Notification settings

Configure a mail server and email settings to send and receive alert emails.

  1. Mail server settings

    Click to Send notifications via:

    Built-in email server

    Select if you want to use the built-in email server in XG Firewall to send system-generated emails.

    External email server

    Select to configure an external email server to send system-generated emails.
    1. Specify the Mail server IPv4 address/FQDN and the port number. Default port: 25
    2. Select Authentication required to authenticate the user before sending an email. Specify Username and Password.
    3. Select the Connection security mode to use between SMTP client and server.
      • None: Sends notifications over unencrypted connection
      • STARTTLS: Follows the mail server’s security preference
      • SSL/TLS: Enforces this encryption
    4. Select the Certificate based on email settings:
      • Legacy mode: Select the certificate here for encrypted connection security.
      • MTA mode: TLS certificate specified in email general settings will apply.
      Note To continue to allow notifications to mail servers that have invalid certificates, select Allow invalid certificate in email general settings. We recommend that you don’t allow connections with an invalid certificate.
  2. Email settings
    1. Enter the sender and recipient email addresses.
    2. For Management interface IP address, select an interface from the list. The IP address of the selected interface is sent in email notifications.
      Note You can specify a physical, bridge, or LAG interface. Shows only interfaces to which you’ve assigned IP addresses.
      Tip If you’ve deployed more than one XG Firewall, the IP address helps you identify the management interface from which a notification is sent. If you’ve deployed only one, you can select None.
  3. Email notification
    1. Select IPsec tunnel up/down to enable receipt of email notifications if IPsec VPN tunnel connectivity is lost.
    2. Email alerts are sent to the configured email address. An email is sent only when host-to-host and site-to-site tunnel connections are disconnected for one of the following reasons:
      • A peer is found dead (DPD)
      • Failed to re-establish connection after Dead Peer Detection (DPD)
      • IPsec Security Association (SA) has expired and needs to be re-established.
      • IPsec tunnel comes up without administrator intervention after losing connectivity.
      Note
      • For site-to-site connections with multiple local/remote networks, an email is sent for each subnet pair.
      • Description of IPsec tunnel connection is included in the email only if the administrator has provided the information.
      • Emails are sent at an interval of 60 seconds to reduce the number of emails. Events that happen within an interval are sent in a single email.
    3. Click Apply.
  4. Test mail
    1. Click to preview and edit the email address details.
    2. Click Send.
    Note For connection security settings to take effect, you must click Apply before you click Test mail.
    Note You can check the delivery status of the test mail on the following pages:
    • MTA mode: Mail spool and mail logs
    • Legacy mode: Log viewer
    Tip To debug failed notifications, check the file smtpd_main.log.
    Note Mail server configuration changes automatically when the changes are made from the network configuration wizard and vice versa.