Have a Question?
< All Topics
Print

Email Alert with Office 365 in FortiOS 6.4

Posted
Updated
ByYongKW

Tutorial on how to configure Email Alert with Office 365 in FortiOS 6.4 as Email Alert feature is removed from the GUI and replaced with Email Automation Stitches in FortiGate with Firmware Version 6.4

Email Service for Office 365

Configure Email Services for Office 365 in System > Settings

  • SMTP Server = smtp.office365.com
  • Port = 587
  • Authentication = ON
  • Username = [email protected]
  • Password = XXXXXXXX
  • Security Mode = STARTTLS

Email Alert with Office 365 in FortiOS

Configuration with CLI

config system email-server
    set reply-to "[email protected]"
    set server "smtp.office365.com"
    set port 587
    set authenticate enable
    set username "[email protected]"
    set password ENC VOBDlkAs8wI2ZOwZEN4a4k2xo5FFMKwyWLrSPnm9zar9maw/V3ggBw5xtqLigmIrZ9FYbLCxtGKMsWvO0Hp6IVLhnb/RO5/MZPj3Q0kUntjhRdO+GNlOb03WL+5P/GXY+QJLTeH2DmEIXrqjOfaf5tWOHzum4rph+785gR8YLJD+mcHOTniHENzTmE9f1Kqd+7DF/Q==
    set security starttls
end

Enable SMTP AUTH in Exchange Online

The SMTP AUTH which is disabled by default for all users protocol is used for client SMTP email submission (typically on TCP port 587). SMTP AUTH doesn’t support modern authentication (Modern Auth), and only uses basic authentication, so all you need to send email messages is a username and password. This makes SMTP AUTH a popular choice for attackers to send spam or phishing messages using compromised credentials.

Connect to Exchange Online with Exchange Online PowerShell v2 Module to enable SMTP AUTH for username used for Email Notification in FortiGate

$User = "[email protected]"
Get-CASMailbox $User | Set-CASMailbox -SmtpClientAuthenticationDisabled $false

Configure Automation Stitch with Email Notification

FortiOS 6.0 introduces Automation Stitches as part of the Security Fabric. Automation Stitches can be used to automate certain actions in response to certain triggers. This includes sending alert emails in response to specific events, and allows for far more granular log-based alerting that Alert Emails configured under Log & Report.

Click Create New in Security Fabric > Automation

Select FortiOS Event Log and Event = Admin_Login_Failed. Select Email in Action and enter your email address

Configure the Email Notification to use the Email Address configured in Email Services for Office 365

FG60E # config system automation-action
FG60E (automation-action) # get 

== [ Admin_Login_Failed_email ]
name: Admin_Login_Failed_email   action-type: email

FG60E (automation-action) # edit Admin_Login_Failed_email
FG60E (Admin_Login_Fail~ail) # set email-from [email protected]

Email Alert will be send if there is any Admin Login Failed triggered

Table of Contents
Scroll to Top