Configure Filtered E-mail Forwarding

Configure Filtered Email Forwarding

Create a MailGun account

1. Go to mailgun.com.
2. Sign up for a free account and complete the verification steps. (Note: there is no need to configure a custom domain, just continue to your control panel)
3. After activating your account, scroll to the bottom of the mailgun.com page to the section titled “Sandbox Domains”.
4. Click on the Authorized Recipients link to register and verify your email.

    

5. Click the domain name link (see picture above). Leave this page open.
6. In a new browser window, navigate to the GUI for your firewall.

Create HTTP Server Profile

1. In the firewall GUI, navigate to Device->Server Profiles->HTTP.
2. Click Add at the bottom of the screen.
3. Enter a name for the profile.
4. On the Servers tab, click Add.
5. Enter information for all of the following fields:
   1. Name: Enter a descriptive name (e.g. MailGun).
   2. Address: api.mailgun.net
   3. Protocol: HTTPS
   4. Port: 443
   5. HTTP Method: POST
   6. Username: api
   7. Password: the API key listed on the mailgun site

    

6. Click the Test Server Connection button

    

7. On the Payload Format tab, click on the log type of interest, in this example: System.
8. Enter a name for the format (e.g. mailgun system).
9. In the URI Format field Enter the portion of the API Base URL following api.mailgun.net from the mailgun page, followed by /messages. For example:

    

               This yields “/v3/sandbox7b79131630b8458eb3f13bcff9ff1ced.mailgun.org/messages”
   
   

10. In the Parameters section, create the following parameter pairs:

    Parameter	Value
    from	admin@myfirewall.net (can be any from address)
    to	<your verified email address>
    subject	A $severity system log of type $subtype was received.
    text	A system log of severity $severity says: $opaque

     

    Your format should look similar to this:

    

     

     Alternately, you can configure the text parameter in the payload text area.

     

    Here is the example of a text in the payload for the email:

    text=A System log with the following data was received:   PAN-OS= $sender_sw_version subtype= $subtype type= $type severity= $number-of-severity Time= $cef-formatted-receive_time Serial= $serial Device Name= $device_name Module= $module Message= $opaque Sequence Number= $seqno Event Type= $eventid   Object= $object PanOSDGl1= $dg_hier_level_1 PanOSDGl2= $dg_hier_level_2 PanOSDGl3= $dg_hier_level_3 PanOSDGl4= $dg_hier_level_4 PanOSVsysName= $vsys_name Virtual System= $vsys

11. Click Send Test Log

     

12. Check to assure your email was received:

     

     

13. Click OK
14. Click OK

Configure Log Forwarding for Desired Log Types

For this example, we will configure the system log forwarding.

1. Go to Device->Log Settings.
2. Under System click Add.
3. Enter a name in the Log Settings – System window (e.g. ‘fwd to email’).
4. In the filter area, use the filter builder to create a filter for system logs that you would like forwarded to your inbox (e.g. ‘description contains commit’).
5. Click OK, commit the changes.

Testing and Troubleshooting

If you used the ‘description contains commit’ filter above, you can test your configuration by committing a change on your firewall.

Troubleshooting:

• Mailgun offers a set of logs displaying any successful emails sent:

   

• If you have custom service routes, check to make sure the service route for “HTTP” is configured to allow the firewall or Panorama reach the API service:

 Created by Jamie Fitz-Gerald