Notifications

Notifications are sent by email or as SNMP traps.

In addition to the default notifications, XG Firewall sends notifications automatically for some events.

These notifications are sent automatically and you can’t remove them.

  • HA device role changes from standalone, primary, or auxiliary.
  • HA device status changes to faulty.
  • Virtual host status changes to up or down.
  • Changes made through the web admin console: System restart or shutdown.

Gateway status notifications

Gateway status notifications are turned on by default. To send these notifications, turn on Email notifications.

Disk usage and CPU usage notifications are sent when thresholds are met. The following table shows the details:

Notification

Threshold

Frequency

Behavior

Configuration disk usage exceeded

80 percent and above

50 seconds

Once the configuration disk usage reaches 80 percent and stays at or above this figure for 50 seconds, the first notification log is generated. Logs are generated every 50 seconds until the usage drops below 80 percent.

Signature disk usage exceeded

90 percent and above

50 seconds

Once the signature disk usage reaches 90 percent and stays at or above this figure for 50 seconds, the first notification log is generated. Logs are generated every 50 seconds until the usage drops below 90 percent.

Reports disk usage exceeded

90 percent and above

12 hours

Once the reports disk usage reaches 90 percent stays at or above this figure for 50 seconds, the first notification log is generated. Logs are generated every 12 hours until the usage drops down below 90 percent.

High CPU usage

95 percent and above

25 minutes

Once the CPU usage reaches 95 percent and stays at or above this figure for 25 minutes, the first notification log is generated. Logs are generated every 25 minutes until the usage drops down below 95 percent.

VPN notifications

VPN notifications are sent when an event occurs. These are sent at approximately 60-second intervals until the triggering event is resolved.

For site-to-site connections with more than one local and remote network, a notification is sent for each subnet pair.

Notifications include a description of the IPsec connection if the administrator enters the information in the connection settings.

IPsec notifications are sent only when host-to-host and site-to-site tunnel connections are disconnected for these reasons:

  • Dead peer detection (DPD).
  • Failed to re-establish connection after DPD.
  • IPsec Security Association (SA) expired and must be re-established.
  • After losing connectivity, the IPsec tunnel comes up without administrator intervention.