Configuring checkpoint to send email alerts

Level: - Intermediate
Platform: - checkpoint R61, R62, UTM, VPN-1, nokia IP560, Nokia IP390
Author: - : Dinesh Aggarwal

A very useful feature of checkpoint is ability to send email alerts to administrators if CPU utilization of firewall goes high, firewall cluster breaks, one particular rule base is matched and much more... Here we will be discussing email sending feature of checkpoint firewall in detail. We can configure checkpoint to send an email alert to administrators if

  1. Cpu, disk utilization of firewall crosses a user defined threshold
  2. Firewall disconnects from the network
  3. Synchronization state of a cluster is lost
  4. A rule in the rules database is matched

First three things can be achieved from smart view monitor and the last using smart dashboard.

Specifying email settings

First we need to configure the email settings in the checkpoint.

Open dashboard and go to global properties as shown below in the fig-1

Configuring checkpoint to send email alerts

fig-1

Check Run mail alert script checkpox. And give the email command as shown in fig-2

Configuring checkpoint to send email alerts

fig-2

The format of command is

Internal_sendmail –s ‘subject of email’ –t mail_server_address –f sender_email_address receiver_email_address

So we if we type

internal_sendmail -s 'firewall alert' -t 10.10.1.1 -f NOC@knowurtech.com firewalladmin@knowurtech.com

This command will enable send email alerts from noc@knowurtech.com to an email address firewalladmin@knowurtech.com

Here 10.10.10.1 is the IP address of knowurtech email server. By using this command checkpoint firewall is configured to send email alerts for different events and this is a very good firewall troubleshooting tip that security and firewall administrators can use.

Configuring Smart monitor
In order to configure smart monitor to send emails in case cpu and disk utilization crosses a user defined threshold, Sync state of cluster is lost or a firewall goes out of network

 

Open Smart monitor

Click on” All “tab, select a firewall, right click it and click on “configure thresholds” as shown below in fig-3

Configuring checkpoint to send email alerts

fig-3

The following screen appears, Click on “edit global settings” as shown in fig-4

Configuring checkpoint to send email alerts

fig-4

In action select mail as shown in fig-5

Configuring checkpoint to send email alerts

fig-5

Now in case you do cpstop and cpstart on the firewall, you will receive the following mail.

From: NOc@knowurtech.com [mailto:firewalladmin@knowurtech.com]
Sent: Wednesday, July 25, 2007 10:01 AM
To: firewall Admin
Subject: firewall alert
25Jul2007 10:31:53        knowurtechmonitor   <    mail System Alert message: knowurtechfw02 is disconnected; Object: knowurtechfw02; Event: Exception; Parameter: status_connection; Condition: is 8; Current value: 8; product: System Monitor;

Great!! Now you know how to receive emails.

Configuring Smart dashboard for sending alerts.

If you want that whenever a certain rule in your rule base matches you should be getting an email alert, just open the smart dashboard. Select the rule, matching which you would like to generate an email alert, in the track option select mail as shown below in fig-6

Configuring checkpoint to send email alerts

fig-6

In the above figure, if any traffic from SPAM group will be dropped and an email will be send to you. Similarly you can configure smart Defense to send email alerts of some one is doing a port scan on our network, doing a DNS attack, Sending a DOS and flood attack, ICMP attacks and others attacks available under smart defense. If you want to know more or have doubts send us an email.

If you have any suggestions or want to add more to this article do write us an email articles@knowurtech.com

What Next?


If you liked this article, you can share it with others using the following link:


Related Content :