Setup email notification in Firepower

tstrode01 · ‎04-03-2018

Hello,

I am having an issue setting up the email notifications in Firepower. Every time I test I get "Failed to send message, check your settings," but I am unsure which setting(s) are incorrect. I followed the steps in the system config guide.

chenchq · ‎11-22-2018

Has the problem been solved

Yordan Yordanov · ‎04-24-2020

Hi,

How do you solved the issue.?

i have the same problem. I tried with all ports - without success

Marvin Rhoads · ‎04-24-2020

Depending on your email server the FMC may need to be whitelisted as an accepted host.

Otherwise it's a straightforward setup and uses smtp (tcp/25).

jasonwmartin · ‎06-15-2020

Q. Is FMC required for email notifications?

FYI, I'm managing from ASDM, no FMC...I would guess original poster & follow-up from April 2020 are the same.

Marvin Rhoads · ‎06-15-2020

A Firepower service module on ASA doesn't have any built-in email capability. The parent ASA does and one can configure the Firepower service module related syslog events to trigger an email. That can be done in ASDM or from the cli.

FTD running on ASA and locally managed with Firepower Device Manager (or CDO) does not have email capabilities (as far as I know).

Both Firepower service modules and FTD software, when managed by FMC, can have events that trigger email notification and those are defined and configured completely in FMC.

jasonwmartin · ‎06-17-2020

Thanks Marvin. I find it strange the option to configure e-mail notifications is available from the ASDM...if it doesn't have the ability, why include the option to configure?

Of course, everything about configuring & managing this module is strange to me. Have to upload a boot image to the disk first, start a console session from the boot image that then downloads & installs the package from somewhere else (in internal web server). The to manage, one slight configuration change has to be deployed...which takes forever.

IMHO, got to be better solutions out there...

Marvin Rhoads · ‎06-17-2020

The email setup in ASDM I'm thinking of is for ASA syslog messages.(Configuration > Device Management > Logging > E-Mail Setup).

Or are you referring to another one?

jasonwmartin · ‎06-19-2020

Configuration > ASA FirePOWER Configuration > Local > System Policy

Marvin Rhoads · ‎06-19-2020

Ah OK - I see what you mean. I had forgotten they included that option since I almost never deploy ASDM-managed Firepower service modules. I think I've done it perhaps twice in the past 4 years.

Anyhow - you should be able to setup an email server there and test it. Is that not working for you? The source of the emails should be the Firepower service module address.

jasonwmartin · ‎06-22-2020

"source of the emails should be the Firepower service module address" - meaning the From address? I've tried countless combinations though none have worked. Have open case with Cisco TAC but very, very slow response.

FYI, my internal SMTP relay server never shows an attempted connection from sfr. Relay server works, many other internal sources (UPS notices, temp/humidity monitors for server room, etc.) so it's not that...relaying allowed for all internal IPs.

Marvin Rhoads · ‎06-22-2020

I as referring to the source IP address (in case you need to whitelist it in your server). You can check connectivity by accessing the mail server from the module cli (telnet to the server address on port 25 (smtp).)

jasonwmartin · ‎06-22-2020

Source IP is whitelisted, whole internal 192.168.0.0/22 subnet is. Didn't know telnet client was on cli, thanks for tip...will test shortly.

jasonwmartin · ‎06-22-2020

Telnet to SMTP relay worked fine...must be something within the sfr then.

Marvin Rhoads · ‎06-22-2020

Indeed.

What you just did from cli is what it should be doing as a result of the "Test Mail Server Settings" in GUI setup you shared earlier.