Example: escalating alerts to specific administrators and sites

You can escalate alerts to specified locations and administrators, as shown in the following example.

Company B has two sites, a branch office (BO) and a headquarters (HQ) site, which both have their own administrators. Both sites have a Firewall and a Log Server, and the shared Management Server is at the HQ site. Domains are not used, so all elements are in the Shared Domain. The administrators decide to set up alert escalation.

For the most severe alert entries, alerts are sent as an SMS text message to the shared mobile phone each site has for the administrator on duty. If the administrator at one site does not acknowledge the alert entry within 15 minutes, the alert notification is sent to the administrator at the other site.

For less severe alert entries, the alerts are only escalated to the site where the alert entry is created. At first, the less severe notifications are sent only through a User Notification in the Management Client. After an hour, the alert notification is sent as an SMS text message to the shared mobile phone of the site where the alert entry is created.

The administrators:

Create new Alert Chains for high-severity and low-severity alert entries for both the HQ and the BO sites. There are four Alert Chains in total.

“HQ Important Alerts” contains the following rules:

Channel	Destination	Delay
SMS	[Phone number for HQ shared mobile phone]	15 min
SMS	[Phone number for BO shared mobile phone]

“HQ Minor Alerts” contains the following rules:

Channel	Destination	Delay
User Notification	HQ Administrator A HQ Administrator B [other administrators]	60 min
SMS	[Phone number for HQ shared mobile phone]

Channel

Destination

Delay

User Notification

HQ Administrator A

HQ Administrator B

[other administrators]

60 min

SMS

[Phone number for HQ shared mobile phone]

The “BO Important Alerts” and “BO Minor Alerts” Alert Chains are the same as the HQ Alert Chains, but with the BO Administrators and a different phone number.

Create an Alert Policy with the following rules:

Sender	Alert and Situation	Severity	Chain
HQ Firewall HQ Log Server Management Server	ANY	High... Critical	HQ Important Alerts
HQ Firewall HQ Log Server Management Server	ANY	Info...Low	HQ Minor Alerts
BO Firewall BO Log Server	ANY	High...Critical	BO Important Alerts
BO Firewall BO Log Server	ANY	Info...Low	BO Minor Alerts

Configure SMS Notification in the Management Server’s properties.
Install the new Alert Policy on the Shared Domain.