Fortinet white logo
Fortinet white logo

CLI Reference

config system automation-action

config system automation-action

Action for automation stitches.

config system automation-action
    Description: Action for automation stitches.
    edit <name>
        set accprofile {string}
        set action-type [email|fortiexplorer-notification|...]
        set alicloud-access-key-id {string}
        set alicloud-access-key-secret {password}
        set alicloud-function-authorization [anonymous|function]
        set aws-api-key {password}
        set azure-api-key {password}
        set azure-function-authorization [anonymous|function|...]
        set description {var-string}
        set email-from {var-string}
        set email-subject {var-string}
        set email-to <name1>, <name2>, ...
        set execute-security-fabric [enable|disable]
        set forticare-email [enable|disable]
        set http-body {var-string}
        config http-headers
            Description: Request headers.
            edit <id>
                set key {var-string}
                set value {var-string}
            next
        end
        set message {string}
        set message-type [text|json]
        set method [post|put|...]
        set minimum-interval {integer}
        set output-size {integer}
        set port {integer}
        set protocol [http|https]
        set replacement-message [enable|disable]
        set replacemsg-group {string}
        set script {var-string}
        set sdn-connector <name1>, <name2>, ...
        set security-tag {string}
        set system-action [reboot|shutdown|...]
        set timeout {integer}
        set tls-certificate {string}
        set uri {var-string}
        set verify-host-cert [enable|disable]
    next
end

config system automation-action

Parameter

Description

Type

Size

Default

accprofile

Access profile for CLI script action to access FortiGate features.

string

Maximum length: 35

action-type

Action type.

option

-

alert

Option

Description

email

Send notification email.

fortiexplorer-notification

Send push notification to FortiExplorer.

alert

Generate FortiOS dashboard alert.

disable-ssid

Disable interface.

system-actions

Perform immediate system operations on this FortiGate unit.

quarantine

Quarantine host.

quarantine-forticlient

Quarantine FortiClient by EMS.

quarantine-nsx

Quarantine NSX instance.

quarantine-fortinac

Quarantine host by FortiNAC.

ban-ip

Ban IP address.

aws-lambda

Send log data to integrated AWS service.

azure-function

Send log data to an Azure function.

google-cloud-function

Send log data to a Google Cloud function.

alicloud-function

Send log data to an AliCloud function.

webhook

Send an HTTP request.

cli-script

Run CLI script.

slack-notification

Send a notification message to a Slack incoming webhook.

microsoft-teams-notification

Send a notification message to a Microsoft Teams incoming webhook.

alicloud-access-key-id

AliCloud AccessKey ID.

string

Maximum length: 35

alicloud-access-key-secret

AliCloud AccessKey secret.

password

Not Specified

alicloud-function-authorization

AliCloud function authorization type.

option

-

anonymous

Option

Description

anonymous

Anonymous authorization (No authorization required).

function

Function authorization (Authorization required).

aws-api-key

AWS API Gateway API key.

password

Not Specified

azure-api-key

Azure function API key.

password

Not Specified

azure-function-authorization

Azure function authorization level.

option

-

anonymous

Option

Description

anonymous

Anonymous authorization level (No authorization required).

function

Function authorization level (Function or Host Key required).

admin

Admin authorization level (Master Host Key required).

description

Description.

var-string

Maximum length: 255

email-from

Email sender name.

var-string

Maximum length: 127

email-subject

Email subject.

var-string

Maximum length: 511

email-to <name>

Email addresses.

Email address.

string

Maximum length: 255

execute-security-fabric

Enable/disable execution of CLI script on all or only one FortiGate unit in the Security Fabric.

option

-

disable

Option

Description

enable

CLI script executes on all FortiGate units in the Security Fabric.

disable

CLI script executes only on the FortiGate unit that the stitch is triggered.

forticare-email

Enable/disable use of your FortiCare email address as the email-to address.

option

-

disable

Option

Description

enable

Enable use of your FortiCare email address as the email-to address.

disable

Disable use of your FortiCare email address as the email-to address.

http-body

Request body (if necessary). Should be serialized json string.

var-string

Maximum length: 4095

message

Message content.

