Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nadav_Hellman
Participant

Mail alert for when a certain rule has been hit

Hello friends,

I need to set up a client's gateway/management so that when a certain rule has been hit(a packet was accepted\dropped on that rule), he will receive a mail about it.

How can I configure the above requirement ?

 

0 Kudos
7 Replies
Benedikt_Weissl
Advisor

add "mail" to the "Track" field of the rule
0 Kudos
Nadav_Hellman
Participant

Thanks for the reply,

But how do I fill in where and to who to send the email to ?

 

0 Kudos
Danny
Champion Champion
Champion

You configure this in Global Properties. Here his how.

0 Kudos
Nadav_Hellman
Participant

Hi Danny,
Thanks for the quick reply.
I configured it like you said with the internal_sendmail, however, im not receiving any mails to my mailbox.
I configured it like sk25941 said, without the sender email address.(The SK says its not a must)
internal_sendmail -s "Rule X has been hit" -t 10.160.4.11 nadavh@bynetsec.com
That's what I have configured, and I cant see anything on nadavh@bynetsec.com mailbox.
Test mails from my gmail worked and received.
0 Kudos
Nadav_Hellman
Participant

I also tried it exactly like you typed on your post:
internal_sendmail -s 'SmartView Monitor Threshold Alert' -t MAILSERVER -f SENDER_EMAIL_ADDRESS RECEIVER_EMAIL_ADDRESS
I did: internal_sendmail -s 'Test Mail' -t 10.160.4.11 -f checkpoint@bynetsec.com nadavh@bynetsec.com
0 Kudos
Timothy_Hall
Legend Legend
Legend

The email alert is fired from the SMS, so you need to ensure the IP address of the SMS is authorized to relay mail through your MX 10.160.4.11.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Eduardo_Pereira
Employee Alumnus
Employee Alumnus

To achieve that, I usually do:

 

PHOTO-2018-10-26-15-07-24.jpg

 

Configure the sendmail:

PHOTO-2018-10-26-15-08-42.jpg

 

Exemple: $FWDIR/bin/sendmail -s ALERTA -t 192.168.102.2 -f mail@checkpoint.com.br user1@unknown300.com

 

Here is one attack exemple to trigger the email action:

PHOTO-2018-10-26-15-07-48.jpg

 

PHOTO-2018-10-26-15-08-10.jpg

 

PHOTO-2018-10-26-15-07-39.jpg

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events