Configuring 'Mail Alerts' using 'internal

Support Center > Search Results > SecureKnowledge Details

Configuring 'Mail Alerts' using 'internal_sendmail' command

Solution ID	sk25941
Product	SmartConsole / SmartDashboard, Multi-Domain Management, Security Management
Version	R75, R76, R77, R77.10, R77.20, R77.30, R80, R80.10, R80.20, R80.30
Platform / Model	All
Date Created	15-Dec-2013
Last Modified	05-Jan-2020

Solution

Introduction

The internal_sendmail is an internal Check Point command (built-in into FWD daemon) that directs the Check Point Alerts Daemon on the Security Management Server / Domain Management Server to send an e-mail, using the specified arguments. It does not require a mail server or mail client to be installed on the Security Management Server / Multi-Domain Security Management Server.

Notes:

The FWD daemon on the Security Management Server / Domain Management Server will send an e-mail to the defined SMTP Server.
Mail Alerts may not work even after configuring as per this sk. To receive mail alert you need to have an SMTP server configured with "Mail Relay" and "No Authentication".
When choosing logging actions in rules, or other Security Gateway logging properties, set the action to correspond to the alert you defined in the 'Global Properties' > 'Log and Alert' > 'Alerts' screen.

Procedure

Go to Alerts settings in Global Properties:
- In SmartDashboard R7X, go to Policy menu - click on Global Properties - expand Log and Alert - click on Alerts.
- In SmartConsole R8X, go to Application menu - click on Global Properties - expand Log and Alert - click on Alerts.

(Optional) Select the checkbox "Send mail alert to SmartView Monitor"(when a mail alert is issued, it is also sent to SmartView Monitor).

Select the checkbox "Run mail alert script" and use the following syntax:

internal_sendmail -s "SUBJECT" -t IP_ADDRESS_of_SMTP_SERVER -f SENDER_E-MAIL@DOMAIN RECIPIENT1_E-MAIL@DOMAIN RECIPIENT2_E-MAIL@DOMAIN ...

Note: The e-mail subject must always be enclosed within quotation marks. Multiple recipients must be separated by a space character.

Example with sender mail:
internal_sendmail -s "MySubject" -t 192.168.20.30 -f sender@example.com recepient1@example.com recepient2@example.com

Example without sender mail:
internal_sendmail -s "MySubject" -t 192.168.20.30 recepient1@example.com recepient2@example.com

In the Rule Base, define a rule that will generate an alert - in the "Track" column, select Mail.
Install the Security Policy.

Sample log entry that you will find in the body of the e-mail message:

27Jul2011 12:37:06 drop Labfw02 >eth2 useralert rule: 5; rule_uid: {D80B94DC-N325-4866-B67E-99NAZ5F41160}; SmartDefense profile: No Protection; ICMP: Echo Request; src: NS_192.168.30.44; dst: NS_LabSRVa; proto: icmp; ICMP Type: 8; ICMP Code: 0; product: VPN-1 & FireWall-1;

Related Solutions:

Applies To:

This solution replaces sk17394
sk114836 has been merged into sk25941

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating