Receiving alerts from NG Firewall

Overview

NG Firewall sends alert messages in a variety of ways: through ETM Dashboard; via remote syslog to a syslog server; and directly, through its own built-in email daemon. 

ETM Dashboard

Alerts generated by NG Firewall are sent to your ETM Dashboard account and can be automatically relayed from there. You can configure various delivery methods for ETM Dashboard's alerts: email, configurable webhooks (including Slack and Pagerduty), and push notifications to our Untangle Go mobile app. See Managing notification profiles to set up your notification profiles.

We recommend using ETM Dashboard's alert relay system as your primary alert delivery method. This article goes into greater detail about setting up this functionality: Creating an alert rule from an event

Syslog

Remote syslog configuration is found in Config > Admin > Syslog. For more details on setting up remote syslog, refer to: NG Firewall Events Configuration - Syslog.

SMTP email

If email alerts are not arriving in your inbox as expected, this article presents some things you can check on. Note that SMTP email delivery can also be unreliable in and of itself, which is why we recommend using an alternative method whenever possible.

Email server settings

NG Firewall's email daemon is used to send alert messages as well as Reports emails and quarantine notifications. If you have noticed delivery issues with all these features, check your outgoing email server configuration in Config > Email > Outgoing Server. 

Outgoing server: cloud hosted email relay

Note: The relay server has been decommissioned and this option is no longer functional for any version of NG Firewall. It will be removed from the UI after version 17.1.

This is the default setting for NG Firewall. If you have not changed it from that default, you will need to change it to another setting as using it can cause problems with the NG Firewall UI.

Outgoing server: send directly

This option has no configuration options. 

Outgoing server: specified SMTP server

If you are using a specified SMTP server, verify:

• the server address & port setting are correct for your SMTP server
• if the "use authentication" box is checked, verify that the credentials are correct
• that these settings match those on the SMTP server itself
• connectivity to the SMTP server from NG Firewall
• that the SMTP server is accepting email traffic from NG Firewall

Other issues

If all settings are correct, the issue may be caused by something outside of NG Firewall. In rare instances, there may be a problem with NG Firewall's email daemon.

Upstream blocking

If NG Firewall is located downstream of another router or firewall — any other device that may be restricting or filtering traffic — it is possible that that device is blocking outgoing SMTP traffic. Check that device's settings to ensure it is not restricting traffic originating from NG Firewall.

In some cases, ISPs themselves may be blocking SMTP traffic. Contact your provider to determine if this is the case.

Email daemon issues

These issues cannot be troubleshot via the NG Firewall GUI. We recommend contacting the ETM Support team for assistance.