Configure Email Alerts
You can configure email alerts for System, Config, HIP Match, Correlation, Threat, WildFire Submission, and Traffic logs. You can use separate profiles to send email notifications for each log type to a different server. To increase availability, define multiple servers (up to four) in a single profile.
As a best practice, configure transport layer security (TLS) to require the firewall to authenticate with the email server before the firewall relays email to the server. This helps prevent malicious activity, such as Simple Mail Transfer Protocol (SMTP) relay, which can be used to send spam or malware, and email spoofing, which can be used for phishing attacks.
- (Required for SMTP over TLS) If you have not already done so, create a certificate profile for the email server.
- Select.DeviceServer Profiles
- Addan email server profile and enter aName.
- From the read-only window that appears,Addthe email server and enter aName.
- If the firewall has more than one virtual system (vsys), select theLocation(vsys orShared) where this profile is available.
- (Optional) Enter anEmail Display Nameto specify the name to display in the From field of the email.
- Enter the email addressFromwhich the firewall sends emails.
- Enter the email addressTowhich the firewall sends emails.
- (Optional) If you want to send emails to a second account, enter the address of theAdditional Recipient. You can add only one additional recipient. For multiple recipients, add the email address of a distribution list.
- Enter the IP address or hostname of theEmail Gatewayto use for sending emails.
- Select theTypeof protocol to use to connect to the email server:
- Unauthenticated SMTP—Use SMTP to connect to the email server without authentication. The defaultPortis 25, but you can optionally specify a different port. This protocol does not provide the same security as SMTP over TLS, but if you select this protocol, skip the next step.
- SMTP over TLS—(Recommended) Use TLS to require authentication to connect to the email server. Continue to the next step to configure the TLS authentication.
- (SMTP over TLS only) Configure the firewall to use TLS authentication to connect to the email server.
- (Optional) Specify thePortto use to connect to the email server (default is 587).
- TLS Version—Specify the TLS version (1.1or1.2).Palo Alto Networks strongly recommends using the latest TLS version.
- Select theAuthentication Methodfor the firewall and the email server:
- Auto—Allow the firewall and the email server to determine the authentication method.
- Login—Use Base64 encoding for the username and password and transmit them separately.
- Plain—Use Base64 encoding for the username and password and transmit them together.
- Select aCertificate Profileto authenticate with the email server.
- Enter theUsernameandPasswordof the account that sends the emails, thenConfirm Password.
- (Optional) To confirm that the firewall can successfully authenticate with the email server, you canTest Connection.
- ClickOKto save the Email server profile.
- (Optional) Select theCustom Log Formattab and customize the format of the email messages. For details on how to create custom formats for the various log types, refer to the Common Event Format Configuration Guide.
- Configure email alerts for Traffic, Threat, and WildFire Submission logs.
- Select, clickObjectsLog ForwardingAdd, and enter aNameto identify the profile.
- For each log type and each severity level or WildFire verdict, select the Email server profile and clickOK.
- Configure email alerts for System, Config, HIP Match, and Correlation logs.
- Select.DeviceLog Settings
- For System and Correlation logs, click each Severity level, select theOK.
- For Config and HIP Match logs, edit the section, select theOK.
Recommended For You
Recommended videos not found.