Understanding vGW Series Status and Alerts

vGW Series can display several status icons within the user interface and several mechanisms for sending alerts, so that you know exactly what is happening on the virtual network.

Status

vGW Series interface displays a yellow or red status icon to indicate an event or configuration issue that merits attention.

Click the status icon to display the Status tab in the Main module’s page.

The sections of the product that have triggered a status change are displayed with most important status changes at the top shown in red. For details on the status issues, click the more link next to the status summary line.

Alerts

vGW Series can send alerts when the log field in a rule in a security policy is set to Alert or Custom E-Mail Alert Tag and a connection matching this rule is seen on the network.

In addition to alerts generated by security rules, vGW Series monitors High, Medium and Low Security events, displayed on the Main module’s Events and Alerts tab, and it reports those Alerts out through the settings here (that is, through E-Mail, SNMP trap, or both).

In both cases, alerts use the settings found in Settings -> Security Settings -> Alerting.

You can choose to send an e-mail alert and an SNMP trap, only e-mail alerts, or only SNMP traps.

E-Mail Alert Settings

Enable e-mail alerts by providing the mail relay server IP address as well as the source and destination e-mail addresses. The aggregation time is the gap between successive notifications.

You are not required to configure multiple e-mail recipients. However, four custom e-mail alert tags can be created that point to different e-mail aliases or individual e-mail accounts (or a combination of the two). These custom tags can then be specified in the security policy editor.

If you want to send both an e-mail alert and an SNMP trap on a single rule, you can do so by using the standard alert icon. However, only the e-mail addresses listed in the Recipients Addresses are used. In other words, custom tags cannot be used when sending e-mail and SNMP alerts.

SNMP Trap Settings

Simple Network Management Protocol (SNMP) is an IP protocol used mostly to monitor network-attached devices for conditions that warrant administrative attention. SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration. These variables can then be queried (and sometimes set) by managing applications. In typical SNMP uses, one or more administrative computers, called managers, have the task of monitoring or managing a group of hosts or devices on a computer network. Each managed system executes, at all times, a software component called an agent which reports information via SNMP to the manager. SNMP operates in the Application Layer of the Internet Protocol Suite (Layer 7 of the OSI model). The SNMP agent receives requests on UDP port 161. The manager may send requests from any available source port to port 161 in the agent. The agent response will be sent back to the source port on the manager. The manager receives notifications (Traps and InformRequests) on port 162

SNMP traps can be set through SNMPv1 or SNMPv2. You must enter the SNMP server address and community string. You can again set the aggregation time (the delay between successive events), if desired.

AutoConfig and Multicast Alerts

By default the vGW Series is configured to alert when autoconfig addresses are discovered (Settings -> Security Settings -> Alerting). No alert is automatically sent when Multicast is seen (though this can be enabled).

Related Documentation