DL manuals
D-Link
Network Router
DFL-260E
Log Reference Manual

D-Link DFL-260E Log Reference Manual

Other manuals for DFL-260E: User Manual, Manual, Manual, Datasheet, Reference Manual, User Manual, Quick Installation Manual, Reference Manual, Log Reference Manual, Reference Manual, Reference Manual

Manual is about: Network Security Firewall Application Control Signatures NetDefendOS

Page of 652

Download

Print this page

Bookmark us

Network Security Solution

http://www.dlink.com

NetDefendOS

Ver.

11.04.01

Network Security Firewall

Log Reference Guide

Security

1 2 3 4 5 6 7 Next › »

Summary of DFL-260E

Page 1
Network security solution http://www.Dlink.Com netdefendos ver. 11.04.01 network security firewall log reference guide security security.
Page 2: Log Reference Guide
Log reference guide dfl-260e/860e/870/1660/2560/2560g netdefendos version 11.04.01 d-link corporation no. 289, sinhu 3rd rd, neihu district, taipei city 114, taiwan r.O.C. Http://www.Dlink.Com published 2016-10-03 copyright © 2016.
Page 3: Log Reference Guide
Log reference guide dfl-260e/860e/870/1660/2560/2560g netdefendos version 11.04.01 published 2016-10-03 copyright © 2016 copyright notice this publication, including all photographs, illustrations and software, is protected under international copyright laws, with all rights reserved. Neither this m...
Page 4: Table Of Contents
Table of contents preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 1. Introduction . . . . . . . . . . . . . . . . ....
Page 5
2.1.50. Disallowed_user_agent (id: 00200146) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 2.1.51. Http_pipeline_full (id: 00200147) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 2.1.52. Protocol_upgrade_...
Page 6
2.1.110. Failed_to_register_rawconn (id: 00200238) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 2.1.111. Failed_to_merge_conns (id: 00200239) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 2.1.112. Max_ftp_sessions_reached (id: 00200241) ...
Page 7
2.1.171. Options_removed (id: 00200371) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 2.1.172. Failed_strip_option (id: 00200372) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 2.1.173. Failed_create_conne...
Page 8
2.1.232. Failed_to_find_role (id: 00200528) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 2.1.233. Failed_to_update_port (id: 00200529) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 2.1.234. Failed_to_update_contact (i...
Page 9
2.2.8. Link_protection_timeout (id: 05900031) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 2.2.9. Link_protection_wcf_error (id: 05900032) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 2.2.10. Link_protection_no_license (id: 05...
Page 10
2.4.8. Application_content (id: 07200015) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 2.4.9. Application_content_allowed (id: 07200016) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 2.4.10. Application_content_denied (id: 07...
Page 11
2.10.1. Buffers_flooded (id: 00500001) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 2.10.2. Buffers_profile (id: 00500002) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 2.11. Conn...
Page 12
2.13.22. Got_reply_on_a_non_security_equivalent_interface (id: 00800022) 230 2.13.23. Assigned_ip_not_allowed (id: 00800023) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 2.13.24. Illegal_client_ip_assignment (id: 00800024) . . . . . . . . . . . . . . . . . . . . . . . . ...
Page 13
2.16.12. Bad_udp_checksum (id: 07400012) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 2.16.13. Dhcpv6_packet_too_small (id: 07400013) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 2.16.14. Dhcpv6_faulty_length (id: 07400014) . . . ...
Page 14
2.21.3. Gre_bad_version (id: 02200003) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 2.21.4. Gre_checksum_error (id: 02200004) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 2.21.5. Gre_length_error ...
Page 15
2.24.10. Invalid_url_format (id: 01300010) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294 2.24.11. Idp_evasion (id: 01300011) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 2.24.12. Idp_ev...
Page 16
2.29.7. 6in4_invalid_sender_decap (id: 07800007) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 2.30. Ippool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...
Page 17
2.31.42. Failed_to_add_peer (id: 01800312) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 2.31.43. Failed_to_add_rules (id: 01800313) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340 2.31.44. Failed_to_add_rules (id:...
Page 18
2.31.102. Ipsec_sa_created (id: 01800907) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 2.31.103. Ipsec_sa_rekeyed (id: 01800908) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 2.31.104. Ipsec_sa_deleted (...
Page 19
2.31.162. Invalid_key_size (id: 01802217) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377 2.31.163. Invalid_cipher_keysize (id: 01802218) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 2.31.164. Invalid_key_size (id: 01...
Page 20
2.31.223. Monitored_host_reachable (id: 01803600) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396 2.31.224. Monitored_host_unreachable (id: 01803601) . . . . . . . . . . . . . . . . . . . . . . . . . . . 396 2.31.225. Failed_to_attach_radius (id: 01803700) . . . . . . . . . . . . ....
Page 21
2.33.2. Disallowed_ip_ver (id: 01500002) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418 2.33.3. Invalid_ip_length (id: 01500003) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418 2.33.4. Invalid_ip_l...
Page 22
2.35.45. Excessive_padding (id: 01700066) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439 2.35.46. Repeated_option (id: 01700067) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439 2.35.47. More_optcount (id: ...
Page 23
2.37.13. L2tp_session_request (id: 02800015) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461 2.37.14. L2tp_session_up (id: 02800016) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461 2.37.15. Failure_init_radius_...
Page 24
2.40.25. Bad_seq_num (id: 02400104) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482 2.40.26. Non_dup_dd (id: 02400105) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483 2.40.27. As_e...
Page 25
2.41.12. Response_value_too_long (id: 02500150) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501 2.41.13. Username_too_long (id: 02500151) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502 2.41.14. Username_too_long (id: 02500201) . . ...
Page 26
2.46.5. Drop_due_to_buffer_starvation (id: 04800007) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524 2.46.6. Failed_to_send_ack (id: 04800008) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524 2.46.7. Processing_memory_limit_reached (id: 048000...
Page 27
2.50.10. Sesmgr_session_activate (id: 04900010) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546 2.50.11. Sesmgr_session_disabled (id: 04900011) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546 2.50.12. Sesmgr_console_denied_init (id: 04900012) . ....
Page 28
2.54.18. Ssh_force_conn_close (id: 04700105) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567 2.54.19. Scp_failed_not_admin (id: 04704000) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 568 2.55. Sslvpn . . . . . . . . . . . . . . ....
Page 29
2.56.48. Bad_user_credentials (id: 03207010) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589 2.56.49. Bad_user_credentials (id: 03207011) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590 2.56.50. Method_not_allowed (id: 03207...
Page 30
2.61.1. Impossible_hw_sender_address (id: 04400410) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614 2.61.2. Enet_hw_sender_broadcast (id: 04400411) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614 2.61.3. Enet_hw_sender_broadcast (id: 04400412) . . . . . . . . . . ...
Page 31
2.62.48. Bad_clientfinished_msg (id: 03700506) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635 2.62.49. Bad_alert_msg (id: 03700507) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635 2.62.50. Unknown_ssl_error (id: 0...
Page 32: List Of Tables
List of tables 1. Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 32.
Page 33: List Of Examples
List of examples 1. Log message parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 2. Conditional log message parameters . . . . . . . . . . . . . . . . . . . . . . . . . ...
Page 34: Preface
Preface audience the target audience for this reference guide consists of: • administrators that are responsible for configuring and managing a netdefendos installation. • administrators that are responsible for troubleshooting a netdefendos installation. This guide assumes that the reader is famili...
Page 35
Depending on the context of the log message. Abbreviations the following abbreviations are used throughout this reference guide: abbreviation full name alg application layer gateway arp address resolution protocol dhcp dynamic host configuration protocol dns domain name system esp encapsulating secu...
Page 36: Chapter 1: Introduction
Chapter 1: introduction • log message structure, page 36 • context parameters, page 38 • severity levels, page 43 this guide is a reference for all log messages generated by netdefendos. It is designed to be a valuable information source for both management and troubleshooting. 1.1. Log message stru...
Page 37
Message reference. As previously mentioned, the category is identified by the first 3 digits in the message id. All messages in a particular category have the same first 3 digits in their id. Default severity the default severity level for this log message. For a list of severity levels, please see ...
Page 38: 1.2. Context Parameters
1.2. Context parameters in many cases, information regarding a certain object is featured in the log message. This can be information about, for example, a connection. In this case, the log message should, besides all the normal log message attributes, also include information about which protocol i...
Page 39
[fragid] fragmentation id. Valid if the ip packet is fragmented. Ipproto the ip protocol. Ipdatalen the ip data length. [srcport] the source port. Valid if the protocol is tcp or udp. [destport] the destination port. Valid if the protocol is tcp or udp. [tcphdrlen] the tcp header length. Valid if th...
Page 40
[origsent] the number of bytes sent by the originator in this connection. Valid if the connection is closing or closed. [termsent] the number of bytes sent by the terminator in this connection. Valid if the connection is closing or closed. Idp specifies the name and a description of the signature th...
Page 41
Authrule the name of the user authentication rule. Authagent the name of the user authentication agent. Authevent the user authentication event that occurred. Possible values: login, logout, timedout, disallowed_login, accounting and unknown. Username the name of the user that triggered this event. ...
Page 42
Routemetric route metric (cost). Chapter 1: introduction 42.
Page 43: 1.3. Severity Levels
1.3. Severity levels an event has a default severity level, based on how serious the event is. The following eight severity levels are possible, as defined by the syslog protocol: 0 - emergency emergency conditions, which most likely led to the system being unusable. 1 - alert alert conditions, whic...
Page 44
Chapter 1: introduction 44.
Page 45
Chapter 2: log message reference • alg, page 47 • antispam, page 159 • antivirus, page 171 • appcontrol, page 184 • arp, page 189 • authagents, page 196 • avse, page 202 • avupdate, page 203 • blacklist, page 206 • buffers, page 208 • conn, page 209 • dhcp, page 217 • dhcprelay, page 223 • dhcpserve...
Page 46
• idp, page 290 • idppipes, page 299 • idpupdate, page 302 • ifacemon, page 305 • igmp, page 307 • ip6in4, page 317 • ippool, page 320 • ipsec, page 326 • ipv6_nd, page 398 • ip_error, page 418 • ip_flag, page 423 • ip_opt, page 425 • ip_proto, page 445 • l2tp, page 457 • lacp, page 466 • natpool, p...
Page 47: 2.1. Alg
• system, page 573 • tcp_flag, page 592 • tcp_opt, page 600 • threshold, page 607 • timesync, page 611 • transparency, page 614 • userauth, page 619 • vfs, page 640 • zonedefense, page 644 sort order all log messages are sorted by their category and then by their id number. 2.1. Alg these log messag...
Page 48
Recommended action none. Revision 1 context parameters alg module name alg session id 2.1.3. Max_line_length_exceeded (id: 00200003) default severity error log message maximum line length exceeded, got characters. Closing connection explanation the maximum length of an entered line was exceeded, and...
Page 49
Gateway action close recommended action research the source of this and try to find out why the client is sending an invalid header. Revision 1 parameters algname context parameters alg module name alg session id 2.1.6. Invalid_url_format (id: 00200101) default severity error log message httpalg: fa...
Page 50
2.1.8. Allow_unknown_protocol (id: 00200103) default severity notice log message allowing unknown protocol. Alg name: . Explanation invalid protocol data received from the server. The connection will be allowed to pass through without inspection according to the configuration. Gateway action allow r...
Page 51
Gateway action closing_connecion recommended action research the source of this, and try to find out why the server is sending such large amounts of suspicious data. Revision 1 parameters algname context parameters alg module name alg session id 2.1.11. Invalid_chunked_encoding (id: 00200107) defaul...
Page 52
2.1.13. Compressed_data_received (id: 00200109) default severity error log message httpalg: compressed data was received from the server, although uncompressed was requested. Closing connection. Alg name: . Explanation the unit requested that no compressed data should be used, but the server ignored...
Page 53
Gateway action close recommended action decrease the maximum allowed httpalg sessions, or try to free some of the ram used. Revision 2 context parameters alg module name 2.1.16. Failure_connect_http_server (id: 00200112) default severity error log message httpalg: failed to connect to the http serve...
Page 54
Default severity error log message httpalg: wcf override cache full explanation the wcf override hash is full. The oldest least used value will be replaced. Gateway action replace recommended action none. Revision 1 context parameters alg module name 2.1.19. No_valid_license (id: 00200115) default s...
Page 55
2.1.21. Blocked_filetype (id: 00200117) default severity notice log message httpalg: requested file: is blocked as this file is identified as type , which is in block list. Explanation the file is present in the block list. It will be blocked as per configuration. Gateway action block recommended ac...
Page 56
2.1.24. Wcf_srv_connection_error (id: 00200120) default severity error log message httpalg: http request not validated by web content filter and allowed. Explanation the web content filtering servers could not be contacted. The request has been allowed since fail-mode parameter is in allow mode. Gat...
Page 57
Revision 1 parameters server context parameters alg module name 2.1.27. Wcf_server_connected (id: 00200123) default severity informational log message httpalg: web content server connected explanation the connection with the web content server has been established. Gateway action none recommended ac...
Page 58
Revision 2 parameters categories audit override url algname context parameters connection connection alg module name alg session id 2.1.30. Request_url (id: 00200126) default severity notice log message httpalg: requesting url . Categories: . Audit: . Override: . Alg name: . Explanation the url has ...
Page 59
2.1.32. Wcf_server_bad_reply (id: 00200128) default severity error log message httpalg: failed to parse wcf server response explanation the wcf service could not parse the server response. The wcf transmission queue is reset and a new server connection will be established. Gateway action restarting ...
Page 60
Gateway action none recommended action try to free up some ram by changing configuration parameters. Revision 1 context parameters alg module name 2.1.35. Wcf_bad_sync (id: 00200131) default severity error log message httpalg: wcf request out of sync explanation the wcf response received from the se...
Page 61
Default severity warning log message httpalg: reclassification request for url . New category . Alg name: . Explanation the user has requested a category reclassification for the url. Gateway action allow recommended action disable the allow_reclassification mode of parameter categories for this alg...
Page 62
Parameters categories audit override url user algname context parameters connection connection alg module name alg session id 2.1.40. Request_url (id: 00200136) default severity notice log message httpalg: requesting url . Categories: . User: . Audit: . Override: . Alg name: . Explanation the url ha...
Page 63
Parameters categories audit override url user algname context parameters connection connection alg module name alg session id 2.1.42. Restricted_site_notice (id: 00200138) default severity warning log message httpalg: user requests the forbidden url , even though restricted site notice was applied. ...
Page 64
Url user algname context parameters connection connection alg module name alg session id 2.1.44. Wcf_mem_optimized (id: 00200140) default severity debug log message httpalg: optimizing wcf memory usage explanation the web content filtering subsystem has optimized its memory usage and freed up some m...
Page 65
Recommended action none. Revision 1 parameters cache_size cache_repl_per_sec trans_per_sec queue_len in_transit rtt queue_delta_per_sec server srv_prec context parameters alg module name 2.1.47. Wcf_server_timeout (id: 00200143) default severity error log message httpalg: wcf request timeout explana...
Page 66
2.1.49. Intercept_page_failed (id: 00200145) default severity debug log message httpalg: failed to send interception page to client explanation the httpalg failed to send an interception page to the client. Gateway action close recommended action none. Revision 1 parameters pagetype send algname con...
Page 67
Of resources. The connection is closed. Gateway action close recommended action investigate which client and software that sends this many pipelinied requests and see if they can be reconfigured. Revision 1 parameters count algname context parameters connection connection alg module name alg session...
Page 68
Context parameters connection alg module name alg session id 2.1.54. Max_smtp_sessions_reached (id: 00200150) default severity warning log message smtpalg: maximum number of smtp sessions () for service reached. Closing connection explanation the maximum number of concurrent smtp sessions has been r...
Page 69
Gateway action close recommended action decrease the maximum allowed smtpalg sessions, or try to free some of the ram used. Revision 2 context parameters alg module name 2.1.57. Failed_connect_smtp_server (id: 00200153) default severity error log message smtpalg: failed to connect to the smtp server...
Page 70
Gateway action spam tag recommended action disable the verify e-mail sender id setting if you experience that valid e-mails are being wrongly tagged. Revision 3 parameters sender_email_address recipient_email_addresses data_sender_address context parameters alg module name alg session id 2.1.60. Sen...
Page 71: 00200160)
2.1.62. Recipient_email_id_in_blacklist (id: 00200159) default severity warning log message smtpalg: recipient e-mail address is in black list explanation since "rcpt to:" e-mail address is in black list, smtp alg rejected the client request. Gateway action reject recommended action none. Revision 1...
Page 72
Recommended action research how the sender is encoding the data. Revision 2 parameters filename filetype sender_email_address recipient_email_addresses context parameters alg module name alg session id 2.1.65. Base64_decode_failed (id: 00200165) default severity error log message smtpalg: base 64 de...
Page 73: 00200171)
Context parameters alg module name alg session id 2.1.67. Content_type_mismatch (id: 00200167) default severity warning log message smtpalg: content type mismatch in file . Identified filetype explanation the filetype of the file does not match the actual content type. As there is a content type mis...
Page 74
Log message smtpalg: content type mismatch found for the file . It is identified as type file explanation received type of data in the packet and its actual type do not match. As there is a mismatch and mime type check is disabled, the data will be allowed. Gateway action allow recommended action co...
Page 75
Alg session id 2.1.72. Invalid_end_of_mail (id: 00200176) default severity warning log message smtpalg: invalid end of mail "\.\" received. Explanation the client is sending invalid end of mail. Transaction will be terminated. Gateway action block recommended action research how the client is se...
Page 76
Revision 2 context parameters alg module name alg session id 2.1.75. Failed_send_reply_code (id: 00200181) default severity error log message smtpalg: could not send error code to client explanation the smtp alg failed to send an error response code to the client. Gateway action none recommended act...
Page 77: (Id: 00200195)
Parameters capa context parameters alg module name alg session id 2.1.78. Cmd_pipelined (id: 00200186) default severity error log message smtpalg: received pipelined request. Explanation the smtp alg does not support pipelined requests. The appearance of this log message indicates that the client us...
Page 78
Whitelist, this mark is removed. Gateway action none recommended action none. Revision 1 parameters sender_email_address context parameters alg module name alg session id 2.1.81. Illegal_data_direction (id: 00200202) default severity error log message ftpalg: tcp data from not allowed in this direct...
