Example: escalating alerts to specific administrators and sites
You can escalate alerts to specified locations and administrators, as shown in the following example.
Company B has two sites, a branch office (BO) and a headquarters (HQ) site, which both have their own administrators. Both sites have a Firewall and a Log Server, and the shared Management Server is at the HQ site. Domains are not used, so all elements are in the Shared Domain. The administrators decide to set up alert escalation.
For the most severe alert entries, alerts are sent as an SMS text message to the shared mobile phone each site has for the administrator on duty. If the administrator at one site does not acknowledge the alert entry within 15 minutes, the alert notification is sent to the administrator at the other site.
For less severe alert entries, the alerts are only escalated to the site where the alert entry is created. At first, the less severe notifications are sent only through a User Notification in the Management Client. After an hour, the alert notification is sent as an SMS text message to the shared mobile phone of the site where the alert entry is created.
The administrators:
- Create new Alert Chains for high-severity and low-severity alert entries for both the HQ and the BO sites. There are four Alert Chains in total.
“HQ Important Alerts” contains the following rules:
Channel Destination Delay SMS [Phone number for HQ shared mobile phone] 15 min SMS [Phone number for BO shared mobile phone] “HQ Minor Alerts” contains the following rules:
Channel Destination Delay User Notification HQ Administrator A
HQ Administrator B
[other administrators]
60 min SMS [Phone number for HQ shared mobile phone] The “BO Important Alerts” and “BO Minor Alerts” Alert Chains are the same as the HQ Alert Chains, but with the BO Administrators and a different phone number.
- Create an Alert Policy with the following rules:
Sender Alert and Situation Severity Chain HQ Firewall
HQ Log Server
Management Server
ANY High... Critical HQ Important Alerts HQ Firewall
HQ Log Server
Management Server
ANY Info...Low HQ Minor Alerts BO Firewall
BO Log Server
ANY High...Critical BO Important Alerts BO Firewall
BO Log Server
ANY Info...Low BO Minor Alerts - Configure SMS Notification in the Management Server’s properties.
- Install the new Alert Policy on the Shared Domain.