Notifications¶
The firewall can notify administrators of important events and errors by
displaying an alert in the menu bar, indicated by the 
icon.
In addition to GUI notifications, the firewall also supports the following notification methods:
Local via LED indicators on supported hardware (not configurable)
Local via Sounds using a PC speaker
Remote via E-mail using SMTP
Remote via Telegram notification API
Remote via Pushover notification API
Remote via Slack notification API
General Settings¶
- Certificate Expiration:
When set, the firewall will issue notifications as CA and certificate entries approach their expiration date so that administrators can take corrective action to renew or replace them. Notifications are also sent for expired entries.
Expiration times are checked daily, and notifications are displayed in the GUI and sent remotely.
- Ignore Revoked:
When set, the firewall will not send notifications for expired certificate entries which have been revoked in at least one CRL.
- Certificate Expiration Threshold:
The value, in days, at which CA and certificate entries are considered to be approaching their expiration date.
The default value is currently
27days. Certificates from Let’s Encrypt (ACME package) typically renew when they have around 30 days before they expire. The default value is long enough that it does not notify unnecessarily, but with enough time left that problems can be corrected.Tip
If certificates are imported into the firewall from third party sources which take longer to process, increase this value sufficiently to give administrators enough notice to obtain an updated replacement certificate before the expiration date.
SMTP E-mail¶
E-mail notifications are delivered by a direct SMTP connection to a mail server. The server must be configured to allow relaying from the firewall or accept authenticated SMTP connections.
- Disable SMTP:
When checked, the firewall will not send SMTP notifications. This is useful to silence notifications while keeping SMTP settings in place for use by other purposes such as packages that utilize e-mail.
- E-mail server:
The hostname or IP address of the e-mail server through which the firewall will send notifications.
- SMTP Port of E-mail server:
The port to use when communicating with the SMTP server. The most common ports are
25and587.In many cases,
25will not work unless it is to a local or internal mail server. Providers frequently block outbound connections to port25, so use587(the Submission port) when possible.- Connection Timeout to E-Mail Server:
The length of time, in seconds, that the firewall will wait for an SMTP connection to complete.
- Secure SMTP Connection:
When set, the firewall will attempt a direct SSL/TLS connection when sending e-mail. The server must accept SSL/TLS connections on the configured port.
Warning
This option is not compatible with ports that utilize plain text and switch to TLS after using STARTTLS (e.g. 25, 587).
Note
When this option is not checked, the firewall will still automatically attempt to use STARTTLS to setup a secure TLS communications channel on ports 25 and 587 when authentication is configured.
- Validate SSL/TLS:
When set, the certificate presented by the mail server is checked for validity against the root certificate authorities trusted by the firewall. Ensuring this validity is the best practice.
In some rare cases a mail server may have a self-signed certificate or a certificate that otherwise fails validation. Unchecking this option will allow notifications to be sent to these servers using SSL/TLS. In this case, communication is still encrypted, but the identity of the server cannot be validated.
- From e-mail address:
The e-mail address for the
From:header in notification messages, which specifies the source. Some SMTP servers attempt to validate this address so the best practice is to use a real address in this field. This is commonly set to the same address as Notification E-mail address.- Notification E-mail address:
The e-mail address(es) for the
To:header of the message, which is the destination where the notification e-mails will be delivered by the firewall.Note
This field supports multiple addresses separated by a comma, for example:
me@example.com,otheradmin@example.com.- Notification E-Mail Auth Username:
Optional. If the mail server requires a username and password for authentication, enter the username here.
- Notification E-Mail Auth Password:
Optional. If the mail server requires a username and password for authentication, enter the password here and in the confirmation field.
- Notification E-mail Auth Mechanism:
This field specifies the authentication mechanism required by the mail server. The majority of e-mail servers work with PLAIN authentication, others such as MS Exchange may require LOGIN style authentication.
Note
In 2022 Google phased out access to SMTP Submission and other similar services using the account username and password directly. To access these services Google has deemed “less secure”, the user must enable 2-Step Verification for their Google account and then create an App Password which can authenticate with these services.
