How to Receive Email Threat Notification from the Firewall
73689
Created On 09/25/18 17:36 PM - Last Modified 06/08/23 10:12 AM
Resolution
To create a log-forwarding profile for threat notification via email, configure the following:
- Set up an email server profile.
- Set up a log-forwarding profile.
- Assign athreat profile to the relevant security policy.
- Assign a log-forwarding profile to the relevant security policy.
Email Server Profile
Go to Device > Server Profile > Email, Click Add and complete the information as shown in the example:
- Name: Enter a name for the email settings
- Server: Label Email server (1-31 characters)
- Display name: Email Server
- From: Enter the From email address
- To: Enter the email address of the recipient.
- Cc: Optionally, enter the email address of another recipient.
- Gateway: Enter the IP address or host name of the Simple Mail Transport Protocol.
Log-forwarding Profile
- Go to Objects > Log Forwarding.
- Fill in the information as shown in the example.
Security Policy
Use an existing rule or create a new one pertaining to traffic, as shown in the example:
- Name: Outbound
- Source Zone: TrustL3
- Destination Zone: UntrustL3
- Profiles:
- Antivirus: Default
- Vulnerability: Default
- URL filtering: Default
Assign Threat Profile
- If not already set, assign a threat profile to the security rule.
Assign Log-forwarding Profile
- Apply log-forwarding profile to the security policy.
- Go to Options and select the Log forwarding profile.
- Commit the changes.
- To test the policy, use a workstation to download a test virus, for example, go to eicar.org and download a test file.
- A block page displays in the browser, if the threat profile action is set to 'block.'
- To check threat logs, go to Monitor > Logs > Threat.
- An email is sent as the traffic is triggered.
owner: ppatel