Fortinet black logo

Handbook

Home FortiADC 7.2.0 Handbook

Configuring Automation Actions

7.2.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.0.1
6.0.0
5.4.3
5.4.2
5.4.1
5.4.0
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.1
5.3.0
5.2.7
Copy Link
Copy Doc ID cf7fad5a-adcd-11ed-8e6d-fa163e15d75b:639787
Download PDF

Configuring Automation Actions

On the Security Fabric > Automation > Action tab, you can view the list of available automation response actions that have been user-defined. After defining your automation actions, you can combine them with a trigger to create an automation stitch. For details, see Creating automation stitches

FortiADC supports six response action types:

  • CLI Script — Runs a CLI script in response to the trigger. This action is not supported for the Period Block IP trigger.
  • Syslog — Generates a syslog in response to the trigger.
  • Email — Sends a custom email notification in response to the trigger.
  • SNMP Trap — Sends an SNMP trap to the specified server in response to the trigger. This action is not supported for the Schedule trigger.
  • Webhook — Sends data to another application using a REST callback in response to the trigger.
  • FortiGate IP Ban — Blocks all traffic from the source IP addresses flagged by the FortiGate in response to the trigger. This action can only be used with the Period Block IP trigger.

CLI Script

Use this action to run a CLI script in response to a trigger event, such as to make appropriate configuration changes. The scripts can be manually entered or uploaded as a file.

To configure a CLI Script response action:
  1. Go to Security Fabric > Automation.
  2. Click the Action tab.
  3. Click Create New and select CLI Script to display the configuration editor.
  4. Configure the following settings:

    Setting

    Description

    NameEnter a name for the new CLI Script action. The configuration name cannot be edited once it has been saved.
    Script

    Manually enter or upload the script.

    • To manually enter the script, type it into the Script field.
    • To upload a script file, click Choose File and locate the file on your management computer.

    Maximum 256 characters.

  5. Click Save.

Syslog

Use this action to generate a syslog message in response to a trigger event.

To configure a Syslog response action:
  1. Go to Security Fabric > Automation.
  2. Click the Action tab.
  3. Click Create New and select Syslog to display the configuration editor.
  4. Configure the following settings:

    Setting

    Description

    NameEnter a name for the new Email action. The configuration name cannot be edited once it has been saved.
    AddressSpecify the IP address that will receive this message.
    PortSpecify the port that will receive this message. Range: 1-65535
  5. Click Save.

Email

Use this action to send a custom email notification in response to a trigger event.

To configure an Email response action:
  1. Go to Security Fabric > Automation.
  2. Click the Action tab.
  3. Click Create New and select Email to display the configuration editor.
  4. Configure the following settings:

    Setting

    Description

    NameEnter a name for the new Email action. The configuration name cannot be edited once it has been saved.
    FromSpecify the sender email address of this notification.

    To

    Specify the recipient email address of this notification.

    Email Subject

    Specify the email subject string.

    Email Body

    Write the email message in the Email Body. Maximum 256 characters.

  5. Click Save.

SNMP Trap

Use this action to send SNMP traps to the specified server in response to a trigger event.

To configure an SNMP Trap response action:
  1. Go to Security Fabric > Automation.
  2. Click the Action tab.
  3. Click Create New and select SNMP Trap to display the configuration editor.
  4. Configure the following settings:

    Setting

    Description

    NameEnter a name for the new SNMP Trap action. The configuration name cannot be edited once it has been saved.
    HostsSpecify the IP address that will receive this message.
    Version

    Select the SNMP version to use

    • v1

    • v2c

    • v3

    Local PortSpecify the source port number. Default: 162 Range: 0-65535
    Remote PortSpecify the destination port number. Default: 162 Range: 0-65535

    Security Level

    The Security Level option is available if v3 is selected for Version.

    The SNMP security level to use:

    • Auth But no Privacy

    • Auth And Privacy

    • No Privacy

    Auth Algorithm

    The Auth Algorithm option is available if Auth But no Privacy or Auth And Privacy is selected for Security Level.

