[200 H, firmware 1.37] Is the device failing to send certain email notifications?

Wojtek

I'm testing email notifications and I get the impression that the 200H isn't sending some of them.


Part 1. "Log Alert" - "DoS Prevention" notifications.

I defined a "Log Alert" that includes all "Authenticate" events and all "Security" events.
This was the only notification defined in this test.

Next, I intentionally entered incorrect login credentials into the device. Next, after logging in successfully (as an administrator), I checked the event log and the login error was indeed recorded there.

I also received an email notification about the failed login.
I did not receive a notification about a successful login (as an administrator).

Next, I performed a port scan using the "ShieldsUP!" service. The test was successful, and the port scan was logged in the event log.
However, I did not receive an email notification.

Questions:
1.1. Why didn’t I receive an email notification about a successful login as an administrator?
1.2. Why didn’t I receive an email notification about the "DoS Prevention" event?

______________________________________________________________________

Edit:

I deleted the second part of the post - it was my mistake.

And one more general question: why can only 4 "Event Notification" alerts and only 4 "Log Alert" alerts be defined?
This limitation forces me to group alerts for different events, which I would prefer to have defined separately.

Best regards,
Wojtek

Zyxel_Tina

Hi @Wojtek,

Thank you for your information!

Regarding your two questions:

1. Missing email notification for "DoS Prevention"

We would like to investigate this further by connecting remotely to your device. Could you please allow HTTPS Web GUI access from the WAN side so our team can take a look? You may follow the steps in this FAQ for guidance.

Once that is set up, please share the access details with us via private message by clicking My Account > Message.

2. The 4-alert limit for "Event Notification" and "Log Alert"

To help us better understand your needs, could you please tell us a bit more about the following?

• What is your specific use case?
• At minimum, how many alert entries would be sufficient for your use case?

In the meantime, please note that alert notifications can also be configured on Nebula, and these settings work independently from the local GUI.

(Site-wide > Configure > Alert settings)

Therefore, if certain alert types are already available on NCC, we would recommend configuring them there instead. This way, you can save your four local GUI slots for events and categories that are only configurable locally, effectively giving you broader coverage overall.

Hope this helps, and we look forward to your reply!

Wojtek

I think I know the answer to question 1.1.

The login error was related to the user account (I entered random letters).
I received an email notification because "Log Alert" - "Authenticate" applies to users.
However, I did not receive an email notification about a successful login as an administrator, because notifications regarding administrator logins must be configured in "Event Notification".
I apologize for the confusion regarding this matter.

However, I am still curious about question 1.2 and the limit of only four email notifications.

Best regards,
Wojtek

Zyxel_Tina

Hi @Wojtek,

Thank you for your information!

Regarding your two questions:

1. Missing email notification for "DoS Prevention"

We would like to investigate this further by connecting remotely to your device. Could you please allow HTTPS Web GUI access from the WAN side so our team can take a look? You may follow the steps in this FAQ for guidance.

Once that is set up, please share the access details with us via private message by clicking My Account > Message.

2. The 4-alert limit for "Event Notification" and "Log Alert"

To help us better understand your needs, could you please tell us a bit more about the following?

• What is your specific use case?
• At minimum, how many alert entries would be sufficient for your use case?

In the meantime, please note that alert notifications can also be configured on Nebula, and these settings work independently from the local GUI.

(Site-wide > Configure > Alert settings)

Therefore, if certain alert types are already available on NCC, we would recommend configuring them there instead. This way, you can save your four local GUI slots for events and categories that are only configurable locally, effectively giving you broader coverage overall.

Hope this helps, and we look forward to your reply!

Wojtek

Thank you very much for your response.

1. I’m sorry, but I do not consent to remote access to the device.
If this issue cannot be investigated without remote access, I will work without email notifications.

2. Ideally (in my opinion), it would be best if we could define as many alerts as there are event types (i.e., 7).

This would allow us to define alerts where the email notification title itself would indicate what the notification is about.
With a limit of 4 and the grouping of alerts from different categories, it is difficult to define an unambiguous email notification title.
But the information about the possibility of configuring additional alerts in NCC is sufficient for me.

Thank you again and best regards,
Wojtek