>
    Configure Email Alerts
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Monitoring
    4. Configure Email Alerts
    Download PDF
    Next-Generation Firewall

    Configure Email Alerts

    Table of Contents

    Configure Email Alerts

    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • NGFW (Managed by PAN-OS or Panorama)
    • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
    You can configure email alerts for log types, such as System, Config, HIP Match, Correlation, Threat, WildFire Submission, and Traffic logs. For each log type, you can set up separate email profiles, allowing you to send notifications to different email servers based on the log type. To ensure high availability, you can define multiple servers (up to four) within a single profile. If one server fails or becomes unreachable, the system attempts to send the alert through the next available server.
    It is a best practice to enable transport layer security (TLS). This requires the firewall to authenticate with the email server before the firewall relays email to the server. Using TLS helps prevent malicious activities, such as Simple Mail Transfer Protocol (SMTP) relay attacks. Additionally, TLS helps to prevent email spoofing, which is commonly used in phishing attacks.

    Configure Email Alerts (Strata Cloud Manager)

    Configure email alerts for various log types and enable TLS to prevent SMTP relay and spoofing.
    1. Log in to Strata Cloud Manager.
    2. Select ManageConfigurationNGFW and Prisma AccessObjectsLog ForwardingEmail Server Profile.
    3. Click Add Email Server .
    4. Enter a name, and click Add Email Server Profile.
    5. Enter a Name.
    6. (Optional) Enter an Email Display Name to specify the name to display in the From field of the email.
    7. Enter the email address From which the firewall sends emails.
    8. Enter the email address To which the firewall sends emails.
    9. (Optional) If you want to send emails to a second account, enter the address of the Additional Recipient. You can add only one additional recipient. For multiple recipients, add the email address of a distribution list.
    10. Enter the IP address or hostname of the Email Gateway to use for sending emails.
    11. Select the Type of protocol to use to connect to the email server:
      • Unauthenticated SMTP—Use SMTP to connect to the email server without authentication. The default Port is 25, but you can optionally specify a different port. This protocol does not provide the same security as SMTP over TLS, but if you select this protocol, skip the next step.
      • SMTP over TLS—(Recommended) Use TLS to require authentication to connect to the email server. Continue to the next step to configure the TLS authentication.
    12. (SMTP over TLS only) Configure the firewall to use TLS authentication to connect to the email server.
      1. (Optional) Specify the Port to use to connect to the email server (default is 587).
      2. TLS Version—Specify the TLS version (1.1 or 1.2).
        Palo Alto Networks strongly recommends using the latest TLS version.
      3. Select the Authentication Method for the firewall and the email server:
        • Auto—Allow the firewall and the email server to determine the authentication method.
        • Login—Use Base64 encoding for the username and password and transmit them separately.
        • Plain—Use Base64 encoding for the username and password and transmit them together.
      4. Select a Certificate Profile to authenticate with the email server.
      5. Enter the Username and Password of the account that sends the emails, then Confirm Password.
    13. Click Add to save the Email server profile.
    14. (Optional) Select the Custom Log Format tab and customize the format of the email messages. For details on how to create custom formats for the various log types, refer to the Common Event Format Configuration Guide.
    15. Configure email alerts for Traffic, Threat, and WildFire Submission logs.
      1. Select ObjectsLog Forwarding.
      2. Click Add Log Forwarding Profile, and enter a Name to identify the profile.
      3. For each log type and each severity level or WildFire verdict, select the Email server profile, and click Save.
    16. Create a Security policy rule.
    17. Push Config to push your configuration changes.

    Forward Traps to an SNMP Manager (PAN-OS)

    1. Enable the SNMP manager to interpret the traps it receives.
      Load the Supported MIBs for Palo Alto Networks firewalls and, if necessary, compile them. For the specific steps, refer to the documentation of your SNMP manager.
    2. Configure an SNMP Trap server profile.
      The profile defines how the firewall accesses the SNMP managers (trap servers). You can define up to four SNMP managers for each profile.
      Optionally, configure separate SNMP Trap server profiles for different log types, severity levels, and WildFire verdicts.
      1. Log in to the firewall web interface.
      2. Select DeviceServer ProfilesSNMP Trap.
      3. Click Add and enter a Name for the profile.
      4. If the firewall has more than one virtual system (vsys), select the Location (vsys or Shared) where this profile is available.
      5. Select the SNMP Version and configure the authentication values as follows. For version details, see SNMP Monitoring and Traps.
        • V2c—For each server, click Add and enter the server Name, IP address (SNMP Manager), and Community String. The community string identifies a community of SNMP managers and monitored devices, and serves as a password to authenticate the community members to each other.
          As a best practice, don’t use the default community string public; it’s well known and therefore not secure.
        • V3—For each server, click Add and enter the server Name, IP address (SNMP Manager), SNMP User account (this must match a username defined in the SNMP manager), EngineID used to uniquely identify the firewall (you can leave the field blank to use the firewall serial number), authentication password (Auth Password) used to authenticate to the server, and privacy password (Priv Password) used to encrypt SNMP messages to the server.
      6. Click OK to save the server profile.
    3. Configure log forwarding.
      1. Configure the destinations of Traffic, Threat, and WildFire traps:
        1. Create a Log Forwarding profile. For each log type and each severity level or WildFire verdict, select the SNMP Trap server profile.
        2. Assign the Log Forwarding profile to policy rules and network zones. The rules and zones will trigger trap generation and forwarding.
      2. Configure the destinations for System, Configuration, User-ID, HIP Match, and Correlation logs. For each log (trap) type and severity level, select the SNMP Trap server profile.
      3. Click Commit.
    4. Monitor the traps in an SNMP manager.
      Refer to the documentation of your SNMP manager.
      When monitoring traps related to firewall interfaces, you must match the interface indexes in the SNMP manager with interface names in the firewall web interface. For details, see Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors.

    © 2025 Palo Alto Networks, Inc. All rights reserved.