Page 79
2.1.83. Hybrid_data (id: 00200209) default severity informational log message ftpalg: hybrid data channel closed explanation a hybrid data channel was closed. Gateway action none recommended action none. Revision 1 context parameters alg module name alg session id rule information connection 2.1.84....
Page 80
Gateway action close recommended action if unknown commands should be allowed, modify the ftpalg configuration. Revision 1 parameters peer context parameters alg module name alg session id connection 2.1.86. Illegal_command (id: 00200212) default severity warning log message ftpalg: failed to parse ...
Page 81
Context parameters alg module name alg session id connection 2.1.88. Port_command_disabled (id: 00200214) default severity warning log message ftpalg: port command not allowed from . Rejecting command explanation the client tried to issue a "port" command, which is not valid since the client is not ...
Page 82
Default severity critical log message ftpalg: illegal port command from , bad ip address . String=. Rejecting command explanation an illegal "port" command was received from the client. It requests that the server should connect to another ip that it's own. This is not allowed, and the command will ...
Page 83
To client. This could possibly be a result of lack of memory. Gateway action none recommended action none. Revision 1 parameters peer connection string context parameters alg module name alg session id connection 2.1.93. Illegal_command (id: 00200219) default severity warning log message ftpalg: sit...
Page 84
Context parameters alg module name alg session id connection 2.1.95. Illegal_direction2 (id: 00200221) default severity warning log message ftpalg: illegal direction for command(2), peer=. Closing connection. Explanation a command was sent in an invalid direction, and the connection will be closed. ...
Page 85
Rejecting command. Explanation a disallowed opts argument was received, and the command will be rejected. Gateway action rejecting_command recommended action none. Revision 1 parameters peer string context parameters alg module name alg session id connection 2.1.98. Unknown_option (id: 00200224) def...
Page 86
Parameters peer string context parameters alg module name alg session id connection 2.1.100. Unknown_command (id: 00200226) default severity warning log message ftpalg: unknown command from . String=. Rejecting command. Explanation an unknown command was received, and the command will be rejected. G...
Page 87
2.1.102. Illegal_reply (id: 00200230) default severity warning log message ftpalg: illegal multiline response () from . String=. Closing connection. Explanation an illegal multiline response was received from server, and the connection will be closed. Gateway action close recommended action none. Re...
Page 88
Explanation an illegal response was received from the server, and the connection is closed. Gateway action close recommended action none. Revision 1 parameters peer string context parameters alg module name alg session id connection 2.1.105. Bad_port (id: 00200233) default severity critical log mess...
Page 89: 00200236)
Revision 1 parameters peer ip4addr ip4addr_server string context parameters alg module name alg session id connection 2.1.107. Failed_to_create_connection2 (id: 00200235) default severity error log message ftpalg: failed to create connection(2) peer= connection=. String=. Explanation an error occure...
Page 90
Connection 2.1.109. Failed_to_send_port (id: 00200237) default severity warning log message ftpalg: failed to send port. Peer= explanation an error occured when trying to send the "port" command to the server. Gateway action none recommended action none. Revision 1 parameters peer context parameters...
Page 91
Revision 1 context parameters alg module name 2.1.112. Max_ftp_sessions_reached (id: 00200241) default severity warning log message ftpalg: maximum number of ftp sessions () for service reached. Closing connection explanation the maximum number of concurrent ftp sessions has been reached for this se...
Page 92
Recommended action verify that there is a listening ftp server on the specified address. Revision 1 context parameters alg module name alg session id 2.1.115. Content_type_mismatch (id: 00200250) default severity notice log message ftpalg: content type mismatch in file . Identified filetype explanat...
Page 93
Fail for compressed files. Gateway action data_blocked_control_and_data_channel_closed recommended action change fail mode setting to allow, if resumed file transfers of compressed files should be allowed. Revision 2 parameters filename filetype context parameters alg module name alg session id 2.1....
Page 94
Context parameters alg module name alg session id 2.1.120. Failed_to_send_response_code (id: 00200255) default severity notice log message ftpalg:failed to send the response code. Explanation the ftp alg could not send the correct response code to the client. Gateway action none recommended action n...
Page 95
Revision 1 parameters algname context parameters alg module name alg session id connection 2.1.123. Http_not_allowed (id: 00200271) default severity error log message http protocol is not allowed. Explanation allowed protocols in alg don't include http. Gateway action block recommended action none. ...
Page 96
Log message httpalg: https (c) failed to parse clienthello datagram (). Explanation failed to parse clienthello datagram. Gateway action none recommended action none. Revision 1 parameters cause algname context parameters alg module name alg session id connection 2.1.126. Invalid_clienthello (id: 00...
Page 97
Connection 2.1.128. Invalid_clienthello_server_name (id: 00200276) default severity error log message httpalg: https (s) failed to parse 'server_name' from clienthello sni extension. Explanation failed to parse 'server_name' from clienthello sni extension. Gateway action none recommended action none...
Page 98
Recommended action none. Revision 1 parameters cause algname context parameters alg module name alg session id connection 2.1.131. Invalid_certificate (id: 00200279) default severity error log message httpalg: https (s) failed to parse certificate datagram. Explanation failed to parse certificate da...
Page 99
Default severity warning log message h323alg: h.225 parser is in unknown state explanation the h.225 parser failed to parse the h.225 message. The alg session will be closed. Gateway action none recommended action none. Revision 1 parameters peer state context parameters alg module name alg session ...
Page 100
Revision 1 parameters peer message_type context parameters alg module name alg session id connection 2.1.136. Encode_failed (id: 00200303) default severity warning log message h323alg: encoding of message from peer failed. Closing session explanation the asn.1 encoder failed to encode the message. T...
Page 101
Default severity warning log message h323alg: failed after encoding message from peer. Closing session explanation the asn.1 encoder failed to encode the message properly. The alg session will be closed. Gateway action close recommended action none. Revision 1 parameters peer message_type context pa...
Page 102
Parameters peer context parameters alg module name alg session id connection 2.1.141. Max_tcp_data_connections_exceeded (id: 00200308) default severity warning log message h323alg: maximum number of tcp data channels exceeded explanation the maximum number of concurrent tcp data channels has been re...
Page 103: 00200311)
Log message h323alg: ignoring mediachannel info in openlogicalchannel explanation media channel information in the openlogicalchannel message is not handled. Gateway action none recommended action none. Revision 1 parameters peer context parameters alg module name alg session id connection 2.1.144. ...
Page 104
Parameters max_sessions context parameters alg module name 2.1.146. Failed_create_new_session (id: 00200313) default severity warning log message h323alg: failed to create new h.323 session (out of memory) explanation could not create a new h.323 session due to lack of memory. No more sessions can b...
Page 105: 00200317)
Recommended action none. Revision 1 context parameters alg module name 2.1.149. Failure_connect_h323_server (id: 00200316) default severity error log message h323alg: failed to connect to the h.323 server. Closing connection explanation the unit failed to connect to the h.323 server, resulting in th...
Page 106
Explanation an invalid tftp packet was received. Refusing connection. Gateway action reject recommended action none. Revision 1 parameters packet_length context parameters alg module name connection 2.1.152. Packet_failed_traversal_test (id: 00200351) default severity warning log message tftpalg: fi...
Page 107
2.1.154. Option_value_invalid (id: 00200354) default severity warning log message tftpalg: option contained invalid value explanation option contained invalid value.Closing connection. Gateway action reject recommended action none. Revision 1 parameters option value context parameters alg module nam...
Page 108
Revision 1 parameters value maxvalue context parameters alg module name alg session id connection 2.1.157. Unknown_option_blocked (id: 00200357) default severity warning log message tftpalg: request contained unknown option explanation request contained unknown option.Closing connection. Gateway act...
Page 109
Default severity warning log message tftpalg: request contained unknown option explanation request contained unknown option.Closing connection. Gateway action close recommended action if connection should be allowed modify the tftp alg configuration . Revision 1 parameters option context parameters ...
Page 110
Context parameters alg module name alg session id connection 2.1.162. Option_value_invalid (id: 00200362) default severity warning log message tftpalg: option contained no readable value explanation option contained no readable value.Closing connection. Gateway action close recommended action none. ...
Page 111
Reached for this service. No more sessions can be opened before old sessions have been released. Gateway action close recommended action if the maximum number of tftp sessions is too low, increase it. Revision 1 parameters max_sessions context parameters alg module name 2.1.165. Failed_create_new_se...
Page 112
Default severity error log message tftpalg: failed to create listening connection,internal error(). Closing session explanation the unit failed to create listening connection, resulting in that the alg session could not be successfully opened. Gateway action close recommended action none. Revision 1...
Page 113
Parameters opcode packet_length context parameters alg module name alg session id connection 2.1.170. Transfer_size_exceeded (id: 00200370) default severity warning log message tftpalg: received bytes exceeding allowed max value explanation transferred bytes exceeding allowed value.Closing connectio...
Page 114
Explanation an attempt to send request packet without options failed because of an internal error. Gateway action close recommended action none. Revision 1 context parameters alg module name 2.1.173. Failed_create_connection (id: 00200373) default severity error log message tftpalg: failed to create...
Page 115
Default severity warning log message pop3alg: maximum number of pop3 sessions () for service reached. Closing connection explanation the maximum number of concurrent pop3 sessions has been reached for this service. No more sessions can be opened before old sessions have been released. Gateway action...
Page 116
2.1.178. Out_of_memory (id: 00200383) default severity error log message pop3alg: failed to allocate memory (out of memory) explanation an attempt to allocate memory failed. Gateway action close recommended action try to free up unwanted memory. Revision 1 context parameters alg module name alg sess...
Page 117
Parameters command" response context parameters alg module name alg session id 2.1.181. Base64_decode_failed (id: 00200386) default severity error log message pop3alg: base 64 decode failed. Attachment blocked explanation the data sent to base64 decoding failed. This can occur if the email sender se...
Page 118
Explanation the client is sending command with invalid command length. The command will be blocked. Gateway action block recommended action none. Revision 1 parameters len linebegin" context parameters alg module name alg session id 2.1.184. Response_blocked_invalid_len (id: 00200389) default severi...
Page 119: 00200391)
2.1.186. Content_type_mismatch_mimecheck_disabled (id: 00200391) default severity notice log message pop3alg: content type mismatch found for the file . It is identified as type file explanation received type of data in the packet and its actual type do not match. As there is a mismatch and mime typ...
Page 120
Gateway action block recommended action if the command are to be allowed change the alg configuration.Note: the stls command is allways blocked!. Revision 1 parameters command context parameters alg module name alg session id 2.1.189. Unknown_command_blocked (id: 00200394) default severity warning l...
Page 121
Default severity warning log message pop3alg: mail contains invalid line endings. Explanation mail contains invalid line endings. Gateway action block recommended action research why mail contains invalid line endings. Revision 1 context parameters alg module name alg session id 2.1.192. Top_mail_en...
Page 122
Context parameters alg module name 2.1.194. Failed_create_new_session (id: 00200451) default severity warning log message tlsalg: failed to create new tlsalg session (out of memory) explanation an attempt to create a new tlsalg session failed, because the unit is out of memory. Gateway action close ...
Page 123
Parameters alert level algname context parameters alg module name alg session id 2.1.197. Tls_renegotiation_attempted (id: 00200454) default severity warning log message tlsalg: tls renegotiation attempted but not supported. Explanation the tls peer initiated a renegotiation. Renegotiation is howeve...
Page 124
Log message tlsalg: the negotiated cipher suite can not be used with the configured certificate. Explanation the negotiated cipher suite, which is an exportable cipher suite, does not permit using the certificate's key to perform the key exchange. The certificate can not be sent and the tls alg sess...
Page 125
Revision 1 parameters algname context parameters alg module name alg session id 2.1.202. Tls_invalid_message (id: 00200459) default severity error log message tlsalg: invalid tls message received. Explanation a badly formatted tls message has been received. The tls alg session will be closed. Gatewa...
Page 126
Explanation a connecting tls peer does not share any cipher suites with the unit. The tls alg session will be closed. Gateway action close recommended action make sure that the client and the unit share atleast one cipher suite. Revision 1 parameters algname context parameters alg module name alg se...
Page 127
2.1.207. Unknown_tls_error (id: 00200464) default severity error log message tlsalg: unknown tls error. Explanation an unknown tls error has occured. The tls alg session will be closed. Gateway action close recommended action none. Revision 1 parameters algname context parameters alg module name alg...
Page 128
Gateway action drop recommended action examine why client or server is sending a malformed sdp message. Revision 2 parameters reason from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.210. Sip_message_parsing_failed (id: 00200503) default severity error log message ...
Page 129
Parameters reason from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.212. Max_sessions_per_uri_reached (id: 00200505) default severity warning log message sipalg: maximum number of sessions per sip uri has been reached explanation the configured maximum number of co...
Page 130
Destip destport context parameters alg module name 2.1.214. Sip_signal_timeout (id: 00200507) default severity warning log message sipalg: sip signal timeout explanation sip signal timeout for session [method]. The session will be deleted. Gateway action close recommended action if the configured si...
Page 131
2.1.216. Registration_time_modified (id: 00200509) default severity notice log message sipalg: expire value modified in registration request explanation the sip-alg modified the requested registration time since it exceeds the configured maximum registration time value [cfg_registration_time]. Gatew...
Page 132: 00200512)
Log message sipalg: failed unregistration explanation the user failed to unregister. Reason: [reason]. Gateway action drop recommended action none. Revision 2 parameters reason from_uri to_uri srcip srcport destip destport context parameters alg module name alg session id 2.1.219. Unsuccessful_searc...
Page 133
Recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.221. Failed_to_create_session (id: 00200514) default severity error log message sipalg: failed to create sipalg session explanation a new sip-alg session for [me...
Page 134
Srcport destip destport context parameters alg module name 2.1.223. Sipalg_session_deleted (id: 00200516) default severity informational log message sipalg: sip-alg session deleted explanation sip-alg session deleted for [method] request. Gateway action close recommended action none. Revision 2 para...
Page 135
Default severity notice log message sipalg: transaction created explanation sip-alg transaction created for [method] request. Gateway action allow recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.226. Failed_to...
Page 136
Recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.228. Sipalg_transaction_deleted (id: 00200523) default severity notice log message sipalg: sipalg transaction deleted explanation the transaction for [method] re...
Page 137
To_uri srcip srcport destip destport context parameters alg module name 2.1.230. No_route_found (id: 00200526) default severity error log message sipalg: failed to find route for given host explanation no route information found for the given host. Reason: [reason]. Gateway action drop recommended a...
Page 138
2.1.232. Failed_to_find_role (id: 00200528) default severity error log message sipalg: failed to find role explanation sipalg: failed to find role for [method] request. Gateway action drop recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context par...
Page 139
Explanation failed to update contact into session for [method] request. Gateway action drop recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.235. Failed_to_modify_sdp_message (id: 00200531) default severity err...
Page 140
From_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.237. Failed_to_modify_from (id: 00200533) default severity error log message sipalg: failed to modify from tag in message explanation failed to modify the from tag in message for [method] request. Gateway action dro...
Page 141
2.1.239. Failed_to_modify_request (id: 00200535) default severity error log message sipalg: failed to modify the request explanation failed to modify the topology info in the [method] request. Gateway action drop recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport des...
Page 142
Explanation general error while processing message. Reason: [reason]. Gateway action drop recommended action none. Revision 2 parameters reason from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.242. Third_party_call_control (id: 00200538) default severity warning l...
Page 143
Parameters message 2.1.244. Null_sip_message_received (id: 00200540) default severity error log message sipalg: sip packet reception error. Reason: explanation packet without data received. Gateway action drop recommended action research how sipalg received null sip packet. Revision 1 parameters rea...
Page 144
Contact context parameters alg module name 2.1.247. Dns_resolution_failed (id: 00200545) default severity critical log message failed to do dns resolve explanation an attempt to resolve dns failed. Reason: [reason]. Gateway action drop recommended action check if the dns servers are configured. Revi...
Page 145
Gateway action drop recommended action none. Revision 1 context parameters alg module name 2.1.250. Failed_to_parse_media (id: 00200549) default severity error log message sipalg: failed to parse media explanation failed to parse media for the request [method]. Gateway action drop recommended action...
Page 146
Context parameters alg module name 2.1.252. Max_tsxn_per_session_reached (id: 00200551) default severity warning log message sipalg: maximum number of sessions per service has been reached explanation the configured maximum number of transaction [max_tsxn_per_session] per sip session has been reache...
Page 147
Default severity error log message sipalg: invalid session state change explanation invalid session state found [session_invalid_state]. Gateway action close recommended action none. Revision 2 parameters session_invalid_state from_uri to_uri srcip srcport destip destport context parameters alg modu...
Page 148
Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.257. Failed_to_find_callleg (id: 00200556) default severity warning log message sipalg: failed to find callleg explanation failed to find callleg for [method] request. Gateway action dro...
Page 149
Destport context parameters alg module name 2.1.259. Sipalg_callleg_deleted (id: 00200558) default severity notice log message sipalg: sipalg callleg deleted explanation the callleg for [method] request is deleted. Gateway action close recommended action none. Revision 2 parameters method from_uri t...
Page 150
Default severity debug log message sipalg: sip-alg callleg state updated explanation the sip-alg callleg state updated to [callleg_state] state. Gateway action allow recommended action none. Revision 2 parameters callleg_state from_uri to_uri srcip srcport destip destport context parameters alg modu...
