Configuring Alerts for Security Group Member and Security Group Events (asg alert)

The asg alert command is an interactive wizard you can use to configure alerts for Security GroupClosed A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. Member and Site events.

These events include hardware failure, recovery, and performance-related events. You can create other general events.

An alert is sent when an event occurs, for example, when the value of a hardware resource is greater than the threshold.

The alert message includes the Site ID, Security Group Member ID, and/or unit ID.

The wizard has these options:

Option

Description

Full Configuration Wizard

Creates a new alert.

Edit Configuration

Changes an existing alert.

Show Configuration

Shows existing alert configurations.

Run Test

Runs a test simulation to make sure that the alert works correctly.

To create or change an alert:

Step Instructions

1

Run in Gaia gClishClosed The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group. of a Security Group:

asg alert

2

Select Full Configuration Wizard or Edit Configuration.

3

Select and configure these parameters as prompted by the wizard:

  • SMS

  • Email

  • SNMP

SMS Alert Configuration

Parameter

Description

SMS provider URL

Fully qualified URL to your SMS provider.

HTTP proxy and port

Optional. Configure only if the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. requires a proxy server to reach the SMS provider.

SMS rate limit

Maximum number of SMS messages sent per hour. If there are too many messages, they can be combined together.

SMS user text

Custom prefix for SMS messages.

Email Alert Configuration

Parameter

Description

SMTP server IP

One or more SMTP servers to which the email alerts are sent.

Email recipient addresses

One or more recipient email address for each SMTP server.

Periodic connectivity checks

Tests run periodically to confirm connectivity with the SNMP servers. If there is no connectivity, alert messages are saved and sent in one email when connectivity is restored.

Interval

Interval, in minutes, between connectivity tests.

Sender email address

Email address of the sender for alerts.

Subject

Subject header text for the email alert.

Body text

User defined text for the alert message.

SNMP Alert Configuration

Define one or more SNMP managers to get SNMP traps sent from the Security Gateway.

For each manager, configure these parameters:

SNMP Alert Parameters

Description

SNMP manager name

Unique name for the SNMP manager

SNMP manager IP

IP address of the SNMP Manager (trap receiver)

SNMP version

SNMP version (v2c, v3)

SNMP v3 user name

User name for SNMP v3 authentication

SNMP v3 security level

Security level for SNMP v3 authentication

SNMP v3 engine ID

Unique SNMP v3 engine ID used by your system

The default is 0x80000000010203EA

SNMP v3 authentication protocol

Authentication protocol (MD5 or SHA) for SNMP v3 authentication

SNMP v3 authentication password

Authentication password for SNMP v3 authentication

SNMP v3 privacy protocol

Privacy protocol (DES or AES) for SNMP v3 authentication

SNMP v3 privacy password

Privacy password for SNMP v3 authentication

SNMP user text

Custom text for SNMP trap messages

SNMP community string

Community name

Notes:

  • Based on the settings, some parameters do not show.

  • There are no configurable parameters for log alerts.

System Event Types

System event types are:
-----------------------------------
1       | SGM State
2       | Chassis State
3       | Port State
4       | Diagnostics
5       | Memory Leak Detection
6       | LSP Monitor Port State Change
7       | VS Monitor State Change
Hardware Monitor events:
8       | Fans
9       | SSM
10      | CMM
11      | Power Supplies
12      | CPU Temperature
Performance events:
13      | Concurrent Connections
14      | Connection Rate
15      | Packet Rate
16      | Throughput
17      | CPU Load
18      | Hard Drive Utilization
19      | Memory Utilization
 
Please choose event types for which to send alerts: [all]
(format: all or 1,4 or 1,3-7,10)n

You can select one or more event types:

  • One event type.

  • A comma-delimited list of more than one event type.

  • All event types.