Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=notification-settings

Notification settings

You can configure email notifications for system-generated events and reports. You can use either the built-in mail server or an external mail server.

To send and receive notification emails, you must configure a mail server and specify the email settings.

Set up built-in email server

To use the built-in email server to send notifications, do as follows:

  1. Click Administration > Notification settings.
  2. Turn on Built-in email server.
  3. Configure your email settings.

Set up an external mail server

To use an external mail server to send notifications, do as follows:

  1. Click Administration > Notification settings.
  2. Select External email server.
  3. Specify the mail server IPv4 address or FQDN and the port number. Default port: 25.

  4. In Authentication, select the authentication type for alert emails.

    For step-by-step instructions, click the tab for your authentication type below.

    If you select None, authentication is turned off for email alerts.

    The firewall uses only a username and password to authenticate users.

    Warning

    Gmail and Microsoft 365 will soon stop supporting basic authentication. We recommend that you update your Gmail and Microsoft 365 configurations to use OAuth 2.0. The feature is available in SFOS 21.0 MR2 and later.

    Specify the Username and Password.

    Note

    The username is case-sensitive.

    The firewall uses OAuth 2.0 to authenticate users for alert emails. OAuth 2.0 is a secure, flexible authorization framework that provides delegated access to user data using tokens and granular permissions.

    In SFOS 21.0 MR2 and later, you must select this option if your mail server is Gmail or Microsoft 365.

    To use OAuth 2.0, do as follows:

    1. In Provider, select your mail server. For example, Gmail or Microsoft 365.
    2. In Client ID, enter your mail server's client ID.

    3. In Client secret, enter your mail server's client secret.

      This setting is optional for Microsoft 365.

    4. In Refresh token, enter your mail server's refresh token.

    To get the Client ID, Client secret, and Refresh token, see one of the following links, depending on your mail server:

  5. Select the Connection security mode. This secures connections between the SMTP client and the mail server. The certificate used by Sophos Firewall depends on the email mode and connection security mode.

    Setting Description
    None Sends notifications in plain text.
    STARTTLS Follows the mail server’s security preference. If the mail server responds with STARTTLS, a secure (SSL/TLS) connection is established. If the mail server responds with none, notifications are sent in plain text.
    In MTA mode, Sophos Firewall uses the certificate specified in Email > General settings.
    In legacy mode, you can select a certificate under Administration > Notification settings. If you don't select a certificate, Sophos Firewall uses the certificate specified in Email > General settings.
    SSL/TLS Sends notifications through SSL/TLS connections. Sophos Firewall uses the certificate specified in Email > General settings.

    Note

    To continue to allow notifications to mail servers that have invalid certificates, select Allow invalid certificate in Email > General settings. We recommend that you don’t allow connections with an invalid certificate.

  6. Now configure your email settings.

Configure email settings

To configure your email settings, do as follows:

  1. Enter the sender and recipient email addresses.

  2. Select an interface from the Management interface IP address list. The IP address of the selected interface is sent in email notifications.

    You can specify a physical, bridge, or LAG interface. The list shows only interfaces to which you’ve assigned IP addresses.

    If you’ve deployed more than one Sophos Firewall, the IP address helps you identify the management interface from which a notification is sent. If you’ve deployed only one, you can select None.

  3. You now need to turn on email notifications. To do this, go to System services > Notification list.

More resources