Page 151
Reached for this service. No more sessions can be opened before old sessions have been released. Gateway action close recommended action if the maximum number of pptp sessions is too low, increase it. Revision 1 parameters max_sessions context parameters alg module name 2.1.264. Failed_create_new_se...
Page 152
Log message pptpalg: pptp tunnel established from client explanation a pptp tunnel has been established between pptp client and firewall. Gateway action none recommended action none. Revision 1 context parameters alg session id alg module name 2.1.267. Pptp_tunnel_removed_client (id: 00200605) defau...
Page 153
Log message pptpalg: pptp session established explanation a pptp session has been established. Gateway action none recommended action none. Revision 1 context parameters alg session id alg module name 2.1.270. Pptp_session_removed (id: 00200608) default severity notice log message pptpalg: pptp sess...
Page 154
Firewall. Gateway action none recommended action none. Revision 1 context parameters alg session id alg module name 2.1.273. Max_imap_sessions_reached (id: 00200650) default severity warning log message imapalg: maximum number of imap sessions () for service reached. Closing connection explanation t...
Page 155
Log message imapalg: failed to connect to the imap server. Closing the connection. Explanation the unit failed to connect to the remote imap server, resulting in that the alg session could not be successfully opened. Gateway action close recommended action verify that there is a listening imap serve...
Page 156
2.1.278. Base64_decode_failed (id: 00200658) default severity error log message imapalg: base 64 decode failed. Attachment blocked explanation the data sent to base64 decoding failed. This can occur if the email sender sends incorrectly formatted data. The attachment has been blocked. Gateway action...
Page 157
Recommended action if the command are to be allowed change the alg configuration. Revision 1 parameters command" context parameters alg module name alg session id 2.1.281. Command_invalid (id: 00200661) default severity warning log message imap_alg: command invalid. Explanation the client is sending...
Page 158
Filetype explanation the filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded. Gateway action block_data recommended action none. Revision 1 parameters filename filetype sender_email_address context parameters alg module name 2.1.284. Pl...
Page 159: 2.2. Antispam
2.2. Antispam these log messages refer to the antispam (anti-spam related events) category. 2.2.1. Spam_found (id: 05900001) default severity notice log message email was classified as spam. Explanation an email was classified as spam, but no action was taken. Gateway action none recommended action ...
Page 160
2.2.3. Spam_found (id: 05900003) default severity informational log message email was classified as spam and was rejected. Explanation an email was classified as spam and was rejected. Gateway action reject recommended action none. Revision 1 parameters sourceip from to profile methods link_categori...
Page 161
Explanation domain verification failed because the dns query timed out. Gateway action none recommended action verify that dns is configured correctly. Revision 1 parameters sourceip from to profile context parameters connection alg module name alg session id 2.2.6. Domain_verification_error (id: 05...
Page 162
To profile context parameters connection alg module name alg session id 2.2.8. Link_protection_timeout (id: 05900031) default severity error log message link protection query timed out. Explanation a link could not be classified because the wcf servers did not respond. Gateway action none recommende...
Page 163
2.2.10. Link_protection_no_license (id: 05900033) default severity error log message link protection has been disabled due to license restrictions. Explanation a valid web content filtering license is required to use link protection. Gateway action none recommended action extend valid time for web c...
Page 164
Explanation dnsbl check failed because the dns query timed out. Gateway action none recommended action verify that dns is configured correctly. Revision 1 parameters sourceip from to profile dnsbl context parameters connection alg module name alg session id 2.2.13. Dnsbl_error (id: 05900042) default...
Page 165
Revision 1 parameters sourceip from to profile context parameters connection alg module name alg session id 2.2.15. Dcc_timeout (id: 05900051) default severity error log message dcc query timed out. Explanation dcc check failed because no response was received from the dcc servers. Gateway action no...
Page 166: 05900196)
Alg session id 2.2.17. Dcc_no_license (id: 05900053) default severity error log message dcc has been disabled due to license restrictions. Explanation dcc has been disabled due to license restrictions. Gateway action none recommended action extend valid time for dcc. Revision 1 parameters sourceip f...
Page 167
Explanation could not allocate memory. Gateway action none recommended action check memory. Revision 1 parameters type 2.2.20. Dnsbl_ipcache_add (id: 05900810) default severity notice log message ip added to ip cache for explanation an ip address was added to the ip cache. Gateway action none recomm...
Page 168
Gateway action none recommended action none. Revision 1 parameters type algname ipaddr 2.2.23. Dnsbl_session_error (id: 05900813) default severity error log message error creating session for ip for explanation error creating new session. Gateway action dnsbl will not process mail recommended action...
Page 169
Gateway action none recommended action check configuration of dnsbl. Revision 1 parameters type algname 2.2.26. Dnsbl_active (id: 05900816) default severity notice log message dnsbl for has been activated explanation the dnsbl has changed status from disabled to active as contact with blacklists hav...
Page 170
Explanation blacklist was disable as it failed to respond to the query. Gateway action none recommended action check configuration if keeps begin disabled. Revision 1 parameters type algname blacklist 2.2.29. Dnsbl_txtrecord_truncated (id: 05900819) default severity warning log message txt records d...
Page 171: 2.3. Antivirus
2.3. Antivirus these log messages refer to the antivirus (anti-virus related events) category. 2.3.1. Virus_found (id: 05800001) default severity warning log message virus found in file . Virus name: . Signature: . Advisory id: . Explanation a virus has been detected in a data stream. Since anti-vir...
Page 172
Alg session id connection 2.3.3. Excluded_file (id: 05800003) default severity notice log message file is excluded from scanning. Identified filetype: . Explanation the named file will be excluded from anti-virus scanning. The filetype is present in the anti-virus scan exclusion list. Gateway action...
Page 173
Default severity error log message decompression error for file explanation the file could not be scanned by the anti-virus module since the decompression of the compressed file failed. Since anti-virus is running in audit mode, the data transfer will be allowed to continue. Gateway action allow_dat...
Page 174
Explanation anti-virus has scanned a compressed file with a compression ratio higher than the specified value. Action is set to continue scan. Gateway action abort_scan recommended action files with too high compression ratio can consume large amount of resources. This can be a dos attack. Revision ...
Page 175
Recommended action try to free some memory by changing configuration parameters. Revision 1 parameters filename filetype [layer7_srcinfo] [layer7_dstinfo] context parameters alg module name alg session id connection 2.3.10. Out_of_memory (id: 05800010) default severity error log message out of memor...
Page 176
[layer7_dstinfo] context parameters alg module name alg session id connection 2.3.12. Virus_scan_failure (id: 05800012) default severity error log message anti-virus scan engine failed for the file: explanation an error occured in the anti-virus scan engine. Since anti-virus is running in audit mode...
Page 177
Databases missing. Gateway action av_scanning_denied recommended action connect your gateway to the internet and download the anti-virus databases or configure automatic updates of anti-virus. Revision 3 context parameters alg session id 2.3.15. General_engine_error (id: 05800017) default severity c...
Page 178
Protect the receiver. Gateway action block_data recommended action none. Revision 1 parameters url advisoryid [layer7_srcinfo] [layer7_dstinfo] context parameters alg module name alg session id connection 2.3.18. Virus_url_detected (id: 05800021) default severity warning log message virus infected u...
Page 179
Revision 1 parameters filename [layer7_srcinfo] [layer7_dstinfo] context parameters alg module name alg session id connection 2.3.20. Decompression_failed_encrypted_file (id: 05800025) default severity warning log message decompression failed for file . The file is encrypted. Explanation the file co...
Page 180
Default severity warning log message the file has too many archive levels. Maximum allowed is . Explanation the file archive exceeds the maximum allowed depth. Since fail mode is set to deny the data transfer will be aborted in order to protect the receiver. Gateway action block_data recommended act...
Page 181
Log message smtpalg: content transfer encoding is unknown or not present explanation antivirus module cannot scan the attachment since the transfer encoding is missing or unknown. Fail mode is deny so data is blocked. Gateway action block_data recommended action none. Revision 1 parameters filename ...
Page 182
Recommended action none. Revision 1 parameters filename unknown_content_transfer_encoding sender_email_address context parameters alg module name alg session id 2.3.27. Unknown_encoding (id: 05800185) default severity warning log message pop3alg: content transfer encoding is unknown or not present. ...
Page 183
2.3.29. Unknown_encoding (id: 05800655) default severity warning log message imapalg: content transfer encoding is unknown or not present. Explanation antivirus module cannot scan the attachment since the transfer encoding is missing or unknown. Fail mode is allow so data is allowed without scanning...
Page 184: 2.4. Appcontrol
2.4. Appcontrol these log messages refer to the appcontrol (application control events) category. 2.4.1. Application_identified (id: 07200001) default severity informational log message application identified. Application: . Explanation an application protocol has been recognized by the application ...
Page 185
Explanation the end of an application protocol has been recognized by the application control function. Gateway action none recommended action none. Revision 2 parameters application origsent termsent ssl_inspected context parameters connection 2.4.4. No_valid_license (id: 07200004) default severity...
Page 186
Explanation application control has been disabled due fatal subsystem failure. The device will restart itself to try to restore application control functionality. Gateway action restart recommended action it is also possible to configure the device continue with application control disabled through ...
Page 187
Log message application content allowed. Application: attribute: value: explanation the identified application attribute and its value is allowed by the application content control policy. Gateway action none recommended action modify the application content control policy if this traffic should be ...
Page 188
2.4.12. Application_content_limit_reached (id: 07200019) default severity error log message maximum number of concurrent non-classified (in progress) application control connections (50.000) reached. Explanation there is a maximum of 50.000 application content control attributes to store until conne...
Page 189: 2.5. Arp
2.5. Arp these log messages refer to the arp (arp events) category. 2.5.1. Unsolicited_reply_drop (id: 00300001) default severity notice log message unsolicited arp reply received and dropped explanation an arp reply was received even though no reply was currently expected for this ip. Gateway actio...
Page 190
Context parameters rule name packet buffer 2.5.4. Arp_response_broadcast (id: 00300004) default severity notice log message arp response is a broadcast address explanation the arp response has a sender address which is a broadcast address. Allowing. Gateway action allow recommended action if this is...
Page 191
Context parameters rule name packet buffer 2.5.7. Mismatching_hwaddrs_drop (id: 00300007) default severity notice log message arp hw sender does not match ethernet hw sender. Dropping explanation the hardware sender address specified in the arp data does not match the ethernet hardware sender addres...
Page 192
Recommended action none. Revision 1 parameters ipaddr iface 2.5.10. Unsolicited_reply_accept (id: 00300010) default severity notice log message unsolicited arp reply received and accepted explanation an arp reply was received even though no reply was currently expected for this ip. Gateway action no...
Page 193
Recommended action update your license to allow a greater amount of concurrent arp entries. Revision 1 parameters limit 2.5.13. Invalid_arp_sender_ip_address (id: 00300049) default severity warning log message failed to verify arp sender ip address. Dropping explanation the arp sender ip address cou...
Page 194
Gateway action drop recommended action verify that no fault network equipment exists. Revision 1 context parameters rule name packet buffer 2.5.16. Arp_response_broadcast_drop (id: 00300052) default severity warning log message arp response is a broadcast address. Dropping explanation the arp respon...
Page 195
Gateway action drop recommended action if this is not the desired behaviour, modify the configuration. Revision 1 parameters reason knowntype knownip knownhw context parameters rule name packet buffer 2.5.19. Hwaddr_change_drop (id: 00300055) default severity notice log message has a different addre...
Page 196: 2.6. Authagents
2.6. Authagents these log messages refer to the authagents (authentication agent events) category. 2.6.1. Authagent_connected (id: 06500001) default severity informational log message connected to authentication agent at :: explanation connected to authentication agent. Gateway action connected reco...
Page 197
Parameters name ip4addr 2.6.4. Authagent_rekeying_error (id: 06500004) default severity informational log message agent : does not accept new key. Explanation rekeying error. Gateway action rekeying_error recommended action none. Revision 1 parameters name ip4addr 2.6.5. Authagent_protocol_mistmatch...
Page 198
Parameters name ip4addr 2.6.7. Authagent_decryption_error (id: 06500007) default severity informational log message error while decrypting message from agent :. Explanation decryption error. Gateway action decryption_error recommended action none. Revision 1 parameters name ip4addr 2.6.8. Authagent_...
Page 199
2.6.10. Authagent_adduser_error (id: 06500010) default severity informational log message error adding user at . Explanation add user error. Gateway action adduser_error recommended action none. Revision 1 parameters name ip 2.6.11. Authagent_initial_error (id: 06500011) default severity information...
Page 200
Log message password error with agent :. Explanation password error. Gateway action password_error recommended action none. Revision 1 parameters name ip4addr 2.6.14. Authagent_user_login (id: 06500014) default severity notice log message user logged in. Idle timeout: , session timeout: explanation ...
Page 201
2.6.16. Authagent_adduser_error (id: 06500040) default severity informational log message error adding user at . Explanation add user error. Gateway action adduser_error recommended action none. Revision 1 parameters username iface ip 2.6.17. Authagent_removeuser_error (id: 06500042) default severit...
Page 202: 2.7. Avse
2.7. Avse these log messages refer to the avse (events from anti virus scan engine) category. 2.7.1. Av_db_digital_signature (id: 05100001) default severity alert log message could not start anti-virus engine because of explanation the unit tried to read the anti-virus database, but failed. The reas...
Page 203: 2.8. Avupdate
2.8. Avupdate these log messages refer to the avupdate (antivirus signature update) category. 2.8.1. Av_db_update_failure (id: 05000001) default severity alert log message update of the anti-virus database failed, because of explanation the unit tried to update the anti-virus database, but failed. T...
Page 204
Default severity notice log message anti-virus database could not be updated, as no valid subscription exist explanation the current license does not allow the anti-virus database to be updated. Gateway action none recommended action check the system's time and/or purchase a subscription. Revision 1...
Page 205
Log message unsynchronized hardware and software databases detected explanation the anti-virus hardware and software databases are not synchronized. A full update is automatically initiated. Gateway action downloading_new_database recommended action none. Revision 1 2.8.8. Downloading_new_database (...
Page 206: 2.9. Blacklist
2.9. Blacklist these log messages refer to the blacklist (blacklist events) category. 2.9.1. Failed_to_write_list_of_blocked_hosts_to_media (id: 04600001) default severity critical log message failed to write list of blocked hosts to media explanation failed to write list of blocked hosts to media. ...
Page 207
2.9.4. Host_unblacklisted (id: 04600004) default severity notice log message blacklist entry removed. Protocol: , ip: , port: . Explanation a blacklist entry has been removed. Gateway action none recommended action none. Revision 3 parameters proto ip port 2.9.5. Host_blacklisted (id: 04600006) defa...
Page 208: 2.10. Buffers
2.10. Buffers these log messages refer to the buffers (events regarding buffer usage) category. 2.10.1. Buffers_flooded (id: 00500001) default severity warning log message the buffers were flooded for seconds. Current usage is percent explanation the unit was temporarily out of buffers for a period ...
Page 209: 2.11. Conn
2.11. Conn these log messages refer to the conn (state engine events, e.G. Open/close connections) category. 2.11.1. Conn_open (id: 00600001) default severity informational log message connection opened explanation a connection has been opened. Gateway action none recommended action none. Revision 1...
Page 210
Revision 1 context parameters rule name connection 2.11.4. Conn_open_natsat (id: 00600004) default severity informational log message connection opened explanation a connection has been opened. Gateway action none recommended action none. Revision 1 context parameters rule information connection pac...
Page 211
Context parameters rule name packet buffer 2.11.7. Out_of_connections (id: 00600011) default severity warning log message out of connections. Dropping connection attempt explanation the connection table is currently full, and this new connection attempt will be dropped. Gateway action drop recommend...
Page 212
Gateway action drop recommended action none. Revision 1 parameters protocol context parameters rule name packet buffer 2.11.10. No_return_route (id: 00600014) default severity warning log message failed to open a new connection since a return route to the sender address cant be found. Dropping packe...
Page 213
Default severity warning log message state inspector would not open a new connection for this icmpv6 packet, dropping packet explanation state inspector would not open a new connection for this icmpb6 packet since it is not an icmpv6 echo request. Only echo requests are allowed to open a new icmpv6 ...
Page 214
2.11.15. Udp_src_port_0_forwarded (id: 00600022) default severity warning log message udp source port is set to 0. Forwards packet explanation the udp source port was set to 0. This can be used by udp streams not expecting return traffic. Forwarding packet. Gateway action none recommended action non...
Page 215
2.11.18. Passive_data (id: 00600101) default severity informational log message ftpalg: incoming passive data channel explanation a passive data channel connection has been established. Gateway action none recommended action none. Revision 1 context parameters alg module name alg session id rule inf...
Page 216
Rule information connection chapter 2: log message reference 216.
Page 217: 2.12. Dhcp
2.12. Dhcp these log messages refer to the dhcp (dhcp client events) category. 2.12.1. Offered_ip_occupied (id: 00700001) default severity notice log message interface received a lease with an offered ip that appear to be occupied () explanation received a dhcp lease which appears to be in use by so...
Page 218
Revision 1 parameters iface ip netmask bcast gw context parameters packet buffer 2.12.4. Renewed_lease (id: 00700004) default severity notice log message interface have renewed its lease. The new lease is valid for seconds explanation an interface have successfully renewed its lease. Gateway action ...
Page 219
Explanation an interface received a lease with a leasetime which is lower then the configured minimum. Gateway action drop recommended action check the dhcp server configuration or adjust the minimum leasetime limit. Revision 1 parameters iface lease_time minimum_lease_time context parameters packet...
Page 220
2.12.9. Invalid_broadcast (id: 00700010) default severity warning log message interface received a lease with an invalid broadcast address () explanation an interface received a lease with an invalid broadcast address. Gateway action drop recommended action check dhcp server configuration. Revision ...
Page 221
Parameters iface gateway context parameters packet buffer 2.12.12. Offered_broadcast_equals_gateway (id: 00700013) default severity warning log message interface received a lease where the offered broadcast equals the offered gateway explanation an interface received a lease where the offered broadc...
Page 222
Collision (dhcp route: collides with configured route ) explanation an interface received a lease which if used will cause a route collision with a configured route. Gateway action drop recommended action check dhcp server configuration and sg interface configuration. Revision 1 parameters iface dhc...
Page 223: 2.13. Dhcprelay
2.13. Dhcprelay these log messages refer to the dhcprelay (dhcp relayer events) category. 2.13.1. Unable_to_save_dhcp_relay_list (id: 00800001) default severity warning log message unable to auto save the dhcp relay list to disk explanation unable to autosave the dhcp relay list to disk. Gateway act...
Page 224
Default severity warning log message incorrect bootp/dhcp cookie. Dropping explanation received a packet with an incorrect bootp/dhcp cookie. Gateway action drop recommended action investigate what client implementation is being used. Revision 1 context parameters packet buffer 2.13.5. Maximum_ppm_f...
Page 225: 00800010)
Default severity warning log message hop limit exceeded. Dropping explanation the maxmimum hop limit for the dhcp packet have been reached. Gateway action none recommended action verify maximum-hop-limit setting. Revision 1 context parameters packet buffer 2.13.8. Client_release (id: 00800008) defau...
Page 226: (Id: 00800011)
Default severity warning log message the limit for dhcp relay routes have been reached. Dropping explanation the dhcp relay routes limit have been reached. Gateway action drop recommended action verify max-relay-routes-limit. Revision 1 context parameters rule name 2.13.11. Unable_to_add_relay_route...
Page 227: (Id: 00800014)
Log message no message type. Dropping explanation received dhcp packet without the required message type parameter. Gateway action drop recommended action investigate what client implementation is being used. Revision 1 context parameters rule name packet buffer 2.13.14. Bad_inform_pkt_with_mismatch...
Page 228: 00800016)
00800016) default severity warning log message the maximum number of current dhcp relays for this interface have been reached. Dropping explanation the maximum number of dhcp relayed through a specified interface have been reached. Gateway action drop recommended action verify max-relay-per-interfac...
Page 229
Context parameters rule name packet buffer 2.13.19. Invalid_gateway (id: 00800019) default severity warning log message received request with invalid gateway (). Dropping explanation received dhcp request with an invalid gateway. Gateway action drop recommended action investigate what client impleme...
Page 230: (Id: 00800022)
Revision 1 parameters client_hw dest_ip context parameters rule name packet buffer 2.13.22. Got_reply_on_a_non_security_equivalent_interface (id: 00800022) default severity warning log message received reply for client on a non security equivalent interface. Dropping explanation received a reply for...
Page 231
Default severity warning log message dhcp/bootp-server tried to assign a client with an illegal ip . Dropping explanation received a lease with an illegal client assignment ip. Gateway action drop recommended action check dhcp server configuration. Revision 1 parameters server_ip ip context paramete...
Page 232
Context parameters rule name packet buffer 2.13.27. Relayed_bootp_reply (id: 00800027) default severity notice log message relayed bootp-reply to client explanation relayed bootp reply to client. Gateway action none recommended action none. Revision 1 parameters client_hw context parameters rule nam...
Page 233
Revision 1 parameters gateway_ip context parameters rule name packet buffer chapter 2: log message reference 233.
Page 234: 2.14. Dhcpserver
2.14. Dhcpserver these log messages refer to the dhcpserver (dhcp server events) category. 2.14.1. Unable_to_send_response (id: 00900001) default severity warning log message failed to get buffer for sending. Unable to reply explanation unable to get a buffer for sending. Gateway action none recomme...
Page 235: (Id: 00900006)
Log message lease database was successfully auto saved to disk explanation the lease database was successfully saved to disk. Gateway action none recommended action none. Revision 1 2.14.5. Dhcp_packet_too_small (id: 00900005) default severity warning log message received dhcp packet which is smalle...
Page 236: (Id: 00900008)
Log message received a request from client(in bound) for ip without state. Rejecting explanation received a request from a bound client without state. Gateway action reject recommended action none. Revision 1 parameters client client_ip context parameters packet buffer 2.14.8. Request_for_ip_from_no...
Page 237
Default severity warning log message received request with bad udp checksum. Dropping explanation received request with bad udp checksum. Gateway action drop recommended action check network equipment for errors. Revision 1 context parameters packet buffer 2.14.11. Lease_timeout (id: 00900012) defau...
Page 238
Default severity warning log message all ips in the pool are in use. Request cannot be fulfilled explanation a request cannot be fullfilled since all pools are in use. Gateway action none recommended action extend the pools to support more clients. Revision 1 context parameters rule name packet buff...
Page 239
Default severity warning log message client requested non offered ip. Rejecting explanation client sent a request for a non offered ip. Gateway action nak recommended action none. Revision 1 parameters client_hw client_wanted client_offered context parameters rule name packet buffer 2.14.17. Request...
Page 240
Context parameters rule name packet buffer 2.14.19. Client_renewed (id: 00900020) default severity notice log message client renewed ip explanation client successfully renewed its lease. Gateway action renew recommended action none. Revision 1 parameters client_hw client_ip context parameters rule n...
Page 241: 00900025)
Recommended action check network for inconsistent routes. Revision 1 parameters client_hw client_ip recv_if client_if context parameters rule name packet buffer 2.14.22. Decline_for_non_offered_ip (id: 00900023) default severity notice log message client declined non offered ip. Decline is ignored e...
Page 242
Default severity warning log message received a request from client(bound) for ip without state. Ignoring explanation received a request from a bound client without state. Gateway action none recommended action none. Revision 1 parameters client client_ip context parameters packet buffer 2.14.25. Re...
Page 243
Client_ip context parameters rule name packet buffer chapter 2: log message reference 243.
Page 244: 2.15. Dhcpv6Client
2.15. Dhcpv6client these log messages refer to the dhcpv6client (dhcpv6 client events) category. 2.15.1. Offered_ip_occupied (id: 07300001) default severity notice log message interface received a lease with an offered ip that appear to be occupied () explanation received a dhcpv6 lease which appear...
Page 245
Recommended action none. Revision 1 parameters iface valid_seconds context parameters packet buffer 2.15.4. Lease_expired (id: 07300005) default severity notice log message interface lease expired explanation a lease have expired and the ip data for this interface are no longer valid. Gateway action...
Page 246
Recommended action none. Revision 1 parameters code iface 2.15.7. Bad_server_address (id: 07300008) default severity warning log message dhcpv6 server reply contained a bad server address . Explanation a dhcpv6 reply was received containing a bad server address. Gateway action drop recommended actio...
Page 247
Revision 1 parameters t1 t2 iface 2.15.10. Low_life_time (id: 07300011) default severity warning log message dhcpv6 server reply ia_na offered address lifetime too low on . Preferred lifetime , valid lifetime . Explanation a dhcpv6 reply ia_na option was received containing an address life time too ...
Page 248: 2.16. Dhcpv6Server
2.16. Dhcpv6server these log messages refer to the dhcpv6server (dhcpv6 server events) category. 2.16.1. Client_id_missing (id: 07400001) default severity warning log message client id option missing in received message. Explanation the received packet is missing vital information. Gateway action dr...
Page 249
Default severity warning log message unexpected server id option in received message. Explanation the received message contains unexpected information. Gateway action drop recommended action investigate what client implementation is being used. Dropping. Revision 1 context parameters packet buffer 2...
Page 250
Explanation received request message from a client. Gateway action none recommended action none. Revision 1 parameters client_hw iface offer_ip 2.16.8. Client_renewed (id: 07400008) default severity notice log message client on renewed ip . Explanation client successfully renewed its address lease. ...
Page 251
Explanation a client lease wasn't renewed and timed out. Gateway action lease_inactive recommended action none. Revision 1 parameters client_ip context parameters rule name 2.16.11. Pool_depleted (id: 07400011) default severity warning log message all ips in the pool are now in use. Request for new ...
Page 252
Allowed bytes. Gateway action drop recommended action investigate what client implementation is being used. Revision 1 context parameters packet buffer 2.16.14. Dhcpv6_faulty_length (id: 07400014) default severity warning log message received dhcpv6 packet with faulty length. Dropping. Explanation r...
Page 253
Revision 1 2.16.17. Unable_to_save_lease_db (id: 07400017) default severity warning log message unable to auto save the lease database to disk explanation some sort of error occurred saving the lease database to disk. Gateway action none recommended action make sure that there is sufficient diskspac...
Page 254
Default severity notice log message unexpected message type (reconfigure) in received packet. Explanation received dhcpv6 packet with unexpected message type (reconfigure). Gateway action drop recommended action none. Revision 1 context parameters packet buffer 2.16.21. Unexpected_relay_reply_messag...
Page 255: 2.17. Dnscache
2.17. Dnscache these log messages refer to the dnscache (dns cache) category. 2.17.1. Ipv6_max_addresses (id: 08000001) default severity warning log message fqdn object reached the limit for ipv6 addresses. Explanation maximum number of ip addresses for the fqdn has been exceeded. Gateway action ign...
Page 256: 2.18. Dynrouting
2.18. Dynrouting these log messages refer to the dynrouting (dynamic routing) category. 2.18.1. Failed_to_export_route_to_ospf_process_failed_to_alloc (id: 01100001) default severity critical log message failed to export route to ospf process (unable to alloc export node) explanation unable to expor...
Page 257
Revision 1 context parameters dynamic route rule name route 2.18.4. Failed_to_add_route_unable_to_alloc (id: 01100004) default severity critical log message failed to add route (unable to alloc route) explanation failed to create a route since out of memory. Gateway action alert recommended action c...
Page 258
Revision 1 context parameters dynamic route rule name route chapter 2: log message reference 258.
Page 259: 2.19. Frag
2.19. Frag these log messages refer to the frag (fragmentation events) category. 2.19.1. Individual_frag_timeout (id: 02000001) default severity warning log message individual fragment timed out. Explanation a fragment of an ip packet timed out, and is dropped. Gateway action drop recommended action...
Page 260
Revision 1 parameters srcip destip ipproto fragid fragact frags context parameters dropped fragments rule name 2.19.4. Fail_out_of_resources (id: 02000004) default severity critical log message out of reassembly resources. Frags: . - fragid: , state: explanation out of fragmentation-reassembly resou...
Page 261
Ipproto fragid fragact frags context parameters dropped fragments rule name 2.19.6. Fail_timeout (id: 02000006) default severity critical log message time out reassembling. Frags: . - fragid: , state: explanation timed out when reassembling a fragmented ip packet. Dropping packet. Gateway action dro...
Page 262
Frags context parameters dropped fragments rule name 2.19.8. Drop_frags_of_disallowed_packet (id: 02000008) default severity warning log message dropping stored fragments of disallowed packet. Frags: . - fragid: , state: explanation the fragments of a disallowed ip packet were dropped. Gateway actio...
Page 263: 02000010)
2.19.10. Drop_extraneous_frags_of_completed_packet (id: 02000010) default severity warning log message dropping extraneous fragments of completed packet. Frags: . - fragid: , state: explanation a completed reassembled ip packet contains extraneous fragments, which are dropped. Gateway action drop re...
Page 264
Fragments, was received. Dropping the duplicate fragment. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.19.13. Drop_duplicate_frag (id: 02000013) default severity warning log message dropping duplicate fragment explanation a duplicate fragment o...
Page 265
Log message internal error: no available resources (out of memory?). Explanation an internal error occured. Failed to create necessary fragmentation reassembly resources. This could be a result of the unit being out of memory. Gateway action drop recommended action none. Revision 1 context parameter...
Page 266
2.19.18. Overlapping_frag (id: 02000018) default severity error log message overlapping fragment explanation this fragment would overlap the next fragment offset. Dropping packet. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.19.19. Bad_offs (id...
Page 267
2.19.21. Duplicate_frag_with_different_data (id: 02000021) default severity error log message duplicate fragment with different data received explanation the fragment is a duplicate of an already received fragment, but the fragment data differs. Dropping packet. Gateway action drop recommended actio...
Page 268
2.19.24. Drop_frag_disallowed_packet (id: 02000024) default severity warning log message dropping fragment of disallowed packet explanation a fragment of a disallowed ip packet is dropped. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.19.25. Alr...
Page 269
2.19.27. Drop_frag_failed_packet (id: 02000027) default severity warning log message dropping fragment of failed packet explanation a fragment of a failed ip packet is dropped. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.19.28. Drop_frag_illeg...
Page 270
Default severity error log message bad ipdatalen= explanation the partly reassembled ip packet has an invalid ip data length. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters ipdatalen context parameters rule name packet buffer 2.19.31. Single_frag (id: 02000117) d...
Page 271: 2.20. Geoip
2.20. Geoip these log messages refer to the geoip (geoip events) category. 2.20.1. Database_load_failed (id: 08100001) default severity warning log message unable to load ipv4 geolocation database, because of explanation the unit failed to load the ipv4 geolocation database. Gateway action none reco...
Page 272: 2.21. Gre
2.21. Gre these log messages refer to the gre (gre events) category. 2.21.1. Failed_to_setup_gre_tunnel (id: 02200001) default severity warning log message failed to setup open tunnel from to explanation unable to setup gre tunnel with endpoint. Gateway action drop recommended action check conn usag...
Page 273
2.21.4. Gre_checksum_error (id: 02200004) default severity warning log message gre packet with checksum error. Packet dropped explanation received gre packet with checksum errors. Gateway action drop recommended action check network equipment for errors. Revision 1 context parameters packet buffer 2...
Page 274
Log message received gre packet with unmatched session key. Packet dropped explanation received gre packet with unmatched session key. Gateway action drop recommended action check gre session key settings on the remote gateway. Revision 1 parameters session_key context parameters packet buffer 2.21....
Page 275: 2.22. Ha
2.22. Ha these log messages refer to the ha (high availability events) category. 2.22.1. Peer_gone (id: 01200001) default severity notice log message peer firewall disappeared. Going active explanation the peer gateway (which was active) is not available anymore. This gateway will now go active inst...
Page 276
Default severity notice log message both active, peer has higher local load; staying active explanation both memebrs are active, but the peer has higher local load. This gateway will stay active. Gateway action stay_active recommended action none. Revision 1 2.22.5. Peer_has_lower_local_load (id: 01...
Page 277
Recommended action none. Revision 1 2.22.8. Conflict_both_peers_inactive (id: 01200008) default severity notice log message conflict: both peers are inactive! Resolving... Explanation a conflict occured as both peers are inactive at the same time. The conflict will automatically be resolved. Gateway...
Page 278
Default severity notice log message peer firewall is alive explanation the peer gateway is alive. Gateway action none recommended action none. Revision 1 2.22.12. Heartbeat_from_unknown (id: 01200043) default severity warning log message received ha heartbeat from unknown ip. Dropping explanation th...
Page 279
Explanation the gateway failed to activate the merged configuration that was received from the peer. Gateway action ha_activate_conf recommended action none. Revision 1 2.22.15. Merge_failed (id: 01200051) default severity warning log message failed to merge configuration from ha partner explanation...
Page 280
2.22.18. Ha_commit_unknown_error (id: 01200054) default severity warning log message an unknown error occured while saving the ha configuration explanation an unknown error occured when the ha configuration was to be saved. It has not been commited. Gateway action ha_commitchanges recommended action...
Page 281: (Id: 01200201)
Default severity notice log message hasync connection to peer firewall established explanation ha synchronization connection to peer has been establihsed. Supported events will now be synchronized between the members of the ha cluster. Gateway action none recommended action none. Revision 2 2.22.22....
Page 282
Gateway action none recommended action none. Revision 1 2.22.25. Disallowed_on_sync_iface (id: 01200400) default severity warning log message received non-ha traffic on sync iface. Dropping explanation a packet which is not a ha-related packet was received on the sync interface. This should not happ...
Page 283
Revision 1 context parameters rule name packet buffer 2.22.28. Heartbeat_from_myself (id: 01200412) default severity warning log message received ha heartbeat from the gateway itself. Dropping explanation the received ha heartbeat packet was originating from the gateway itself. The packet will be dr...
Page 284
2.22.31. Both_inactive (id: 01200617) default severity notice log message both not active, activation in progress. Explanation both not active, activation in progress. Gateway action activate recommended action none. Revision 2 2.22.32. Going_online (id: 01200618) default severity notice log message...
Page 285: 2.23. Hwm
2.23. Hwm these log messages refer to the hwm (hardware monitor events) category. 2.23.1. Temperature_alarm (id: 04000011) default severity warning log message temperature monitor () is outside the specified limit. Current value is , lower limit is , upper limit is explanation the unit may be overhe...
Page 286
Default severity warning log message voltage monitor () is outside the specified limit. Current value is , lower limit is , upper limit is explanation the powersupply of this unit may be failing. Gateway action none recommended action change powersupply unit. Revision 1 parameters index name unit cu...
Page 287
Gateway action none recommended action unblock or change the corresponding fan. Revision 1 parameters index name unit current_fanrpm min_limit max_limit 2.23.6. Fanrpm_normal (id: 04000032) default severity warning log message fan rpm monitor () is outside the specified limit. Current value is , low...
Page 288
Unit current_gpio min_limit max_limit 2.23.8. Gpio_normal (id: 04000042) default severity warning log message temperature monitor () is outside the specified limit. Current value is , lower limit is , upper limit is explanation the sensor reports that the gpio value is back inte the normal range. Ga...
Page 289
Default severity warning log message free memory has fallen below the specified limit of megabyte, limit classified is , free mb of total mb, percentage free explanation the amount of free memory is getting low. Gateway action none recommended action review the configuration and disable or lower set...
Page 290: 2.24. Idp
2.24. Idp these log messages refer to the idp (intrusion detection & prevention events) category. 2.24.1. Scan_detected (id: 01300001) default severity notice log message scan detected: , signature id=. Id rule: . Protocol: . Source ip: . Source port: . Destination ip: . Destination port: . Internal...
Page 291
Signatureid idrule ipproto srcip srcport destip destport internalid context parameters rule name deep inspection 2.24.3. Intrusion_detected (id: 01300003) default severity warning log message intrusion detected: , signature id=. Id rule: . Protocol: . Source ip: . Source port: . Destination ip: . De...
Page 292
Recommended action research the advisory (searchable by the unique id). Revision 2 parameters description signatureid idrule ipproto srcip srcport destip destport internalid context parameters rule name deep inspection 2.24.5. Scan_detected (id: 01300005) default severity notice log message scan det...