string

Maximum length: 4095

%%log%%

message-type

Message type.

option

-

text

Option

Description

text

Plaintext.

json

Custom JSON.

method

Request method (POST, PUT, GET, PATCH or DELETE).

option

-

post

Option

Description

post

POST.

put

PUT.

get

GET.

patch

PATCH.

delete

DELETE.

minimum-interval

Limit execution to no more than once in this interval (in seconds).

integer

Minimum value: 0 Maximum value: 2592000

0

name

Name.

string

Maximum length: 64

output-size

Number of megabytes to limit script output to.

integer

Minimum value: 1 Maximum value: 1024

10

port

Protocol port.

integer

Minimum value: 1 Maximum value: 65535

0

protocol

Request protocol.

option

-

http

Option

Description

http

HTTP.

https

HTTPS.

replacement-message

Enable/disable replacement message.

option

-

disable

Option

Description

enable

Enable replacement message.

disable

Disable replacement message.

replacemsg-group

Replacement message group.

string

Maximum length: 35

script

CLI script.

var-string

Maximum length: 1023

sdn-connector <name>

NSX SDN connector names.

SDN connector name.

string

Maximum length: 79

security-tag

NSX security tag.

string

Maximum length: 255

system-action

System action type.

option

-

Option

Description

reboot

Reboot this FortiGate unit.

shutdown

Shutdown this FortiGate unit.

backup-config

Backup current configuration to the disk revisions.

timeout

Maximum running time for this script in seconds (0 = no timeout).

integer

Minimum value: 0 Maximum value: 300

0

tls-certificate

Custom TLS certificate for API request.

string

Maximum length: 35

uri

Request API URI.

var-string

Maximum length: 1023

verify-host-cert

Enable/disable verification of the remote host certificate.

option

-

enable

Option

Description

enable

Enable verification of the remote host certificate.

disable

Disable verification of the remote host certificate.

config http-headers

Parameter

Description

Type

Size

Default

id

Entry ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

key

Request header key.

var-string

Maximum length: 1023

value

Request header value.

var-string

Maximum length: 4095

config system automation-action

config system automation-action

Action for automation stitches.

config system automation-action
    Description: Action for automation stitches.
    edit <name>
        set accprofile {string}
        set action-type [email|fortiexplorer-notification|...]
        set alicloud-access-key-id {string}
        set alicloud-access-key-secret {password}
        set alicloud-function-authorization [anonymous|function]
        set aws-api-key {password}
        set azure-api-key {password}
        set azure-function-authorization [anonymous|function|...]
        set description {var-string}
        set email-from {var-string}
        set email-subject {var-string}
        set email-to <name1>, <name2>, ...
        set execute-security-fabric [enable|disable]
        set forticare-email [enable|disable]
        set http-body {var-string}
        config http-headers
            Description: Request headers.
            edit <id>
                set key {var-string}
                set value {var-string}
            next
        end
        set message {string}
        set message-type [text|json]
        set method [post|put|...]
        set minimum-interval {integer}
        set output-size {integer}
        set port {integer}
        set protocol [http|https]
        set replacement-message [enable|disable]
        set replacemsg-group {string}
        set script {var-string}
        set sdn-connector <name1>, <name2>, ...
        set security-tag {string}
        set system-action [reboot|shutdown|...]
        set timeout {integer}
        set tls-certificate {string}
        set uri {var-string}
        set verify-host-cert [enable|disable]
    next
end

config system automation-action

Parameter

Description

Type

Size

Default

accprofile

Access profile for CLI script action to access FortiGate features.

string

Maximum length: 35

action-type

Action type.

option

-

alert

Option

Description

email

Send notification email.

fortiexplorer-notification

Send push notification to FortiExplorer.

alert

Generate FortiOS dashboard alert.

disable-ssid

Disable interface.

system-actions

Perform immediate system operations on this FortiGate unit.

quarantine

Quarantine host.

quarantine-forticlient

Quarantine FortiClient by EMS.

quarantine-nsx

Quarantine NSX instance.

quarantine-fortinac

Quarantine host by FortiNAC.

