Configuring delivery of MQTT notifications

Kaspersky IoT Secure Gateway 1000 can send notifications about firewall and system audit events over the MQTT protocol.

To configure delivery of MQTT notifications:

1. In the menu in the left part of the web interface page, select Settings → Notifications.
2. In the MQTT notifications group of settings, enable sending MQTT notifications by enabling the Use MQTT to send events option.
3. Configure the settings for forwarding MQTT notifications:
   1. In the IP address field, enter the IP address of the MQTT broker you are using.
   2. In the Port field, enter the port number of the MQTT broker you are using.

      You can use ports 1883 and 8883 to connect Kaspersky IoT Secure Gateway 1000 to an MQTT broker residing in an internal network.

      You can use port 8883 to connect Kaspersky IoT Secure Gateway 1000 to an MQTT broker residing in an external network.

   3. In the MQTT topic name field, specify the name of the MQTT-topic for sending notifications about events.
   4. If you need to send notifications about events from a specific user, set the Use authentication toggle button to the enabled position and provide the following data:
      • In the User name field, enter the user login name for authorization on the server.
      • In the Password field, enter the password of the user login for authorization on the server.

        You can obtain the user account credentials from the system administrator. Sending notifications from a specific user is disabled by default.

   5. If you need to use a secure SSL connection, set the Use secure SSL connection toggle button to the enabled position and do the following:
      1. Upload a certificate issued by a Certificate Authority. To do so, click the Upload certificate button and select a certificate file on the local device.

         Information about the uploaded certificate from a Certificate Authority will be displayed on the page.

         Loading widely known Certification Authority certificates is not recommended, as all servers that use certificates signed by these Certification Authority certificates will be trusted. This situation can lead to Kaspersky IoT Secure Gateway 1000 being compromised.

      2. Upload the client certificate. To do so, click the Upload client certificate button and select a certificate file on the local device.

         Information about the uploaded client certificate will be displayed on the page.

      3. Upload a key for the client certificate. To do so, click the Upload key button and select a key file on the local device.

         Use of a secure SSL connection is disabled by default.

4. Click Save in the lower part of the page to save the changes.