Mail alert for when a certain rule has been hit

Nadav_Hellman · ‎2020-03-19

Hello friends,

I need to set up a client's gateway/management so that when a certain rule has been hit(a packet was accepted\dropped on that rule), he will receive a mail about it.

How can I configure the above requirement ?

Benedikt_Weissl · ‎2020-03-19

add "mail" to the "Track" field of the rule

Nadav_Hellman · ‎2020-03-21

Thanks for the reply,

But how do I fill in where and to who to send the email to ?

Danny · ‎2020-03-21

You configure this in Global Properties. Here his how.

Nadav_Hellman · ‎2020-03-22

Hi Danny,
Thanks for the quick reply.
I configured it like you said with the internal_sendmail, however, im not receiving any mails to my mailbox.
I configured it like sk25941 said, without the sender email address.(The SK says its not a must)
internal_sendmail -s "Rule X has been hit" -t 10.160.4.11 nadavh@bynetsec.com
That's what I have configured, and I cant see anything on nadavh@bynetsec.com mailbox.
Test mails from my gmail worked and received.

Nadav_Hellman · ‎2020-03-22

I also tried it exactly like you typed on your post:
internal_sendmail -s 'SmartView Monitor Threshold Alert' -t MAILSERVER -f SENDER_EMAIL_ADDRESS RECEIVER_EMAIL_ADDRESS
I did: internal_sendmail -s 'Test Mail' -t 10.160.4.11 -f checkpoint@bynetsec.com nadavh@bynetsec.com

Timothy_Hall · ‎2020-03-22

The email alert is fired from the SMS, so you need to ensure the IP address of the SMS is authorized to relay mail through your MX 10.160.4.11.

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com

Eduardo_Pereira · ‎2020-03-24

To achieve that, I usually do:

Configure the sendmail:

Exemple: $FWDIR/bin/sendmail -s ALERTA -t 192.168.102.2 -f mail@checkpoint.com.br user1@unknown300.com

Here is one attack exemple to trigger the email action: