A notification is a message that a Firebox sends to the administrator when an event occurs at the device that is a possible security threat. The notification can be an email message or a popup window. Notifications can also be sent by way of an SNMP trap.
For more information about SNMP traps, see About SNMP.
Network administrators can configure notifications to be sent for a variety of reasons, and can examine them to help make decisions about how to add more security to the network.
For example, WatchGuard recommends that you configure default packet handling options to send a notification when the Firebox finds a port space probe. To find a port space probe, the Firebox counts the number of packets sent from one IP address to all of the external interface IP addresses on the device. If the number is greater than a configured value, the log host sends a notification to the network administrator about the rejected packets.
For the port space probe example, some possible actions you might take include:
- Block the ports on which the probe was used
- Block the IP address that sent the packets
- Send a notification email message to the network administrator
The Firebox sends notifications only if you enable and configure them on the Log Server that your device uses. For detailed instructions to configure notifications, see Configure Database Maintenance Settings.