Click 
Save at the bottom of the page to store the settings before
proceeding.
Click 
Test SMTP Settings to generate a test notification
and send it via SMTP using the previously stored settings. Save settings before
clicking this button.
Sounds¶
Console Bell¶
When checked, emergency log messages, such as from a GUI login, will trigger a bell in connected consoles including serial terminals. On devices with a speaker, such messages can trigger an audible beep.
Startup/Shutdown Sound¶
If the firewall hardware has a PC speaker, it will play a sound when startup finishes and again when a shutdown is initiated.
Check Disable the startup/shutdown beep to prevent the firewall from playing these sounds.
Telegram¶
The notification system supports the Telegram API which can send notifications to desktops and mobile devices, among others.
Note
Using the Telegram API requires a Telegram Bot and its associated API key.
- Enable Telegram:
When set, the firewall will attempt to send remote notifications using the Telegram API and the settings in this section.
- API Key:
Required. The Telegram Bot API key the firewall will use to authenticate with the Telegram API server.
- Chat ID:
The destination for the notifications. This can be a chat ID number for private notifications, or a channel
@usernamefor public notifications.
Click Save at the bottom of the page to store the settings before
proceeding.
Click Test Telegram Settings to generate a test
notification and send it using the Telegram API with the previously stored
settings. Save settings before clicking this button.
Pushover¶
The notification system supports the Pushover API which can send notifications to desktops and mobile devices, among others.
Note
Using the Pushover API requires a Pushover account user key and API key (Pushover Registration).
- Enable Pushover:
When set, the firewall will attempt to send remote notifications using the Pushover API and the settings in this section.
- API Key:
Required. The Pushover API Key (Pushover Registration) the firewall will use to authenticate with the Pushover API server.
- User Key:
Required. The User Key (Pushover Registration) of the Pushover account to which the API Key belongs.
- Notification Sound:
The notification sound that the end user device (Phone, etc) will play when notification messages are sent by the firewall.
See also
For a list of sounds and audio, see the Pushover API Notification Sounds Documentation.
- Message Priority:
The message priority for firewall notifications.
Note
For more information about the priorities and their meanings, see the Pushover API Priority Documentation.
The following priorities are available:
- Normal:
Default setting. May trigger sound, vibration, and notification display depending on the user settings and client platform.
- Lowest:
No sound or vibration, but increases the notification count on some platforms.
- Low:
No sound or vibration. May trigger a notification display depending on the user settings and client platform.
- High:
Always play sound and vibrate. Bypasses pre-set quiet hours. Notification display is highlighted in red.
- Emergency:
Similar to High priority, but the notification is repeated until acknowledged by the user.
- Emergency Priority Notification Retry Interval:
The amount of time, in seconds, the Pushover servers will send the same notification for Emergency priority notifications until the notification is acknowledged.
This parameter must have a value of at least
30seconds between retries. Default is60seconds (1 minute).- Emergency Priority Notification Expiration:
The duration, in seconds, for which Emergency priority notifications will be retried until the notification is acknowledged. Notifications will be resent at intervals determined by the value of Emergency Priority Notification Retry Interval.
This parameter must have a maximum value of at most
10800seconds (3 hours). Default is300seconds (5 minutes).
Click Save at the bottom of the page to store the settings before
proceeding.
Click Test Pushover Settings to generate a test
notification and send it using the Pushover API with the previously stored
settings. Save settings before clicking this button.
Slack¶
The notification system supports the Slack API which can send notifications to Slack channels.
Note
Using the Slack API requires a Slack API key (Slack API Registration).
- Enable Slack:
When set, the firewall will attempt to send remote notifications using the Slack API and the settings in this section.
- API Key:
Required. The Slack API Key (Slack API Registration) the firewall will use to authenticate with Slack servers.
- Slack Channel:
The name of the Slack channel to which the firewall will send notifications (e.g.
#firewall).
Click Save at the bottom of the page to store the settings before
proceeding.
Click Test Slack Settings to generate a test notification
and send it using the Slack API with the previously stored settings. Save
settings before clicking this button.