ban-ip

Ban IP address.

aws-lambda

Send log data to integrated AWS service.

azure-function

Send log data to an Azure function.

google-cloud-function

Send log data to a Google Cloud function.

alicloud-function

Send log data to an AliCloud function.

webhook

Send an HTTP request.

cli-script

Run CLI script.

slack-notification

Send a notification message to a Slack incoming webhook.

microsoft-teams-notification

Send a notification message to a Microsoft Teams incoming webhook.

alicloud-access-key-id

AliCloud AccessKey ID.

string

Maximum length: 35

alicloud-access-key-secret

AliCloud AccessKey secret.

password

Not Specified

alicloud-function-authorization

AliCloud function authorization type.

option

-

anonymous

Option

Description

anonymous

Anonymous authorization (No authorization required).

function

Function authorization (Authorization required).

aws-api-key

AWS API Gateway API key.

password

Not Specified

azure-api-key

Azure function API key.

password

Not Specified

azure-function-authorization

Azure function authorization level.

option

-

anonymous

Option

Description

anonymous

Anonymous authorization level (No authorization required).

function

Function authorization level (Function or Host Key required).

admin

Admin authorization level (Master Host Key required).

description

Description.

var-string

Maximum length: 255

email-from

Email sender name.

var-string

Maximum length: 127

email-subject

Email subject.

var-string

Maximum length: 511

email-to <name>

Email addresses.

Email address.

string

Maximum length: 255

execute-security-fabric

Enable/disable execution of CLI script on all or only one FortiGate unit in the Security Fabric.

option

-

disable

Option

Description

enable

CLI script executes on all FortiGate units in the Security Fabric.

disable

CLI script executes only on the FortiGate unit that the stitch is triggered.

forticare-email

Enable/disable use of your FortiCare email address as the email-to address.

option

-

disable

Option

Description

enable

Enable use of your FortiCare email address as the email-to address.

disable

Disable use of your FortiCare email address as the email-to address.

http-body

Request body (if necessary). Should be serialized json string.

var-string

Maximum length: 4095

message

Message content.

string

Maximum length: 4095

%%log%%

message-type

Message type.

option

-

text

Option

Description

text

Plaintext.

json

Custom JSON.

method

Request method (POST, PUT, GET, PATCH or DELETE).

option

-

post

Option

Description

post

POST.

put

PUT.

get

GET.

patch

PATCH.

delete

DELETE.

minimum-interval

Limit execution to no more than once in this interval (in seconds).

integer

Minimum value: 0 Maximum value: 2592000

0

name

Name.

string

Maximum length: 64

output-size

Number of megabytes to limit script output to.

integer

Minimum value: 1 Maximum value: 1024

10

port

Protocol port.

integer

Minimum value: 1 Maximum value: 65535

0

protocol

Request protocol.

option

-

http

Option

Description

http

HTTP.

https

HTTPS.

replacement-message

Enable/disable replacement message.

option

-

disable

Option

Description

enable

Enable replacement message.

disable

Disable replacement message.

replacemsg-group

Replacement message group.

string

Maximum length: 35

script

CLI script.

var-string

Maximum length: 1023

sdn-connector <name>

NSX SDN connector names.

SDN connector name.

string

Maximum length: 79

security-tag

NSX security tag.

string

Maximum length: 255

system-action

System action type.

option

-

Option

Description

reboot

Reboot this FortiGate unit.

shutdown

Shutdown this FortiGate unit.

backup-config

Backup current configuration to the disk revisions.

timeout

Maximum running time for this script in seconds (0 = no timeout).

integer

Minimum value: 0 Maximum value: 300

0

tls-certificate

Custom TLS certificate for API request.

string

Maximum length: 35

uri

Request API URI.

var-string

Maximum length: 1023

verify-host-cert

Enable/disable verification of the remote host certificate.

option

-

enable

Option

Description

enable

Enable verification of the remote host certificate.

disable

Disable verification of the remote host certificate.

config http-headers

Parameter

Description

Type

Size

Default

id

Entry ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

key

Request header key.

var-string

Maximum length: 1023

value

Request header value.

var-string

Maximum length: 4095