    The authentication algorithm to use:

    • SHA1

    • MD5

    Auth Password

    The Auth Password option is available if Auth But no Privacy or Auth And Privacy is selected for Security Level.

    The password to the authentication algorithm.

    Private Algorithm

    The Private Algorithm option is available if Auth And Privacy is selected for Security Level.

    The private algorithm to use:

    • AES

    • DES

    Private Password

    The Private Password option is available if Auth And Privacy is selected for Security Level.

    The password to the private algorithm.

    User

    Specify the User.

  5. Click Save.

Webhook

Use this action to send data to another application using a REST callback in response to a trigger event.

To configure a Webhook response action:
  1. Go to Security Fabric > Automation.
  2. Click the Action tab.
  3. Click Create New and select Webhook to display the configuration editor.
  4. Configure the following settings:

    Setting

    Description

    NameEnter a name for the new Webhook action. The configuration name cannot be edited once it has been saved.
    Protocol

    Select the request protocol to use:

    • HTTP

    • HTTP

    Method

    Specify the request method:

    • POST

    • PUT

    • GET

    • PATCH

    • DELETE

    URLSpecify the request URL. For example, 10.106.155.130:90/test
    HTTP Body

    Specify the request body. For example, 'msg': 'abc', 'user': 'jack'

    HTTP HeaderSpecify the HTTP request header name and value. For example, customerheader1:value1 customerheader2:value2
  5. Click Save.

FortiGate IP Ban

Use this action to block all traffic from the source addresses flagged by the FortiGate in response to the Period Block IP trigger. See FortiGate IP Ban action for details.

To configure a FortiGate IP Ban response action:
  1. Go to Security Fabric > Automation.
  2. Click the Action tab.
  3. Click Create New and select FortiGate IP Ban to display the configuration editor.
  4. Configure the following settings:

    Setting

    Description

    NameEnter a name for the new FortiGate IP Ban action. The configuration name cannot be edited once it has been saved.
    TypeToken
    FortiGate Token

    Specify the FortiGate Token.

    To get the token, log in to FortiGate, go to System> Administrator, create a new REST API Administrator, then generate API key.

    FortiGate URLSpecify the IP address of the FortiGate URL. For example, https://10.106.155.107
  5. Click Save.
Previous
Next

Configuring Automation Actions

On the Security Fabric > Automation > Action tab, you can view the list of available automation response actions that have been user-defined. After defining your automation actions, you can combine them with a trigger to create an automation stitch. For details, see Creating automation stitches

FortiADC supports six response action types:

  • CLI Script — Runs a CLI script in response to the trigger. This action is not supported for the Period Block IP trigger.
  • Syslog — Generates a syslog in response to the trigger.
  • Email — Sends a custom email notification in response to the trigger.
  • SNMP Trap — Sends an SNMP trap to the specified server in response to the trigger. This action is not supported for the Schedule trigger.
  • Webhook — Sends data to another application using a REST callback in response to the trigger.
  • FortiGate IP Ban — Blocks all traffic from the source IP addresses flagged by the FortiGate in response to the trigger. This action can only be used with the Period Block IP trigger.

CLI Script

Use this action to run a CLI script in response to a trigger event, such as to make appropriate configuration changes. The scripts can be manually entered or uploaded as a file.

To configure a CLI Script response action:
  1. Go to Security Fabric > Automation.
  2. Click the Action tab.
  3. Click Create New and select CLI Script to display the configuration editor.
  4. Configure the following settings:

    Setting

    Description

    NameEnter a name for the new CLI Script action. The configuration name cannot be edited once it has been saved.
    Script

    Manually enter or upload the script.

    • To manually enter the script, type it into the Script field.
    • To upload a script file, click Choose File and locate the file on your management computer.

    Maximum 256 characters.

  5. Click Save.

Syslog

Use this action to generate a syslog message in response to a trigger event.

To configure a Syslog response action:
  1. Go to Security Fabric > Automation.
  2. Click the Action tab.
  3. Click Create New and select Syslog to display the configuration editor.
  4. Configure the following settings:

    Setting

    Description

    NameEnter a name for the new Email action. The configuration name cannot be edited once it has been saved.
    AddressSpecify the IP address that will receive this message.
    PortSpecify the port that will receive this message. Range: 1-65535
  5. Click Save.

