Exploring Network Automation and Event Notification Configuration for Fortigate Devices

In the realm of network management and security, automation plays a pivotal role in streamlining operations and ensuring timely responses to critical events. This blog post delves into a comprehensive network automation and event notification configuration, shedding light on how it can enhance the efficiency and reliability of network management processes.

Enabling Web Filter Logs

Our journey begins with the activation of web filter logs. This crucial step allows us to monitor and log web traffic, providing valuable insights into online activities within the network.

```conf

# Enable webfilter logs

config alertemail setting

    set webfilter-logs enable

end

```

Default Email Action

Next, we establish a default email action, a cornerstone of event notification. This configuration ensures that when network events occur, an email containing essential event information is promptly dispatched to the designated recipient(s).

```conf

config system automation-action

    edit "Default Email"

        set description "Default automation action configuration for sending an email with basic information on the log event."

        set action-type email

        set email-to "notifications@example.org"

        set email-subject "%%devname%% %%log.logdesc%%"

    next

end

```

Event-Driven Email Notifications

Our configuration extends to various network events, each triggering a specific email notification tailored to the event's nature.

Network Down (WAN/WWAN)

When the network connection experiences downtime, our system promptly sends an email notification, ensuring swift awareness of the issue.

```conf

# Network Down WAN Email

config system automation-action

    edit "Network Down WAN Email"

        set description "Network Down automation action configuration for sending an email with basic information on the log event."

        set action-type email

        set email-to "notifications@example.org"

        set email-subject "%%devname%% WAN Network DOWN"

    next

end

# Network Down WWAN Email

config system automation-action

    edit "Network Down WWAN Email"

        set description "Network Down automation action configuration for sending an email with basic information on the log event."

        set action-type email

        set email-to "notifications@example.org"

        set email-subject "%%devname%% WWAN Network DOWN"

    next

end

```

Network Up (WAN/WWAN)

Similarly, when the network connection is restored, email notifications are dispatched to ensure timely updates.

```conf

# Network Up WAN Email

config system automation-action

    edit "Network Up WAN Email"

        set description "Network Up automation action configuration for sending an email with basic information on the log event."

        set action-type email

        set email-to "notifications@example.org"

        set email-subject "%%devname%% WAN Network UP"

    next

end

# Network Up WWAN Email

config system automation-action

    edit "Network Up WWAN Email"

        set description "Network Up automation action configuration for sending an email with basic information on the log event."

        set action-type email

        set email-to "notifications@example.org"

        set email-subject "%%devname%% WWAN Network UP"

    next

end

```

Security Rating Notifications

Our configuration extends beyond network connectivity events. It also encompasses security-related notifications, such as Security Rating reports. When a new report is available, an email notification is sent.

```conf

# Security Rating Notification

config system automation-trigger

    edit "Security Rating Notification"

        set description "Default automation trigger configuration for when a new Security Rating report is available."

        set event-type security-rating-summary

        set report-type any

    next

end

```

Reboot and License Expiry Notifications

Reboots and impending license expirations are critical events that warrant immediate attention. Our configuration ensures that email notifications are dispatched when such events occur.

```conf

# Reboot Notification

config system automation-trigger

    edit "Reboot"

        set description "Default automation trigger configuration for when a FortiGate is rebooted."

        set event-type reboot

   next

end

# License Expired Notification

config system automation-trigger

    edit "License Expired Notification"

        set description "Default automation trigger configuration for when a license is near expiration."

        set event-type license-near-expiry

        set license-type any

    next

end

```

High Availability (HA) Failovers

High Availability (HA) configurations are vital for network reliability. In the event of an HA failover, our system promptly sends email notifications to keep stakeholders informed.

```conf

# HA Failover

config system automation-trigger

    edit "HA Failover"

        set description "Default automation trigger configuration for when an HA failover occurs."

        set event-type ha-failover

    next

end

```

Web Filter URL Blocks

Lastly, our configuration addresses web filtering. When a URL is blocked by the Web Filter security profile, an email notification is sent to notify relevant parties.

```conf

# Web Filter URL Blocked

config system automation-trigger

    edit "Web Filter URL Blocked"

        set description "Default automation trigger configuration for when a URL is block by the Web Filter security profile."

        set event-type event-log

        set logid 0316013056

    next

end

```

In conclusion, this comprehensive network automation and event notification configuration empowers network administrators with real-time insights and rapid response capabilities. By proactively addressing network events and security concerns, organizations can maintain optimal network performance and security posture.