- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Hi,
We monitor customer checkpoint for every 4 hours to check for unblocked IPS blade alerts.
I got to know that we can automate this through E-mail alerts through smart event E-mail automation few questions regarding it.
It's for R77.30.03
1) Do I have to install jumbo hot-fix and is it mandatory.
2) Can we set exclusions for the E-mail alerts that we receive.
3) Under add automatic reactions - under Mail parameters it asks for "from Email" and under it it also asks for outgoing mail server(SMTP).
Can a mail server be configured from our side , can we configure any kind of default outgoing mail server from checkpoint itself or does it have to be configured from client side.
If the mail server has to be configured from the customer environment the E-mail will not be over the VPN and security might be an issue.
I'm not sure what you mean by "unblocked IPS blade alerts" -- please clarify.
As for your other questions:
1. It's highly recommended to be running the latest recommended jumbo hotfix unless you have a very specific reason not to be.
2. Yes you can configure exclusions.
3. The email server must be reachable from the SmartEvent server. How that is accomplished is up to you.
Thank you
Dameon
In customer's checkpoint under IPS blade we look out if there are any med,high and critical alerts if they are blocked or not. If in case they are not blocked then we take action.
1) Specific reason for not installing jumbo hotfix is we need approval from client to make any kind of change in their checkpoint and it takes a long time and tedious process.
2) Thanks for the Info.
3) Need some more light here about E-mail server being reachable for smart event server.
1. Not specifically required unless you run into an issue that requires installing a hotfix to address. That said, your customer should look at upgrading to R80.20 soon since R77.30.03 will be End of Support in September.
3. Networking 101. Is there a network path between the SmartEvent Server and the desired SMTP server? The specifics of that network path aren't particularly relevant. If one currently does not exist (e.g. MPLS link, VPN), you'll have to configure it.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY