D-Link DFL-260E Log Reference Manual
  1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. NetDefend DFL-260E
  6. Log reference manual

D-Link DFL-260E Log Reference Manual

Network security firewall
Hide thumbs Also See for DFL-260E:
1
2
3
Table Of Contents
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
Table of Contents

Advertisement

Quick Links

See also: Reference Manual , User Manual
Network Security Firewall
Log Reference Guide
NetDefendOS
Security
Security
Ver.
11.04.01
Network Security Solution
http://www.dlink.com

Advertisement

Table of Contents
loading

Related Manuals for D-Link DFL-260E

Summary of Contents for D-Link DFL-260E

  • Page 1 Network Security Firewall Log Reference Guide NetDefendOS Security Security Ver. 11.04.01 Network Security Solution http://www.dlink.com...
  • Page 2 Log Reference Guide DFL-260E/860E/870/1660/2560/2560G NetDefendOS Version 11.04.01 D-Link Corporation No. 289, Sinhu 3rd Rd, Neihu District, Taipei City 114, Taiwan R.O.C. http://www.DLink.com Published 2016-10-03 Copyright © 2016...
  • Page 3 EVEN IF D-LINK IS INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHERMORE, D-LINK WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS AGAINST CUSTOMER FOR LOSSES OR DAMAGES. D-LINK WILL IN NO EVENT BE LIABLE FOR ANY DAMAGES IN EXCESS OF THE AMOUNT D-LINK RECEIVED FROM THE END-USER FOR THE PRODUCT.

  • Page 4: Table Of Contents

    Table of Contents Preface ....................... 34 1. Introduction ....................36 1.1. Log Message Structure ................36 1.2. Context Parameters ................38 1.3. Severity levels ..................43 2. Log Message Reference ..................45 2.1. ALG ...................... 47 2.1.1. alg_session_open (ID: 00200001) ........... 47 2.1.2.
  • Page 5 Log Reference Guide 2.1.50. disallowed_user_agent (ID: 00200146) .......... 66 2.1.51. http_pipeline_full (ID: 00200147) ..........66 2.1.52. protocol_upgrade_denied (ID: 00200148) ........67 2.1.53. protocol_upgrade (ID: 00200149) ..........67 2.1.54. max_smtp_sessions_reached (ID: 00200150) ........68 2.1.55. maximum_email_per_minute_reached (ID: 00200151) ....68 2.1.56. failed_create_new_session (ID: 00200152) ........68 2.1.57.
  • Page 6 Log Reference Guide 2.1.110. failed_to_register_rawconn (ID: 00200238) ........90 2.1.111. failed_to_merge_conns (ID: 00200239) ........90 2.1.112. max_ftp_sessions_reached (ID: 00200241) ........91 2.1.113. failed_create_new_session (ID: 00200242) ........91 2.1.114. failure_connect_ftp_server (ID: 00200243) ........91 2.1.115. content_type_mismatch (ID: 00200250) ........92 2.1.116. failed_to_send_command (ID: 00200251) ........92 2.1.117.
  • Page 7 Log Reference Guide 2.1.171. options_removed (ID: 00200371) ..........113 2.1.172. failed_strip_option (ID: 00200372) ..........113 2.1.173. failed_create_connection (ID: 00200373) ........114 2.1.174. invalid_error_message_received (ID: 00200374) ......114 2.1.175. max_pop3_sessions_reached (ID: 00200380) ......114 2.1.176. failed_create_new_session (ID: 00200381) ......... 115 2.1.177. failed_connect_pop3_server (ID: 00200382) ....... 115 2.1.178.
  • Page 8 Log Reference Guide 2.1.232. failed_to_find_role (ID: 00200528) ..........138 2.1.233. failed_to_update_port (ID: 00200529) ........138 2.1.234. failed_to_update_contact (ID: 00200530) ........138 2.1.235. failed_to_modify_sdp_message (ID: 00200531) ......139 2.1.236. failed_to_modify_via (ID: 00200532) ......... 139 2.1.237. failed_to_modify_from (ID: 00200533) ........140 2.1.238. failed_to_modify_request_uri (ID: 00200534) ......140 2.1.239.
  • Page 9 Log Reference Guide 2.2.8. link_protection_timeout (ID: 05900031) ........162 2.2.9. link_protection_wcf_error (ID: 05900032) ........162 2.2.10. link_protection_no_license (ID: 05900033) ........163 2.2.11. dnsbl_allocation_failure (ID: 05900040) ........163 2.2.12. dnsbl_timeout (ID: 05900041) ............ 163 2.2.13. dnsbl_error (ID: 05900042) ............164 2.2.14. dcc_allocation_failure (ID: 05900050) .......... 164 2.2.15.
  • Page 10 Log Reference Guide 2.4.8. application_content (ID: 07200015) ..........186 2.4.9. application_content_allowed (ID: 07200016) ......... 186 2.4.10. application_content_denied (ID: 07200017) ......... 187 2.4.11. out_of_memory (ID: 07200018) ..........187 2.4.12. application_content_limit_reached (ID: 07200019) ....... 188 2.5. ARP ....................189 2.5.1. unsolicited_reply_drop (ID: 00300001) .......... 189 2.5.2.
  • Page 11 Log Reference Guide 2.10.1. buffers_flooded (ID: 00500001) ..........208 2.10.2. buffers_profile (ID: 00500002) ............ 208 2.11. CONN ....................209 2.11.1. conn_open (ID: 00600001) ............209 2.11.2. conn_close (ID: 00600002) ............209 2.11.3. connection_table_full (ID: 00600003) .......... 209 2.11.4. conn_open_natsat (ID: 00600004) ..........210 2.11.5.
  • Page 12 Log Reference Guide 2.13.22. got_reply_on_a_non_security_equivalent_interface (ID: 00800022) 230 2.13.23. assigned_ip_not_allowed (ID: 00800023) ........230 2.13.24. illegal_client_ip_assignment (ID: 00800024) ....... 230 2.13.25. ambiguous_host_route (ID: 00800025) ........231 2.13.26. relayed_dhcp_reply (ID: 00800026) ........... 231 2.13.27. relayed_bootp_reply (ID: 00800027) .......... 232 2.13.28. relayed_dhcp_reply (ID: 00800028) ........... 232 2.13.29.
  • Page 13 Log Reference Guide 2.16.12. bad_udp_checksum (ID: 07400012) .......... 251 2.16.13. dhcpv6_packet_too_small (ID: 07400013) ........251 2.16.14. dhcpv6_faulty_length (ID: 07400014) ........252 2.16.15. invalid_options_length (ID: 07400015) ........252 2.16.16. lease_db_successfully_saved (ID: 07400016) ......252 2.16.17. unable_to_save_lease_db (ID: 07400017) ........253 2.16.18. unexpected_advertise_message (ID: 07400018) ......253 2.16.19.
  • Page 14 Log Reference Guide 2.21.3. gre_bad_version (ID: 02200003) ..........272 2.21.4. gre_checksum_error (ID: 02200004) ..........273 2.21.5. gre_length_error (ID: 02200005) ..........273 2.21.6. gre_send_routing_loop_detected (ID: 02200006) ......273 2.21.7. unmatched_session_key (ID: 02200007) ........273 2.21.8. gre_routing_flag_set (ID: 02200008) ........... 274 2.22. HA ....................275 2.22.1.
  • Page 15 Log Reference Guide 2.24.10. invalid_url_format (ID: 01300010) ..........294 2.24.11. idp_evasion (ID: 01300011) ............295 2.24.12. idp_evasion (ID: 01300012) ............295 2.24.13. idp_outofmem (ID: 01300013) ..........296 2.24.14. idp_outofmem (ID: 01300014) ..........296 2.24.15. idp_failscan (ID: 01300015) ............297 2.24.16. idp_failscan (ID: 01300016) ............297 2.24.17.
  • Page 16 Log Reference Guide 2.29.7. 6in4_invalid_sender_decap (ID: 07800007) ........319 2.30. IPPOOL ..................... 320 2.30.1. no_offer_received (ID: 01900001) ..........320 2.30.2. no_valid_dhcp_offer_received (ID: 01900002) ......320 2.30.3. too_many_dhcp_offers_received (ID: 01900003) ......320 2.30.4. lease_disallowed_by_lease_filter (ID: 01900004) ......321 2.30.5. lease_disallowed_by_server_filter (ID: 01900005) ......321 2.30.6.
  • Page 17 Log Reference Guide 2.31.42. failed_to_add_peer (ID: 01800312) ........... 339 2.31.43. failed_to_add_rules (ID: 01800313) ........... 340 2.31.44. failed_to_add_rules (ID: 01800314) ........... 340 2.31.45. new_remote_endpoint_ip (ID: 01800315) ........340 2.31.46. no_policymanager (ID: 01800316) ..........341 2.31.47. peer_is_dead (ID: 01800317) ............ 341 2.31.48. failed_to_set_dpd_cb (ID: 01800318) ........341 2.31.49.
  • Page 18 Log Reference Guide 2.31.102. ipsec_sa_created (ID: 01800907) ..........358 2.31.103. ipsec_sa_rekeyed (ID: 01800908) ..........359 2.31.104. ipsec_sa_deleted (ID: 01800909) ..........359 2.31.105. ipsec_sa_keys (ID: 01800910) ..........360 2.31.106. out_of_memory (ID: 01801100) ..........360 2.31.107. out_of_memory (ID: 01801101) ..........360 2.31.108. out_of_memory (ID: 01801102) ..........361 2.31.109.
  • Page 19 Log Reference Guide 2.31.162. invalid_key_size (ID: 01802217) ..........377 2.31.163. invalid_cipher_keysize (ID: 01802218) ........378 2.31.164. invalid_key_size (ID: 01802219) ..........378 2.31.165. invalid_cipher_keysize (ID: 01802220) ........378 2.31.166. no_matching_tunnel_found (ID: 01802221) ......379 2.31.167. no_tunnel_id_specified (ID: 01802222) ........379 2.31.168. several_local_id_specified_for_tunnel (ID: 01802223) ....379 2.31.169.
  • Page 20 Log Reference Guide 2.31.223. monitored_host_reachable (ID: 01803600) ....... 396 2.31.224. monitored_host_unreachable (ID: 01803601) ......396 2.31.225. failed_to_attach_radius (ID: 01803700) ........396 2.31.226. failed_to_attach_radius (ID: 01803701) ........397 2.32. IPV6_ND ................... 398 2.32.1. neighbor_discovery_resolution_failed (ID: 06400009) ....398 2.32.2. nd_resolution_success (ID: 06400020) ......... 398 2.32.3.
  • Page 21 Log Reference Guide 2.33.2. disallowed_ip_ver (ID: 01500002) ..........418 2.33.3. invalid_ip_length (ID: 01500003) ..........418 2.33.4. invalid_ip_length (ID: 01500004) ..........419 2.33.5. invalid_ip_checksum (ID: 01500005) ........... 419 2.33.6. Invalid_ip6_flow (ID: 01500020) ..........419 2.33.7. Invalid_ip6_flow (ID: 01500021) ..........420 2.33.8. Invalid_ip6_tc (ID: 01500022) ............. 420 2.33.9.
  • Page 22 Log Reference Guide 2.35.45. excessive_padding (ID: 01700066) ..........439 2.35.46. repeated_option (ID: 01700067) ..........439 2.35.47. more_optcount (ID: 01700068) ..........440 2.35.48. more_optcount (ID: 01700069) ..........440 2.35.49. ip6_rhother (ID: 01700070) ............440 2.35.50. ip6_rhother (ID: 01700071) ............441 2.35.51. ip6_rh2 (ID: 01700072) ............441 2.35.52.
  • Page 23 Log Reference Guide 2.37.13. l2tp_session_request (ID: 02800015) ......... 461 2.37.14. l2tp_session_up (ID: 02800016) ..........461 2.37.15. failure_init_radius_accounting (ID: 02800017) ......462 2.37.16. l2tpclient_tunnel_up (ID: 02800018) ......... 462 2.37.17. malformed_packet (ID: 02800019) ..........462 2.37.18. unknown_ctrl_conn_id (ID: 02800020) ........463 2.37.19. l2tp_session_closed (ID: 02800037) ........... 463 2.37.20.
  • Page 24 Log Reference Guide 2.40.25. bad_seq_num (ID: 02400104) ........... 482 2.40.26. non_dup_dd (ID: 02400105) ............. 483 2.40.27. as_ext_on_stub (ID: 02400106) ..........483 2.40.28. unknown_lsa (ID: 02400107) ............ 484 2.40.29. bad_lsa_sequencenumber (ID: 02400108) ........484 2.40.30. bad_lsa_maxage (ID: 02400109) ..........484 2.40.31. lsa_checksum_mismatch (ID: 02400150) ........485 2.40.32.
  • Page 25 Log Reference Guide 2.41.12. response_value_too_long (ID: 02500150) ........501 2.41.13. username_too_long (ID: 02500151) ........... 502 2.41.14. username_too_long (ID: 02500201) ........... 502 2.41.15. username_too_long (ID: 02500301) ........... 502 2.41.16. username_too_long (ID: 02500350) ........... 503 2.41.17. password_too_long (ID: 02500351) ........... 503 2.41.18. unsupported_auth_server (ID: 02500500) ........503 2.41.19.
  • Page 26 Log Reference Guide 2.46.5. drop_due_to_buffer_starvation (ID: 04800007) ......524 2.46.6. failed_to_send_ack (ID: 04800008) ..........524 2.46.7. processing_memory_limit_reached (ID: 04800009) ....... 525 2.46.8. maximum_connections_limit_reached (ID: 04800010) ....525 2.46.9. state_memory_allocation_failed (ID: 04800011) ......525 2.47. RFO ....................526 2.47.1. has_ping (ID: 04100001) ............526 2.47.2.
  • Page 27 Log Reference Guide 2.50.10. sesmgr_session_activate (ID: 04900010) ........546 2.50.11. sesmgr_session_disabled (ID: 04900011) ........546 2.50.12. sesmgr_console_denied_init (ID: 04900012) ....... 546 2.50.13. sesmgr_session_access_missing (ID: 04900015) ......547 2.50.14. sesmgr_session_old_removed (ID: 04900016) ......547 2.50.15. sesmgr_file_error (ID: 04900017) ..........548 2.50.16. sesmgr_techsupport (ID: 04900018) .......... 548 2.51.
  • Page 28 Log Reference Guide 2.54.18. ssh_force_conn_close (ID: 04700105) ........567 2.54.19. scp_failed_not_admin (ID: 04704000) ........568 2.55. SSLVPN ..................... 569 2.55.1. sslvpn_session_created (ID: 06300010) ........569 2.55.2. sslvpn_session_closed (ID: 06300011) ......... 569 2.55.3. sslvpn_max_sessions_reached (ID: 06300012) ......569 2.55.4. failure_init_radius_accounting (ID: 06300013) ......570 2.55.5.
  • Page 29 Log Reference Guide 2.56.48. bad_user_credentials (ID: 03207010) ......... 589 2.56.49. bad_user_credentials (ID: 03207011) ......... 590 2.56.50. method_not_allowed (ID: 03207012) ......... 590 2.56.51. unknown_api_call (ID: 03207013) ..........590 2.57. TCP_FLAG ..................592 2.57.1. tcp_flags_set (ID: 03300001) ............592 2.57.2. tcp_flags_set (ID: 03300002) ............592 2.57.3.
  • Page 30 Log Reference Guide 2.61.1. impossible_hw_sender_address (ID: 04400410) ......614 2.61.2. enet_hw_sender_broadcast (ID: 04400411) ........614 2.61.3. enet_hw_sender_broadcast (ID: 04400412) ........614 2.61.4. enet_hw_sender_broadcast (ID: 04400413) ........615 2.61.5. enet_hw_sender_multicast (ID: 04400414) ........615 2.61.6. enet_hw_sender_multicast (ID: 04400415) ........615 2.61.7. enet_hw_sender_multicast (ID: 04400416) ........616 2.61.8.
  • Page 31 Log Reference Guide 2.62.48. bad_clientfinished_msg (ID: 03700506) ........635 2.62.49. bad_alert_msg (ID: 03700507) ..........635 2.62.50. unknown_ssl_error (ID: 03700508) ..........636 2.62.51. negotiated_cipher_does_not_permit_the_chosen_certificate_size (ID: 03700509) ..................636 2.62.52. received_sslalert (ID: 03700510) ..........636 2.62.53. sent_sslalert (ID: 03700511) ............. 637 2.62.54. user_login (ID: 03707000) ............637 2.62.55.
  • Page 32 List of Tables 1. Abbreviations ....................35...
  • Page 33 List of Examples 1. Log Message Parameters ................... 34 2. Conditional Log Message Parameters ..............34...

  • Page 34: Preface

    Preface Audience The target audience for this reference guide consists of: • Administrators that are responsible for configuring and managing a NetDefendOS installation. • Administrators that are responsible for troubleshooting a NetDefendOS installation. This guide assumes that the reader is familiar with NetDefendOS and understands the fundamentals of IP network security.
  • Page 35 Preface depending on the context of the log message. Abbreviations The following abbreviations are used throughout this reference guide: Abbreviation Full name Application Layer Gateway Address Resolution Protocol DHCP Dynamic Host Configuration Protocol Domain Name System Encapsulating Security Payload File Transfer Protocol High Availability HTTP Hyper Text Transfer Protocol...

  • Page 36: Introduction

    Chapter 1: Introduction • Log Message Structure, page 36 • Context Parameters, page 38 • Severity levels, page 43 This guide is a reference for all log messages generated by NetDefendOS. It is designed to be a valuable information source for both management and troubleshooting. 1.1.
  • Page 37 Chapter 1: Introduction Message Reference. As previously mentioned, the category is identified by the first 3 digits in the message ID. All messages in a particular category have the same first 3 digits in their ID. Default Severity The default severity level for this log message. For a list of severity levels, please see section Section 1.3, “Severity levels”.

  • Page 38: 1.2. Context Parameters

    Chapter 1: Introduction 1.2. Context Parameters In many cases, information regarding a certain object is featured in the log message. This can be information about, for example, a connection. In this case, the log message should, besides all the normal log message attributes, also include information about which protocol is used, source and destination IP addresses and ports (if applicable), and so on.
  • Page 39 Chapter 1: Introduction [fragid] Fragmentation ID. Valid if the IP packet is fragmented. ipproto The IP Protocol. ipdatalen The IP data length. [srcport] The source port. Valid if the protocol is TCP or UDP. [destport] The destination port. Valid if the protocol is TCP or UDP. [tcphdrlen] The TCP header length.
  • Page 40 Chapter 1: Introduction [origsent] The number of bytes sent by the originator in this connection. Valid if the connection is closing or closed. [termsent] The number of bytes sent by the terminator in this connection. Valid if the connection is closing or closed. Specifies the name and a description of the signature that triggered this event.
  • Page 41 Chapter 1: Introduction authrule The name of the user authentication rule. authagent The name of the user authentication agent. authevent The user authentication event that occurred. Possible values: login, logout, timedout, disallowed_login, accounting and unknown. username The name of the user that triggered this event. srcip The source IP address of the user that triggered this event.
  • Page 42 Chapter 1: Introduction routemetric Route metric (cost).

  • Page 43: 1.3. Severity Levels

    Chapter 1: Introduction 1.3. Severity levels An event has a default severity level, based on how serious the event is. The following eight severity levels are possible, as defined by the Syslog protocol: 0 - Emergency Emergency conditions, which most likely led to the system being unusable.
  • Page 44 Chapter 1: Introduction...

  • Page 45: Log Message Reference

    Chapter 2: Log Message Reference • ALG, page 47 • ANTISPAM, page 159 • ANTIVIRUS, page 171 • APPCONTROL, page 184 • ARP, page 189 • AUTHAGENTS, page 196 • AVSE, page 202 • AVUPDATE, page 203 • BLACKLIST, page 206 •...
  • Page 46 Chapter 2: Log Message Reference • IDP, page 290 • IDPPIPES, page 299 • IDPUPDATE, page 302 • IFACEMON, page 305 • IGMP, page 307 • IP6IN4, page 317 • IPPOOL, page 320 • IPSEC, page 326 • IPV6_ND, page 398 •...

  • Page 47: 2.1. Alg

    Chapter 2: Log Message Reference • SYSTEM, page 573 • TCP_FLAG, page 592 • TCP_OPT, page 600 • THRESHOLD, page 607 • TIMESYNC, page 611 • TRANSPARENCY, page 614 • USERAUTH, page 619 • VFS, page 640 • ZONEDEFENSE, page 644 Sort Order All log messages are sorted by their category and then by their ID number.

  • Page 48: Max_Line_Length_Exceeded (Id: 00200003)

    Chapter 2: Log Message Reference Recommended Action None. Revision Context Parameters ALG Module Name ALG Session ID 2.1.3. max_line_length_exceeded (ID: 00200003) Default Severity ERROR Log Message Maximum line length <max> exceeded, got <len> characters. Closing connection Explanation The maximum length of an entered line was exceeded, and the connection will be closed.

  • Page 49: Invalid_Url_Format (Id: 00200101)

    Chapter 2: Log Message Reference Gateway Action close Recommended Action Research the source of this and try to find out why the client is sending an invalid header. Revision Parameters algname Context Parameters ALG Module Name ALG Session ID 2.1.6. invalid_url_format (ID: 00200101) Default Severity ERROR Log Message...

  • Page 50: Allow_Unknown_Protocol (Id: 00200103)

    Chapter 2: Log Message Reference 2.1.8. allow_unknown_protocol (ID: 00200103) Default Severity NOTICE Log Message Allowing unknown protocol. ALG name: <algname>. Explanation Invalid protocol data received from the server. The connection will be allowed to pass through without inspection according to the configuration.

  • Page 51: Invalid_Chunked_Encoding (Id: 00200107)

    Chapter 2: Log Message Reference Gateway Action closing_connecion Recommended Action Research the source of this, and try to find out why the server is sending such large amounts of suspicious data. Revision Parameters algname Context Parameters ALG Module Name ALG Session ID 2.1.11.

  • Page 52: Compressed_Data_Received (Id: 00200109)

    Chapter 2: Log Message Reference 2.1.13. compressed_data_received (ID: 00200109) Default Severity ERROR Log Message HTTPALG: Compressed data was received from the server, although uncompressed was requested. Closing connection. ALG name: <algname>. Explanation The unit requested that no compressed data should be used, but the server ignored this and sent compressed data anyway.

  • Page 53: Failure_Connect_Http_Server (Id: 00200112)

    Chapter 2: Log Message Reference Gateway Action close Recommended Action Decrease the maximum allowed HTTPALG sessions, or try to free some of the RAM used. Revision Context Parameters ALG Module Name 2.1.16. failure_connect_http_server (ID: 00200112) Default Severity ERROR Log Message HTTPALG: Failed to connect to the HTTP Server.

  • Page 54: No_Valid_License (Id: 00200115)

    Chapter 2: Log Message Reference Default Severity ERROR Log Message HTTPALG: WCF override cache full Explanation The WCF override hash is full. The oldest least used value will be replaced. Gateway Action replace Recommended Action None. Revision Context Parameters ALG Module Name 2.1.19.

  • Page 55: Blocked_Filetype (Id: 00200117)

    Chapter 2: Log Message Reference 2.1.21. blocked_filetype (ID: 00200117) Default Severity NOTICE Log Message HTTPALG: Requested file:<filename> is blocked as this file is identified as type <filetype>, which is in block list. Explanation The file is present in the block list. It will be blocked as per configuration.

  • Page 56: Wcf_Srv_Connection_Error (Id: 00200120)

    Chapter 2: Log Message Reference 2.1.24. wcf_srv_connection_error (ID: 00200120) Default Severity ERROR Log Message HTTPALG: HTTP request not validated by Web Content Filter and allowed. Explanation The Web Content Filtering servers could not be contacted. The request has been allowed since fail-mode parameter is in allow mode.

  • Page 57: Wcf_Server_Connected (Id: 00200123)

    Chapter 2: Log Message Reference Revision Parameters server Context Parameters ALG Module Name 2.1.27. wcf_server_connected (ID: 00200123) Default Severity INFORMATIONAL Log Message HTTPALG: Web content server <server> connected Explanation The connection with the Web Content server has been established. Gateway Action None Recommended Action None.

  • Page 58: Request_Url (Id: 00200126)

    Chapter 2: Log Message Reference Revision Parameters categories audit override algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2.1.30. request_url (ID: 00200126) Default Severity NOTICE Log Message HTTPALG: Requesting URL <url>. Categories: <categories>. Audit: <audit>. Override: <override>. ALG name: <algname>. Explanation The URL has been requested.

  • Page 59: Wcf_Server_Bad_Reply (Id: 00200128)

    Chapter 2: Log Message Reference 2.1.32. wcf_server_bad_reply (ID: 00200128) Default Severity ERROR Log Message HTTPALG: Failed to parse WCF server response Explanation The WCF service could not parse the server response. The WCF transmission queue is reset and a new server connection will be established.

  • Page 60: Wcf_Bad_Sync (Id: 00200131)

    Chapter 2: Log Message Reference Gateway Action none Recommended Action Try to free up some RAM by changing configuration parameters. Revision Context Parameters ALG Module Name 2.1.35. wcf_bad_sync (ID: 00200131) Default Severity ERROR Log Message HTTPALG: WCF request out of sync Explanation The WCF response received from the server did not match the expected value.

  • Page 61: Wcf_Server_Disconnected (Id: 00200134)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message HTTPALG: Reclassification request for URL <url>. New Category <newcat>. ALG name: <algname>. Explanation The user has requested a category reclassification for the URL. Gateway Action allow Recommended Action Disable the ALLOW_RECLASSIFICATION mode of parameter CATEGORIES for this ALG.

  • Page 62: Request_Url (Id: 00200136)

    Chapter 2: Log Message Reference Parameters categories audit override user algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2.1.40. request_url (ID: 00200136) Default Severity NOTICE Log Message HTTPALG: Requesting URL <url>. Categories: <categories>. User: <user>. Audit: <audit>. Override: <override>. ALG name: <algname>.

  • Page 63: Restricted_Site_Notice (Id: 00200138)

    Chapter 2: Log Message Reference Parameters categories audit override user algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2.1.42. restricted_site_notice (ID: 00200138) Default Severity WARNING Log Message HTTPALG: User requests the forbidden URL <url>, even though Restricted Site Notice was applied. User: <user>. ALG name: <algname>.

  • Page 64: Wcf_Mem_Optimized (Id: 00200140)

    Chapter 2: Log Message Reference user algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2.1.44. wcf_mem_optimized (ID: 00200140) Default Severity DEBUG Log Message HTTPALG: Optimizing WCF memory usage Explanation The Web Content Filtering subsystem has optimized its memory usage and freed up some memory.

  • Page 65: Wcf_Server_Timeout (Id: 00200143)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters cache_size cache_repl_per_sec trans_per_sec queue_len in_transit queue_delta_per_sec server srv_prec Context Parameters ALG Module Name 2.1.47. wcf_server_timeout (ID: 00200143) Default Severity ERROR Log Message HTTPALG: WCF request timeout Explanation The WCF server took too long time to reply. A new connection attempt is in progress.

  • Page 66: Intercept_Page_Failed (Id: 00200145)

    Chapter 2: Log Message Reference 2.1.49. intercept_page_failed (ID: 00200145) Default Severity DEBUG Log Message HTTPALG: Failed to send interception page to client Explanation The HTTPALG failed to send an interception page to the client. Gateway Action close Recommended Action None. Revision Parameters pagetype...

  • Page 67: Protocol_Upgrade_Denied (Id: 00200148)

    Chapter 2: Log Message Reference of resources. The connection is closed. Gateway Action close Recommended Action Investigate which client and software that sends this many pipelinied requests and see if they can be reconfigured. Revision Parameters count algname Context Parameters Connection Connection ALG Module Name...

  • Page 68: Max_Smtp_Sessions_Reached (Id: 00200150)

    Chapter 2: Log Message Reference Context Parameters Connection ALG Module Name ALG Session ID 2.1.54. max_smtp_sessions_reached (ID: 00200150) Default Severity WARNING Log Message SMTPALG: Maximum number of SMTP sessions (<max_sessions>) for service reached. Closing connection Explanation The maximum number of concurrent SMTP sessions has been reached for this service.

  • Page 69: Failed_Connect_Smtp_Server (Id: 00200153)

    Chapter 2: Log Message Reference Gateway Action close Recommended Action Decrease the maximum allowed SMTPALG sessions, or try to free some of the RAM used. Revision Context Parameters ALG Module Name 2.1.57. failed_connect_smtp_server (ID: 00200153) Default Severity ERROR Log Message SMTPALG: Failed to connect to the SMTP Server.

  • Page 70: Sender_Email_Id_Mismatched (Id: 00200157)

    Chapter 2: Log Message Reference Gateway Action spam tag Recommended Action Disable the Verify E-Mail Sender ID setting if you experience that valid e-mails are being wrongly tagged. Revision Parameters sender_email_address recipient_email_addresses data_sender_address Context Parameters ALG Module Name ALG Session ID 2.1.60.

  • Page 71: Recipient_Email_Id_In_Blacklist (Id: 00200159)

    Chapter 2: Log Message Reference 2.1.62. recipient_email_id_in_blacklist (ID: 00200159) Default Severity WARNING Log Message SMTPALG: Recipient e-mail address is in Black List Explanation Since "RCPT TO:" e-mail address is in Black List, SMTP ALG rejected the client request. Gateway Action reject Recommended Action None.

  • Page 72: Base64_Decode_Failed (Id: 00200165)

    Chapter 2: Log Message Reference Recommended Action Research how the sender is encoding the data. Revision Parameters filename filetype sender_email_address recipient_email_addresses Context Parameters ALG Module Name ALG Session ID 2.1.65. base64_decode_failed (ID: 00200165) Default Severity ERROR Log Message SMTPALG: Base 64 decode failed. Attachment is allowed Explanation The data sent to Base64 decoding failed.

  • Page 73: Content_Type_Mismatch (Id: 00200167)

    Chapter 2: Log Message Reference Context Parameters ALG Module Name ALG Session ID 2.1.67. content_type_mismatch (ID: 00200167) Default Severity WARNING Log Message SMTPALG: Content type mismatch in file <filename>. Identified filetype <filetype> Explanation The filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded.

  • Page 74: All_Recipient_Email_Ids_Are_In_Blocklist (Id: 00200172)

    Chapter 2: Log Message Reference Log Message SMTPALG: Content type mismatch found for the file <filename>. It is identified as type <filetype> file Explanation Received type of data in the packet and its actual type do not match. As there is a mismatch and mime type check is disabled, the data will be allowed.

  • Page 75: Invalid_End_Of_Mail (Id: 00200176)

    Chapter 2: Log Message Reference ALG Session ID 2.1.72. invalid_end_of_mail (ID: 00200176) Default Severity WARNING Log Message SMTPALG: Invalid end of mail "\\n.\\n" received. Explanation The client is sending invalid end of mail. Transaction will be terminated. Gateway Action block Recommended Action Research how the client is sending invalid end of mail.

  • Page 76: Failed_Send_Reply_Code (Id: 00200181)

    Chapter 2: Log Message Reference Revision Context Parameters ALG Module Name ALG Session ID 2.1.75. failed_send_reply_code (ID: 00200181) Default Severity ERROR Log Message SMTPALG: Could not send error code to client Explanation The SMTP ALG failed to send an error response code to the client. Gateway Action none Recommended Action...

  • Page 77: Cmd_Pipelined (Id: 00200186)

    Chapter 2: Log Message Reference Parameters capa Context Parameters ALG Module Name ALG Session ID 2.1.78. cmd_pipelined (ID: 00200186) Default Severity ERROR Log Message SMTPALG: Received pipelined request. Explanation The SMTP ALG does not support pipelined requests. The appearance of this log message indicates that the client used PIPELINING even though it was removed from capability list.

