiWeb sends an alert to the designated Microsoft Teams channels, notifying the IT team of the high CPU usage and the debug information.

    This automation stitch ensures that the IT team is immediately aware of performance issues and can quickly address them, minimizing downtime and maintaining a smooth user experience for customers.

    Configurations on FortiWeb

    Before performing the following steps, make sure you have already got the URL of the Teams channel you want to send notifications to. For how to get the URL, see Microsoft Teams Notification action.

    Perform the following steps on FortiWeb:

    1. Switch the Administrative Domain to Global.
    2. Go to Log&Report > Log Config > Other Log Settings.
    3. Set CPU Utilization to 85%. It will act as the threshold for the CPU Usage trigger.
    4. Click Apply.
    5. Go to Security Fabric > Automation.
    6. Select the Action Tab.
    7. Click Create New to create a CLI Script action.
    8. Select CLI Script.
    9. Enter a name and description.
    10. Enter the following command:

      diagnose policy total-conn-psec list

      diagnose policy total-session list

      diagnose hardware cpu list

      diagnose system top delay 10

    11. Click OK.
    12. Click Create New to create a notification action.
    13. Select Microsoft Teams Notification. Configure the settings:
      Name

      Enter a name.

      Description

      Enter a description.

      URLPaste the webhook URL you got from Teams.
    14. Please leave the "https://" out when you paste the URL because the system will automatically append "https://" to the URL you enter.
      15. Message TypeText
      Message

      The CPU usage of FortiWeb XXXXXX is higher than 85%.

      Refer to the following log:

      %%log%%

      The following is the printout of the diagnose commands:

      %%results%%

    15. Click OK.
    16. Select the Stitch tab.
    17. Enter a name and brief description for this stitch. Enable the status.
    18. Click Add Trigger, select High_CPU, then click Apply.
    19. Click Add Action, select the CLI Script action you just created, then click Apply.
    20. Click Add Action, select the Microsoft Teams Notification action you just created, then click Apply.
    21. Click OK.

    When this automation stitch is triggered, you will receive the following message in Microsoft Teams (below is only a snippet of the full message):

    Previous
    Next