Fortinet white logo
Fortinet white logo

CLI Reference

config system automation-action

config system automation-action

Action for automation stitches.

config system automation-action
    Description: Action for automation stitches.
    edit <name>
        set description {var-string}
        set action-type [email|fortiexplorer-notification|...]
        set system-action [reboot|shutdown|...]
        set tls-certificate {string}
        set email-to <name1>, <name2>, ...
        set email-from {var-string}
        set email-subject {var-string}
        set minimum-interval {integer}
        set aws-api-key {password}
        set azure-function-authorization [anonymous|function|...]
        set azure-api-key {password}
        set alicloud-function-authorization [anonymous|function]
        set alicloud-access-key-id {string}
        set alicloud-access-key-secret {password}
        set message-type [text|json]
        set message {string}
        set replacement-message [enable|disable]
        set replacemsg-group {string}
        set protocol [http|https]
        set method [post|put|...]
        set uri {var-string}
        set http-body {var-string}
        set port {integer}
        config http-headers
            Description: Request headers.
            edit <id>
                set key {var-string}
                set value {var-string}
            next
        end
        set verify-host-cert [enable|disable]
        set script {var-string}
        set output-size {integer}
        set timeout {integer}
        set password {password}
        set execute-security-fabric [enable|disable]
        set accprofile {string}
        set security-tag {string}
        set sdn-connector <name1>, <name2>, ...
    next
end

config system automation-action

Parameter

Description

Type

Size

Default

name

Name.

string

Maximum length: 64

description

Description.

var-string

Maximum length: 255

action-type

Action type.

option

-

alert

Option

Description

email

Send notification email.

fortiexplorer-notification

Send push notification to FortiExplorer.

alert

Generate FortiProxy dashboard alert.

disable-ssid

Disable interface.

system-actions

Perform immediate system operations on this FortiGate unit.

quarantine

Quarantine host.

quarantine-forticlient

Quarantine FortiClient by EMS.

quarantine-nsx

Quarantine NSX instance.

quarantine-fortinac

Quarantine host by FortiNAC.

ban-ip

Ban IP address.

aws-lambda

Send log data to integrated AWS service.

azure-function

Send log data to an Azure function.

google-cloud-function

Send log data to a Google Cloud function.

alicloud-function

Send log data to an AliCloud function.

webhook

Send an HTTP request.

cli-script

Run CLI script.

slack-notification

Send a notification message to a Slack incoming webhook.

microsoft-teams-notification

Send a notification message to a Microsoft Teams incoming webhook.

system-action

System action type.

option

-

Option

Description

reboot

Reboot this FortiGate unit.

shutdown

Shutdown this FortiGate unit.

backup-config

Backup current configuration to the disk revisions.

tls-certificate

Custom TLS certificate for API request.

string

Maximum length: 35

email-to <name>

Email addresses.

Email address.

string

Maximum length: 255

email-from

Email sender name.

var-string

Maximum length: 127

email-subject

Email subject.

var-string

Maximum length: 511

minimum-interval

Limit execution to no more than once in this interval (in seconds).

integer

Minimum value: 0 Maximum value: 2592000

0

aws-api-key

AWS API Gateway API key.

password

Not Specified

azure-function-authorization

Azure function authorization level.

option

-

anonymous

Option

Description

anonymous

Anonymous authorization level (No authorization required).

function

Function authorization level (Function or Host Key required).

admin

Admin authorization level (Master Host Key required).

azure-api-key

Azure function API key.

password

Not Specified

alicloud-function-authorization

AliCloud function authorization type.

option

-

anonymous

Option

Description

anonymous

Anonymous authorization (No authorization required).

function

Function authorization (Authorization required).

alicloud-access-key-id

AliCloud AccessKey ID.

string

Maximum length: 35

alicloud-access-key-secret

AliCloud AccessKey secret.

password

Not Specified

message-type

Message type.

option

-

text

Option

Description

text

Plaintext.

json

Custom JSON.

message

Message content.

string

Maximum length: 4095

%%log%%

replacement-message

Enable/disable replacement message.