Email

Use this action to send a custom email notification in response to a trigger event.

To configure an Email response action:
  1. Go to Security Fabric > Automation.
  2. Click the Action tab.
  3. Click Create New and select Email to display the configuration editor.
  4. Configure the following settings:

    Setting

    Description

    NameEnter a name for the new Email action. The configuration name cannot be edited once it has been saved.
    FromSpecify the sender email address of this notification.

    To

    Specify the recipient email address of this notification.

    Email Subject

    Specify the email subject string.

    Email Body

    Write the email message in the Email Body. Maximum 256 characters.

  5. Click Save.

SNMP Trap

Use this action to send SNMP traps to the specified server in response to a trigger event.

To configure an SNMP Trap response action:
  1. Go to Security Fabric > Automation.
  2. Click the Action tab.
  3. Click Create New and select SNMP Trap to display the configuration editor.
  4. Configure the following settings:

    Setting

    Description

    NameEnter a name for the new SNMP Trap action. The configuration name cannot be edited once it has been saved.
    HostsSpecify the IP address that will receive this message.
    Version

    Select the SNMP version to use

    • v1

    • v2c

    • v3

    Local PortSpecify the source port number. Default: 162 Range: 0-65535
    Remote PortSpecify the destination port number. Default: 162 Range: 0-65535

    Security Level

    The Security Level option is available if v3 is selected for Version.

    The SNMP security level to use:

    • Auth But no Privacy

    • Auth And Privacy

    • No Privacy

    Auth Algorithm

    The Auth Algorithm option is available if Auth But no Privacy or Auth And Privacy is selected for Security Level.

    The authentication algorithm to use:

    • SHA1

    • MD5

    Auth Password

    The Auth Password option is available if Auth But no Privacy or Auth And Privacy is selected for Security Level.

    The password to the authentication algorithm.

    Private Algorithm

    The Private Algorithm option is available if Auth And Privacy is selected for Security Level.

    The private algorithm to use:

    • AES

    • DES

    Private Password

    The Private Password option is available if Auth And Privacy is selected for Security Level.

    The password to the private algorithm.

    User

    Specify the User.

  5. Click Save.

Webhook

Use this action to send data to another application using a REST callback in response to a trigger event.

To configure a Webhook response action:
  1. Go to Security Fabric > Automation.
  2. Click the Action tab.
  3. Click Create New and select Webhook to display the configuration editor.
  4. Configure the following settings:

    Setting

    Description

    NameEnter a name for the new Webhook action. The configuration name cannot be edited once it has been saved.
    Protocol

    Select the request protocol to use:

    • HTTP

    • HTTP

    Method

    Specify the request method:

    • POST

    • PUT

    • GET

    • PATCH

    • DELETE

    URLSpecify the request URL. For example, 10.106.155.130:90/test
    HTTP Body

    Specify the request body. For example, 'msg': 'abc', 'user': 'jack'

    HTTP HeaderSpecify the HTTP request header name and value. For example, customerheader1:value1 customerheader2:value2
  5. Click Save.

FortiGate IP Ban

Use this action to block all traffic from the source addresses flagged by the FortiGate in response to the Period Block IP trigger. See FortiGate IP Ban action for details.

To configure a FortiGate IP Ban response action:
  1. Go to Security Fabric > Automation.
  2. Click the Action tab.
  3. Click Create New and select FortiGate IP Ban to display the configuration editor.
  4. Configure the following settings:

    Setting

    Description

    NameEnter a name for the new FortiGate IP Ban action. The configuration name cannot be edited once it has been saved.
    TypeToken
    FortiGate Token

    Specify the FortiGate Token.

    To get the token, log in to FortiGate, go to System> Administrator, create a new REST API Administrator, then generate API key.

    FortiGate URLSpecify the IP address of the FortiGate URL. For example, https://10.106.155.107
  5. Click Save.
Previous
Next