  • Page 78: Illegal_Data_Direction (Id: 00200202)

    Chapter 2: Log Message Reference whitelist, this mark is removed. Gateway Action none Recommended Action None. Revision Parameters sender_email_address Context Parameters ALG Module Name ALG Session ID 2.1.81. illegal_data_direction (ID: 00200202) Default Severity ERROR Log Message FTPALG: TCP data from <peer> not allowed in this direction. Closing connection Explanation TCP Data was sent in an invalid direction, and the connection will be...

  • Page 79: Hybrid_Data (Id: 00200209)

    Chapter 2: Log Message Reference 2.1.83. hybrid_data (ID: 00200209) Default Severity INFORMATIONAL Log Message FTPALG: Hybrid data channel closed Explanation A hybrid data channel was closed. Gateway Action None Recommended Action None. Revision Context Parameters ALG Module Name ALG Session ID Rule Information Connection 2.1.84.

  • Page 80: Illegal_Command (Id: 00200212)

    Chapter 2: Log Message Reference Gateway Action close Recommended Action If unknown commands should be allowed, modify the FTPALG configuration. Revision Parameters peer Context Parameters ALG Module Name ALG Session ID Connection 2.1.86. illegal_command (ID: 00200212) Default Severity WARNING Log Message FTPALG: Failed to parse command from <peer>...

  • Page 81: Port_Command_Disabled (Id: 00200214)

    Chapter 2: Log Message Reference Context Parameters ALG Module Name ALG Session ID Connection 2.1.88. port_command_disabled (ID: 00200214) Default Severity WARNING Log Message FTPALG: PORT command not allowed from <peer>. Rejecting command Explanation The client tried to issue a "PORT" command, which is not valid since the client is not allowed to do active FTP.

  • Page 82: Illegal_Port_Number (Id: 00200217)

    Chapter 2: Log Message Reference Default Severity CRITICAL Log Message FTPALG: Illegal PORT command from <peer>, bad IP address <ip4addr>. String=<string>. Rejecting command Explanation An illegal "PORT" command was received from the client. It requests that the server should connect to another IP that it's own. This is not allowed, and the command will be rejected.

  • Page 83: Illegal_Command (Id: 00200219)

    Chapter 2: Log Message Reference to client. This could possibly be a result of lack of memory. Gateway Action None Recommended Action None. Revision Parameters peer connection string Context Parameters ALG Module Name ALG Session ID Connection 2.1.93. illegal_command (ID: 00200219) Default Severity WARNING Log Message...

  • Page 84: Illegal_Direction2 (Id: 00200221)

    Chapter 2: Log Message Reference Context Parameters ALG Module Name ALG Session ID Connection 2.1.95. illegal_direction2 (ID: 00200221) Default Severity WARNING Log Message FTPALG: Illegal direction for command(2), peer=<peer>. Closing connection. Explanation A command was sent in an invalid direction, and the connection will be closed.

  • Page 85: Unknown_Option (Id: 00200224)

    Chapter 2: Log Message Reference Rejecting command. Explanation A disallowed OPTS argument was received, and the command will be rejected. Gateway Action rejecting_command Recommended Action None. Revision Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2.1.98. unknown_option (ID: 00200224) Default Severity WARNING Log Message...

  • Page 86: Unknown_Command (Id: 00200226)

    Chapter 2: Log Message Reference Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2.1.100. unknown_command (ID: 00200226) Default Severity WARNING Log Message FTPALG: Unknown command from <peer>. String=<string>. Rejecting command. Explanation An unknown command was received, and the command will be rejected.

  • Page 87: Illegal_Reply (Id: 00200230)

    Chapter 2: Log Message Reference 2.1.102. illegal_reply (ID: 00200230) Default Severity WARNING Log Message FTPALG: Illegal multiline response (<reply>) from <peer>. String=<string>. Closing connection. Explanation An illegal multiline response was received from server, and the connection will be closed. Gateway Action close Recommended Action None.

  • Page 88: Bad_Port (Id: 00200233)

    Chapter 2: Log Message Reference Explanation An illegal response was received from the server, and the connection is closed. Gateway Action close Recommended Action None. Revision Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2.1.105. bad_port (ID: 00200233) Default Severity CRITICAL Log Message...

  • Page 89: Failed_To_Create_Connection2 (Id: 00200235)

    Chapter 2: Log Message Reference Revision Parameters peer ip4addr ip4addr_server string Context Parameters ALG Module Name ALG Session ID Connection 2.1.107. failed_to_create_connection2 (ID: 00200235) Default Severity ERROR Log Message FTPALG: Failed create connection(2) Peer=<peer> Connection=<connection>. String=<string>. Explanation An error occured when creating a data connection from the client to server.

  • Page 90: Failed_To_Send_Port (Id: 00200237)

    Chapter 2: Log Message Reference Connection 2.1.109. failed_to_send_port (ID: 00200237) Default Severity WARNING Log Message FTPALG: Failed to send port. Peer=<peer> Explanation An error occured when trying to send the "PORT" command to the server. Gateway Action None Recommended Action None.

  • Page 91: Max_Ftp_Sessions_Reached (Id: 00200241)

    Chapter 2: Log Message Reference Revision Context Parameters ALG Module Name 2.1.112. max_ftp_sessions_reached (ID: 00200241) Default Severity WARNING Log Message FTPALG: Maximum number of FTP sessions (<max_sessions>) for service reached. Closing connection Explanation The maximum number of concurrent FTP sessions has been reached for this service.

  • Page 92: Content_Type_Mismatch (Id: 00200250)

    Chapter 2: Log Message Reference Recommended Action Verify that there is a listening FTP Server on the specified address. Revision Context Parameters ALG Module Name ALG Session ID 2.1.115. content_type_mismatch (ID: 00200250) Default Severity NOTICE Log Message FTPALG: Content type mismatch in file <filename>. Identified filetype <filetype>...

  • Page 93: Blocked_Filetype (Id: 00200253)

    Chapter 2: Log Message Reference fail for compressed files. Gateway Action data_blocked_control_and_data_channel_closed Recommended Action Change fail mode setting to allow, if resumed file transfers of compressed files should be allowed. Revision Parameters filename filetype Context Parameters ALG Module Name ALG Session ID 2.1.118.

  • Page 94: Failed_To_Send_Response_Code (Id: 00200255)

    Chapter 2: Log Message Reference Context Parameters ALG Module Name ALG Session ID 2.1.120. failed_to_send_response_code (ID: 00200255) Default Severity NOTICE Log Message FTPALG:Failed to send the response code. Explanation The FTP ALG could not send the correct response code to the client. Gateway Action none Recommended Action...

  • Page 95: Http_Not_Allowed (Id: 00200271)

    Chapter 2: Log Message Reference Revision Parameters algname Context Parameters ALG Module Name ALG Session ID Connection 2.1.123. http_not_allowed (ID: 00200271) Default Severity ERROR Log Message HTTP protocol is not allowed. Explanation Allowed protocols in ALG don't include HTTP. Gateway Action block Recommended Action None.

  • Page 96: Invalid_Clienthello (Id: 00200274)

    Chapter 2: Log Message Reference Log Message HTTPALG: HTTPS (c) Failed to parse ClientHello datagram (<cause>). Explanation Failed to parse ClientHello datagram. Gateway Action None Recommended Action None. Revision Parameters cause algname Context Parameters ALG Module Name ALG Session ID Connection 2.1.126.

  • Page 97: Invalid_Clienthello_Server_Name (Id: 00200276)

    Chapter 2: Log Message Reference Connection 2.1.128. invalid_clienthello_server_name (ID: 00200276) Default Severity ERROR Log Message HTTPALG: HTTPS (s) Failed to parse 'server_name' from ClientHello SNI extension. Explanation Failed to parse 'server_name' from ClientHello SNI extension. Gateway Action None Recommended Action None.

  • Page 98: Invalid_Certificate (Id: 00200279)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters cause algname Context Parameters ALG Module Name ALG Session ID Connection 2.1.131. invalid_certificate (ID: 00200279) Default Severity ERROR Log Message HTTPALG: HTTPS (s) Failed to parse Certificate datagram. Explanation Failed to parse Certificate datagram. Gateway Action close Recommended Action...

  • Page 99: Invalid_Message (Id: 00200301)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message H323ALG: H.225 parser is in unknown state Explanation The H.225 parser failed to parse the H.225 message. The ALG session will be closed. Gateway Action None Recommended Action None. Revision Parameters peer state...

  • Page 100: Encode_Failed (Id: 00200303)

    Chapter 2: Log Message Reference Revision Parameters peer message_type Context Parameters ALG Module Name ALG Session ID Connection 2.1.136. encode_failed (ID: 00200303) Default Severity WARNING Log Message H323ALG: Encoding of message from peer failed. Closing session Explanation The ASN.1 encoder failed to encode the message. The ALG session will be closed.

  • Page 101: Decode_Failed (Id: 00200306)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message H323ALG: Failed after encoding message from peer. Closing session Explanation The ASN.1 encoder failed to encode the message properly. The ALG session will be closed. Gateway Action close Recommended Action None.

  • Page 102: Max_Tcp_Data_Connections_Exceeded (Id: 00200308)

    Chapter 2: Log Message Reference Parameters peer Context Parameters ALG Module Name ALG Session ID Connection 2.1.141. max_tcp_data_connections_exceeded (ID: 00200308) Default Severity WARNING Log Message H323ALG: Maximum number of TCP data channels exceeded Explanation The maximum number of concurrent TCP data channels has been reached for this session.

  • Page 103: Com_Mode_Response_Message_Not_Translated (Id: 00200311)

    Chapter 2: Log Message Reference Log Message H323ALG: Ignoring mediaChannel info in openLogicalChannel Explanation Media channel information in the openLogicalChannel message is not handled. Gateway Action None Recommended Action None. Revision Parameters peer Context Parameters ALG Module Name ALG Session ID Connection 2.1.144.

  • Page 104: Failed_Create_New_Session (Id: 00200313)

    Chapter 2: Log Message Reference Parameters max_sessions Context Parameters ALG Module Name 2.1.146. failed_create_new_session (ID: 00200313) Default Severity WARNING Log Message H323ALG: Failed to create new H.323 session (out of memory) Explanation Could not create a new H.323 session due to lack of memory. No more sessions can be created unless the system increases the amount of free memory.

  • Page 105: Failure_Connect_H323_Server (Id: 00200316)

    Chapter 2: Log Message Reference Recommended Action None. Revision Context Parameters ALG Module Name 2.1.149. failure_connect_h323_server (ID: 00200316) Default Severity ERROR Log Message H323ALG: Failed to connect to the H.323 Server. Closing connection Explanation The unit failed to connect to the H.323 Server, resulting in that the ALG session could not open successfully.

  • Page 106: Packet_Failed_Traversal_Test (Id: 00200351)

    Chapter 2: Log Message Reference Explanation An invalid TFTP packet was received. Refusing connection. Gateway Action reject Recommended Action None. Revision Parameters packet_length Context Parameters ALG Module Name Connection 2.1.152. packet_failed_traversal_test (ID: 00200351) Default Severity WARNING Log Message TFTPALG: Filename <filename> failed test for directory traversal Explanation Filename failed test for directory traversal (contains invalid characters).Closing connection.

  • Page 107: Option_Value_Invalid (Id: 00200354)

    Chapter 2: Log Message Reference 2.1.154. option_value_invalid (ID: 00200354) Default Severity WARNING Log Message TFTPALG: Option <option> contained invalid value <value> Explanation Option contained invalid value.Closing connection. Gateway Action reject Recommended Action None. Revision Parameters option value Context Parameters ALG Module Name ALG Session ID Connection 2.1.155.

  • Page 108: Unknown_Option_Blocked (Id: 00200357)

    Chapter 2: Log Message Reference Revision Parameters value maxvalue Context Parameters ALG Module Name ALG Session ID Connection 2.1.157. unknown_option_blocked (ID: 00200357) Default Severity WARNING Log Message TFTPALG: Request contained unknown option <option> Explanation Request contained unknown option.Closing connection. Gateway Action reject Recommended Action If connection should be allowed modify the TFTP Alg configuration .

  • Page 109: Option_Not_Sent (Id: 00200360)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message TFTPALG: Request contained unknown option <option> Explanation Request contained unknown option.Closing connection. Gateway Action close Recommended Action If connection should be allowed modify the TFTP Alg configuration . Revision Parameters option Context Parameters ALG Module Name...

  • Page 110: Option_Value_Invalid (Id: 00200362)

    Chapter 2: Log Message Reference Context Parameters ALG Module Name ALG Session ID Connection 2.1.162. option_value_invalid (ID: 00200362) Default Severity WARNING Log Message TFTPALG: Option <option> contained no readable value Explanation Option contained no readable value.Closing connection. Gateway Action close Recommended Action None.

  • Page 111: Failed_Create_New_Session (Id: 00200365)

    Chapter 2: Log Message Reference reached for this service. No more sessions can be opened before old sessions have been released. Gateway Action close Recommended Action If the maximum number of TFTP sessions is too low, increase it. Revision Parameters max_sessions Context Parameters ALG Module Name...

  • Page 112: Invalid_Packet_Received_Reopen (Id: 00200368)

    Chapter 2: Log Message Reference Default Severity ERROR Log Message TFTPALG: Failed create listening connection,internal error(<error_code>). Closing session Explanation The unit failed to create listening connection, resulting in that the ALG session could not be successfully opened. Gateway Action close Recommended Action None.

  • Page 113: Transfer_Size_Exceeded (Id: 00200370)

    Chapter 2: Log Message Reference Parameters opcode packet_length Context Parameters ALG Module Name ALG Session ID Connection 2.1.170. transfer_size_exceeded (ID: 00200370) Default Severity WARNING Log Message TFTPALG: Received bytes <received> exceeding allowed max value <maxvalue> Explanation Transferred bytes exceeding allowed value.Closing connection. Gateway Action close Recommended Action...

  • Page 114: Failed_Create_Connection (Id: 00200373)

    Chapter 2: Log Message Reference Explanation An attempt to send request packet without options failed because of an internal error. Gateway Action close Recommended Action None. Revision Context Parameters ALG Module Name 2.1.173. failed_create_connection (ID: 00200373) Default Severity ERROR Log Message TFTPALG: Failed create...

  • Page 115: Failed_Create_New_Session (Id: 00200381)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message POP3ALG: Maximum number of POP3 sessions (<max_sessions>) for service reached. Closing connection Explanation The maximum number of concurrent POP3 sessions has been reached for this service. No more sessions can be opened before old sessions have been released.

  • Page 116: Out_Of_Memory (Id: 00200383)

    Chapter 2: Log Message Reference 2.1.178. out_of_memory (ID: 00200383) Default Severity ERROR Log Message POP3ALG: Failed to allocate memory (out of memory) Explanation An attempt to allocate memory failed. Gateway Action close Recommended Action Try to free up unwanted memory. Revision Context Parameters ALG Module Name...

  • Page 117: Base64_Decode_Failed (Id: 00200386)

    Chapter 2: Log Message Reference Parameters command" response Context Parameters ALG Module Name ALG Session ID 2.1.181. base64_decode_failed (ID: 00200386) Default Severity ERROR Log Message POP3ALG: Base 64 decode failed. Attachment blocked Explanation The data sent to Base64 decoding failed. This can occur if the email sender sends incorrectly formatted data.

  • Page 118: Response_Blocked_Invalid_Len (Id: 00200389)

    Chapter 2: Log Message Reference Explanation The client is sending command with invalid command length. The command will be blocked. Gateway Action block Recommended Action None. Revision Parameters linebegin" Context Parameters ALG Module Name ALG Session ID 2.1.184. response_blocked_invalid_len (ID: 00200389) Default Severity WARNING Log Message...

  • Page 119: Content_Type_Mismatch_Mimecheck_Disabled (Id: 00200391)

    Chapter 2: Log Message Reference 2.1.186. content_type_mismatch_mimecheck_disabled (ID: 00200391) Default Severity NOTICE Log Message POP3ALG: Content type mismatch found for the file <filename>. It is identified as type <filetype> file Explanation Received type of data in the packet and its actual type do not match. As there is a mismatch and mime type check is disabled, the data will be allowed.

  • Page 120: Unknown_Command_Blocked (Id: 00200394)

    Chapter 2: Log Message Reference Gateway Action block Recommended Action command allowed change configuration.Note: The STLS command is allways blocked!. Revision Parameters command Context Parameters ALG Module Name ALG Session ID 2.1.189. unknown_command_blocked (ID: 00200394) Default Severity WARNING Log Message POP3ALG: Unknown command blocked.

  • Page 121: Top_Mail_End_Blocked (Id: 00200398)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message POP3ALG: Mail contains invalid line endings. Explanation Mail contains invalid line endings. Gateway Action block Recommended Action Research why mail contains invalid line endings. Revision Context Parameters ALG Module Name ALG Session ID 2.1.192.

  • Page 122: Failed_Create_New_Session (Id: 00200451)

    Chapter 2: Log Message Reference Context Parameters ALG Module Name 2.1.194. failed_create_new_session (ID: 00200451) Default Severity WARNING Log Message TLSALG: Failed to create new TLSALG session (out of memory) Explanation An attempt to create a new TLSALG session failed, because the unit is out of memory.

  • Page 123: Tls_Renegotiation_Attempted (Id: 00200454)

    Chapter 2: Log Message Reference Parameters alert level algname Context Parameters ALG Module Name ALG Session ID 2.1.197. tls_renegotiation_attempted (ID: 00200454) Default Severity WARNING Log Message TLSALG: TLS renegotiation attempted but not supported. Explanation The TLS peer initiated a renegotiation. Renegotiation is however not supported so an alert was sent to let the peer know that there will be no renegotiation.

  • Page 124: Ssl_Renegotiation_Attempted (Id: 00200457)

    Chapter 2: Log Message Reference Log Message TLSALG: The negotiated cipher suite can not be used with the configured certificate. Explanation The negotiated cipher suite, which is an exportable cipher suite, does not permit using the certificate's key to perform the key exchange.

  • Page 125: Tls_Invalid_Message (Id: 00200459)

    Chapter 2: Log Message Reference Revision Parameters algname Context Parameters ALG Module Name ALG Session ID 2.1.202. tls_invalid_message (ID: 00200459) Default Severity ERROR Log Message TLSALG: Invalid TLS <message_type> message received. Explanation A badly formatted TLS message has been received. The TLS ALG session will be closed.

  • Page 126: Tls_Out_Of_Memory (Id: 00200462)

    Chapter 2: Log Message Reference Explanation A connecting TLS peer does not share any cipher suites with the unit. The TLS ALG session will be closed. Gateway Action close Recommended Action Make sure that the client and the unit share atleast one cipher suite. Revision Parameters algname...

  • Page 127: Unknown_Tls_Error (Id: 00200464)

    Chapter 2: Log Message Reference 2.1.207. unknown_tls_error (ID: 00200464) Default Severity ERROR Log Message TLSALG: Unknown TLS error. Explanation An unknown TLS error has occured. The TLS ALG session will be closed. Gateway Action close Recommended Action None. Revision Parameters algname Context Parameters ALG Module Name...

  • Page 128: Sip_Message_Parsing_Failed (Id: 00200503)

    Chapter 2: Log Message Reference Gateway Action drop Recommended Action Examine why client or server is sending a malformed SDP message. Revision Parameters reason from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.210. sip_message_parsing_failed (ID: 00200503) Default Severity ERROR Log Message SIPALG: SIP message parsing failed...

  • Page 129: Max_Sessions_Per_Uri_Reached (Id: 00200505)

    Chapter 2: Log Message Reference Parameters reason from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.212. max_sessions_per_uri_reached (ID: 00200505) Default Severity WARNING Log Message SIPALG: Maximum number of sessions per SIP URI has been reached Explanation The configured maximum number of concurrent SIP sessions [max_ses_per_id] per SIP URI has been reached.

  • Page 130: Sip_Signal_Timeout (Id: 00200507)

    Chapter 2: Log Message Reference destip destport Context Parameters ALG Module Name 2.1.214. sip_signal_timeout (ID: 00200507) Default Severity WARNING Log Message SIPALG: SIP signal timeout Explanation SIP signal timeout for session [method]. The session will be deleted. Gateway Action close Recommended Action If the configured SIP signal timeout value is too low, increase it.

  • Page 131: Registration_Time_Modified (Id: 00200509)

    Chapter 2: Log Message Reference 2.1.216. registration_time_modified (ID: 00200509) Default Severity NOTICE Log Message SIPALG: Expire value modified in registration request Explanation The SIP-ALG modified the requested registration time since it exceeds the configured maximum registration time value [cfg_registration_time]. Gateway Action allow Recommended Action None.

  • Page 132: Unsuccessful_Search_In_Registration_Table (Id: 00200512)

    Chapter 2: Log Message Reference Log Message SIPALG: Failed unregistration Explanation The user failed to unregister. Reason: [reason]. Gateway Action drop Recommended Action None. Revision Parameters reason from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name ALG Session ID 2.1.219.

  • Page 133: Failed_To_Create_Session (Id: 00200514)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.221. failed_to_create_session (ID: 00200514) Default Severity ERROR Log Message SIPALG: Failed to create sipalg session Explanation A new SIP-ALG session for [method] request could not be created. Gateway Action drop Recommended Action...

  • Page 134: Sipalg_Session_Deleted (Id: 00200516)

    Chapter 2: Log Message Reference srcport destip destport Context Parameters ALG Module Name 2.1.223. sipalg_session_deleted (ID: 00200516) Default Severity INFORMATIONAL Log Message SIPALG: SIP-ALG session deleted Explanation SIP-ALG session deleted for [method] request. Gateway Action close Recommended Action None. Revision Parameters method from_uri...

  • Page 135: Failed_To_Create_New_Transaction (Id: 00200521)

    Chapter 2: Log Message Reference Default Severity NOTICE Log Message SIPALG: Transaction created Explanation SIP-ALG transaction created for [method] request. Gateway Action allow Recommended Action None. Revision Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.226.

  • Page 136: Sipalg_Transaction_Deleted (Id: 00200523)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.228. sipalg_transaction_deleted (ID: 00200523) Default Severity NOTICE Log Message SIPALG: sipalg transaction deleted Explanation The transaction for [method] request is deleted. Gateway Action close Recommended Action...

  • Page 137: No_Route_Found (Id: 00200526)

    Chapter 2: Log Message Reference to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.230. no_route_found (ID: 00200526) Default Severity ERROR Log Message SIPALG: Failed to find route for given host Explanation No route information found for the given host. Reason: [reason]. Gateway Action drop Recommended Action...

  • Page 138: Failed_To_Find_Role (Id: 00200528)

    Chapter 2: Log Message Reference 2.1.232. failed_to_find_role (ID: 00200528) Default Severity ERROR Log Message SIPALG: Failed to find role Explanation SIPALG: Failed to find role for [method] request. Gateway Action drop Recommended Action None. Revision Parameters method from_uri to_uri srcip srcport destip destport...

  • Page 139: Failed_To_Modify_Sdp_Message (Id: 00200531)

    Chapter 2: Log Message Reference Explanation Failed to update contact into session for [method] request. Gateway Action drop Recommended Action None. Revision Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.235. failed_to_modify_sdp_message (ID: 00200531) Default Severity ERROR Log Message SIPALG: Failed to modify SDP message...

  • Page 140: Failed_To_Modify_From (Id: 00200533)

    Chapter 2: Log Message Reference from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.237. failed_to_modify_from (ID: 00200533) Default Severity ERROR Log Message SIPALG: Failed to modify FROM tag in message Explanation Failed to modify the FROM tag in message for [method] request. Gateway Action drop Recommended Action...

  • Page 141: Failed_To_Modify_Request (Id: 00200535)

    Chapter 2: Log Message Reference 2.1.239. failed_to_modify_request (ID: 00200535) Default Severity ERROR Log Message SIPALG: Failed to modify the request Explanation Failed to modify the topology info in the [method] request. Gateway Action drop Recommended Action None. Revision Parameters method from_uri to_uri srcip...

  • Page 142: Third_Party_Call_Control (Id: 00200538)

    Chapter 2: Log Message Reference Explanation General error while processing message. Reason: [reason]. Gateway Action drop Recommended Action None. Revision Parameters reason from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.242. third_party_call_control (ID: 00200538) Default Severity WARNING Log Message SIPALG: Block third party SIP request Explanation...

  • Page 143: Null_Sip_Message_Received (Id: 00200540)

    Chapter 2: Log Message Reference Parameters message 2.1.244. null_sip_message_received (ID: 00200540) Default Severity ERROR Log Message SIPALG: SIP packet reception error. Reason:<reason> Explanation Packet without data received. Gateway Action drop Recommended Action Research how SIPALG received NULL SIP packet. Revision Parameters reason Context Parameters...

  • Page 144: Dns_Resolution_Failed (Id: 00200545)

    Chapter 2: Log Message Reference contact Context Parameters ALG Module Name 2.1.247. dns_resolution_failed (ID: 00200545) Default Severity CRITICAL Log Message Failed to do dns resolve Explanation An attempt to resolve dns failed. Reason: [reason]. Gateway Action drop Recommended Action Check if the dns servers are configured. Revision Parameters reason...

  • Page 145: Failed_To_Parse_Media (Id: 00200549)

    Chapter 2: Log Message Reference Gateway Action drop Recommended Action None. Revision Context Parameters ALG Module Name 2.1.250. failed_to_parse_media (ID: 00200549) Default Severity ERROR Log Message SIPALG: Failed to parse media Explanation Failed to parse media for the request [method]. Gateway Action drop Recommended Action...

  • Page 146: Max_Tsxn_Per_Session_Reached (Id: 00200551)

    Chapter 2: Log Message Reference Context Parameters ALG Module Name 2.1.252. max_tsxn_per_session_reached (ID: 00200551) Default Severity WARNING Log Message SIPALG: Maximum number of sessions per Service has been reached Explanation configured maximum number transaction [max_tsxn_per_session] per SIP SESSION has been reached. Gateway Action close Recommended Action...

  • Page 147: Sipalg_Callleg_Created (Id: 00200554)

    Chapter 2: Log Message Reference Default Severity ERROR Log Message SIPALG: Invalid session state change Explanation Invalid session state found [session_invalid_state]. Gateway Action close Recommended Action None. Revision Parameters session_invalid_state from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.255.

  • Page 148: Failed_To_Find_Callleg (Id: 00200556)

    Chapter 2: Log Message Reference Revision Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.257. failed_to_find_callleg (ID: 00200556) Default Severity WARNING Log Message SIPALG: Failed to find callleg Explanation Failed to find callleg for [method] request. Gateway Action drop Recommended Action...

  • Page 149: Sipalg_Callleg_Deleted (Id: 00200558)

    Chapter 2: Log Message Reference destport Context Parameters ALG Module Name 2.1.259. sipalg_callleg_deleted (ID: 00200558) Default Severity NOTICE Log Message SIPALG: sipalg callleg deleted Explanation The callleg for [method] request is deleted. Gateway Action close Recommended Action None. Revision Parameters method from_uri to_uri...

  • Page 150: Failed_To_Modify_Sat_Request (Id: 00200561)

    Chapter 2: Log Message Reference Default Severity DEBUG Log Message SIPALG: SIP-ALG callleg state updated Explanation The SIP-ALG callleg state updated to [callleg_state] state. Gateway Action allow Recommended Action None. Revision Parameters callleg_state from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.262.

  • Page 151: Failed_Create_New_Session (Id: 00200602)

    Chapter 2: Log Message Reference reached for this service. No more sessions can be opened before old sessions have been released. Gateway Action close Recommended Action If the maximum number of PPTP sessions is too low, increase it. Revision Parameters max_sessions Context Parameters ALG Module Name...

  • Page 152: Pptp_Tunnel_Removed_Client (Id: 00200605)

    Chapter 2: Log Message Reference Log Message PPTPALG: PPTP tunnel established from client Explanation A PPTP tunnel has been established between PPTP client and firewall. Gateway Action None Recommended Action None. Revision Context Parameters ALG Session ID ALG Module Name 2.1.267.

  • Page 153: Pptp_Session_Removed (Id: 00200608)

    Chapter 2: Log Message Reference Log Message PPTPALG: PPTP session established Explanation A PPTP session has been established. Gateway Action None Recommended Action None. Revision Context Parameters ALG Session ID ALG Module Name 2.1.270. pptp_session_removed (ID: 00200608) Default Severity NOTICE Log Message PPTPALG: PPTP session removed Explanation...

  • Page 154: Max_Imap_Sessions_Reached (Id: 00200650)

    Chapter 2: Log Message Reference firewall. Gateway Action None Recommended Action None. Revision Context Parameters ALG Session ID ALG Module Name 2.1.273. max_imap_sessions_reached (ID: 00200650) Default Severity WARNING Log Message IMAPALG: Maximum number of IMAP sessions (<max_sessions>) for service reached. Closing connection Explanation The maximum number of concurrent IMAP sessions has been reached for this service.

  • Page 155: Out_Of_Memory (Id: 00200656)

    Chapter 2: Log Message Reference Log Message IMAPALG: Failed to connect to the IMAP Server. Closing the connection. Explanation The unit failed to connect to the remote IMAP Server, resulting in that the ALG session could not be successfully opened. Gateway Action close Recommended Action...

  • Page 156: Base64_Decode_Failed (Id: 00200658)

    Chapter 2: Log Message Reference 2.1.278. base64_decode_failed (ID: 00200658) Default Severity ERROR Log Message IMAPALG: Base 64 decode failed. Attachment blocked Explanation The data sent to Base64 decoding failed. This can occur if the email sender sends incorrectly formatted data. The attachment has been blocked.

  • Page 157: Command_Invalid (Id: 00200661)

    Chapter 2: Log Message Reference Recommended Action If the command are to be allowed change the Alg configuration. Revision Parameters command" Context Parameters ALG Module Name ALG Session ID 2.1.281. command_invalid (ID: 00200661) Default Severity WARNING Log Message IMAP_ALG: Command <command> invalid. Explanation The client is sending command that is not a valid command.

  • Page 158: Plain_Auth_Blocked (Id: 00200664)

    Chapter 2: Log Message Reference filetype <filetype> Explanation The filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded. Gateway Action block_data Recommended Action None. Revision Parameters filename filetype sender_email_address Context Parameters ALG Module Name...

  • Page 159: 2.2. Antispam

    Chapter 2: Log Message Reference 2.2. ANTISPAM These log messages refer to the ANTISPAM (Anti-spam related events) category. 2.2.1. spam_found (ID: 05900001) Default Severity NOTICE Log Message Email was classified as spam. Explanation An email was classified as spam, but no action was taken. Gateway Action None Recommended Action...

  • Page 160: Spam_Found (Id: 05900003)

    Chapter 2: Log Message Reference 2.2.3. spam_found (ID: 05900003) Default Severity INFORMATIONAL Log Message Email was classified as spam and was rejected. Explanation An email was classified as spam and was rejected. Gateway Action reject Recommended Action None. Revision Parameters sourceip from profile...

  • Page 161: Domain_Verification_Error (Id: 05900021)

    Chapter 2: Log Message Reference Explanation Domain Verification failed because the DNS query timed out. Gateway Action None Recommended Action Verify that DNS is configured correctly. Revision Parameters sourceip from profile Context Parameters Connection ALG Module Name ALG Session ID 2.2.6.

  • Page 162: Link_Protection_Timeout (Id: 05900031)

    Chapter 2: Log Message Reference profile Context Parameters Connection ALG Module Name ALG Session ID 2.2.8. link_protection_timeout (ID: 05900031) Default Severity ERROR Log Message Link Protection query timed out. Explanation A link could not be classified because the WCF servers did not respond.

  • Page 163: Link_Protection_No_License (Id: 05900033)

    Chapter 2: Log Message Reference 2.2.10. link_protection_no_license (ID: 05900033) Default Severity ERROR Log Message Link Protection has been disabled due to license restrictions. Explanation A valid Web Content Filtering license is required to use Link Protection. Gateway Action None Recommended Action Extend valid time for Web Content Filtering.

