Guidelines for external alerting with alert responses

Firewall Management Center sends alerts using alert responses. It also sends intrusion email alerts, which do not use alert responses. By contrast, SNMP and syslog alerts triggered by individual intrusion rules are sent directly by the managed devices. For more information, see External Alerting for Intrusion Events.

Depending on your Firewall Threat Defense version and device model, alert responses may not be the best way to send syslog messages. For more information, see About Syslog and .

When you create a new alert response, it gets enabled automatically. If you want to temporarily stop alert generation, disable the alert response instead of deleting it.

When you modify an alert response, your changes take effect immediately. However, if you are using alert response to send connection logs to an SNMP trap or syslog server, deploy the configuration to ensure your changes are applied.