option

-

disable

Option

Description

enable

Enable replacement message.

disable

Disable replacement message.

replacemsg-group

Replacement message group.

string

Maximum length: 35

protocol

Request protocol.

option

-

http

Option

Description

http

HTTP.

https

HTTPS.

method

Request method (POST, PUT, GET, PATCH or DELETE).

option

-

post

Option

Description

post

POST.

put

PUT.

get

GET.

patch

PATCH.

delete

DELETE.

uri

Request API URI.

var-string

Maximum length: 1023

http-body

Request body (if necessary). Should be serialized json string.

var-string

Maximum length: 4095

port

Protocol port.

integer

Minimum value: 1 Maximum value: 65535

0

verify-host-cert

Enable/disable verification of the remote host certificate.

option

-

enable

Option

Description

enable

Enable verification of the remote host certificate.

disable

Disable verification of the remote host certificate.

script

CLI script.

var-string

Maximum length: 1023

output-size

Number of megabytes to limit script output to.

integer

Minimum value: 1 Maximum value: 1024

10

timeout

Maximum running time for this script in seconds (0 = no timeout).

integer

Minimum value: 0 Maximum value: 300

0

password

Script password to replace %%PASSWD%% tag in the script. Use cases include replacing a password tag for sftp/ftp server password.

password

Not Specified

execute-security-fabric

Enable/disable execution of CLI script on all or only one FortiGate unit in the Security Fabric.

option

-

disable

Option

Description

enable

CLI script executes on all FortiGate units in the Security Fabric.

disable

CLI script executes only on the FortiGate unit that the stitch is triggered.

accprofile

Access profile for CLI script action to access FortiProxy features.

string

Maximum length: 35

security-tag

NSX security tag.

string

Maximum length: 255

sdn-connector <name>

NSX SDN connector names.

SDN connector name.

string

Maximum length: 79

config http-headers

Parameter

Description

Type

Size

Default

id

Entry ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

key

Request header key.

var-string

Maximum length: 1023

value

Request header value.

var-string

Maximum length: 4095

config system automation-action

config system automation-action

Action for automation stitches.

config system automation-action
    Description: Action for automation stitches.
    edit <name>
        set description {var-string}
        set action-type [email|fortiexplorer-notification|...]
        set system-action [reboot|shutdown|...]
        set tls-certificate {string}
        set email-to <name1>, <name2>, ...
        set email-from {var-string}
        set email-subject {var-string}
        set minimum-interval {integer}
        set aws-api-key {password}
        set azure-function-authorization [anonymous|function|...]
        set azure-api-key {password}
        set alicloud-function-authorization [anonymous|function]
        set alicloud-access-key-id {string}
        set alicloud-access-key-secret {password}
        set message-type [text|json]
        set message {string}
        set replacement-message [enable|disable]
        set replacemsg-group {string}
        set protocol [http|https]
        set method [post|put|...]
        set uri {var-string}
        set http-body {var-string}
        set port {integer}
        config http-headers
            Description: Request headers.
            edit <id>
                set key {var-string}
                set value {var-string}
            next
        end
        set verify-host-cert [enable|disable]
        set script {var-string}
        set output-size {integer}
        set timeout {integer}
        set password {password}
        set execute-security-fabric [enable|disable]
        set accprofile {string}
        set security-tag {string}
        set sdn-connector <name1>, <name2>, ...
    next
end

config system automation-action

Parameter

Description

Type

Size

Default

name

Name.

string

Maximum length: 64

description

Description.

var-string

Maximum length: 255

action-type

Action type.

option

-

alert

Option

Description

email

Send notification email.

fortiexplorer-notification

Send push notification to FortiExplorer.

alert

Generate FortiProxy dashboard alert.

disable-ssid

Disable interface.

system-actions

Perform immediate system operations on this FortiGate unit.

quarantine

Quarantine host.

quarantine-forticlient

Quarantine FortiClient by EMS.

quarantine-nsx

Quarantine NSX instance.

quarantine-fortinac

Quarantine host by FortiNAC.

