Palo Alto Networks Knowledgebase: How to Receive Email Threat Notification from the Firewall

How to Receive Email Threat Notification from the Firewall

14962
Created On 09/25/18 17:36 PM - Last Updated 07/29/19 17:51 PM
Device Management Initial Configuration Installation QoS Zone and DoS Protection
Resolution

To create a log-forwarding profile for threat notification via email, configure the following:

  1. Set up an email server profile.
  2. Set up a log-forwarding profile.
  3. Assign athreat profile to the relevant security policy.
  4. Assign a log-forwarding profile to the relevant security policy.

Email Server Profile

Go to Device > Server Profile > Email, Click Add and complete the information as shown in the example:

  • Name: Enter a name for the email settings
  • Server: Label Email server (1-31 characters)
  • Display name: Email Server
  • From: Enter the From email address
  • To: Enter the email address of the recipient.
  • Cc: Optionally, enter the email address of another recipient.
  • Gateway: Enter the IP address or host name of the Simple Mail Transport Protocol.

    email-server-profile.png

Log-forwarding Profile

  • Go to Objects > Log Forwarding.
  • Fill in the information as shown in the example.

    log-fwd.png

Security Policy

Use an existing rule or create a new one pertaining to traffic, as shown in the example:

  • Name: Outbound
  • Source Zone: TrustL3
  • Destination Zone: UntrustL3
  • Profiles:
  • Antivirus: Default
  • Vulnerability: Default
  • URL filtering: Default


Assign Threat Profile

  • If not already set, assign a threat profile to the security rule.

threat profile.PNG.png


Assign Log-forwarding Profile

  • Apply log-forwarding profile to the security policy.
  • Go to Options and select the Log forwarding profile.

     log-profile.png

  • Commit the changes.
  • To test the policy, use a workstation to download a test virus, for example, go to eicar.org and download a test file.
  • A block page displays in the browser, if the threat profile action is set to 'block.'

virus-blocked.png

  • To check threat logs, go to Monitor > Logs > Threat.

    threat-logs.png

  • An email is sent as the traffic is triggered.

owner: ppatel



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClH3CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language