Page 293
Explanation a notice signature matched the traffic. Gateway action none recommended action this is probably not an attack, but you may research the advisory (searchable by the unique id). Revision 2 parameters description signatureid idrule ipproto srcip srcport destip destport internalid context pa...
Page 294
Log message virus/worm detected: , signature id=. Id rule: . Protocol: . Source ip: . Source port: . Destination ip: . Destination port: . Internal id: . Explanation a virus signature matched the traffic. Gateway action none recommended action research the advisory (searchable by the unique id). Rev...
Page 295
Log message failed to parse the http url. Id rule: . Url: . Source ip: . Source port: . Destination ip: . Destination port: . Ignoring the url. Explanation the unit failed parsing an url. The reason for this is problaby because the url has an invalid format, or it contains invalid utf8 formatted cha...
Page 296
Explanation the unit failed to reassemble data. The reason for this is problaby due to an idp engine evasion attack. Gateway action ignore recommended action none. Revision 1 parameters idrule srcip srcport destip destport context parameters rule name 2.24.13. Idp_outofmem (id: 01300013) default sev...
Page 297
Revision 1 parameters idrule srcip srcport destip destport context parameters rule name 2.24.15. Idp_failscan (id: 01300015) default severity error log message failed to scan data. Id rule: . Source ip: . Source port: . Destination ip: . Destination port: . Reason: reason>. Closing connection. Expla...
Page 298
Reason context parameters rule name 2.24.17. No_valid_license_or_no_signature_file (id: 01300017) default severity critical log message idp: no signatures loaded, skipping idp filtering explanation idp scanning is aborted since the signature file has been disabled or no signature file was found. Gat...
Page 299: 2.25. Idppipes
2.25. Idppipes these log messages refer to the idppipes (idp traffic shaping events) category. 2.25.1. Conn_idp_piped (id: 06100001) default severity warning log message idp pipe event triggered. Throughput limited to explanation an idp rule with pipe event triggered on the specified connection. The...
Page 300
Gateway action host_state_creation_aborted recommended action issue the "memory" cli command and check for modules with abnormal memory consumption. Otherwise, revise configuration in order to free more ram. Revision 1 2.25.4. Idp_piped_state_replaced (id: 06100004) default severity debug log messag...
Page 301
Recommended action none. Revision 1 parameters limit context parameters connection 2.25.7. Conn_idp_piped (id: 06100007) default severity warning log message idp dynamic pipe state found. Throughput limited to explanation a new connection is piped to [limit] kbps since either the source or destinati...
Page 302: 2.26. Idpupdate
2.26. Idpupdate these log messages refer to the idpupdate (intrusion detection & prevention database update) category. 2.26.1. Idp_db_update_failure (id: 01400001) default severity alert log message update of the intrusion detection & prevention database failed, because of explanation the unit tried...
Page 303
2.26.4. Idp_db_update_denied (id: 01400004) default severity notice log message intrusion detection & prevention database could not be updated, as no valid subscription exist explanation the current license does not allow intrusion detection & prevention database to be updated. Gateway action none r...
Page 304
Default severity warning log message unsynchronized hardware and software databases detected explanation the idp hardware and software databases are not synchronized. A full update is automatically initiated. Gateway action downloading_new_database recommended action none. Revision 1 2.26.8. Sigfile...
Page 305: 2.27. Ifacemon
2.27. Ifacemon these log messages refer to the ifacemon (interface monitor events) category. 2.27.1. Ifacemon_status_bad_rereport (id: 03900001) default severity notice log message ifacemon reset interface 10 seconds ago. Link status: mbps duplex explanation the interface monitor reset the interface...
Page 306
Recommended action none. Revision 1 parameters iface [linkspeed] [duplex] chapter 2: log message reference 306.
Page 307: 2.28. Igmp
2.28. Igmp these log messages refer to the igmp (igmp events) category. 2.28.1. Querier_election_won (id: 04200001) default severity notice log message taking on the role of querier at interface . Explanation this router is now the igmp querier at the specified interface. Gateway action none recomme...
Page 308
Parameters recv_if ip_dest context parameters packet buffer 2.28.4. Invalid_destination_ethernet_address (id: 04200004) default severity warning log message rejected igmp message with inconsistent ip/ethernet addresses (/) at interface . Explanation rejected igmp message directed to a unicast ethern...
Page 309
Gateway action drop recommended action none, but keep an eye open for malfunctional software/hardware somewhere on the network. Revision 1 parameters recv_if context parameters packet buffer 2.28.7. Invalid_query_group_address (id: 04200008) default severity error log message igmp group specific que...
Page 310
2.28.9. Igmp_query_received (id: 04200010) default severity notice log message rule igmp query about group and source at interface from router . Group is translated into and source into . Explanation got igmp query. Gateway action allow recommended action none. Revision 1 parameters if rip igmpver g...
Page 311
2.28.11. Igmp_report_received (id: 04200012) default severity notice log message rule igmp member report concerning group and source at interface from host . Group is translated into and source into explanation got igmp report. Gateway action allow recommended action none. Revision 1 parameters if h...
Page 312
Makes payload larger than igmp packet size. Explanation harmful condition that potentially could give an attacker full access to the system. May indicate faulty hardware, an attack or experimental software. Gateway action drop recommended action none, but keep an eye open for for broken hardware som...
Page 313
2.28.16. Igmp_report_dropped (id: 04200017) default severity notice log message rule drops igmp member report concerning group and source at interface from host . Explanation dropped igmp report. Gateway action drop recommended action none. Revision 1 parameters if hip igmpver grp src sat_grp sat_sr...
Page 314: 04200020)
Gateway action drop recommended action assign a different ip to the offending application. Revision 1 parameters src iface context parameters packet buffer 2.28.19. Max_global_requests_per_second_reached (id: 04200020) default severity warning log message rejected igmp message. Global requests per s...
Page 315
Default severity notice log message disallowed igmp version explanation a system is using a too old igmp version. Gateway action drop recommended action upgrade the host/router running the disallowed version, or lower lowestigmpver limit. Revision 1 parameters recv_ver required_ver context parameter...
Page 316
2.28.24. Older_querier_gone (id: 04200025) default severity notice log message no igmpv querier present. Older querier present (igmpv) compatibility mode on interface has ended. Entering igmpv mode. Explanation the router has not heard any igmpv[igmpver] general queries and will switch and use igmpv...
Page 317: 2.29. Ip6In4
2.29. Ip6in4 these log messages refer to the ip6in4 (6in4 tunnel events) category. 2.29.1. Failed_to_setup_6in4_tunnel (id: 07800001) default severity warning log message failed to setup open tunnel from to explanation unable to setup 6in4 tunnel with endpoint. Gateway action drop recommended action...
Page 318
Revision 1 parameters iface remotegwname 2.29.4. 6in4_invalid_sender_encap (id: 07800004) default severity warning log message invalid ipv6 sender entering 6in4 tunnel . Packet dropped explanation packet should be dropped according to rfc 4213 since the source ip address is invalid. Gateway action d...
Page 319
Revision 1 context parameters packet buffer 2.29.7. 6in4_invalid_sender_decap (id: 07800007) default severity warning log message invalid ipv6 sender in 6in4 tunnel . Packet dropped explanation packet should be dropped according to rfc 4213 since the source ip address is invalid. Gateway action drop...
Page 320: 2.30. Ippool
2.30. Ippool these log messages refer to the ippool (ippool events) category. 2.30.1. No_offer_received (id: 01900001) default severity error log message no offers were received explanation no dhcp offers where received by the ip pool general query. Gateway action none recommended action review dhcp...
Page 321
2.30.4. Lease_disallowed_by_lease_filter (id: 01900004) default severity warning log message the lease was rejected due to a lease filter explanation a lease was rejected by a lease filter. Gateway action lease_rejected recommended action verify the lease filters. Revision 1 parameters client_ip con...
Page 322
2.30.7. Lease_have_bad_netmask (id: 01900007) default severity warning log message the lease was rejected due to a bad offered netmask address explanation a lease was rejected due to a bad offered netmask address. Gateway action lease_rejected recommended action check dhcp server configuration. Revi...
Page 323
2.30.10. Lease_have_bad_gateway_ip (id: 01900010) default severity warning log message the lease was rejected due to a bad offered gateway address explanation a lease was rejected due to a bad offered gateway address. Gateway action lease_rejected recommended action check dhcp server configuration. ...
Page 324
2.30.13. Ip_offer_already_exist_in_the_pool (id: 01900013) default severity warning log message the lease was rejected since the offered ip already exist in the pool explanation a lease was rejected since the offered ip already exists in the pool. Gateway action lease_rejected recommended action che...
Page 325
Default severity notice log message subsystem fetched a ip from the pool explanation a subsystem fetched an ip from the pool. Gateway action inform recommended action none. Revision 1 parameters client_ip subsystem context parameters rule name 2.30.17. Ip_returned_to_pool (id: 01900017) default seve...
Page 326: 2.31. Ipsec
2.31. Ipsec these log messages refer to the ipsec (ipsec (vpn) events) category. 2.31.1. Fatal_ipsec_event (id: 01800100) default severity alert log message fatal event occured, because of explanation fatal event occured in ipsec stack. Gateway action none recommended action none. Revision 1 paramet...
Page 327
Seq protocol reason 2.31.4. Audit_flood (id: 01800104) default severity notice log message . Explanation the rate limit for audit messages was reached. Gateway action none recommended action none. Revision 1 parameters reason 2.31.5. Ike_delete_notification (id: 01800105) default severity notice log...
Page 328
Parameters local_ip remote_ip cookies reason 2.31.7. Ike_invalid_proposal (id: 01800107) default severity warning log message local ip: , remote ip: , cookies: , reason: . Explanation the proposal for the security association could not be accepted. Gateway action none recommended action none. Revisi...
Page 329
Gateway action none recommended action none. Revision 1 parameters local_ip remote_ip cookies reason 2.31.10. Packet_corrupt (id: 01800110) default severity notice log message source ip: , destination ip: , spi: , seq: , protocol: , reason: . Explanation received a corrupt packet. Gateway action dro...
Page 330
2.31.12. Sequence_number_failure (id: 01800112) default severity notice log message source ip: , destination ip: , spi: , seq: , protocol: , reason: . Explanation the received packet did not fall within the sliding window. Gateway action drop recommended action none. Revision 1 parameters source_ip ...
Page 331
Gateway action none recommended action none. Revision 2 parameters source_ip dest_ip spi seq protocol reason packet_data 2.31.15. Sequence_number_overflow (id: 01800115) default severity notice log message source ip: , destination ip: , spi: , seq: , protocol: , reason: . Explanation an attempt to t...
Page 332
Protocol reason packet_data 2.31.17. Hardware_accelerator_congested (id: 01800117) default severity notice log message source ip: , destination ip: , spi: , seq: , protocol: , reason: . Explanation hardware accleration failed due to resource shortage. Gateway action drop recommended action none. Rev...
Page 333
Log message source ip: , destination ip: , spi: , seq: , protocol: , id: , reason: . Explanation the source or destination address/port did not match the traffic selectors for the sa. Gateway action drop recommended action none. Revision 1 parameters source_ip dest_ip spi seq protocol id reason 2.31...
Page 334
Explanation failed to initilaze x509 library. Gateway action ipsec_configuration_disabled recommended action none. Revision 1 2.31.23. Pm_create_failed (id: 01800204) default severity error log message failed to create policymanager explanation failed to create policymanager. Out of memory. Gateway ...
Page 335
Default severity error log message failed to create audit module. Explanation failed to create audit module. Gateway action ipsec_audit_disabled recommended action none. Revision 1 2.31.27. Failed_attach_audit_module (id: 01800208) default severity error log message failed to attach audit module. Ex...
Page 336
Recommended action reconfigure_ipsec. Revision 1 parameters error_msg 2.31.30. Reconfig_ipsec (id: 01800211) default severity informational log message reconfiguration of ipsec started explanation reconfiguration of ipsec started. Gateway action ipsec_reconfigured recommended action none. Revision 2...
Page 337
Log message ipsec started successfully explanation succeeded to create policymanger and commit ipsec configuration. Gateway action ipsec_started recommended action none. Revision 2 2.31.34. Failed_to_set_local_id (id: 01800301) default severity error log message failed to configure local id for tunn...
Page 338
Recommended action none. Revision 1 parameters tunnel 2.31.37. Failed_to_set_algorithm_properties (id: 01800304) default severity error log message failed to set properties ipsec alogorithm , for tunnel explanation failed to set specified properties (keysize, lifetimes) for ipsec algorithm. Gateway ...
Page 339
Revision 1 parameters certificate tunnel 2.31.40. Dns_resolve_failed (id: 01800308) default severity warning log message failed to resolve remote endpoint for ipsec tunnel . Keeping old ip explanation failed to resolve remote endpoint through dns. Gateway action keeping_old_ip recommended action non...
Page 340
Recommended action none. Revision 2 parameters endpoint ipsectunnel 2.31.43. Failed_to_add_rules (id: 01800313) default severity error log message failed to add rules after remote endpoint have been resolved by dns for ipsec tunnel: explanation failed to add rules to tunnel after remote endpoint hav...
Page 341
Gateway action none recommended action none. Revision 2 parameters endpoint ipsectunnel ip 2.31.46. No_policymanager (id: 01800316) default severity critical log message no policymanager!! To free tunnel object from explanation no policymanager to free tunnel from!!! Ipsec does not work properly. Ga...
Page 342
Recommended action none. Revision 1 2.31.49. Failed_to_add_certificate (id: 01800319) default severity error log message failed with error: , message , when adding certificate: explanation failed to add endpoint certificate to external key provider. Gateway action certificate_disabled recommended ac...
Page 343
Parameters status_msg 2.31.52. Failed_to_add_certificate (id: 01800322) default severity error log message failed add certificate: , for tunnel explanation failed to add certificate. Tunnel configured with this certificate for authentication will fail while negotiate. Gateway action certificate_disa...
Page 344
2.31.55. Failed_to_set_crl_distribution_points (id: 01800343) default severity error log message failed set crl distribution points for certificate: explanation failed to set crl distribution points for the specified certificate. Gateway action certificate_disabled recommended action none. Revision ...
Page 345
2.31.58. Cfgmode_ip_freed_by_ippool (id: 01800402) default severity notice log message returned a dynamic cfg mode ip to the ip pool explanation a dynamically allocated ip used for ike cfg mode was returned to the ip pool. Gateway action none recommended action none. Revision 1 parameters ip 2.31.59...
Page 346
Default severity warning log message no ip address fetched from ip pool () explanation no ip address could be fetched from the ip pool. Gateway action none recommended action none. Revision 1 parameters ippool 2.31.62. Cfgmode_no_ip_data_acquired (id: 01800406) default severity warning log message n...
Page 347: (Id: 01800502)
Gateway action packet_will_be_dropped recommended action none. Revision 2 2.31.65. Recieved_packet_to_disabled_ipsec (id: 01800501) default severity notice log message received plain text packet to ipsec while shutting down. Packet will be dropped explanation received plain text packet to ipsec whil...
Page 348
2.31.68. No_route (id: 01800504) default severity error log message failed to lookup route. No route for packet. Explanation no remote gateway for packet, i.E no route defined. Gateway action packet_will_be_dropped recommended action none. Revision 1 2.31.69. Ipsec_interface_disabled (id: 01800506) ...
Page 349
Peer: explanation no user authentication rule avaliable for eap authentication. Gateway action eap_protocols_disabled recommended action reconfigure_tunnel. Revision 1 parameters remote_peer 2.31.72. No_radius_server_configured_for_eap (id: 01800601) default severity error log message no radius serv...
Page 350
2.31.75. Unknown_eap_status (id: 01800604) default severity error log message failed to add eap-sim as eap protocol explanation failed to add eap-sim as accepted eap protocol. Gateway action none recommended action none. Revision 1 2.31.76. Eap_but_not_passthrough (id: 01800605) default severity inf...
Page 351
Gateway action continue_with_next_eap_userauth_rule recommended action none. Revision 1 2.31.79. Eap_disabled (id: 01800608) default severity notice log message eap is not set as authentication method explanation eap is not set as authentication method for phase 1. Gateway action none recommended ac...
Page 352
Default severity error log message eapstate/phase1 not available explanation no eapstate/phase1 to get eap identity from. Gateway action none recommended action none. Revision 1 2.31.83. Idi_used_as_eap_id (id: 01800612) default severity informational log message ikev2 idi will be used as eap identi...
Page 353
Parameters error 2.31.86. No_eap_identity_or_radius_username (id: 01800631) default severity error log message we did not get any eap identity/ radius username explanation we did not get any eap identity/ radius username. Gateway action continue_radius_message recommended action none. Revision 1 2.3...
Page 354
Gateway action none recommended action none. Revision 1 2.31.90. Outofmem_forward_eap_packet (id: 01800636) default severity error log message cannot create eap packet to be sent to client explanation out of memory. Cannot create eap packet to be sent to client. Gateway action eap_packet_dropped rec...
Page 355: 01800640)
2.31.93. Outofmem_forward_eap_packet (id: 01800639) default severity error log message out of memory. Unable to create radius request explanation out of memory. Unable to create radius request. Gateway action eap_packet_dropped recommended action none. Revision 1 2.31.94. Failed_to_send_eap_id_respo...
Page 356
Of active ipsec tunnels explanation more tunnels and/or unique peers than the license allow are trying to establish. Gateway action negotiation_aborted recommended action none. Revision 2 parameters allowed_tunnels 2.31.97. Ipsec_sa_destroy_peer_imsi (id: 01800902) default severity informational log...
Page 357
Explanation an ike sa was successfully created. Gateway action none recommended action none. Revision 3 parameters ipsec_if local_ip local_port remote_iface remote_ip remote_port local_id remote_id local_ike_spi remote_ike_spi initiator algorithms mode lifetime ikeversion local_behind_nat remote_beh...
Page 358
2.31.101. Ike_sa_deleted (id: 01800906) default severity informational log message ike sa deleted, local ike peer: : , remote ike peer: :: . Explanation an ike sa was deleted. Gateway action none recommended action none. Revision 3 parameters ipsec_if local_ip local_port remote_iface remote_ip remot...
Page 359
Dh_group dh_bits local_ts remote_ts imsi 2.31.103. Ipsec_sa_rekeyed (id: 01800908) default severity informational log message ipsec sa rekeyed, source ip: , destination ip: , inbound spi: , outbound spi: ). Explanation an ipsec sa rekeyed successfully. Gateway action none recommended action none. Re...
Page 360
Revision 2 parameters ipsec_if esp_spi_in esp_spi_out 2.31.105. Ipsec_sa_keys (id: 01800910) default severity informational log message ipsec sa keys, inbound spi: , outbound spi: . Explanation encryption and authentication keys for an ipsec sa. Gateway action none recommended action none. Revision ...
Page 361
Revision 1 2.31.108. Out_of_memory (id: 01801102) default severity alert log message out of memory while allocating client context. Explanation system ran out of memory while allocating client context. Gateway action scip_disabled_for_client recommended action none. Revision 1 2.31.109. Connected (i...
Page 362
Default severity notice log message scip-packet dropped while trying to sen to a closed scip connection. Explanation scip-packet dropped while trying to sen to a closed scip connection. Gateway action drop recommended action none. Revision 2 2.31.112. Send_failed_no_free_socket (id: 01801107) defaul...
Page 363
