Recently we have installed the LEM virtual appliance to collect devices' syslog as PoC. According to the guides, the LEM can block IP via Fortigate. Then we added the Fortigate into LEM, set up the connectors(Fortigate and active response、email active response). After that, we created a rule about logon the fortigate firewall and send email message to notify us. We can check the related event on LEM monitor, but we can't receive any email. Before the rule, the email test is ok. Our target is that when some abnormal event or logs coming, LEM can block IP via Firewall automatically. Please give your suggestion or have a remote session to check it, I will send the debug file for your reference.
Here is some info:
LEM verions is 6.6
Fortigate firmware is v5.6.8 build1672 (GA)