Manual Chapter : Managing Notification Rules

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 6.0.0
Manual Chapter

Managing Notification Rules

About notification rules

Notification rules are accessed from within the Policy Editor and are used to notify users when a policy (firewall policy or NAT policy) is changed or when a percentage of the maximum supported configuration objects is reached. The notifications are configured using notification rules and are delivered through email, such an email is referred to as a notification email. Notification rules can be useful for administrators who wish to be notified when policies are changed, or who wish to notify others of such changes. Notifications can also be sent based on shared resources used by policies.

About Notification Email

There are two kinds of notification email that can be sent using notification rules:
  • If a Policy Notify rule type is selected, the notification email lists what specified policies have changed, possibly including any changed shared resources.
  • If a Limit Notify rule type is selected, the notification email lists what specified limits have been reached. The limits can include device limits, object limits or both.
    • The limit for a device is determined by the license for that device. The email contains the number of devices and the percentage of devices used, based on the maximum number of devices.
    • The limit for objects is a total number of objects for all devices being managed by the BIG-IQ system. Shared objects, such as virtual servers, only count as a single object even if they are used multiple times. The email contains the number of objects for all devices being managed and the percentage of objects used, based on the maximum number of objects.

Adding and scheduling notification rules

Use the Notification Rules screen to add and schedule a new notification rule.

Creating notification rules

  1. Click
    Configuration
    SECURITY
    Network Security
    Notification Rules
    .
  2. Click
    Create
    and the Notification Rules - New Item screen is displayed.
  3. On the Properties tab, specify the appropriate values for the following fields.
    Property
    Description
    Name
    Specify a name for the notification. This is required.
    Description
    Specify a description for the notification
    Email Comment
    Specify the content of the email for this notification
    Format
    Select the format of the notification to be either
    Plain Text
    or
    CSV
    .
    Rule Type
    Select the type of notification rule to use.
    • Policy Notify
      indicates that the notification is triggered when the policy has changed. You specify the policy on the Policy Notify tab.
    • Limit Notify
      indicates that the notification is triggered when a limit has been reached. You specify the limit on the Limit Notify tab.
    Email Recipients
    Specify information about one or more email recipients.
    • In the
      Name
      field, specify a name for the recipient.
    • In the
      Email Address
      field, specify the email address of the recipient.
    To add another recipient, click the (
    +
    ) plus sign and supply the
    Name
    and
    Email Address
    fields for that recipient.
    To remove a recipient, click the (
    X
    ) to the right of the email recipient.
  4. If you specified the
    Rule Type
    as
    Policy Notify
    , specify the appropriate values for the following fields on the Policy Notify tab.
    Field
    Description
    Available Firewall Policies
    Select the firewall policy the rule should monitor and notify you when it changes, then click
    Add
    . The selected policy is added to the list of firewall policies below the
    Available Firewall Policies
    field.
    Notify on Dependent Objects
    Determines whether or not dependent objects, such as shared resources, are also monitored by the rule. By default this option is selected, indicating that shared resources should also be monitored.
    Available NAT Policies
    Select the NAT policy the rule should monitor and notify you when it changes, then click
    Add
    . The selected NAT policy is added to the list of policies below the
    Available NAT Policies
    field.
    Notify on Dependent Objects
    Determines whether or not dependent objects, such as shared resources, are also monitored by the rule. By default this option is selected, indicating that shared resources should also be monitored.
    To delete a policy from the list, click the
    X
    to the right of the
    Notify on Dependent Objects
    option.
  5. If you specified the
    Rule Type
    as
    Limit Notify
    , specify the appropriate values for the following fields on the Limit Notify tab.
    Field
    Description
    Device Limit Notification
    Select this check box to be notified when the BIG-IQ system reaches a specified limit.
    Device Limit Thresholds
    Specify the device limit thresholds at which a notification email is sent. A device limit is a percentage of the number of BIG-IP devices your BIG-IQ system is managing. You can set up to three limits that are each a percentage of the limit amount by modifying the percentage amount in each of the three device limit threshold fields. For example, if your BIG-IQ system is licensed to handle 10 BIG-IP devices, you would go over the threshold of 49% when 5 BIG-IP devices were being managed.
    Object Limit Notification
    Select this check box to be notified when a specified object limit is exceeded.
    Object Limit Thresholds
    Specify the object limit thresholds at which a notification email is sent. You can set up to three limits that are each a percentage of the limit amount by modifying the percentage amount in each of the three object limit threshold fields.
    As more operations occur with more BIG-IP devices, the number of objects in use by the BIG-IQ system grows. The maximum number of objects supported varies depending on the BIG-IP device configuration.
  6. Save your work.

Scheduling notification rules

Once a notification rule has been created it can be scheduled. To schedule a notification rule, click the check box to the left of the rule to select it, and then click
Edit Schedule
. The Notification Rules Evaluation Interval dialog is displayed. In this dialog, specify the interval at which the schedule should run.

Editing notification rules

From the Notification Rules screen in the Policy Editor, you can edit notification rules.
  1. Click the name of the notification rule to edit that rule and display the editing screen.
  2. The rule is locked for editing.
  3. Change the property and field values that you need to modify.
  4. Click
    Save
    to save changes.
  5. When finished, click
    Save & Close
    to save changes, release the lock, and exit the screen.

Deleting notification rules

From the Notification Rules screen in the Policy Editor, you can remove notification rules.
  1. Select the rule to be removed by clicking the check box to the left of the rule.
  2. Click
    Delete
    .