Log message the rule is not in the active configuration. Dropping request for policy explanation the rule is not in the active configuration, dropping request. Gateway action dropping_request recommended action none. Revision 1 2.31.115. Malformed_packet (id: 01802003) default severity warning log m...
Page 364
Parameters num_p1_negs_active ikestr 2.31.118. Psk_length_invalid (id: 01802012) default severity informational log message remote identity specifies psk that is not usable for selected ike sa mac algorithm (xcbcmac-aes) explanation psk key length invalid for xcbcmac-aes (restriced to 16 chars). Gat...
Page 365
Explanation ike sa statistics. Gateway action none recommended action none. Revision 1 parameters done success failed 2.31.121. Ike_sa_failed (id: 01802022) default severity warning log message ike sa negotiation failed: , local ike peer: , remote ike peer: , initiator spi: , responder spi: . Explan...
Page 366
2.31.123. Ike_sa_negotiation_failed (id: 01802030) default severity informational log message no ike sa negotiations done. Reason: the authentication credentials were not specified or private key was not available explanation no ike sa negotiations done because of authentication problems. Gateway ac...
Page 367
Parameters local_endpoint remote_endpoint ike_spi_i ike_spi_r ip_addr port 2.31.126. Ipsec_sa_negotiation_aborted (id: 01802060) default severity error log message ipsec sa negotiation aborted: ah can not be initiated with nat-t explanation negotiation aborted since ah can not be initiated with nat-...
Page 368
Default severity error log message malformed remote ike identity configured for tunnel explanation malformed remote identity for psk specified in configuration. Gateway action vpn_tunnel_invalid recommended action reconfigure_remote_id. Revision 1 parameters remoteid 2.31.130. Malformed_psk_configur...
Page 369: 01802101)
Explanation no authentication method is specified for the tunnel. Gateway action vpn_tunnel_disabled recommended action reconfigure_ipsec. Revision 1 2.31.133. Invalid_authentication_algorithm_configured (id: 01802101) default severity error log message aes counter mode cannot be used without an aut...
Page 370: 01802110)
Revision 1 2.31.136. Invalid_configuration_of_force_open (id: 01802104) default severity error log message auto-start rule does not specify single ip address or domain name for its remote peer explanation can not use auto-start rule (force open) for roaming tunnels. Gateway action vpn_tunnel_disable...
Page 371
Log message the maximum number of policy rules reached explanation the maximum number of policy rules reached. Gateway action vpn_configuration_disabled recommended action review the advanced setting ipsecmaxrules. Revision 2 2.31.140. Input_traffic_selector_corrupt (id: 01802111) default severity e...
Page 372: 01802201)
2.31.143. Suspicious_outbound_rule (id: 01802114) default severity error log message detected suspicious outbound ipsec rule without any selectors explanation detected suspicious outbound ipsec rule without any selectors specified. Gateway action the_rule_might_not_work recommended action reconfigur...
Page 373: 01802203)
Log message esp tunnel is missing encryption algorithm. Null encryption algorithm must be specified if no encryption is required explanation esp tunnel not configured with any encryption algorithm, not even null. Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. Revision 1 pa...
Page 374
Explanation tunnel [tunnel] configured for ah, but ah is not supported. Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. Revision 1 parameters tunnel 2.31.150. Invalid_cipher_keysize (id: 01802205) default severity error log message configured max cipher key size for tunnel ...
Page 375
Explanation anti-replay detection must be enabled when using 64 bit sequence numbers. Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. Revision 1 parameters tunnel 2.31.153. Invalid_tunnel_configuration (id: 01802208) default severity error log message no ipsec transform (ah...
Page 376: (Id: 01802213)
Recommended action reconfigure_tunnel. Revision 1 parameters tunnel 2.31.156. Out_of_memory_for_tunnel (id: 01802211) default severity error log message out of memory. Could not allocate memory for tunnel name! Explanation out of memory. Could not allocate memory for tunnel name!. Gateway action vpn...
Page 377
Recommended action reconfigure_tunnel. Revision 2 2.31.159. Invalid_key_size (id: 01802214) default severity error log message invalid key sizes specified for algorithms explanation invalid key sizes specified for algorithms. Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. ...
Page 378
Explanation configuration specifies key size limits for cipher with fixed key size. Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. Revision 2 parameters alg 2.31.163. Invalid_cipher_keysize (id: 01802218) default severity error log message configured max cipher key size is...
Page 379
Recommended action reconfigure_tunnel. Revision 1 parameters keysize max 2.31.166. No_matching_tunnel_found (id: 01802221) default severity error log message no tunnel found matching the local address , remote address and source interface explanation no tunnel found matching the local address and re...
Page 380
2.31.169. Several_local_id_specified_for_tunnel (id: 01802224) default severity error log message more than one remote id specified for tunnel explanation cannot add more than one remote identity to a tunnel. Gateway action vpn_tunnel_disabled recommended action reconfigure_vpn. Revision 1 2.31.170....
Page 381: 01802403)
Gateway action vpn_tunnel_invalid recommended action reconfigure_psk. Revision 1 2.31.173. Max_ike_sa_reached (id: 01802400) default severity warning log message the maximum number of active ike sas reached explanation maximum number of active ike sas reached. Gateway action negotiation_aborted reco...
Page 382: 01802404)
Default severity notice log message the maximum number of active quick-mode negotiations reached explanation maximum number of active quick-mode negotiations reached. Gateway action quick-mode_not_done recommended action none. Revision 1 2.31.177. Warning_level_active_ipsec_sas_reached (id: 01802404...
Page 383
2.31.180. Invalid_format_syslog_audit (id: 01802500) default severity notice log message cannot use binary formatting for syslog auditing. Explanation cannot use binary formatting for syslog auditing. Gateway action none recommended action none. Revision 1 2.31.181. Cannot_create_audit_file_context ...
Page 384: 01802602)
Gateway action certificate_invalid recommended action none. Revision 1 2.31.184. Could_not_get_subject_nam_from_ca_cert (id: 01802602) default severity warning log message could not get subject name from a ca certificate. This certificate is not usable as an ipsec authenticator, and is not inserted ...
Page 385
2.31.187. Could_not_trusted_set_for_cert (id: 01802605) default severity warning log message could not set the trusted set for a ca certificate explanation could not set the trusted set for a ca certificate. Gateway action certificate_disabled recommended action none. Revision 1 2.31.188. Could_not_...
Page 386
Recommended action none. Revision 1 2.31.191. Could_not_insert_cert_to_db (id: 01802609) default severity error log message could not insert certificate into local database explanation could not insert certificate into local database. Gateway action certificate_disabled recommended action none. Revi...
Page 387
Default severity warning log message directory names are not supported as subject alternative names. Skipping dn: explanation directory specified as subject alternative name. Gateway action skip_dn_name recommended action none. Revision 1 parameters dn_name 2.31.195. Could_not_decode_certificate (id...
Page 388
Explanation addresses for remote access attributes. Gateway action none recommended action none. Revision 1 parameters ipaddr time 2.31.198. Remote_access_dns (id: 01802711) default severity informational log message dns for remote access attributes: explanation dns for remote access attributes. Gat...
Page 389
Recommended action none. Revision 1 parameters dhcp_s 2.31.201. Remote_access_subnets (id: 01802714) default severity informational log message subnets remote access attributes: explanation subnets remote access attributes. Gateway action none recommended action none. Revision 1 parameters subnets 2...
Page 390
Revision 2 parameters reason int_severity 2.31.204. Crl_search_failed (id: 01802719) default severity warning log message certificate manager search failure: . Internal severity level: explanation search for a crl failed. Certificate validation will conintue as crl checks are not enforced by the cur...
Page 391
Default severity error log message failed to set init info to external key accelerator explanation invalid init info to external key accelerator. Gateway action ipsec_disabled recommended action none. Revision 1 2.31.208. Outofmem_create_engine (id: 01802901) default severity critical log message fa...
Page 392: 01803000)
2.31.211. Init_rule_looklup_failed (id: 01802904) default severity critical log message allocating default drop rule failed! Explanation allocating default drop rule failed!. Gateway action ipsec_disabled recommended action none. Revision 1 2.31.212. Init_rule_looklup_failed (id: 01802905) default s...
Page 393
Default severity error log message maximum number of ipsec sas limit has been violated too many times () explanation maximum number of ipsec sas limit has been violated too many times. Gateway action discarding request and deleting sa recommended action discarding request and deleting sa. Revision 1...
Page 394: 01803302)
Log message an audit event occured: . Internal severity level: explanation an audit event occured in the ipsec stack. Gateway action none recommended action none. Revision 1 parameters msg int_severity 2.31.218. Faild_to_link_ike_and_userauth (id: 01803300) default severity warning log message faild...
Page 395
Default severity notice log message hardware acceleration of modexp calculation failed due to . Explanation the failed calculation will be made in software instead. Hardware acceleration can fail due to valid reasons like a full request queue. A lot of these logs during a short timeframe could indic...
Page 396
2.31.223. Monitored_host_reachable (id: 01803600) default severity informational log message monitored host is reachable over tunnel . Explanation monitored host started to respond on icmp ping. Gateway action none recommended action none. Revision 1 parameters ip tunnel 2.31.224. Monitored_host_unr...
Page 397
Peer_ip peer_port 2.31.226. Failed_to_attach_radius (id: 01803701) default severity warning log message failed to attach radius () server in ike negotiation for peer : explanation failed to attach radius server communication, ike negotiation will fail. Gateway action fail_ike_negotiation recommended...
Page 398: 2.32. Ipv6_Nd
2.32. Ipv6_nd these log messages refer to the ipv6_nd (neighbor discovery events) category. 2.32.1. Neighbor_discovery_resolution_failed (id: 06400009) default severity warning log message neighbor discovery resolution failed explanation neighbor discovery query was not resolved before the cache ent...
Page 399: 06400030)
Revision 1 context parameters rule name packet buffer 2.32.4. Nd_spoofed_hw_sender (id: 06400029) default severity warning log message nd hw sender address matches our own address. Dropping packet. Explanation the neighbor discovery packet ethernet sender address appears to be our own. Dropping pack...
Page 400
Recommended action verify that no faulty network equipment exists. Revision 1 context parameters rule name packet buffer 2.32.7. Nd_option_hw_address_mismatch (id: 06400032) default severity warning log message nd link layer option enet sender mismatch. Dropping packet. Explanation the neighbor disc...
Page 401
Recommended action verify that no faulty network equipment exists. Revision 1 context parameters rule name packet buffer 2.32.10. Nd_duplicated_option (id: 06400035) default severity warning log message the same nd option appears more than once in the same packet. Dropping packet. Explanation the ne...
Page 402
Recommended action verify that no faulty network equipment exists. Revision 1 context parameters rule name packet buffer 2.32.13. Nd_illegal_prefix_info_option_size (id: 06400038) default severity warning log message illegal option size. Dropping explanation the neighbor discovery packet option size...
Page 403
Recommended action verify that no faulty network equipment exists. Revision 1 context parameters rule name packet buffer 2.32.16. Nd_zero_size_option (id: 06400041) default severity warning log message illegal option size. Dropping explanation the neighbor discovery packet option size is zero. Dropp...
Page 404
Revision 1 context parameters rule name packet buffer 2.32.19. Nd_unknown_icmp_code (id: 06400044) default severity warning log message unsupported icmp code. Dropping explanation the neighbor discovery packet icmp code is unknown. Dropping packet. Gateway action drop recommended action verify that ...
Page 405
Gateway action drop recommended action verify that no faulty network equipment exists. Revision 1 parameters senderip context parameters rule name packet buffer 2.32.22. Nd_hoplimit_reached (id: 06400047) default severity warning log message neighbor discovery packet from appears to have been routed...
Page 406
Default severity warning log message failed to verify neighbor discovery sender ip address. Dropping explanation the neighbor discovery sender ip address could not be verified according to the "access" section, and the packet is dropped. Gateway action drop recommended action if all neighbor discove...
Page 407
Log message sender ip is the unknown address. Dropping packet. Explanation the neighbor advertisement packet sender ip address matches that of the unknown address (::). Dropping packet. Gateway action drop recommended action verify that no faulty network equipment exists. Revision 1 parameters sende...
Page 408
Packet buffer 2.32.30. Nd_mcast_dpd_reply (id: 06400055) default severity warning log message dead peer probe answered with multicast message. Dropping packet. Explanation the dead peer probe reply packet destination ip is a multicast address. Dropping packet. Gateway action drop recommended action ...
Page 409
Recommended action verify that no faulty network equipment exists. Revision 1 parameters cachedenet targetenet context parameters rule name packet buffer 2.32.33. Nd_updated_entry (id: 06400058) default severity notice log message nd cache entry updated from to . Explanation a neighbor advertisement...
Page 410
2.32.35. Nd_update_entry_request (id: 06400060) default severity notice log message nd cache entry update from to request. Dropping packet. Explanation a neighbor advertisement requests updating an entry in the neighbor discovery cache. Dropping packet. Gateway action drop recommended action none. R...
Page 411
Recommended action verify that no faulty network equipment exists. Revision 1 parameters sendermac context parameters rule name packet buffer 2.32.38. Nd_rs_unicast_target (id: 06400063) default severity warning log message router solicitation destination address isn't multicast. Dropping explanatio...
Page 412
Explanation the neighbor solicitation packet contains a source link layer adderss option, this is illegal according to rfc4861. Dropping packet. Gateway action drop recommended action verify that no faulty network equipment exists. Revision 1 context parameters rule name packet buffer 2.32.41. Nd_up...
Page 413
Packet buffer 2.32.43. Nd_update_entry_request (id: 06400068) default severity notice log message nd cache entry update from to request. Dropping packet. Explanation a neighbor solicitation requests updating an entry in the neighbor discovery cache. Dropping packet. Gateway action drop recommended a...
Page 414
Explanation the neighbor solicitation duplicatge address probe packet destination ip address is not a solicited node multicast address. Dropping packet. Gateway action drop recommended action verify that no faulty network equipment exists. Revision 1 parameters sendermac context parameters rule name...
Page 415
Context parameters rule name packet buffer 2.32.48. More_ndoptcount (id: 06400073) default severity warning log message number of options more than icmp6maxoptnd - explanation received a packet with number of options more than icmp6maxoptnd. Gateway action none recommended action none. Revision 1 pa...
Page 416
Revision 1 context parameters rule name packet buffer 2.32.51. Router_discovered (id: 06400076) default severity notice log message interface have successfully processed a router advertisement explanation an interface have successfully processed a router advertisement. Gateway action none recommende...
Page 417
Gateway action none recommended action none. Revision 1 parameters iface ip context parameters packet buffer 2.32.54. Router_not_found (id: 06400079) default severity notice log message unable to find router on interface explanation the gateway has solicited the local network for a router but have n...
Page 418: 2.33. Ip_Error
2.33. Ip_error these log messages refer to the ip_error (packet discarded due to ip header error(s)) category. 2.33.1. Too_small_packet (id: 01500001) default severity warning log message packet is too small to contain ipv4 header explanation the received packet is too small to contain an ipv4 heade...
Page 419
Gateway action drop recommended action none. Revision 1 parameters iptotlen iphdrlen context parameters rule name packet buffer 2.33.4. Invalid_ip_length (id: 01500004) default severity warning log message invalid ip header length, iptotlen=, recvlen= explanation the received packet ip total length ...
Page 420
Default severity warning log message invalid flow label value explanation the received packet with flow label other than zero. Gateway action none recommended action none. Revision 1 parameters flow_label context parameters rule name packet buffer 2.33.7. Invalid_ip6_flow (id: 01500021) default seve...
Page 421
2.33.9. Invalid_ip6_tc (id: 01500023) default severity warning log message invalid traffic class value explanation the received packet with traffic class other than zero. Gateway action strip recommended action none. Revision 1 parameters traffic_class context parameters rule name packet buffer 2.33...
Page 422
Ipactpaylen context parameters rule name packet buffer 2.33.12. Too_small_packet (id: 01500026) default severity warning log message packet is too small to contain ipv6 header explanation the received packet is too small to contain an ipv6 header, and will be dropped. Gateway action drop recommended...
Page 423: 2.34. Ip_Flag
2.34. Ip_flag these log messages refer to the ip_flag (events concerning the ip header flags) category. 2.34.1. Ttl_low (id: 01600001) default severity warning log message received packet with too low ttl of . Min ttl is . Ignoring explanation the received packet has a ttl (time-to-live) field which...
Page 424
Revision 1 context parameters rule name packet buffer 2.34.4. Hop_limit_low (id: 01600004) default severity warning log message received packet with too low hoplimit of . Min hoplimit is . Ignoring explanation the received packet has a hoplimit field which is too low. Ignoring and forwarding packet ...
Page 425: 2.35. Ip_Opt
2.35. Ip_opt these log messages refer to the ip_opt (events concerning the ip header options) category. 2.35.1. Source_route (id: 01700001) default severity notice log message packet has a source route explanation the packet has a source route. Ignoring. Gateway action ignore recommended action none...
Page 426
2.35.4. Ipopt_present (id: 01700004) default severity notice log message ip option () is present explanation the packet contains an ip option. Ignoring. Gateway action ignore recommended action none. Revision 1 parameters ipopt optname context parameters rule name packet buffer 2.35.5. Ipoptlen_too_...
Page 427
Revision 1 parameters ipopt optlen avail context parameters rule name packet buffer 2.35.7. Multiple_ip_option_routes (id: 01700012) default severity warning log message multiple source/return routes in ip options. Dropping explanation there are multiple source/return routes specified among the ip o...
Page 428
Log message ip option type : bad source route pointer . Dropping explanation the packet has a source route pointer, which is invalid. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters ipopt routeptr context parameters rule name packet buffer 2.35.10. Source_route_di...
Page 429
Default severity warning log message ip option type : bad length . Dropping explanation the packet contains an ip option, which has an invalid lengh. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters ipopt optlen context parameters rule name packet buffer 2.35.13. B...
Page 430
Tsptr oflo context parameters rule name packet buffer 2.35.15. Timestamp_disallowed (id: 01700020) default severity warning log message timestamp ip option disallowed. Dropping explanation the packet contains a timestamp ip option, which is disallowed. Dropping packet. Gateway action drop recommende...
Page 431
Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.35.18. Ipopt_present_disallowed (id: 01700023) default severity warning log message ip option () is present. Dropping explanation the packet contains an ip option, which is disallowed. Dropping packe...
Page 432
Gateway action drop recommended action none. Revision 1 context parameters rule name 2.35.21. Small_payload (id: 01700041) default severity warning log message jumbo option packet with a payload less than 65535 explanation received a jumbo option packet with a payload less than 65535. Gateway action...
Page 433
Context parameters rule name 2.35.24. Invalid_order (id: 01700044) default severity warning log message invalid jumbogram packet option other than in hop by hop header explanation received a jumbogram packet other than in hop by hop header. Gateway action drop recommended action none. Revision 1 con...
Page 434
Default severity warning log message received router alert option packet explanation received router alert option packet. Gateway action none recommended action none. Revision 1 context parameters rule name 2.35.28. Rcvd_router_alert (id: 01700048) default severity warning log message received route...
Page 435
Type. The option will be ignored and the rest of the packet will be processed. Gateway action none recommended action none. Revision 1 context parameters rule name packet buffer 2.35.31. Invalid_option (id: 01700051) default severity warning log message invalid ipv6 extension header option encounter...
Page 436
Explanation received home address option packet. Gateway action none recommended action none. Revision 1 context parameters rule name 2.35.34. Rcvd_ha_option (id: 01700054) default severity warning log message received home address option packet explanation received home address option packet. Gatew...
Page 437
Revision 1 context parameters rule name 2.35.37. Invalid_padn_data (id: 01700057) default severity warning log message option data containing non-zero value explanation option data containing non-zero value. Gateway action strip recommended action none. Revision 1 context parameters rule name 2.35.3...
Page 438
2.35.40. Mismatch_ip_eth (id: 01700060) default severity warning log message ip and ethernet destination mismatch explanation ip and ethernet destination mismatch. Gateway action none recommended action none. Revision 1 context parameters rule name 2.35.41. Mismatch_ip_eth (id: 01700061) default sev...
Page 439
Log message invalid router alert option other than in hop by hop header explanation received a router alert packet other than in hop by hop header. Gateway action drop recommended action none. Revision 1 context parameters rule name 2.35.44. Invalid_order (id: 01700065) default severity warning log ...
Page 440
Recommended action none. Revision 1 context parameters rule name 2.35.47. More_optcount (id: 01700068) default severity warning log message number of options more than ip6maxoph - explanation received a packet with number of options more than ip6maxoph. Gateway action none recommended action none. R...
Page 441
Revision 1 context parameters rule name 2.35.50. Ip6_rhother (id: 01700071) default severity warning log message routing packet with type other than 0 or 2 explanation received routing packet other than 0 or 2. Gateway action drop recommended action none. Revision 1 context parameters rule name 2.35...
Page 442
Default severity warning log message routing header with type 0 packet explanation received routing header type 0 packet. Gateway action none recommended action none. Revision 1 context parameters rule name 2.35.54. Ip6_rh0 (id: 01700075) default severity warning log message routing header with type...
Page 443
Explanation received a packet with invalid header order. Gateway action drop recommended action none. Revision 1 context parameters rule name 2.35.57. Invalid_ip6_exthdr (id: 01700078) default severity warning log message extension header length is greater than ip6exthdr setting explanation the rece...
Page 444
Recommended action none. Revision 1 context parameters rule name chapter 2: log message reference 444.
Page 445: 2.36. Ip_Proto
2.36. Ip_proto these log messages refer to the ip_proto (ip protocol verification events) category. 2.36.1. Multicast_ethernet_ip_address_mismatch (id: 07000011) default severity warning log message received packet with a destination ip address that does not match the ethernet multicast address expl...
Page 446
Log message received packet with zero ttl. Dropping explanation a packet was received with a ttl (time-to-live) field set to zero, which is not allowed. Dropping packet. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.36.4. Ttl_low (id: 07000014) ...
Page 447
Default severity warning log message configured size limit for the tcp protocol exceeded. Dropping explanation the configured size limit for the tcp protocol was exceeded. Dropping packet. Gateway action drop recommended action this can be changed under the advanced settings section. Revision 1 para...
Page 448
Context parameters rule name packet buffer 2.36.9. Invalid_udp_header (id: 07000022) default severity warning log message invalid udp header - ipdatalen=, udptotlen=. Dropping explanation the udp packet contains an invalid header. Dropping packet. Gateway action drop recommended action none. Revisio...
Page 449: 07000033)
Recommended action none. Revision 1 parameters ipdatalen icmpminlen context parameters rule name packet buffer 2.36.12. Multicast_ethernet_ip_address_mismatch (id: 07000033) default severity warning log message received packet with a destination ip address that does not match the ethernet multicast ...
Page 450
2.36.14. Oversize_esp (id: 07000051) default severity warning log message configured size limit for the esp protocol exceeded. Dropping explanation the configured size limit for the esp protocol was exceeded. Dropping packet. Gateway action drop recommended action this can be changed under the advan...
Page 451
Parameters proto context parameters rule name packet buffer 2.36.17. Oversize_ospf (id: 07000054) default severity warning log message configured size limit for the ospf protocol exceeded. Dropping explanation the configured size limit for the ospf protocol was exceeded. Dropping packet. Gateway act...
Page 452
Gateway action drop recommended action this can be changed under the advanced settings section. Revision 1 parameters proto context parameters rule name packet buffer 2.36.20. Oversize_l2tp (id: 07000057) default severity warning log message configured size limit for the l2tp protocol exceeded. Drop...
Page 453
Log message forward ipv6 packet with zero hoplimit. Dropping explanation try to forward a ipv6 packet with the hoplimit field set to zero, which is not allowed. Dropping packet. Gateway action drop recommended action none. Revision 3 context parameters rule name packet buffer 2.36.23. Hop_limit_low ...
Page 454
Default severity warning log message invalid icmp data length. Icmpdatalen= icmpiphdrminlen=. Dropping explanation the icmp data is not large enough to contain an ipv4 header. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters icmpdatalen icmpiphdrminlen context para...
Page 455
Revision 1 parameters icmpdatalen icmphdrlen context parameters rule name packet buffer 2.36.28. Invalid_icmp_data_invalid_ip_length (id: 07000074) default severity warning log message invalid icmp data length. Icmpdatalen= icmpipdatalen= icmpipdataminlen=. Dropping explanation the icmp data length ...
Page 456
2.36.30. Illegal_sender_address (id: 07000076) default severity warning log message source address does not identify a single node uniquely. Dropping explanation the source address is ending in zeroes. Dropping packet. Gateway action drop recommended action verify that no faulty network equipment ex...
Page 457: 2.37. L2Tp
2.37. L2tp these log messages refer to the l2tp (l2tp tunnel events) category. 2.37.1. L2tpclient_resolve_successful (id: 02800001) default severity notice log message l2tp client resolved to explanation the l2tp client successfully resolved the dns name of the remote gateway. Gateway action none re...
Page 458: 02800006)
Revision 1 parameters iface remotegw 2.37.4. L2tp_connection_disallowed (id: 02800004) default severity notice log message l2tp connection disallowed according to rule ! Tunnel id: , session id: explanation the l2tp connection is disallowed according to the specified userauth rule. Gateway action no...
Page 459
Explanation the l2tp server received a packet that was routed to the interface by a route that was either manually configured or set up by another subsystem. Gateway action drop recommended action make sure no manually configured routes to the l2tp server interface exists in the configuration. Revis...
Page 460
On explanation mppe is required by the configuration but the mppe negotiation failed. Session will be closed. Gateway action none recommended action make sure the peer is capable of mppe encryption, or disable the mppe requirement. Revision 1 parameters iface sessionid remotegw 2.37.10. L2tp_session...
Page 461
Default severity warning log message did not find a matching userauth rule for this l2tp server! Tunnel id: , session id: explanation the l2tp server was unsuccessful trying to find a matching userauth rule. Gateway action none recommended action make sure the userauth rules are configured correctly...
Page 462
2.37.15. Failure_init_radius_accounting (id: 02800017) default severity warning log message failed to send accounting start to radius accounting server. Accounting will be disabled explanation failed to send start message to radius accounting server. Radius accounting will be disabled for this sessi...
Page 463
2.37.18. Unknown_ctrl_conn_id (id: 02800020) default severity warning log message unknown control connection id from on tunnel . Explanation a packet with an unknown control connection id was received by the l2tp interface. Gateway action none recommended action none. Revision 1 parameters iface rem...
Page 464
Parameters iface ctrlconnid 2.37.21. L2tp_session_request (id: 02800045) default severity notice log message l2tp session request received. Control connection id: explanation a new session request was received on the specified tunnel. Gateway action none recommended action none. Revision 1 parameter...
Page 465
2.37.24. Waiting_for_ip_to_listen_on (id: 02800050) default severity notice log message l2tp server cannot start until it has an ip address to listen on explanation the l2tp server cannot start until the l2tp interface has a proper ip address to listen on. Gateway action none recommended action make...
Page 466: 2.38. Lacp
2.38. Lacp these log messages refer to the lacp (link aggregation control protocol) category. 2.38.1. Lacp_up (id: 07700001) default severity informational log message negotiation was successful and was added to the aggregation. Explanation lacp has successfully negotiated with a partner system and ...
Page 467
Gateway action exclude_link recommended action verify that the link is operational and connected to a properly configured lacp system. Revision 1 parameters physiface laiface 2.38.4. Lacp_partner_mismatch (id: 07700004) default severity error log message the information exchanged with the partner sy...
Page 468
2.38.6. Lacp_link_down (id: 07700006) default severity error log message appears to be down. Explanation . Gateway action exclude_link recommended action . Revision 1 parameters physiface laiface 2.38.7. Lacp_disabled_half_duplex (id: 07700007) default severity error log message has been disabled be...
Page 469: 2.39. Natpool
2.39. Natpool these log messages refer to the natpool (events related to nat pools) category. 2.39.1. Uninitialized_ippool (id: 05600001) default severity error log message natpool has not been initialized explanation the natpool is not initialized. This can happen if the natpool contains no valid i...
Page 470
Recommended action none. Revision 1 parameters address poolname context parameters connection 2.39.4. Out_of_memory (id: 05600005) default severity error log message out of memory while allocating natpool state for explanation a state could not be allocated since the unit is out of memory. Gateway a...
Page 471
Recommended action none. Revision 1 parameters poolname 2.39.7. Proxyarp_failed (id: 05600008) default severity error log message could not add dynamic proxyarp route. Natpool explanation it was not possible to dynamically add a core route for the given ip address. Gateway action none recommended ac...
Page 472
Been reached. Natpool subsystem must replace an active state since no lingering states exist. Gateway action replace_active recommended action increase the maxstates variable for this natpool if more concurrent states are wanted. Revision 1 parameters poolname num_states replacedip 2.39.10. Register...
Page 473
Explanation failed to fetch new translation ip address from ip pool. Gateway action none recommended action check configuration for nat pool and ip pool. Revision 1 parameters poolname 2.39.13. Synchronization_failed (id: 05600014) default severity error log message failed to synchronize translation...
Page 474: 2.40. Ospf
2.40. Ospf these log messages refer to the ospf (ospf events) category. 2.40.1. Internal_error (id: 02400001) default severity warning log message internal error. Iface got ievent in istate . Ignored explanation internal error in the ospf interface state engine. Gateway action ignore recommended act...
Page 475
Failover. Gateway action none recommended action check ospf interface configuration. Revision 1 parameters iface neighborid myifaceip context parameters rule name 2.40.4. Bad_packet_len (id: 02400004) default severity warning log message received ospf packet with bad length explanation received ospf...
Page 476
Default severity warning log message sender source not within interface range () explanation received ospf data from a neighboring router not within the receive interface range. Gateway action drop recommended action make sure all locally attached ospf routes are on the same network. Revision 1 para...
Page 477
Parameters recv_netmask my_netmask context parameters rule name packet buffer 2.40.9. Hello_interval_mismatch (id: 02400009) default severity warning log message hello interval mismatch. Received was , mine is . Dropping explanation received ospf data from a neighboring router with a mismatching hel...
Page 478
Default severity warning log message hello e-flag mismatch. Received was , mine is . Dropping explanation received ospf data from a neighboring router with mismatching e-flag (describes how as-external-lsas are flooded) configuration. Gateway action drop recommended action make sure all locally atta...
Page 479
Revision 1 context parameters rule name packet buffer 2.40.14. Unknown_lsa_type (id: 02400014) default severity warning log message unknown lsa type . Dropping explanation received ospf data from a neighbor which contained a unknown lsa. Gateway action drop recommended action check the configuration...
Page 480
Gateway action drop recommended action verify that the neighboring ospf router share the same password. Revision 1 context parameters rule name 2.40.17. Bad_auth_crypto_key_id (id: 02400052) default severity warning log message authentication mismatch. Bad crypto key id. Received was , mine is expla...
Page 481
Explanation authentication failed due to bad crypto digest. Gateway action drop recommended action verify that the neighboring ospf router share the same crypto digest. Revision 1 context parameters rule name 2.40.20. Checksum_mismatch (id: 02400055) default severity warning log message checksum mis...
Page 482
Default severity warning log message neighbor m/ms mismatch. Restarting exchange explanation received indication that a neighbor got the m/ms (master/slave) role wrong. Gateway action restart recommended action none. Revision 1 parameters neighbor context parameters rule name 2.40.23. I_flag_misuse ...
Page 483
Default severity warning log message neighbor replied with a unexpected sequence number. Restarting exchange explanation received neighbor reply with a unexpected sequence number. Gateway action restart recommended action none. Revision 1 parameters neighbor context parameters rule name 2.40.26. Non...
Page 484
2.40.28. Unknown_lsa (id: 02400107) default severity warning log message neighbor implied unknown lsa (). Restarting exchange explanation a neighbor described an unknown lsa type. Gateway action restart recommended action check neighboring ospf router configuration. Revision 1 parameters neighbor ls...
Page 485
Def_maxage context parameters rule name 2.40.31. Lsa_checksum_mismatch (id: 02400150) default severity warning log message lsa checksum mismatch. Lsa is discarded explanation received lsa with mismatching checksum. Gateway action discard recommended action check network equipment for problems. Revis...
Page 486: 02400155)
Context parameters rule name 2.40.34. Bad_lsa_maxage (id: 02400153) default severity warning log message bad lsa maxage (). Lsa is discarded explanation received lsa with a bad max age. Gateway action discard recommended action none. Revision 1 parameters maxage context parameters rule name 2.40.35....
Page 487
Context parameters rule name 2.40.37. Db_copy_more_recent_then_received (id: 02400156) default severity warning log message received lsa(lsa- id: advrtr:) is older then db copy. Discarding received lsa explanation received lsa which is older then the copy in the database. Gateway action discard reco...
Page 488
Recommended action none. Revision 1 context parameters rule name packet buffer 2.40.40. Req_packet_lsa_size_mismatch (id: 02400159) default severity warning log message req packet lsa size mismatch. Parsing aborted explanation received ospf req packet with a mismatching lsa size. Gateway action abor...
Page 489
Revision 1 parameters lsa lsaid lsartr context parameters rule name 2.40.43. Unable_to_send_ack (id: 02400162) default severity critical log message unable to send ack explanation unable to send acknowledgement. Gateway action alert recommended action check memory consumption. Revision 1 context par...
Page 490
Recommended action check for incorrectly configured neighbors. Revision 1 parameters neighbor neighborid iface context parameters rule name 2.40.46. Too_many_neighbors (id: 02400201) default severity warning log message too many neighbors on . Unable to maintain 2-way with all of them(hello packet) ...
Page 491: 02400301)
Explanation unable to find transport area for a vlink. Gateway action skip_iface recommended action check ospf area configuration. Revision 1 parameters area vlink context parameters rule name 2.40.49. Internal_error_unable_to_map_identifier (id: 02400301) default severity warning log message intern...
Page 492: (Id: 02400303)
(id: 02400303) default severity warning log message memory usage for ospf process have now exceeded 70 percent of the maximum allowed explanation the memory usage for a ospf process have exceeded 70 percent of the maximum allowed. Gateway action none recommended action check memory consumption. Revi...
Page 493: (Id: 02400401)
Context parameters rule name 2.40.54. Internal_lsa_chksum_error (id: 02400306) default severity critical log message lsa internal checksum error explanation internal lsa checksum error. Gateway action alert recommended action check hardware for defects. Revision 1 context parameters rule name 2.40.5...
Page 494: (Id: 02400402)
Parameters netvtxid context parameters rule name 2.40.57. Internal_error_unable_to_find_iface_connecting_to_lsa (id: 02400402) default severity warning log message internal error: unable to find my interface connecting to described lsa (netvtxid: ) explanation unable to find local interface connecti...
Page 495: (Id: 02400405)
Explanation unable to find local interface connecting to descried lsa. Gateway action none recommended action contact support with a scenario description. Revision 1 parameters rtrvtxid context parameters rule name 2.40.60. Internal_error_unable_neighbor_iface_attached_back_to_me (id: 02400405) defa...
Page 496: (Id: 02400407)
(id: 02400407) default severity warning log message internal error: unable to find my link connecting to described lsa (netvtxid:) explanation unable to find local link connected to described lsa. Gateway action none recommended action contact support with a scenario description. Revision 1 paramete...
Page 497
Default severity critical log message failed to add route ! Ospf process should now be considered inconsistent explanation unable to add route. Gateway action alert recommended action check memory consumption. Revision 1 parameters route context parameters rule name chapter 2: log message reference ...
Page 498: 2.41. Ppp
2.41. Ppp these log messages refer to the ppp (ppp tunnel events) category. 2.41.1. Ip_pool_empty (id: 02500001) default severity warning log message ipcp can not assign ip address to peer because the ip address pool is empty explanation ipcp can not assign an ip address to the peer because there ar...
Page 499: 02500004)
Revision 1 parameters tunnel_type 2.41.4. Seconday_dns_address_required_but_not_received (id: 02500004) default severity warning log message secondary dns address required but not received. Ppp terminated explanation peer refuses to give out a secondary dns address. Since reception of a secondary dn...
Page 500: 02500050)
Recommended action none. Revision 1 parameters tunnel_type 2.41.7. Failed_to_agree_on_authentication_protocol (id: 02500050) default severity error log message failed to agree on authentication protocol. Ppp terminated explanation failed to agree on ppp authentication protocol. Ppp is terminated. Ga...
Page 501
Gateway action ppp_terminated recommended action try to reconfigure the peer so it does not demand the use of this lcp option. Revision 1 parameters tunnel_type unsupported_lcp_option 2.41.10. Ppp_tunnel_limit_exceeded (id: 02500100) default severity alert log message ppp tunnel license limit exceed...
Page 502
Gateway action chap_response_value_truncated recommended action none. Revision 1 parameters tunnel_type 2.41.13. Username_too_long (id: 02500151) default severity warning log message ppp chap username was truncated because it was too long explanation ppp chap username was truncated because it was to...
Page 503
Parameters tunnel_type 2.41.16. Username_too_long (id: 02500350) default severity warning log message ppp pap username was truncated because it was too long explanation ppp pap username was truncated because it was too long. Gateway action pap_username_truncated recommended action reconfigure the en...
