Notifications

The firewall can notify administrators of important events and errors by displaying an alert in the menu bar, indicated by the fa-bell icon.

In addition to GUI notifications, the firewall also supports the following remote notification methods:

General Settings

Certificate Expiration

When set, the firewall will issue notifications when certificates approach their expiration date, so that administrators can take corrective action to renew or replace them. Notifications are also sent for expired certificates.

The expiration times are checked daily, and notifications are displayed in the GUI and sent remotely.

Certificate Expiration Threshold

The value, in days, at which certificates are considered to be approaching their expiration date.

The default value is currently 27 days. Certificates from Let’s Encrypt (ACME package) typically renew when they have around 30 days before they expire. The default value is long enough that it does not notify unnecessarily, but with enough time left that problems can be corrected.

Tip

If certificates are imported into the firewall from third party sources which take longer to process, increase this value sufficiently to give administrators enough notice to obtain an updated replacement certificate before the expiration date.

SMTP E-mail

E-mail notifications are delivered by a direct SMTP connection to a mail server. The server must be configured to allow relaying from the firewall or accept authenticated SMTP connections.

Disable SMTP

When checked, the firewall will not send SMTP notifications. This is useful to silence notifications while keeping SMTP settings in place for use by other purposes such as packages that utilize e-mail.

E-mail server

The hostname or IP address of the e-mail server through which the firewall will send notifications.

SMTP Port of E-mail server

The port to use when communicating with the SMTP server. The most common ports are 25 and 587.

In many cases, 25 will not work unless it is to a local or internal mail server. Providers frequently block outbound connections to port 25, so use 587 (the Submission port) when possible.

Connection Timeout to E-Mail Server

The length of time, in seconds, that the firewall will wait for an SMTP connection to complete.

Secure SMTP Connection

When set, the firewall will attempt an SSL/TLS connection when sending e-mail. The server must accept SSL/TLS connections or support STARTTLS.

Validate SSL/TLS

When set, the certificate presented by the mail server is checked for validity against the root certificates trusted by the firewall. Ensuring this validity is the best practice.

In some rare cases a mail server may have a self-signed certificate or a certificate that otherwise fails validation. Unchecking this option will allow notifications to be sent to these servers using SSL/TLS. In this case, communication is still encrypted, but the identity of the server cannot be validated.

From e-mail address

The e-mail address for the From: header in notification messages, which specifies the source. Some SMTP servers attempt to validate this address so the best practice is to use a real address in this field. This is commonly set to the same address as Notification E-mail address.

Notification E-mail address

The e-mail address for the To: header of the message, which is the destination where the notification e-mails will be delivered by the firewall.

Notification E-Mail Auth Username

Optional. If the mail server requires a username and password for authentication, enter the username here.

Notification E-Mail Auth Password

Optional. If the mail server requires a username and password for authentication, enter the password here and in the confirmation field.

Notification E-mail Auth Mechanism

This field specifies the authentication mechanism required by the mail server. The majority of e-mail servers work with PLAIN authentication, others such as MS Exchange may require LOGIN style authentication.

Note

In 2022 Google has started phasing out access to SMTP Submission and other similar services using the account username and password directly. To access these services Google has deemed “less secure” after the change, the user must enable 2-Step Verification for their Google account and then create an App Password which can authenticate with these services.

Click fa-save Save at the bottom of the page to store the settings before proceeding.

Click fa-send Test SMTP Settings to generate a test notification and send it via SMTP using the previously stored settings. Save settings before clicking this button.

Startup/Shutdown Sound

If the firewall hardware has a PC speaker, it will play a sound when startup finishes and again when a shutdown is initiated.

Check Disable the startup/shutdown beep to prevent the firewall from playing these sounds.

Telegram

The notification system supports the Telegram API which can send notifications to desktops and mobile devices, among others.

Note

Using the Telegram API requires a Telegram Bot and its associated API key.

Enable Telegram

When set, the firewall will attempt to send remote notifications using the Telegram API and the settings in this section.

API Key

Required. The Telegram Bot API key the firewall will use to authenticate with the Telegram API server.

Chat ID

The destination for the notifications. This can be a chat ID number for private notifications, or a channel @username for public notifications.

Click fa-save Save at the bottom of the page to store the settings before proceeding.

Click fa-send Test Telegram Settings to generate a test notification and send it using the Telegram API with the previously stored settings. Save settings before clicking this button.

Pushover

The notification system supports the Pushover API which can send notifications to desktops and mobile devices, among others.

Note

Using the Pushover API requires a Pushover account user key and API key (Pushover Registration).

Enable Pushover

When set, the firewall will attempt to send remote notifications using the Pushover API and the settings in this section.

API Key

Required. The Pushover API Key (Pushover Registration) the firewall will use to authenticate with the Pushover API server.

User Key

Required. The User Key (Pushover Registration) of the Pushover account to which the API Key belongs.

Notification Sound

The notification sound that the end user device (Phone, etc) will play when notification messages are sent by the firewall.

See also

For a list of sounds and audio, see the Pushover API Notification Sounds Documentation.

Message Priority

The message priority for firewall notifications.

Note

For more information about the priorities and their meanings, see the Pushover API Priority Documentation.

The following priorities are available:

Normal

Default setting. May trigger sound, vibration, and notification display depending on the user settings and client platform.

Lowest

No sound or vibration, but increases the notification count on some platforms.

Low

No sound or vibration. May trigger a notification display depending on the user settings and client platform.

High

Always play sound and vibrate. Bypasses pre-set quiet hours. Notification display is highlighted in red.

Emergency

Similar to High priority, but the notification is repeated until acknowledged by the user.

Emergency Priority Notification Retry Interval

The amount of time, in seconds, the Pushover servers will send the same notification for Emergency priority notifications until the notification is acknowledged.

This parameter must have a value of at least 30 seconds between retries. Default is 60 seconds (1 minute).

Emergency Priority Notification Expiration

The duration, in seconds, for which Emergency priority notifications will be retried until the notification is acknowledged. Notifications will be resent at intervals determined by the value of Emergency Priority Notification Retry Interval.

This parameter must have a maximum value of at most 10800 seconds (3 hours). Default is 300 seconds (5 minutes).

Click fa-save Save at the bottom of the page to store the settings before proceeding.

Click fa-send Test Pushover Settings to generate a test notification and send it using the Pushover API with the previously stored settings. Save settings before clicking this button.