Support Center > Search Results > SecureKnowledge Details
Configuring 'Mail Alerts' using 'internal_sendmail' command
Solution

Introduction

The internal_sendmail is an internal Check Point command (built-in into FWD daemon) that directs the Check Point Alerts Daemon on the Security Management Server / Domain Management Server to send an e-mail, using the specified arguments. It does not require a mail server or mail client to be installed on the Security Management Server / Multi-Domain Security Management Server.

Notes:

  • The FWD daemon on the Security Management Server / Domain Management Server will send an e-mail to the defined SMTP Server.
  • Mail Alerts may not work even after configuring as per this sk. To receive mail alert you need to have an SMTP server configured with "Mail Relay" and "No Authentication". 
  • When choosing logging actions in rules, or other Security Gateway logging properties, set the action to correspond to the alert you defined in the 'Global Properties' > 'Log and Alert' > 'Alerts' screen.

 

Procedure

  1. Go to Alerts settings in Global Properties:

    • In SmartDashboard R7X, go to Policy menu - click on Global Properties - expand Log and Alert - click on Alerts.
    • In SmartConsole R8X, go to Application menu - click on Global Properties - expand Log and Alert - click on Alerts.


     
  2. (Optional) Select the checkbox "Send mail alert to SmartView Monitor"(when a mail alert is issued, it is also sent to SmartView Monitor). 
  3. Select the checkbox "Run mail alert script" and use the following syntax:

    internal_sendmail -s "SUBJECT" -t IP_ADDRESS_of_SMTP_SERVER [-f SENDER_E-MAIL@DOMAIN] RECIPIENT1_E-MAIL@DOMAIN [RECIPIENT2_E-MAIL@DOMAIN ...]

    Note: The e-mail subject must always be enclosed within quotation marks. Multiple recipients must be separated by a space character.

    Example:
    internal_sendmail -s "MySubject" -t 192.168.20.30 [-f fwmgmt@example.com] sysadmin@example.com managers@example.com

  4. In the Rule Base, define a rule that will generate an alert - in the "Track" column, select Mail.

  5. Install the Security Policy.


Sample log entry that you will find in the body of the e-mail message:

27Jul2011 12:37:06 drop Labfw02 >eth2 useralert rule: 5; rule_uid: {D80B94DC-N325-4866-B67E-99NAZ5F41160}; SmartDefense profile: No Protection; ICMP: Echo Request; src: NS_192.168.30.44; dst: NS_LabSRVa; proto: icmp; ICMP Type: 8; ICMP Code: 0; product: VPN-1 & FireWall-1;


Related Solutions:

Applies To:
  • This solution replaces sk17394
  • sk114836 has been merged into sk25941

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment