Focus

Configure Email Alerts

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Configure Log Forwarding

Use Syslog for Monitoring

Configure Email Alerts

Where Can I Use This?	What Do I Need?
NGFW (Managed by Strata Cloud Manager) NGFW (Managed by PAN-OS or Panorama)	AIOps for NGFW Premium license (use the Strata Cloud Manager app)

You can configure email alerts for log types, such as System, Config, HIP Match, Correlation, Threat, WildFire Submission, and Traffic logs. For each log type, you can set up separate email profiles, allowing you to send notifications to different email servers based on the log type. To ensure high availability, you can define multiple servers (up to four) within a single profile. If one server fails or becomes unreachable, the system attempts to send the alert through the next available server.

It is a best practice to enable transport layer security (TLS). This requires the firewall to authenticate with the email server before the firewall relays email to the server. Using TLS helps prevent malicious activities, such as Simple Mail Transfer Protocol (SMTP) relay attacks. Additionally, TLS helps to prevent email spoofing, which is commonly used in phishing attacks.

PAN-OS & Panorama

Configure Email Alerts PAN-OS

(Required for SMTP over TLS) If you have not already done so, create a certificate profile for the email server.
Select DeviceServer ProfilesEmail.
Add an email server profile and enter a Name.
From the read-only window that appears, Add the email server and enter a Name.
If the firewall has more than one virtual system (vsys), select the Location (vsys or Shared) where this profile is available.
(Optional) Enter an Email Display Name to specify the name to display in the From field of the email.
Enter the email address From which the firewall sends emails.
Enter the email address To which the firewall sends emails.
(Optional) If you want to send emails to a second account, enter the address of the Additional Recipient. You can add only one additional recipient. For multiple recipients, add the email address of a distribution list.
Enter the IP address or hostname of the Email Gateway to use for sending emails.
Select the Type of protocol to use to connect to the email server:
- Unauthenticated SMTP—Use SMTP to connect to the email server without authentication. The default Port is 25, but you can optionally specify a different port. This protocol does not provide the same security as SMTP over TLS, but if you select this protocol, skip the next step.
- SMTP over TLS—(Recommended) Use TLS to require authentication to connect to the email server. Continue to the next step to configure the TLS authentication.
(SMTP over TLS only) Configure the firewall to use TLS authentication to connect to the email server.
1. (Optional) Specify the Port to use to connect to the email server (default is 587).
2. TLS Version—Specify the TLS version (1.1 or 1.2).
  
  Palo Alto Networks strongly recommends using the latest TLS version.
3. Select the Authentication Method for the firewall and the email server:
  Auto—Allow the firewall and the email server to determine the authentication method.
  Login—Use Base64 encoding for the username and password and transmit them separately.
  Plain—Use Base64 encoding for the username and password and transmit them together.
4. Select a Certificate Profile to authenticate with the email server.
5. Enter the Username and Password of the account that sends the emails, then Confirm Password.
6. (Optional) To confirm that the firewall can successfully authenticate with the email server, you can Test Connection.
Click OK to save the Email server profile.
(Optional) Select the Custom Log Format tab and customize the format of the email messages. For details on how to create custom formats for the various log types, refer to the Common Event Format Configuration Guide.
Configure email alerts for Traffic, Threat, and WildFire Submission logs.
1. See Create a Log Forwarding profile.
  Select ObjectsLog Forwarding, click Add, and enter a Name to identify the profile.
  For each log type and each severity level or WildFire verdict, select the Email server profile and click OK.
2. See Assign the Log Forwarding profile to policy rules and network zones.
Configure email alerts for System, Config, HIP Match, and Correlation logs.
1. Select DeviceLog Settings.
2. For System and Correlation logs, click each Severity level, select the Email server profile, and click OK.
3. For Config and HIP Match logs, edit the section, select the Email server profile, and click OK.
4. Click Commit.

Configure Log Forwarding

Use Syslog for Monitoring

Next-Generation Firewall Docs

Configure Email Alerts

Next-Generation Firewall Docs

Configure Email Alerts

Configure Email Alerts PAN-OS

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner