Configuring checkpoint to send email alerts

Level: - Intermediate
Platform: - checkpoint R61, R62, UTM, VPN-1, nokia IP560, Nokia IP390
Author: - : Dinesh Aggarwal

A very useful feature of checkpoint is ability to send email alerts to administrators if CPU utilization of firewall goes high, firewall cluster breaks, one particular rule base is matched and much more... Here we will be discussing email sending feature of checkpoint firewall in detail. We can configure checkpoint to send an email alert to administrators if

  1. Cpu, disk utilization of firewall crosses a user defined threshold
  2. Firewall disconnects from the network
  3. Synchronization state of a cluster is lost
  4. A rule in the rules database is matched

First three things can be achieved from smart view monitor and the last using smart dashboard.

Specifying email settings

First we need to configure the email settings in the checkpoint.

Open dashboard and go to global properties as shown below in the fig-1

Configuring checkpoint to send email alerts


Check Run mail alert script checkpox. And give the email command as shown in fig-2

Configuring checkpoint to send email alerts


The format of command is

Internal_sendmail –s ‘subject of email’ –t mail_server_address –f sender_email_address receiver_email_address

So we if we type

internal_sendmail -s 'firewall alert' -t -f

This command will enable send email alerts from to an email address

Here is the IP address of knowurtech email server. By using this command checkpoint firewall is configured to send email alerts for different events and this is a very good firewall troubleshooting tip that security and firewall administrators can use.

Configuring Smart monitor
In order to configure smart monitor to send emails in case cpu and disk utilization crosses a user defined threshold, Sync state of cluster is lost or a firewall goes out of network


Open Smart monitor

Click on” All “tab, select a firewall, right click it and click on “configure thresholds” as shown below in fig-3

Configuring checkpoint to send email alerts


The following screen appears, Click on “edit global settings” as shown in fig-4

Configuring checkpoint to send email alerts


In action select mail as shown in fig-5

Configuring checkpoint to send email alerts


Now in case you do cpstop and cpstart on the firewall, you will receive the following mail.

From: []
Sent: Wednesday, July 25, 2007 10:01 AM
To: firewall Admin
Subject: firewall alert
25Jul2007 10:31:53        knowurtechmonitor   <    mail System Alert message: knowurtechfw02 is disconnected; Object: knowurtechfw02; Event: Exception; Parameter: status_connection; Condition: is 8; Current value: 8; product: System Monitor;

Great!! Now you know how to receive emails.

Configuring Smart dashboard for sending alerts.

If you want that whenever a certain rule in your rule base matches you should be getting an email alert, just open the smart dashboard. Select the rule, matching which you would like to generate an email alert, in the track option select mail as shown below in fig-6

Configuring checkpoint to send email alerts


In the above figure, if any traffic from SPAM group will be dropped and an email will be send to you. Similarly you can configure smart Defense to send email alerts of some one is doing a port scan on our network, doing a DNS attack, Sending a DOS and flood attack, ICMP attacks and others attacks available under smart defense. If you want to know more or have doubts send us an email.

If you have any suggestions or want to add more to this article do write us an email

What Next?

If you liked this article, you can share it with others using the following link:

Related Content :