Use the Email Alert page to centrally configure how to send the alert emails to the operator or administrator for specific events or behaviors that may impact the performance, operation, and security of your security appliance, or for debugging purposes.
When this feature is enabled, an alert is sent under these three conditions:
• The Web URL categories are changed.
• The Security Services application server status is No Authentication because the server is offline.
• DNS resolution of the Security Services application server name fails because the server is offline.
1. Click Device Management > Administration > Email Alert.
2. In the Email Server area, specify the SMTP email server that is used to send the alert emails.
• SMTP Server: Enter the IP address or Internet name of the SMTP server.
• Port: Enter the port for SMTP communication. The valid range of port numbers is 1~65535.
– If you enter port 25 (the default setting), you can choose TLS (Transport Layer Security) or SSL (Secure Sockets Layer) for securing the SMTP communication, or choose None for an unsecured connection.
– If you enter port 465, you can choose either TLS or SSL for securing the SMTP communication.
– If you enter port 587, you can choose either TLS or SSL for securing the SMTP communication.
• Secure Connectivity Method: Choose either TLS or SSL for securing the SMTP communication, or choose None for an unsecured connection. If you choose TLS or SSL, SMTP Authentication will be enabled.
• SMTP Authentication: Click On if the SMTP server requires authentication before accepting the connections. Users must provide the SMTP account credentials for authentication.
• Account: Enter the username of the SMTP email account.
• Password: Enter the password of the SMTP email account.
• From Email Address: Enter the email address to send the alert emails.
• To Email Address: Enter the email address to receive the alert emails. This email address is used to receive all alert emails for all events. If you want to send the alert emails that belong to different events to different email addresses, uncheck All Alerts and then specify the email address for each event individually.
3. To verify the settings, click the Test Connectivity to Email Server. The results appear in a pop-up window.
4. In the Event Alerts area, specify the email alert settings for each event. When the relative events are detected, the alert emails are sent to the specified email address.
The following table provides information about how to enable the email alert feature for each event.
Sends an alert email if the CPU utilization is higher than the threshold over one minute and sends another alert email when the CPU utilization comes back down to normal for one minute. • CPU Threshold Setting: Enter the value in the range 10% to 100% for CPU utilization threshold. The default value is 90%. • Send to Email Address: Enter the email address to receive the alert emails. To enable CPU Overload Alert, you must complete the following tasks: • Configure the email server settings used to send the alert emails. • Check CPU Overload Alert in the Enable column and specify the CPU utilization threshold and the email address used to receive the alert emails. |
||
Sends an alert email to the specified email address if a newer firmware is detected on Cisco.com. • Send to Email Address: Enter the email address to receive the alert emails. To enable New Firmware Alert, you must complete the following tasks: • Configure the email server settings used to send the alert emails. • Check New Firmware Alert in the Enable column and specify the email address used to receive the alert emails. NOTE: Make sure that you have an active WAN connection and a valid Cisco.com account to download the latest firmware image from Cisco.com and then install it on your security appliance. For complete details, see Upgrading your Firmware from Cisco.com. |
||
Sends an alert email a specified number of days before the security license expires. • days: Enter the number of days before the license expires to send the alert email. The default value is 15 days. • Send to Email Address: Enter the email address to receive the alert emails. To enable License Expiration Alert, you must complete the following tasks: • Validate the security license on the security appliance in the Device Management > License Management page. See Installing or Renewing Security License. • Configure the email server settings used to send the alert emails. • Check License Expiration Alert in the Enable column, set the number of days before the license expires to send the alert emails, and specify the email address used to receive the alert emails. |
||
