Configure Filtered E-mail Forwarding

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.
L3 Networker
No ratings

Configure Filtered Email Forwarding


Create a MailGun account


  1. Go to
  2. Sign up for a free account and complete the verification steps. (Note: there is no need to configure a custom domain, just continue to your control panel)Picture41.png
  3. After activating your account, scroll to the bottom of the page to the section titled “Sandbox Domains”.
  4. Click on the Authorized Recipients link to register and verify your email.Picture42.png


  5. Click the domain name link (see picture above). Leave this page open.
  6. In a new browser window, navigate to the GUI for your firewall.


Create HTTP Server Profile

  1. In the firewall GUI, navigate to Device->Server Profiles->HTTP.
  2. Click Add at the bottom of the screen.
  3. Enter a name for the profile.
  4. On the Servers tab, click Add.
  5. Enter information for all of the following fields:
      1. Name: Enter a descriptive name (e.g. MailGun).
      2. Address:
      3. Protocol: HTTPS
      4. Port: 443
      5. HTTP Method: POST
      6. Username: api
      7. Password: the API key listed on the mailgun sitePicture43.png


  6. Click the Test Server Connection buttonPicture44.png


  7. On the Payload Format tab, click on the log type of interest, in this example: System.
  8. Enter a name for the format (e.g. mailgun system).
  9. In the URI Format field Enter the portion of the API Base URL following from the mailgun page, followed by /messages. For example:Picture45.png


                This yields “/v3/”

  10. In the Parameters section, create the following parameter pairs:



    from (can be any from address)


    <your verified email address>


    A $severity system log of type $subtype was received.


    A system log of severity $severity says: $opaque


    Your format should look similar to this:



     Alternately, you can configure the text parameter in the payload text area.Picture47.png


    Here is the example of a text in the payload for the email:

    text=A System log with the following data was received:


    PAN-OS= $sender_sw_version

    subtype= $subtype

    type= $type

    severity= $number-of-severity

    Time= $cef-formatted-receive_time

    Serial= $serial

    Device Name= $device_name

    Module= $module

    Message= $opaque

    Sequence Number= $seqno

    Event Type= $eventid


    Object= $object

    PanOSDGl1= $dg_hier_level_1

    PanOSDGl2= $dg_hier_level_2

    PanOSDGl3= $dg_hier_level_3

    PanOSDGl4= $dg_hier_level_4

    PanOSVsysName= $vsys_name

    Virtual System= $vsys


  11. Click Send Test LogPicture48.png


  12. Check to assure your email was received:Picture49.png



  13. Click OK
  14. Click OK


Configure Log Forwarding for Desired Log Types

For this example, we will configure the system log forwarding.

  1. Go to Device->Log Settings.
  2. Under System click Add.
  3. Enter a name in the Log Settings – System window (e.g. ‘fwd to email’).
  4. In the filter area, use the filter builder to create a filter for system logs that you would like forwarded to your inbox (e.g. ‘description contains commit’).
  5. Click OK, commit the changes.


Testing and Troubleshooting

If you used the ‘description contains commit’ filter above, you can test your configuration by committing a change on your firewall.



  • Mailgun offers a set of logs displaying any successful emails sent:Picture50.png


  • If you have custom service routes, check to make sure the service route for “HTTP” is configured to allow the firewall or Panorama reach the API service:



 Created by Jamie Fitz-Gerald

Rate this article:
Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎07-07-2022 01:56 PM
Updated by: