Notification settings enable the Firebox to send an alert log message when it detects an event that is a possible security threat. If your Firebox sends log messages to WatchGuard Cloud, Dimension, or a WSM Log Server, the administrator can also receive the notification as an email message. The Firebox can also send notifications as SNMP traps. For more information, see About SNMP.
For information about logging and notification settings on the Firebox, see Set Logging and Notification Preferences.
When the Firebox sends notifications, alarm log messages appear in the Alarms report. For more information, see Alarms Report.
To receive email notification of an alarm, you must also configure notification settings on Dimension, WatchGuard Cloud, or the WSM Log Server. For more information about how to configure email notification settings, see:
- Dimension — Configure Notification Settings for Dimension
- WatchGuard Cloud — Configure Rules for Notifications
- WSM Log Server — Configure Notification Settings for the Log Server
To receive immediate notification about important security threats and events, you can configure logging and notification settings in many locations in the Firebox configuration.
For example, WatchGuard recommends that you configure default packet handling options to send a notification when the Firebox detects a port space probe. To identify a port space probe, the Firebox counts the number of packets sent from one IP address to all external interface IP addresses on the device. If the number is greater than a configured value, the Firebox sends an alert to Dimension or WatchGuard Cloud, which can then send an email notification to the network administrator about the rejected packets. For this example, the network administrator might take action to block the ports on which the probe was used or block the IP address that sent the packets.