Sends the syslogs on schedule to the specified email address for troubleshooting purposes. • Send to Email Address: Enter the email address to receive the syslog messages. To enable Syslog Email, you must complete the following tasks: • Enable the Log feature and specify the subtitle in the syslog emails, the severity level of syslogs that you want to send, and the schedule when you want to send the syslogs in the Device Management > Logs > Log Settings page. See Configuring Log Settings. • Enable the Email Alert feature for the facilities in the Device Management > Logs > Log Facilities page. The syslogs generated by the selected facilities can be sent to the specified email address. See Configuring Log Facilities. • Configure the email server settings used to send the syslog messages. • Check Syslog Email in the Enable column and specify the email address used to receive the syslog messages. |
||
Sends an alert email when a VPN tunnel is established, a VPN tunnel is down, or the VPN tunnel negotiation fails. • Send to Email Address: Enter the email address to receive the alert emails. To enable Site-to-Site VPN Up/Down Alert, you must complete the following tasks: • Enable the Site-to-Site VPN feature and specify the IPsec VPN policies used to establish the VPN tunnels in the VPN > Site-to-Site > IPsec Policies page. See Configuring a Site-to-Site VPN, page 272. • Configure the email server settings used to send the alert emails. • Check Site-to-Site VPN Up/Down Alert in the Enable column and specify the email address used to receive the alert emails. |
||
Sends an alert email if the WAN link is up or down. • Alert Interval: Specify how often, in minutes, that the security appliance sends the alert emails. Enter a value in the range 3 to 1440 minutes. The default value is 5 minutes. • Send to Email Address: Enter the email address to receive the alert emails. To enable WAN Up/Down Alert, you must complete the following tasks: • Configure the email server settings used to send the alert emails. • Check WAN Up/Down Alert in the Enable column and specify the email address used to receive the alert emails. |
||
Sends an alert email when the traffic limit is reached, or before the traffic counter is reset. • Send to Email Address: Enter the email address to receive the alert emails. To enable Traffic Meter Alert, you must complete the following tasks: • Enable the Traffic Metering feature for both the primary WAN and the secondary WAN (if applicable) and specify the corresponding settings in the Networking > WAN > Traffic Metering pages. See Measuring and Limiting Traffic with the Traffic Meter, page 116. • Configure the email server settings used to send the alert emails. • Check Traffic Meter Alert in the Enable column and specify the email address used to receive the alert emails. |
||
Sends an alert email at the specified interval to a specified email address if viruses are detected. • Alert Interval: Specify how often, in minutes, that the security appliance sends an alert email for virus events. Enter a value in the range 1 to 1440 minutes. The default value is 30 minutes. The security appliance will log the virus events between alert intervals and send them in an alert email to the specified email address. • Send to Email Address: Enter the email address to receive the alert emails. To enable Anti-Virus Alert, you must complete the following tasks: • Enable the Anti-Virus feature and specify the protocols to scan for viruses in the Security Services > Anti-Virus > General Settings page. See Configuring Anti-Virus, page 236. • Configure the email server settings used to send the alert emails. • Check Anti-Virus Alert in the Enable column, set the alert interval, and specify the email address used to receive the alert emails. |
||
Sends an alert email every 30 minutes to the specified email address if an attack is detected by the IPS service or if an application is blocked by the Application Control service. • Send to Email Address: Enter the email address to receive the alert emails. To enable the IPS Alert feature, you must complete the following tasks: • Enable IPS and configure the IPS settings. See Configuring Intrusion Prevention, page 255. • Enable Application Control and configure the Application Control settings. See Configuring Application Control, page 243. • Configure the email server settings used to send the alert emails. • Check IPS Alert in the Enable column and specify the email address used to receive the alert emails. |
||
Sends an alert email to the specified email address when Web URL categories have any changes. • Send to Email Address: Enter the email address to receive the alert emails. To enable the Web URL Filtering Alert feature, you must complete the following tasks: • Enable Web URL Filtering in the Security Services > Web URL Filtering > Policy to Zone Mapping page. See Configuring Web URL Filtering, page 261. • Configure the email server settings used to send the alert emails. • Check Web URL Filtering Alert in the Enable column and specify the email address used to receive the alert emails. |
||
NOTE: If a global email address for receiving all alert emails is configured in the To Email Address field, it will be displayed in the Send to Email Address field for all categories.