- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-03-2024 11:12 AM
Hello all,
I have applied a zone protection profile to the outside zone on my firewall. I am wondering how I can configure the firewall to receive email notifications just for alerts for this zone protection profile. Like every time an IP address is blocked by the firewall.
Thank you
05-03-2024 11:29 AM
I'm not sure you can actually do something like this easily to be honest. The ZPP creates a number of different subtype events in your threat logs whenever the policy is violated, but they aren't universally only present in ZPP violations and will also show up in DoS/DDoS events as well.
05-03-2024 11:35 AM
Hello,
Depends on exactly what you are looking for but here is an example. On your log filtering profile your can add on a threat filter, add the filter for logs you're looking for (in my example Im using "( subtype eq 'packet' ) and ( action eq 'drop' )". Then create and an email profile. When you create the email profile you can send a test from it as well to ensure the profile works. If you use Strata Logging Service (previously Cortex Data Lake) you can do something like the second image.
05-03-2024 02:13 PM
Thank you @Claw4609. I think I need to do some tests as you suggested.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!