Notifications¶
The firewall can notify administrators of important events and errors by
displaying an alert in the menu bar, indicated by the icon.
In addition to GUI notifications, the firewall also supports the following remote notification methods:
General Settings¶
- Certificate Expiration
When set, the firewall will issue notifications when certificates approach their expiration date, so that administrators can take corrective action to renew or replace them. Notifications are also sent for expired certificates.
The expiration times are checked daily, and notifications are displayed in the GUI and sent remotely.
- Certificate Expiration Threshold
The value, in days, at which certificates are considered to be approaching their expiration date.
The default value is currently
27
days. Certificates from Let’s Encrypt (ACME package) typically renew when they have around 30 days before they expire. The default value is long enough that it does not notify unnecessarily, but with enough time left that problems can be corrected.Tip
If certificates are imported into the firewall from third party sources which take longer to process, increase this value sufficiently to give administrators enough notice to obtain an updated replacement certificate before the expiration date.
SMTP E-mail¶
E-mail notifications are delivered by a direct SMTP connection to a mail server. The server must be configured to allow relaying from the firewall or accept authenticated SMTP connections.
- Disable SMTP
When checked, the firewall will not send SMTP notifications. This is useful to silence notifications while keeping SMTP settings in place for use by other purposes such as packages that utilize e-mail.
- E-mail server
The hostname or IP address of the e-mail server through which the firewall will send notifications.
- SMTP Port of E-mail server
The port to use when communicating with the SMTP server. The most common ports are
25
and587
.In many cases,
25
will not work unless it is to a local or internal mail server. Providers frequently block outbound connections to port25
, so use587
(the Submission port) when possible.- Connection Timeout to E-Mail Server
The length of time, in seconds, that the firewall will wait for an SMTP connection to complete.
- Secure SMTP Connection
When set, the firewall will attempt an SSL/TLS connection when sending e-mail. The server must accept SSL/TLS connections or support STARTTLS.
- Validate SSL/TLS
When set, the certificate presented by the mail server is checked for validity against the root certificates trusted by the firewall. Ensuring this validity is the best practice.
In some rare cases a mail server may have a self-signed certificate or a certificate that otherwise fails validation. Unchecking this option will allow notifications to be sent to these servers using SSL/TLS. In this case, communication is still encrypted, but the identity of the server cannot be validated.
- From e-mail address
The e-mail address for the
From:
header in notification messages, which specifies the source. Some SMTP servers attempt to validate this address so the best practice is to use a real address in this field. This is commonly set to the same address as Notification E-mail address.- Notification E-mail address
The e-mail address for the
To:
header of the message, which is the destination where the notification e-mails will be delivered by the firewall.- Notification E-Mail Auth Username
Optional. If the mail server requires a username and password for authentication, enter the username here.
- Notification E-Mail Auth Password
Optional. If the mail server requires a username and password for authentication, enter the password here and in the confirmation field.
- Notification E-mail Auth Mechanism
This field specifies the authentication mechanism required by the mail server. The majority of e-mail servers work with PLAIN authentication, others such as MS Exchange may require LOGIN style authentication.
Note
In 2022 Google has started phasing out access to SMTP Submission and other similar services using the account username and password directly. To access these services Google has deemed “less secure” after the change, the user must enable 2-Step Verification for their Google account and then create an App Password which can authenticate with these services.
Click Save at the bottom of the page to store the settings before
proceeding.
Click Test SMTP Settings to generate a test notification and send
it via SMTP using the previously stored settings. Save settings before clicking
this button.
Startup/Shutdown Sound¶
If the firewall hardware has a PC speaker, it will play a sound when startup finishes and again when a shutdown is initiated.
Check Disable the startup/shutdown beep to prevent the firewall from playing these sounds.
Telegram¶
The notification system supports the Telegram API which can send notifications to desktops and mobile devices, among others.
Note
Using the Telegram API requires a Telegram Bot and its associated API key.
- Enable Telegram
When set, the firewall will attempt to send remote notifications using the Telegram API and the settings in this section.
- API Key
Required. The Telegram Bot API key the firewall will use to authenticate with the Telegram API server.
- Chat ID
The destination for the notifications. This can be a chat ID number for private notifications, or a channel
@username
for public notifications.
Click Save at the bottom of the page to store the settings before
proceeding.
Click Test Telegram Settings to generate a test notification and
send it using the Telegram API with the previously stored settings. Save
settings before clicking this button.
Pushover¶
The notification system supports the Pushover API which can send notifications to desktops and mobile devices, among others.
Note
Using the Pushover API requires a Pushover account user key and API key (Pushover Registration).
- Enable Pushover
When set, the firewall will attempt to send remote notifications using the Pushover API and the settings in this section.
- API Key
Required. The Pushover API Key (Pushover Registration) the firewall will use to authenticate with the Pushover API server.
- User Key
Required. The User Key (Pushover Registration) of the Pushover account to which the API Key belongs.
- Notification Sound
The notification sound that the end user device (Phone, etc) will play when notification messages are sent by the firewall.
See also
For a list of sounds and audio, see the Pushover API Notification Sounds Documentation.
- Message Priority
The message priority for firewall notifications.
Note
For more information about the priorities and their meanings, see the Pushover API Priority Documentation.
The following priorities are available:
- Normal
Default setting. May trigger sound, vibration, and notification display depending on the user settings and client platform.
- Lowest
No sound or vibration, but increases the notification count on some platforms.
- Low
No sound or vibration. May trigger a notification display depending on the user settings and client platform.
- High
Always play sound and vibrate. Bypasses pre-set quiet hours. Notification display is highlighted in red.
- Emergency
Similar to High priority, but the notification is repeated until acknowledged by the user.
- Emergency Priority Notification Retry Interval
The amount of time, in seconds, the Pushover servers will send the same notification for Emergency priority notifications until the notification is acknowledged.
This parameter must have a value of at least
30
seconds between retries. Default is60
seconds (1 minute).- Emergency Priority Notification Expiration
The duration, in seconds, for which Emergency priority notifications will be retried until the notification is acknowledged. Notifications will be resent at intervals determined by the value of Emergency Priority Notification Retry Interval.
This parameter must have a maximum value of at most
10800
seconds (3 hours). Default is300
seconds (5 minutes).
Click Save at the bottom of the page to store the settings before
proceeding.
Click Test Pushover Settings to generate a test notification and
send it using the Pushover API with the previously stored settings. Save
settings before clicking this button.