  • Page 164: Dnsbl_Error (Id: 05900042)

    Chapter 2: Log Message Reference <dnsbl> Explanation DNSBL check failed because the DNS query timed out. Gateway Action None Recommended Action Verify that DNS is configured correctly. Revision Parameters sourceip from profile dnsbl Context Parameters Connection ALG Module Name ALG Session ID 2.2.13.

  • Page 165: Dcc_Timeout (Id: 05900051)

    Chapter 2: Log Message Reference Revision Parameters sourceip from profile Context Parameters Connection ALG Module Name ALG Session ID 2.2.15. dcc_timeout (ID: 05900051) Default Severity ERROR Log Message DCC query timed out. Explanation DCC check failed because no response was received from the DCC servers.

  • Page 166: Dcc_No_License (Id: 05900053)

    Chapter 2: Log Message Reference ALG Session ID 2.2.17. dcc_no_license (ID: 05900053) Default Severity ERROR Log Message DCC has been disabled due to license restrictions. Explanation DCC has been disabled due to license restrictions. Gateway Action None Recommended Action Extend valid time for DCC. Revision Parameters sourceip...

  • Page 167: Dnsbl_Ipcache_Add (Id: 05900810)

    Chapter 2: Log Message Reference Explanation Could not allocate memory. Gateway Action none Recommended Action Check memory. Revision Parameters type 2.2.20. dnsbl_ipcache_add (ID: 05900810) Default Severity NOTICE Log Message IP <ipaddr> added to IP Cache for <algname> Explanation An IP address was added to the IP Cache. Gateway Action none Recommended Action...

  • Page 168: Dnsbl_Session_Error (Id: 05900813)

    Chapter 2: Log Message Reference Gateway Action none Recommended Action None. Revision Parameters type algname ipaddr 2.2.23. dnsbl_session_error (ID: 05900813) Default Severity ERROR Log Message Error creating Session for IP <ipaddr> for <algname> Explanation Error creating new Session. Gateway Action dnsbl will not process mail Recommended Action Check configuration and dns settings.

  • Page 169: Dnsbl_Active (Id: 05900816)

    Chapter 2: Log Message Reference Gateway Action none Recommended Action Check configuration of DNSBL. Revision Parameters type algname 2.2.26. dnsbl_active (ID: 05900816) Default Severity NOTICE Log Message DNSBL for <algname> has been activated Explanation The DNSBL has changed status from disabled to active as contact with BlackLists have been restored.

  • Page 170: Dnsbl_Txtrecord_Truncated (Id: 05900819)

    Chapter 2: Log Message Reference Explanation BlackList was disable as it failed to respond to the query. Gateway Action none Recommended Action Check configuration if keeps begin disabled. Revision Parameters type algname blacklist 2.2.29. dnsbl_txtrecord_truncated (ID: 05900819) Default Severity WARNING Log Message TXT records does not fit buffer for Session with IP <ipaddr>...

  • Page 171: 2.3. Antivirus

    Chapter 2: Log Message Reference 2.3. ANTIVIRUS These log messages refer to the ANTIVIRUS (Anti-Virus related events) category. 2.3.1. virus_found (ID: 05800001) Default Severity WARNING Log Message Virus found in file <filename>. Virus Name: <virusname>. Signature: <virussig>. Advisory ID: <advisoryid>. Explanation A virus has been detected in a data stream.

  • Page 172: Excluded_File (Id: 05800003)

    Chapter 2: Log Message Reference ALG Session ID Connection 2.3.3. excluded_file (ID: 05800003) Default Severity NOTICE Log Message File <filename> is excluded from scanning. Identified filetype: <filetype>. Explanation The named file will be excluded from anti-virus scanning. The filetype is present in the anti-virus scan exclusion list. Gateway Action allow_data_without_scan Recommended Action...

  • Page 173: Compression_Ratio_Violation (Id: 05800006)

    Chapter 2: Log Message Reference Default Severity ERROR Log Message Decompression error for file <filename> Explanation The file could not be scanned by the anti-virus module since the decompression of the compressed file failed. Since anti-virus is running in audit mode, the data transfer will be allowed to continue. Gateway Action allow_data Recommended Action...

  • Page 174: Compression_Ratio_Violation (Id: 05800008)

    Chapter 2: Log Message Reference Explanation Anti-virus has scanned a compressed file with a compression ratio higher than the specified value. Action is set to continue scan. Gateway Action abort_scan Recommended Action Files with too high compression ratio can consume large amount of resources.

  • Page 175: Out_Of_Memory (Id: 05800010)

    Chapter 2: Log Message Reference Recommended Action Try to free some memory by changing configuration parameters. Revision Parameters filename filetype [layer7_srcinfo] [layer7_dstinfo] Context Parameters ALG Module Name ALG Session ID Connection 2.3.10. out_of_memory (ID: 05800010) Default Severity ERROR Log Message Out of memory Explanation Memory allocation failed.

  • Page 176: Virus_Scan_Failure (Id: 05800012)

    Chapter 2: Log Message Reference [layer7_dstinfo] Context Parameters ALG Module Name ALG Session ID Connection 2.3.12. virus_scan_failure (ID: 05800012) Default Severity ERROR Log Message Anti-virus scan engine failed for the file: <filename> Explanation An error occured in the anti-virus scan engine. Since anti-virus is running in audit mode, the data transfer will be allowed to continue.

  • Page 177: General_Engine_Error (Id: 05800017)

    Chapter 2: Log Message Reference databases missing. Gateway Action av_scanning_denied Recommended Action Connect your gateway to the Internet and download the anti-virus databases or configure automatic updates of anti-virus. Revision Context Parameters ALG Session ID 2.3.15. general_engine_error (ID: 05800017) Default Severity CRITICAL Log Message AVSE: Virus scanning aborted.

  • Page 178: Virus_Url_Detected (Id: 05800021)

    Chapter 2: Log Message Reference protect the receiver. Gateway Action block_data Recommended Action None. Revision Parameters advisoryid [layer7_srcinfo] [layer7_dstinfo] Context Parameters ALG Module Name ALG Session ID Connection 2.3.18. virus_url_detected (ID: 05800021) Default Severity WARNING Log Message Virus infected URL found in URL <url>. Advisory ID: <advisoryid>. Explanation A virus infected URL request has been detected.

  • Page 179: Decompression_Failed_Encrypted_File (Id: 05800025)

    Chapter 2: Log Message Reference Revision Parameters filename [layer7_srcinfo] [layer7_dstinfo] Context Parameters ALG Module Name ALG Session ID Connection 2.3.20. decompression_failed_encrypted_file (ID: 05800025) Default Severity WARNING Log Message Decompression failed for file <filename>. The file is encrypted. Explanation The file could not be scanned by the anti-virus module since the compressed file is encrypted with password protection.

  • Page 180: Max_Archive_Depth_Exceeded (Id: 05800029)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message The file <filename> has too many archive levels. Maximum allowed is <max_depth>. Explanation The file archive exceeds the maximum allowed depth. Since Fail Mode is set to Deny the data transfer will be aborted in order to protect the receiver.

  • Page 181: Unknown_Encoding (Id: 05800183)

    Chapter 2: Log Message Reference Log Message SMTPALG: Content transfer encoding is unknown or not present Explanation Antivirus module cannot scan the attachment since the transfer encoding is missing or unknown. Fail Mode is deny so data is blocked. Gateway Action block_data Recommended Action None.

  • Page 182: Unknown_Encoding (Id: 05800185)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters filename unknown_content_transfer_encoding sender_email_address Context Parameters ALG Module Name ALG Session ID 2.3.27. unknown_encoding (ID: 05800185) Default Severity WARNING Log Message POP3ALG: Content transfer encoding is unknown or not present. Explanation Antivirus module cannot scan the attachment since the transfer encoding is missing or unknown.

  • Page 183: Unknown_Encoding (Id: 05800655)

    Chapter 2: Log Message Reference 2.3.29. unknown_encoding (ID: 05800655) Default Severity WARNING Log Message IMAPALG: Content transfer encoding is unknown or not present. Explanation Antivirus module cannot scan the attachment since the transfer encoding is missing or unknown. Fail Mode is allow so data is allowed without scanning.

  • Page 184: 2.4. Appcontrol

    Chapter 2: Log Message Reference 2.4. APPCONTROL These log messages refer to the APPCONTROL (Application Control events) category. 2.4.1. application_identified (ID: 07200001) Default Severity INFORMATIONAL Log Message Application identified. Application: <application>. Explanation An application protocol has been recognized by the application control function.

  • Page 185: No_Valid_License (Id: 07200004)

    Chapter 2: Log Message Reference Explanation The end of an application protocol has been recognized by the application control function. Gateway Action None Recommended Action None. Revision Parameters application origsent termsent ssl_inspected Context Parameters Connection 2.4.4. no_valid_license (ID: 07200004) Default Severity CRITICAL Log Message Application Control disabled...

  • Page 186: Appctl_Memory_Optimized (Id: 07200008)

    Chapter 2: Log Message Reference Explanation Application Control has been disabled due fatal subsystem failure. The device will restart itself to try to restore Application Control functionality. Gateway Action restart Recommended Action It is also possible to configure the device continue with Application Control disabled through the Application Control setting 'Restart On Fatal Failure'.

  • Page 187: Application_Content_Denied (Id: 07200017)

    Chapter 2: Log Message Reference Log Message Application content allowed. Application: <application> Attribute: <attribute> Value: <value> Explanation The identified application attribute and its value is allowed by the Application Content Control policy. Gateway Action None Recommended Action Modify the Application Content Control policy if this traffic should be denied.

  • Page 188: Application_Content_Limit_Reached (Id: 07200019)

    Chapter 2: Log Message Reference 2.4.12. application_content_limit_reached (ID: 07200019) Default Severity ERROR Log Message Maximum number of concurrent non-classified (in progress) application control connections (50.000) reached. Explanation There is a maximum of 50.000 Application Content Control attributes to store until connections have been fully classified. This limit has been reached.

  • Page 189: 2.5. Arp

    Chapter 2: Log Message Reference 2.5. ARP These log messages refer to the ARP (ARP events) category. 2.5.1. unsolicited_reply_drop (ID: 00300001) Default Severity NOTICE Log Message Unsolicited ARP reply received and dropped Explanation An ARP reply was received even though no reply was currently expected for this IP.

  • Page 190: Arp_Response_Broadcast (Id: 00300004)

    Chapter 2: Log Message Reference Context Parameters Rule Name Packet Buffer 2.5.4. arp_response_broadcast (ID: 00300004) Default Severity NOTICE Log Message ARP response is a broadcast address Explanation The ARP response has a sender address which is a broadcast address. Allowing. Gateway Action allow Recommended Action...

  • Page 191: Mismatching_Hwaddrs_Drop (Id: 00300007)

    Chapter 2: Log Message Reference Context Parameters Rule Name Packet Buffer 2.5.7. mismatching_hwaddrs_drop (ID: 00300007) Default Severity NOTICE Log Message ARP hw sender does not match Ethernet hw sender. Dropping Explanation The hardware sender address specified in the ARP data does not match the Ethernet hardware sender address.

  • Page 192: Unsolicited_Reply_Accept (Id: 00300010)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters ipaddr iface 2.5.10. unsolicited_reply_accept (ID: 00300010) Default Severity NOTICE Log Message Unsolicited ARP reply received and accepted Explanation An ARP reply was received even though no reply was currently expected for this IP. Gateway Action None Recommended Action...

  • Page 193: Invalid_Arp_Sender_Ip_Address (Id: 00300049)

    Chapter 2: Log Message Reference Recommended Action Update your license to allow a greater amount of concurrent ARP entries. Revision Parameters limit 2.5.13. invalid_arp_sender_ip_address (ID: 00300049) Default Severity WARNING Log Message Failed to verify ARP sender IP address. Dropping Explanation The ARP sender IP address could not be verfied according to the "access"...

  • Page 194: Arp_Response_Broadcast_Drop (Id: 00300052)

    Chapter 2: Log Message Reference Gateway Action drop Recommended Action Verify that no fault network equipment exists. Revision Context Parameters Rule Name Packet Buffer 2.5.16. arp_response_broadcast_drop (ID: 00300052) Default Severity WARNING Log Message ARP response is a broadcast address. Dropping Explanation The ARP response has a sender address which is a broadcast address.

  • Page 195: Hwaddr_Change_Drop (Id: 00300055)

    Chapter 2: Log Message Reference Gateway Action drop Recommended Action If this is not the desired behaviour, modify the configuration. Revision Parameters reason knowntype knownip knownhw Context Parameters Rule Name Packet Buffer 2.5.19. hwaddr_change_drop (ID: 00300055) Default Severity NOTICE Log Message <knownip>...

  • Page 196: 2.6. Authagents

    Chapter 2: Log Message Reference 2.6. AUTHAGENTS These log messages refer to the AUTHAGENTS (Authentication Agent events) category. 2.6.1. authagent_connected (ID: 06500001) Default Severity INFORMATIONAL Log Message Connected to Authentication Agent at <name>:<ip4addr>:<port> Explanation Connected to Authentication Agent. Gateway Action connected Recommended Action None.

  • Page 197: Authagent_Rekeying_Error (Id: 06500004)

    Chapter 2: Log Message Reference Parameters name ip4addr 2.6.4. authagent_rekeying_error (ID: 06500004) Default Severity INFORMATIONAL Log Message Agent <name>:<ip4addr> does not accept new key. Explanation Rekeying error. Gateway Action rekeying_error Recommended Action None. Revision Parameters name ip4addr 2.6.5. authagent_protocol_mistmatch (ID: 06500005) Default Severity INFORMATIONAL Log Message...

  • Page 198: Authagent_Decryption_Error (Id: 06500007)

    Chapter 2: Log Message Reference Parameters name ip4addr 2.6.7. authagent_decryption_error (ID: 06500007) Default Severity INFORMATIONAL Log Message Error while decrypting message from Agent <name>:<ip4addr>. Explanation Decryption error. Gateway Action decryption_error Recommended Action None. Revision Parameters name ip4addr 2.6.8. authagent_challenge_error (ID: 06500008) Default Severity INFORMATIONAL Log Message...

  • Page 199: Authagent_Adduser_Error (Id: 06500010)

    Chapter 2: Log Message Reference 2.6.10. authagent_adduser_error (ID: 06500010) Default Severity INFORMATIONAL Log Message Error adding user <name> at <ip>. Explanation Add user error. Gateway Action adduser_error Recommended Action None. Revision Parameters name 2.6.11. authagent_initial_error (ID: 06500011) Default Severity INFORMATIONAL Log Message Error fetching initial data.

  • Page 200: Authagent_User_Login (Id: 06500014)

    Chapter 2: Log Message Reference Log Message Password error with Agent <name>:<ip4addr>. Explanation Password error. Gateway Action password_error Recommended Action None. Revision Parameters name ip4addr 2.6.14. authagent_user_login (ID: 06500014) Default Severity NOTICE Log Message User logged in. Idle timeout: <idle_timeout>, Session timeout: <session_timeout>...

  • Page 201: Authagent_Adduser_Error (Id: 06500040)

    Chapter 2: Log Message Reference 2.6.16. authagent_adduser_error (ID: 06500040) Default Severity INFORMATIONAL Log Message Error adding user <username> at <iface> <ip>. Explanation Add user error. Gateway Action adduser_error Recommended Action None. Revision Parameters username iface 2.6.17. authagent_removeuser_error (ID: 06500042) Default Severity INFORMATIONAL Log Message Error removing user <iface>...

  • Page 202: 2.7. Avse

    Chapter 2: Log Message Reference 2.7. AVSE These log messages refer to the AVSE (Events from Anti Virus Scan Engine) category. 2.7.1. av_db_digital_signature (ID: 05100001) Default Severity ALERT Log Message Could not start Anti-virus engine because of <reason> Explanation The unit tried to read the anti-virus database, but failed. The reason for this is specified in the "reason"...

  • Page 203: 2.8. Avupdate

    Chapter 2: Log Message Reference 2.8. AVUPDATE These log messages refer to the AVUPDATE (Antivirus Signature update) category. 2.8.1. av_db_update_failure (ID: 05000001) Default Severity ALERT Log Message Update of the Anti-virus database failed, because of <reason> Explanation The unit tried to update the anti-virus database, but failed. The reason for this is specified in the "reason"...

  • Page 204: Av_Detects_Invalid_System_Time (Id: 05000005)

    Chapter 2: Log Message Reference Default Severity NOTICE Log Message Anti-virus database could not be updated, as no valid subscription exist Explanation The current license does not allow the anti-virus database to be updated. Gateway Action None Recommended Action Check the system's time and/or purchase a subscription. Revision 2.8.5.

  • Page 205: Downloading_New_Database (Id: 05000009)

    Chapter 2: Log Message Reference Log Message Unsynchronized hardware and software databases detected Explanation The anti-virus hardware and software databases are not synchronized. A full update is automatically initiated. Gateway Action downloading_new_database Recommended Action None. Revision 2.8.8. downloading_new_database (ID: 05000009) Default Severity NOTICE Log Message...

  • Page 206: 2.9. Blacklist

    Chapter 2: Log Message Reference 2.9. BLACKLIST These log messages refer to the BLACKLIST (Blacklist events) category. 2.9.1. failed_to_write_list_of_blocked_hosts_to_media (ID: 04600001) Default Severity CRITICAL Log Message Failed to write list of blocked hosts to media Explanation Failed to write list of blocked hosts to media. The media might be corrupted.

  • Page 207: Host_Unblacklisted (Id: 04600004)

    Chapter 2: Log Message Reference 2.9.4. host_unblacklisted (ID: 04600004) Default Severity NOTICE Log Message Blacklist entry removed. Protocol: <proto>, IP: <ip>, Port: <port>. Explanation A blacklist entry has been removed. Gateway Action None Recommended Action None. Revision Parameters proto port 2.9.5.

  • Page 208: 2.10. Buffers

    Chapter 2: Log Message Reference 2.10. BUFFERS These log messages refer to the BUFFERS (Events regarding buffer usage) category. 2.10.1. buffers_flooded (ID: 00500001) Default Severity WARNING Log Message The buffers were flooded for <duration> seconds. Current usage is <buf_usage> percent Explanation The unit was temporarily out of buffers for a period of time.

  • Page 209: 2.11. Conn

    Chapter 2: Log Message Reference 2.11. CONN These log messages refer to the CONN (State engine events, e.g. open/close connections) category. 2.11.1. conn_open (ID: 00600001) Default Severity INFORMATIONAL Log Message Connection opened Explanation A connection has been opened. Gateway Action None Recommended Action None.

  • Page 210: Conn_Open_Natsat (Id: 00600004)

    Chapter 2: Log Message Reference Revision Context Parameters Rule Name Connection 2.11.4. conn_open_natsat (ID: 00600004) Default Severity INFORMATIONAL Log Message Connection opened Explanation A connection has been opened. Gateway Action None Recommended Action None. Revision Context Parameters Rule Information Connection Packet Buffer 2.11.5.

  • Page 211: Out_Of_Connections (Id: 00600011)

    Chapter 2: Log Message Reference Context Parameters Rule Name Packet Buffer 2.11.7. out_of_connections (ID: 00600011) Default Severity WARNING Log Message Out of connections. Dropping connection attempt Explanation The connection table is currently full, and this new connection attempt will be dropped. Gateway Action drop Recommended Action...

  • Page 212: No_Return_Route (Id: 00600014)

    Chapter 2: Log Message Reference Gateway Action drop Recommended Action None. Revision Parameters protocol Context Parameters Rule Name Packet Buffer 2.11.10. no_return_route (ID: 00600014) Default Severity WARNING Log Message Failed to open a new connection since a return route to the sender address cant be found.

  • Page 213: Port_0_Illegal (Id: 00600020)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message State inspector would not open a new connection for this ICMPv6 packet, dropping packet Explanation State inspector would not open a new connection for this ICMPb6 packet since it is not an ICMPv6 Echo Request. Only Echo Requests are allowed to open a new ICMPv6 connection.

  • Page 214: Udp_Src_Port_0_Forwarded (Id: 00600022)

    Chapter 2: Log Message Reference 2.11.15. udp_src_port_0_forwarded (ID: 00600022) Default Severity WARNING Log Message UDP source port is set to 0. Forwards packet Explanation The UDP source port was set to 0. This can be used by UDP streams not expecting return traffic. Forwarding packet. Gateway Action none Recommended Action...

  • Page 215: Passive_Data (Id: 00600101)

    Chapter 2: Log Message Reference 2.11.18. passive_data (ID: 00600101) Default Severity INFORMATIONAL Log Message FTPALG: Incoming passive data channel Explanation A passive data channel connection has been established. Gateway Action None Recommended Action None. Revision Context Parameters ALG Module Name ALG Session ID Rule Information Connection...
  • Page 216 Chapter 2: Log Message Reference Rule Information Connection...

  • Page 217: 2.12. Dhcp

    Chapter 2: Log Message Reference 2.12. DHCP These log messages refer to the DHCP (DHCP client events) category. 2.12.1. offered_ip_occupied (ID: 00700001) Default Severity NOTICE Log Message Interface <iface> received a lease with an offered IP that appear to be occupied (<ip4addr>) Explanation Received a DHCP lease which appears to be in use by someone else.

  • Page 218: Renewed_Lease (Id: 00700004)

    Chapter 2: Log Message Reference Revision Parameters iface netmask bcast Context Parameters Packet Buffer 2.12.4. renewed_lease (ID: 00700004) Default Severity NOTICE Log Message Interface <iface> have renewed its lease. The new lease is valid for <valid_seconds> seconds Explanation An interface have successfully renewed its lease. Gateway Action None Recommended Action...

  • Page 219: Invalid_Server_Id (Id: 00700008)

    Chapter 2: Log Message Reference Explanation An interface received a lease with a leasetime which is lower then the configured minimum. Gateway Action drop Recommended Action Check the DHCP server configuration or adjust the minimum leasetime limit. Revision Parameters iface lease_time minimum_lease_time Context Parameters...

  • Page 220: Invalid_Broadcast (Id: 00700010)

    Chapter 2: Log Message Reference 2.12.9. invalid_broadcast (ID: 00700010) Default Severity WARNING Log Message Interface <iface> received a lease with an invalid broadcast address (<broadcast>) Explanation An interface received a lease with an invalid broadcast address. Gateway Action drop Recommended Action Check DHCP server configuration.

  • Page 221: Offered_Broadcast_Equals_Gateway (Id: 00700013)

    Chapter 2: Log Message Reference Parameters iface gateway Context Parameters Packet Buffer 2.12.12. offered_broadcast_equals_gateway (ID: 00700013) Default Severity WARNING Log Message Interface <iface> received a lease where the offered broadcast equals the offered gateway Explanation An interface received a lease where the offered broadcast address is equal with the offered gateway address.
  • Page 222 Chapter 2: Log Message Reference collision (DHCP route: <dhcp_route> collides with configured route <configured_route>) Explanation An interface received a lease which if used will cause a route collision with a configured route. Gateway Action drop Recommended Action Check DHCP server configuration and SG interface configuration. Revision Parameters iface...

  • Page 223: 2.13. Dhcprelay

    Chapter 2: Log Message Reference 2.13. DHCPRELAY These log messages refer to the DHCPRELAY (DHCP relayer events) category. 2.13.1. unable_to_save_dhcp_relay_list (ID: 00800001) Default Severity WARNING Log Message Unable to auto save the DHCP relay list to disk Explanation Unable to autosave the DHCP relay list to disk. Gateway Action None Recommended Action...

  • Page 224: Maximum_Ppm_For_Relayer_Reached (Id: 00800005)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Incorrect BOOTP/DHCP cookie. Dropping Explanation Received a packet with an incorrect BOOTP/DHCP cookie. Gateway Action drop Recommended Action Investigate what client implementation is being used. Revision Context Parameters Packet Buffer 2.13.5.

  • Page 225: Client_Release (Id: 00800008)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Hop limit exceeded. Dropping Explanation The maxmimum hop limit for the DHCP packet have been reached. Gateway Action None Recommended Action Verify maximum-hop-limit setting. Revision Context Parameters Packet Buffer 2.13.8. client_release (ID: 00800008) Default Severity WARNING Log Message...

  • Page 226: Unable_To_Add_Relay_Route_Since_Out_Of_Memory (Id: 00800011)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message The limit for DHCP relay routes have been reached. Dropping Explanation The DHCP relay routes limit have been reached. Gateway Action drop Recommended Action Verify max-relay-routes-limit. Revision Context Parameters Rule Name 2.13.11.

  • Page 227: Bad_Inform_Pkt_With_Mismatching_Source_Ip_And_Client_Ip (Id: 00800014)

    Chapter 2: Log Message Reference Log Message No message type. Dropping Explanation Received DHCP packet without the required message type parameter. Gateway Action drop Recommended Action Investigate what client implementation is being used. Revision Context Parameters Rule Name Packet Buffer 2.13.14.

  • Page 228: Dhcp_Server_Is_Unroutable (Id: 00800017)

    Chapter 2: Log Message Reference 00800016) Default Severity WARNING Log Message The maximum number <max_relays> of current DHCP relays for this interface have been reached. Dropping Explanation The maximum number of DHCP relayed through a specified interface have been reached. Gateway Action drop Recommended Action...

  • Page 229: Invalid_Gateway (Id: 00800019)

    Chapter 2: Log Message Reference Context Parameters Rule Name Packet Buffer 2.13.19. invalid_gateway (ID: 00800019) Default Severity WARNING Log Message Received request with invalid gateway (<gateway_ip>). Dropping Explanation Received DHCP request with an invalid gateway. Gateway Action drop Recommended Action Investigate what client implementation is being used.

  • Page 230: Got_Reply_On_A_Non_Security_Equivalent_Interface (Id: 00800022)

    Chapter 2: Log Message Reference Revision Parameters client_hw dest_ip Context Parameters Rule Name Packet Buffer 2.13.22. got_reply_on_a_non_security_equivalent_interface (ID: 00800022) Default Severity WARNING Log Message Received reply for client <client_hw> on a non security equivalent interface. Dropping Explanation Received a reply for a client on a non security equivalent interface. Gateway Action drop Recommended Action...

  • Page 231: Ambiguous_Host_Route (Id: 00800025)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message DHCP/BOOTP-Server <server_ip> tried to assign a client with an illegal IP <ip>. Dropping Explanation Received a lease with an illegal client assignment IP. Gateway Action drop Recommended Action Check DHCP server configuration. Revision Parameters server_ip...

  • Page 232: Relayed_Bootp_Reply (Id: 00800027)

    Chapter 2: Log Message Reference Context Parameters Rule Name Packet Buffer 2.13.27. relayed_bootp_reply (ID: 00800027) Default Severity NOTICE Log Message Relayed BOOTP-reply to client <client_hw> Explanation Relayed BOOTP reply to client. Gateway Action None Recommended Action None. Revision Parameters client_hw Context Parameters Rule Name Packet Buffer...
  • Page 233 Chapter 2: Log Message Reference Revision Parameters gateway_ip Context Parameters Rule Name Packet Buffer...

  • Page 234: 2.14. Dhcpserver

    Chapter 2: Log Message Reference 2.14. DHCPSERVER These log messages refer to the DHCPSERVER (DHCP server events) category. 2.14.1. unable_to_send_response (ID: 00900001) Default Severity WARNING Log Message Failed to get buffer for sending. Unable to reply Explanation Unable to get a buffer for sending. Gateway Action None Recommended Action...

  • Page 235: Dhcp_Packet_Too_Small (Id: 00900005)

    Chapter 2: Log Message Reference Log Message Lease database was successfully auto saved to disk Explanation The lease database was successfully saved to disk. Gateway Action None Recommended Action None. Revision 2.14.5. dhcp_packet_too_small (ID: 00900005) Default Severity WARNING Log Message Received DHCP packet which is smaller then the minimum allowed 300 bytes.

  • Page 236: Request_For_Ip_From_Non_Bound_Client_Without_State (Id: 00900008)

    Chapter 2: Log Message Reference Log Message Received a request from client(in bound) <client> for IP <client_ip> without state. Rejecting Explanation Received a request from a bound client without state. Gateway Action reject Recommended Action None. Revision Parameters client client_ip Context Parameters Packet Buffer 2.14.8.

  • Page 237: Lease_Timeout (Id: 00900012)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Received request with bad UDP checksum. Dropping Explanation Received request with bad UDP checksum. Gateway Action drop Recommended Action Check network equipment for errors. Revision Context Parameters Packet Buffer 2.14.11. lease_timeout (ID: 00900012) Default Severity NOTICE Log Message...

  • Page 238: Sending_Offer (Id: 00900015)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message All IPs in the pool are in use. Request cannot be fulfilled Explanation A request cannot be fullfilled since all pools are in use. Gateway Action None Recommended Action Extend the pools to support more clients. Revision Context Parameters Rule Name...

  • Page 239: Request_For_Non_Bound_Ip (Id: 00900018)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Client <client_hw> requested non offered IP. Rejecting Explanation Client sent a request for a non offered IP. Gateway Action Recommended Action None. Revision Parameters client_hw client_wanted client_offered Context Parameters Rule Name Packet Buffer 2.14.17.

  • Page 240: Client_Renewed (Id: 00900020)

    Chapter 2: Log Message Reference Context Parameters Rule Name Packet Buffer 2.14.19. client_renewed (ID: 00900020) Default Severity NOTICE Log Message Client <client_hw> renewed IP <client_ip> Explanation Client successfully renewed its lease. Gateway Action renew Recommended Action None. Revision Parameters client_hw client_ip Context Parameters Rule Name...

  • Page 241: Decline_For_Non_Offered_Ip (Id: 00900023)

    Chapter 2: Log Message Reference Recommended Action Check network for inconsistent routes. Revision Parameters client_hw client_ip recv_if client_if Context Parameters Rule Name Packet Buffer 2.14.22. decline_for_non_offered_ip (ID: 00900023) Default Severity NOTICE Log Message Client <client_hw> declined non offered IP. Decline is ignored Explanation Client rejected non a offered IP.

  • Page 242: Release_For_Ip_On_Wrong_Iface (Id: 00900026)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Received a request from client(bound) <client> for IP <client_ip> without state. Ignoring Explanation Received a request from a bound client without state. Gateway Action None Recommended Action None. Revision Parameters client client_ip Context Parameters...
  • Page 243 Chapter 2: Log Message Reference client_ip Context Parameters Rule Name Packet Buffer...

  • Page 244: 2.15. Dhcpv6Client

    Chapter 2: Log Message Reference 2.15. DHCPV6CLIENT These log messages refer to the DHCPV6CLIENT (DHCPv6 Client Events) category. 2.15.1. offered_ip_occupied (ID: 07300001) Default Severity NOTICE Log Message Interface <iface> received a lease with an offered IP that appear to be occupied (<ip6addr>) Explanation Received a DHCPv6 lease which appears to be in use by someone else.

  • Page 245: Lease_Expired (Id: 07300005)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters iface valid_seconds Context Parameters Packet Buffer 2.15.4. lease_expired (ID: 07300005) Default Severity NOTICE Log Message Interface <iface> lease expired Explanation A lease have expired and the ip data for this interface are no longer valid.

  • Page 246: Bad_Server_Address (Id: 07300008)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters code iface 2.15.7. bad_server_address (ID: 07300008) Default Severity WARNING Log Message DHCPv6 server Reply contained a bad server address <address> on <iface>. Explanation A DHCPv6 Reply was received containing a bad server address. Gateway Action drop Recommended Action...

  • Page 247: Low_Life_Time (Id: 07300011)

    Chapter 2: Log Message Reference Revision Parameters iface 2.15.10. low_life_time (ID: 07300011) Default Severity WARNING Log Message DHCPv6 server Reply IA_NA offered address lifetime too low on <iface>. Preferred lifetime <preferred>, valid lifetime <valid>. Explanation A DHCPv6 Reply IA_NA option was received containing an address life time too low.

  • Page 248: 2.16. Dhcpv6Server

    Chapter 2: Log Message Reference 2.16. DHCPV6SERVER These log messages refer to the DHCPV6SERVER (DHCPv6 Server Events) category. 2.16.1. client_id_missing (ID: 07400001) Default Severity WARNING Log Message Client ID option missing in received message. Explanation The received packet is missing vital information. Gateway Action drop Recommended Action...

  • Page 249: Unable_To_Send_Response (Id: 07400005)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Unexpected Server ID option in received message. Explanation The received message contains unexpected information. Gateway Action drop Recommended Action Investigate what client implementation is being used. Dropping. Revision Context Parameters Packet Buffer 2.16.5.

  • Page 250: Client_Renewed (Id: 07400008)

    Chapter 2: Log Message Reference Explanation Received Request message from a client. Gateway Action none Recommended Action None. Revision Parameters client_hw iface offer_ip 2.16.8. client_renewed (ID: 07400008) Default Severity NOTICE Log Message Client <client_hw> on <iface> renewed IP <client_ip>. Explanation Client successfully renewed its address lease.

  • Page 251: Pool_Depleted (Id: 07400011)

    Chapter 2: Log Message Reference Explanation A client lease wasn't renewed and timed out. Gateway Action lease_inactive Recommended Action None. Revision Parameters client_ip Context Parameters Rule Name 2.16.11. pool_depleted (ID: 07400011) Default Severity WARNING Log Message All IPs in the pool are now in use. Request for new IP address cannot be fulfilled.

  • Page 252: Dhcpv6_Faulty_Length (Id: 07400014)

    Chapter 2: Log Message Reference allowed bytes. Gateway Action drop Recommended Action Investigate what client implementation is being used. Revision Context Parameters Packet Buffer 2.16.14. dhcpv6_faulty_length (ID: 07400014) Default Severity WARNING Log Message Received DHCPv6 packet with faulty length. Dropping. Explanation Received a DHCPv6 packet with mismatching lengths calculated from IP- and UDP-layers.

  • Page 253: Unable_To_Save_Lease_Db (Id: 07400017)

    Chapter 2: Log Message Reference Revision 2.16.17. unable_to_save_lease_db (ID: 07400017) Default Severity WARNING Log Message Unable to auto save the lease database to disk Explanation Some sort of error occurred saving the lease database to disk. Gateway Action None Recommended Action Make sure that there is sufficient diskspace available.

  • Page 254: Unexpected_Relay_Reply_Message (Id: 07400021)

    Chapter 2: Log Message Reference Default Severity NOTICE Log Message Unexpected message type (Reconfigure) in received packet. Explanation Received DHCPv6 packet with unexpected message type (Reconfigure). Gateway Action drop Recommended Action None. Revision Context Parameters Packet Buffer 2.16.21. unexpected_relay_reply_message (ID: 07400021) Default Severity NOTICE Log Message...

  • Page 255: 2.17. Dnscache

    Chapter 2: Log Message Reference 2.17. DNSCACHE These log messages refer to the DNSCACHE (DNS Cache) category. 2.17.1. ipv6_max_addresses (ID: 08000001) Default Severity WARNING Log Message FQDN object <name> reached the limit for IPv6 addresses. Explanation Maximum number of IP addresses for the FQDN has been exceeded. Gateway Action ignore Recommended Action...

  • Page 256: 2.18. Dynrouting

    Chapter 2: Log Message Reference 2.18. DYNROUTING These log messages refer to the DYNROUTING (Dynamic routing) category. 2.18.1. failed_to_export_route_to_ospf_process_failed_to_alloc (ID: 01100001) Default Severity CRITICAL Log Message Failed to export route to OSPF process (unable to alloc export node) Explanation Unable to export route to a OSPF process since out of memory. Gateway Action alert Recommended Action...

  • Page 257: Failed_To_Add_Route_Unable_To_Alloc (Id: 01100004)

    Chapter 2: Log Message Reference Revision Context Parameters Dynamic Route Rule Name Route 2.18.4. failed_to_add_route_unable_to_alloc (ID: 01100004) Default Severity CRITICAL Log Message Failed to add route (unable to alloc route) Explanation Failed to create a route since out of memory. Gateway Action alert Recommended Action...
  • Page 258 Chapter 2: Log Message Reference Revision Context Parameters Dynamic Route Rule Name Route...

  • Page 259: 2.19. Frag

    Chapter 2: Log Message Reference 2.19. FRAG These log messages refer to the FRAG (Fragmentation events) category. 2.19.1. individual_frag_timeout (ID: 02000001) Default Severity WARNING Log Message Individual fragment timed out. Explanation A fragment of an IP packet timed out, and is dropped. Gateway Action drop Recommended Action...

  • Page 260: Fail_Out_Of_Resources (Id: 02000004)

    Chapter 2: Log Message Reference Revision Parameters srcip destip ipproto fragid fragact frags Context Parameters Dropped Fragments Rule Name 2.19.4. fail_out_of_resources (ID: 02000004) Default Severity CRITICAL Log Message Out of reassembly resources. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact> Explanation Out of fragmentation-reassembly resources when processing the IP packet.

  • Page 261: Fail_Timeout (Id: 02000006)

    Chapter 2: Log Message Reference ipproto fragid fragact frags Context Parameters Dropped Fragments Rule Name 2.19.6. fail_timeout (ID: 02000006) Default Severity CRITICAL Log Message Time out reassembling. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact> Explanation Timed out when reassembling a fragmented IP packet. Dropping packet.

  • Page 262: Drop_Frags_Of_Disallowed_Packet (Id: 02000008)

    Chapter 2: Log Message Reference frags Context Parameters Dropped Fragments Rule Name 2.19.8. drop_frags_of_disallowed_packet (ID: 02000008) Default Severity WARNING Log Message Dropping stored fragments of disallowed packet. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact> Explanation The fragments of a disallowed IP packet were dropped. Gateway Action drop Recommended Action...

  • Page 263: Drop_Extraneous_Frags_Of_Completed_Packet (Id: 02000010)

    Chapter 2: Log Message Reference 2.19.10. drop_extraneous_frags_of_completed_packet (ID: 02000010) Default Severity WARNING Log Message Dropping extraneous fragments of completed packet. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact> Explanation A completed reassembled IP packet contains extraneous fragments, which are dropped. Gateway Action drop Recommended Action...

  • Page 264: Drop_Duplicate_Frag (Id: 02000013)

    Chapter 2: Log Message Reference fragments, was received. Dropping the duplicate fragment. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.19.13. drop_duplicate_frag (ID: 02000013) Default Severity WARNING Log Message Dropping duplicate fragment Explanation A duplicate fragment of an IP packet was received. Dropping the duplicate fragment.

  • Page 265: Bad_Ipdatalen (Id: 02000016)

    Chapter 2: Log Message Reference Log Message Internal Error: No available resources (out of memory?). Explanation An Internal Error occured. Failed to create necessary fragmentation reassembly resources. This could be a result of the unit being out of memory. Gateway Action drop Recommended Action None.

  • Page 266: Overlapping_Frag (Id: 02000018)

    Chapter 2: Log Message Reference 2.19.18. overlapping_frag (ID: 02000018) Default Severity ERROR Log Message Overlapping fragment Explanation This fragment would overlap the next fragment offset. Dropping packet. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.19.19.

  • Page 267: Duplicate_Frag_With_Different_Data (Id: 02000021)

    Chapter 2: Log Message Reference 2.19.21. duplicate_frag_with_different_data (ID: 02000021) Default Severity ERROR Log Message Duplicate fragment with different data received Explanation The fragment is a duplicate of an already received fragment, but the fragment data differs. Dropping packet. Gateway Action drop Recommended Action None.

  • Page 268: Drop_Frag_Disallowed_Packet (Id: 02000024)

    Chapter 2: Log Message Reference 2.19.24. drop_frag_disallowed_packet (ID: 02000024) Default Severity WARNING Log Message Dropping fragment of disallowed packet Explanation A fragment of a disallowed IP packet is dropped. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.19.25.

  • Page 269: Drop_Frag_Failed_Packet (Id: 02000027)

    Chapter 2: Log Message Reference 2.19.27. drop_frag_failed_packet (ID: 02000027) Default Severity WARNING Log Message Dropping fragment of failed packet Explanation A fragment of a failed IP packet is dropped. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.19.28.

  • Page 270: Single_Frag (Id: 02000117)

    Chapter 2: Log Message Reference Default Severity ERROR Log Message Bad IPDataLen=<ipdatalen> Explanation The partly reassembled IP packet has an invalid IP data length. Dropping packet. Gateway Action drop Recommended Action None. Revision Parameters ipdatalen Context Parameters Rule Name Packet Buffer 2.19.31.

  • Page 271: 2.20. Geoip

    Chapter 2: Log Message Reference 2.20. GEOIP These log messages refer to the GEOIP (GeoIP Events) category. 2.20.1. database_load_failed (ID: 08100001) Default Severity WARNING Log Message Unable to load IPv4 Geolocation database, because of <reason> Explanation The unit failed to load the IPv4 Geolocation database. Gateway Action None Recommended Action...

  • Page 272: 2.21. Gre

    Chapter 2: Log Message Reference 2.21. GRE These log messages refer to the GRE (GRE events) category. 2.21.1. failed_to_setup_gre_tunnel (ID: 02200001) Default Severity WARNING Log Message Failed to setup open tunnel from <local_ip> to <remote_ip> Explanation Unable to setup GRE tunnel with endpoint. Gateway Action drop Recommended Action...

  • Page 273: Gre_Checksum_Error (Id: 02200004)

    Chapter 2: Log Message Reference 2.21.4. gre_checksum_error (ID: 02200004) Default Severity WARNING Log Message GRE packet with checksum error. Packet dropped Explanation Received GRE packet with checksum errors. Gateway Action drop Recommended Action Check network equipment for errors. Revision Context Parameters Packet Buffer 2.21.5.

  • Page 274: Gre_Routing_Flag_Set (Id: 02200008)

    Chapter 2: Log Message Reference Log Message Received GRE packet with unmatched session key. Packet dropped Explanation Received GRE packet with unmatched session key. Gateway Action drop Recommended Action Check GRE session key settings on the remote gateway. Revision Parameters session_key Context Parameters Packet Buffer...

  • Page 275: Peer_Gone (Id: 01200001)

    Chapter 2: Log Message Reference 2.22. HA These log messages refer to the HA (High Availability events) category. 2.22.1. peer_gone (ID: 01200001) Default Severity NOTICE Log Message Peer firewall disappeared. Going active Explanation The peer gateway (which was active) is not available anymore. This gateway will now go active instead.

  • Page 276: Peer_Has_Lower_Local_Load (Id: 01200005)

    Chapter 2: Log Message Reference Default Severity NOTICE Log Message Both active, peer has higher local load; staying active Explanation Both memebrs are active, but the peer has higher local load. This gateway will stay active. Gateway Action stay_active Recommended Action None.

  • Page 277: Conflict_Both_Peers_Inactive (Id: 01200008)

    Chapter 2: Log Message Reference Recommended Action None. Revision 2.22.8. conflict_both_peers_inactive (ID: 01200008) Default Severity NOTICE Log Message Conflict: Both peers are inactive! Resolving... Explanation A conflict occured as both peers are inactive at the same time. The conflict will automatically be resolved. Gateway Action None Recommended Action...

  • Page 278: Heartbeat_From_Unknown (Id: 01200043)

    Chapter 2: Log Message Reference Default Severity NOTICE Log Message Peer firewall is alive Explanation The peer gateway is alive. Gateway Action None Recommended Action None. Revision 2.22.12. heartbeat_from_unknown (ID: 01200043) Default Severity WARNING Log Message Received HA heartbeat from unknown IP. Dropping Explanation The received HA heartbeat packet was originating from an unknown IP.

  • Page 279: Merge_Failed (Id: 01200051)

    Chapter 2: Log Message Reference Explanation The gateway failed to activate the merged configuration that was received from the peer. Gateway Action ha_activate_conf Recommended Action None. Revision 2.22.15. merge_failed (ID: 01200051) Default Severity WARNING Log Message Failed to merge configuration from HA partner Explanation The gateway failed to merge the configuration that was received from the peer.

  • Page 280: Ha_Commit_Unknown_Error (Id: 01200054)

    Chapter 2: Log Message Reference 2.22.18. ha_commit_unknown_error (ID: 01200054) Default Severity WARNING Log Message An unknown error occured while saving the HA configuration Explanation An unknown error occured when the HA configuration was to be saved. It has not been commited. Gateway Action ha_commitchanges Recommended Action...

  • Page 281: Hasync_Connection_Disconnected_Lifetime_Expired (Id: 01200201)

    Chapter 2: Log Message Reference Default Severity NOTICE Log Message HASync connection to peer firewall established Explanation HA synchronization connection to peer has been establihsed. Supported events will now be synchronized between the members of the HA cluster. Gateway Action None Recommended Action None.

  • Page 282: Disallowed_On_Sync_Iface (Id: 01200400)

    Chapter 2: Log Message Reference Gateway Action None Recommended Action None. Revision 2.22.25. disallowed_on_sync_iface (ID: 01200400) Default Severity WARNING Log Message Received non-HA traffic on sync iface. Dropping Explanation A packet which is not a HA-related packet was received on the sync interface.

  • Page 283: Heartbeat_From_Myself (Id: 01200412)

    Chapter 2: Log Message Reference Revision Context Parameters Rule Name Packet Buffer 2.22.28. heartbeat_from_myself (ID: 01200412) Default Severity WARNING Log Message Received HA heartbeat from the gateway itself. Dropping Explanation The received HA heartbeat packet was originating from the gateway itself.

  • Page 284: Both_Inactive (Id: 01200617)

    Chapter 2: Log Message Reference 2.22.31. both_inactive (ID: 01200617) Default Severity NOTICE Log Message Both not active, activation in progress. Explanation Both not active, activation in progress. Gateway Action activate Recommended Action None. Revision 2.22.32. going_online (ID: 01200618) Default Severity NOTICE Log Message Ha unit going online.

  • Page 285: Hwm

    Chapter 2: Log Message Reference 2.23. HWM These log messages refer to the HWM (Hardware monitor events) category. 2.23.1. temperature_alarm (ID: 04000011) Default Severity WARNING Log Message Temperature monitor <index> (<name>) is outside the specified limit. Current value is <current_temp> <unit>, lower limit is <min_limit>, upper limit is <max_limit>...

  • Page 286: Voltage_Normal (Id: 04000022)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Voltage monitor <index> (<name>) is outside the specified limit. Current value is <current_voltage> <unit>, lower limit is <min_limit>, upper limit is <max_limit> Explanation The powersupply of this unit may be failing. Gateway Action none Recommended Action...

  • Page 287: Fanrpm_Normal (Id: 04000032)

    Chapter 2: Log Message Reference Gateway Action none Recommended Action Unblock or change the corresponding fan. Revision Parameters index name unit current_fanrpm min_limit max_limit 2.23.6. fanrpm_normal (ID: 04000032) Default Severity WARNING Log Message Fan RPM monitor <index> (<name>) is outside the specified limit. Current value is <current_fanrpm>...

  • Page 288: Gpio_Normal (Id: 04000042)

    Chapter 2: Log Message Reference unit current_gpio min_limit max_limit 2.23.8. gpio_normal (ID: 04000042) Default Severity WARNING Log Message Temperature monitor <index> (<name>) is outside the specified limit. Current value is <current_gpio> <unit>, lower limit is <min_limit>, upper limit is <max_limit> Explanation The sensor reports that the GPIO value is back inte the normal range.

  • Page 289: Free_Memory_Normal_Level (Id: 04000103)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Free memory fallen below specified limit <limit_megabyte> megabyte, limit classified is <severity>, free <free_mem> MB of total <total_mem> MB, percentage free <free_percentage> Explanation The amount of free memory is getting low. Gateway Action None Recommended Action...

  • Page 290: 2.24. Idp

    Chapter 2: Log Message Reference 2.24. IDP These log messages refer to the IDP (Intrusion Detection & Prevention events) category. 2.24.1. scan_detected (ID: 01300001) Default Severity NOTICE Log Message Scan detected: <description>, Signature ID=<signatureid>. ID Rule: <idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port: <srcport>.

  • Page 291: Intrusion_Detected (Id: 01300003)

    Chapter 2: Log Message Reference signatureid idrule ipproto srcip srcport destip destport internalid Context Parameters Rule Name Deep Inspection 2.24.3. intrusion_detected (ID: 01300003) Default Severity WARNING Log Message Intrusion detected: <description>, Signature ID=<signatureid>. ID Rule: <idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port: <srcport>.

  • Page 292: Scan_Detected (Id: 01300005)

    Chapter 2: Log Message Reference Recommended Action Research the advisory (searchable by the unique ID). Revision Parameters description signatureid idrule ipproto srcip srcport destip destport internalid Context Parameters Rule Name Deep Inspection 2.24.5. scan_detected (ID: 01300005) Default Severity NOTICE Log Message Scan detected: <description>, Signature ID=<signatureid>.

  • Page 293: Intrusion_Detected (Id: 01300007)

    Chapter 2: Log Message Reference Explanation A notice signature matched the traffic. Gateway Action None Recommended Action This is probably not an attack, but you may research the advisory (searchable by the unique ID). Revision Parameters description signatureid idrule ipproto srcip srcport destip...

  • Page 294: Invalid_Url_Format (Id: 01300009)

    Chapter 2: Log Message Reference Log Message Virus/Worm detected: <description>, Signature ID=<signatureid>. ID Rule: <idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port: <srcport>. Destination IP: <destip>. Destination Port: <destport>. Internal ID: <internalid>. Explanation A virus signature matched the traffic. Gateway Action None Recommended Action Research the advisory (searchable by the unique ID).

  • Page 295: Idp_Evasion (Id: 01300011)

    Chapter 2: Log Message Reference Log Message Failed to parse the HTTP URL. ID Rule: <idrule>. URL: <url>. Source IP: <srcip>. Source Port: <srcport>. Destination IP: <destip>. Destination Port: <destport>. Ignoring the URL. Explanation The unit failed parsing an URL. The reason for this is problaby because the URL has an invalid format, or it contains invalid UTF8 formatted characters.

  • Page 296: Idp_Outofmem (Id: 01300013)

    Chapter 2: Log Message Reference Explanation The unit failed to reassemble data. The reason for this is problaby due to an IDP engine evasion attack. Gateway Action ignore Recommended Action None. Revision Parameters idrule srcip srcport destip destport Context Parameters Rule Name 2.24.13.

  • Page 297: Idp_Failscan (Id: 01300015)

    Chapter 2: Log Message Reference Revision Parameters idrule srcip srcport destip destport Context Parameters Rule Name 2.24.15. idp_failscan (ID: 01300015) Default Severity ERROR Log Message Failed to scan data. ID Rule: <idrule>. Source IP: <srcip>. Source Port: <srcport>. Destination IP: <destip>. Destination Port: <destport>. Reason: reason>.

  • Page 298: No_Valid_License_Or_No_Signature_File (Id: 01300017)

    Chapter 2: Log Message Reference reason Context Parameters Rule Name 2.24.17. no_valid_license_or_no_signature_file (ID: 01300017) Default Severity CRITICAL Log Message IDP: No signatures loaded, skipping IDP filtering Explanation IDP scanning is aborted since the signature file has been disabled or no signature file was found. Gateway Action idp_scanning_aborted Recommended Action...

  • Page 299: 2.25. Idppipes

    Chapter 2: Log Message Reference 2.25. IDPPIPES These log messages refer to the IDPPIPES (IDP Traffic Shaping events) category. 2.25.1. conn_idp_piped (ID: 06100001) Default Severity WARNING Log Message IDP Pipe event triggered. Throughput limited to <limit> Explanation An IDP rule with Pipe event triggered on the specified connection. The connection is piped to [limit] kbps.

  • Page 300: Idp_Piped_State_Replaced (Id: 06100004)

    Chapter 2: Log Message Reference Gateway Action host_state_creation_aborted Recommended Action Issue the "memory" CLI command and check for modules with abnormal memory consumption. Otherwise, revise configuration in order to free more RAM. Revision 2.25.4. idp_piped_state_replaced (ID: 06100004) Default Severity DEBUG Log Message Replaced IDP pipe host entry <replaced_host>...

  • Page 301: Conn_Idp_Piped (Id: 06100007)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters limit Context Parameters Connection 2.25.7. conn_idp_piped (ID: 06100007) Default Severity WARNING Log Message IDP dynamic pipe state found. Throughput limited to <limit> Explanation A new connection is piped to [limit] kbps since either the source or destination IP is dynamically throttled by IDP dynamic pipe state.

  • Page 302: 2.26. Idpupdate

    Chapter 2: Log Message Reference 2.26. IDPUPDATE These log messages refer to the IDPUPDATE (Intrusion Detection & Prevention Database update) category. 2.26.1. idp_db_update_failure (ID: 01400001) Default Severity ALERT Log Message Update of the Intrusion Detection & Prevention database failed, because of <reason> Explanation The unit tried to update the Intrusion Detection &...

  • Page 303: Idp_Db_Update_Denied (Id: 01400004)

    Chapter 2: Log Message Reference 2.26.4. idp_db_update_denied (ID: 01400004) Default Severity NOTICE Log Message Intrusion Detection & Prevention database could not be updated, as no valid subscription exist Explanation The current license does not allow Intrusion Detection & Prevention database to be updated. Gateway Action None Recommended Action...

  • Page 304: Sigfile_Parser_Error (Id: 01400018)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Unsynchronized hardware and software databases detected Explanation The IDP hardware and software databases are not synchronized. A full update is automatically initiated. Gateway Action downloading_new_database Recommended Action None. Revision 2.26.8. sigfile_parser_error (ID: 01400018) Default Severity WARNING Log Message...

  • Page 305: 2.27. Ifacemon

    Chapter 2: Log Message Reference 2.27. IFACEMON These log messages refer to the IFACEMON (Interface monitor events) category. 2.27.1. ifacemon_status_bad_rereport (ID: 03900001) Default Severity NOTICE Log Message IfaceMon reset interface <iface> 10 seconds ago. Link status: <linkspeed> Mbps <duplex> duplex Explanation The Interface Monitor reset the interface 10 seconds ago.
  • Page 306 Chapter 2: Log Message Reference Recommended Action None. Revision Parameters iface [linkspeed] [duplex]...

  • Page 307: 2.28. Igmp

    Chapter 2: Log Message Reference 2.28. IGMP These log messages refer to the IGMP (IGMP events) category. 2.28.1. querier_election_won (ID: 04200001) Default Severity NOTICE Log Message Taking on the role of Querier at interface <iface>. Explanation This router is now the IGMP Querier at the specified interface. Gateway Action none Recommended Action...

  • Page 308: Invalid_Destination_Ethernet_Address (Id: 04200004)

    Chapter 2: Log Message Reference Parameters recv_if ip_dest Context Parameters Packet Buffer 2.28.4. invalid_destination_ethernet_address (ID: 04200004) Default Severity WARNING Log Message Rejected IGMP message with inconsistent IP/ethernet addresses (<ipdest>/<edest>) at interface <recv_if>. Explanation Rejected IGMP message directed to a unicast ethernet. Known IGMP DoS attack.

  • Page 309: Invalid_Query_Group_Address (Id: 04200008)

    Chapter 2: Log Message Reference Gateway Action drop Recommended Action None, but keep an eye open for malfunctional software/hardware somewhere on the network. Revision Parameters recv_if Context Parameters Packet Buffer 2.28.7. invalid_query_group_address (ID: 04200008) Default Severity ERROR Log Message IGMP group specific query at interface <recv_if> about group <grp> (<grp_sat>...

  • Page 310: Igmp_Query_Received (Id: 04200010)

    Chapter 2: Log Message Reference 2.28.9. igmp_query_received (ID: 04200010) Default Severity NOTICE Log Message Rule <name> <action> IGMP Query about group <grp> and source <src> at interface <if> from router <rip>. Group <grp> is translated into <sgrp> and source <src> into <ssrc>. Explanation Got IGMP Query.

  • Page 311: Igmp_Report_Received (Id: 04200012)

    Chapter 2: Log Message Reference 2.28.11. igmp_report_received (ID: 04200012) Default Severity NOTICE Log Message Rule <name> <action> IGMP Member Report concerning group <grp> and source <src> at interface <if> from host <hip>. Group <grp> is translated into <sgrp> and source <src> into <ssrc> Explanation Got IGMP Report.

  • Page 312: Bad_Grp (Id: 04200015)

    Chapter 2: Log Message Reference <grp> makes payload larger than IGMP packet size. Explanation Harmful condition that potentially could give an attacker full access to the system. May indicate faulty hardware, an attack or experimental software. Gateway Action drop Recommended Action None, but keep an eye open for for broken hardware somewhere in the network.

  • Page 313: Igmp_Report_Dropped (Id: 04200017)

    Chapter 2: Log Message Reference 2.28.16. igmp_report_dropped (ID: 04200017) Default Severity NOTICE Log Message Rule <name> drops IGMP Member Report concerning group <grp> and source <src> at interface <if> from host <hip>. Explanation Dropped IGMP Report. Gateway Action drop Recommended Action None.

  • Page 314: Max_Global_Requests_Per_Second_Reached (Id: 04200020)

    Chapter 2: Log Message Reference Gateway Action drop Recommended Action Assign a different IP to the offending application. Revision Parameters iface Context Parameters Packet Buffer 2.28.19. max_global_requests_per_second_reached (ID: 04200020) Default Severity WARNING Log Message Rejected IGMP message. Global requests per second rate reached Explanation Too many IGMP requests received per second.

  • Page 315: Received_Unknown_Igmp_Type (Id: 04200023)

    Chapter 2: Log Message Reference Default Severity NOTICE Log Message Disallowed IGMP Version Explanation A system is using a too old IGMP version. Gateway Action drop Recommended Action Upgrade the host/router running the disallowed version, or lower LowestIGMPVer limit. Revision Parameters recv_ver required_ver...

  • Page 316: Older_Querier_Gone (Id: 04200025)

    Chapter 2: Log Message Reference 2.28.24. older_querier_gone (ID: 04200025) Default Severity NOTICE Log Message No IGMPv<igmpver> querier present. Older Querier Present (IGMPv<igmpver>) compatibility mode on interface <iface> has ended. Entering IGMPv<nigmpver> mode. Explanation The router has not heard any IGMPv[igmpver] general queries and will switch IGMPv[nigmpver]...

  • Page 317: 2.29. Ip6In4

    Chapter 2: Log Message Reference 2.29. IP6IN4 These log messages refer to the IP6IN4 (6in4 Tunnel Events) category. 2.29.1. failed_to_setup_6in4_tunnel (ID: 07800001) Default Severity WARNING Log Message Failed to setup open tunnel from <local_ip> to <remote_ip> Explanation Unable to setup 6in4 tunnel with endpoint. Gateway Action drop Recommended Action...

  • Page 318: 6In4_Invalid_Sender_Encap (Id: 07800004)

    Chapter 2: Log Message Reference Revision Parameters iface remotegwname 2.29.4. 6in4_invalid_sender_encap (ID: 07800004) Default Severity WARNING Log Message Invalid IPv6 sender entering 6in4 tunnel <senderip>. Packet dropped Explanation Packet should be dropped according to RFC 4213 since the source IP address is invalid.

  • Page 319: 6In4_Invalid_Sender_Decap (Id: 07800007)

    Chapter 2: Log Message Reference Revision Context Parameters Packet Buffer 2.29.7. 6in4_invalid_sender_decap (ID: 07800007) Default Severity WARNING Log Message Invalid IPv6 sender in 6in4 tunnel <senderip>. Packet dropped Explanation Packet should be dropped according to RFC 4213 since the source IP address is invalid.

  • Page 320: 2.30. Ippool

    Chapter 2: Log Message Reference 2.30. IPPOOL These log messages refer to the IPPOOL (IPPool events) category. 2.30.1. no_offer_received (ID: 01900001) Default Severity ERROR Log Message No offers were received Explanation No DHCP offers where received by the IP pool general query. Gateway Action None Recommended Action...

  • Page 321: Lease_Disallowed_By_Lease_Filter (Id: 01900004)

    Chapter 2: Log Message Reference 2.30.4. lease_disallowed_by_lease_filter (ID: 01900004) Default Severity WARNING Log Message The lease was rejected due to a lease filter Explanation A lease was rejected by a lease filter. Gateway Action lease_rejected Recommended Action Verify the lease filters. Revision Parameters client_ip...

  • Page 322: Lease_Have_Bad_Netmask (Id: 01900007)

    Chapter 2: Log Message Reference 2.30.7. lease_have_bad_netmask (ID: 01900007) Default Severity WARNING Log Message The lease was rejected due to a bad offered netmask address Explanation A lease was rejected due to a bad offered netmask address. Gateway Action lease_rejected Recommended Action Check DHCP server configuration.

  • Page 323: Lease_Have_Bad_Gateway_Ip (Id: 01900010)

    Chapter 2: Log Message Reference 2.30.10. lease_have_bad_gateway_ip (ID: 01900010) Default Severity WARNING Log Message The lease was rejected due to a bad offered gateway address Explanation A lease was rejected due to a bad offered gateway address. Gateway Action lease_rejected Recommended Action Check DHCP server configuration.

  • Page 324: Ip_Offer_Already_Exist_In_The_Pool (Id: 01900013)

    Chapter 2: Log Message Reference 2.30.13. ip_offer_already_exist_in_the_pool (ID: 01900013) Default Severity WARNING Log Message The lease was rejected since the offered IP already exist in the pool Explanation A lease was rejected since the offered IP already exists in the pool. Gateway Action lease_rejected Recommended Action...

  • Page 325: Ip_Returned_To_Pool (Id: 01900017)

    Chapter 2: Log Message Reference Default Severity NOTICE Log Message Subsystem fetched a IP from the pool Explanation A subsystem fetched an IP from the pool. Gateway Action inform Recommended Action None. Revision Parameters client_ip subsystem Context Parameters Rule Name 2.30.17.

  • Page 326: 2.31. Ipsec

    Chapter 2: Log Message Reference 2.31. IPSEC These log messages refer to the IPSEC (IPsec (VPN) events) category. 2.31.1. fatal_ipsec_event (ID: 01800100) Default Severity ALERT Log Message Fatal event occured, because of <reason> Explanation Fatal event occured in IPsec stack. Gateway Action None Recommended Action...

  • Page 327: Audit_Flood (Id: 01800104)

    Chapter 2: Log Message Reference protocol reason 2.31.4. audit_flood (ID: 01800104) Default Severity NOTICE Log Message <reason>. Explanation The rate limit for audit messages was reached. Gateway Action None Recommended Action None. Revision Parameters reason 2.31.5. ike_delete_notification (ID: 01800105) Default Severity NOTICE Log Message Local IP: <local_ip>, Remote IP: <remote_ip>, Cookies: <cookies>,...

  • Page 328: Ike_Invalid_Proposal (Id: 01800107)

    Chapter 2: Log Message Reference Parameters local_ip remote_ip cookies reason 2.31.7. ike_invalid_proposal (ID: 01800107) Default Severity WARNING Log Message Local IP: <local_ip>, Remote IP: <remote_ip>, Cookies: <cookies>, Reason: <reason>. Explanation The proposal for the security association could not be accepted. Gateway Action None Recommended Action...

  • Page 329: Packet_Corrupt (Id: 01800110)

    Chapter 2: Log Message Reference Gateway Action None Recommended Action None. Revision Parameters local_ip remote_ip cookies reason 2.31.10. packet_corrupt (ID: 01800110) Default Severity NOTICE Log Message Source IP: <source_ip>, Destination IP: <dest_ip>, SPI: <spi>, Seq: <seq>, Protocol: <protocol>, Reason: <reason>. Explanation Received a corrupt packet.

  • Page 330: Sequence_Number_Failure (Id: 01800112)

    Chapter 2: Log Message Reference 2.31.12. sequence_number_failure (ID: 01800112) Default Severity NOTICE Log Message Source IP: <source_ip>, Destination IP: <dest_ip>, SPI: <spi>, Seq: <seq>, Protocol: <protocol>, Reason: <reason>. Explanation The received packet did not fall within the sliding window. Gateway Action drop Recommended Action None.

  • Page 331: Sequence_Number_Overflow (Id: 01800115)

    Chapter 2: Log Message Reference Gateway Action None Recommended Action None. Revision Parameters source_ip dest_ip protocol reason packet_data 2.31.15. sequence_number_overflow (ID: 01800115) Default Severity NOTICE Log Message Source IP: <source_ip>, Destination IP: <dest_ip>, SPI: <spi>, Seq: <seq>, Protocol: <protocol>, Reason: <reason>. Explanation An attempt to transmit a packet that would result in sequence number overflow.

  • Page 332: Hardware_Accelerator_Congested (Id: 01800117)

    Chapter 2: Log Message Reference protocol reason packet_data 2.31.17. hardware_accelerator_congested (ID: 01800117) Default Severity NOTICE Log Message Source IP: <source_ip>, Destination IP: <dest_ip>, SPI: <spi>, Seq: <seq>, Protocol: <protocol>, Reason: <reason>. Explanation Hardware accleration failed due to resource shortage. Gateway Action drop Recommended Action None.

  • Page 333: Commit_Failed (Id: 01800200)

    Chapter 2: Log Message Reference Log Message Source IP: <source_ip>, Destination IP: <dest_ip>, SPI: <spi>, Seq: <seq>, Protocol: <protocol>, ID: <id>, Reason: <reason>. Explanation The source or destination address/port did not match the traffic selectors for the SA. Gateway Action drop Recommended Action None.

  • Page 334: Pm_Create_Failed (Id: 01800204)

    Chapter 2: Log Message Reference Explanation Failed to initilaze x509 library. Gateway Action IPsec_configuration_disabled Recommended Action None. Revision 2.31.23. pm_create_failed (ID: 01800204) Default Severity ERROR Log Message Failed to create policymanager Explanation Failed to create policymanager. Out of memory. Gateway Action reduce_number_of_tunnels Recommended Action None.

  • Page 335: Failed_Attach_Audit_Module (Id: 01800208)

    Chapter 2: Log Message Reference Default Severity ERROR Log Message Failed to create audit module. Explanation Failed to create audit module. Gateway Action IPsec_audit_disabled Recommended Action None. Revision 2.31.27. failed_attach_audit_module (ID: 01800208) Default Severity ERROR Log Message Failed to attach audit module. Explanation Failed to attach audit module.

  • Page 336: Reconfig_Ipsec (Id: 01800211)

    Chapter 2: Log Message Reference Recommended Action Reconfigure_IPsec. Revision Parameters error_msg 2.31.30. reconfig_IPsec (ID: 01800211) Default Severity INFORMATIONAL Log Message Reconfiguration of IPsec started Explanation Reconfiguration of IPsec started. Gateway Action ipsec_reconfigured Recommended Action None. Revision 2.31.31. failed_to_reconfig_ipsec (ID: 01800212) Default Severity ERROR Log Message...

  • Page 337: Failed_To_Set_Local_Id (Id: 01800301)

    Chapter 2: Log Message Reference Log Message IPsec started successfully Explanation Succeeded to create Policymanger and commit IPsec configuration. Gateway Action ipsec_started Recommended Action None. Revision 2.31.34. Failed_to_set_local_ID (ID: 01800301) Default Severity ERROR Log Message Failed to configure Local ID <local_id> for tunnel <tunnel> Explanation Failed to configure tunnel with specified local id.

  • Page 338: Failed_To_Set_Algorithm_Properties (Id: 01800304)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters tunnel 2.31.37. failed_to_set_algorithm_properties (ID: 01800304) Default Severity ERROR Log Message Failed to set properties IPsec alogorithm <alg>, for tunnel <tunnel> Explanation Failed to set specified properties (keysize, lifetimes) for IPsec algorithm.

  • Page 339: Dns_Resolve_Failed (Id: 01800308)

    Chapter 2: Log Message Reference Revision Parameters certificate tunnel 2.31.40. dns_resolve_failed (ID: 01800308) Default Severity WARNING Log Message Failed to resolve remote endpoint <endpoint> for IPsec Tunnel <ipsectunnel>. Keeping old IP <old_ip> Explanation Failed to resolve remote endpoint through DNS. Gateway Action keeping_old_ip Recommended Action...

  • Page 340: Failed_To_Add_Rules (Id: 01800313)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters endpoint ipsectunnel 2.31.43. failed_to_add_rules (ID: 01800313) Default Severity ERROR Log Message Failed to add rules after remote endpoint <endpoint> have been resolved by DNS for IPsec tunnel: <ipsectunnel> Explanation Failed to add rules to tunnel after remote endpoint have been resolved by DNS.

  • Page 341: No_Policymanager (Id: 01800316)

    Chapter 2: Log Message Reference Gateway Action None Recommended Action None. Revision Parameters endpoint ipsectunnel 2.31.46. no_policymanager (ID: 01800316) Default Severity CRITICAL Log Message No policymanager!! to free tunnel object from Explanation No policymanager to free tunnel from!!! IPsec does not work properly.

  • Page 342: Failed_To_Add_Certificate (Id: 01800319)

    Chapter 2: Log Message Reference Recommended Action None. Revision 2.31.49. failed_to_add_certificate (ID: 01800319) Default Severity ERROR Log Message Failed with error: <status_msg>, message <answermsg>, when adding certificate: <certificate> Explanation Failed to add endpoint certificate to external key provider. Gateway Action certificate_disabled Recommended Action Reconfigure_tunnel.

  • Page 343: Failed_To_Add_Certificate (Id: 01800322)

    Chapter 2: Log Message Reference Parameters status_msg 2.31.52. failed_to_add_certificate (ID: 01800322) Default Severity ERROR Log Message Failed add certificate: <certificate>, for tunnel <tunnel> Explanation Failed to add certificate. Tunnel configured with this certificate for authentication will fail while negotiate. Gateway Action certificate_disabled Recommended Action None.

  • Page 344: Failed_To_Set_Crl_Distribution_Points (Id: 01800343)

    Chapter 2: Log Message Reference 2.31.55. failed_to_set_crl_distribution_points (ID: 01800343) Default Severity ERROR Log Message Failed set CRL distribution points for certificate: <certificate> Explanation Failed to set CRL distribution points for the specified certificate. Gateway Action certificate_disabled Recommended Action None. Revision Parameters certificate 2.31.56.

  • Page 345: Cfgmode_Ip_Freed_By_Ippool (Id: 01800402)

    Chapter 2: Log Message Reference 2.31.58. cfgmode_ip_freed_by_ippool (ID: 01800402) Default Severity NOTICE Log Message Returned a dynamic cfg mode IP <ip> to the IP pool Explanation A dynamically allocated ip used for IKE cfg mode was returned to the IP pool. Gateway Action None Recommended Action...

  • Page 346: Cfgmode_No_Ip_Data_Acquired (Id: 01800406)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message No IP address fetched from IP pool (<ippool>) Explanation No IP address could be fetched from the IP pool. Gateway Action None Recommended Action None. Revision Parameters ippool 2.31.62. cfgmode_no_ip_data_acquired (ID: 01800406) Default Severity WARNING Log Message...

  • Page 347: Recieved_Packet_To_Disabled_Ipsec (Id: 01800501)

    Chapter 2: Log Message Reference Gateway Action packet_will_be_dropped Recommended Action None. Revision 2.31.65. recieved_packet_to_disabled_IPsec (ID: 01800501) Default Severity NOTICE Log Message Received plain text packet to IPsec while shutting down. Packet will be dropped Explanation Received plain text packet to IPsec while shutting down. Gateway Action packet_will_be_dropped Recommended Action...

  • Page 348: No_Route (Id: 01800504)

    Chapter 2: Log Message Reference 2.31.68. no_route (ID: 01800504) Default Severity ERROR Log Message Failed to lookup route. No route for packet. Explanation No remote gateway for packet, i.e no route defined. Gateway Action packet_will_be_dropped Recommended Action None. Revision 2.31.69. ipsec_interface_disabled (ID: 01800506) Default Severity ERROR Log Message...

  • Page 349: No_Radius_Server_Configured_For_Eap (Id: 01800601)

    Chapter 2: Log Message Reference peer: <remote_peer> Explanation No user authentication rule avaliable for eap authentication. Gateway Action eap_protocols_disabled Recommended Action Reconfigure_tunnel. Revision Parameters remote_peer 2.31.72. no_radius_server_configured_for_eap (ID: 01800601) Default Severity ERROR Log Message No RADIUS server configured for EAP! Explanation No RADIUS server configured for EAP!.

  • Page 350: Unknown_Eap_Status (Id: 01800604)

    Chapter 2: Log Message Reference 2.31.75. unknown_eap_status (ID: 01800604) Default Severity ERROR Log Message Failed to add EAP-SIM as eap protocol Explanation Failed to add EAP-SIM as accepted eap protocol. Gateway Action None Recommended Action None. Revision 2.31.76. eap_but_not_passthrough (ID: 01800605) Default Severity INFORMATIONAL Log Message...

  • Page 351: Eap_Disabled (Id: 01800608)

    Chapter 2: Log Message Reference Gateway Action continue_with_next_eap_userauth_rule Recommended Action None. Revision 2.31.79. eap_disabled (ID: 01800608) Default Severity NOTICE Log Message EAP is not set as authentication method Explanation EAP is not set as authentication method for phase 1. Gateway Action None Recommended Action None.

  • Page 352: Idi_Used_As_Eap_Id (Id: 01800612)

    Chapter 2: Log Message Reference Default Severity ERROR Log Message Eapstate/Phase1 not available Explanation No Eapstate/Phase1 to get eap identity from. Gateway Action None Recommended Action None. Revision 2.31.83. IDi_used_as_eap_id (ID: 01800612) Default Severity INFORMATIONAL Log Message IKEv2 IDi will be used as EAP identity Explanation IKEv2 IDi will be used as EAP identity.

  • Page 353: No_Eap_Identity_Or_Radius_Username (Id: 01800631)

    Chapter 2: Log Message Reference Parameters error 2.31.86. no_eap_identity_or_radius_username (ID: 01800631) Default Severity ERROR Log Message We did not get any EAP identity/ RADIUS username Explanation We did not get any EAP identity/ RADIUS username. Gateway Action continue_radius_message Recommended Action None.

  • Page 354: Outofmem_Forward_Eap_Packet (Id: 01800636)

    Chapter 2: Log Message Reference Gateway Action None Recommended Action None. Revision 2.31.90. outofmem_forward_eap_packet (ID: 01800636) Default Severity ERROR Log Message Cannot create EAP packet to be sent to client Explanation Out of memory. Cannot create EAP packet to be sent to client. Gateway Action eap_packet_dropped Recommended Action...

  • Page 355: Outofmem_Forward_Eap_Packet (Id: 01800639)

    Chapter 2: Log Message Reference 2.31.93. outofmem_forward_eap_packet (ID: 01800639) Default Severity ERROR Log Message Out of memory. Unable to create RADIUS request Explanation Out of memory. Unable to create RADIUS request. Gateway Action eap_packet_dropped Recommended Action None. Revision 2.31.94. failed_to_send_eap_id_response_to_radius (ID: 01800640) Default Severity ERROR...

  • Page 356: Ipsec_Sa_Destroy_Peer_Imsi (Id: 01800902)

    Chapter 2: Log Message Reference of <allowed_tunnels> active IPsec tunnels Explanation More tunnels and/or unique peers than the license allow are trying to establish. Gateway Action negotiation_aborted Recommended Action None. Revision Parameters allowed_tunnels 2.31.97. ipsec_sa_destroy_peer_imsi (ID: 01800902) Default Severity INFORMATIONAL Log Message IPsec SA destroyed: peer <peer>...

  • Page 357: Ike_Sa_Rekeyed (Id: 01800905)

    Chapter 2: Log Message Reference Explanation An IKE SA was successfully created. Gateway Action None Recommended Action None. Revision Parameters ipsec_if local_ip local_port remote_iface remote_ip remote_port local_id remote_id local_ike_spi remote_ike_spi initiator algorithms mode lifetime ikeversion local_behind_nat remote_behind_nat initial_contact 2.31.100. ike_sa_rekeyed (ID: 01800905) Default Severity INFORMATIONAL Log Message...

  • Page 358: Ike_Sa_Deleted (Id: 01800906)

    Chapter 2: Log Message Reference 2.31.101. ike_sa_deleted (ID: 01800906) Default Severity INFORMATIONAL Log Message IKE SA deleted, Local IKE peer: <local_ip>:<local_port> <local_id>, Remote IKE peer: <remote_iface>:<remote_ip>:<remote_port> <remote_id>. Explanation An IKE SA was deleted. Gateway Action None Recommended Action None. Revision Parameters ipsec_if local_ip...

  • Page 359: Ipsec_Sa_Rekeyed (Id: 01800908)

    Chapter 2: Log Message Reference dh_group dh_bits local_ts remote_ts imsi 2.31.103. ipsec_sa_rekeyed (ID: 01800908) Default Severity INFORMATIONAL Log Message IPsec SA rekeyed, Source IP: <local_ip>, Destination IP: <remote_ip>, Inbound SPI: <esp_spi_in>, Outbound SPI: <esp_spi_out>). Explanation An IPsec SA rekeyed successfully. Gateway Action None Recommended Action...

  • Page 360: Ipsec_Sa_Keys (Id: 01800910)

    Chapter 2: Log Message Reference Revision Parameters ipsec_if esp_spi_in esp_spi_out 2.31.105. ipsec_sa_keys (ID: 01800910) Default Severity INFORMATIONAL Log Message IPsec SA keys, Inbound SPI: <esp_spi_in>, Outbound SPI: <esp_spi_out>. Explanation Encryption and authentication keys for an IPsec SA. Gateway Action None Recommended Action None.

  • Page 361: Out_Of_Memory (Id: 01801102)

    Chapter 2: Log Message Reference Revision 2.31.108. out_of_memory (ID: 01801102) Default Severity ALERT Log Message Out of memory while allocating client context. Explanation System ran out of memory while allocating client context. Gateway Action scip_disabled_for_client Recommended Action None. Revision 2.31.109. connected (ID: 01801104) Default Severity NOTICE Log Message...

  • Page 362: Send_Failed_No_Free_Socket (Id: 01801107)

    Chapter 2: Log Message Reference Default Severity NOTICE Log Message SCIP-packet dropped while trying to sen to a closed SCIP connection. Explanation SCIP-packet dropped while trying to sen to a closed SCIP connection. Gateway Action drop Recommended Action None. Revision 2.31.112.

  • Page 363: Malformed_Packet (Id: 01802003)

    Chapter 2: Log Message Reference Log Message The rule is not in the active configuration. Dropping request for policy Explanation The rule is not in the active configuration, dropping request. Gateway Action dropping_request Recommended Action None. Revision 2.31.115. malformed_packet (ID: 01802003) Default Severity WARNING Log Message...

  • Page 364: Psk_Length_Invalid (Id: 01802012)

    Chapter 2: Log Message Reference Parameters num_p1_negs_active ikestr 2.31.118. PSK_length_invalid (ID: 01802012) Default Severity INFORMATIONAL Log Message Remote identity specifies PSK that is not usable for selected IKE SA MAC algorithm (xcbcmac-aes) Explanation PSK key length invalid for xcbcmac-aes (restriced to 16 chars). Gateway Action authentication_failed Recommended Action...

  • Page 365: Ike_Sa_Failed (Id: 01802022)

    Chapter 2: Log Message Reference Explanation Ike SA statistics. Gateway Action None Recommended Action None. Revision Parameters done success failed 2.31.121. ike_sa_failed (ID: 01802022) Default Severity WARNING Log Message IKE SA negotiation failed: <statusmsg> <reason>, Local IKE peer: <local_peer>, Remote IKE peer: <remote_peer>, Initiator SPI: <spi_i>, Responder SPI: <spi_r>.

  • Page 366: Ike_Sa_Negotiation_Failed (Id: 01802030)

    Chapter 2: Log Message Reference 2.31.123. ike_sa_negotiation_failed (ID: 01802030) Default Severity INFORMATIONAL Log Message No IKE SA negotiations done. Reason: The authentication credentials were not specified or private key was not available Explanation No IKE SA negotiations done because of authentication problems. Gateway Action no_ike_sa Recommended Action...

  • Page 367: Ipsec_Sa_Negotiation_Aborted (Id: 01802060)

    Chapter 2: Log Message Reference Parameters local_endpoint remote_endpoint ike_spi_i ike_spi_r ip_addr port 2.31.126. ipsec_sa_negotiation_aborted (ID: 01802060) Default Severity ERROR Log Message IPsec SA Negotiation aborted: AH can not be initiated with NAT-T Explanation Negotiation aborted since AH can not be initiated with NAT-T. Gateway Action ipsec_sa_negotiation_aborted Recommended Action...

  • Page 368: Malformed_Psk_Configured (Id: 01802071)

    Chapter 2: Log Message Reference Default Severity ERROR Log Message Malformed Remote IKE identity <remoteid> configured for tunnel Explanation Malformed remote identity for PSK specified in configuration. Gateway Action VPN_tunnel_invalid Recommended Action Reconfigure_remote_id. Revision Parameters remoteid 2.31.130. malformed_psk_configured (ID: 01802071) Default Severity ERROR Log Message...

  • Page 369: Invalid_Authentication_Algorithm_Configured (Id: 01802101)

    Chapter 2: Log Message Reference Explanation No authentication method is specified for the tunnel. Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_IPsec. Revision 2.31.133. invalid_authentication_algorithm_configured (ID: 01802101) Default Severity ERROR Log Message AES counter mode cannot be used without an authentication algorithm Explanation AES counter mode specified but no authentication algoritm specified for tunnel.

  • Page 370: Invalid_Configuration_Of_Force_Open (Id: 01802104)

    Chapter 2: Log Message Reference Revision 2.31.136. invalid_configuration_of_force_open (ID: 01802104) Default Severity ERROR Log Message Auto-start rule does not specify single IP address or domain name for its remote peer Explanation Can not use Auto-start rule (force open) for roaming tunnels. Gateway Action VPN_tunnel_disabled Recommended Action...

  • Page 371: Input_Traffic_Selector_Corrupt (Id: 01802111)

    Chapter 2: Log Message Reference Log Message The maximum number of policy rules reached Explanation The maximum number of policy rules reached. Gateway Action VPN_configuration_disabled Recommended Action Review the advanced setting IPsecMaxRules. Revision 2.31.140. input_traffic_selector_corrupt (ID: 01802111) Default Severity ERROR Log Message Input traffic selector is corrupt.

  • Page 372: Suspicious_Outbound_Rule (Id: 01802114)

    Chapter 2: Log Message Reference 2.31.143. suspicious_outbound_rule (ID: 01802114) Default Severity ERROR Log Message Detected suspicious outbound IPsec rule without any selectors Explanation Detected suspicious outbound IPsec rule without any selectors specified. Gateway Action the_rule_might_not_work Recommended Action Reconfigure_IPsec. Revision 2.31.144. failed_to_add_rule_to_engine (ID: 01802115) Default Severity ERROR Log Message...

  • Page 373: Esp_Null-Null_Configuration (Id: 01802202)

    Chapter 2: Log Message Reference Log Message ESP tunnel <tunnel> is missing encryption algorithm. Null encryption algorithm must be specified if no encryption is required Explanation ESP tunnel not configured with any encryption algorithm, not even Null. Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel.

  • Page 374: Invalid_Cipher_Keysize (Id: 01802205)

    Chapter 2: Log Message Reference Explanation Tunnel [tunnel] configured for AH, but AH is not supported. Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel. Revision Parameters tunnel 2.31.150. invalid_cipher_keysize (ID: 01802205) Default Severity ERROR Log Message Configured max cipher key size <keysize> for tunnel <tunnel> is bigger than the built-in maximum <max>...

  • Page 375: Invalid_Tunnel_Configuration (Id: 01802208)

    Chapter 2: Log Message Reference Explanation Anti-replay detection must be enabled when using 64 bit sequence numbers. Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel. Revision Parameters tunnel 2.31.153. invalid_tunnel_configuration (ID: 01802208) Default Severity ERROR Log Message No IPsec transform (AH or ESP) specified for tunnel <tunnel> Explanation IPsec transform type must be specified for tunnel.

  • Page 376: Out_Of_Memory_For_Tunnel (Id: 01802211)

    Chapter 2: Log Message Reference Recommended Action Reconfigure_tunnel. Revision Parameters tunnel 2.31.156. out_of_memory_for_tunnel (ID: 01802211) Default Severity ERROR Log Message Out of memory. Could not allocate memory for tunnel name! <tunnel> Explanation Out of memory. Could not allocate memory for tunnel name!. Gateway Action VPN_tunnel_disabled Recommended Action...

  • Page 377: Invalid_Key_Size (Id: 01802214)

    Chapter 2: Log Message Reference Recommended Action Reconfigure_tunnel. Revision 2.31.159. invalid_key_size (ID: 01802214) Default Severity ERROR Log Message Invalid key sizes specified for algorithms Explanation Invalid key sizes specified for algorithms. Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel. Revision 2.31.160. invalid_key_size (ID: 01802215) Default Severity ERROR Log Message...

  • Page 378: Invalid_Cipher_Keysize (Id: 01802218)

    Chapter 2: Log Message Reference Explanation Configuration specifies key size limits for cipher with fixed key size. Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel. Revision Parameters 2.31.163. invalid_cipher_keysize (ID: 01802218) Default Severity ERROR Log Message Configured max cipher key size <keysize> is bigger than the built-in maximum <max>...

  • Page 379: No_Matching_Tunnel_Found (Id: 01802221)

    Chapter 2: Log Message Reference Recommended Action Reconfigure_tunnel. Revision Parameters keysize 2.31.166. no_matching_tunnel_found (ID: 01802221) Default Severity ERROR Log Message No tunnel found matching the local address <localaddr> , remote address <remoteaddr> and source interface <srcif> Explanation No tunnel found matching the local address and remote address. Gateway Action packet_will_be_discarded Recommended Action...

  • Page 380: Several_Local_Id_Specified_For_Tunnel (Id: 01802224)

    Chapter 2: Log Message Reference 2.31.169. several_local_id_specified_for_tunnel (ID: 01802224) Default Severity ERROR Log Message More than one remote id specified for tunnel Explanation Cannot add more than one remote identity to a tunnel. Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_VPN. Revision 2.31.170.

  • Page 381: Max_Ike_Sa_Reached (Id: 01802400)

    Chapter 2: Log Message Reference Gateway Action VPN_tunnel_invalid Recommended Action Reconfigure_PSK. Revision 2.31.173. max_ike_sa_reached (ID: 01802400) Default Severity WARNING Log Message The maximum number of active IKE SAs reached Explanation Maximum number of active IKE SAs reached. Gateway Action negotiation_aborted Recommended Action Review your configuration or upgrade license.

  • Page 382: Warning_Level_Active_Ipsec_Sas_Reached (Id: 01802404)

    Chapter 2: Log Message Reference Default Severity NOTICE Log Message The maximum number of active Quick-Mode negotiations reached Explanation Maximum number of active Quick-Mode negotiations reached. Gateway Action quick-mode_not_done Recommended Action None. Revision 2.31.177. warning_level_active_ipsec_sas_reached (ID: 01802404) Default Severity WARNING Log Message The number of active IPsec SA:s reached 90% Explanation...

  • Page 383: Invalid_Format_Syslog_Audit (Id: 01802500)

    Chapter 2: Log Message Reference 2.31.180. invalid_format_syslog_audit (ID: 01802500) Default Severity NOTICE Log Message Cannot use binary formatting for syslog auditing. Explanation Cannot use binary formatting for syslog auditing. Gateway Action None Recommended Action None. Revision 2.31.181. cannot_create_audit_file_context (ID: 01802501) Default Severity NOTICE Log Message...

  • Page 384: Could_Not_Get_Subject_Nam_From_Ca_Cert (Id: 01802602)

    Chapter 2: Log Message Reference Gateway Action certificate_invalid Recommended Action None. Revision 2.31.184. could_not_get_subject_nam_from_ca_cert (ID: 01802602) Default Severity WARNING Log Message Could not get subject name from a CA certificate. This certificate is not usable as an IPsec authenticator, and is not inserted into loal list of trusted CAs Explanation Could not get subject name from a CA certificate.

  • Page 385: Could_Not_Trusted_Set_For_Cert (Id: 01802605)

    Chapter 2: Log Message Reference 2.31.187. could_not_trusted_set_for_cert (ID: 01802605) Default Severity WARNING Log Message Could not set the trusted set for a CA certificate Explanation Could not set the trusted set for a CA certificate. Gateway Action certificate_disabled Recommended Action None.

  • Page 386: Could_Not_Insert_Cert_To_Db (Id: 01802609)

    Chapter 2: Log Message Reference Recommended Action None. Revision 2.31.191. could_not_insert_cert_to_db (ID: 01802609) Default Severity ERROR Log Message Could not insert certificate into local database Explanation Could not insert certificate into local database. Gateway Action certificate_disabled Recommended Action None. Revision 2.31.192.

  • Page 387: Could_Not_Decode_Certificate (Id: 01802707)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Directory names are not supported as subject alternative names. Skipping DN: <dn_name> Explanation Directory specified as subject alternative name. Gateway Action skip_dn_name Recommended Action None. Revision Parameters dn_name 2.31.195. could_not_decode_certificate (ID: 01802707) Default Severity WARNING Log Message...

  • Page 388: Remote_Access_Dns (Id: 01802711)

    Chapter 2: Log Message Reference <time> Explanation Addresses for remote access attributes. Gateway Action None Recommended Action None. Revision Parameters ipaddr time 2.31.198. remote_access_dns (ID: 01802711) Default Severity INFORMATIONAL Log Message DNS for remote access attributes: <dns_server> Explanation DNS for remote access attributes. Gateway Action None Recommended Action...

  • Page 389: Remote_Access_Subnets (Id: 01802714)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters dhcp_s 2.31.201. remote_access_subnets (ID: 01802714) Default Severity INFORMATIONAL Log Message Subnets remote access attributes: <subnets> Explanation Subnets remote access attributes. Gateway Action None Recommended Action None. Revision Parameters subnets 2.31.202. event_on_ike_sa (ID: 01802715) Default Severity WARNING Log Message...

  • Page 390: Crl_Search_Failed (Id: 01802719)

    Chapter 2: Log Message Reference Revision Parameters reason int_severity 2.31.204. crl_search_failed (ID: 01802719) Default Severity WARNING Log Message Certificate manager search failure: <reason>. Internal severity level: <int_severity> Explanation Search for a CRL failed. Certificate validation will conintue as CRL checks are not enforced by the current configuration. Gateway Action continuing Recommended Action...

  • Page 391: Outofmem_Create_Engine (Id: 01802901)

    Chapter 2: Log Message Reference Default Severity ERROR Log Message Failed to set init info to external key accelerator Explanation Invalid init info to external key accelerator. Gateway Action ipsec_disabled Recommended Action None. Revision 2.31.208. outofmem_create_engine (ID: 01802901) Default Severity CRITICAL Log Message Failed to allocate memory for engine object...

  • Page 392: Init_Rule_Looklup_Failed (Id: 01802904)

    Chapter 2: Log Message Reference 2.31.211. init_rule_looklup_failed (ID: 01802904) Default Severity CRITICAL Log Message Allocating default drop rule failed! Explanation Allocating default drop rule failed!. Gateway Action ipsec_disabled Recommended Action None. Revision 2.31.212. init_rule_looklup_failed (ID: 01802905) Default Severity CRITICAL Log Message allocating default pass rule failed! Explanation Allocating default pass rule failed!.

  • Page 393: Certificate_Validation_Check_Failed (Id: 01803100)

    Chapter 2: Log Message Reference Default Severity ERROR Log Message Maximum number of IPsec SAs limit has been violated too many times (<limit>) Explanation Maximum number of IPsec SAs limit has been violated too many times. Gateway Action Discarding request and deleting SA Recommended Action Discarding request and deleting SA.

  • Page 394: Faild_To_Link_Ike_And_Userauth (Id: 01803300)

    Chapter 2: Log Message Reference Log Message audit event occured: <msg>. Internal severity level: <int_severity> Explanation An audit event occured in the IPsec stack. Gateway Action None Recommended Action None. Revision Parameters int_severity 2.31.218. faild_to_link_ike_and_userauth (ID: 01803300) Default Severity WARNING Log Message Faild to link IKE SA with userauth object.

  • Page 395: Rsa-Crt_Accel_Failed (Id: 01803401)

    Chapter 2: Log Message Reference Default Severity NOTICE Log Message Hardware acceleration of modexp calculation failed due to <msg>. Explanation The failed calculation will be made in software instead. Hardware acceleration can fail due to valid reasons like a full request queue. A lot of these logs during a short timeframe could indicate issues with hardware acceleration.

  • Page 396: Monitored_Host_Reachable (Id: 01803600)

    Chapter 2: Log Message Reference 2.31.223. monitored_host_reachable (ID: 01803600) Default Severity INFORMATIONAL Log Message Monitored host <ip> is reachable over tunnel <tunnel>. Explanation Monitored host started to respond on ICMP ping. Gateway Action none Recommended Action None. Revision Parameters tunnel 2.31.224.

  • Page 397: Failed_To_Attach_Radius (Id: 01803701)

    Chapter 2: Log Message Reference peer_ip peer_port 2.31.226. failed_to_attach_radius (ID: 01803701) Default Severity WARNING Log Message Failed to attach RADIUS (<errorcode>) server in IKE negotiation for peer <peer_ip>:<peer_port> Explanation Failed to attach RADIUS server communication, IKE negotiation will fail. Gateway Action fail_ike_negotiation Recommended Action None.

  • Page 398: 2.32. Ipv6_Nd

    Chapter 2: Log Message Reference 2.32. IPV6_ND These log messages refer to the IPV6_ND (Neighbor Discovery events) category. 2.32.1. neighbor_discovery_resolution_failed (ID: 06400009) Default Severity WARNING Log Message Neighbor Discovery resolution failed Explanation Neighbor Discovery query was not resolved before the cache entry expired.

  • Page 399: Nd_Spoofed_Hw_Sender (Id: 06400029)

    Chapter 2: Log Message Reference Revision Context Parameters Rule Name Packet Buffer 2.32.4. nd_spoofed_hw_sender (ID: 06400029) Default Severity WARNING Log Message ND HW sender address matches our own address. Dropping packet. Explanation The Neighbor Discovery packet Ethernet sender address appears to be our own.

  • Page 400: Nd_Option_Hw_Address_Mismatch (Id: 06400032)

    Chapter 2: Log Message Reference Recommended Action Verify that no faulty network equipment exists. Revision Context Parameters Rule Name Packet Buffer 2.32.7. nd_option_hw_address_mismatch (ID: 06400032) Default Severity WARNING Log Message ND Link Layer option Enet sender mismatch. Dropping packet. Explanation The Neighbor Discovery packet Link Layer option does not match HW sender.

  • Page 401: Nd_Duplicated_Option (Id: 06400035)

    Chapter 2: Log Message Reference Recommended Action Verify that no faulty network equipment exists. Revision Context Parameters Rule Name Packet Buffer 2.32.10. nd_duplicated_option (ID: 06400035) Default Severity WARNING Log Message The same ND option appears more than once in the same packet. Dropping packet.

  • Page 402: Nd_Illegal_Prefix_Info_Option_Size (Id: 06400038)

    Chapter 2: Log Message Reference Recommended Action Verify that no faulty network equipment exists. Revision Context Parameters Rule Name Packet Buffer 2.32.13. nd_illegal_prefix_info_option_size (ID: 06400038) Default Severity WARNING Log Message Illegal option size. Dropping Explanation The Neighbor Discovery packet option size is illegal. Dropping packet.

  • Page 403: Nd_Zero_Size_Option (Id: 06400041)

    Chapter 2: Log Message Reference Recommended Action Verify that no faulty network equipment exists. Revision Context Parameters Rule Name Packet Buffer 2.32.16. nd_zero_size_option (ID: 06400041) Default Severity WARNING Log Message Illegal option size. Dropping Explanation The Neighbor Discovery packet option size is zero. Dropping packet. Gateway Action drop Recommended Action...

  • Page 404: Nd_Unknown_Icmp_Code (Id: 06400044)

    Chapter 2: Log Message Reference Revision Context Parameters Rule Name Packet Buffer 2.32.19. nd_unknown_icmp_code (ID: 06400044) Default Severity WARNING Log Message Unsupported ICMP code. Dropping Explanation The Neighbor Discovery packet ICMP code is unknown. Dropping packet. Gateway Action drop Recommended Action Verify that no faulty network equipment exists.

  • Page 405: Nd_Hoplimit_Reached (Id: 06400047)

    Chapter 2: Log Message Reference Gateway Action drop Recommended Action Verify that no faulty network equipment exists. Revision Parameters senderip Context Parameters Rule Name Packet Buffer 2.32.22. nd_hoplimit_reached (ID: 06400047) Default Severity WARNING Log Message Neighbor Discovery packet from <senderip> appears to have been routed.

  • Page 406: Nd_Access_Allowed_Expect (Id: 06400050)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Failed to verify Neighbor Discovery sender IP address. Dropping Explanation The Neighbor Discovery sender IP address could not be verified according to the "access" section, and the packet is dropped. Gateway Action drop Recommended Action...

  • Page 407: Nd_Missing_Tll_Opt (Id: 06400053)

    Chapter 2: Log Message Reference Log Message Sender IP <senderip> is the Unknown Address. Dropping packet. Explanation The Neighbor Advertisement packet sender IP address matches that of the Unknown Address (::). Dropping packet. Gateway Action drop Recommended Action Verify that no faulty network equipment exists. Revision Parameters senderip...

  • Page 408: Nd_Mcast_Dpd_Reply (Id: 06400055)

    Chapter 2: Log Message Reference Packet Buffer 2.32.30. nd_mcast_dpd_reply (ID: 06400055) Default Severity WARNING Log Message Dead peer probe answered with multicast message. Dropping packet. Explanation The dead peer probe reply packet destination IP is a multicast address. Dropping packet. Gateway Action drop Recommended Action...

  • Page 409: Nd_Updated_Entry (Id: 06400058)

    Chapter 2: Log Message Reference Recommended Action Verify that no faulty network equipment exists. Revision Parameters cachedenet targetenet Context Parameters Rule Name Packet Buffer 2.32.33. nd_updated_entry (ID: 06400058) Default Severity NOTICE Log Message ND cache entry <ipaddress> updated from <oldenet> to <newenet>.

  • Page 410: Nd_Update_Entry_Request (Id: 06400060)

    Chapter 2: Log Message Reference 2.32.35. nd_update_entry_request (ID: 06400060) Default Severity NOTICE Log Message ND cache entry <ipaddress> update from <oldenet> to <newenet> request. Dropping packet. Explanation A Neighbor Advertisement requests updating an entry in the Neighbor Discovery cache. Dropping packet. Gateway Action drop Recommended Action...

  • Page 411: Nd_Rs_Unicast_Target (Id: 06400063)

    Chapter 2: Log Message Reference Recommended Action Verify that no faulty network equipment exists. Revision Parameters sendermac Context Parameters Rule Name Packet Buffer 2.32.38. nd_rs_unicast_target (ID: 06400063) Default Severity WARNING Log Message Router Solicitation destination address <destip> isn't multicast. Dropping Explanation The Router Solicitation destination IP address isn't a multicast address, this is illegal according to RFC4861.

  • Page 412: Nd_Updated_Entry (Id: 06400066)

    Chapter 2: Log Message Reference Explanation The Neighbor Solicitation packet contains a source link layer adderss option, this is illegal according to RFC4861. Dropping packet. Gateway Action drop Recommended Action Verify that no faulty network equipment exists. Revision Context Parameters Rule Name Packet Buffer 2.32.41.

  • Page 413: Nd_Update_Entry_Request (Id: 06400068)

    Chapter 2: Log Message Reference Packet Buffer 2.32.43. nd_update_entry_request (ID: 06400068) Default Severity NOTICE Log Message ND cache entry <ipaddress> update from <oldenet> to <newenet> request. Dropping packet. Explanation A Neighbor Solicitation requests updating an entry in the Neighbor Discovery cache. Dropping packet. Gateway Action drop Recommended Action...

  • Page 414: Nd_Dupe_Addr_Detected (Id: 06400071)

    Chapter 2: Log Message Reference Explanation The Neighbor Solicitation Duplicatge Address Probe packet destination IP address is not a solicited node multicast address. Dropping packet. Gateway Action drop Recommended Action Verify that no faulty network equipment exists. Revision Parameters sendermac Context Parameters Rule Name Packet Buffer...

  • Page 415: More_Ndoptcount (Id: 06400073)

    Chapter 2: Log Message Reference Context Parameters Rule Name Packet Buffer 2.32.48. more_ndoptcount (ID: 06400073) Default Severity WARNING Log Message Number of options more than ICMP6MaxOptND - <optcount> Explanation Received a packet with number of options more than ICMP6MaxOptND. Gateway Action none Recommended Action None.

  • Page 416: Router_Discovered (Id: 06400076)

    Chapter 2: Log Message Reference Revision Context Parameters Rule Name Packet Buffer 2.32.51. router_discovered (ID: 06400076) Default Severity NOTICE Log Message Interface <iface> have successfully processed Router Advertisement Explanation An interface have successfully processed a Router Advertisement. Gateway Action None Recommended Action None.

  • Page 417: Router_Not_Found (Id: 06400079)

    Chapter 2: Log Message Reference Gateway Action None Recommended Action None. Revision Parameters iface Context Parameters Packet Buffer 2.32.54. router_not_found (ID: 06400079) Default Severity NOTICE Log Message Unable to find router on interface <iface> Explanation The gateway has solicited the local network for a router but have not received a reply.

  • Page 418: 2.33. Ip_Error

    Chapter 2: Log Message Reference 2.33. IP_ERROR These log messages refer to the IP_ERROR (Packet discarded due to IP header error(s)) category. 2.33.1. too_small_packet (ID: 01500001) Default Severity WARNING Log Message Packet is too small to contain IPv4 header Explanation The received packet is too small to contain an IPv4 header, and will be dropped.

  • Page 419: Invalid_Ip_Length (Id: 01500004)

    Chapter 2: Log Message Reference Gateway Action drop Recommended Action None. Revision Parameters iptotlen iphdrlen Context Parameters Rule Name Packet Buffer 2.33.4. invalid_ip_length (ID: 01500004) Default Severity WARNING Log Message Invalid IP header length, IPTotLen=<iptotlen>, RecvLen=<recvlen> Explanation The received packet IP total length is larger than the received transport data.

  • Page 420: Invalid_Ip6_Flow (Id: 01500021)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Invalid flow label value Explanation The received packet with flow label other than zero. Gateway Action none Recommended Action None. Revision Parameters flow_label Context Parameters Rule Name Packet Buffer 2.33.7. Invalid_ip6_flow (ID: 01500021) Default Severity WARNING Log Message...

  • Page 421: Invalid_Ip6_Tc (Id: 01500023)

    Chapter 2: Log Message Reference 2.33.9. Invalid_ip6_tc (ID: 01500023) Default Severity WARNING Log Message Invalid traffic class value Explanation The received packet with traffic class other than zero. Gateway Action strip Recommended Action None. Revision Parameters traffic_class Context Parameters Rule Name Packet Buffer 2.33.10.

  • Page 422: Too_Small_Packet (Id: 01500026)

    Chapter 2: Log Message Reference ipactpaylen Context Parameters Rule Name Packet Buffer 2.33.12. too_small_packet (ID: 01500026) Default Severity WARNING Log Message Packet is too small to contain IPv6 header Explanation The received packet is too small to contain an IPv6 header, and will be dropped.

  • Page 423: 2.34. Ip_Flag

    Chapter 2: Log Message Reference 2.34. IP_FLAG These log messages refer to the IP_FLAG (Events concerning the IP header flags) category. 2.34.1. ttl_low (ID: 01600001) Default Severity WARNING Log Message Received packet with too low TTL of <ttl>. Min TTL is <ttlmin>. Ignoring Explanation The received packet has a TTL (Time-To-Live) field which is too low.

  • Page 424: Hop_Limit_Low (Id: 01600004)

    Chapter 2: Log Message Reference Revision Context Parameters Rule Name Packet Buffer 2.34.4. hop_limit_low (ID: 01600004) Default Severity WARNING Log Message Received packet with too low HopLimit of <hoplimit>. Min HopLimit is <hoplimitmin>. Ignoring Explanation The received packet has a HopLimit field which is too low. Ignoring and forwarding packet anyway.

  • Page 425: 2.35. Ip_Opt

    Chapter 2: Log Message Reference 2.35. IP_OPT These log messages refer to the IP_OPT (Events concerning the IP header options) category. 2.35.1. source_route (ID: 01700001) Default Severity NOTICE Log Message Packet has a source route Explanation The packet has a source route. Ignoring. Gateway Action ignore Recommended Action...

  • Page 426: Ipopt_Present (Id: 01700004)

    Chapter 2: Log Message Reference 2.35.4. ipopt_present (ID: 01700004) Default Severity NOTICE Log Message IP Option <ipopt>(<optname>) is present Explanation The packet contains an IP Option. Ignoring. Gateway Action ignore Recommended Action None. Revision Parameters ipopt optname Context Parameters Rule Name Packet Buffer 2.35.5.

  • Page 427: Multiple_Ip_Option_Routes (Id: 01700012)

    Chapter 2: Log Message Reference Revision Parameters ipopt optlen avail Context Parameters Rule Name Packet Buffer 2.35.7. multiple_ip_option_routes (ID: 01700012) Default Severity WARNING Log Message Multiple source/return routes in IP options. Dropping Explanation There are multiple source/return routes specified among the IP Options.

  • Page 428: Source_Route_Disallowed (Id: 01700015)

    Chapter 2: Log Message Reference Log Message IP Option Type <ipopt>: Bad Source Route Pointer <routeptr>. Dropping Explanation The packet has a Source Route Pointer, which is invalid. Dropping packet. Gateway Action drop Recommended Action None. Revision Parameters ipopt routeptr Context Parameters Rule Name Packet Buffer...

  • Page 429: Bad_Timestamp_Pointer (Id: 01700018)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message IP Option Type <ipopt>: Bad length <optlen>. Dropping Explanation The packet contains an IP Option, which has an invalid lengh. Dropping packet. Gateway Action drop Recommended Action None. Revision Parameters ipopt optlen Context Parameters...

  • Page 430: Timestamp_Disallowed (Id: 01700020)

    Chapter 2: Log Message Reference tsptr oflo Context Parameters Rule Name Packet Buffer 2.35.15. timestamp_disallowed (ID: 01700020) Default Severity WARNING Log Message Timestamp IP option disallowed. Dropping Explanation The packet contains a timestamp IP Option, which is disallowed. Dropping packet. Gateway Action drop Recommended Action...

  • Page 431: Ipopt_Present_Disallowed (Id: 01700023)

    Chapter 2: Log Message Reference Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.35.18. ipopt_present_disallowed (ID: 01700023) Default Severity WARNING Log Message IP Option <ipopt>(<optname>) is present. Dropping Explanation The packet contains an IP Option, which is disallowed. Dropping packet.

  • Page 432: Small_Payload (Id: 01700041)

    Chapter 2: Log Message Reference Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name 2.35.21. small_payload (ID: 01700041) Default Severity WARNING Log Message Jumbo option packet with a payload less than 65535 Explanation Received a jumbo option packet with a payload less than 65535. Gateway Action reject Recommended Action...

  • Page 433: Invalid_Order (Id: 01700044)

    Chapter 2: Log Message Reference Context Parameters Rule Name 2.35.24. invalid_order (ID: 01700044) Default Severity WARNING Log Message Invalid Jumbogram packet option other than in hop by hop header Explanation Received a Jumbogram packet other than in hop by hop header. Gateway Action drop Recommended Action...

  • Page 434: Rcvd_Router_Alert (Id: 01700048)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Received Router Alert option Packet Explanation Received Router Alert option Packet. Gateway Action none Recommended Action None. Revision Context Parameters Rule Name 2.35.28. rcvd_router_alert (ID: 01700048) Default Severity WARNING Log Message Received Router Alert option Packet Explanation Received Router Alert option Packet.

  • Page 435: Invalid_Option (Id: 01700051)

    Chapter 2: Log Message Reference type. The option will be ignored and the rest of the packet will be processed. Gateway Action none Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.35.31. invalid_option (ID: 01700051) Default Severity WARNING Log Message Invalid IPv6 extension header option encountered.

  • Page 436: Rcvd_Ha_Option (Id: 01700054)

    Chapter 2: Log Message Reference Explanation Received Home address option Packet. Gateway Action none Recommended Action None. Revision Context Parameters Rule Name 2.35.34. rcvd_ha_Option (ID: 01700054) Default Severity WARNING Log Message Received Home address option Packet Explanation Received Home address option Packet. Gateway Action drop Recommended Action...

  • Page 437: Invalid_Padn_Data (Id: 01700057)

    Chapter 2: Log Message Reference Revision Context Parameters Rule Name 2.35.37. invalid_padN_data (ID: 01700057) Default Severity WARNING Log Message Option data containing non-zero value Explanation Option data containing non-zero value. Gateway Action strip Recommended Action None. Revision Context Parameters Rule Name 2.35.38.

  • Page 438: Mismatch_Ip_Eth (Id: 01700060)

    Chapter 2: Log Message Reference 2.35.40. mismatch_ip_eth (ID: 01700060) Default Severity WARNING Log Message IP and ethernet destination mismatch Explanation IP and ethernet destination mismatch. Gateway Action none Recommended Action None. Revision Context Parameters Rule Name 2.35.41. mismatch_ip_eth (ID: 01700061) Default Severity WARNING Log Message...

  • Page 439: Invalid_Order (Id: 01700065)

    Chapter 2: Log Message Reference Log Message Invalid Router Alert option other than in hop by hop header Explanation Received a Router Alert packet other than in hop by hop header. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name 2.35.44.

  • Page 440: More_Optcount (Id: 01700068)

    Chapter 2: Log Message Reference Recommended Action None. Revision Context Parameters Rule Name 2.35.47. more_optcount (ID: 01700068) Default Severity WARNING Log Message Number of options more than IP6MaxOPH - <optcount> Explanation Received a packet with number of options more than IP6MaxOPH. Gateway Action none Recommended Action...

  • Page 441: Ip6_Rhother (Id: 01700071)

    Chapter 2: Log Message Reference Revision Context Parameters Rule Name 2.35.50. ip6_rhother (ID: 01700071) Default Severity WARNING Log Message Routing packet with type other than 0 or 2 Explanation Received Routing packet other than 0 or 2. Gateway Action drop Recommended Action None.

  • Page 442: Ip6_Rh0 (Id: 01700075)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Routing header with type 0 packet Explanation Received Routing header type 0 packet. Gateway Action none Recommended Action None. Revision Context Parameters Rule Name 2.35.54. ip6_rh0 (ID: 01700075) Default Severity WARNING Log Message Routing header with type 0 packet...

  • Page 443: Invalid_Ip6_Exthdr (Id: 01700078)

    Chapter 2: Log Message Reference Explanation Received a packet with invalid header order. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name 2.35.57. invalid_ip6_exthdr (ID: 01700078) Default Severity WARNING Log Message Extension header length is greater than IP6ExtHdr Setting Explanation The received packet with extension header length is greater than IP6ExtHdr Setting.
  • Page 444 Chapter 2: Log Message Reference Recommended Action None. Revision Context Parameters Rule Name...

  • Page 445: 2.36. Ip_Proto

    Chapter 2: Log Message Reference 2.36. IP_PROTO These log messages refer to the IP_PROTO (IP Protocol verification events) category. 2.36.1. multicast_ethernet_ip_address_mismatch (ID: 07000011) Default Severity WARNING Log Message Received packet with a destination IP address <ip_multicast_addr> that does match Ethernet multicast address <eth_multicast_addr>...

  • Page 446: Ttl_Low (Id: 07000014)

    Chapter 2: Log Message Reference Log Message Received packet with zero TTL. Dropping Explanation A packet was received with a TTL (Time-To-Live) field set to zero, which is not allowed. Dropping packet. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.36.4.

  • Page 447: Invalid_Tcp_Header (Id: 07000019)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Configured size limit for the TCP protocol exceeded. Dropping Explanation The configured size limit for the TCP protocol was exceeded. Dropping packet. Gateway Action drop Recommended Action This can be changed under the Advanced Settings section. Revision Parameters proto...

  • Page 448: Invalid_Udp_Header (Id: 07000022)

    Chapter 2: Log Message Reference Context Parameters Rule Name Packet Buffer 2.36.9. invalid_udp_header (ID: 07000022) Default Severity WARNING Log Message Invalid header IPDataLen=<ipdatalen>, UDPTotLen=<udptotlen>. Dropping Explanation The UDP packet contains an invalid header. Dropping packet. Gateway Action drop Recommended Action None.

  • Page 449: Multicast_Ethernet_Ip_Address_Mismatch (Id: 07000033)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters ipdatalen icmpminlen Context Parameters Rule Name Packet Buffer 2.36.12. multicast_ethernet_ip_address_mismatch (ID: 07000033) Default Severity WARNING Log Message Received packet with a destination IP address <ip_multicast_addr> that does match Ethernet multicast address <eth_multicast_addr>...

  • Page 450: Oversize_Esp (Id: 07000051)

    Chapter 2: Log Message Reference 2.36.14. oversize_esp (ID: 07000051) Default Severity WARNING Log Message Configured size limit for the ESP protocol exceeded. Dropping Explanation The configured size limit for the ESP protocol was exceeded. Dropping packet. Gateway Action drop Recommended Action This can be changed under the Advanced Settings section.

  • Page 451: Oversize_Ospf (Id: 07000054)

    Chapter 2: Log Message Reference Parameters proto Context Parameters Rule Name Packet Buffer 2.36.17. oversize_ospf (ID: 07000054) Default Severity WARNING Log Message Configured size limit for the OSPF protocol exceeded. Dropping Explanation The configured size limit for the OSPF protocol was exceeded. Dropping packet.

  • Page 452: Oversize_L2Tp (Id: 07000057)

    Chapter 2: Log Message Reference Gateway Action drop Recommended Action This can be changed under the Advanced Settings section. Revision Parameters proto Context Parameters Rule Name Packet Buffer 2.36.20. oversize_l2tp (ID: 07000057) Default Severity WARNING Log Message Configured size limit for the L2TP protocol exceeded. Dropping Explanation The configured size limit for the L2TP protocol was exceeded.

  • Page 453: Hop_Limit_Low (Id: 07000060)

    Chapter 2: Log Message Reference Log Message Forward IPv6 packet with zero HopLimit. Dropping Explanation Try to forward a IPv6 packet with the HopLimit field set to zero, which is not allowed. Dropping packet. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name...

  • Page 454: Invalid_Icmp_Data_Ip_Ver (Id: 07000072)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Invalid ICMP data length. ICMPDataLen=<icmpdatalen> ICMPIPHdrMinLen=<icmpiphdrminlen>. Dropping Explanation The ICMP data is not large enough to contain an IPv4 Header. Dropping packet. Gateway Action drop Recommended Action None. Revision Parameters icmpdatalen icmpiphdrminlen Context Parameters...

  • Page 455: Invalid_Icmp_Data_Invalid_Ip_Length (Id: 07000074)

    Chapter 2: Log Message Reference Revision Parameters icmpdatalen icmphdrlen Context Parameters Rule Name Packet Buffer 2.36.28. invalid_icmp_data_invalid_ip_length (ID: 07000074) Default Severity WARNING Log Message Invalid ICMP data length. ICMPDataLen=<icmpdatalen> ICMPIPDataLen=<icmpipdatalen> ICMPIPDataMinLen=<icmpipdataminlen>. Dropping Explanation The ICMP data length is invalid. The contained IP data must be atleast 8 bytes long.

  • Page 456: Illegal_Sender_Address (Id: 07000076)

    Chapter 2: Log Message Reference 2.36.30. illegal_sender_address (ID: 07000076) Default Severity WARNING Log Message Source address does not identify a single node uniquely. Dropping Explanation The source address is ending in zeroes. Dropping packet. Gateway Action drop Recommended Action Verify that no faulty network equipment exists. Revision Context Parameters Rule Name...

  • Page 457: 2.37. L2Tp

    Chapter 2: Log Message Reference 2.37. L2TP These log messages refer to the L2TP (L2TP tunnel events) category. 2.37.1. l2tpclient_resolve_successful (ID: 02800001) Default Severity NOTICE Log Message L2TP client <iface> resolved <remotegwname> to <remotegw> Explanation The L2TP client successfully resolved the DNS name of the remote gateway.

  • Page 458: L2Tp_Connection_Disallowed (Id: 02800004)

    Chapter 2: Log Message Reference Revision Parameters iface remotegw 2.37.4. l2tp_connection_disallowed (ID: 02800004) Default Severity NOTICE Log Message L2TP connection disallowed according to rule <rule>! Tunnel ID: <tunnelid>, Session ID: <sessionid> Explanation The L2TP connection is disallowed according to the specified userauth rule.

  • Page 459: L2Tp_Session_Closed (Id: 02800007)

    Chapter 2: Log Message Reference Explanation The L2TP server received a packet that was routed to the interface by a route that was either manually configured or set up by another subsystem. Gateway Action drop Recommended Action Make sure no manually configured routes to the L2TP server interface exists in the configuration.

  • Page 460: L2Tp_Session_Request (Id: 02800010)

    Chapter 2: Log Message Reference <remotegw> on <iface> Explanation MPPE is required by the configuration but the MPPE negotiation failed. Session will be closed. Gateway Action None Recommended Action Make sure the peer is capable of MPPE encryption, or disable the MPPE requirement.

  • Page 461: L2Tp_Session_Request (Id: 02800015)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Did not find a matching userauth rule for this L2TP server! Tunnel ID: <tunnelid>, Session ID: <sessionid> Explanation The L2TP server was unsuccessful trying to find a matching userauth rule. Gateway Action None Recommended Action...

  • Page 462: Failure_Init_Radius_Accounting (Id: 02800017)

    Chapter 2: Log Message Reference 2.37.15. failure_init_radius_accounting (ID: 02800017) Default Severity WARNING Log Message Failed to send Accounting Start to RADIUS Accounting Server. Accounting will be disabled Explanation Failed to send START message to RADIUS accounting server. RADIUS accounting will be disabled for this session. Gateway Action accounting_disabled Recommended Action...

  • Page 463: Unknown_Ctrl_Conn_Id (Id: 02800020)

    Chapter 2: Log Message Reference 2.37.18. unknown_ctrl_conn_id (ID: 02800020) Default Severity WARNING Log Message Unknown Control Connection ID <ctrlconnid> from <remotegw> on tunnel <iface>. Explanation A packet with an unknown Control Connection ID was received by the L2TP interface. Gateway Action None Recommended Action None.

  • Page 464: L2Tp_Session_Request (Id: 02800045)

    Chapter 2: Log Message Reference Parameters iface ctrlconnid 2.37.21. l2tp_session_request (ID: 02800045) Default Severity NOTICE Log Message L2TP session request received. Control Connection ID: <ctrlconnid> Explanation A new session request was received on the specified tunnel. Gateway Action None Recommended Action None.

  • Page 465: Waiting_For_Ip_To_Listen_On (Id: 02800050)

    Chapter 2: Log Message Reference 2.37.24. waiting_for_ip_to_listen_on (ID: 02800050) Default Severity NOTICE Log Message L2TP server <iface> cannot start until it has an IP address to listen on Explanation The L2TP server cannot start until the L2TP interface has a proper IP address to listen on.

  • Page 466: 2.38. Lacp

    Chapter 2: Log Message Reference 2.38. LACP These log messages refer to the LACP (Link Aggregation Control Protocol) category. 2.38.1. lacp_up (ID: 07700001) Default Severity INFORMATIONAL Log Message Negotiation was successful and <physiface> was added to the <laiface> aggregation. Explanation LACP has successfully negotiated with a partner system and the specified Member interface is now fully operational.

  • Page 467: Lacp_Partner_Mismatch (Id: 07700004)

    Chapter 2: Log Message Reference Gateway Action exclude_link Recommended Action Verify that the link is operational and connected to a properly configured LACP system. Revision Parameters physiface laiface 2.38.4. lacp_partner_mismatch (ID: 07700004) Default Severity ERROR Log Message The information exchanged with the partner system on <physiface> does not match that of other configured Members of the <laiface>...

  • Page 468: Lacp_Link_Down (Id: 07700006)

    Chapter 2: Log Message Reference 2.38.6. lacp_link_down (ID: 07700006) Default Severity ERROR Log Message <physiface> appears to be down. Explanation Gateway Action exclude_link Recommended Action Revision Parameters physiface laiface 2.38.7. lacp_disabled_half_duplex (ID: 07700007) Default Severity ERROR Log Message <physiface> has been disabled because it is operating at Half Duplex which is unsupported by the Link Aggregation feature.

  • Page 469: 2.39. Natpool

    Chapter 2: Log Message Reference 2.39. NATPOOL These log messages refer to the NATPOOL (Events related to NAT Pools) category. 2.39.1. uninitialized_ippool (ID: 05600001) Default Severity ERROR Log Message NATPool <poolname> has not been initialized Explanation The NATPool is not initialized. This can happen if the NATPool contains no valid IP addresses.

  • Page 470: Out_Of_Memory (Id: 05600005)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters address poolname Context Parameters Connection 2.39.4. out_of_memory (ID: 05600005) Default Severity ERROR Log Message Out of memory while allocating NATPool state for <poolname> Explanation A state could not be allocated since the unit is out of memory. Gateway Action drop Recommended Action...

  • Page 471: Proxyarp_Failed (Id: 05600008)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters poolname 2.39.7. proxyarp_failed (ID: 05600008) Default Severity ERROR Log Message Could not add dynamic ProxyARP route. NATPool <poolname> Explanation It was not possible to dynamically add a core route for the given IP address.

  • Page 472: Registerip_Failed (Id: 05600011)

    Chapter 2: Log Message Reference been reached. NATPool subsystem must replace an active state since no lingering states exist. Gateway Action replace_active Recommended Action Increase the MAXSTATES variable for this NATPool if more concurrent states are wanted. Revision Parameters poolname num_states replacedip 2.39.10.

  • Page 473: Synchronization_Failed (Id: 05600014)

    Chapter 2: Log Message Reference Explanation Failed to fetch new Translation IP address from IP Pool. Gateway Action None Recommended Action Check configuration for NAT Pool and IP Pool. Revision Parameters poolname 2.39.13. synchronization_failed (ID: 05600014) Default Severity ERROR Log Message Failed to synchronize Translation IP address to peer Explanation Failed to synchronize Translation IP address to peer.

  • Page 474: 2.40. Ospf

    Chapter 2: Log Message Reference 2.40. OSPF These log messages refer to the OSPF (OSPF events) category. 2.40.1. internal_error (ID: 02400001) Default Severity WARNING Log Message Internal Error. Iface <iface> got IEvent <ievent> in IState <istate>. Ignored Explanation Internal error in the OSPF interface state engine. Gateway Action ignore Recommended Action...

  • Page 475: Bad_Packet_Len (Id: 02400004)

    Chapter 2: Log Message Reference failover. Gateway Action None Recommended Action Check OSPF interface configuration. Revision Parameters iface neighborid myifaceip Context Parameters Rule Name 2.40.4. bad_packet_len (ID: 02400004) Default Severity WARNING Log Message Received OSPF packet with bad length Explanation Received OSPF packet with a bad length.

  • Page 476: Area_Mismatch (Id: 02400007)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Sender source <srcip> not within interface range (<ifacerange>) Explanation Received OSPF data from a neighboring router not within the receive interface range. Gateway Action drop Recommended Action Make sure all locally attached OSPF routes are on the same network. Revision Parameters srcip...

  • Page 477: Hello_Interval_Mismatch (Id: 02400009)

    Chapter 2: Log Message Reference Parameters recv_netmask my_netmask Context Parameters Rule Name Packet Buffer 2.40.9. hello_interval_mismatch (ID: 02400009) Default Severity WARNING Log Message Hello interval mismatch. Received was <recv_interval>, mine is <my_interval>. Dropping Explanation Received OSPF data from a neighboring router with a mismatching hello interval.

  • Page 478: Hello_N_Flag_Mismatch (Id: 02400012)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Hello E-flag mismatch. Received was <recv_e_flag>, mine is <my_e_flag>. Dropping Explanation Received OSPF data from a neighboring router with mismatching E-flag (describes how AS-external-LSAs are flooded) configuration. Gateway Action drop Recommended Action Make sure all locally attached OSPF routers share the same E-flag configuration.

  • Page 479: Unknown_Lsa_Type (Id: 02400014)

    Chapter 2: Log Message Reference Revision Context Parameters Rule Name Packet Buffer 2.40.14. unknown_lsa_type (ID: 02400014) Default Severity WARNING Log Message Unknown LSA type <lsatype>. Dropping Explanation Received OSPF data from a neighbor which contained a unknown LSA. Gateway Action drop Recommended Action Check the configuration on the neighboring router.

  • Page 480: Bad_Auth_Crypto_Key_Id (Id: 02400052)

    Chapter 2: Log Message Reference Gateway Action drop Recommended Action Verify that the neighboring OSPF router share the same password. Revision Context Parameters Rule Name 2.40.17. bad_auth_crypto_key_id (ID: 02400052) Default Severity WARNING Log Message Authentication mismatch. Bad crypto key id. Received was <recv_id>, mine is <my_id>...

  • Page 481: Checksum_Mismatch (Id: 02400055)

    Chapter 2: Log Message Reference Explanation Authentication failed due to bad crypto digest. Gateway Action drop Recommended Action Verify that the neighboring OSPF router share the same crypto digest. Revision Context Parameters Rule Name 2.40.20. checksum_mismatch (ID: 02400055) Default Severity WARNING Log Message Checksum mismatch.

  • Page 482: I_Flag_Misuse (Id: 02400102)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Neighbor <neighbor> M/MS mismatch. Restarting exchange Explanation Received indication that a neighbor got the M/MS (master/slave) role wrong. Gateway Action restart Recommended Action None. Revision Parameters neighbor Context Parameters Rule Name 2.40.23.

  • Page 483: Non_Dup_Dd (Id: 02400105)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Neighbor <neighbor> replied with a unexpected sequence number. Restarting exchange Explanation Received neighbor reply with a unexpected sequence number. Gateway Action restart Recommended Action None. Revision Parameters neighbor Context Parameters Rule Name 2.40.26.

  • Page 484: Unknown_Lsa (Id: 02400107)

    Chapter 2: Log Message Reference 2.40.28. unknown_lsa (ID: 02400107) Default Severity WARNING Log Message Neighbor <neighbor> implied unknown (<lsa_type>). Restarting exchange Explanation A neighbor described an unknown LSA type. Gateway Action restart Recommended Action Check neighboring OSPF router configuration. Revision Parameters neighbor lsa_type...

  • Page 485: Lsa_Checksum_Mismatch (Id: 02400150)

    Chapter 2: Log Message Reference def_maxage Context Parameters Rule Name 2.40.31. lsa_checksum_mismatch (ID: 02400150) Default Severity WARNING Log Message LSA checksum mismatch. LSA is discarded Explanation Received LSA with mismatching checksum. Gateway Action discard Recommended Action Check network equipment for problems. Revision Context Parameters Rule Name...

  • Page 486: Bad_Lsa_Maxage (Id: 02400153)

    Chapter 2: Log Message Reference Context Parameters Rule Name 2.40.34. bad_lsa_maxage (ID: 02400153) Default Severity WARNING Log Message Bad LSA maxage (<maxage>). LSA is discarded Explanation Received LSA with a bad max age. Gateway Action discard Recommended Action None. Revision Parameters maxage Context Parameters...

  • Page 487: Db_Copy_More_Recent_Then_Received (Id: 02400156)

    Chapter 2: Log Message Reference Context Parameters Rule Name 2.40.37. db_copy_more_recent_then_received (ID: 02400156) Default Severity WARNING Log Message Received LSA(LSA-<lsa> ID:<lsaid> AdvRtr:<lsartr>) is older then DB copy. Discarding received LSA Explanation Received LSA which is older then the copy in the database. Gateway Action discard Recommended Action...

  • Page 488: Req_Packet_Lsa_Size_Mismatch (Id: 02400159)

    Chapter 2: Log Message Reference Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.40.40. req_packet_lsa_size_mismatch (ID: 02400159) Default Severity WARNING Log Message REQ packet LSA size mismatch. Parsing aborted Explanation Received OSPF REQ packet with a mismatching LSA size. Gateway Action abort Recommended Action...

  • Page 489: Unable_To_Send_Ack (Id: 02400162)

    Chapter 2: Log Message Reference Revision Parameters lsaid lsartr Context Parameters Rule Name 2.40.43. unable_to_send_ack (ID: 02400162) Default Severity CRITICAL Log Message Unable to send ACK Explanation Unable to send acknowledgement. Gateway Action alert Recommended Action Check memory consumption. Revision Context Parameters Rule Name 2.40.44.

  • Page 490: Too_Many_Neighbors (Id: 02400201)

    Chapter 2: Log Message Reference Recommended Action Check for incorrectly configured neighbors. Revision Parameters neighbor neighborid iface Context Parameters Rule Name 2.40.46. too_many_neighbors (ID: 02400201) Default Severity WARNING Log Message Too many neighbors on <iface>. Unable to maintain 2-way with all of them(hello packet) Explanation There are too many OSPF routers on a directly connected network.

  • Page 491: Internal_Error_Unable_To_Map_Identifier (Id: 02400301)

    Chapter 2: Log Message Reference Explanation Unable to find transport area for a vlink. Gateway Action skip_iface Recommended Action Check OSPF area configuration. Revision Parameters area vlink Context Parameters Rule Name 2.40.49. internal_error_unable_to_map_identifier (ID: 02400301) Default Severity WARNING Log Message Internal error: Unable to map a identifier for LSA Type:<lsatype>...

  • Page 492: 2.40.52. Memory_Usage_Exceeded_90_Percent_Of_Max_Allowed

    Chapter 2: Log Message Reference (ID: 02400303) Default Severity WARNING Log Message Memory usage for OSPF process <ospfproc> have now exceeded 70 percent of the maximum allowed Explanation The memory usage for a OSPF process have exceeded 70 percent of the maximum allowed.

  • Page 493: Internal_Lsa_Chksum_Error (Id: 02400306)

    Chapter 2: Log Message Reference Context Parameters Rule Name 2.40.54. internal_lsa_chksum_error (ID: 02400306) Default Severity CRITICAL Log Message LSA internal checksum error Explanation Internal LSA checksum error. Gateway Action alert Recommended Action Check hardware for defects. Revision Context Parameters Rule Name 2.40.55.

  • Page 494: Internal_Error_Unable_To_Find_Iface_Connecting_To_Lsa (Id: 02400402)

    Chapter 2: Log Message Reference Parameters netvtxid Context Parameters Rule Name 2.40.57. internal_error_unable_to_find_iface_connecting_to_lsa (ID: 02400402) Default Severity WARNING Log Message Internal error: Unable to find my interface connecting to described LSA (NetVtxId: <netvtxid>) Explanation Unable to find local interface connecting to described LSA. Gateway Action None Recommended Action...

  • Page 495: Internal_Error_Unable_Neighbor_Iface_Attached_Back_To_Me (Id: 02400405)

    Chapter 2: Log Message Reference Explanation Unable to find local interface connecting to descried LSA. Gateway Action None Recommended Action Contact support with a scenario description. Revision Parameters rtrvtxid Context Parameters Rule Name 2.40.60. internal_error_unable_neighbor_iface_attached_back_to_me (ID: 02400405) Default Severity WARNING Log Message Internal error: Unable to find neighbor (RtrVtxId: <rtrvtxid>) interface attached back to me...

  • Page 496: Memory_Allocation_Failure (Id: 02400500)

    Chapter 2: Log Message Reference (ID: 02400407) Default Severity WARNING Log Message Internal error: Unable to find my link connecting to described LSA (NetVtxId:<netvtxid>) Explanation Unable to find local link connected to described LSA. Gateway Action None Recommended Action Contact support with a scenario description. Revision Parameters netvtxid...
  • Page 497 Chapter 2: Log Message Reference Default Severity CRITICAL Log Message Failed to add route <route>! OSPF process should now be considered inconsistent Explanation Unable to add route. Gateway Action alert Recommended Action Check memory consumption. Revision Parameters route Context Parameters Rule Name...

  • Page 498: 2.41. Ppp

    Chapter 2: Log Message Reference 2.41. PPP These log messages refer to the PPP (PPP tunnel events) category. 2.41.1. ip_pool_empty (ID: 02500001) Default Severity WARNING Log Message IPCP can not assign IP address to peer because the IP address pool is empty Explanation IPCP can not assign an IP address to the peer because there are no...

  • Page 499: Seconday_Dns_Address_Required_But_Not_Received (Id: 02500004)

    Chapter 2: Log Message Reference Revision Parameters tunnel_type 2.41.4. seconday_dns_address_required_but_not_received (ID: 02500004) Default Severity WARNING Log Message Secondary DNS address required but not received. PPP terminated Explanation Peer refuses to give out a secondary DNS address. Since reception of a secondary DNS address is required, PPP is terminated. Gateway Action ppp_terminated Recommended Action...

  • Page 500: Failed_To_Agree_On_Authentication_Protocol (Id: 02500050)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters tunnel_type 2.41.7. failed_to_agree_on_authentication_protocol (ID: 02500050) Default Severity ERROR Log Message Failed to agree on authentication protocol. PPP terminated Explanation Failed to agree on PPP authentication protocol. PPP is terminated. Gateway Action ppp_terminated Recommended Action Review the allowed authentication protocols configured.

  • Page 501: Ppp_Tunnel_Limit_Exceeded (Id: 02500100)

    Chapter 2: Log Message Reference Gateway Action ppp_terminated Recommended Action Try to reconfigure the peer so it does not demand the use of this LCP option. Revision Parameters tunnel_type unsupported_lcp_option 2.41.10. ppp_tunnel_limit_exceeded (ID: 02500100) Default Severity ALERT Log Message PPP Tunnel license limit exceeded. PPP terminated Explanation PPP is terminated because the license restrictions do not allow any more PPP tunnels.

  • Page 502: Username_Too_Long (Id: 02500151)

    Chapter 2: Log Message Reference Gateway Action chap_response_value_truncated Recommended Action None. Revision Parameters tunnel_type 2.41.13. username_too_long (ID: 02500151) Default Severity WARNING Log Message PPP CHAP username was truncated because it was too long Explanation PPP CHAP username was truncated because it was too long. Gateway Action chap_username_truncated Recommended Action...

  • Page 503: Username_Too_Long (Id: 02500350)

    Chapter 2: Log Message Reference Parameters tunnel_type 2.41.16. username_too_long (ID: 02500350) Default Severity WARNING Log Message PPP PAP username was truncated because it was too long Explanation PPP PAP username was truncated because it was too long. Gateway Action pap_username_truncated Recommended Action Reconfigure the endpoints to use a shorter username.

  • Page 504: Authdb_Error (Id: 02500502)

    Chapter 2: Log Message Reference Default Severity ERROR Log Message Radius server authentication error. PPP Authentication terminated Explanation There was an error while authenticating using a radius server. PPP Authentication terminated. Gateway Action authentication_terminated Recommended Action None. Revision Parameters tunnel_type 2.41.20.
  • Page 505 Chapter 2: Log Message Reference Log Message MPPE decryption resulted in the unsupported protocol <protocol>. Terminating PPP Explanation MPPE decryption resulted in an unsupported protocol. IP is the only protocol supported. This either means that the decryption failed or that the peer actually sent data using an unsupported protocol. PPP is terminated.

  • Page 506: 2.42. Pppoe

    Chapter 2: Log Message Reference 2.42. PPPOE These log messages refer to the PPPOE (PPPoE tunnel events) category. 2.42.1. pppoe_tunnel_up (ID: 02600001) Default Severity NOTICE Log Message PPPoE tunnel on <iface> established to <pppoeserver>. Auth: <auth>, IfaceIP: <ifaceip>, Downtime: <downtime> Explanation The PPPoE tunnel for the interface have been established.

  • Page 507: 2.43. Pptp

    Chapter 2: Log Message Reference 2.43. PPTP These log messages refer to the PPTP (PPTP tunnel events) category. 2.43.1. pptpclient_resolve_successful (ID: 02700001) Default Severity NOTICE Log Message PPTP client <iface> resolved <remotegwname> to <remotegw> Explanation The PPTP client succesfully resolved the DNS name of remote gateway.

  • Page 508: Unknown_Pptp_Auth_Source (Id: 02700004)

    Chapter 2: Log Message Reference Recommended Action Make sure the userauth rules are configured correctly. Revision Parameters rule remotegw callid 2.43.4. unknown_pptp_auth_source (ID: 02700004) Default Severity WARNING Log Message Unknown PPTP authentication source for <rule>! Remote gateway: <remotegw>, Call ID: <callid> Explanation The authentication source for the specified userauth rule found in the new configuration is unknown to the PPTP server.

  • Page 509: Mppe_Required (Id: 02700007)

    Chapter 2: Log Message Reference Log Message PPTP server <iface> received a packet routed by a route not set up by the interface itself. Dropping packet. Explanation The PPTP server interface received a packet that was routed to the interface by a route that was either manually configured or set up by another subsystem.

  • Page 510: Pptp_Session_Request (Id: 02700009)

    Chapter 2: Log Message Reference 2.43.9. pptp_session_request (ID: 02700009) Default Severity NOTICE Log Message PPTP session request sent on control connection to <remotegw> Explanation An PPTP session request has been sent on the control connection to the specified remote gateway. Gateway Action None Recommended Action...

  • Page 511: Pptp_Session_Up (Id: 02700012)

    Chapter 2: Log Message Reference Revision Parameters callid remotegw iface 2.43.12. pptp_session_up (ID: 02700012) Default Severity WARNING Log Message PPP negotiation completed for session <callid> to <remotegw> on <iface>. User: <user>, Auth: <auth>, MPPE: <mppe>, Assigned IP: <assigned_ip> Explanation The PPP negotiation has completed successfully for this session. The specified interface, remote gateway and call ID identify the specific session.

  • Page 512: Tunnel_Idle_Timeout (Id: 02700014)

    Chapter 2: Log Message Reference 2.43.14. tunnel_idle_timeout (ID: 02700014) Default Severity WARNING Log Message PPTP tunnel to <remotegw> on <iface> has been idle for too long. Closing it. Explanation A PPTP tunnel has been idle for too long. Tunnel will be closed. Gateway Action close_tunnel Recommended Action...

  • Page 513: Pptpclient_Connected (Id: 02700018)

    Chapter 2: Log Message Reference 2.43.17. pptpclient_connected (ID: 02700018) Default Severity NOTICE Log Message PPTP client <iface> connected to <remotegw>, requesting control connection Explanation A PPTP client has established a connection to its remote gateway and is sending a control connection request message. Gateway Action None Recommended Action...

  • Page 514: Pptp_Tunnel_Up (Id: 02700021)

    Chapter 2: Log Message Reference iface remotegw 2.43.20. pptp_tunnel_up (ID: 02700021) Default Severity NOTICE Log Message PPTP tunnel on <iface> is up. Connected to server on <remotegw>. Explanation This PPTP client has established a control connection to the remote PPTP server. Gateway Action None Recommended Action...

  • Page 515: Unknown_Pptp_Auth_Source (Id: 02700025)

    Chapter 2: Log Message Reference Parameters rule iface remotegw 2.43.23. unknown_pptp_auth_source (ID: 02700025) Default Severity WARNING Log Message Unknown PPTP authentication source for <rule>!. Interface: <iface>, Remote gateway: <remotegw>. Explanation The authentication source for the specified userauth rule is unknown to the PPTP server. Gateway Action None Recommended Action...

  • Page 516: Waiting_For_Ip_To_Listen_On (Id: 02700050)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters iface remotegw error_code 2.43.26. waiting_for_ip_to_listen_on (ID: 02700050) Default Severity WARNING Log Message PPTP server <iface> cannot start until it has an IP address to listen Explanation The PPTP server cannot start until it has a proper IP address to listen Gateway Action None Recommended Action...

  • Page 517: 2.44. Radiusrelay

    Chapter 2: Log Message Reference 2.44. RADIUSRELAY These log messages refer to the RADIUSRELAY (RADIUS relay) category. 2.44.1. malformed_packet (ID: 07500001) Default Severity WARNING Log Message Malformed packet received. Explanation A malformed packet was received. Gateway Action None Recommended Action None.

  • Page 518: User_Removed_Timeout (Id: 07500004)

    Chapter 2: Log Message Reference Revision Parameters username imsi iface calledstationid 2.44.4. user_removed_timeout (ID: 07500004) Default Severity NOTICE Log Message User <username> was removed due to timeout. Explanation A user was removed because a timeout was reached. Gateway Action None Recommended Action None.

  • Page 519: Login_From_Same_Mac (Id: 07500007)

    Chapter 2: Log Message Reference Log Message User <username> was logged out. Explanation A user was logged out. Gateway Action None Recommended Action None. Revision Parameters username imsi iface 2.44.7. login_from_same_mac (ID: 07500007) Default Severity NOTICE Log Message User <newusername> is logging from in the same MAC address as <username>, logging out current user.

  • Page 520: Login_From_New_Mac (Id: 07500010)

    Chapter 2: Log Message Reference port 2.44.9. login_from_new_mac (ID: 07500010) Default Severity NOTICE Log Message User <username> is logging in from another MAC address, logging out current user. Explanation An already authenticated user is logging in from a new MAC address than before.

  • Page 521: 2.45. Realtimemonitor

    Chapter 2: Log Message Reference 2.45. REALTIMEMONITOR These log messages refer to the REALTIMEMONITOR (Real-time monitor events) category. Note The log message IDs in this category are assigned dynamically based on the realtime monitor configuration. The variable part of the ID (indicated by x below) corresponds to the assigned ID of the realtime monitor rule that triggered, e.g.

  • Page 522: Value_Below_High_Threshold (Id: 054Xxxxx)

    Chapter 2: Log Message Reference 2.45.3. value_below_high_threshold (ID: 054xxxxx) Default Severity INFORMATIONAL Log Message Firewall Monitoring. Current uptime: <uptime>. The value of: <name> is now bellow the high threshold Low threshold: <threshold> Current mean of <numbersamples>: <currentvalue>. Explanation Low threshold passed. Gateway Action None Recommended Action...

  • Page 523: 2.46. Reassembly

    Chapter 2: Log Message Reference 2.46. REASSEMBLY These log messages refer to the REASSEMBLY (Events concerning data reassembly) category. 2.46.1. ack_of_not_transmitted_data (ID: 04800002) Default Severity INFORMATIONAL Log Message TCP segment acknowledges data not yet transmitted Explanation A TCP segment that acknowledges data not yet transmitted was received.

  • Page 524: Memory_Allocation_Failure (Id: 04800005)

    Chapter 2: Log Message Reference Recommended Action Research the source of this errornous traffic. Revision Context Parameters Connection 2.46.4. memory_allocation_failure (ID: 04800005) Default Severity ERROR Log Message Can't allocate memory to keep track of a packet Explanation The gateway is unable to allocate memory to keep track of packet that was received.

  • Page 525: Processing_Memory_Limit_Reached (Id: 04800009)

    Chapter 2: Log Message Reference 2.46.7. processing_memory_limit_reached (ID: 04800009) Default Severity NOTICE Log Message Maximum processing memory limit reached Explanation The reassembly subsystem has reached the maximum limit set on its processing memory. This will decrease the performance of connections that are processed by the reassembly subsystem. Gateway Action drop Recommended Action...

  • Page 526: 2.47. Rfo

    Chapter 2: Log Message Reference 2.47. RFO These log messages refer to the RFO (Route fail over events) category. 2.47.1. has_ping (ID: 04100001) Default Severity NOTICE Log Message Interface <iface>, Table <table>, Net <net>: Route enabled, got PING reply from GW <gateway> Explanation Route is available.

  • Page 527: Unable_To_Register_Pingmon (Id: 04100004)

    Chapter 2: Log Message Reference reply from the gateway. Gateway Action route_disabled Recommended Action None. Revision Parameters iface table gateway 2.47.4. unable_to_register_pingmon (ID: 04100004) Default Severity WARNING Log Message Interface <iface>, Table <table>, Net <net>: Route no longer monitored, unable to register PING monitor Explanation Internal Error: The route is no longer monitored.

  • Page 528: Has_Arp (Id: 04100006)

    Chapter 2: Log Message Reference 2.47.6. has_arp (ID: 04100006) Default Severity NOTICE Log Message Interface <iface>, Table <table>, Net <net>: Route enabled, got ARP reply from Gateway <gateway> Explanation Route is available. Received ARP reply from the gateway. Gateway Action route_enabled Recommended Action None.

  • Page 529: Unable_To_Register_Arp_Monitor (Id: 04100009)

    Chapter 2: Log Message Reference Revision Parameters iface table gateway 2.47.9. unable_to_register_arp_monitor (ID: 04100009) Default Severity WARNING Log Message Interface <iface>, Table <table>, Net <net>: Route no longer monitored via ARP, unable to register ARP monitor Explanation Internal Error: The route is no longer monitored. Failed to register ARP Route Monitor.

  • Page 530: Unable_To_Register_Interface_Monitor (Id: 04100012)

    Chapter 2: Log Message Reference Explanation The interface has a link. Some associated routes may require ARP to be enabled. Gateway Action None Recommended Action None. Revision Parameters iface 2.47.12. unable_to_register_interface_monitor (ID: 04100012) Default Severity ERROR Log Message Interface <iface>, Table <table>, Net <net>: Route no longer monitored, unable to register interface monitor Explanation Internal Error: Route is no longer monitored.

  • Page 531: Hostmon_Successful (Id: 04100015)

    Chapter 2: Log Message Reference Default Severity NOTICE Log Message Interface <iface>, Table <table>, Net <net>: Route disabled, host monitoring failed Explanation Route is disabled. Host monitoring failed. Gateway Action route_disabled Recommended Action None. Revision Parameters iface table 2.47.15. hostmon_successful (ID: 04100015) Default Severity NOTICE Log Message...

  • Page 532: 2.48. Rule

    Chapter 2: Log Message Reference 2.48. RULE These log messages refer to the RULE (Events triggered by rules) category. 2.48.1. ruleset_fwdfast (ID: 06000003) Default Severity NOTICE Log Message Packet statelessly forwarded (fwdfast) Explanation The packet matches a rule with a "fwdfast" action, and is statelessly forwarded.

  • Page 533: Rule_Match (Id: 06000007)

    Chapter 2: Log Message Reference Context Parameters Rule Name Rule Information Packet Buffer 2.48.4. rule_match (ID: 06000007) Default Severity DEBUG Log Message RETURN action trigged Explanation A rule with a special RETURN action was trigged by an IP-rule lookup. This log message only appears if you explicitly requested it for the rule in question, and it is considered of DEBUG severity.

  • Page 534: Block127Net (Id: 06000012)

    Chapter 2: Log Message Reference section in the configuration. Revision Context Parameters Rule Name Packet Buffer 2.48.7. block127net (ID: 06000012) Default Severity WARNING Log Message Destination address is the 127.* net. Dropping Explanation The destination address was the 127.* net, which is not allowed according to the configuration.

  • Page 535: Allow_Broadcast (Id: 06000016)

    Chapter 2: Log Message Reference Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.48.10. allow_broadcast (ID: 06000016) Default Severity NOTICE Log Message Broadcast packet statelessly forwarded Explanation The broadcast packet matches a rule with a "allow" action, and is statelessly forwarded.

  • Page 536: Directed_Broadcasts (Id: 06000030)

    Chapter 2: Log Message Reference Recommended Action If this type of traffic should be dropped, modify the "Settings" section in the configuration. Revision Context Parameters Rule Name Packet Buffer 2.48.13. directed_broadcasts (ID: 06000030) Default Severity NOTICE Log Message Packet directed to the broadcast address of the destination network. Forwarding Explanation The packet was directed to the broadcast address of the destination...

  • Page 537: Ruleset_Reject_Packet (Id: 06000050)

    Chapter 2: Log Message Reference packet is dropped. Gateway Action drop Recommended Action None. Revision Parameters type vlanid Context Parameters Rule Name Packet Buffer 2.48.16. ruleset_reject_packet (ID: 06000050) Default Severity WARNING Log Message Packet rejected by rule-set. Rejecting Explanation The rule-set is configured to rejected this packet. Gateway Action reject Recommended Action...

  • Page 538: Ip4_Address_Added (Id: 06000070)

    Chapter 2: Log Message Reference Explanation A packet directed to the unit itself was received. The packet is allowed, but there is no matching state information for this packet. It is not part of any open connections, and will be dropped. Gateway Action drop Recommended Action...

  • Page 539: Ip4_Address_Removed (Id: 06000072)

    Chapter 2: Log Message Reference 2.48.21. ip4_address_removed (ID: 06000072) Default Severity INFORMATIONAL Log Message IP address <ip> removed from FQDN address <fqdn_name> used in IPPolicy <dir> filter. Explanation The IPPolicy address filter was updated by the DNS Cache. Gateway Action policy_updated Recommended Action None.

  • Page 540: Dns_Timeout (Id: 06000075)

    Chapter 2: Log Message Reference Recommended Action Verify that the FQDN address was entered correctly. Revision Parameters fqdn_name Context Parameters Rule Name 2.48.24. dns_timeout (ID: 06000075) Default Severity ERROR Log Message DNS query of FQDN address <fqdn_name> in IPPolicy <dir> filter timed out.

  • Page 541: 2.49. Services

    Chapter 2: Log Message Reference 2.49. SERVICES These log messages refer to the SERVICES (System services events) category. 2.49.1. httpposter_success (ID: 06600100) Default Severity NOTICE Log Message Success updating <host> using HTTP Poster, next update in <update_delay> seconds Explanation The HTTP Poster update failed. Gateway Action None Recommended Action...
  • Page 542 Chapter 2: Log Message Reference Gateway Action None Recommended Action None. Revision Parameters host retry_delay reason...

  • Page 543: 2.50. Sesmgr

    Chapter 2: Log Message Reference 2.50. SESMGR These log messages refer to the SESMGR (Session Manager events) category. 2.50.1. sesmgr_session_created (ID: 04900001) Default Severity NOTICE Log Message Session connected for User: <user>. Database: <database>. IP: <ip>. Type: <type>. Explanation New session created in Session Manager. Gateway Action none Recommended Action...

  • Page 544: Sesmgr_Access_Set (Id: 04900004)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters user database type 2.50.4. sesmgr_access_set (ID: 04900004) Default Severity NOTICE Log Message Access level changed to <access> for User: <user>. Database: <database>. IP: <ip>. Type: <type>. Explanation Access level has been changed for session. Gateway Action none Recommended Action...

  • Page 545: Sesmgr_Console_Denied (Id: 04900007)

    Chapter 2: Log Message Reference Log Message File upload connection denied for User: <user>. IP: <ip>. Type: <type>. Explanation Administrator session already active, file upload session denied. Gateway Action deny_upload Recommended Action Terminate administrator session and try again. Revision Parameters user type 2.50.7.

  • Page 546: Sesmgr_Session_Activate (Id: 04900010)

    Chapter 2: Log Message Reference Log Message Could not allocate memory for new session Explanation Could not allocate memory for new session. Gateway Action none Recommended Action Check memory. Revision 2.50.10. sesmgr_session_activate (ID: 04900010) Default Severity NOTICE Log Message Session has been activated for User: <user>. Database: <database>. IP: <ip>.

  • Page 547: Sesmgr_Session_Access_Missing (Id: 04900015)

    Chapter 2: Log Message Reference Log Message Could not create new console at initialization of firewall for User: <user>. Database: <database>. IP: <ip>. Type: <type>. Explanation Could not create new console at initialization of firewall. Gateway Action remove_session Recommended Action Check maximum number of sessions and consoles.

  • Page 548: Sesmgr_File_Error (Id: 04900017)

    Chapter 2: Log Message Reference 2.50.15. sesmgr_file_error (ID: 04900017) Default Severity ALERT Log Message Error accessing files. Explanation Error occured when accessing files for reading/writing. Gateway Action file_error Recommended Action Check available memory. Revision 2.50.16. sesmgr_techsupport (ID: 04900018) Default Severity NOTICE Log Message Sending technical support file.

  • Page 549: 2.51. Slb

    Chapter 2: Log Message Reference 2.51. SLB These log messages refer to the SLB (SLB events) category. 2.51.1. server_online (ID: 02900001) Default Severity NOTICE Log Message SLB Server <server_ip> is online according to monitor Explanation A disabled server has been determined to be alive again. Gateway Action Adding this server to the active servers list.

  • Page 550: 2.52. Smtplog

    Chapter 2: Log Message Reference 2.52. SMTPLOG These log messages refer to the SMTPLOG (SMTPLOG events) category. 2.52.1. unable_to_establish_connection (ID: 03000001) Default Severity WARNING Log Message Unable to establish connection to SMTP server <smtp_server>. Send aborted Explanation The unit failed to establish a connection to the SMTP server. No SMTP Log will be sent.

  • Page 551: Receive_Timeout (Id: 03000005)

    Chapter 2: Log Message Reference Parameters smtp_server 2.52.4. receive_timeout (ID: 03000005) Default Severity WARNING Log Message Receive timeout from SMTP server <smtp_server>. Send aborted Explanation The unit timed out while receiving data from the SMTP server. No SMTP Log will be sent. Gateway Action abort_sending Recommended Action...

  • Page 552: Rejected_Sender (Id: 03000008)

    Chapter 2: Log Message Reference 2.52.7. rejected_sender (ID: 03000008) Default Severity WARNING Log Message SMTP server <smtp_server> rejected sender <sender>. Send aborted Explanation The SMTP server rejected the sender. No SMTP Log will be sent. Gateway Action abort_sending Recommended Action Verify that the SMTP server is configured to accept this sender.

  • Page 553: Rejected_Message_Text (Id: 03000012)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message SMTP server <smtp_server> rejected DATA request. Send aborted Explanation The SMTP server rejected the DATA request. No SMTP Log will be sent. Gateway Action None Recommended Action Verify that the SMTP server is properly configured. Revision Parameters smtp_server...

  • Page 554: Dns_No_Record (Id: 03000022)

    Chapter 2: Log Message Reference Log Message IP address <ip> removed from FQDN address <fqdn_name> used in SMTP logger <logger>. Explanation The IP address used by [logger] has been deleted by the DNS module. Gateway Action smtplogger_updated Recommended Action None. Revision Parameters fqdn_name...

  • Page 555: Ip4_Address_Not_Added (Id: 03000025)

    Chapter 2: Log Message Reference Default Severity ERROR Log Message DNS query of FQDN address <fqdn_name> in SMTP logger <logger> failed. Explanation The system was unable to resolve the FQDN address due to an internal error. Gateway Action None Recommended Action If the problem persists, please contact the support and report this issue.
  • Page 556 Chapter 2: Log Message Reference logger...

  • Page 557: 2.53. Snmp

    Chapter 2: Log Message Reference 2.53. SNMP These log messages refer to the SNMP (Allowed and disallowed SNMP accesses) category. 2.53.1. disallowed_sender (ID: 03100001) Default Severity NOTICE Log Message Disallowed SNMP from <peer>, disallowed sender IP Explanation The sender IP address is not allowed to send SNMP data to the unit. Dropping packet.

  • Page 558: Snmp3_Local_Password_Too_Short (Id: 03100101)

    Chapter 2: Log Message Reference Revision Parameters peer Context Parameters Connection 2.53.4. snmp3_local_password_too_short (ID: 03100101) Default Severity NOTICE Log Message Disallowed SNMP from <peer>, local password is too short Explanation SNMPv3 specification RFC3414 ch. 11.2 demands that the passowrd is at least 8 characters. System will not allow SNMPv3 requests as long as the local password is too short.

  • Page 559: Snmp3_Message_Intended_For_Other_System (Id: 03100104)

    Chapter 2: Log Message Reference Gateway Action drop Recommended Action Make sure the security level of the SNMP client match the security level of the system. Revision Parameters peer Context Parameters Connection 2.53.7. snmp3_message_intended_for_other_system (ID: 03100104) Default Severity WARNING Log Message Disallowed SNMP from <peer>, message was intended for another system Explanation...

  • Page 560: Snmp3_Bad_Version (Id: 03100107)

    Chapter 2: Log Message Reference Default Severity NOTICE Log Message Disallowed SNMP from <peer>, message is outside of the Time Window +/-150 seconds Explanation According to SNMPv3 specification RFC3414 a message containing engine time that differs more than +/-150 seconds from current time is to be dropped to prevent replay attacks.

  • Page 561: Snmp3_Decryption_Failed (Id: 03100109)

    Chapter 2: Log Message Reference 2.53.12. snmp3_decryption_failed (ID: 03100109) Default Severity WARNING Log Message Disallowed SNMP from <peer>, decryption failed Explanation The SNMP decryption failed. Gateway Action drop Recommended Action Check that peer uses correct cipher. Revision Parameters peer Context Parameters Connection 2.53.13.

  • Page 562: 2.54. Sshd

    Chapter 2: Log Message Reference 2.54. SSHD These log messages refer to the SSHD (SSH Server events) category. 2.54.1. out_of_mem (ID: 04700001) Default Severity ERROR Log Message Out of memory Explanation Memory Allocation Failure. System is running low on RAM memory. Gateway Action close Recommended Action...

  • Page 563: Error_Occurred (Id: 04700005)

    Chapter 2: Log Message Reference 2.54.4. error_occurred (ID: 04700005) Default Severity ERROR Log Message <error> occurred with the connection from client <client>. Explanation An error occurred, and the connection will be closed. Gateway Action close Recommended Action None. Revision Parameters error client 2.54.5.

  • Page 564: Invalid_Username_Change (Id: 04700025)

    Chapter 2: Log Message Reference Log Message Username change is not allowed. From name <fromname> to <toname> client. Client: <client> Explanation User changed the username between two authentication phases, which is not allowed. Closing connection. Gateway Action close Recommended Action None.

  • Page 565: Ssh_Inactive_Timeout_Expired (Id: 04700036)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message SSH Login grace timeout (<gracetime> seconds) expired, closing connection. Client: <client> Explanation The client failed to login within the given login grace time. Closing connection. Gateway Action close Recommended Action Increase the grace timeout value if it is set too low.

  • Page 566: Key_Algo_Not_Supported. (Id: 04700055)

    Chapter 2: Log Message Reference Default Severity ERROR Log Message DSA signature verification for client <client> failed. Explanation The client DSA signuature could not be verified. Closing connection. Gateway Action close Recommended Action None. Revision Parameters client 2.54.14. key_algo_not_supported. (ID: 04700055) Default Severity ERROR Log Message...

  • Page 567: Client_Disallowed (Id: 04700061)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Maximum number of connected SSH clients (<maxclients>) has been reached. Denying acces for client: <client>. Explanation The maximum number of simultaneously connected SSH clients has been reached. Denying access for this attempt, and closing the connection.

  • Page 568: Scp_Failed_Not_Admin (Id: 04704000)

    Chapter 2: Log Message Reference 2.54.19. scp_failed_not_admin (ID: 04704000) Default Severity NOTICE Log Message Administrator access could not set for session from this ip: <ip> Explanation SCP transfers can only be used if sessions has administrator access. Closing connection. Gateway Action close Recommended Action If there are other active administrator session, they might...

