This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Nadav_Hellman
Participant
‎2020-03-19 05:10 AM

Mail alert for when a certain rule has been hit

Hello friends,

I need to set up a client's gateway/management so that when a certain rule has been hit(a packet was accepted\dropped on that rule), he will receive a mail about it.

How can I configure the above requirement ?

 

0 Kudos
7 Replies
Benedikt_Weissl
Advisor
‎2020-03-19 07:35 AM

add "mail" to the "Track" field of the rule
0 Kudos
Nadav_Hellman
Participant
‎2020-03-21 10:36 PM
In response to Benedikt_Weissl

Thanks for the reply,

But how do I fill in where and to who to send the email to ?

 

0 Kudos
Danny
Champion
Champion
‎2020-03-21 11:04 PM
In response to Nadav_Hellman

You configure this in Global Properties. Here his how.

0 Kudos
Nadav_Hellman
Participant
‎2020-03-22 12:09 AM
In response to Danny

Hi Danny,
Thanks for the quick reply.
I configured it like you said with the internal_sendmail, however, im not receiving any mails to my mailbox.
I configured it like sk25941 said, without the sender email address.(The SK says its not a must)
internal_sendmail -s "Rule X has been hit" -t 10.160.4.11 nadavh@bynetsec.com
That's what I have configured, and I cant see anything on nadavh@bynetsec.com mailbox.
Test mails from my gmail worked and received.
0 Kudos
Nadav_Hellman
Participant
‎2020-03-22 12:21 AM
In response to Danny

I also tried it exactly like you typed on your post:
internal_sendmail -s 'SmartView Monitor Threshold Alert' -t MAILSERVER -f SENDER_EMAIL_ADDRESS RECEIVER_EMAIL_ADDRESS
I did: internal_sendmail -s 'Test Mail' -t 10.160.4.11 -f checkpoint@bynetsec.com nadavh@bynetsec.com
0 Kudos
Timothy_Hall
Champion
Champion
‎2020-03-22 05:45 AM
In response to Nadav_Hellman

The email alert is fired from the SMS, so you need to ensure the IP address of the SMS is authorized to relay mail through your MX 10.160.4.11.

"Max Capture: Know Your Packets" Self-Guided Video Series
available at http://www.maxpowerfirewalls.com
Eduardo_Pereira
Employee Alumnus
Employee Alumnus
‎2020-03-24 10:30 AM

To achieve that, I usually do:

 

PHOTO-2018-10-26-15-07-24.jpg

 

Configure the sendmail:

PHOTO-2018-10-26-15-08-42.jpg

 

Exemple: $FWDIR/bin/sendmail -s ALERTA -t 192.168.102.2 -f mail@checkpoint.com.br user1@unknown300.com

 

Here is one attack exemple to trigger the email action:

PHOTO-2018-10-26-15-07-48.jpg

 

PHOTO-2018-10-26-15-08-10.jpg

 

PHOTO-2018-10-26-15-07-39.jpg

0 Kudos