Understanding the vGW Series Security Alerting Settings
This topic addresses how to configure Alert settings for e-mail and SNMP traps. It includes the following sections:
E-mail Alert Settings
You enable e-mail alerts by providing the mail relay server IP address and the source and destination e-mail addresses. The aggregation time is the gap between successive notifications.
You do not need to configure multiple e-mail recipients. However, you can create four custom e-mail alert tags that point to different e-mail aliases or individual e-mail accounts, or a combination of the two. You can specify these custom tags in the security policy editor.
To send both an e-mail alert and an SNMP trap on a single rule, you use the standard alert icon. In this case, only the e-mail addresses listed in the Recipients Addresses are used. That is, you can not use custom tags when you send e-mail and SNMP alerts.
SNMP Trap Settings
SNMP traps can be set via Version 1 or Version 2. You must enter the SNMP server address and community string. You can again set the aggregation time (the delay between successive events), if wanted.
AutoConfig and Multicast Alerts
By default, the vGW Series is configured to alert when autoconfig addresses are discovered (Settings screen -> Security Settings -> Alerting). No alert is automatically sent when Multicast is seen (though this can be enabled).
- Autoconfig addresses—When a machine does not have an IP address configured or it can not acquire a DHCP lease, it defaults to using an autoconfig address in the 169.254.*.* range. Often this setting represents a configuration problem or an issue with the DHCP service.
- Multicast–Many hosts use multicast packets to advertise their presence on the network. They also send broadcast information about the services that they offer, and configuration data. This information is often not needed, so it can be undesirable for servers to provide it. In addition, there are security issues related to advertising the services a machine has available.