Introduction
The internal_sendmail
is an internal Check Point command (built-in into FWD daemon) that directs the Check Point Alerts Daemon on the Security Management Server / Domain Management Server to send an e-mail, using the specified arguments. It does not require a mail server or mail client to be installed on the Security Management Server / Multi-Domain Security Management Server.
Notes:
- The FWD daemon on the Security Management Server / Domain Management Server will send an e-mail to the defined SMTP Server.
- Mail Alerts may not work even after configuring as per this sk. To receive mail alert you need to have an SMTP server configured with "Mail Relay" and "No Authentication".
- When choosing logging actions in rules, or other Security Gateway logging properties, set the action to correspond to the alert you defined in the 'Global Properties' > 'Log and Alert' > 'Alerts' screen.
Procedure
-
Go to Alerts settings in Global Properties:
- In SmartDashboard R7X, go to Policy menu - click on Global Properties - expand Log and Alert - click on Alerts.
- In SmartConsole R8X, go to Application menu - click on Global Properties - expand Log and Alert - click on Alerts.

- (Optional) Select the checkbox "Send mail alert to SmartView Monitor"(when a mail alert is issued, it is also sent to SmartView Monitor).
- Select the checkbox "Run mail alert script" and use the following syntax:
internal_sendmail -s "SUBJECT" -t IP_ADDRESS_of_SMTP_SERVER -f SENDER_E-MAIL@DOMAIN RECIPIENT1_E-MAIL@DOMAIN RECIPIENT2_E-MAIL@DOMAIN ...
Note: The e-mail subject must always be enclosed within quotation marks. Multiple recipients must be separated by a space character.
Example with sender mail:
internal_sendmail -s "MySubject" -t 192.168.20.30 -f sender@example.com recepient1@example.com recepient2@example.com
Example without sender mail:
internal_sendmail -s "MySubject" -t 192.168.20.30 recepient1@example.com recepient2@example.com
- In the Rule Base, define a rule that will generate an alert - in the "Track" column, select Mail.
- Install the Security Policy.
Sample log entry that you will find in the body of the e-mail message:
27Jul2011 12:37:06 drop Labfw02 >eth2 useralert rule: 5; rule_uid: {D80B94DC-N325-4866-B67E-99NAZ5F41160}; SmartDefense profile: No Protection; ICMP: Echo Request; src: NS_192.168.30.44; dst: NS_LabSRVa; proto: icmp; ICMP Type: 8; ICMP Code: 0; product: VPN-1 & FireWall-1;
Related Solutions:
Applies To:
- This solution replaces sk17394
- sk114836 has been merged into sk25941