Understanding the vGW Series Security Alert Settings

This topic covers the events sent by e-mail and SNMP and how to configure Alert settings for e-mail and SNMP traps.

It includes the following sections:

Event Types

vGW Series sends security alerts (Main→Events and Alerts→Security Alerts) by e-mail and SNMP. Security Alerts have high, medium, and low (H/M/L) priorities. By default, alerts of all priorities are sent by SNMP and e-mail. However, you can use the center.conf parameter center.alert.notification.priority to change this configuration. By default, it is set to 3 (low). Alerts with a priority that is equal to or lower than the configured value are sent.

E-mail Alert Settings

You enable e-mail alerts by providing the mail relay server IP address and the source and destination e-mail addresses. vGW Series supports both IPv4 and IPv6 addresses. The aggregation time is the gap between successive notifications.

You do not need to configure multiple e-mail recipients. However, you can create four custom e-mail alert tags that point to different e-mail aliases or individual e-mail accounts, or a combination of the two. You can specify these custom tags in the security policy editor.

To send both an e-mail alert and an SNMP trap on a single rule, you use the standard alert icon. In this case, only the e-mail addresses listed in the Recipients Addresses are used. That is, you can not use custom tags when you send e-mail and SNMP alerts.

SNMP Trap Settings

An Simple Network Management Protocol (SNMP) trap is an asynchronous notification from agent to manager. It includes the current sysUpTime, and OID identifying the type of trap, and optional variable bindings. SNMP traps can be set via Version 1 or Version 2. You must enter the SNMP server address and community string. Optionally, you can set the aggregation time again (the delay between successive events).

To configure SNMP using the Settings module Alterting > SNMP Trap Settings pane:

AutoConfig and Multicast Alerts

By default, the vGW Series is configured to alert when autoconfig addresses are discovered (Settings page -> Security Settings -> Alerting). No alert is automatically sent when Multicast is seen (though this can be enabled).

Related Documentation