How to Receive Email Threat Notification from the Firewall

To create a log-forwarding profile for threat notification via email, configure the following:

1. Set up an email server profile.
2. Set up a log-forwarding profile.
3. Assign athreat profile to the relevant security policy.
4. Assign a log-forwarding profile to the relevant security policy.

Email Server Profile

Go to Device > Server Profile > Email, Click Add:

and complete the information as shown in the example:

• Name: Enter a name for the email settings
• Server: Label Email server (1-31 characters)
• Display name: Email Server
• From: Enter the From email address
• To: Enter the email address of the recipient.
• Cc: Optionally, enter the email address of another recipient.
• Gateway: Enter the IP address or host name of the Simple Mail Transport Protocol.
• Type: either 'Unauthenticated SMTP' (shown here) or 'SMTP over TLS' (additional fields will need to be entered).

  

Log-forwarding Profile

• Go to Objects > Log Forwarding.
• Fill in which logs you want forward (below we select threat logs) and add the email profile we created previously as shown in the below example:

  

Security Policy

Locate the rule you want log forwarding to take, as shown in the example below:

• As we are forwarding threat log, make sure you have security profiles also configured to the policy rule as shown.
  

• Commit the changes.
• To test the policy, use a workstation to download a test virus, for example, go to eicar.org and download a test file.
• A block page displays in the browser, if the threat profile action is set to 'block.'

• To check threat logs, go to Monitor > Logs > Threat.

  

• An email is sent as the traffic is triggered.

owner: ppatel