ban-ip

Ban IP address.

aws-lambda

Send log data to integrated AWS service.

azure-function

Send log data to an Azure function.

google-cloud-function

Send log data to a Google Cloud function.

alicloud-function

Send log data to an AliCloud function.

webhook

Send an HTTP request.

cli-script

Run CLI script.

slack-notification

Send a notification message to a Slack incoming webhook.

microsoft-teams-notification

Send a notification message to a Microsoft Teams incoming webhook.

system-action

System action type.

option

-

Option

Description

reboot

Reboot this FortiGate unit.

shutdown

Shutdown this FortiGate unit.

backup-config

Backup current configuration to the disk revisions.

tls-certificate

Custom TLS certificate for API request.

string

Maximum length: 35

email-to <name>

Email addresses.

Email address.

string

Maximum length: 255

email-from

Email sender name.

var-string

Maximum length: 127

email-subject

Email subject.

var-string

Maximum length: 511

minimum-interval

Limit execution to no more than once in this interval (in seconds).

integer

Minimum value: 0 Maximum value: 2592000

0

aws-api-key

AWS API Gateway API key.

password

Not Specified

azure-function-authorization

Azure function authorization level.

option

-

anonymous

Option

Description

anonymous

Anonymous authorization level (No authorization required).

function

Function authorization level (Function or Host Key required).

admin

Admin authorization level (Master Host Key required).

azure-api-key

Azure function API key.

password

Not Specified

alicloud-function-authorization

AliCloud function authorization type.

option

-

anonymous

Option

Description

anonymous

Anonymous authorization (No authorization required).

function

Function authorization (Authorization required).

alicloud-access-key-id

AliCloud AccessKey ID.

string

Maximum length: 35

alicloud-access-key-secret

AliCloud AccessKey secret.

password

Not Specified

message-type

Message type.

option

-

text

Option

Description

text

Plaintext.

json

Custom JSON.

message

Message content.

string

Maximum length: 4095

%%log%%

replacement-message

Enable/disable replacement message.

option

-

disable

Option

Description

enable

Enable replacement message.

disable

Disable replacement message.

replacemsg-group

Replacement message group.

string

Maximum length: 35

protocol

Request protocol.

option

-

http

Option

Description

http

HTTP.

https

HTTPS.

method

Request method (POST, PUT, GET, PATCH or DELETE).

option

-

post

Option

Description

post

POST.

put

PUT.

get

GET.

patch

PATCH.

delete

DELETE.

uri

Request API URI.

var-string

Maximum length: 1023

http-body

Request body (if necessary). Should be serialized json string.

var-string

Maximum length: 4095

port

Protocol port.

integer

Minimum value: 1 Maximum value: 65535

0

verify-host-cert

Enable/disable verification of the remote host certificate.

option

-

enable

Option

Description

enable

Enable verification of the remote host certificate.

disable

Disable verification of the remote host certificate.

script

CLI script.

var-string

Maximum length: 1023

output-size

Number of megabytes to limit script output to.

integer

Minimum value: 1 Maximum value: 1024

10

timeout

Maximum running time for this script in seconds (0 = no timeout).

integer

Minimum value: 0 Maximum value: 300

0

password

Script password to replace %%PASSWD%% tag in the script. Use cases include replacing a password tag for sftp/ftp server password.

password

Not Specified

execute-security-fabric

Enable/disable execution of CLI script on all or only one FortiGate unit in the Security Fabric.

option

-

disable

Option

Description

enable

CLI script executes on all FortiGate units in the Security Fabric.

disable

CLI script executes only on the FortiGate unit that the stitch is triggered.

accprofile

Access profile for CLI script action to access FortiProxy features.

string

Maximum length: 35

security-tag

NSX security tag.

string

Maximum length: 255

sdn-connector <name>

NSX SDN connector names.

SDN connector name.

string

Maximum length: 79

config http-headers

Parameter

Description

Type

Size

Default

id

Entry ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

key

Request header key.

var-string

Maximum length: 1023

value

Request header value.

var-string

Maximum length: 4095