Download Print this page

D-Link NetDefend SOHO DFL-160 Reference Manual

Utm firewall
Hide thumbs

Advertisement

Quick Links

UTM Firewall
SOHO
Log Reference Guide
DFL-160
Security
Security
Ver 2.27.00
Network Security Solution http://www.dlink.com.tw

Advertisement

loading

  Related Manuals for D-Link NetDefend SOHO DFL-160

  Summary of Contents for D-Link NetDefend SOHO DFL-160

  • Page 1 UTM Firewall SOHO Log Reference Guide DFL-160 Security Security Ver 2.27.00 Network Security Solution http://www.dlink.com.tw...
  • Page 2 Log Reference Guide D-Link DFL-160 Firewall NetDefendOS Version 2.27.00 D-Link Corporation No. 289, Sinhu 3rd Rd, Neihu District, Taipei City 114, Taiwan R.O.C. http://www.DLink.com Published 2010-05-25 Copyright © 2010...
  • Page 3 D-Link reserves the right to revise this publication and to make changes from time to time in the content hereof without any obligation to notify any person or parties of such revision or changes.
  • Page 4: Table Of Contents

    Table of Contents Preface .......................22 1. Introduction .....................24 1.1. Log Message Structure ................24 1.2. Context Parameters .................26 1.3. Severity levels ..................30 2. Log Message Reference ..................32 2.1. ALG ....................33 2.1.1. alg_session_open (ID: 00200001) ...........33 2.1.2. alg_session_closed (ID: 00200002) ..........33 2.1.3. max_line_length_exceeded (ID: 00200003) ........33 2.1.4.
  • Page 5 Log Reference Guide 2.1.51. base64_decode_failed (ID: 00200164) ...........51 2.1.52. base64_decode_failed (ID: 00200165) ...........51 2.1.53. blocked_filetype (ID: 00200166) ...........52 2.1.54. content_type_mismatch (ID: 00200167) .........52 2.1.55. max_email_size_reached (ID: 00200170) ........53 2.1.56. content_type_mismatch_mimecheck_disabled (ID: 00200171) ...53 2.1.57. all_recipient_email_ids_are_in_blocklist (ID: 00200172) ....54 2.1.58. out_of_memory (ID: 00200175) ............54 2.1.59.
  • Page 6 Log Reference Guide 2.1.113. option_value_invalid (ID: 00200354) ...........74 2.1.114. option_value_invalid (ID: 00200355) ...........75 2.1.115. option_tsize_invalid (ID: 00200356) ..........75 2.1.116. unknown_option_blocked (ID: 00200357) ........75 2.1.117. option_tsize_invalid (ID: 00200358) ..........76 2.1.118. unknown_option_blocked (ID: 00200359) ........76 2.1.119. option_not_sent (ID: 00200360) ..........77 2.1.120. option_value_invalid (ID: 00200361) ...........77 2.1.121.
  • Page 7 Log Reference Guide 2.1.176. pptp_tunnel_established_server (ID: 00200610) ......97 2.2. ANTIVIRUS ..................98 2.2.1. virus_found (ID: 05800001) ............98 2.2.2. virus_found (ID: 05800002) ............98 2.2.3. excluded_file (ID: 05800003) ............99 2.2.4. decompression_failed (ID: 05800004) ..........99 2.2.5. decompression_failed (ID: 05800005) ..........99 2.2.6. compression_ratio_violation (ID: 05800006) ........100 2.2.7.
  • Page 8 Log Reference Guide 2.6.13. udp_src_port_0_illegal (ID: 00600021) ........121 2.6.14. udp_src_port_0_forwarded (ID: 00600022) ........121 2.6.15. conn_usage (ID: 00600023) ............121 2.6.16. active_data (ID: 00600100) ............122 2.6.17. passive_data (ID: 00600101) ............122 2.6.18. active_data (ID: 00600102) ............122 2.6.19. passive_data (ID: 00600103) ............123 2.7.
  • Page 9 Log Reference Guide 2.9.10. request_with_bad_udp_checksum (ID: 00900011) ......142 2.9.11. lease_timeout (ID: 00900012) ............ 143 2.9.12. lease_timeout (ID: 00900013) ............ 143 2.9.13. pool_depleted (ID: 00900014) ............ 143 2.9.14. sending_offer (ID: 00900015) ............ 144 2.9.15. pool_depleted (ID: 00900016) ............ 144 2.9.16. request_for_non_offered_ip (ID: 00900017) ........144 2.9.17.
  • Page 10 Log Reference Guide 2.11.16. idp_failscan (ID: 01300016) ............. 167 2.12. IDPUPDATE ..................168 2.12.1. idp_db_update_failure (ID: 01400001) ......... 168 2.12.2. idp_database_downloaded (ID: 01400002) ........168 2.12.3. idp_db_already_up_to_date (ID: 01400003) ........168 2.12.4. idp_db_update_denied (ID: 01400004) ......... 168 2.12.5. idp_detects_invalid_system_time (ID: 01400005) ......169 2.12.6.
  • Page 11 Log Reference Guide 2.14.29. ipsec_started_successfully (ID: 01800214) ........189 2.14.30. Failed_to_add_certificate (ID: 01800302) ........189 2.14.31. Default_IKE_DH_groups_will_be_used (ID: 01800303) ....189 2.14.32. failed_to_set_algorithm_properties (ID: 01800304) ...... 189 2.14.33. failed_to_set_algorithm_properties (ID: 01800305) ...... 190 2.14.34. failed_to_add_root_certificate (ID: 01800306) ......190 2.14.35. dns_resolve_failed (ID: 01800308) ..........190 2.14.36.
  • Page 12 Log Reference Guide 2.14.91. create_rules_failed (ID: 01802081) ..........207 2.14.92. no_authentication_method_specified (ID: 01802100) ....208 2.14.93. no_key_method_configured_for tunnel (ID: 01802102) ....208 2.14.94. invalid_configuration_of_force_open (ID: 01802104) ....208 2.14.95. invalid_rule_setting (ID: 01802105) ........... 209 2.14.96. invalid_rule_setting (ID: 01802106) ........... 209 2.14.97.
  • Page 13 Log Reference Guide 2.14.154. outofmem_create_engine (ID: 01802901) ........226 2.14.155. init_rulelooklup_failed (ID: 01802903) ........226 2.14.156. init_rule_looklup_failed (ID: 01802904) ........226 2.14.157. init_rule_looklup_failed (ID: 01802905) ........227 2.14.158. init_mutexes_failed (ID: 01802906) ......... 227 2.14.159. init_interface_table_failed (ID: 01802907) ........ 227 2.14.160. init_flow_id_table_failed (ID: 01802908) ........227 2.14.161.
  • Page 14 Log Reference Guide 2.17.8. bad_length (ID: 01700013) ............245 2.17.9. bad_route_pointer (ID: 01700014) ..........245 2.17.10. source_route_disallowed (ID: 01700015) ........246 2.17.11. multiple_ip_option_timestamps (ID: 01700016) ......246 2.17.12. bad_timestamp_len (ID: 01700017) ........... 246 2.17.13. bad_timestamp_pointer (ID: 01700018) ........247 2.17.14. bad_timestamp_pointer (ID: 01700019) ........247 2.17.15.
  • Page 15 Log Reference Guide 2.21.1. ip_pool_empty (ID: 02500001) ........... 267 2.21.2. ip_address_required_but_not_received (ID: 02500002) ....267 2.21.3. primary_dns_address_required_but_not_received (ID: 02500003) ..267 2.21.4. seconday_dns_address_required_but_not_received (ID: 02500004) ... 268 2.21.5. primary_nbns_address_required_but_not_received (ID: 02500005) ... 268 2.21.6. seconday_nbns_address_required_but_not_received (ID: 02500006) . 268 2.21.7. failed_to_agree_on_authentication_protocol (ID: 02500050) .... 269 2.21.8.
  • Page 16 Log Reference Guide 2.25.1. ruleset_fwdfast (ID: 06000003) ..........287 2.25.2. ip_verified_access (ID: 06000005) ..........287 2.25.3. rule_match (ID: 06000006) ............287 2.25.4. rule_match (ID: 06000007) ............288 2.25.5. block0net (ID: 06000010) ............288 2.25.6. block0net (ID: 06000011) ............288 2.25.7. block127net (ID: 06000012) ............289 2.25.8.
  • Page 17 Log Reference Guide 2.28.20. disk_cannot_rename (ID: 03200604) .......... 308 2.28.21. cfg_switch_fail (ID: 03200605) ..........308 2.28.22. core_switch_fail (ID: 03200606) ..........308 2.28.23. bidir_ok (ID: 03200607) ............308 2.28.24. shutdown (ID: 03201000) ............309 2.28.25. shutdown (ID: 03201010) ............309 2.28.26. shutdown (ID: 03201011) ............309 2.28.27.
  • Page 18 Log Reference Guide 2.31.2. failure_communicate_with_timeservers (ID: 03500002) ....331 2.31.3. clockdrift_too_high (ID: 03500003) ..........331 2.32. TRANSPARENCY ................333 2.32.1. impossible_hw_sender_address (ID: 04400410) ......333 2.32.2. enet_hw_sender_broadcast (ID: 04400411) ........333 2.32.3. enet_hw_sender_broadcast (ID: 04400412) ........333 2.32.4. enet_hw_sender_broadcast (ID: 04400413) ........334 2.32.5.
  • Page 19 Log Reference Guide 2.33.47. bad_clientkeyexchange_msg (ID: 03700505) ....... 353 2.33.48. bad_clientfinished_msg (ID: 03700506) ........353 2.33.49. bad_alert_msg (ID: 03700507) ..........354 2.33.50. unknown_ssl_error (ID: 03700508) ..........354 2.33.51. negotiated_cipher_does_not_permit_the_chosen_certificate_size (ID: 03700509) ..................354 2.33.52. received_sslalert (ID: 03700510) ..........354 2.33.53. sent_sslalert (ID: 03700511) ............. 355...
  • Page 20 List of Tables 1. Abbreviations ....................23...
  • Page 21 List of Examples 1. Log Message Parameters ..................22 2. Conditional Log Message Parameters ..............22...
  • Page 22: Preface

    Preface Audience The target audience for this reference guide consists of: • Administrators that are responsible for configuring and managing a NetDefendOS installation. • Administrators that are responsible for troubleshooting a NetDefendOS installation. This guide assumes that the reader is familiar with NetDefendOS and understands the fundamentals of IP network security.
  • Page 23 Abbreviations Preface Table 1. Abbreviations Abbreviation Full name Application Layer Gateway Address Resolution Protocol DHCP Dynamic Host Configuration Protocol Domain Name System Encapsulating Security Payload File Transfer Protocol High Availability HTTP Hyper Text Transfer Protocol ICMP Internet Control Message Protocol Intrusion Detection Prevention System Internet Protocol IPSec...
  • Page 24: Introduction

    Chapter 1. Introduction • Log Message Structure, page 24 • Context Parameters, page 26 • Severity levels, page 30 This guide is a reference for all log messages generated by NetDefendOS. It is designed to be a valuable information source for both management and troubleshooting. 1.1.
  • Page 25 1.1. Log Message Structure Chapter 1. Introduction is never actually included in the log message. Explanation A detailed explanation of the event. Note that this information is only featured in this reference guide, and is never actually included in the log message. Gateway Action A short string, 1-3 words separated by _, of what action NetDefendOS will take.
  • Page 26: 1.2. Context Parameters

    1.2. Context Parameters Chapter 1. Introduction 1.2. Context Parameters In many cases, information regarding a certain object is featured in the log message. This can be information about, for example, a connection. In this case, the log message should, besides all the normal log message attributes, also include information about which protocol is used, source and destination IP addresses and ports (if applicable), and so on.
  • Page 27 Connection Chapter 1. Introduction [srcport] The source port. Valid if the protocol is TCP or UDP. [destport] The destination port. Valid if the protocol is TCP or UDP. [tcphdrlen] The TCP header length. Valid if the protocol is TCP. [udptotlen] The total UDP data length.
  • Page 28: User Authentication

    Dropped Fragments Chapter 1. Introduction Specifies the name and a description of the signature that triggered this event. Note For IDP log messages an additional log receiver, an SMTP log receiver, can be configured. This information is only sent to log receives of that kind, and not included in the Syslog format.
  • Page 29 Route Chapter 1. Introduction from Originating router process. Destination router process. Route Additional information about a route. route Route network. routeiface Route destination interface. routegw Route gateway. routemetric Route metric (cost).
  • Page 30: 1.3. Severity Levels

    1.3. Severity levels Chapter 1. Introduction 1.3. Severity levels An event has a default severity level, based on how serious the event is. The following eight severity levels are possible, as defined by the Syslog protocol: 0 - Emergency Emergency conditions, which most likely led to the system being unusable.
  • Page 31 1.3. Severity levels Chapter 1. Introduction...
  • Page 32 Chapter 2. Log Message Reference • ALG, page 33 • ANTIVIRUS, page 98 • ARP, page 107 • AVUPDATE, page 113 • BUFFERS, page 116 • CONN, page 117 • DHCP, page 124 • DHCPRELAY, page 130 • DHCPSERVER, page 140 •...
  • Page 33: Log Message Reference

    2.1. ALG Chapter 2. Log Message Reference • TRANSPARENCY, page 333 • USERAUTH, page 338 Sort Order All log messages are sorted by their category and then by their ID number. 2.1. ALG These log messages refer to the ALG (Events from Application Layer Gateways) category. 2.1.1.
  • Page 34: Alg_Session_Allocation_Failure (Id: 00200009)

    2.1.4. alg_session_allocation_failure Chapter 2. Log Message Reference (ID: 00200009) connection will be closed. Gateway Action close Recommended Action If the maximum line length is configued too low, increase it. Revision Parameters Context Parameters ALG Module Name ALG Session ID 2.1.4. alg_session_allocation_failure (ID: 00200009) Default Severity CRITICAL Log Message...
  • Page 35: Unknown_Client_Data_Received (Id: 00200105)

    2.1.7. unknown_client_data_received Chapter 2. Log Message Reference (ID: 00200105) ALG name: <algname>. Explanation The unit failed parsing the requested URL. The reason for this is problaby because the requested URL has an invalid format, or it contains invalid UTF8 formatted characters. Gateway Action close Recommended Action...
  • Page 36: Invalid_Chunked_Encoding (Id: 00200107)

    2.1.9. invalid_chunked_encoding (ID: Chapter 2. Log Message Reference 00200107) Context Parameters ALG Module Name ALG Session ID 2.1.9. invalid_chunked_encoding (ID: 00200107) Default Severity WARNING Log Message HTTPALG: The server sent invalid chunked encoding. Closing connection. ALG name: <algname>. Explanation The data received from the server was sent in chunked mode, but it was not properly formatted.
  • Page 37: Max_Http_Sessions_Reached (Id: 00200110)

    2.1.12. max_http_sessions_reached Chapter 2. Log Message Reference (ID: 00200110) be closed. Gateway Action close Recommended Action Research the source of this, and try to find out why the server is sending compressed data. Revision Parameters algname Context Parameters ALG Module Name ALG Session ID 2.1.12.
  • Page 38: Content_Type_Mismatch (Id: 00200113)

    2.1.15. content_type_mismatch (ID: Chapter 2. Log Message Reference 00200113) Log Message HTTPALG: Failed to connect to the HTTP Server. Closing connection. ALG name: <algname>. Explanation The unit failed to connect to the HTTP Server, resulting in that the ALG session could not be successfully opened. Gateway Action close Recommended Action...
  • Page 39: Max_Download_Size_Reached (Id: 00200116)

    2.1.18. max_download_size_reached Chapter 2. Log Message Reference (ID: 00200116) Default Severity ERROR Log Message HTTPALG: Web Content Filtering disabled Explanation Web Content Filtering has been disabled due to license restriction. Gateway Action no_valid_license Recommended Action Extend valid time for Content Filtering. Revision Context Parameters ALG Module Name...
  • Page 40: Out_Of_Memory (Id: 00200118)

    2.1.20. out_of_memory (ID: 00200118) Chapter 2. Log Message Reference ALG Session ID 2.1.20. out_of_memory (ID: 00200118) Default Severity CRITICAL Log Message HTTPALG: Failed to allocate memory Explanation The unit does not have enough available RAM. WCF could not allocate memory for override functionality. Gateway Action none Recommended Action...
  • Page 41: Wcf_Server_Unreachable (Id: 00200121)

    2.1.23. wcf_server_unreachable (ID: Chapter 2. Log Message Reference 00200121) 2.1.23. wcf_server_unreachable (ID: 00200121) Default Severity ERROR Log Message HTTPALG: Failed to connect to web content server <failedserver> Explanation Web Content Filtering was unable to connect to the Web Content Filtering server. The system will try to contact one of the backup servers.
  • Page 42: Wcf_Primary_Fallback (Id: 00200124)

    2.1.27. request_url (ID: 00200125) Chapter 2. Log Message Reference 2.1.26. wcf_primary_fallback (ID: 00200124) Default Severity INFORMATIONAL Log Message HTTPALG: Falling back from secondary servers to primary server Explanation Web Content Filtering falls back to primary server after 60 minutes or when a better server has been detected.
  • Page 43: Wcf_Server_Auth_Failed (Id: 00200127)

    2.1.29. wcf_server_auth_failed (ID: Chapter 2. Log Message Reference 00200127) Parameters categories audit override algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2.1.29. wcf_server_auth_failed (ID: 00200127) Default Severity ERROR Log Message HTTPALG: Failed to authenticate with WCF server Explanation The WCF service could not authenticate with the WCF server.
  • Page 44: Out_Of_Memory (Id: 00200130)

    2.1.32. out_of_memory (ID: 00200130) Chapter 2. Log Message Reference Gateway Action allow_audit_mode Recommended Action None. Revision Parameters categories audit override algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2.1.32. out_of_memory (ID: 00200130) Default Severity CRITICAL Log Message HTTPALG: Failed to allocate memory Explanation The unit does not have enough available RAM.
  • Page 45: Url_Reclassification_Request (Id: 00200133)

    2.1.35. url_reclassification_request Chapter 2. Log Message Reference (ID: 00200133) Log Message HTTPALG: User requests the forbidden URL <url>, eventhough Restricted Site Notice was applied. ALG name: <algname>. Explanation The URL has been requested and the categories are forbidden. Restricted Site Notice was applied. Gateway Action allow Recommended Action...
  • Page 46: Request_Url (Id: 00200136)

    2.1.37. request_url (ID: 00200136) Chapter 2. Log Message Reference Revision Parameters categories audit override user algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2.1.37. request_url (ID: 00200136) Default Severity NOTICE Log Message HTTPALG: Requesting URL <url>. Categories: <categories>. Audit: <audit>.
  • Page 47: Restricted_Site_Notice (Id: 00200138)

    2.1.39. restricted_site_notice (ID: Chapter 2. Log Message Reference 00200138) user algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2.1.39. restricted_site_notice (ID: 00200138) Default Severity WARNING Log Message HTTPALG: User requests the forbidden URL <url>, eventhough Restricted Site Notice was applied. ALG name: <algname>. Explanation The URL has been requested and the categories are forbidden.
  • Page 48: Wcf_Mem_Optimized (Id: 00200140)

    2.1.41. wcf_mem_optimized (ID: Chapter 2. Log Message Reference 00200140) ALG Session ID 2.1.41. wcf_mem_optimized (ID: 00200140) Default Severity DEBUG Log Message HTTPALG: Optimizing WCF memory usage Explanation The Web Content Filtering subsystem has optimized its memory usage and freed up some memory. This is a normal condition and does not affect functionality nor performance.
  • Page 49: Failed_Create_New_Session (Id: 00200152)

    2.1.44. failed_create_new_session (ID: Chapter 2. Log Message Reference 00200152) Revision Parameters sender_email_address Context Parameters ALG Module Name ALG Session ID 2.1.44. failed_create_new_session (ID: 00200152) Default Severity CRITICAL Log Message SMTPALG: Failed to create new SMTPALG session (out of memory) Explanation An attempt to create a new SMTPALG session failed.
  • Page 50: Sender_Email_Id_Mismatched (Id: 00200157)

    2.1.47. sender_email_id_mismatched Chapter 2. Log Message Reference (ID: 00200157) Context Parameters Connection ALG Module Name ALG Session ID 2.1.47. sender_email_id_mismatched (ID: 00200157) Default Severity WARNING Log Message SMTPALG: Mismatching sender address Explanation The SMTP "MAIL FROM:" command does not match the "From:" header.
  • Page 51: Some_Recipient_Email_Ids_Are_In_Blocklist (Id: 00200160)

    2.1.50. some_recipient_email_ids_are_in_blocklist Chapter 2. Log Message Reference (ID: 00200160) Recommended Action None. Revision Parameters sender_email_address recipient_email_addresses Context Parameters ALG Module Name ALG Session ID 2.1.50. some_recipient_email_ids_are_in_blocklist (ID: 00200160) Default Severity WARNING Log Message SMTPALG: Some recipients email id are in Black List Explanation Since some "RCPT TO:"...
  • Page 52: Blocked_Filetype (Id: 00200166)

    2.1.53. blocked_filetype (ID: 00200166) Chapter 2. Log Message Reference Default Severity ERROR Log Message SMTPALG: Base 64 decode failed. Attachment is allowed Explanation The data sent to Base64 decoding failed. This can occur if the email sender sends incorrectly formatted data. Fail-mode is set to allow so date will be forwared.
  • Page 53: Max_Email_Size_Reached (Id: 00200170)

    2.1.55. max_email_size_reached (ID: Chapter 2. Log Message Reference 00200170) Recommended Action None. Revision Parameters filename filetype sender_email_address recipient_email_addresses Context Parameters ALG Module Name ALG Session ID 2.1.55. max_email_size_reached (ID: 00200170) Default Severity WARNING Log Message SMTPALG: Maximum email size limit <max_email_size>kb reached Explanation Email body and all attachments size of email has crossed the limitation.
  • Page 54: All_Recipient_Email_Ids_Are_In_Blocklist (Id: 00200172)

    2.1.57. all_recipient_email_ids_are_in_blocklist Chapter 2. Log Message Reference (ID: 00200172) ALG Session ID 2.1.57. all_recipient_email_ids_are_in_blocklist (ID: 00200172) Default Severity WARNING Log Message SMTPALG: All recipients e-mail addresses are in Black List Explanation Since "RCPT TO:" email ids are in Black List, SMTP ALG rejected the client request.
  • Page 55: Dnsbl_Init_Error (Id: 00200177)

    2.1.60. dnsbl_init_error (ID: 00200177) Chapter 2. Log Message Reference Parameters sender_email_address recipient_email_addresses Context Parameters ALG Module Name ALG Session ID 2.1.60. dnsbl_init_error (ID: 00200177) Default Severity ERROR Log Message DNSbl internal error Explanation The email could not be checked for spam. Email will be processed without spam checks.
  • Page 56: Failed_Send_Reply_Code (Id: 00200181)

    2.1.63. failed_send_reply_code (ID: Chapter 2. Log Message Reference 00200181) ALG Session ID 2.1.63. failed_send_reply_code (ID: 00200181) Default Severity ERROR Log Message SMTPALG: Could not send error code to client Explanation The SMTP ALG failed to send an error response code to the client. Gateway Action none Recommended Action...
  • Page 57: Cmd_Pipelined (Id: 00200186)

    2.1.67. smtp_state_violation (ID: Chapter 2. Log Message Reference 00200190) 2.1.66. cmd_pipelined (ID: 00200186) Default Severity ERROR Log Message SMTPALG: Received pipelined request. Explanation The SMTP ALG does not support pipelined requests. The appearance of this log message indicates that the client used PIPELINING even though it was removed from capability list.
  • Page 58: Illegal_Data_Direction (Id: 00200202)

    2.1.69. illegal_data_direction (ID: Chapter 2. Log Message Reference 00200202) Context Parameters ALG Module Name ALG Session ID 2.1.69. illegal_data_direction (ID: 00200202) Default Severity ERROR Log Message FTPALG: TCP data from <peer> not allowed in this direction. Closing connection Explanation TCP Data was sent in an invalid direction, and the connection will be closed.
  • Page 59: Illegal_Chars (Id: 00200210)

    2.1.72. illegal_chars (ID: 00200210) Chapter 2. Log Message Reference Revision Context Parameters ALG Module Name ALG Session ID Rule Information Connection 2.1.72. illegal_chars (ID: 00200210) Default Severity WARNING Log Message FTPALG: 8 bit characters in control channel from <peer> not allowed. Closing connection Explanation 8 bit characters were discovered in the control channel.
  • Page 60: Illegal_Command (Id: 00200213)

    2.1.75. illegal_command (ID: Chapter 2. Log Message Reference 00200213) Default Severity WARNING Log Message FTPALG: Failed to parse command from <peer> as a FTP command. String=<string>. Closing connection Explanation An invalid command was received on the control channel. This is not allowed, and the connection will be closed.
  • Page 61: Illegal_Command (Id: 00200215)

    2.1.77. illegal_command (ID: Chapter 2. Log Message Reference 00200215) Recommended Action If the client should be allowed to do active FTP, modify the FTPALG configuration. Revision Parameters peer Context Parameters ALG Module Name ALG Session ID Connection 2.1.77. illegal_command (ID: 00200215) Default Severity WARNING Log Message...
  • Page 62: Illegal_Port_Number (Id: 00200217)

    2.1.79. illegal_port_number (ID: Chapter 2. Log Message Reference 00200217) 2.1.79. illegal_port_number (ID: 00200217) Default Severity CRITICAL Log Message FTPALG: Illegal PORT command from <peer>, port <port> not allowed. String=<string>. Rejecting command Explanation An illegal "PORT" command was received from the client. It requests that the server should connect to a port which is out of range.
  • Page 63: Illegal_Direction1 (Id: 00200220)

    2.1.82. illegal_direction1 (ID: Chapter 2. Log Message Reference 00200220) rejected. Gateway Action rejecting_command Recommended Action If the client should be allowed to do issue "SITE EXEC" commands, modify the FTPALG configuration. Revision Parameters peer Context Parameters ALG Module Name ALG Session ID Connection 2.1.82.
  • Page 64: Illegal_Option (Id: 00200222)

    2.1.84. illegal_option (ID: 00200222) Chapter 2. Log Message Reference 2.1.84. illegal_option (ID: 00200222) Default Severity WARNING Log Message FTPALG: Invalid OPTS argument from <peer>. String=<string>. Rejecting command. Explanation An invalid OPTS argument was received. The argument does not start with an alphabetic letter, and the command will be rejected. Gateway Action rejecting_command Recommended Action...
  • Page 65: Illegal_Command (Id: 00200225)

    2.1.87. illegal_command (ID: Chapter 2. Log Message Reference 00200225) Recommended Action If unknown commands should be allowed, modify the FTPALG configuration. Revision Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2.1.87. illegal_command (ID: 00200225) Default Severity WARNING Log Message FTPALG: Illegal command from <peer>.
  • Page 66: Illegal_Reply (Id: 00200228)

    2.1.90. illegal_reply (ID: 00200230) Chapter 2. Log Message Reference 2.1.89. illegal_reply (ID: 00200228) Default Severity WARNING Log Message FTPALG: Illegal numerical reply (<reply>) from <peer>. String=<string>. Closing connection. Explanation An illegal numerical reply was received from server, and the connection will be closed. Gateway Action close Recommended Action...
  • Page 67: Illegal_Reply (Id: 00200232)

    2.1.92. illegal_reply (ID: 00200232) Chapter 2. Log Message Reference Gateway Action close Recommended Action None. Revision Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2.1.92. illegal_reply (ID: 00200232) Default Severity WARNING Log Message FTPALG: Reply 229 (extended passive mode) from <peer> is not allowed.
  • Page 68: Bad_Ip (Id: 00200234)

    2.1.94. bad_ip (ID: 00200234) Chapter 2. Log Message Reference ALG Session ID Connection 2.1.94. bad_ip (ID: 00200234) Default Severity CRITICAL Log Message FTPALG: Invalid IP <ip4addr>, Server IP is <ip4addr_server>. String=<string>. Closing connection. Explanation The FTP Server requests that the client should connect to another IP that it's own.
  • Page 69: Failed_To_Send_Port (Id: 00200237)

    2.1.97. failed_to_send_port (ID: Chapter 2. Log Message Reference 00200237) Log Message FTPALG: Failed to create server data connection. Peer=<peer> Connection=<connection> Explanation An error occured when creating server data connection. Gateway Action None Recommended Action None. Revision Parameters peer connection Context Parameters ALG Module Name ALG Session ID Connection...
  • Page 70: Max_Ftp_Sessions_Reached (Id: 00200241)

    2.1.100. max_ftp_sessions_reached Chapter 2. Log Message Reference (ID: 00200241) Default Severity ERROR Log Message FTPALG: Internal Error - failed to merge conns. Closing connection Explanation An internal error occured when two connections were being merged into one, and the connection will be closed. Gateway Action close Recommended Action...
  • Page 71: Content_Type_Mismatch (Id: 00200250)

    2.1.103. content_type_mismatch (ID: Chapter 2. Log Message Reference 00200250) Default Severity ERROR Log Message FTPALG: Failed to connect to the FTP Server. Closing connection Explanation The unit failed to connect to the FTP Server, resulting in that the ALG session could not be successfully opened. Gateway Action close Recommended Action...
  • Page 72: Blocked_Filetype (Id: 00200253)

    2.1.106. blocked_filetype (ID: Chapter 2. Log Message Reference 00200253) Log Message FTPALG: The file <filename> (File type: <filetype> ) cannot be sent to antivirus scan engine. Explanation The data cannot be sent to AVSE for scanning since file transfer begins from within the middle of the file. The scanning process will fail for compressed files.
  • Page 73: Failed_To_Send_Response_Code (Id: 00200255)

    2.1.108. failed_to_send_response_code Chapter 2. Log Message Reference (ID: 00200255) Parameters filename filetype Context Parameters ALG Module Name ALG Session ID 2.1.108. failed_to_send_response_code (ID: 00200255) Default Severity NOTICE Log Message FTPALG:Failed to send the response code. Explanation The FTP ALG could not send the correct response code to the client. Gateway Action none Recommended Action...
  • Page 74: Packet_Failed_Traversal_Test (Id: 00200351)

    2.1.111. packet_failed_traversal_test Chapter 2. Log Message Reference (ID: 00200351) Revision Parameters packet_length Context Parameters ALG Module Name Connection 2.1.111. packet_failed_traversal_test (ID: 00200351) Default Severity WARNING Log Message TFTPALG: Filename <filename> failed test for directory traversal Explanation Filename failed test for directory traversal (contains invalid characters).Closing connection.
  • Page 75: Option_Value_Invalid (Id: 00200355)

    2.1.114. option_value_invalid (ID: Chapter 2. Log Message Reference 00200355) Gateway Action reject Recommended Action None. Revision Parameters option value Context Parameters ALG Module Name ALG Session ID Connection 2.1.114. option_value_invalid (ID: 00200355) Default Severity WARNING Log Message TFTPALG: Option <option> contained no readable value Explanation Option contained no readable value.Closing connection.
  • Page 76: Option_Tsize_Invalid (Id: 00200358)

    2.1.117. option_tsize_invalid (ID: Chapter 2. Log Message Reference 00200358) Default Severity WARNING Log Message TFTPALG: Request contained unknown option <option> Explanation Request contained unknown option.Closing connection. Gateway Action reject Recommended Action If connection should be allowed modify the TFTP Alg configuration . Revision Parameters option...
  • Page 77: Option_Not_Sent (Id: 00200360)

    2.1.119. option_not_sent (ID: Chapter 2. Log Message Reference 00200360) ALG Session ID Connection 2.1.119. option_not_sent (ID: 00200360) Default Severity WARNING Log Message TFTPALG: The received option <option> was not sent Explanation The received option was not sent.Closing connection. Gateway Action close Recommended Action None.
  • Page 78: Blksize_Out_Of_Range (Id: 00200363)

    2.1.122. blksize_out_of_range (ID: Chapter 2. Log Message Reference 00200363) Revision Parameters option Context Parameters ALG Module Name ALG Session ID Connection 2.1.122. blksize_out_of_range (ID: 00200363) Default Severity WARNING Log Message TFTPALG: Option blksize value <old_blksize> exceeding allowed value. Rewriting to <new_blksize> Explanation Option blksize value exceeding allowed value.Rewriting value.
  • Page 79: Invalid_Packet_Received (Id: 00200366)

    2.1.125. invalid_packet_received (ID: Chapter 2. Log Message Reference 00200366) Explanation An attempt to create a new TFTPALG session failed, because the unit is out of memory. Gateway Action close Recommended Action Decrease the maximum allowed TFTPALG sessions, or try to free some of the RAM used.
  • Page 80: Packet_Out_Of_Sequence (Id: 00200369)

    2.1.128. packet_out_of_sequence (ID: Chapter 2. Log Message Reference 00200369) Default Severity WARNING Log Message TFTPALG: Received invalid packet Opcode <opcode> Packet length <packet_length> Explanation Received invalid packet.Closing listening connection and opening new instead. Gateway Action close Recommended Action None. Revision Parameters opcode packet_length...
  • Page 81: Options_Removed (Id: 00200371)

    2.1.130. options_removed (ID: Chapter 2. Log Message Reference 00200371) Parameters received maxvalue Context Parameters ALG Module Name ALG Session ID Connection 2.1.130. options_removed (ID: 00200371) Default Severity WARNING Log Message TFTPALG: Options not allowed. Stripping options from packet Explanation Options not allowed. Stripping options from packet. Gateway Action rewrite Recommended Action...
  • Page 82: Invalid_Error_Message_Received (Id: 00200374)

    2.1.133. invalid_error_message_received Chapter 2. Log Message Reference (ID: 00200374) Parameters error_code Context Parameters ALG Module Name 2.1.133. invalid_error_message_received (ID: 00200374) Default Severity WARNING Log Message TFTPALG: Received invalid error message Opcode <opcode> Packet length <packet_length> Explanation Received invalid error message.Closing connection. Gateway Action close Recommended Action...
  • Page 83: Failed_Connect_Pop3_Server (Id: 00200382)

    2.1.136. failed_connect_pop3_server Chapter 2. Log Message Reference (ID: 00200382) Recommended Action Decrease the maximum allowed POP3ALG sessions, or try to free some of the RAM used. Revision Context Parameters ALG Module Name 2.1.136. failed_connect_pop3_server (ID: 00200382) Default Severity ERROR Log Message POP3ALG: Failed to connect to the POP3 Server.
  • Page 84: Response_Blocked_Unknown (Id: 00200385)

    2.1.139. response_blocked_unknown Chapter 2. Log Message Reference (ID: 00200385) Revision Parameters filename filetype sender_email_address Context Parameters ALG Module Name ALG Session ID 2.1.139. response_blocked_unknown (ID: 00200385) Default Severity WARNING Log Message POP3ALG: Response blocked.Invalid response=<response> Explanation The server is sending unknown response. The response will be blocked.
  • Page 85: Command_Blocked_Invalid_Len (Id: 00200388)

    2.1.142. command_blocked_invalid_len Chapter 2. Log Message Reference (ID: 00200388) Log Message POP3ALG: Possible invalid end of mail "\\n.\\n" received. Explanation The client is sending possible invalid end of mail. Gateway Action allow Recommended Action Research how the client is sending possible invalid end of mail. Revision Parameters sender_email_address...
  • Page 86: Content_Type_Mismatch (Id: 00200390)

    2.1.145. content_type_mismatch_mimecheck_disabled Chapter 2. Log Message Reference (ID: 00200391) 2.1.144. content_type_mismatch (ID: 00200390) Default Severity NOTICE Log Message POP3ALG: Content type mismatch in file <filename>. Identified filetype <filetype> Explanation The filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded.
  • Page 87: Command_Blocked (Id: 00200393)

    2.1.147. command_blocked (ID: Chapter 2. Log Message Reference 00200393) Recommended Action None. Revision Parameters command" argument Context Parameters ALG Module Name ALG Session ID 2.1.147. command_blocked (ID: 00200393) Default Severity WARNING Log Message POP3ALG: Command <command> blocked. Explanation The client is sending command that are not allowed. The command will be blocked.
  • Page 88: Invalid_Line_Endings (Id: 00200397)

    2.1.150. invalid_line_endings (ID: Chapter 2. Log Message Reference 00200397) Explanation Unexpected end of mail received while parsing mail content.. Gateway Action block Recommended Action Research if mail is not complete. Revision Parameters sender_email_address retrigs Context Parameters ALG Module Name ALG Session ID 2.1.150.
  • Page 89: Failed_Create_New_Session (Id: 00200451)

    2.1.153. failed_create_new_session Chapter 2. Log Message Reference (ID: 00200451) Log Message TLSALG: Maximum number of TLS sessions (<max_sessions>) for service reached. Closing connection Explanation The maximum number of concurrent TLS sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
  • Page 90: Tls_Renegotiation_Attempted (Id: 00200454)

    2.1.156. tls_renegotiation_attempted Chapter 2. Log Message Reference (ID: 00200454) Default Severity ERROR Log Message TLSALG: Received TLS <alert> alert from peer. Explanation A TLS alert was received. The TLS ALG session will be closed. Gateway Action close Recommended Action None. Revision Parameters alert...
  • Page 91: Tls_Cipher_Suite_Certificate_Mismatch (Id: 00200456)

    2.1.158. tls_cipher_suite_certificate_mismatch Chapter 2. Log Message Reference (ID: 00200456) Context Parameters ALG Module Name ALG Session ID 2.1.158. tls_cipher_suite_certificate_mismatch (ID: 00200456) Default Severity ERROR Log Message TLSALG: The negotiated cipher suite can not be used with the configured certificate. Explanation The negotiated cipher suite, which is an exportable cipher suite, does not permit using the certificate's key to perform the key exchange.
  • Page 92: Tls_Invalid_Message (Id: 00200459)

    2.1.161. tls_invalid_message (ID: Chapter 2. Log Message Reference 00200459) spent on key exchanges. This system is controlled by the advanced setting SSL_ProcessingPriority. Gateway Action close Recommended Action Investigate the source of this, and try to find out if it is a part of a possible attack, or normal traffic.
  • Page 93: Tls_Out_Of_Memory (Id: 00200462)

    2.1.164. tls_out_of_memory (ID: Chapter 2. Log Message Reference 00200462) Default Severity WARNING Log Message TLSALG: No shared cipher suites. Explanation A connecting TLS peer does not share any cipher suites with the unit. The TLS ALG session will be closed. Gateway Action close Recommended Action...
  • Page 94: Unknown_Tls_Error (Id: 00200464)

    2.1.166. unknown_tls_error (ID: Chapter 2. Log Message Reference 00200464) ALG Session ID 2.1.166. unknown_tls_error (ID: 00200464) Default Severity ERROR Log Message TLSALG: Unknown TLS error. Explanation An unknown TLS error has occured. The TLS ALG session will be closed. Gateway Action close Recommended Action None.
  • Page 95: Failed_Connect_Pptp_Server (Id: 00200603)

    2.1.169. failed_connect_pptp_server Chapter 2. Log Message Reference (ID: 00200603) Revision Context Parameters ALG Module Name 2.1.169. failed_connect_pptp_server (ID: 00200603) Default Severity ERROR Log Message PPTPALG: Failed to connect to the PPTP Server. Closing the connection. Explanation The PPTP ALG could not connect to the receiving PPTP server, resulting in that the ALG session could not be successfully opened.
  • Page 96: Pptp_Tunnel_Removed_Server (Id: 00200606)

    2.1.172. pptp_tunnel_removed_server Chapter 2. Log Message Reference (ID: 00200606) ALG Module Name 2.1.172. pptp_tunnel_removed_server (ID: 00200606) Default Severity NOTICE Log Message PPTPALG: PPTP tunnel between server and security gateway removed Explanation A PPTP tunnel has been removed betweem the PPTP server and the PPTP-ALG.
  • Page 97: Pptp_Malformed_Packet (Id: 00200609)

    2.1.176. pptp_tunnel_established_server Chapter 2. Log Message Reference (ID: 00200610) 2.1.175. pptp_malformed_packet (ID: 00200609) Default Severity WARNING Log Message Malformed packet received from <remotegw> on <iface> Explanation A malformed packet was received by the PPTP-ALG. Gateway Action drop Recommended Action None. Revision Parameters iface...
  • Page 98: 2.2. Antivirus

    2.2. ANTIVIRUS Chapter 2. Log Message Reference 2.2. ANTIVIRUS These log messages refer to the ANTIVIRUS (Anti-virus related events) category. 2.2.1. virus_found (ID: 05800001) Default Severity WARNING Log Message Virus found in file <filename>. Virus Name: <virusname>. Signature: <virussig>. Advisory ID: <advisoryid>. Explanation A virus has been detected in a data stream.
  • Page 99: Excluded_File (Id: 05800003)

    2.2.3. excluded_file (ID: 05800003) Chapter 2. Log Message Reference 2.2.3. excluded_file (ID: 05800003) Default Severity NOTICE Log Message File <filename> is excluded from scanning. Identified filetype: <filetype>. Explanation The named file will be excluded from anti-virus scanning. The filetype is present in the anti-virus scan exclusion list. Gateway Action allow_data_without_scan Recommended Action...
  • Page 100: Compression_Ratio_Violation (Id: 05800006)

    2.2.6. compression_ratio_violation Chapter 2. Log Message Reference (ID: 05800006) Explanation The file could not be scanned by the anti-virus module since the decompression of the compressed file failed. Since anti-virus is running in audit mode, the data transfer will be allowed to continue. Gateway Action allow_data Recommended Action...
  • Page 101: Compression_Ratio_Violation (Id: 05800008)

    2.2.8. compression_ratio_violation Chapter 2. Log Message Reference (ID: 05800008) Revision Parameters filename comp_ratio [layer7_srcinfo] [layer7_dstinfo] Context Parameters ALG Module Name ALG Session ID Connection 2.2.8. compression_ratio_violation (ID: 05800008) Default Severity WARNING Log Message Compression ratio violation for file <filename>. Compression ratio threshold: <comp_ratio>...
  • Page 102: Out_Of_Memory (Id: 05800010)

    2.2.10. out_of_memory (ID: 05800010) Chapter 2. Log Message Reference Connection 2.2.10. out_of_memory (ID: 05800010) Default Severity ERROR Log Message Out of memory Explanation Memory allocation failed. Since anti-virus is running in protect mode, the data transfer will be aborted in order to protect the receiver. Gateway Action block_data Recommended Action...
  • Page 103: No_Valid_License (Id: 05800015)

    2.2.13. no_valid_license (ID: Chapter 2. Log Message Reference 05800015) running in audit mode, the data transfer will be allowed to continue. Gateway Action allow_data Recommended Action None. Revision Parameters filename [layer7_srcinfo] [layer7_dstinfo] Context Parameters ALG Module Name ALG Session ID Connection 2.2.13.
  • Page 104: Out_Of_Memory (Id: 05800018)

    2.2.16. out_of_memory (ID: 05800018) Chapter 2. Log Message Reference initialization. Explanation Anti-virus scanning is aborted since the scan engine returned a general error during initialization. Gateway Action av_scanning_aborted Recommended Action Try to restart the unit in order to solve this issue. Revision Context Parameters ALG Session ID...
  • Page 105: Unknown_Encoding (Id: 05800184)

    2.2.19. unknown_encoding (ID: Chapter 2. Log Message Reference 05800184) Log Message SMTPALG: Content transfer encoding is unknown or not present. Explanation Antivirus module cannot scan the attachment since the transfer encoding is missing or unknown. Fail Mode is allow so data is allowed without scanning.
  • Page 106 2.2.20. unknown_encoding (ID: Chapter 2. Log Message Reference 05800185) unknown_content_transfer_encoding sender_email_address Context Parameters ALG Module Name ALG Session ID...
  • Page 107: 2.3. Arp

    2.3. ARP Chapter 2. Log Message Reference 2.3. ARP These log messages refer to the ARP (ARP events) category. 2.3.1. already_exists (ID: 00300001) Default Severity NOTICE Log Message An entry for this IP address already exists Explanation The entry was not added as a previous entry for this IP address already exists in the ARP table.
  • Page 108: Arp_Response_Broadcast (Id: 00300004)

    2.3.5. arp_response_multicast (ID: Chapter 2. Log Message Reference 00300005) 2.3.4. arp_response_broadcast (ID: 00300004) Default Severity NOTICE Log Message ARP response is a broadcast address Explanation The ARP response has a sender address which is a broadcast address. Allowing. Gateway Action allow Recommended Action If this is not the desired behaviour, modify the configuration.
  • Page 109: Hwaddr_Change (Id: 00300008)

    2.3.8. hwaddr_change (ID: 00300008) Chapter 2. Log Message Reference Default Severity NOTICE Log Message ARP hw sender does not match Ethernet hw sender. Dropping Explanation The hardware sender address specified in the ARP data does not match the Ethernet hardware sender address. Dropping packet. Gateway Action drop Recommended Action...
  • Page 110: Invalid_Arp_Sender_Ip_Address (Id: 00300049)

    2.3.11. arp_access_allowed_expect Chapter 2. Log Message Reference (ID: 00300050) 2.3.10. invalid_arp_sender_ip_address (ID: 00300049) Default Severity WARNING Log Message Failed to verify ARP sender IP address. Dropping Explanation The ARP sender IP address could not be verfied according to the "access" section, and the packet is dropped. Gateway Action drop Recommended Action...
  • Page 111: Arp_Response_Multicast_Drop (Id: 00300053)

    2.3.14. arp_response_multicast_drop Chapter 2. Log Message Reference (ID: 00300053) Default Severity WARNING Log Message ARP response is a broadcast address. Dropping Explanation The ARP response has a sender address which is a broadcast address. Dropping packet. Gateway Action drop Recommended Action If this is not the desired behaviour, modify the configuration.
  • Page 112: Hwaddr_Change_Drop (Id: 00300055)

    2.3.16. hwaddr_change_drop (ID: Chapter 2. Log Message Reference 00300055) 2.3.16. hwaddr_change_drop (ID: 00300055) Default Severity NOTICE Log Message <knownip> has a different address <newhw> compared to the known hardware address <knownhw>. Dropping packet. Explanation A known dynamic ARP entry has a different hardware address than the one in the ARP packet.
  • Page 113: 2.4. Avupdate

    2.4. AVUPDATE Chapter 2. Log Message Reference 2.4. AVUPDATE These log messages refer to the AVUPDATE (Antivirus Signature update) category. 2.4.1. av_db_update_failure (ID: 05000001) Default Severity ALERT Log Message Update of the Anti-virus database failed, because of <reason> Explanation The unit tried to update the anti-virus database, but failed. The reason for this is specified in the "reason"...
  • Page 114: Av_Detects_Invalid_System_Time (Id: 05000005)

    2.4.5. av_detects_invalid_system_time Chapter 2. Log Message Reference (ID: 05000005) Log Message Anti-virus database could not be updated, as no valid subscription exist Explanation The current license does not allow the anti-virus database to be updated. Gateway Action None Recommended Action Check the system's time and/or purchase a subscription.
  • Page 115 2.4.7. unsynced_databases (ID: Chapter 2. Log Message Reference 05000008) Recommended Action None. Revision...
  • Page 116: 2.5. Buffers

    2.5. BUFFERS Chapter 2. Log Message Reference 2.5. BUFFERS These log messages refer to the BUFFERS (Events regarding buffer usage) category. 2.5.1. buffers_flooded (ID: 00500001) Default Severity WARNING Log Message The buffers were flooded for <duration> seconds. Current usage is <buf_usage>...
  • Page 117: 2.6. Conn

    2.6. CONN Chapter 2. Log Message Reference 2.6. CONN These log messages refer to the CONN (State engine events, e.g. open/close connections) category. 2.6.1. conn_open (ID: 00600001) Default Severity INFORMATIONAL Log Message Connection opened Explanation A connection has been opened. Gateway Action None Recommended Action...
  • Page 118: Conn_Open_Natsat (Id: 00600004)

    2.6.4. conn_open_natsat (ID: Chapter 2. Log Message Reference 00600004) Connection 2.6.4. conn_open_natsat (ID: 00600004) Default Severity INFORMATIONAL Log Message Connection opened Explanation A connection has been opened. Gateway Action None Recommended Action None. Revision Context Parameters Rule Information Connection Packet Buffer 2.6.5.
  • Page 119: Out_Of_Connections (Id: 00600011)

    2.6.8. no_new_conn_for_this_packet Chapter 2. Log Message Reference (ID: 00600012) 2.6.7. out_of_connections (ID: 00600011) Default Severity WARNING Log Message Out of connections. Dropping connection attempt Explanation The connection table is currently full, and this new connection attempt will be dropped. Gateway Action drop Recommended Action None.
  • Page 120: No_Return_Route (Id: 00600014)

    2.6.10. no_return_route (ID: 00600014) Chapter 2. Log Message Reference Parameters protocol Context Parameters Rule Name Packet Buffer 2.6.10. no_return_route (ID: 00600014) Default Severity WARNING Log Message Failed to open a new connection since a return route to the sender address cant be found. Dropping packet Explanation There was no return route found to the sender address of the packet.
  • Page 121: Udp_Src_Port_0_Illegal (Id: 00600021)

    2.6.13. udp_src_port_0_illegal (ID: Chapter 2. Log Message Reference 00600021) Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.6.13. udp_src_port_0_illegal (ID: 00600021) Default Severity WARNING Log Message UDP source port is set to 0. Dropping Explanation The UDP source port was set to 0. This can be used by UDP streams not expecting return traffic.
  • Page 122: Active_Data (Id: 00600100)

    2.6.16. active_data (ID: 00600100) Chapter 2. Log Message Reference Context Parameters Packet Buffer 2.6.16. active_data (ID: 00600100) Default Severity INFORMATIONAL Log Message FTPALG: Incoming active data channel Explanation An active data channel connection has been established. Gateway Action None Recommended Action None.
  • Page 123: Passive_Data (Id: 00600103)

    2.6.19. passive_data (ID: 00600103) Chapter 2. Log Message Reference Connection 2.6.19. passive_data (ID: 00600103) Default Severity INFORMATIONAL Log Message FTPALG: Passive data channel closed Explanation A passive data channel was closed. Gateway Action None Recommended Action None. Revision Context Parameters ALG Module Name ALG Session ID Rule Information...
  • Page 124: 2.7. Dhcp

    2.7. DHCP Chapter 2. Log Message Reference 2.7. DHCP These log messages refer to the DHCP (DHCP client events) category. 2.7.1. offered_ip_occupied (ID: 00700001) Default Severity NOTICE Log Message Interface <iface> received a lease with an offered IP that appear to be occupied (<ip4addr>) Explanation Received a DHCP lease which appears to be in use by someone else.
  • Page 125: Renewed_Lease (Id: 00700004)

    2.7.4. renewed_lease (ID: 00700004) Chapter 2. Log Message Reference Parameters iface netmask bcast Context Parameters Packet Buffer 2.7.4. renewed_lease (ID: 00700004) Default Severity NOTICE Log Message Interface <iface> have renewed its lease. The new lease is valid for <valid_seconds> seconds Explanation An interface have successfully renewed its lease.
  • Page 126: Invalid_Server_Id (Id: 00700008)

    2.7.7. invalid_server_id (ID: 00700008) Chapter 2. Log Message Reference Recommended Action Check the DHCP server configuration or adjust the minimum leasetime limit. Revision Parameters iface lease_time minimum_lease_time Context Parameters Packet Buffer 2.7.7. invalid_server_id (ID: 00700008) Default Severity WARNING Log Message Interface <iface>...
  • Page 127: Invalid_Offered_Ip (Id: 00700011)

    2.7.10. invalid_offered_ip (ID: Chapter 2. Log Message Reference 00700011) Explanation An interface received a lease with an invalid broadcast address. Gateway Action drop Recommended Action Check DHCP server configuration. Revision Parameters iface broadcast Context Parameters Packet Buffer 2.7.10. invalid_offered_ip (ID: 00700011) Default Severity WARNING Log Message...
  • Page 128: Ip_Collision (Id: 00700014)

    2.7.13. ip_collision (ID: 00700014) Chapter 2. Log Message Reference Log Message Interface <iface> received a lease where the offered broadcast equals the offered gateway Explanation An interface received a lease where the offered broadcast address is equal with the offered gateway address. Gateway Action drop Recommended Action...
  • Page 129 2.7.14. route_collision (ID: 00700015) Chapter 2. Log Message Reference Context Parameters Packet Buffer...
  • Page 130: 2.8. Dhcprelay

    2.8. DHCPRELAY Chapter 2. Log Message Reference 2.8. DHCPRELAY These log messages refer to the DHCPRELAY (DHCP relayer events) category. 2.8.1. unable_to_save_dhcp_relay_list (ID: 00800001) Default Severity WARNING Log Message Unable to auto save the DHCP relay list to disk Explanation Unable to autosave the DHCP relay list to disk.
  • Page 131: Maximum_Ppm_For_Relayer_Reached (Id: 00800005)

    2.8.5. maximum_ppm_for_relayer_reached Chapter 2. Log Message Reference (ID: 00800005) Log Message Incorrect BOOTP/DHCP cookie. Dropping Explanation Received a packet with an incorrect BOOTP/DHCP cookie. Gateway Action drop Recommended Action Investigate what client implementation is being used. Revision Context Parameters Packet Buffer 2.8.5.
  • Page 132: Client_Release (Id: 00800008)

    2.8.8. client_release (ID: 00800008) Chapter 2. Log Message Reference Gateway Action None Recommended Action Verify maximum-hop-limit setting. Revision Context Parameters Packet Buffer 2.8.8. client_release (ID: 00800008) Default Severity WARNING Log Message Client <client_ip> requested release. Relay canceled Explanation A client requested that lease should be canceled. Gateway Action relay_canceled Recommended Action...
  • Page 133: Unable_To_Add_Relay_Route_Since_Out_Of_Memory (Id: 00800011)

    2.8.11. unable_to_add_relay_route_since_out_of_memory Chapter 2. Log Message Reference (ID: 00800011) Recommended Action Verify max-relay-routes-limit. Revision Context Parameters Rule Name 2.8.11. unable_to_add_relay_route_since_out_of_memory (ID: 00800011) Default Severity ERROR Log Message Internal Error: Out of memory: Can't add DHCP relay route. Dropping Explanation Unable to add DHCP relay route since out of memory. Gateway Action drop Recommended Action...
  • Page 134: Bad_Inform_Pkt_With_Mismatching_Source_Ip_And_Client_Ip (Id: 00800014)

    2.8.14. bad_inform_pkt_with_mismatching_source_ip_and_client_ip Chapter 2. Log Message Reference (ID: 00800014) 2.8.14. bad_inform_pkt_with_mismatching_source_ip_and_client_ip (ID: 00800014) Default Severity WARNING Log Message INFORM packet did not pass through a relayer but the packet source ip and the client ip doesnt match. Dropping Explanation Received non relayed INFORM DHCP packet with illegally mismatching source and client IP.
  • Page 135: Dhcp_Server_Is_Unroutable (Id: 00800017)

    2.8.17. dhcp_server_is_unroutable Chapter 2. Log Message Reference (ID: 00800017) Parameters max_relays Context Parameters Rule Name Packet Buffer 2.8.17. dhcp_server_is_unroutable (ID: 00800017) Default Severity WARNING Log Message BOOTP/DHCP-server at <dest_ip> is unroutable. Dropping Explanation Unable to find route to specified DHCP server. Gateway Action drop Recommended Action...
  • Page 136: Relayed_Request (Id: 00800020)

    2.8.20. relayed_request (ID: 00800020) Chapter 2. Log Message Reference Revision Parameters gateway_ip Context Parameters Rule Name Packet Buffer 2.8.20. relayed_request (ID: 00800020) Default Severity NOTICE Log Message Relayed DHCP-request <type> from client <client_hw> to <dest_ip> Explanation Relayed a DHCP request. Gateway Action None Recommended Action...
  • Page 137: Assigned_Ip_Not_Allowed (Id: 00800023)

    2.8.23. assigned_ip_not_allowed (ID: Chapter 2. Log Message Reference 00800023) Explanation Received a reply for a client on a non security equivalent interface. Gateway Action drop Recommended Action Verify security-equivalent-interface setting. Revision Parameters client_hw Context Parameters Rule Name Packet Buffer 2.8.23. assigned_ip_not_allowed (ID: 00800023) Default Severity WARNING Log Message...
  • Page 138: Relayed_Dhcp_Reply (Id: 00800026)

    2.8.26. relayed_dhcp_reply (ID: Chapter 2. Log Message Reference 00800026) Default Severity WARNING Log Message A host route for <dest_ip> already exists which points to another interface. Dropping Explanation An ambiguous host route indicating another interface was detected trying to setup a dynamic hostroute for a client. Gateway Action drop Recommended Action...
  • Page 139: Relayed_Dhcp_Reply (Id: 00800028)

    2.8.28. relayed_dhcp_reply (ID: Chapter 2. Log Message Reference 00800028) 2.8.28. relayed_dhcp_reply (ID: 00800028) Default Severity NOTICE Log Message Relayed DHCP-reply <type> to gateway <gateway_ip> Explanation Relayed DHCP reply to a gateway. Gateway Action None Recommended Action None. Revision Parameters type gateway_ip Context Parameters Rule Name...
  • Page 140: 2.9. Dhcpserver

    2.9. DHCPSERVER Chapter 2. Log Message Reference 2.9. DHCPSERVER These log messages refer to the DHCPSERVER (DHCP server events) category. 2.9.1. unable_to_send_response (ID: 00900001) Default Severity WARNING Log Message Failed to get buffer for sending. Unable to reply Explanation Unable to get a buffer for sending. Gateway Action None Recommended Action...
  • Page 141: Dhcp_Packet_Too_Small (Id: 00900005)

    2.9.5. dhcp_packet_too_small (ID: Chapter 2. Log Message Reference 00900005) Gateway Action None Recommended Action None. Revision 2.9.5. dhcp_packet_too_small (ID: 00900005) Default Severity WARNING Log Message Received DHCP packet which is smaller then the minimum allowed 300 bytes. Dropping Explanation Received a DHCP packet which is smaller then the minimum allowed 300 bytes.
  • Page 142: Request_For_Ip_From_Non_Bound_Client_Without_State (Id: 00900008)

    2.9.8. request_for_ip_from_non_bound_client_without_state Chapter 2. Log Message Reference (ID: 00900008) Gateway Action reject Recommended Action None. Revision Parameters client client_ip Context Parameters Packet Buffer 2.9.8. request_for_ip_from_non_bound_client_without_state (ID: 00900008) Default Severity WARNING Log Message Received a request from client(not in bound) <client> for IP <client_ip>...
  • Page 143: Lease_Timeout (Id: 00900012)

    2.9.11. lease_timeout (ID: 00900012) Chapter 2. Log Message Reference Gateway Action drop Recommended Action Check network equipment for errors. Revision Context Parameters Packet Buffer 2.9.11. lease_timeout (ID: 00900012) Default Severity NOTICE Log Message Lease for IP <client_ip> timed out. Was bound to client <client_hw> Explanation A client lease wasn't renewed and timed out.
  • Page 144: Sending_Offer (Id: 00900015)

    2.9.14. sending_offer (ID: 00900015) Chapter 2. Log Message Reference Revision Context Parameters Rule Name Packet Buffer 2.9.14. sending_offer (ID: 00900015) Default Severity NOTICE Log Message Received DISCOVER from client <client_hw>. Sending IP offer <offer_ip> Explanation Received discover (initial IP query) from a client. Gateway Action None Recommended Action...
  • Page 145: Request_For_Non_Bound_Ip (Id: 00900018)

    2.9.17. request_for_non_bound_ip (ID: Chapter 2. Log Message Reference 00900018) Parameters client_hw client_wanted client_offered Context Parameters Rule Name Packet Buffer 2.9.17. request_for_non_bound_ip (ID: 00900018) Default Severity WARNING Log Message Client <client_hw> requested non bound IP. Rejecting Explanation Client requested a non bound IP. Gateway Action reject Recommended Action...
  • Page 146: Got_Inform_Request (Id: 00900021)

    2.9.20. got_inform_request (ID: Chapter 2. Log Message Reference 00900021) Recommended Action None. Revision Parameters client_hw client_ip Context Parameters Rule Name Packet Buffer 2.9.20. got_inform_request (ID: 00900021) Default Severity NOTICE Log Message Got INFORM request from client <client_hw>. Acknowledging Explanation Got an inform (client already got an IP and asks for configuration parameters) request from a client.
  • Page 147: Declined_By_Client (Id: 00900024)

    2.9.23. declined_by_client (ID: Chapter 2. Log Message Reference 00900024) Log Message Client <client_hw> declined non offered IP. Decline is ignored Explanation Client rejected non a offered IP. Gateway Action None Recommended Action None. Revision Parameters client_hw Context Parameters Rule Name Packet Buffer 2.9.23.
  • Page 148: Release_For_Ip_On_Wrong_Iface (Id: 00900026)

    2.9.26. released_by_client (ID: Chapter 2. Log Message Reference 00900027) 2.9.25. release_for_ip_on_wrong_iface (ID: 00900026) Default Severity WARNING Log Message Got release for ip <client_ip> on wrong interface (recv: <recv_if>, lease: <client_if>). Decline is ignored Explanation Got release from a client on the wrong interface. Gateway Action None Recommended Action...
  • Page 149: 2.10. Frag

    2.10. FRAG Chapter 2. Log Message Reference 2.10. FRAG These log messages refer to the FRAG (Fragmentation events) category. 2.10.1. individual_frag_timeout (ID: 02000001) Default Severity WARNING Log Message Individual fragment timed out. Explanation A fragment of an IP packet timed out, and is dropped. Gateway Action drop Recommended Action...
  • Page 150: Fail_Out_Of_Resources (Id: 02000004)

    2.10.4. fail_out_of_resources (ID: Chapter 2. Log Message Reference 02000004) destip ipproto fragid fragact frags Context Parameters Dropped Fragments Rule Name 2.10.4. fail_out_of_resources (ID: 02000004) Default Severity CRITICAL Log Message Out of reassembly resources. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact> Explanation Out of fragmentation-reassembly resources when processing the IP packet.
  • Page 151: Fail_Timeout (Id: 02000006)

    2.10.6. fail_timeout (ID: 02000006) Chapter 2. Log Message Reference Rule Name 2.10.6. fail_timeout (ID: 02000006) Default Severity CRITICAL Log Message Time out reassembling. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact> Explanation Timed out when reassembling a fragmented IP packet. Dropping packet.
  • Page 152: Drop_Frags_Of_Illegal_Packet (Id: 02000009)

    2.10.9. drop_frags_of_illegal_packet Chapter 2. Log Message Reference (ID: 02000009) Default Severity WARNING Log Message Dropping stored fragments of disallowed packet. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact> Explanation The fragments of a disallowed IP packet were dropped. Gateway Action drop Recommended Action None.
  • Page 153: Learn_State (Id: 02000011)

    2.10.11. learn_state (ID: 02000011) Chapter 2. Log Message Reference which are dropped. Gateway Action drop Recommended Action None. Revision Parameters srcip destip ipproto fragid fragact frags Context Parameters Dropped Fragments Rule Name 2.10.11. learn_state (ID: 02000011) Default Severity ERROR Log Message Internal Error: Invalid state <state>...
  • Page 154: Frag_Offset_Plus_Length_Not_In_Range (Id: 02000014)

    2.10.14. frag_offset_plus_length_not_in_range Chapter 2. Log Message Reference (ID: 02000014) Default Severity WARNING Log Message Dropping duplicate fragment Explanation A duplicate fragment of an IP packet was received. Dropping the duplicate fragment. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.10.14.
  • Page 155: Bad_Ipdatalen (Id: 02000016)

    2.10.17. bad_ipdatalen (ID: 02000017) Chapter 2. Log Message Reference 2.10.16. bad_ipdatalen (ID: 02000016) Default Severity ERROR Log Message Bad IPDataLen=<ipdatalen> Explanation The partly reassembled IP packet has an invalid IP data length. Dropping packet. Gateway Action drop Recommended Action None. Revision Parameters ipdatalen...
  • Page 156: Bad_Offs (Id: 02000019)

    2.10.19. bad_offs (ID: 02000019) Chapter 2. Log Message Reference 2.10.19. bad_offs (ID: 02000019) Default Severity ERROR Log Message Bad fragment offset Explanation The fragment has an invalid offset. Dropping packet. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.10.20.
  • Page 157: Drop_Frag_Disallowed_Suspect_Packet (Id: 02000023)

    2.10.23. drop_frag_disallowed_suspect_packet Chapter 2. Log Message Reference (ID: 02000023) Default Severity ERROR Log Message Fragments partially overlap Explanation Two fragments partially overlap. Dropping packet. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.10.23. drop_frag_disallowed_suspect_packet (ID: 02000023) Default Severity WARNING...
  • Page 158: Drop_Frag_Failed_Suspect_Packet (Id: 02000026)

    2.10.26. drop_frag_failed_suspect_packet Chapter 2. Log Message Reference (ID: 02000026) Log Message Dropping extraneous fragment of completed packet Explanation A completed reassembled IP packet contains a extraneous fragment, which is dropped. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.10.26.
  • Page 159: Fragments_Available_Freeing (Id: 02000100)

    2.10.29. fragments_available_freeing Chapter 2. Log Message Reference (ID: 02000100) Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.10.29. fragments_available_freeing (ID: 02000100) Default Severity CRITICAL Log Message Internal Error: Contains fragments even when freeing. Dropping Explanation An Internal Error occured when freeing an active fragment.
  • Page 160: 2.11. Idp

    2.11. IDP Chapter 2. Log Message Reference 2.11. IDP These log messages refer to the IDP (Intrusion Detection & Prevention events) category. 2.11.1. scan_detected (ID: 01300001) Default Severity NOTICE Log Message Scan detected: <description>, Signature ID=<signatureid>. ID Rule: <idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port: <srcport>.
  • Page 161: Intrusion_Detected (Id: 01300003)

    2.11.3. intrusion_detected (ID: Chapter 2. Log Message Reference 01300003) srcport destip destport Context Parameters Rule Name Deep Inspection 2.11.3. intrusion_detected (ID: 01300003) Default Severity WARNING Log Message Intrusion detected: <description>, Signature ID=<signatureid>. ID Rule: <idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port: <srcport>.
  • Page 162: Scan_Detected (Id: 01300005)

    2.11.5. scan_detected (ID: 01300005) Chapter 2. Log Message Reference destip destport Context Parameters Rule Name Deep Inspection 2.11.5. scan_detected (ID: 01300005) Default Severity NOTICE Log Message Scan detected: <description>, Signature ID=<signatureid>. ID Rule: <idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port: <srcport>.
  • Page 163: Intrusion_Detected (Id: 01300007)

    2.11.7. intrusion_detected (ID: Chapter 2. Log Message Reference 01300007) Context Parameters Rule Name Deep Inspection 2.11.7. intrusion_detected (ID: 01300007) Default Severity NOTICE Log Message Intrusion detected: <description>, Signature ID=<signatureid>. ID Rule: <idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port: <srcport>. Destination IP: <destip>. Destination Port: <destport>. Explanation An attack signature matched the traffic.
  • Page 164: Invalid_Url_Format (Id: 01300009)

    2.11.9. invalid_url_format (ID: Chapter 2. Log Message Reference 01300009) 2.11.9. invalid_url_format (ID: 01300009) Default Severity ERROR Log Message Failed to parse the HTTP URL. ID Rule: <idrule>. URL: <url>. Source IP: <srcip>. Source Port: <srcport>. Destination IP: <destip>. Destination Port: <destport>. Closing connection. Explanation The unit failed parsing an URL.
  • Page 165: Idp_Evasion (Id: 01300012)

    2.11.12. idp_evasion (ID: 01300012) Chapter 2. Log Message Reference Log Message Failed to reassemble data. ID Rule: <idrule>. Source IP: <srcip>. Source Port: <srcport>. Destination IP: <destip>. Destination Port: <destport>. Closing connection. Explanation The unit failed to reassemble data. The reason for this is problaby due to an IDP engine evasion attack.
  • Page 166: Idp_Outofmem (Id: 01300014)

    2.11.14. idp_outofmem (ID: 01300014) Chapter 2. Log Message Reference Recommended Action Review your configuration. Revision Parameters idrule srcip srcport destip destport Context Parameters Rule Name 2.11.14. idp_outofmem (ID: 01300014) Default Severity ERROR Log Message Failed to scan data. ID Rule: <idrule>. Source IP: <srcip>. Source Port: <srcport>.
  • Page 167: Idp_Failscan (Id: 01300016)

    2.11.16. idp_failscan (ID: 01300016) Chapter 2. Log Message Reference Context Parameters Rule Name 2.11.16. idp_failscan (ID: 01300016) Default Severity ERROR Log Message Failed to scan data. ID Rule: <idrule>. Source IP: <srcip>. Source Port: <srcport>. Destination <destip>. Destination Port: <destport>. Reason: <reason>. Explanation The unit failed to scan data.
  • Page 168: 2.12. Idpupdate

    2.12. IDPUPDATE Chapter 2. Log Message Reference 2.12. IDPUPDATE These log messages refer to the IDPUPDATE (Intrusion Detection & Prevention Database update) category. 2.12.1. idp_db_update_failure (ID: 01400001) Default Severity ALERT Log Message Update of the Intrusion Detection & Prevention database failed, because of <reason>...
  • Page 169: Idp_Detects_Invalid_System_Time (Id: 01400005)

    2.12.5. idp_detects_invalid_system_time Chapter 2. Log Message Reference (ID: 01400005) Default Severity NOTICE Log Message Intrusion Detection & Prevention database could not be updated, as no valid subscription exist Explanation The current license does not allow Intrusion Detection & Prevention database to be updated. Gateway Action None Recommended Action...
  • Page 170 2.12.7. unsynced_databases (ID: Chapter 2. Log Message Reference 01400009) update is automatically initiated. Gateway Action downloading_new_database Recommended Action None. Revision...
  • Page 171: 2.13. Igmp

    2.13. IGMP Chapter 2. Log Message Reference 2.13. IGMP These log messages refer to the IGMP (IGMP events) category. 2.13.1. querier_election_won (ID: 04200001) Default Severity NOTICE Log Message Taking on the role of Querier at interface <iface>. Explanation This router is now the IGMP Querier at the specified interface. Gateway Action none Recommended Action...
  • Page 172: Invalid_Destination_Ethernet_Address (Id: 04200004)

    2.13.4. invalid_destination_ethernet_address Chapter 2. Log Message Reference (ID: 04200004) Context Parameters Packet Buffer 2.13.4. invalid_destination_ethernet_address (ID: 04200004) Default Severity WARNING Log Message Rejected IGMP message with inconsistent IP/ethernet addresses (<ipdest>/<edest>) at interface <recv_if>. Explanation Rejected IGMP message directed to a unicast ethernet. Known IGMP DoS attack.
  • Page 173: Invalid_Query_Group_Address (Id: 04200008)

    2.13.7. invalid_query_group_address Chapter 2. Log Message Reference (ID: 04200008) Revision Parameters recv_if Context Parameters Packet Buffer 2.13.7. invalid_query_group_address (ID: 04200008) Default Severity ERROR Log Message IGMP group specific query at interface <recv_if> about group <grp> (<grp_sat> after being SAT'ed) includes unicast ip address. Explanation Unicast IP address found inside group specific query.
  • Page 174: Bad_Src (Id: 04200011)

    2.13.10. bad_src (ID: 04200011) Chapter 2. Log Message Reference into <sgrp> and source <src> into <ssrc>. Explanation Got IGMP Query. Gateway Action allow Recommended Action None. Revision Parameters igmpver sgrp ssrc name action 2.13.10. bad_src (ID: 04200011) Default Severity WARNING Log Message Rule <name>...
  • Page 175: Packet_Includes_Aux_Data (Id: 04200013)

    2.13.12. packet_includes_aux_data Chapter 2. Log Message Reference (ID: 04200013) Gateway Action allow Recommended Action None. Revision Parameters igmpver sgrp ssrc name action 2.13.12. packet_includes_aux_data (ID: 04200013) Default Severity WARNING Log Message IGMP Group record <grp> from interface <recv_if> contains auxilliary data. Explanation This software support IGMPv1, IGMPv2 and IGMPv3 and none of them support the feature known as "Auxilliary Data".
  • Page 176: Bad_Grp (Id: 04200015)

    2.13.14. bad_grp (ID: 04200015) Chapter 2. Log Message Reference Context Parameters Packet Buffer 2.13.14. bad_grp (ID: 04200015) Default Severity WARNING Log Message Bad IGMP Member Report at interface <iface>: Group record request group <grp> (which is not a multicast group). Explanation This is most likely a faulty IGMP config.
  • Page 177: Igmp_Ruleset_Rejects_Report (Id: 04200018)

    2.13.17. igmp_ruleset_rejects_report Chapter 2. Log Message Reference (ID: 04200018) Parameters igmpver sat_grp sat_src name 2.13.17. igmp_ruleset_rejects_report (ID: 04200018) Default Severity WARNING Log Message Rule <name> drops multicast sender <src> for group record <grp> in Member Report at interface <iface>. Explanation IGMP Member Report contains an unwanted IP sender.
  • Page 178: Max_If_Requests_Per_Second_Reached (Id: 04200021)

    2.13.20. max_if_requests_per_second_reached Chapter 2. Log Message Reference (ID: 04200021) Explanation Too many IGMP requests received per second. Possible IGMP DoS attack. Gateway Action drop Recommended Action Increase global IGMPMaxReqs per second limit if more requests are wanted. Revision Parameters ipsrc iface 2.13.20.
  • Page 179: Older_Querier_Present (Id: 04200024)

    2.13.23. older_querier_present (ID: Chapter 2. Log Message Reference 04200024) Log Message Dropped IGMP message with unknown type. Explanation Invalid IGMP message type received. Gateway Action drop Recommended Action None, but keep an eye open for malfunctional software/hardware on the network. Revision Parameters MSGType...
  • Page 180: 2.14. Ipsec

    2.14. IPSEC Chapter 2. Log Message Reference 2.14. IPSEC These log messages refer to the IPSEC (IPsec (VPN) events) category. 2.14.1. fatal_ipsec_event (ID: 01800100) Default Severity ALERT Log Message Fatal event occured, because of <reason> Explanation Fatal event occured in IPsec stack. Gateway Action None Recommended Action...
  • Page 181: Audit_Flood (Id: 01800104)

    2.14.4. audit_flood (ID: 01800104) Chapter 2. Log Message Reference 2.14.4. audit_flood (ID: 01800104) Default Severity NOTICE Log Message <reason>. Explanation The rate limit for audit messages was reached. Gateway Action None Recommended Action None. Revision Parameters reason 2.14.5. ike_delete_notification (ID: 01800105) Default Severity NOTICE Log Message...
  • Page 182: Ike_Invalid_Proposal (Id: 01800107)

    2.14.8. ike_retry_limit_reached (ID: Chapter 2. Log Message Reference 01800108) 2.14.7. ike_invalid_proposal (ID: 01800107) Default Severity WARNING Log Message Local IP: <local_ip>, Remote IP: <remote_ip>, Cookies: <cookies>, Reason: <reason>. Explanation The proposal for the security association could not be accepted. Gateway Action None Recommended Action None.
  • Page 183: Packet_Corrupt (Id: 01800110)

    2.14.10. packet_corrupt (ID: 01800110) Chapter 2. Log Message Reference reason 2.14.10. packet_corrupt (ID: 01800110) Default Severity NOTICE Log Message Source IP: <source_ip>, Destination IP: <dest_ip>, SPI: <spi>, Seq: <seq>, Protocol: <protocol>, Reason: <reason>. Explanation Received a corrupt packet. Gateway Action drop Recommended Action None.
  • Page 184: Sa_Lookup_Failure (Id: 01800113)

    2.14.13. sa_lookup_failure (ID: Chapter 2. Log Message Reference 01800113) Recommended Action None. Revision Parameters source_ip dest_ip protocol reason 2.14.13. sa_lookup_failure (ID: 01800113) Default Severity NOTICE Log Message Source IP: <source_ip>, Destination IP: <dest_ip>, SPI: <spi>, Seq: <seq>, Protocol: <protocol>, Reason: <reason>. Explanation The received packet could not be mapped to an appropriate SA.
  • Page 185: Bad_Padding (Id: 01800116)

    2.14.16. bad_padding (ID: 01800116) Chapter 2. Log Message Reference Default Severity NOTICE Log Message Source IP: <source_ip>, Destination IP: <dest_ip>, SPI: <spi>, Seq: <seq>, Protocol: <protocol>, Reason: <reason>. Explanation An attempt to transmit a packet that would result in sequence number overflow.
  • Page 186: Hardware_Acceleration_Failure (Id: 01800118)

    2.14.18. hardware_acceleration_failure Chapter 2. Log Message Reference (ID: 01800118) Parameters source_ip dest_ip protocol reason 2.14.18. hardware_acceleration_failure (ID: 01800118) Default Severity NOTICE Log Message Source IP: <source_ip>, Destination IP: <dest_ip>, SPI: <spi>, Seq: <seq>, Protocol: <protocol>, Reason: <reason>. Explanation Hardware acceleration failed due to resource shortage, a corrupt packet or other hardware related error.
  • Page 187: Ipsec_Successfully_Started (Id: 01800202)

    2.14.21. IPsec_successfully_started Chapter 2. Log Message Reference (ID: 01800202) Revision 2.14.21. IPsec_successfully_started (ID: 01800202) Default Severity INFORMATIONAL Log Message IPsec is up and running Explanation IPsec configured and started. Gateway Action None Recommended Action None. Revision 2.14.22. x509_init_failed (ID: 01800203) Default Severity CRITICAL Log Message...
  • Page 188: Failed_Create_Audit_Module (Id: 01800207)

    2.14.25. failed_create_audit_module Chapter 2. Log Message Reference (ID: 01800207) Revision 2.14.25. failed_create_audit_module (ID: 01800207) Default Severity ERROR Log Message Failed to create audit module. Explanation Failed to create audit module. Gateway Action IPsec_audit_disabled Recommended Action None. Revision 2.14.26. failed_to_configure_IPsec (ID: 01800210) Default Severity CRITICAL Log Message...
  • Page 189: Ipsec_Started_Successfully (Id: 01800214)

    2.14.29. ipsec_started_successfully Chapter 2. Log Message Reference (ID: 01800214) Recommended Action Restart. Revision 2.14.29. ipsec_started_successfully (ID: 01800214) Default Severity INFORMATIONAL Log Message IPsec started successfully Explanation Succeeded to create Policymanger and commit IPsec configuration. Gateway Action ipsec_started Recommended Action None. Revision 2.14.30.
  • Page 190: Failed_To_Set_Algorithm_Properties (Id: 01800305)

    2.14.33. failed_to_set_algorithm_properties Chapter 2. Log Message Reference (ID: 01800305) Default Severity ERROR Log Message Failed to set properties IPsec alogorithm <alg>, for tunnel <tunnel> Explanation Failed to set specified properties (keysize, lifetimes) for IPsec algorithm. Gateway Action use_default_values_for_algorithm Recommended Action None.
  • Page 191: Dns_Resolve_Failed (Id: 01800309)

    2.14.36. dns_resolve_failed (ID: Chapter 2. Log Message Reference 01800309) <ipsectunnel>. Keeping old IP <old_ip> Explanation Failed to resolve remote gateway through DNS. Gateway Action keeping_old_ip Recommended Action None. Revision Parameters gateway ipsectunnel old_ip 2.14.36. dns_resolve_failed (ID: 01800309) Default Severity WARNING Log Message Failed to resolve remote gateway <gateway>...
  • Page 192: Failed_To_Add_Rules (Id: 01800314)

    2.14.39. failed_to_add_rules (ID: Chapter 2. Log Message Reference 01800314) Explanation Failed to add rules to tunnel after remote gateway have been resolved by DNS. Gateway Action IPsec_tunnel_disabled Recommended Action None. Revision Parameters gateway ipsectunnel 2.14.39. failed_to_add_rules (ID: 01800314) Default Severity ERROR Log Message Failed to commit rules after remote gw: <gateway>...
  • Page 193: Peer_Is_Dead (Id: 01800317)

    2.14.42. peer_is_dead (ID: 01800317) Chapter 2. Log Message Reference Explanation No policymanager to free tunnel from!!! IPsec does not work properly. Gateway Action ipsec_out_of_work Recommended Action Restart. Revision 2.14.42. peer_is_dead (ID: 01800317) Default Severity INFORMATIONAL Log Message Peer <peer> has been detected dead Explanation A remote peer have been detected as dead.
  • Page 194: Failed_To_Add_Certificate (Id: 01800322)

    2.14.45. failed_to_add_certificate (ID: Chapter 2. Log Message Reference 01800322) Parameters status_msg 2.14.45. failed_to_add_certificate (ID: 01800322) Default Severity ERROR Log Message Failed add certificate: <certificate>, for tunnel <tunnel> Explanation Failed to add certificate. Tunnel configured with this certificate for authentication will fail while negotiate. Gateway Action certificate_disabled Recommended Action...
  • Page 195: Failed_To_Create_Xauth_Group (Id: 01800329)

    2.14.49. Failed_to_create_xauth_group Chapter 2. Log Message Reference (ID: 01800329) Default Severity ERROR Log Message Failed set XAuth for tunnel <tunnel> Explanation Failed to set extended authentication (XAuth) for the tunnel. Gateway Action None Recommended Action Reconfigure_tunnnel. Revision Parameters tunnel 2.14.49. Failed_to_create_xauth_group (ID: 01800329) Default Severity CRITICAL Log Message...
  • Page 196: Ipsec_Tunnel_Modified_Bysgw (Id: 01800335)

    2.14.52. IPSec_tunnel_modified_bySGW Chapter 2. Log Message Reference (ID: 01800335) Recommended Action None. Revision Parameters username client_ip IPsec_tunnel 2.14.52. IPSec_tunnel_modified_bySGW (ID: 01800335) Default Severity INFORMATIONAL Log Message IPsec tunnel changed by the Security Gateway Explanation An IPsec tunnel has been changed by the Security Gateway. Gateway Action reconfiguration_by_SGW Recommended Action...
  • Page 197: Tunnel_Disabled (Id: 01800340)

    2.14.55. tunnel_disabled (ID: Chapter 2. Log Message Reference 01800340) Parameters client_ip username IPsec_tunnel 2.14.55. tunnel_disabled (ID: 01800340) Default Severity WARNING Log Message Tunnel <tunnel> disabled due to configuration error. Explanation Tunnel [tunnel] disabled due to configuration error. Gateway Action tunnel_disabled Recommended Action Tunnel_disabled.
  • Page 198: Recieved_Packet_To_Disabled_Ipsec (Id: 01800500)

    2.14.59. recieved_packet_to_disabled_IPsec Chapter 2. Log Message Reference (ID: 01800500) Default Severity NOTICE Log Message Returned a dynamic cfg mode IP <ip> to the IP pool Explanation A dynamically allocated ip used for IKE cfg mode was returned to the IP pool. Gateway Action None Recommended Action...
  • Page 199: No_Remote_Gateway (Id: 01800503)

    2.14.62. no_remote_gateway (ID: Chapter 2. Log Message Reference 01800503) Recommended Action This is usualy a consequence of low memory or a bad configuration. Look for previous log messages to find the cause for the interface being disabled. Revision Parameters ipsec_connection 2.14.62.
  • Page 200: Maximum_Allowed_Tunnels_Limit_Reached (Id: 01800900)

    2.14.66. maximum_allowed_tunnels_limit_reached Chapter 2. Log Message Reference (ID: 01800900) Default Severity ERROR Log Message IPsec interface disabled Explanation IPsec interface disabled. Gateway Action None Recommended Action None. Revision 2.14.66. maximum_allowed_tunnels_limit_reached (ID: 01800900) Default Severity ALERT Log Message Negotiation aborted due to license restrictions. Reached maximum of <allowed_tunnels>...
  • Page 201: Sa_Write_Congestion (Id: 01801338)

    2.14.69. sa_write_congestion (ID: Chapter 2. Log Message Reference 01801338) Gateway Action None Recommended Action None. Revision Parameters 2.14.69. sa_write_congestion (ID: 01801338) Default Severity WARNING Log Message Failed to write SA to Nitrox II; the request timed out. <dir> SPI <spi> Explanation A request to write an SA to Nitrox II timed out\r\n.
  • Page 202: Malformed_Packet (Id: 01802003)

    2.14.72. malformed_packet (ID: Chapter 2. Log Message Reference 01802003) 2.14.72. malformed_packet (ID: 01802003) Default Severity WARNING Log Message Malformed packet for trigger.Dropping request for policy Explanation Malformed packet for trigger, dropping request. Gateway Action dropping_request Recommended Action None. Revision 2.14.73. max_ipsec_sa_negotiations_reached (ID: 01802004) Default Severity WARNING...
  • Page 203: Ike_Sa_Negotiation_Completed (Id: 01802024)

    2.14.76. ike_sa_negotiation_completed Chapter 2. Log Message Reference (ID: 01802024) Explanation Negotiation of IKE SA failed. Gateway Action no_ike_sa Recommended Action None. Revision Parameters statusmsg local_peer remote_peer initiator_spi 2.14.76. ike_sa_negotiation_completed (ID: 01802024) Default Severity INFORMATIONAL Log Message IKE SA <options> negotiation completed: <mode> using <auth> (<encryption><keysize>...
  • Page 204: Ipsec_Sa_Negotiation_Completed (Id: 01802040)

    2.14.79. ipsec_sa_negotiation_completed Chapter 2. Log Message Reference (ID: 01802040) Default Severity WARNING Log Message Type of the local ID <localid> is not KEY-ID for the mamros-pskeyext negotiation. The negotiation might fail. Explanation Type of the local ID is not KEY-ID for the mamros-pskeyext negotiation.
  • Page 205: Ipsec_Sa_Informal (Id: 01802044)

    2.14.82. ipsec_sa_informal (ID: Chapter 2. Log Message Reference 01802044) Default Severity INFORMATIONAL Log Message Inbound SPI:<spiin> | Outbound SPI:<spiout> | Algorithm:<alg> <keysize> <mac> Explanation Log information about SPI-values and algorithms for Child SA. Gateway Action None Recommended Action None. Revision Parameters spiin spiout...
  • Page 206: Ipsec_Sa_Lifetime (Id: 01802047)

    2.14.85. ipsec_sa_lifetime (ID: Chapter 2. Log Message Reference 01802047) Default Severity INFORMATIONAL Log Message Local lifetime child SA: <sec> seconds Explanation Inform about lifetime for child SA:. Gateway Action None Recommended Action None. Revision Parameters 2.14.85. ipsec_sa_lifetime (ID: 01802047) Default Severity INFORMATIONAL Log Message Local lifetime child SA: <kb>...
  • Page 207: Ipsec_Invalid_Protocol (Id: 01802059)

    2.14.88. ipsec_invalid_protocol (ID: Chapter 2. Log Message Reference 01802059) Parameters local_id remote_id 2.14.88. ipsec_invalid_protocol (ID: 01802059) Default Severity ERROR Log Message Invalid protocol <proto> received for SA Explanation Invalid protocol received for SA. Gateway Action None Recommended Action None. Revision Parameters proto 2.14.89.
  • Page 208: No_Authentication_Method_Specified (Id: 01802100)

    2.14.92. no_authentication_method_specified Chapter 2. Log Message Reference (ID: 01802100) rule protocol Explanation Failed to insert rule since forced NAT protocol do not match rule protocol. Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_IPsec. Revision 2.14.92. no_authentication_method_specified (ID: 01802100) Default Severity ERROR Log Message Neither pre-shared keys nor CA certificates nor EAP are specified for a tunnel Explanation...
  • Page 209: Invalid_Rule_Setting (Id: 01802105)

    2.14.95. invalid_rule_setting (ID: Chapter 2. Log Message Reference 01802105) Revision 2.14.95. invalid_rule_setting (ID: 01802105) Default Severity ERROR Log Message Both REJECT and PASS defined for a rule Explanation Can not specify both pass and reject for a rule. Gateway Action None Recommended Action None.
  • Page 210: Invalid_Rule_Setting (Id: 01802109)

    2.14.99. invalid_rule_setting (ID: Chapter 2. Log Message Reference 01802109) Gateway Action None Recommended Action None. Revision 2.14.99. invalid_rule_setting (ID: 01802109) Default Severity ERROR Log Message To-tunnel specified for an AUTHENTICATION-ONLY rule Explanation To-tunnel can not be specified for an AUTHENTICATION-ONLY rule.
  • Page 211: No_Encryption_Algorithm_Configured_For_Tunnel (Id: 01802201)

    2.14.103. no_encryption_algorithm_configured_for_tunnel Chapter 2. Log Message Reference (ID: 01802201) Default Severity ERROR Log Message ESP tunnel is missing encryption and authentication algorithms Explanation ESP tunnel [tunnel] not configured with encryption and authentication algorithms. Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel. Revision Parameters tunnel 2.14.103.
  • Page 212: Invalid_Tunnel_Configuration (Id: 01802208)

    2.14.106. invalid_tunnel_configuration Chapter 2. Log Message Reference (ID: 01802208) Log Message AH configured but not supported Explanation Tunnel [tunnel] configured for AH, but AH is not supported. Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel. Revision Parameters tunnel 2.14.106. invalid_tunnel_configuration (ID: 01802208) Default Severity ERROR Log Message...
  • Page 213: Out_Of_Memory_For_Tunnel (Id: 01802211)

    2.14.109. out_of_memory_for_tunnel Chapter 2. Log Message Reference (ID: 01802211) Revision Parameters tunnel 2.14.109. out_of_memory_for_tunnel (ID: 01802211) Default Severity ERROR Log Message Out of memory. Could not allocate memory for tunnel name! <tunnel> Explanation Out of memory. Could not allocate memory for tunnel name!. Gateway Action VPN_tunnel_disabled Recommended Action...
  • Page 214: Invalid_Key_Size (Id: 01802217)

    2.14.113. invalid_key_size (ID: Chapter 2. Log Message Reference 01802217) Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel. Revision 2.14.113. invalid_key_size (ID: 01802217) Default Severity ERROR Log Message Specified key size limits for cipher <alg> with fixed key size Explanation Configuration specifies key size limits for cipher with fixed key size. Gateway Action VPN_tunnel_disabled Recommended Action...
  • Page 215: Invalid_Cipher_Keysize (Id: 01802220)

    2.14.117. malformed_tunnel_id_configured Chapter 2. Log Message Reference (ID: 01802225) 2.14.116. invalid_cipher_keysize (ID: 01802220) Default Severity ERROR Log Message Configured max MAC key size <keysize> is bigger than the built-in maximum <max> Explanation Tunnel configured invalid key size for MAC. Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel.
  • Page 216: Max_Phase1_Sa_Reached (Id: 01802400)

    2.14.120. max_phase1_sa_reached Chapter 2. Log Message Reference (ID: 01802400) Gateway Action None Recommended Action None. Revision Parameters info int_severity 2.14.120. max_phase1_sa_reached (ID: 01802400) Default Severity NOTICE Log Message The maximum number of active Phase-1 SAs reached Explanation Maximum number of active Phase-1 SAs reached. Gateway Action negotiation_aborted Recommended Action...
  • Page 217: Could_Not_Convert_Certificate (Id: 01802601)

    2.14.124. could_not_convert_certificate Chapter 2. Log Message Reference (ID: 01802601) Default Severity WARNING Log Message Could not decode Certificate to pem format. The certificate may be corrupted or it was given in unrecognized format. Explanation Could_not_decode_certificate. Gateway Action certificate_invalid Recommended Action None.
  • Page 218: Could_Not_Force_Cert_To_Be_Trusted (Id: 01802604)

    2.14.127. could_not_force_cert_to_be_trusted Chapter 2. Log Message Reference (ID: 01802604) Gateway Action certificate_not_usable_if_no_valid_CRLs Recommended Action None. Revision 2.14.127. could_not_force_cert_to_be_trusted (ID: 01802604) Default Severity WARNING Log Message Could not force CA certificate as a point of trust Explanation Could not force CA certificate as a point of trust. Gateway Action certificate_disabled Recommended Action...
  • Page 219: Could_Not_Loack_Certificate (Id: 01802608)

    2.14.131. could_not_loack_certificate Chapter 2. Log Message Reference (ID: 01802608) corrupted or it was given in unrecognized format. Explanation Could_not_decode_certificate. Gateway Action certificate_invalid Recommended Action None. Revision 2.14.131. could_not_loack_certificate (ID: 01802608) Default Severity WARNING Log Message Could not lock certificate in cache Explanation Could not lock certificate in cache.
  • Page 220: Ike_Sa_Negotiation_Completed (Id: 01802704)

    2.14.135. ike_sa_negotiation_completed Chapter 2. Log Message Reference (ID: 01802704) Default Severity INFORMATIONAL Log Message IKE SA: Local IKE peer: <local_peer> Remote IKE peer: <remote_peer> Initiator SPI: <initiator_spi> Responder SPI: <responder_spi>. Internal severity level: <int_severity>. Explanation Ike SA sucessfully installed. Gateway Action ike_sa_completed Recommended Action None.
  • Page 221: Could_Not_Decode_Certificate (Id: 01802707)

    2.14.138. could_not_decode_certificate Chapter 2. Log Message Reference (ID: 01802707) Default Severity WARNING Log Message Directory names are not supported as subject alternative names. Skipping DN: <dn_name> Explanation Directory specified as subject alternative name. Gateway Action skip_dn_name Recommended Action None. Revision Parameters dn_name 2.14.138.
  • Page 222: Remote_Access_Address (Id: 01802710)

    2.14.141. remote_access_address (ID: Chapter 2. Log Message Reference 01802710) Recommended Action None. Revision Parameters cfgmode int_severity 2.14.141. remote_access_address (ID: 01802710) Default Severity INFORMATIONAL Log Message Addresses for remote access attributes: <ipaddr> expires time <time> Explanation Addresses for remote access attributes. Gateway Action None Recommended Action...
  • Page 223: Remote_Access_Dhcp (Id: 01802713)

    2.14.144. remote_access_dhcp (ID: Chapter 2. Log Message Reference 01802713) 2.14.144. remote_access_dhcp (ID: 01802713) Default Severity INFORMATIONAL Log Message DHCP for remote access attributes: <dhcp_s> Explanation DHCP remote access attributes. Gateway Action None Recommended Action None. Revision Parameters dhcp_s 2.14.145. remote_access_subnets (ID: 01802714) Default Severity INFORMATIONAL Log Message...
  • Page 224: Certificate_Search_Failed (Id: 01802718)

    2.14.148. certificate_search_failed (ID: Chapter 2. Log Message Reference 01802718) Log Message Selection of IPsec SA failed due to <reason>. Internal severity level: <int_severity> Explanation Failed to select a SA. Gateway Action no_ipsec_sa_selected Recommended Action None. Revision Parameters reason int_severity 2.14.148. certificate_search_failed (ID: 01802718) Default Severity WARNING Log Message...
  • Page 225: Ipsec_Sa_Destroyed (Id: 01802732)

    2.14.151. ipsec_sa_destroyed (ID: Chapter 2. Log Message Reference 01802732) <int_severity> Explanation Event occured for IPsec SA. Gateway Action None Recommended Action None. Revision Parameters int_severity 2.14.151. ipsec_sa_destroyed (ID: 01802732) Default Severity INFORMATIONAL Log Message IPsec SA destroyed: Inbound SPI: <spiin> | Outbound SPI: <spiout> Explanation IPsec SA have been destroyed.
  • Page 226: Outofmem_Create_Engine (Id: 01802901)

    2.14.154. outofmem_create_engine Chapter 2. Log Message Reference (ID: 01802901) Explanation L2TP negotiation event. Gateway Action l2tp_negotiation_event Recommended Action None. Revision Parameters side local_id remote_id int_severity 2.14.154. outofmem_create_engine (ID: 01802901) Default Severity CRITICAL Log Message Failed to allocate memory for engine object Explanation Could not allocate memory for engine object.
  • Page 227: Init_Rule_Looklup_Failed (Id: 01802905)

    2.14.158. init_mutexes_failed (ID: Chapter 2. Log Message Reference 01802906) 2.14.157. init_rule_looklup_failed (ID: 01802905) Default Severity CRITICAL Log Message allocating default pass rule failed! Explanation Allocating default pass rule failed!. Gateway Action ipsec_disabled Recommended Action None. Revision 2.14.158. init_mutexes_failed (ID: 01802906) Default Severity CRITICAL Log Message...
  • Page 228: Init_Flow_Table_Failed (Id: 01802909)

    2.14.161. init_flow_table_failed (ID: Chapter 2. Log Message Reference 01802909) 2.14.161. init_flow_table_failed (ID: 01802909) Default Severity CRITICAL Log Message Allocation of flow table failed (size <size>) Explanation Allocation of flow table failed. Gateway Action ipsec_disabled Recommended Action None. Revision Parameters size 2.14.162.
  • Page 229: Init_Peer_Id_Hash_Failed (Id: 01802913)

    2.14.165. init_peer_id_hash_failed (ID: Chapter 2. Log Message Reference 01802913) Recommended Action None. Revision 2.14.165. init_peer_id_hash_failed (ID: 01802913) Default Severity CRITICAL Log Message Allocation of peer id hash table failed Explanation Allocation of peer id hash table failed. Gateway Action ipsec_disabled Recommended Action None.
  • Page 230: Init_Packet_Context_Cache_Failed (Id: 01802917)

    2.14.169. init_packet_context_cache_failed Chapter 2. Log Message Reference (ID: 01802917) Gateway Action ipsec_disabled Recommended Action None. Revision 2.14.169. init_packet_context_cache_failed (ID: 01802917) Default Severity CRITICAL Log Message Allocation of packet context cache failed Explanation Allocation of packet context cache failed. Gateway Action ipsec_disabled Recommended Action None.
  • Page 231: Init_Engine_Tables_Failed (Id: 01802921)

    2.14.173. init_engine_tables_failed Chapter 2. Log Message Reference (ID: 01802921) Explanation Allocation of fragmentation tables failed. Gateway Action ipsec_disabled Recommended Action None. Revision 2.14.173. init_engine_tables_failed (ID: 01802921) Default Severity CRITICAL Log Message Allocation of engine tables failed Explanation Allocation of engine tables failed. Gateway Action ipsec_disabled Recommended Action...
  • Page 232: Failed_To_Select_Ike_Sa (Id: 01803002)

    2.14.177. failed_to_select_ike_sa (ID: Chapter 2. Log Message Reference 01803002) Log Message Could not select policy rule Explanation Could not select policy rule. Gateway Action None Recommended Action None. Revision 2.14.177. failed_to_select_ike_sa (ID: 01803002) Default Severity INFORMATIONAL Log Message Could not select SA from IKE SA proposal Explanation Could not select SA from IKE SA proposal.
  • Page 233: Ipsec_Sa_Statistics (Id: 01803021)

    2.14.180. ipsec_sa_statistics (ID: Chapter 2. Log Message Reference 01803021) Recommended Action None. Revision Parameters statusmsg 2.14.180. ipsec_sa_statistics (ID: 01803021) Default Severity INFORMATIONAL Log Message IPsec SA negotiations: <done> done, <success> successful, <failed> failed Explanation IPsec SA statistics. Gateway Action None Recommended Action None.
  • Page 234: Xauth_Exchange_Done (Id: 01803024)

    2.14.183. xauth_exchange_done (ID: Chapter 2. Log Message Reference 01803024) 2.14.183. xauth_exchange_done (ID: 01803024) Default Severity INFORMATIONAL Log Message XAuth exchange done: <statusmsg> Explanation Information about the result of a completed XAuth exchange. Gateway Action None Recommended Action None. Revision Parameters statusmsg 2.14.184.
  • Page 235: Rejecting_Ipsec_Sa_Delete (Id: 01803028)

    2.14.187. rejecting_ipsec_sa_delete Chapter 2. Log Message Reference (ID: 01803028) Explanation Rejected IPsec SA delete notification due to protocol mismatch. Gateway Action None Recommended Action None. Revision Parameters remote_peer proto 2.14.187. rejecting_ipsec_sa_delete (ID: 01803028) Default Severity WARNING Log Message Rejecting IPsec SA delete notification from <remote_peer> since the SPI size <spi_size>...
  • Page 236: Failed_To_Verify_Peer_Identity (Id: 01803040)

    2.14.190. failed_to_verify_peer_identity Chapter 2. Log Message Reference (ID: 01803040) Log Message Quick-Mode notification from <remote_peer> for protocol <proto>, SPI <spi>: <msg> (<type>) (<size> bytes) Explanation Received a IKE Quick-Mode notification. Gateway Action None Recommended Action None. Revision Parameters remote_peer proto type size 2.14.190.
  • Page 237: Malformed_Ipsec_Ah_Proposal (Id: 01803052)

    2.14.193. malformed_ipsec_ah_proposal Chapter 2. Log Message Reference (ID: 01803052) Recommended Action None. Revision Parameters reason 2.14.193. malformed_ipsec_ah_proposal (ID: 01803052) Default Severity WARNING Log Message Malformed IPsec AH proposal: <reason> Explanation Received a malformed IPsec AH proposal. Gateway Action None Recommended Action None.
  • Page 238: Audit_Event (Id: 01803200)

    2.14.197. audit_event (ID: 01803200) Chapter 2. Log Message Reference Default Severity NOTICE Log Message Negotiation aborted due to license restrictions: IKE responder mode not available. Explanation A negotiation was aborted because it was not initiated by the correct side in accordance with license restrictions. Gateway Action ike_negotiation_aborted Recommended Action...
  • Page 239: 2.15. Ip_Error

    2.15. IP_ERROR Chapter 2. Log Message Reference 2.15. IP_ERROR These log messages refer to the IP_ERROR (Packet discarded due to IP header error(s)) category. 2.15.1. too_small_packet (ID: 01500001) Default Severity WARNING Log Message Packet is too small to contain IPv4 header Explanation The received packet is too small to contain an IPv4 header, and will be dropped.
  • Page 240: Invalid_Ip_Length (Id: 01500004)

    2.15.4. invalid_ip_length (ID: Chapter 2. Log Message Reference 01500004) Revision Parameters iptotlen iphdrlen Context Parameters Rule Name Packet Buffer 2.15.4. invalid_ip_length (ID: 01500004) Default Severity WARNING Log Message Invalid IP header length, IPTotLen=<iptotlen>, RecvLen=<recvlen> Explanation The received packet IP total length is larger than the received transport data.
  • Page 241: 2.16. Ip_Flag

    2.16. IP_FLAG Chapter 2. Log Message Reference 2.16. IP_FLAG These log messages refer to the IP_FLAG (Events concerning the IP header flags) category. 2.16.1. ttl_low (ID: 01600001) Default Severity WARNING Log Message Received packet with too low TTL of <ttl>. Min TTL is <ttlmin>. Ignoring Explanation The received packet has a TTL (Time-To-Live) field which is too low.
  • Page 242 2.16.3. ip_rsv_flag_set (ID: 01600003) Chapter 2. Log Message Reference Context Parameters Rule Name Packet Buffer...
  • Page 243: 2.17. Ip_Opt

    2.17. IP_OPT Chapter 2. Log Message Reference 2.17. IP_OPT These log messages refer to the IP_OPT (Events concerning the IP header options) category. 2.17.1. source_route (ID: 01700001) Default Severity NOTICE Log Message Packet has a source route Explanation The packet has a source route. Ignoring. Gateway Action ignore Recommended Action...
  • Page 244: Ipopt_Present (Id: 01700004)

    2.17.5. ipoptlen_too_small (ID: Chapter 2. Log Message Reference 01700010) 2.17.4. ipopt_present (ID: 01700004) Default Severity NOTICE Log Message IP Option <ipopt>(<optname>) is present Explanation The packet contains an IP Option. Ignoring. Gateway Action ignore Recommended Action None. Revision Parameters ipopt optname Context Parameters Rule Name...
  • Page 245: Multiple_Ip_Option_Routes (Id: 01700012)

    2.17.7. multiple_ip_option_routes (ID: Chapter 2. Log Message Reference 01700012) avail Context Parameters Rule Name Packet Buffer 2.17.7. multiple_ip_option_routes (ID: 01700012) Default Severity WARNING Log Message Multiple source/return routes in IP options. Dropping Explanation There are multiple source/return routes specified among the IP Options.
  • Page 246: Source_Route_Disallowed (Id: 01700015)

    2.17.10. source_route_disallowed (ID: Chapter 2. Log Message Reference 01700015) Recommended Action None. Revision Parameters ipopt routeptr Context Parameters Rule Name Packet Buffer 2.17.10. source_route_disallowed (ID: 01700015) Default Severity WARNING Log Message Source route IP option disallowed. Dropping Explanation The packet has a source route, which is disallowed. Dropping packet. Gateway Action drop Recommended Action...
  • Page 247: Bad_Timestamp_Pointer (Id: 01700018)

    2.17.13. bad_timestamp_pointer (ID: Chapter 2. Log Message Reference 01700018) Revision Parameters ipopt optlen Context Parameters Rule Name Packet Buffer 2.17.13. bad_timestamp_pointer (ID: 01700018) Default Severity WARNING Log Message IP Option Type <ipopt>: Bad Timestamp Pointer <tsptr>. Dropping Explanation The packet contains an invalid Timestamp Pointer. Dropping packet. Gateway Action drop Recommended Action...
  • Page 248: Router_Alert_Bad_Len (Id: 01700021)

    2.17.16. router_alert_bad_len (ID: Chapter 2. Log Message Reference 01700021) Explanation The packet contains a timestamp IP Option, which is disallowed. Dropping packet. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.17.16. router_alert_bad_len (ID: 01700021) Default Severity WARNING Log Message IP Option Type <ipopt>: Bad length <optlen>.
  • Page 249 2.17.18. ipopt_present_disallowed (ID: Chapter 2. Log Message Reference 01700023) Explanation The packet contains an IP Option, which is disallowed. Dropping packet. Gateway Action drop Recommended Action None. Revision Parameters ipopt optname Context Parameters Rule Name Packet Buffer...
  • Page 250: 2.18. Ip_Proto

    2.18. IP_PROTO Chapter 2. Log Message Reference 2.18. IP_PROTO These log messages refer to the IP_PROTO (IP Protocol verification events) category. 2.18.1. multicast_ethernet_ip_address_missmatch (ID: 07000011) Default Severity WARNING Log Message Received packet with a destination IP address <ip_multicast_addr> that does match Ethernet multicast...
  • Page 251: Ttl_Low (Id: 07000014)

    2.18.4. ttl_low (ID: 07000014) Chapter 2. Log Message Reference which is not allowed. Dropping packet. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.18.4. ttl_low (ID: 07000014) Default Severity WARNING Log Message Received packet with too low TTL of <ttl>. Min TTL is <ttlmin>. Dropping Explanation The received packet has a TTL (Time-To-Live) field which is too low.
  • Page 252: Invalid_Tcp_Header (Id: 07000019)

    2.18.7. invalid_tcp_header (ID: Chapter 2. Log Message Reference 07000019) Dropping packet. Gateway Action drop Recommended Action This can be changed under the Advanced Settings section. Revision Parameters proto Context Parameters Rule Name Packet Buffer 2.18.7. invalid_tcp_header (ID: 07000019) Default Severity WARNING Log Message Invalid...
  • Page 253: Oversize_Icmp (Id: 07000023)

    2.18.10. oversize_icmp (ID: 07000023) Chapter 2. Log Message Reference Log Message Invalid header IPDataLen=<ipdatalen>, UDPTotLen=<udptotlen>. Dropping Explanation The UDP packet contains an invalid header. Dropping packet. Gateway Action drop Recommended Action None. Revision Parameters ipdatalen udptotlen Context Parameters Rule Name Packet Buffer 2.18.10.
  • Page 254: Multicast_Ethernet_Ip_Address_Missmatch (Id: 07000033)

    2.18.13. oversize_gre (ID: 07000050) Chapter 2. Log Message Reference 2.18.12. multicast_ethernet_ip_address_missmatch (ID: 07000033) Default Severity WARNING Log Message Received packet with a destination IP address <ip_multicast_addr> that does match Ethernet multicast address <eth_multicast_addr> Explanation A packet was received with an IP multicast Ethernet address as destination address, but the IP address in the IP header does however not match it.
  • Page 255: Oversize_Ah (Id: 07000052)

    2.18.15. oversize_ah (ID: 07000052) Chapter 2. Log Message Reference Revision Parameters proto Context Parameters Rule Name Packet Buffer 2.18.15. oversize_ah (ID: 07000052) Default Severity WARNING Log Message Configured size limit for the AH protocol exceeded. Dropping Explanation The configured size limit for the AH protocol was exceeded. Dropping packet.
  • Page 256: Oversize_Ipip (Id: 07000055)

    2.18.18. oversize_ipip (ID: 07000055) Chapter 2. Log Message Reference Recommended Action This can be changed under the Advanced Settings section. Revision Parameters proto Context Parameters Rule Name Packet Buffer 2.18.18. oversize_ipip (ID: 07000055) Default Severity WARNING Log Message Configured size limit for the IPIP protocol exceeded. Dropping Explanation The configured size limit for the IPIP protocol was exceeded.
  • Page 257: Oversize_Ip (Id: 07000058)

    2.18.21. oversize_ip (ID: 07000058) Chapter 2. Log Message Reference Gateway Action drop Recommended Action This can be changed under the Advanced Settings section. Revision Parameters proto Context Parameters Rule Name Packet Buffer 2.18.21. oversize_ip (ID: 07000058) Default Severity WARNING Log Message Configured size limit for IP protocol exceeded.
  • Page 258: Invalid_Icmp_Data_Ip_Ver (Id: 07000072)

    2.18.24. invalid_icmp_data_ip_ver (ID: Chapter 2. Log Message Reference 07000072) Dropping packet. Gateway Action drop Recommended Action None. Revision Parameters icmpdatalen icmpiphdrminlen Context Parameters Rule Name Packet Buffer 2.18.24. invalid_icmp_data_ip_ver (ID: 07000072) Default Severity WARNING Log Message Invalid ICMP data. ICMPDataLen=<icmpdatalen> ICMPIPVer=<icmpipver>.
  • Page 259: Invalid_Icmp_Data_Invalid_Ip_Length (Id: 07000074)

    2.18.26. invalid_icmp_data_invalid_ip_length Chapter 2. Log Message Reference (ID: 07000074) 2.18.26. invalid_icmp_data_invalid_ip_length (ID: 07000074) Default Severity WARNING Log Message Invalid ICMP data length. ICMPDataLen=<icmpdatalen> ICMPIPDataLen=<icmpipdatalen> ICMPIPDataMinLen=<icmpipdataminlen>. Dropping Explanation The ICMP data length is invalid. The contained IP data must be atleast 8 bytes long.
  • Page 260: 2.19. L2Tp

    2.19. L2TP Chapter 2. Log Message Reference 2.19. L2TP These log messages refer to the L2TP (L2TP tunnel events) category. 2.19.1. l2tpclient_resolve_successful (ID: 02800001) Default Severity NOTICE Log Message L2TP client <iface> resolved <remotegwname> to <remotegw> Explanation The L2TP client successfully resolved the DNS name of the remote gateway.
  • Page 261: L2Tp_Connection_Disallowed (Id: 02800004)

    2.19.4. l2tp_connection_disallowed Chapter 2. Log Message Reference (ID: 02800004) Parameters iface remotegw 2.19.4. l2tp_connection_disallowed (ID: 02800004) Default Severity NOTICE Log Message L2TP connection disallowed according to rule <rule>! Tunnel ID: <tunnelid>, Session ID: <sessionid> Explanation The L2TP connection is disallowed according to the specified userauth rule.
  • Page 262: L2Tp_Session_Closed (Id: 02800007)

    2.19.7. l2tp_session_closed (ID: Chapter 2. Log Message Reference 02800007) Recommended Action Make sure no manually configured routes to the L2TP server interface exists in the configuration. Revision Parameters iface 2.19.7. l2tp_session_closed (ID: 02800007) Default Severity NOTICE Log Message Closed L2TP session. Session ID: <sessionid>, Tunnel ID: <tunnelid> Explanation The L2TP session with the specified session ID has been closed.
  • Page 263: L2Tp_Session_Request (Id: 02800010)

    2.19.10. l2tp_session_request (ID: Chapter 2. Log Message Reference 02800010) Revision Parameters iface sessionid remotegw 2.19.10. l2tp_session_request (ID: 02800010) Default Severity NOTICE Log Message L2TP session request sent. Tunnel ID: <tunnelid> Explanation An L2TP session request has been sent over the specified L2TP tunnel. Gateway Action None Recommended Action...
  • Page 264: L2Tp_Session_Request (Id: 02800015)

    2.19.13. l2tp_session_request (ID: Chapter 2. Log Message Reference 02800015) Parameters tunnelid sessionid 2.19.13. l2tp_session_request (ID: 02800015) Default Severity NOTICE Log Message L2TP session request received. Tunnel ID: <tunnelid> Explanation A new session request was received on the specified tunnel. Gateway Action None Recommended Action None.
  • Page 265: L2Tpclient_Tunnel_Up (Id: 02800018)

    2.19.16. l2tpclient_tunnel_up (ID: Chapter 2. Log Message Reference 02800018) 2.19.16. l2tpclient_tunnel_up (ID: 02800018) Default Severity NOTICE Log Message L2TP tunnel to <remotegw> is up. Tunnel ID: <tunnelid> Explanation L2TP tunnel negotiated successfully. Gateway Action None Recommended Action None. Revision Parameters tunnelid iface remotegw...
  • Page 266: 2.20. Licupdate

    2.20. LICUPDATE Chapter 2. Log Message Reference 2.20. LICUPDATE These log messages refer to the LICUPDATE (License update) category. 2.20.1. license_update_failure (ID: 05500001) Default Severity ALERT Log Message License update failed, because of <reason> Explanation The unit tried to update the license, but failed. The reason for this is specified in the "reason"...
  • Page 267: 2.21. Ppp

    2.21. PPP Chapter 2. Log Message Reference 2.21. PPP These log messages refer to the PPP (PPP tunnel events) category. 2.21.1. ip_pool_empty (ID: 02500001) Default Severity WARNING Log Message IPCP can not assign IP address to peer because the IP address pool is empty Explanation IPCP can not assign an IP address to the peer because there are no free...
  • Page 268: Seconday_Dns_Address_Required_But_Not_Received (Id: 02500004)

    2.21.4. seconday_dns_address_required_but_not_received Chapter 2. Log Message Reference (ID: 02500004) Revision Parameters tunnel_type 2.21.4. seconday_dns_address_required_but_not_received (ID: 02500004) Default Severity WARNING Log Message Secondary DNS address required but not received. PPP terminated Explanation Peer refuses to give out a secondary DNS address. Since reception of a secondary DNS address is required, PPP is terminated.
  • Page 269: Failed_To_Agree_On_Authentication_Protocol (Id: 02500050)

    2.21.7. failed_to_agree_on_authentication_protocol Chapter 2. Log Message Reference (ID: 02500050) Parameters tunnel_type 2.21.7. failed_to_agree_on_authentication_protocol (ID: 02500050) Default Severity ERROR Log Message Failed to agree on authentication protocol. PPP terminated Explanation Failed to agree on PPP authentication protocol. PPP is terminated. Gateway Action ppp_terminated Recommended Action Review the allowed authentication protocols configured.
  • Page 270: Ppp_Tunnel_Limit_Exceeded (Id: 02500100)

    2.21.10. ppp_tunnel_limit_exceeded Chapter 2. Log Message Reference (ID: 02500100) Parameters tunnel_type unsupported_lcp_option 2.21.10. ppp_tunnel_limit_exceeded (ID: 02500100) Default Severity ALERT Log Message PPP Tunnel license limit exceeded. PPP terminated Explanation PPP is terminated because the license restrictions do not allow any more PPP tunnels.
  • Page 271: Username_Too_Long (Id: 02500151)

    2.21.14. username_too_long (ID: Chapter 2. Log Message Reference 02500201) 2.21.13. username_too_long (ID: 02500151) Default Severity WARNING Log Message PPP CHAP username was truncated because it was too long Explanation PPP CHAP username was truncated because it was too long. Gateway Action chap_username_truncated Recommended Action Reconfigure the endpoints to use a shorter username.
  • Page 272: Password_Too_Long (Id: 02500351)

    2.21.17. password_too_long (ID: Chapter 2. Log Message Reference 02500351) Gateway Action pap_username_truncated Recommended Action Reconfigure the endpoints to use a shorter username. Revision Parameters tunnel_type 2.21.17. password_too_long (ID: 02500351) Default Severity WARNING Log Message PPP PAP password was truncated because it was too long Explanation PPP PAP password was truncated because it was too long.
  • Page 273: Authdb_Error (Id: 02500502)

    2.21.20. authdb_error (ID: 02500502) Chapter 2. Log Message Reference 2.21.20. authdb_error (ID: 02500502) Default Severity ERROR Log Message Local database authentication error. PPP Authentication terminated Explanation There was an error while authenticating using a local user database. PPP Authentication terminated. Gateway Action authentication_terminated Recommended Action...
  • Page 274: 2.22. Pppoe

    2.22. PPPOE Chapter 2. Log Message Reference 2.22. PPPOE These log messages refer to the PPPOE (PPPoE tunnel events) category. 2.22.1. pppoe_tunnel_up (ID: 02600001) Default Severity NOTICE Log Message PPPoE tunnel on <iface> established to <pppoeserver>. Auth: <auth>, IfaceIP: <ifaceip>, Downtime: <downtime> Explanation The PPPoE tunnel for the interface have been established.
  • Page 275: 2.23. Pptp

    2.23. PPTP Chapter 2. Log Message Reference 2.23. PPTP These log messages refer to the PPTP (PPTP tunnel events) category. 2.23.1. pptpclient_resolve_successful (ID: 02700001) Default Severity NOTICE Log Message PPTP client <iface> resolved <remotegwname> to <remotegw> Explanation The PPTP client succesfully resolved the DNS name of remote gateway.
  • Page 276: Unknown_Pptp_Auth_Source (Id: 02700004)

    2.23.4. unknown_pptp_auth_source Chapter 2. Log Message Reference (ID: 02700004) Revision Parameters rule remotegw callid 2.23.4. unknown_pptp_auth_source (ID: 02700004) Default Severity WARNING Log Message Unknown PPTP authentication source for <rule>! Remote gateway: <remotegw>, Call ID: <callid> Explanation The authentication source for the specified userauth rule found in the new configuration is unknown to the PPTP server.
  • Page 277: Mppe_Required (Id: 02700007)

    2.23.7. mppe_required (ID: 02700007) Chapter 2. Log Message Reference another subsystem. Traffic can only be sent out on the PPTP server using the dynamic routes set up by the interface itself. Gateway Action drop Recommended Action Make sure there are no manually configured routes pointing to the PPTP server interface in the configuration.
  • Page 278: Unsupported_Message (Id: 02700010)

    2.23.10. unsupported_message (ID: Chapter 2. Log Message Reference 02700010) Explanation An PPTP session request has been sent on the control connection to the specified remote gateway. Gateway Action None Recommended Action None. Revision Parameters remotegw 2.23.10. unsupported_message (ID: 02700010) Default Severity WARNING Log Message Unsupported message type <type>...
  • Page 279: Pptp_Session_Up (Id: 02700013)

    2.23.13. pptp_session_up (ID: Chapter 2. Log Message Reference 02700013) Log Message PPP negotiation completed for session <callid> to <remotegw> on <iface>. User: <user>, Auth: <auth>, MPPE: <mppe>, Assigned IP: <assigned_ip> Explanation The PPP negotiation has completed successfully for this session. The specified interface, remote gateway and call ID identify the specific session.
  • Page 280: Session_Idle_Timeout (Id: 02700015)

    2.23.15. session_idle_timeout (ID: Chapter 2. Log Message Reference 02700015) Parameters iface remotegw 2.23.15. session_idle_timeout (ID: 02700015) Default Severity WARNING Log Message PPTP session <callid> to <remotegw> on <iface> has been idle for too long. Closing it. Explanation A PPTP session has been idle for too long. Session will be closed. Gateway Action close_session Recommended Action...
  • Page 281: Pptp_Tunnel_Up (Id: 02700019)

    2.23.18. pptp_tunnel_up (ID: Chapter 2. Log Message Reference 02700019) 2.23.18. pptp_tunnel_up (ID: 02700019) Default Severity NOTICE Log Message PPTP tunnel up, client <remotegw> connected to <iface> Explanation A remote PPTP client has established a connection to this PPTP server. Gateway Action None Recommended Action None.
  • Page 282: Pptp_Tunnel_Closed (Id: 02700022)

    2.23.22. pptp_connection_disallowed Chapter 2. Log Message Reference (ID: 02700024) 2.23.21. pptp_tunnel_closed (ID: 02700022) Default Severity NOTICE Log Message PPTP tunnel to <remotegw> on <iface> closed. Explanation The PPTP tunnel to has been closed. Gateway Action None Recommended Action None. Revision Parameters iface remotegw...
  • Page 283: Pptp_No_Userauth_Rule_Found (Id: 02700026)

    2.23.25. malformed_packet (ID: Chapter 2. Log Message Reference 02700027) 2.23.24. pptp_no_userauth_rule_found (ID: 02700026) Default Severity WARNING Log Message Did not find a matching userauth rule for the incoming PPTP connection. Interface: <iface>, Remote gateway: <remotegw>. Explanation The PPTP server was unsuccessful trying to find a userauth rule matching the incoming PPTP connection.
  • Page 284: 2.24. Reassembly

    2.24. REASSEMBLY Chapter 2. Log Message Reference 2.24. REASSEMBLY These log messages refer to the REASSEMBLY (Events concerning data reassembly) category. 2.24.1. ack_of_not_transmitted_data (ID: 04800002) Default Severity INFORMATIONAL Log Message TCP segment acknowledges data not yet transmitted Explanation A TCP segment that acknowledges data not yet transmitted was received.
  • Page 285: Memory_Allocation_Failure (Id: 04800005)

    2.24.4. memory_allocation_failure (ID: Chapter 2. Log Message Reference 04800005) Context Parameters Connection 2.24.4. memory_allocation_failure (ID: 04800005) Default Severity ERROR Log Message Can't allocate memory to keep track of a packet Explanation The gateway is unable to allocate memory to keep track of packet that was received.
  • Page 286: Maximum_Connections_Limit_Reached (Id: 04800010)

    2.24.8. maximum_connections_limit_reached Chapter 2. Log Message Reference (ID: 04800010) Log Message Maximum processing memory limit reached Explanation The reassembly subsystem has reached the maximum limit set on its processing memory. This will decrease the performance of connections that are processed by the reassembly subsystem. Gateway Action drop Recommended Action...
  • Page 287: 2.25. Rule

    2.25. RULE Chapter 2. Log Message Reference 2.25. RULE These log messages refer to the RULE (Events triggered by rules) category. 2.25.1. ruleset_fwdfast (ID: 06000003) Default Severity NOTICE Log Message Packet statelessly forwarded (fwdfast) Explanation The packet matches a rule with a "fwdfast" action, and is statelessly forwarded.
  • Page 288: Rule_Match (Id: 06000007)

    2.25.4. rule_match (ID: 06000007) Chapter 2. Log Message Reference Packet Buffer 2.25.4. rule_match (ID: 06000007) Default Severity DEBUG Log Message RETURN action trigged Explanation A rule with a special RETURN action was trigged by an IP-rule lookup. This log message only appears if you explicitly requested it for the rule in question, and it is considered of DEBUG severity.
  • Page 289: Block127Net (Id: 06000012)

    2.25.7. block127net (ID: 06000012) Chapter 2. Log Message Reference Packet Buffer 2.25.7. block127net (ID: 06000012) Default Severity WARNING Log Message Destination address is the 127.* net. Dropping Explanation The destination address was the 127.* net, which is not allowed according to the configuration. The packet is dropped. Gateway Action drop Recommended Action...
  • Page 290: Directed_Broadcasts (Id: 06000031)

    2.25.10. directed_broadcasts (ID: Chapter 2. Log Message Reference 06000031) 2.25.10. directed_broadcasts (ID: 06000031) Default Severity NOTICE Log Message Packet directed to the broadcast address of the destination network. Dropping Explanation The packet was directed to the broadcast address of the destination network, and the unit is configured to disallow this.
  • Page 291: Unhandled_Local (Id: 06000060)

    2.25.14. unhandled_local (ID: Chapter 2. Log Message Reference 06000060) Default Severity WARNING Log Message Packet dropped by rule-set. Dropping Explanation The rule-set is configured to drop this packet. Gateway Action drop Recommended Action If this is not the indended behaviour, modify the rule-set. Revision Context Parameters Rule Information...
  • Page 292: 2.26. Sesmgr

    2.26. SESMGR Chapter 2. Log Message Reference 2.26. SESMGR These log messages refer to the SESMGR (Session Manager events) category. 2.26.1. sesmgr_session_created (ID: 04900001) Default Severity NOTICE Log Message Session connected for User: <user>. Database: <database>. IP: <ip>. Type: <type>. Explanation New session created in Session Manager.
  • Page 293: Sesmgr_Access_Set (Id: 04900004)

    2.26.4. sesmgr_access_set (ID: Chapter 2. Log Message Reference 04900004) Revision Parameters user database type 2.26.4. sesmgr_access_set (ID: 04900004) Default Severity NOTICE Log Message Access level changed to <access> for User: <user>. Database: <database>. IP: <ip>. Type: <type>. Explanation Access level has been changed for session. Gateway Action none Recommended Action...
  • Page 294: Sesmgr_Console_Denied (Id: 04900007)

    2.26.7. sesmgr_console_denied (ID: Chapter 2. Log Message Reference 04900007) Gateway Action deny_upload Recommended Action Terminate administrator session and try again. Revision Parameters user type 2.26.7. sesmgr_console_denied (ID: 04900007) Default Severity WARNING Log Message Could not create new console for User: <user>. Database: <database>. IP: <ip>.
  • Page 295: Sesmgr_Session_Activate (Id: 04900010)

    2.26.10. sesmgr_session_activate (ID: Chapter 2. Log Message Reference 04900010) Revision 2.26.10. sesmgr_session_activate (ID: 04900010) Default Severity NOTICE Log Message Session has been activated for User: <user>. Database: <database>. IP: <ip>. Type: <type>. Explanation Disabled session has been activated. Gateway Action none Recommended Action None.
  • Page 296: Sesmgr_Session_Access_Missing (Id: 04900015)

    2.26.13. sesmgr_session_access_missing Chapter 2. Log Message Reference (ID: 04900015) Parameters user database type 2.26.13. sesmgr_session_access_missing (ID: 04900015) Default Severity WARNING Log Message No access level set for User: <user>. Database: <database>. IP: <ip>. Type: <type>. Explanation No access level set for user, new session denied. Gateway Action deny_session Recommended Action...
  • Page 297: Sesmgr_Techsupport (Id: 04900018)

    2.26.16. sesmgr_techsupport (ID: Chapter 2. Log Message Reference 04900018) Revision 2.26.16. sesmgr_techsupport (ID: 04900018) Default Severity NOTICE Log Message Sending technical support file. Explanation Technical support file created and is being sent to user. Gateway Action techsupport_created Recommended Action None. Revision...
  • Page 298: 2.27. Smtplog

    2.27. SMTPLOG Chapter 2. Log Message Reference 2.27. SMTPLOG These log messages refer to the SMTPLOG (SMTPLOG events) category. 2.27.1. unable_to_establish_connection (ID: 03000001) Default Severity WARNING Log Message Unable to establish connection to SMTP server <smtp_server>. Send aborted Explanation The unit failed to establish a connection to the SMTP server. No SMTP Log will be sent.
  • Page 299: Receive_Timeout (Id: 03000005)

    2.27.5. rejected_connect (ID: Chapter 2. Log Message Reference 03000006) 2.27.4. receive_timeout (ID: 03000005) Default Severity WARNING Log Message Receive timeout from SMTP server <smtp_server>. Send aborted Explanation The unit timed out while receiving data from the SMTP server. No SMTP Log will be sent. Gateway Action abort_sending Recommended Action...
  • Page 300: Rejected_Recipient (Id: 03000009)

    2.27.8. rejected_recipient (ID: Chapter 2. Log Message Reference 03000009) Log Message SMTP server <smtp_server> rejected sender <sender>. Send aborted Explanation The SMTP server rejected the sender. No SMTP Log will be sent. Gateway Action abort_sending Recommended Action Verify that the SMTP server is configured to accept this sender. Revision Parameters smtp_server...
  • Page 301: Rejected_Message_Text (Id: 03000012)

    2.27.11. rejected_message_text (ID: Chapter 2. Log Message Reference 03000012) Recommended Action Verify that the SMTP server is properly configured. Revision Parameters smtp_server 2.27.11. rejected_message_text (ID: 03000012) Default Severity WARNING Log Message SMTP server <smtp_server> rejected message text. Send aborted Explanation The SMTP server rejected the message text.
  • Page 302: 2.28. System

    2.28.2. demo_mode (ID: 03200021) Default Severity ALERT Log Message This copy of D-Link DFL-160 is in DEMO mode. Firewall core will halt in <time> seconds Explanation The unit is running in DEMO mode, and will eventually expire. Install a license in order to avoid this.
  • Page 303: Reset_Clock (Id: 03200101)

    2.28.4. reset_clock (ID: 03200101) Chapter 2. Log Message Reference Parameters oldtime newtime user 2.28.4. reset_clock (ID: 03200101) Default Severity NOTICE Log Message The clock at <oldtime> was manually reset to <newtime> Explanation The clock has manually been reset. Gateway Action None Recommended Action None.
  • Page 304: Hardware_Watchdog_Initialized (Id: 03200260)

    2.28.8. hardware_watchdog_initialized Chapter 2. Log Message Reference (ID: 03200260) Default Severity ERROR Log Message NITROX II interfaces restarted. Explanation NITROX II interfaces restarted. Gateway Action None Recommended Action None. Revision 2.28.8. hardware_watchdog_initialized (ID: 03200260) Default Severity NOTICE Log Message Hardware Watchdog <hardware_watchdog_chip>...
  • Page 305: Port_Hlm_Conversion (Id: 03200302)

    2.28.11. port_hlm_conversion (ID: Chapter 2. Log Message Reference 03200302) Gateway Action None Recommended Action None. Revision Parameters reason localip destip port_base port_end 2.28.11. port_hlm_conversion (ID: 03200302) Default Severity NOTICE Log Message Using High Load Mode for Local IP <localip> Destination IP <destip> pair Explanation Mode for Local IP - Destination IP pair has changed to High Load...
  • Page 306: Log_Messages_Lost_Due_To_Log_Buffer_Exhaust (Id: 03200401)

    2.28.14. log_messages_lost_due_to_log_buffer_exhaust Chapter 2. Log Message Reference (ID: 03200401) Explanation Due to extensive logging, a number of log messages was not sent. Gateway Action None Recommended Action Examine why the unit sent such a large amount of log messages. If this is normal activity, the "LogSendPerSec"...
  • Page 307: Disk_Cannot_Remove_File (Id: 03200601)

    2.28.17. disk_cannot_remove_file (ID: Chapter 2. Log Message Reference 03200601) would cause bi-directional communication failure. Revision Parameters localcfgver remotecfgver timeout 2.28.17. disk_cannot_remove_file (ID: 03200601) Default Severity CRITICAL Log Message Failed to remove <file>, bi-directional communication will now probably be impossible Explanation The unit failed to remove the new, faulty, configuration file.
  • Page 308: Disk_Cannot_Rename (Id: 03200604)

    2.28.20. disk_cannot_rename (ID: Chapter 2. Log Message Reference 03200604) Parameters old_cfg 2.28.20. disk_cannot_rename (ID: 03200604) Default Severity ERROR Log Message Failed to rename <cfg_new> to <cfg_real> Explanation The unit failed to rename the new configuration file to the real configuration file name. Gateway Action None Recommended Action...
  • Page 309: Shutdown (Id: 03201000)

    2.28.24. shutdown (ID: 03201000) Chapter 2. Log Message Reference Default Severity NOTICE Log Message Configuration <localcfgver><remotecfgver> verified for bi-directional communication Explanation The new configuration has been verified for communication back to peer, and will now be used as the active configuration. Gateway Action None Recommended Action...
  • Page 310: Config_Activation (Id: 03201020)

    2.28.27. config_activation (ID: Chapter 2. Log Message Reference 03201020) Log Message Shutdown aborted. Core file <core> missing Explanation The unit was issued a shutdown command, but no core executable file is seen. The shutdown process is aborted. Gateway Action shutdown_gateway_aborted Recommended Action Verify that the disk media is intact.
  • Page 311: Startup_Echo (Id: 03202001)

    2.28.30. startup_echo (ID: 03202001) Chapter 2. Log Message Reference <localcfgver> <remotecfgver>. Previous shutdown: <previous_shutdown> Explanation The Security Gateway is starting up. Gateway Action None Recommended Action None. Revision Parameters corever build uptime cfgfile localcfgver remotecfgver previous_shutdown 2.28.30. startup_echo (ID: 03202001) Default Severity NOTICE Log Message...
  • Page 312: Admin_Login (Id: 03203000)

    2.28.32. admin_login (ID: 03203000) Chapter 2. Log Message Reference Parameters shutdown 2.28.32. admin_login (ID: 03203000) Default Severity NOTICE Log Message Administrative user <username> logged in via <authsystem>. Access level: <access_level> Explanation An adminsitrative user has logged in to the configuration system. Gateway Action None Recommended Action...
  • Page 313: Activate_Changes_Failed (Id: 03204000)

    2.28.35. activate_changes_failed (ID: Chapter 2. Log Message Reference 03204000) Gateway Action disallow_admin_access Recommended Action None. Revision Parameters authsystem username [server_ip] [server_port] [client_ip] [client_port] 2.28.35. activate_changes_failed (ID: 03204000) Default Severity NOTICE Log Message Bidirectional confirmation of the new configuration failed, previous configuration will be used Explanation The unit failed to establish a connection back to peer, using the new...
  • Page 314: Date_Time_Modified (Id: 03205000)

    2.28.38. date_time_modified (ID: Chapter 2. Log Message Reference 03205000) <config_system> <client_ip>. Explanation The new configuration has been rejected. Gateway Action reconfiguration_using_old_config Recommended Action None. Revision Parameters username userdb" client_ip config_system 2.28.38. date_time_modified (ID: 03205000) Default Severity NOTICE Log Message The local Date and Time has been modified by <user>. Time and Date before change: <pre_change_date_time>.
  • Page 315: Admin_Login_Internal_Error (Id: 03206002)

    2.28.41. admin_login_internal_error Chapter 2. Log Message Reference (ID: 03206002) Default Severity WARNING Log Message Administrative user <username> not allowed access via <authsystem> Explanation The user does not have proper administration access to the configuration system. Gateway Action disallow_admin_access Recommended Action None.
  • Page 316: 2.29. Tcp_Flag

    2.29. TCP_FLAG Chapter 2. Log Message Reference 2.29. TCP_FLAG These log messages refer to the TCP_FLAG (Events concerning the TCP header flags) category. 2.29.1. tcp_flags_set (ID: 03300001) Default Severity NOTICE Log Message The TCP <good_flag> and <bad_flag> flags are set. Allowing Explanation The possible combinations for these flags are: SYN URG, SYN PSH, SYN RST, SYN FIN and FIN URG.
  • Page 317: Tcp_Flag_Set (Id: 03300004)

    2.29.4. tcp_flag_set (ID: 03300004) Chapter 2. Log Message Reference Gateway Action ignore Recommended Action None. Revision Parameters bad_flag Context Parameters Rule Name Packet Buffer 2.29.4. tcp_flag_set (ID: 03300004) Default Severity NOTICE Log Message The TCP <bad_flag> flag is set. Stripping Explanation A "bad"...
  • Page 318: Tcp_Flag_Set (Id: 03300009)

    2.29.7. tcp_flag_set (ID: 03300009) Chapter 2. Log Message Reference Recommended Action If any of these combinations should either be ignored or having the bad flag stripped, specify this in configuration, in the "Settings" sub system. Revision Parameters good_flag bad_flag Context Parameters Rule Name Packet Buffer 2.29.7.
  • Page 319: Mismatched_First_Ack_Seqno (Id: 03300012)

    2.29.10. mismatched_first_ack_seqno Chapter 2. Log Message Reference (ID: 03300012) Default Severity WARNING Log Message Mismatched syn "resent" with seq <seqno>, expected <origseqno>. Dropping Explanation Mismatching sequence numbers. Dropping packet. Gateway Action drop Recommended Action None. Revision Parameters seqno origseqno Context Parameters Rule Name Connection Packet Buffer...
  • Page 320: Rst_Out_Of_Bounds (Id: 03300015)

    2.29.12. rst_out_of_bounds (ID: Chapter 2. Log Message Reference 03300015) Context Parameters Rule Name Connection Packet Buffer 2.29.12. rst_out_of_bounds (ID: 03300015) Default Severity WARNING Log Message Originator RST seq <seqno> is not in window <winstart>...<winend>. Dropping Explanation The RST flag sequence number is not within the receiver window. Dropping packet.
  • Page 321: Rst_Without_Ack (Id: 03300018)

    2.29.15. rst_without_ack (ID: Chapter 2. Log Message Reference 03300018) Log Message TCP acknowledgement <ack> is not in the acceptable range <accstart>-<accend>. Dropping Explanation A TCP segment with an unacceptable acknowledgement number was received during state SYN_SENT. The packet will be dropped. Gateway Action drop Recommended Action...
  • Page 322: Tcp_Recv_Windows_Drained (Id: 03300022)

    2.29.17. tcp_recv_windows_drained Chapter 2. Log Message Reference (ID: 03300022) Context Parameters Rule Name Connection Packet Buffer 2.29.17. tcp_recv_windows_drained (ID: 03300022) Default Severity CRITICAL Log Message large receive windows. Maximum windows: <max_windows>. Triggered <num_events> times last 10 seconds. Explanation The TCP stack could not accept incomming data since it has run out of large TCP receive windows.
  • Page 323: Tcp_Seqno_Too_Low_With_Syn (Id: 03300025)

    2.29.20. tcp_seqno_too_low_with_syn Chapter 2. Log Message Reference (ID: 03300025) Gateway Action None Recommended Action None. Revision 2.29.20. tcp_seqno_too_low_with_syn (ID: 03300025) Default Severity DEBUG Log Message TCP sequence number <seqno> is not in the acceptable range <accstart>-<accend>. Dropping Explanation A TCP segment with an unacceptable sequence number was received. The packet will be dropped.
  • Page 324: 2.30. Tcp_Opt

    2.30. TCP_OPT Chapter 2. Log Message Reference 2.30. TCP_OPT These log messages refer to the TCP_OPT (Events concerning the TCP header options) category. 2.30.1. tcp_mss_too_low (ID: 03400001) Default Severity NOTICE Log Message TCP MSS <mss> too low. TCPMSSMin=<minmss> Explanation The TCP MSS is too low. Ignoring. Gateway Action ignore Recommended Action...
  • Page 325: Tcp_Mss_Too_High (Id: 03400004)

    2.30.4. tcp_mss_too_high (ID: Chapter 2. Log Message Reference 03400004) Recommended Action None. Revision Parameters tcpopt maxmss Context Parameters Rule Name Packet Buffer 2.30.4. tcp_mss_too_high (ID: 03400004) Default Severity NOTICE Log Message TCP MSS <mss> too high. TCPMSSMax=<maxmss>. Adjusting Explanation The TCP MSS is too high. Adjusting to use the configured maximum MSS.
  • Page 326: Tcp_Option_Strip (Id: 03400007)

    2.30.7. tcp_option_strip (ID: 03400007) Chapter 2. Log Message Reference Default Severity NOTICE Log Message Packet has a type <tcpopt> TCP option Explanation The packet has a TCP Option of the specified type. Ignoring. Gateway Action ignore Recommended Action None. Revision Parameters tcpopt Context Parameters...
  • Page 327: Bad_Tcpopt_Length (Id: 03400011)

    2.30.10. bad_tcpopt_length (ID: Chapter 2. Log Message Reference 03400012) 2.30.9. bad_tcpopt_length (ID: 03400011) Default Severity WARNING Log Message Type <tcpopt> claims length=<len> bytes, avail=<avail> bytes. Dropping Explanation The TCP Option type does not fit in the option space. Dropping packet. Gateway Action drop Recommended Action...
  • Page 328: Tcp_Mss_Too_High (Id: 03400014)

    2.30.12. tcp_mss_too_high (ID: Chapter 2. Log Message Reference 03400014) Parameters tcpopt minmss Context Parameters Rule Name Packet Buffer 2.30.12. tcp_mss_too_high (ID: 03400014) Default Severity WARNING Log Message TCP MSS <mss> too high. TCPMSSMax=<maxmss>. Dropping Explanation The TCP MSS is too high. Dropping packet. Gateway Action drop Recommended Action...
  • Page 329: Multiple_Tcp_Ws_Options (Id: 03400017)

    2.30.15. multiple_tcp_ws_options (ID: Chapter 2. Log Message Reference 03400017) Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.30.15. multiple_tcp_ws_options (ID: 03400017) Default Severity WARNING Log Message Multiple window scale options present in a single TCP segment Explanation Multiple TCP window scale options present in a single TCP segment. Gateway Action strip Recommended Action...
  • Page 330 2.30.17. mismatching_tcp_window_scale Chapter 2. Log Message Reference (ID: 03400019) Gateway Action adjust Recommended Action None. Revision Parameters effective Context Parameters Connection Packet Buffer...
  • Page 331: 2.31. Timesync

    2.31. TIMESYNC Chapter 2. Log Message Reference 2.31. TIMESYNC These log messages refer to the TIMESYNC (Firewall time synchronization events) category. 2.31.1. synced_clock (ID: 03500001) Default Severity NOTICE Log Message The clock at <oldtime>, was off by <clockdrift> second(s) and synchronized with <timeserver>...
  • Page 332 2.31.3. clockdrift_too_high (ID: Chapter 2. Log Message Reference 03500003) Revision Parameters clockdrift timeserver interval...
  • Page 333: 2.32. Transparency

    2.32. TRANSPARENCY Chapter 2. Log Message Reference 2.32. TRANSPARENCY These log messages refer to the TRANSPARENCY (Events concerning the Transparent Mode feature) category. 2.32.1. impossible_hw_sender_address (ID: 04400410) Default Severity WARNING Log Message Impossible hardware sender address 0000:0000:0000. Dropping. Explanation Some equipment on the network is sending packets with a source MAC address of 0000:0000:0000.
  • Page 334: Enet_Hw_Sender_Broadcast (Id: 04400413)

    2.32.4. enet_hw_sender_broadcast Chapter 2. Log Message Reference (ID: 04400413) Revision Context Parameters Rule Name Packet Buffer 2.32.4. enet_hw_sender_broadcast (ID: 04400413) Default Severity WARNING Log Message Ethernet hardware sender is a broadcast address. Dropping. Explanation The Ethernet hardware sender address is a broadcast address. The packet will be dropped.
  • Page 335: Enet_Hw_Sender_Multicast (Id: 04400416)

    2.32.7. enet_hw_sender_multicast (ID: Chapter 2. Log Message Reference 04400416) Revision Context Parameters Rule Name Packet Buffer 2.32.7. enet_hw_sender_multicast (ID: 04400416) Default Severity WARNING Log Message Ethernet hardware sender is a multicast address. Dropping. Explanation The Ethernet hardware sender address is a multicast address. The packet will be dropped.
  • Page 336: Invalid_Stp_Frame (Id: 04400419)

    2.32.10. invalid_stp_frame (ID: Chapter 2. Log Message Reference 04400419) 2.32.10. invalid_stp_frame (ID: 04400419) Default Severity WARNING Log Message Incomming STP frame from <recvif> dropped. Reason: <reason> Explanation An incomming Spanning-Tree frame has been dropped since it is either malformed or its type is unknown. Supported Spanning-Tree versions are STP, RSTP, MSTP and PVST+.
  • Page 337 2.32.13. invalid_mpls_packet (ID: Chapter 2. Log Message Reference 04400422) Default Severity WARNING Log Message Incomming MPLS packet on <recvif> dropped. Reason: <reason> Explanation An incomming MPLS packet has been dropped since it was malformed. Gateway Action drop Recommended Action If the packet format is invalid, locate the unit which is sending the malformed packet.
  • Page 338: 2.33. Userauth

    2.33. USERAUTH Chapter 2. Log Message Reference 2.33. USERAUTH These log messages refer to the USERAUTH (User authentication (e.g. RADIUS) events) category. 2.33.1. accounting_start (ID: 03700001) Default Severity INFORMATIONAL Log Message Successfully received RADIUS Accounting START response from RADIUS Accounting server Explanation The unit received a valid response to an Accounting-Start event from the Accounting Server.
  • Page 339: Invalid_Accounting_Start_Server_Response (Id: 03700004)

    2.33.4. invalid_accounting_start_server_response Chapter 2. Log Message Reference (ID: 03700004) Recommended Action Verify that the RADIUS Accounting server daemon is running on the Accounting Server. Revision Context Parameters User Authentication 2.33.4. invalid_accounting_start_server_response (ID: 03700004) Default Severity ALERT Log Message Received an invalid RADIUS Accounting START response from RADIUS Accounting server.
  • Page 340: Failed_To_Send_Accounting_Stop (Id: 03700007)

    2.33.7. failed_to_send_accounting_stop Chapter 2. Log Message Reference (ID: 03700007) Accounting-Start event was received from the Accounting Server. Gateway Action logout_user Recommended Action Verify that the RADIUS Accounting server is properly configured. Revision Context Parameters User Authentication 2.33.7. failed_to_send_accounting_stop (ID: 03700007) Default Severity ALERT Log Message...
  • Page 341: No_Accounting_Stop_Server_Response (Id: 03700010)

    2.33.10. no_accounting_stop_server_response Chapter 2. Log Message Reference (ID: 03700010) 03700009) Default Severity WARNING Log Message Received a RADIUS Accounting STOP response with an Identifier mismatch. Ignoring this packet Explanation The unit received a response with an invalid Identifier mismatch. This can be the result of a busy network, causing accounting event re-sends.
  • Page 342: Failure_Init_Radius_Accounting (Id: 03700012)

    2.33.12. failure_init_radius_accounting Chapter 2. Log Message Reference (ID: 03700012) Revision Context Parameters User Authentication 2.33.12. failure_init_radius_accounting (ID: 03700012) Default Severity ALERT Log Message Failed to send Accounting Start to RADIUS Accounting Server. Accounting will be disabled Explanation The unit failed to send an Accounting-Start event to the Accounting Server.
  • Page 343: User_Timeout (Id: 03700020)

    2.33.15. user_timeout (ID: 03700020) Chapter 2. Log Message Reference Recommended Action Verify that a route exists from the unit to the RADIUS Accounting server, and that it is properly configured. Revision Context Parameters User Authentication 2.33.15. user_timeout (ID: 03700020) Default Severity NOTICE Log Message User timeout expired, user is automatically logged out...
  • Page 344: Accounting_Alive (Id: 03700050)

    2.33.18. accounting_alive (ID: Chapter 2. Log Message Reference 03700050) Revision Parameters username 2.33.18. accounting_alive (ID: 03700050) Default Severity NOTICE Log Message Successfully received RADIUS Accounting Interim response from RADIUS Accounting server. Bytes sent=<bytessent>, Bytes recv=<bytesrecv>, Packets sent=<packetssent>, Packets recv=<packetsrecv>, Session time=<sestime> Explanation The unit successfully received a RADIUS Accounting Interim response to an Accounting-Interim request event from the Accounting...
  • Page 345: Invalid_Accounting_Interim_Server_Response (Id: 03700053)

    2.33.21. invalid_accounting_interim_server_response Chapter 2. Log Message Reference (ID: 03700053) Default Severity ALERT Log Message Did not receive a RADIUS Accounting Interim response. User statistics might not have been updated on the Accounting Server Explanation The unit did not receive a response to an Accounting-Interim event from the Accounting Server.
  • Page 346: Relogin_From_New_Srcip (Id: 03700100)

    2.33.23. relogin_from_new_srcip (ID: Chapter 2. Log Message Reference 03700100) Context Parameters User Authentication 2.33.23. relogin_from_new_srcip (ID: 03700100) Default Severity WARNING Log Message User with the same username is logging in from another IP address, logging out current instance Explanation A user with the same username as an already authenticated user is logging in.
  • Page 347: Bad_User_Credentials (Id: 03700104)

    2.33.26. bad_user_credentials (ID: Chapter 2. Log Message Reference 03700104) Context Parameters User Authentication 2.33.26. bad_user_credentials (ID: 03700104) Default Severity NOTICE Log Message Unknown user or invalid password Explanation A user failed to log in. The entered username or password was invalid. Gateway Action None Recommended Action...
  • Page 348: Challenges_Not_Supported (Id: 03700108)

    2.33.30. challenges_not_supported Chapter 2. Log Message Reference (ID: 03700108) Default Severity WARNING Log Message Denied access according to UserAuthRules rule-set Explanation The user is not allowed to authenticate according to the UserAuthRules rule-set. Gateway Action None Recommended Action None. Revision Context Parameters User Authentication 2.33.30.
  • Page 349: Ldap_Session_New_Out_Of_Memory (Id: 03700401)

    2.33.33. ldap_session_new_out_of_memory Chapter 2. Log Message Reference (ID: 03700401) Explanation A user logged out, and is no longer authenticated. Gateway Action None Recommended Action None. Revision Context Parameters User Authentication 2.33.33. ldap_session_new_out_of_memory (ID: 03700401) Default Severity ALERT Log Message Out of memory while trying to allocate new LDAP session Explanation The unit failed to allocate a LDAP session, as it is out of memory.
  • Page 350: Ldap_User_Authentication_Failed (Id: 03700404)

    2.33.36. ldap_user_authentication_failed Chapter 2. Log Message Reference (ID: 03700404) 2.33.36. ldap_user_authentication_failed (ID: 03700404) Default Severity NOTICE Log Message LDAP Authentication failed for <user> Explanation Authentication attempt failed. Gateway Action None Recommended Action None. Revision Parameters user 2.33.37. ldap_context_new_out_of_memory (ID: 03700405) Default Severity ALERT Log Message...
  • Page 351: Invalid_Username_Or_Password (Id: 03700408)

    2.33.40. invalid_username_or_password Chapter 2. Log Message Reference (ID: 03700408) and password. Gateway Action database connection disabled Recommended Action Check configuration. Revision Parameters database 2.33.40. invalid_username_or_password (ID: 03700408) Default Severity ERROR Log Message Invalid provided username or password Explanation Username or password does not contain any information. Gateway Action authentication_failed Recommended Action...
  • Page 352: Disallow_Clientkeyexchange (Id: 03700501)

    2.33.43. disallow_clientkeyexchange Chapter 2. Log Message Reference (ID: 03700501) Parameters client_ip 2.33.43. disallow_clientkeyexchange (ID: 03700501) Default Severity ERROR Log Message SSL Handshake: Disallow ClientKeyExchange. Closing down SSL connection Explanation The SSL connection will be closed because there are not enough resources to process any ClientKeyExchange messages at the moment.
  • Page 353: Bad_Changecipher_Msg (Id: 03700504)

    2.33.46. bad_changecipher_msg (ID: Chapter 2. Log Message Reference 03700504) Parameters client_ip 2.33.46. bad_changecipher_msg (ID: 03700504) Default Severity ERROR Log Message SSL Handshake: Bad ChangeCipher message. Closing down SSL connection Explanation The ChangeCipher message (which is a part of a SSL handshake) is invalid, and the SSL connection is closed.
  • Page 354: Bad_Alert_Msg (Id: 03700507)

    2.33.50. unknown_ssl_error (ID: Chapter 2. Log Message Reference 03700508) 2.33.49. bad_alert_msg (ID: 03700507) Default Severity ERROR Log Message Bad Alert message. Closing down SSL connection Explanation The Alert message (which can be a part of a SSL handshake) is invalid, and the SSL connection is closed. Gateway Action ssl_close Recommended Action...
  • Page 355: Sent_Sslalert (Id: 03700511)

    2.33.53. sent_sslalert (ID: 03700511) Chapter 2. Log Message Reference Default Severity ERROR Log Message Received SSL Alert. Closing down SSL connection Explanation A SSL Alert message was received during an established SSL connection, and the SSL connection will be closed. Gateway Action close Recommended Action...
  • Page 356 2.33.53. sent_sslalert (ID: 03700511) Chapter 2. Log Message Reference...