Applies To: Cloud-managed Fireboxes, Locally-managed Fireboxes
In WatchGuard Cloud, you can configure notification rules that enable WatchGuard Cloud to generate alerts and send email notifications for Firebox events. Notification rules determine which events generate alerts.
Your operator role determines what you can see and do in WatchGuard Cloud. Your role must have the Configure Notification Rules permission to view or configure this feature. For more information, go to Manage WatchGuard Cloud Operators and Roles.
On the Firebox, an alarm is an event that triggers a notification to tell a network administrator about a condition in the network. For example, a policy can generate an alarm when traffic matches, or does not match, a rule in the policy. A security service such as APT Blocker can generate an alarm when it detects a threat.
For a locally-managed Firebox, you must first configure notification settings on the Firebox. For steps, go to Configure Notification Settings on a Locally-Managed Firebox.
Cloud-managed Fireboxes automatically generate alarms when events occur. You do not have to configure notification settings on a cloud-managed Firebox.
Configure Notification Settings on a Locally-Managed Firebox
For a locally-managed Firebox to send alarms to WatchGuard Cloud, you must enable notification settings on the device. You can configure notification settings in policies and proxy actions, and for services and features that generate alarms. For example, if you want to generate an alert in WatchGuard Cloud when APT Blocker or IPS blocks a threat, configure those services to send notification.
To enable the Firebox to send an alarm notification, from Fireware Web UI or Policy Manager:
- Edit the policy, proxy action, or feature you want to receive notification for.
- In the notification settings, select:
- Fireware v12.11 and higher: Send Email Notification.
- Fireware v12.10.4 and lower: Send Notification. Then select the Email notification method.
Example: Notification settings for the IPS service, in Fireware Web UI
In the notification settings on the Firebox in Fireware v12.10.4 and lower, you must select the Email notification method, regardless of the delivery method you select in the notification rule in WatchGuard Cloud.
You must enable email notification for each service or policy that you want to receive notification for. For more information about notification settings on locally-managed Fireboxes, go to Set Logging and Notification Preferences.
Firebox Notification Types
For each
Data Retention Change
Generates an alert when the data retention license for a Firebox changes.
Device Alarms
Generates an alert for alarm events received from Fireboxes and access points. The Device Alarms rule generates device notifications for many types of alert conditions for both Firebox and access point devices. This might increase the volume of email messages you receive if the delivery method in the notification rule is Email.
Device Deleted
Generates an alert when a Firebox or access point is removed from your account.
Device Registered
Generates an alert when a Firebox or access point is added to your account.
Cloud Connection Status
Generates an alert when a Firebox or access point connects or disconnects from WatchGuard Cloud.
Device Clock Drift
Generates an alert when clock drift is detected beyond the threshold of +/- 8 hours on a Firebox or access point.
Add a Notification Rule for Fireboxes
Your operator role determines what you can see and do in WatchGuard Cloud. Your role must have the Configure Notification Rules permission to view or configure this feature. For more information, go to Manage WatchGuard Cloud Operators and Roles.
To add a new notification rule for
- Select Administration > Notifications.
- Select the Rules tab.
- Click Add Rule.
- On the Add Rule page, in the Name text box, type a name for your rule to help you identify it.
- From the Notification Source drop-down list, select
- From the Notification Type drop-down list, select the action or event that causes this rule to generate an alert.
- (Optional) Type a description for your rule.
- From the Delivery Method drop-down list, select one of these options:
- None — The rule generates an alert that appears on the Alerts page in WatchGuard Cloud.
- Email — The rule generates an alert that appears on the Alerts page in WatchGuard Cloud and sends a notification email to the specified recipients.
- If you select Email for the delivery method:
- From the Frequency drop-down list, configure how many email messages the rule can send per day:
- To send an email message for each alert the rule generates, select Send All Alerts.
- To restrict how many email messages the rule sends each day, select Send At Most. In the Alerts Per Day text box, type the maximum number of email messages this rule can send each day. You can specify a value up to 20,000 alerts per day.
- In the Subject text box, type the subject line for the email message this rule sends when it generates an alert. You can type a maximum of 78 characters.
- In the Recipients text box, type the email address for each person you want to receive an email message when this rule generates an alert. You can type multiple email addresses. Press Enter after each email address or separate the email addresses with a space, comma, or semicolon.
- From the Frequency drop-down list, configure how many email messages the rule can send per day:
- Click Add Rule.
To delete a notification rule, click
next to the rule you want to delete.
For more information on how to manage alerts, go to Manage WatchGuard Cloud Alerts.
You can view all alarms received from a Firebox in the Alarms report. For more information, go to Alarms Report.