Mail alerts for Security policy installation are configured through the SmartView Monitor.
Procedure
-
In SmartConsole:
-
In SmartView Monitor:
-
To open the SmartView Monitor from the SmartConsole R80 and higher:
-
From the left navigation panel, click Logs & Monitor.
-
From the top, click [+] to open a new tab.
-
In the bottom section, click Tunnel & User Monitor.
-
Go to the File menu - go to the New sub-menu - click Gateways View.

-
From the "Select available fields from" drop-down menu, select "Firewall".
-
In the "Available fields" list, click "Security Policy" and while holding the CTRL key, click "Security Policy Installed".
-
Click the "Add" button.
-
Click OK.

-
The new custom view named "Untitled" appears in the left tree in the Custom folder.
Right-click this view - click Rename - assign a desired name.

-
Right-click this new view and click Run.
-
Set a threshold: in the Custom branch of the tree view on the left hand side, right-click the new Custom setting and select Run.
-
In the list of all managed machines, right-click the relevant Security Gateway / Cluster object - click "Configure Thresholds".
Example:

-
In the Threshold Settings window, either click the "Edit Global Settings..." button, or select "Custom".
-
In the "Enabled" column, select these:
- "Firewall Policy"
- "Firewall Policy install time"
- "Firewall Policy name"
-
In the "Action" column for these three thresholds, change from "alert" to "mail".
-
Click on OK.
Example:

-
Go to the "Tools" menu - click "Start System Alert Daemon" (if the daemon is already started, then this option is grayed out and the "Stop" option is available).
-
In SmartConsole:
-
Install the Security Policy on the relevant Security Gateway / Cluster object.
-
Install Database on the Security Management Server / Log Server.
-
Important note for Multi-Domain systems:
On Provider-1 / Multi-Domain Server, it is also necessary to manually enable the 'cpstat_monitor' in the context of the relevant CMA / Domain.
- Connect to the command line on the server.
- Log in to the Expert mode.
-
Run the applicable commands:
-
To enable on-the-fly:
[Expert@HostName]# mdsenv <Domain_Name>
[Expert@HostName]# cpstat_monitor &
-
To enable permanently:
[Expert@HostName]# mdsenv <Domain_Name>
[Expert@HostName]# cpprod_util CPPROD_SetValue PROVIDER-1 RunCpstatMonitor 1 1 1
-
To disable permanently:
[Expert@HostName]# mdsenv <Domain_Name>
[Expert@HostName]# cpprod_util CPPROD_SetValue PROVIDER-1 RunCpstatMonitor 1 0 1
Explanation:
The 'cpstat_monitor
' is executed for CMA / Domain only if the CMA's / Domain's registry file ($CPDIR/registry/HKLM_registry.data) contains a key ':RunCpstatMonitor(1)
' key in the section "PROVIDER-1
".
|
Imported from Nokia support database
|