  • Page 569: 2.55. Sslvpn

    Chapter 2: Log Message Reference 2.55. SSLVPN These log messages refer to the SSLVPN (SSLVPN events.) category. 2.55.1. sslvpn_session_created (ID: 06300010) Default Severity INFORMATIONAL Log Message Session created <remoteip>:<remoteport>-><localip>:<localport> at <ssliface> Explanation Session created [remoteip]:[remoteport]->[localip]:[localport] at [ssliface]. Gateway Action None Recommended Action None.

  • Page 570: Failure_Init_Radius_Accounting (Id: 06300013)

    Chapter 2: Log Message Reference reached. Explanation SSL VPN can not create session. Maximun allowed SSLVPN tunnels reached. Gateway Action None Recommended Action None. Revision 2.55.4. failure_init_radius_accounting (ID: 06300013) Default Severity WARNING Log Message Failed to send Accounting Start to RADIUS Accounting Server. Accouting will be disabled.

  • Page 571: User_Disconnected (Id: 06300205)

    Chapter 2: Log Message Reference Log Message Unknown SSL VPN authentication source for <rule>! Remote gateway: <remotegw> Explanation The authentication source for the specified userauth rule found in the new configuration is unknown to the SSL VPN server. Closing down the SSL VPN connection. Gateway Action sslvpn_connection_closed Recommended Action...

  • Page 572: Sslvpn_No_Userauth_Rule_Found (Id: 06300226)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message Unknown SSL VPN authentication source for <rule>!. Interface: <iface>, Remote gateway: <remotegw>. Explanation The authentication source for the specified userauth rule is unknown to the SSL VPN server. Gateway Action None Recommended Action Make sure the userauth rules are configured correctly.

  • Page 573: 2.56. System

    Chapter 2: Log Message Reference 2.56. SYSTEM These log messages refer to the SYSTEM (System-wide events: startup, shutdown, etc..) category. 2.56.1. demo_expired (ID: 03200020) Default Severity EMERGENCY Log Message The unit will no longer operate, as the demo period has expired. Install a license in order to avoid this.

  • Page 574: Demo_Mode (Id: 03200023)

    Chapter 2: Log Message Reference Parameters reason time 2.56.4. demo_mode (ID: 03200023) Default Severity ALERT Log Message DEMO mode resumed at the count of <time> seconds. Reason: <reason>. Explanation DEMO mode resumed at the count of [time] seconds. Reason: [reason]. Gateway Action shutdown_soon Recommended Action...

  • Page 575: Invalid_Ip_Match_Access_Section (Id: 03200110)

    Chapter 2: Log Message Reference 2.56.7. invalid_ip_match_access_section (ID: 03200110) Default Severity WARNING Log Message Failed to verify IP address as per ACCESS section. Dropping Explanation The IP address was not verified according to the ACCESS section. Gateway Action drop Recommended Action None.

  • Page 576: Port_Bind_Failed (Id: 03200300)

    Chapter 2: Log Message Reference Explanation The system has identified a Hardware Watchdog and initialized it. Gateway Action none Recommended Action None. Revision Parameters hardware_watchdog_chip watchdog_timeout 2.56.11. port_bind_failed (ID: 03200300) Default Severity ALERT Log Message Out of memory while tying to allocate dynamic port for local IP <localip>...

  • Page 577: Port_Llm_Conversion (Id: 03200303)

    Chapter 2: Log Message Reference Log Message Using High Load Mode for Local IP <localip> Destination IP <destip> pair Explanation Mode for Local IP - Destination IP pair has changed to High Load because of heavy traffic. Gateway Action None Recommended Action None.

  • Page 578: Ssl_Encryption_Failed (Id: 03200450)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message <logcnt> log messages lost due to log buffer exhaustion Explanation Due to extensive logging, a number of log messages was not sent. Gateway Action None Recommended Action Examine why the unit sent such a large amount of log messages. If this is normal activity, the "LogSendPerSec"...

  • Page 579: Disk_Cannot_Remove (Id: 03200603)

    Chapter 2: Log Message Reference Default Severity ERROR Log Message Failed to open newly uploaded configuration file <new_cfg> Explanation The unit failed to open the uploaded configuration file. Gateway Action None Recommended Action Verify that the disk media is intact. Revision Parameters new_cfg...

  • Page 580: Core_Switch_Fail (Id: 03200606)

    Chapter 2: Log Message Reference Explanation For reasons specified in earlier log events, the unit failed to switch to the new configuration and will continue to use the present configuration. Gateway Action None Recommended Action Consult the recommended action in the previous log message, which contained a more detailed error description.

  • Page 581: User_Blocked (Id: 03200802)

    Chapter 2: Log Message Reference Explanation IP Rules or Policies have been altered due to changes in the configuration. Gateway Action None Recommended Action None. Revision Parameters date 2.56.26. user_blocked (ID: 03200802) Default Severity NOTICE Log Message Login for user <database>:<username> has failed: currently in blocked state for the next <blockedremaining>...

  • Page 582: Config_Activation (Id: 03201020)

    Chapter 2: Log Message Reference Log Message Shutdown aborted. Core file <core> missing Explanation The unit was issued a shutdown command, but no core executable file is seen. The shutdown process is aborted. Gateway Action shutdown_gateway_aborted Recommended Action Verify that the disk media is intact. Revision Parameters shutdown...

  • Page 583: Startup_Echo (Id: 03202001)

    Chapter 2: Log Message Reference Log Message Firewall starting. Core: <corever>. Build: <build>. Current uptime: <uptime>. Using configuration file <cfgfile>, version <localcfgver> <remotecfgver>. Previous shutdown: <previous_shutdown> Explanation The firewall is starting up. Gateway Action None Recommended Action None. Revision Parameters corever build uptime...

  • Page 584: Admin_Login (Id: 03203000)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters shutdown 2.56.34. admin_login (ID: 03203000) Default Severity NOTICE Log Message Administrative user <username> logged in via <authsystem>. Access level: <access_level> Explanation An administrative user has logged in to the configuration system. Gateway Action None Recommended Action...

  • Page 585: Admin_Login_Failed (Id: 03203002)

    Chapter 2: Log Message Reference 2.56.36. admin_login_failed (ID: 03203002) Default Severity WARNING Log Message Administrative user <username> failed to log in via <authsystem>, because of bad credentials Explanation An administrative user failed to log in to configuration system. This is most likely due to an invalid entered username or password. Gateway Action disallow_admin_access Recommended Action...

  • Page 586: Activate_Changes_Failed (Id: 03204000)

    Chapter 2: Log Message Reference Default Severity NOTICE Log Message SSL VPN user <username> logged in via <authsystem>. Explanation An SSL VPN user has logged in to the SSL VPN user page. Gateway Action None Recommended Action None. Revision Parameters authsystem username userdb...

  • Page 587: Reject_Configuration (Id: 03204002)

    Chapter 2: Log Message Reference config_system 2.56.41. reject_configuration (ID: 03204002) Default Severity NOTICE Log Message configuration rejected user <username> from <config_system> <client_ip>. Explanation The new configuration has been rejected. Gateway Action reconfiguration_using_old_config Recommended Action None. Revision Parameters username userdb" client_ip config_system 2.56.42.

  • Page 588: Admin_Login_Group_Mismatch (Id: 03206001)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters authsystem username userdb client_ip access_level 2.56.44. admin_login_group_mismatch (ID: 03206001) Default Severity WARNING Log Message Administrative user <username> allowed access <authsystem> Explanation The user does not have proper administration access to the configuration system.

  • Page 589: Admin_Authsource_Timeout (Id: 03206003)

    Chapter 2: Log Message Reference 2.56.46. admin_authsource_timeout (ID: 03206003) Default Severity ERROR Log Message Remote <authsource> server(s) could not be reached when attempting to authenticate administrative user <username>. Explanation The unit did not receive a response from the authentication servers, and the authentication process failed.

  • Page 590: Bad_User_Credentials (Id: 03207011)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters Method Context Parameters User Authentication 2.56.49. bad_user_credentials (ID: 03207011) Default Severity NOTICE Log Message Unable to decode authentication Explanation REST API call failed. Unable to decode authentication. Gateway Action None Recommended Action None.
  • Page 591 Chapter 2: Log Message Reference Gateway Action None Recommended Action None. Revision Parameters Method Context Parameters User Authentication...

  • Page 592: 2.57. Tcp_Flag

    Chapter 2: Log Message Reference 2.57. TCP_FLAG These log messages refer to the TCP_FLAG (Events concerning the TCP header flags) category. 2.57.1. tcp_flags_set (ID: 03300001) Default Severity NOTICE Log Message The TCP <good_flag> and <bad_flag> flags are set. Allowing Explanation The possible combinations for these flags are: SYN URG, SYN PSH, SYN RST, SYN FIN and FIN URG.

  • Page 593: Tcp_Flag_Set (Id: 03300004)

    Chapter 2: Log Message Reference Default Severity NOTICE Log Message The TCP <bad_flag> flag is set. Ignoring Explanation The TCP flag is set. Ignoring. Gateway Action ignore Recommended Action None. Revision Parameters bad_flag Context Parameters Rule Name Packet Buffer 2.57.4. tcp_flag_set (ID: 03300004) Default Severity NOTICE Log Message...

  • Page 594: Tcp_Flag_Set (Id: 03300009)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message The TCP <good_flag> and <bad_flag> flags are set. Dropping Explanation The possible combinations for these flags are: SYN URG, SYN PSH, SYN RST, SYN FIN and FIN URG. Gateway Action drop Recommended Action If any of these combinations should either be ignored or having the...

  • Page 595: Mismatched_Syn_Resent (Id: 03300011)

    Chapter 2: Log Message Reference Parameters flags endpoint state Context Parameters Rule Name Connection Packet Buffer 2.57.9. mismatched_syn_resent (ID: 03300011) Default Severity WARNING Log Message Mismatched syn "resent" with seq <seqno>, expected <origseqno>. Dropping Explanation Mismatching sequence numbers. Dropping packet. Gateway Action drop Recommended Action...

  • Page 596: Rst_Out_Of_Bounds (Id: 03300015)

    Chapter 2: Log Message Reference Log Message SYNACK packet with seq <seqno>. Expected <expectseqno>. Dropping Explanation Mismatching sequence numbers. Dropping packet. Gateway Action drop Recommended Action None. Revision Parameters seqno expectseqno Context Parameters Rule Name Connection Packet Buffer 2.57.12. rst_out_of_bounds (ID: 03300015) Default Severity WARNING Log Message...

  • Page 597: Unacceptable_Ack (Id: 03300017)

    Chapter 2: Log Message Reference Parameters seqno accstart accend Context Parameters Rule Name Connection Packet Buffer 2.57.14. unacceptable_ack (ID: 03300017) Default Severity NOTICE Log Message TCP acknowledgement <ack> is not in the acceptable range <accstart>-<accend>. Dropping Explanation A TCP segment with an unacceptable acknowledgement number was received during state SYN_SENT.

  • Page 598: Tcp_Recv_Windows_Drained (Id: 03300022)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message TCP sequence number <seqno> is not in the acceptable range <accstart>-<accend>. Dropping Explanation A TCP segment with an unacceptable sequence number was received. The packet will be dropped. Gateway Action drop Recommended Action None.

  • Page 599: Tcp_Get_Freesocket_Failed (Id: 03300024)

    Chapter 2: Log Message Reference Recommended Action If the system is configured to use TCP based ALGs, increase the amount of maximum sessions parameter on the associated service. Revision Parameters max_windows [num_events] 2.57.19. tcp_get_freesocket_failed (ID: 03300024) Default Severity WARNING Log Message System was not able to get a free socket.

  • Page 600: 2.58. Tcp_Opt

    Chapter 2: Log Message Reference 2.58. TCP_OPT These log messages refer to the TCP_OPT (Events concerning the TCP header options) category. 2.58.1. tcp_mss_too_low (ID: 03400001) Default Severity NOTICE Log Message TCP MSS <mss> too low. TCPMSSMin=<minmss> Explanation The TCP MSS is too low. Ignoring. Gateway Action ignore Recommended Action...

  • Page 601: Tcp_Mss_Too_High (Id: 03400004)

    Chapter 2: Log Message Reference Explanation The TCP MSS is too high. Ignoring. Gateway Action None Recommended Action None. Revision Parameters tcpopt maxmss Context Parameters Rule Name Packet Buffer 2.58.4. tcp_mss_too_high (ID: 03400004) Default Severity NOTICE Log Message TCP MSS <mss> too high. TCPMSSMax=<maxmss>. Adjusting Explanation The TCP MSS is too high.

  • Page 602: Tcp_Option (Id: 03400006)

    Chapter 2: Log Message Reference Packet Buffer 2.58.6. tcp_option (ID: 03400006) Default Severity NOTICE Log Message Packet has a type <tcpopt> TCP option Explanation The packet has a TCP Option of the specified type. Ignoring. Gateway Action ignore Recommended Action None.

  • Page 603: Bad_Tcpopt_Length (Id: 03400011)

    Chapter 2: Log Message Reference Parameters tcpopt minoptlen avail Context Parameters Rule Name Packet Buffer 2.58.9. bad_tcpopt_length (ID: 03400011) Default Severity WARNING Log Message Type <tcpopt> claims length=<len> bytes, avail=<avail> bytes. Dropping Explanation The TCP Option type does not fit in the option space. Dropping packet.

  • Page 604: Tcp_Mss_Too_High (Id: 03400014)

    Chapter 2: Log Message Reference Default Severity WARNING Log Message TCP MSS <mss> too low. TCPMSSMin=<minmss>. Dropping Explanation The TCP MSS is too low. Dropping packet. Gateway Action drop Recommended Action None. Revision Parameters tcpopt minmss Context Parameters Rule Name Packet Buffer 2.58.12.

  • Page 605: Tcp_Null_Flags (Id: 03400016)

    Chapter 2: Log Message Reference Packet Buffer 2.58.14. tcp_null_flags (ID: 03400016) Default Severity WARNING Log Message Packet has no SYN, ACK, FIN or RST flag set. Dropping Explanation The packet has no SYN, ACK, FIN or RST flag set. Dropping packet. Gateway Action drop Recommended Action...

  • Page 606: Mismatching_Tcp_Window_Scale (Id: 03400019)

    Chapter 2: Log Message Reference Context Parameters Connection Packet Buffer 2.58.17. mismatching_tcp_window_scale (ID: 03400019) Default Severity WARNING Log Message Mismatching TCP window scale shift count. Expected <old> got <new> will use <effective> Explanation TCP segment with a window scale option specifying a different shift count than previous segments was received.

  • Page 607: 2.59. Threshold

    Chapter 2: Log Message Reference 2.59. THRESHOLD These log messages refer to the THRESHOLD (Threshold rule events) category. 2.59.1. conn_threshold_exceeded (ID: 05300100) Default Severity WARNING Log Message Connection threshold <description> exceeded <threshold>. Source IP: <srcip>. Closing connection Explanation The source ip is opening up new connections too fast. Gateway Action closing_connection Recommended Action...

  • Page 608: Failed_To_Keep_Connection_Count (Id: 05300200)

    Chapter 2: Log Message Reference Gateway Action None Recommended Action Investigate worms and DoS attacks. Revision Parameters description threshold srcip Context Parameters Rule Name 2.59.4. failed_to_keep_connection_count (ID: 05300200) Default Severity ERROR Log Message Failed to keep connection count. Reason: Out of memory Explanation The device was unable to allocate resources needed to include the connection in the connection count kept by threshold rules.

  • Page 609: Threshold_Conns_From_Srcip_Exceeded (Id: 05300211)

    Chapter 2: Log Message Reference <srcip> exceeds <threshold>. Explanation The number of connections matching the threshold rule and originating from a single host exceeds the configured threshold. Note: This log message is rate limited via an exponential back-off procedure. Gateway Action none Recommended Action None.

  • Page 610: Threshold_Conns_From_Filter_Exceeded (Id: 05300213)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters threshold srcip [username] Context Parameters Rule Name 2.59.9. threshold_conns_from_filter_exceeded (ID: 05300213) Default Severity NOTICE Log Message The number of connections matching the rule exceeds <threshold>. The Offending host is <srcip>. Explanation The number of connections matching the threshold rule exceeds the configured threshold.

  • Page 611: 2.60. Timesync

    Chapter 2: Log Message Reference 2.60. TIMESYNC These log messages refer to the TIMESYNC (Firewall time synchronization events) category. 2.60.1. synced_clock (ID: 03500001) Default Severity NOTICE Log Message The clock at <oldtime>, was off by <clockdrift> second(s) and synchronized with <timeserver> to <newtime> Explanation The clock has been synchronized with the time server.

  • Page 612: Leaving_Daylight_Saving (Id: 03500010)

    Chapter 2: Log Message Reference Revision Parameters clockdrift timeserver interval 2.60.4. leaving_daylight_saving (ID: 03500010) Default Severity NOTICE Log Message Leaving Daylight saving time and switching to non-DST time zone. Explanation Automatic DST is activated and time is adjusted by the system. Gateway Action None Recommended Action...
  • Page 613 Chapter 2: Log Message Reference Parameters location...

  • Page 614: 2.61. Transparency

    Chapter 2: Log Message Reference 2.61. TRANSPARENCY These log messages refer to the TRANSPARENCY (Events concerning the Transparent Mode feature) category. 2.61.1. impossible_hw_sender_address (ID: 04400410) Default Severity WARNING Log Message Impossible hardware sender address 0000:0000:0000. Dropping. Explanation Some equipment on the network is sending packets with a source MAC address of 0000:0000:0000.

  • Page 615: Enet_Hw_Sender_Broadcast (Id: 04400413)

    Chapter 2: Log Message Reference Gateway Action rewrite Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.61.4. enet_hw_sender_broadcast (ID: 04400413) Default Severity WARNING Log Message Ethernet hardware sender is a broadcast address. Dropping. Explanation The Ethernet hardware sender address is a broadcast address. The packet will be dropped.

  • Page 616: Enet_Hw_Sender_Multicast (Id: 04400416)

    Chapter 2: Log Message Reference Explanation The Ethernet hardware sender address is a multicast address. The packet will be rewritten with the hardware sender address of the forwarding interface. Gateway Action rewrite Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.61.7.

  • Page 617: Invalid_Stp_Frame (Id: 04400419)

    Chapter 2: Log Message Reference Log Message Dropping STP frame from <recvif> Explanation An incoming STP frame has been dropped. Gateway Action drop Recommended Action None. Revision Parameters recvif 2.61.10. invalid_stp_frame (ID: 04400419) Default Severity WARNING Log Message Incoming STP frame from <recvif> dropped. Reason: <reason> Explanation An incoming Spanning-Tree frame has been dropped since it is either malformed or its type is unknown.

  • Page 618: Invalid_Mpls_Packet (Id: 04400422)

    Chapter 2: Log Message Reference Default Severity INFORMATIONAL Log Message Dropping MPLS packet from <recvif> Explanation An incoming MPLS packet has been dropped. Gateway Action drop Recommended Action None. Revision Parameters recvif 2.61.13. invalid_mpls_packet (ID: 04400422) Default Severity WARNING Log Message Incoming MPLS packet on <recvif>...

  • Page 619: 2.62. Userauth

    Chapter 2: Log Message Reference 2.62. USERAUTH These log messages refer to the USERAUTH (User authentication (e.g. RADIUS) events) category. 2.62.1. accounting_start (ID: 03700001) Default Severity INFORMATIONAL Log Message Successfully received RADIUS Accounting START response from RADIUS Accounting server Explanation The unit received a valid response to an Accounting-Start event from the Accounting Server.

  • Page 620: Invalid_Accounting_Start_Server_Response (Id: 03700004)

    Chapter 2: Log Message Reference Gateway Action accounting_disabled Recommended Action Verify that the RADIUS Accounting server daemon is running on the Accounting Server. Revision Context Parameters User Authentication 2.62.4. invalid_accounting_start_server_response (ID: 03700004) Default Severity ALERT Log Message Received an invalid RADIUS Accounting START response from RADIUS Accounting server.

  • Page 621: Failed_To_Send_Accounting_Stop (Id: 03700007)

    Chapter 2: Log Message Reference Log Message Logging out the authenticated user, as an invalid RADIUS Accounting START response was received from RADIUS Accounting server Explanation The authenticated user is logged out as an invalid response to the Accounting-Start event was received from the Accounting Server. Gateway Action logout_user Recommended Action...

  • Page 622: Invalid_Accounting_Stop_Server_Response (Id: 03700009)

    Chapter 2: Log Message Reference gigawrapsent gigawraprecv sestime Context Parameters User Authentication 2.62.9. invalid_accounting_stop_server_response (ID: 03700009) Default Severity WARNING Log Message Received a RADIUS Accounting STOP response with an Identifier mismatch. Ignoring this packet Explanation The unit received a response with an invalid Identifier mismatch. This can be the result of a busy network, causing accounting event re-sends.

  • Page 623: Failure_Init_Radius_Accounting (Id: 03700012)

    Chapter 2: Log Message Reference Accounting server. User statistics might not have been updated on the Accounting Server Explanation The unit received an invalid response to an Accounting-Stop event from the Accounting Server. Accounting information might not have been propery received by the Accounting Server. Gateway Action None Recommended Action...

  • Page 624: User_Timeout (Id: 03700020)

    Chapter 2: Log Message Reference Default Severity ALERT Log Message Did not send a RADIUS Accounting START request. Accounting has been disabled Explanation The unit did not send an Accounting-Start event to the Accounting Server. Accounting features will be disabled. This could be a result of missing a route from the unit to the Accounting Server.

  • Page 625: Accounting_Alive (Id: 03700050)

    Chapter 2: Log Message Reference 2.62.17. accounting_alive (ID: 03700050) Default Severity NOTICE Log Message Successfully received RADIUS Accounting Interim response from RADIUS Accounting server. Bytes sent=<bytessent>, Bytes recv=<bytesrecv>, Packets sent=<packetssent>, Packets recv=<packetsrecv>, Session time=<sestime> Explanation The unit successfully received a RADIUS Accounting Interim response to an Accounting-Interim request event from the Accounting Server.

  • Page 626: Invalid_Accounting_Interim_Server_Response (Id: 03700053)

    Chapter 2: Log Message Reference Default Severity ALERT Log Message Did not receive a RADIUS Accounting Interim response. User statistics might not have been updated on the Accounting Server Explanation The unit did not receive a response to an Accounting-Interim event from the Accounting Server.

  • Page 627: Relogin_From_New_Srcip (Id: 03700100)

    Chapter 2: Log Message Reference Revision Context Parameters User Authentication 2.62.22. relogin_from_new_srcip (ID: 03700100) Default Severity WARNING Log Message User with the same username is logging in from another IP address, logging out current instance Explanation A user with the same username as an already authenticated user is logging in.

  • Page 628: Bad_User_Credentials (Id: 03700104)

    Chapter 2: Log Message Reference Parameters idle_timeout session_timeout [groups] Context Parameters User Authentication 2.62.25. bad_user_credentials (ID: 03700104) Default Severity NOTICE Log Message Unknown user or invalid password Explanation A user failed to log in. The entered username or password was invalid.

  • Page 629: Userauthrules_Disallowed (Id: 03700107)

    Chapter 2: Log Message Reference Revision Context Parameters User Authentication 2.62.28. userauthrules_disallowed (ID: 03700107) Default Severity WARNING Log Message Denied access according to UserAuthRules rule-set Explanation The user is not allowed to authenticate according to the UserAuthRules rule-set. Gateway Action None Recommended Action None.

  • Page 630: Ldap_Session_New_Out_Of_Memory (Id: 03700401)

    Chapter 2: Log Message Reference Context Parameters User Authentication 2.62.31. ldap_session_new_out_of_memory (ID: 03700401) Default Severity ALERT Log Message Out of memory while trying to allocate new LDAP session Explanation The unit failed to allocate a LDAP session, as it is out of memory. Gateway Action None Recommended Action...

  • Page 631: Ldap_Context_New_Out_Of_Memory (Id: 03700405)

    Chapter 2: Log Message Reference Log Message LDAP Authentication failed for <user> Explanation Authentication attempt failed. Gateway Action None Recommended Action None. Revision Parameters user 2.62.35. ldap_context_new_out_of_memory (ID: 03700405) Default Severity ALERT Log Message Out of memory while trying to allocate new LDAP Context Explanation The unit failed to allocate a LDAP Context, as it is out of memory.

  • Page 632: Invalid_Username_Or_Password (Id: 03700408)

    Chapter 2: Log Message Reference Recommended Action Check configuration. Revision Parameters database 2.62.38. invalid_username_or_password (ID: 03700408) Default Severity ERROR Log Message Invalid provided username or password Explanation Username or password does not contain any information. Gateway Action authentication_failed Recommended Action Verify connecting client username and password.

  • Page 633: Ldap_No_Working_Server_Found (Id: 03700424)

    Chapter 2: Log Message Reference 2.62.41. ldap_no_working_server_found (ID: 03700424) Default Severity NOTICE Log Message LDAP no working server found Explanation LDAP no working server found. Gateway Action None Recommended Action None. Revision Parameters SessionID user 2.62.42. no_shared_ciphers (ID: 03700500) Default Severity ERROR Log Message SSL Handshake: No shared ciphers exists.

  • Page 634: Bad_Packet_Order (Id: 03700502)

    Chapter 2: Log Message Reference Revision Parameters client_ip 2.62.44. bad_packet_order (ID: 03700502) Default Severity ERROR Log Message Bad SSL Handshake packet order. Closing down SSL connection Explanation Two or more SSL Handshake message were received in the wrong order, and the SSL connection is closed. Gateway Action ssl_close Recommended Action...

  • Page 635: Bad_Clientkeyexchange_Msg (Id: 03700505)

    Chapter 2: Log Message Reference Parameters client_ip 2.62.47. bad_clientkeyexchange_msg (ID: 03700505) Default Severity ERROR Log Message SSL Handshake: Bad ClientKeyExchange message. Closing down SSL connection Explanation The ClientKeyExchange message (which is a part of a SSL handshake) is invalid, and the SSL connection is closed. Gateway Action ssl_close Recommended Action...

  • Page 636: Unknown_Ssl_Error (Id: 03700508)

    Chapter 2: Log Message Reference 2.62.50. unknown_ssl_error (ID: 03700508) Default Severity ERROR Log Message Unknown SSL error. Closing down SSL connection Explanation An unknown error occured in the SSL connection, and the SSL connection is closed. Gateway Action ssl_close Recommended Action None.

  • Page 637: Sent_Sslalert (Id: 03700511)

    Chapter 2: Log Message Reference description 2.62.53. sent_sslalert (ID: 03700511) Default Severity ERROR Log Message Sent SSL Alert. Closing down SSL connection Explanation The unit has sent a SSL Alert message to the client, due to some abnormal event. The connection will be closed down. Gateway Action close Recommended Action...

  • Page 638: User_Login (Id: 03707002)

    Chapter 2: Log Message Reference Recommended Action None. Revision Context Parameters User Authentication 2.62.56. user_login (ID: 03707002) Default Severity NOTICE Log Message User logged in. Idle timeout: <idle_timeout>, Session timeout: <session_timeout> Explanation A user logged in and has been granted access. The MAC address has been found.

  • Page 639: Bad_User_Credentials (Id: 03707005)

    Chapter 2: Log Message Reference Recommended Action Verify that the LDAP Authentication server daemon is running on the Authenication Server. Revision Context Parameters User Authentication 2.62.59. bad_user_credentials (ID: 03707005) Default Severity NOTICE Log Message Unknown user Explanation A user failed to log in. Gateway Action None Recommended Action...

  • Page 640: 2.63. Vfs

    Chapter 2: Log Message Reference 2.63. VFS These log messages refer to the VFS (VFS file handling events) category. 2.63.1. odm_execute_failed (ID: 05200001) Default Severity NOTICE Log Message Usage of file "<filename>" failed. File validated as "<description>". Explanation An uploaded file ([filename]) was validated as "[description]". An error occured while using this file.

  • Page 641: Odm_Execute_Action_None (Id: 05200004)

    Chapter 2: Log Message Reference Recommended Action None. Revision Parameters filename description 2.63.4. odm_execute_action_none (ID: 05200004) Default Severity NOTICE Log Message Uploaded file (<filename>) could not be recognized as a known type. Explanation An uploaded file could not be recognized as a known type. Gateway Action None Recommended Action...

  • Page 642: Upload_Certificate_Fail (Id: 05200007)

    Chapter 2: Log Message Reference Recommended Action Make sure that the certificate data is of the correct format. Revision Parameters filename 2.63.7. upload_certificate_fail (ID: 05200007) Default Severity NOTICE Log Message Certificate data in file <filename>, could not be added to the configuration Explanation Certificate data could not be added to the configuration.

  • Page 643: Secaas_Lic_Installation_Failed (Id: 05208003)

    Chapter 2: Log Message Reference Revision 2.63.10. secaas_lic_installation_failed (ID: 05208003) Default Severity EMERGENCY Log Message License file could not be installed. Explanation None. Gateway Action None Recommended Action None. Revision...

  • Page 644: 2.64. Zonedefense

    Chapter 2: Log Message Reference 2.64. ZONEDEFENSE These log messages refer to the ZONEDEFENSE (ZoneDefense events) category. 2.64.1. unable_to_allocate_send_entries (ID: 03800001) Default Severity WARNING Log Message Unable to allocate send entry. Sending of request to <switch> abandoned. Explanation Unable to allocate send entry. Unit is low on RAM. Gateway Action no_msg_sent Recommended Action...

  • Page 645: Switch_Out_Of_Ip_Profiles (Id: 03800004)

    Chapter 2: Log Message Reference 2.64.4. switch_out_of_ip_profiles (ID: 03800004) Default Severity WARNING Log Message Unable to accommodate block request since out of IP profiles on <switch>. Explanation There are no free IP profiles left on the switch. No more hosts can be be blocked/excluded on this switch.

  • Page 646: No_Response_Trying_To_Create_Rule (Id: 03800007)

    Chapter 2: Log Message Reference 2.64.7. no_response_trying_to_create_rule (ID: 03800007) Default Severity CRITICAL Log Message No response from switch <switch> while trying to create <type> rule in profile <profile>. Explanation Several attempts to create a rule in the switch has timed out. No more attempts will be made.

  • Page 647: No_Response_Trying_To_Erase_Profile (Id: 03800010)

    Chapter 2: Log Message Reference 2.64.10. no_response_trying_to_erase_profile (ID: 03800010) Default Severity CRITICAL Log Message No response from switch <switch> while trying to erase <type> profile <profile>. Explanation Several attempts to erase a profile in the switch has timed out. No more attempts will be made.

  • Page 648: Timeout_Saving_Configuration (Id: 03800013)

    Chapter 2: Log Message Reference 2.64.13. timeout_saving_configuration (ID: 03800013) Default Severity CRITICAL Log Message Timeout to save configuration on <switch>. Explanation Several attempts to save the configuration in the switch has timed out. No more attempts will be made. Gateway Action None Recommended Action Verify that the firewall is able to communicate with the switch.

  • Page 649: Zonedefense_Table_Exhausted (Id: 03800016)

    Chapter 2: Log Message Reference 2.64.16. zonedefense_table_exhausted (ID: 03800016) Default Severity WARNING Log Message Unable to accommodate block request since free space in Zone Defense table is exhausted. Explanation Number of free row in Zone Defense table is 0. Can not block more hosts.

  • Page 650: Enabling_Zonedefense_Failed (Id: 03800019)

    Chapter 2: Log Message Reference 2.64.19. enabling_zonedefense_failed (ID: 03800019) Default Severity CRITICAL Log Message ZoneDefense has failed to be enabled on <switch>. Explanation An attempt to automatically enable the ZoneDefense feaure has been made but failed. No further attempts will be made. Gateway Action None Recommended Action...
  • Page 651 Chapter 2: Log Message Reference...
  • Page 652 Chapter 2: Log Message Reference...

This manual is also suitable for:

Dfl-860eDfl-2560gDfl-870Dfl-1660Dfl-2560

Table of Contents