Page 504
Default severity error log message radius server authentication error. Ppp authentication terminated explanation there was an error while authenticating using a radius server. Ppp authentication terminated. Gateway action authentication_terminated recommended action none. Revision 1 parameters tunne...
Page 505
Log message mppe decryption resulted in the unsupported protocol . Terminating ppp explanation mppe decryption resulted in an unsupported protocol. Ip is the only protocol supported. This either means that the decryption failed or that the peer actually sent data using an unsupported protocol. Ppp i...
Page 506: 2.42. Pppoe
2.42. Pppoe these log messages refer to the pppoe (pppoe tunnel events) category. 2.42.1. Pppoe_tunnel_up (id: 02600001) default severity notice log message pppoe tunnel on established to . Auth: , ifaceip: , downtime: explanation the pppoe tunnel for the interface have been established. . Gateway a...
Page 507: 2.43. Pptp
2.43. Pptp these log messages refer to the pptp (pptp tunnel events) category. 2.43.1. Pptpclient_resolve_successful (id: 02700001) default severity notice log message pptp client resolved to explanation the pptp client succesfully resolved the dns name of remote gateway. Gateway action none recomme...
Page 508: 02700006)
Recommended action make sure the userauth rules are configured correctly. Revision 1 parameters rule remotegw callid 2.43.4. Unknown_pptp_auth_source (id: 02700004) default severity warning log message unknown pptp authentication source for ! Remote gateway: , call id: explanation the authentication...
Page 509
Log message pptp server received a packet routed by a route not set up by the interface itself. Dropping packet. Explanation the pptp server interface received a packet that was routed to the interface by a route that was either manually configured or set up by another subsystem. Traffic can only be...
Page 510
2.43.9. Pptp_session_request (id: 02700009) default severity notice log message pptp session request sent on control connection to explanation an pptp session request has been sent on the control connection to the specified remote gateway. Gateway action none recommended action none. Revision 1 para...
Page 511
Revision 1 parameters callid remotegw iface 2.43.12. Pptp_session_up (id: 02700012) default severity warning log message ppp negotiation completed for session to on . User: , auth: , mppe: , assigned ip: explanation the ppp negotiation has completed successfully for this session. The specified inter...
Page 512
2.43.14. Tunnel_idle_timeout (id: 02700014) default severity warning log message pptp tunnel to on has been idle for too long. Closing it. Explanation a pptp tunnel has been idle for too long. Tunnel will be closed. Gateway action close_tunnel recommended action none. Revision 1 parameters iface rem...
Page 513
2.43.17. Pptpclient_connected (id: 02700018) default severity notice log message pptp client connected to , requesting control connection explanation a pptp client has established a connection to its remote gateway and is sending a control connection request message. Gateway action none recommended ...
Page 514
Iface remotegw 2.43.20. Pptp_tunnel_up (id: 02700021) default severity notice log message pptp tunnel on is up. Connected to server on . Explanation this pptp client has established a control connection to the remote pptp server. Gateway action none recommended action none. Revision 1 parameters ifa...
Page 515
Parameters rule iface remotegw 2.43.23. Unknown_pptp_auth_source (id: 02700025) default severity warning log message unknown pptp authentication source for !. Interface: , remote gateway: . Explanation the authentication source for the specified userauth rule is unknown to the pptp server. Gateway a...
Page 516
Recommended action none. Revision 1 parameters iface remotegw error_code 2.43.26. Waiting_for_ip_to_listen_on (id: 02700050) default severity warning log message pptp server cannot start until it has an ip address to listen on. Explanation the pptp server cannot start until it has a proper ip addres...
Page 517: 2.44. Radiusrelay
2.44. Radiusrelay these log messages refer to the radiusrelay (radius relay) category. 2.44.1. Malformed_packet (id: 07500001) default severity warning log message malformed packet received. Explanation a malformed packet was received. Gateway action none recommended action none. Revision 1 paramete...
Page 518
Revision 1 parameters username imsi mac iface ip calledstationid 2.44.4. User_removed_timeout (id: 07500004) default severity notice log message user was removed due to timeout. Explanation a user was removed because a timeout was reached. Gateway action none recommended action none. Revision 1 para...
Page 519
Log message user was logged out. Explanation a user was logged out. Gateway action none recommended action none. Revision 1 parameters username imsi mac iface ip 2.44.7. Login_from_same_mac (id: 07500007) default severity notice log message user is logging from in the same mac address as , logging o...
Page 520
Ip port 2.44.9. Login_from_new_mac (id: 07500010) default severity notice log message user is logging in from another mac address, logging out current user. Explanation an already authenticated user is logging in from a new mac address than before. The current user instance will be logged out. Gatew...
Page 521: 2.45. Realtimemonitor
2.45. Realtimemonitor these log messages refer to the realtimemonitor (real-time monitor events) category. Note the log message ids in this category are assigned dynamically based on the realtime monitor configuration. The variable part of the id (indicated by x below) corresponds to the assigned id...
Page 522
2.45.3. Value_below_high_threshold (id: 054xxxxx) default severity informational log message firewall monitoring. Current uptime: . The value of: is now bellow the high threshold low threshold: current mean of : . Explanation low threshold passed. Gateway action none recommended action none. Revisio...
Page 523: 2.46. Reassembly
2.46. Reassembly these log messages refer to the reassembly (events concerning data reassembly) category. 2.46.1. Ack_of_not_transmitted_data (id: 04800002) default severity informational log message tcp segment acknowledges data not yet transmitted explanation a tcp segment that acknowledges data n...
Page 524
Recommended action research the source of this errornous traffic. Revision 1 context parameters connection 2.46.4. Memory_allocation_failure (id: 04800005) default severity error log message can't allocate memory to keep track of a packet explanation the gateway is unable to allocate memory to keep ...
Page 525
2.46.7. Processing_memory_limit_reached (id: 04800009) default severity notice log message maximum processing memory limit reached explanation the reassembly subsystem has reached the maximum limit set on its processing memory. This will decrease the performance of connections that are processed by ...
Page 526: 2.47. Rfo
2.47. Rfo these log messages refer to the rfo (route fail over events) category. 2.47.1. Has_ping (id: 04100001) default severity notice log message interface , table , net : route enabled, got ping reply from gw explanation route is available. Received ping reply from the gateway. Gateway action no...
Page 527
Reply from the gateway. Gateway action route_disabled recommended action none. Revision 1 parameters iface table net gateway 2.47.4. Unable_to_register_pingmon (id: 04100004) default severity warning log message interface , table , net : route no longer monitored, unable to register ping monitor exp...
Page 528
2.47.6. Has_arp (id: 04100006) default severity notice log message interface , table , net : route enabled, got arp reply from gateway explanation route is available. Received arp reply from the gateway. Gateway action route_enabled recommended action none. Revision 2 parameters iface table net gate...
Page 529
Revision 1 parameters iface table net gateway 2.47.9. Unable_to_register_arp_monitor (id: 04100009) default severity warning log message interface , table , net : route no longer monitored via arp, unable to register arp monitor explanation internal error: the route is no longer monitored. Failed to...
Page 530
Explanation the interface has a link. Some associated routes may require arp to be enabled. Gateway action none recommended action none. Revision 2 parameters iface 2.47.12. Unable_to_register_interface_monitor (id: 04100012) default severity error log message interface , table , net : route no long...
Page 531
Default severity notice log message interface , table , net : route disabled, host monitoring failed explanation route is disabled. Host monitoring failed. Gateway action route_disabled recommended action none. Revision 1 parameters iface table net 2.47.15. Hostmon_successful (id: 04100015) default ...
Page 532: 2.48. Rule
2.48. Rule these log messages refer to the rule (events triggered by rules) category. 2.48.1. Ruleset_fwdfast (id: 06000003) default severity notice log message packet statelessly forwarded (fwdfast) explanation the packet matches a rule with a "fwdfast" action, and is statelessly forwarded. Gateway...
Page 533
Context parameters rule name rule information packet buffer 2.48.4. Rule_match (id: 06000007) default severity debug log message return action trigged explanation a rule with a special return action was trigged by an ip-rule lookup. This log message only appears if you explicitly requested it for th...
Page 534
Section in the configuration. Revision 1 context parameters rule name packet buffer 2.48.7. Block127net (id: 06000012) default severity warning log message destination address is the 127.* net. Dropping explanation the destination address was the 127.* net, which is not allowed according to the conf...
Page 535
Recommended action none. Revision 1 context parameters rule name packet buffer 2.48.10. Allow_broadcast (id: 06000016) default severity notice log message broadcast packet statelessly forwarded explanation the broadcast packet matches a rule with a "allow" action, and is statelessly forwarded. Gatew...
Page 536
Recommended action if this type of traffic should be dropped, modify the "settings" section in the configuration. Revision 1 context parameters rule name packet buffer 2.48.13. Directed_broadcasts (id: 06000030) default severity notice log message packet directed to the broadcast address of the dest...
Page 537
Packet is dropped. Gateway action drop recommended action none. Revision 3 parameters type vlanid context parameters rule name packet buffer 2.48.16. Ruleset_reject_packet (id: 06000050) default severity warning log message packet rejected by rule-set. Rejecting explanation the rule-set is configure...
Page 538
Explanation a packet directed to the unit itself was received. The packet is allowed, but there is no matching state information for this packet. It is not part of any open connections, and will be dropped. Gateway action drop recommended action none. Revision 1 context parameters rule name packet b...
Page 539
2.48.21. Ip4_address_removed (id: 06000072) default severity informational log message ip address removed from fqdn address used in ippolicy explanation the ippolicy address filter was updated by the dns cache. Gateway action policy_updated recommended action none. Revision 1 parameters fqdn_name di...
Page 540
Recommended action verify that the fqdn address was entered correctly. Revision 1 parameters fqdn_name dir context parameters rule name 2.48.24. Dns_timeout (id: 06000075) default severity error log message dns query of fqdn address in ippolicy filter timed out. Explanation the dns cache did not rec...
Page 541: 2.49. Services
2.49. Services these log messages refer to the services (system services events) category. 2.49.1. Httpposter_success (id: 06600100) default severity notice log message success updating using http poster, next update in seconds explanation the http poster update failed. Gateway action none recommend...
Page 542
Gateway action none recommended action none. Revision 1 parameters host retry_delay reason chapter 2: log message reference 542.
Page 543: 2.50. Sesmgr
2.50. Sesmgr these log messages refer to the sesmgr (session manager events) category. 2.50.1. Sesmgr_session_created (id: 04900001) default severity notice log message session connected for user: . Database: . Ip: . Type: . Explanation new session created in session manager. Gateway action none rec...
Page 544
Recommended action none. Revision 1 parameters user database ip type 2.50.4. Sesmgr_access_set (id: 04900004) default severity notice log message access level changed to for user: . Database: . Ip: . Type: . Explanation access level has been changed for session. Gateway action none recommended actio...
Page 545
Log message file upload connection denied for user: . Ip: . Type: . Explanation administrator session already active, file upload session denied. Gateway action deny_upload recommended action terminate administrator session and try again. Revision 1 parameters user ip type 2.50.7. Sesmgr_console_den...
Page 546
Log message could not allocate memory for new session explanation could not allocate memory for new session. Gateway action none recommended action check memory. Revision 1 2.50.10. Sesmgr_session_activate (id: 04900010) default severity notice log message session has been activated for user: . Data...
Page 547
Log message could not create new console at initialization of firewall for user: . Database: . Ip: . Type: . Explanation could not create new console at initialization of firewall. Gateway action remove_session recommended action check maximum number of sessions and consoles. Revision 1 parameters u...
Page 548
2.50.15. Sesmgr_file_error (id: 04900017) default severity alert log message error accessing files. Explanation error occured when accessing files for reading/writing. Gateway action file_error recommended action check available memory. Revision 1 2.50.16. Sesmgr_techsupport (id: 04900018) default s...
Page 549: 2.51. Slb
2.51. Slb these log messages refer to the slb (slb events) category. 2.51.1. Server_online (id: 02900001) default severity notice log message slb server is online according to monitor explanation a disabled server has been determined to be alive again. Gateway action adding this server to the active...
Page 550: 2.52. Smtplog
2.52. Smtplog these log messages refer to the smtplog (smtplog events) category. 2.52.1. Unable_to_establish_connection (id: 03000001) default severity warning log message unable to establish connection to smtp server . Send aborted explanation the unit failed to establish a connection to the smtp s...
Page 551
Parameters smtp_server 2.52.4. Receive_timeout (id: 03000005) default severity warning log message receive timeout from smtp server . Send aborted explanation the unit timed out while receiving data from the smtp server. No smtp log will be sent. Gateway action abort_sending recommended action none....
Page 552
2.52.7. Rejected_sender (id: 03000008) default severity warning log message smtp server rejected sender . Send aborted explanation the smtp server rejected the sender. No smtp log will be sent. Gateway action abort_sending recommended action verify that the smtp server is configured to accept this s...
Page 553
Default severity warning log message smtp server rejected data request. Send aborted explanation the smtp server rejected the data request. No smtp log will be sent. Gateway action none recommended action verify that the smtp server is properly configured. Revision 1 parameters smtp_server 2.52.11. ...
Page 554
Log message ip address removed from fqdn address used in smtp logger . Explanation the ip address used by [logger] has been deleted by the dns module. Gateway action smtplogger_updated recommended action none. Revision 1 parameters ip fqdn_name logger 2.52.14. Dns_no_record (id: 03000022) default se...
Page 555
Default severity error log message dns query of fqdn address in smtp logger failed. Explanation the system was unable to resolve the fqdn address due to an internal error. Gateway action none recommended action if the problem persists, please contact the support and report this issue. Revision 1 par...
Page 556
Logger chapter 2: log message reference 556.
Page 557: 2.53. Snmp
2.53. Snmp these log messages refer to the snmp (allowed and disallowed snmp accesses) category. 2.53.1. Disallowed_sender (id: 03100001) default severity notice log message disallowed snmp from , disallowed sender ip explanation the sender ip address is not allowed to send snmp data to the unit. Dr...
Page 558
Revision 1 parameters peer context parameters connection 2.53.4. Snmp3_local_password_too_short (id: 03100101) default severity notice log message disallowed snmp from , local password is too short explanation snmpv3 specification rfc3414 ch. 11.2 demands that the passowrd is at least 8 characters. ...
Page 559: 03100104)
Gateway action drop recommended action make sure the security level of the snmp client match the security level of the system. Revision 1 parameters peer context parameters connection 2.53.7. Snmp3_message_intended_for_other_system (id: 03100104) default severity warning log message disallowed snmp ...
Page 560
Default severity notice log message disallowed snmp from , message is outside of the time window +/-150 seconds explanation according to snmpv3 specification rfc3414 a message containing engine time that differs more than +/-150 seconds from current time is to be dropped to prevent replay attacks. G...
Page 561
2.53.12. Snmp3_decryption_failed (id: 03100109) default severity warning log message disallowed snmp from , decryption failed explanation the snmp decryption failed. Gateway action drop recommended action check that peer uses correct cipher. Revision 1 parameters peer context parameters connection 2...
Page 562: 2.54. Sshd
2.54. Sshd these log messages refer to the sshd (ssh server events) category. 2.54.1. Out_of_mem (id: 04700001) default severity error log message out of memory explanation memory allocation failure. System is running low on ram memory. Gateway action close recommended action try to free some of the...
Page 563
2.54.4. Error_occurred (id: 04700005) default severity error log message occurred with the connection from client . Explanation an error occurred, and the connection will be closed. Gateway action close recommended action none. Revision 1 parameters error client 2.54.5. Invalid_mac (id: 04700007) de...
Page 564
Log message username change is not allowed. From name to client. Client: explanation user changed the username between two authentication phases, which is not allowed. Closing connection. Gateway action close recommended action none. Revision 1 parameters fromname toname client 2.54.8. Invalid_usern...
Page 565
Default severity warning log message ssh login grace timeout ( seconds) expired, closing connection. Client: explanation the client failed to login within the given login grace time. Closing connection. Gateway action close recommended action increase the grace timeout value if it is set too low. Re...
Page 566
Default severity error log message dsa signature verification for client failed. Explanation the client dsa signuature could not be verified. Closing connection. Gateway action close recommended action none. Revision 1 parameters client 2.54.14. Key_algo_not_supported. (id: 04700055) default severit...
Page 567
Default severity warning log message maximum number of connected ssh clients () has been reached. Denying acces for client: . Explanation the maximum number of simultaneously connected ssh clients has been reached. Denying access for this attempt, and closing the connection. Gateway action close rec...
Page 568
2.54.19. Scp_failed_not_admin (id: 04704000) default severity notice log message administrator access could not set for session from this ip: explanation scp transfers can only be used if sessions has administrator access. Closing connection. Gateway action close recommended action if there are othe...
Page 569: 2.55. Sslvpn
2.55. Sslvpn these log messages refer to the sslvpn (sslvpn events.) category. 2.55.1. Sslvpn_session_created (id: 06300010) default severity informational log message ssl vpn session created :->: at explanation ssl vpn session created [remoteip]:[remoteport]->[localip]:[localport] at [ssliface]. Ga...
Page 570
Reached. Explanation ssl vpn can not create session. Maximun allowed sslvpn tunnels reached. Gateway action none recommended action none. Revision 2 2.55.4. Failure_init_radius_accounting (id: 06300013) default severity warning log message failed to send accounting start to radius accounting server....
Page 571
Log message unknown ssl vpn authentication source for ! Remote gateway: explanation the authentication source for the specified userauth rule found in the new configuration is unknown to the ssl vpn server. Closing down the ssl vpn connection. Gateway action sslvpn_connection_closed recommended acti...
Page 572
Default severity warning log message unknown ssl vpn authentication source for !. Interface: , remote gateway: . Explanation the authentication source for the specified userauth rule is unknown to the ssl vpn server. Gateway action none recommended action make sure the userauth rules are configured ...
Page 573: 2.56. System
2.56. System these log messages refer to the system (system-wide events: startup, shutdown, etc..) category. 2.56.1. Demo_expired (id: 03200020) default severity emergency log message the unit will no longer operate, as the demo period has expired. Install a license in order to avoid this. Explanati...
Page 574
Parameters reason time 2.56.4. Demo_mode (id: 03200023) default severity alert log message demo mode resumed at the count of seconds. Reason: . Explanation demo mode resumed at the count of [time] seconds. Reason: [reason]. Gateway action shutdown_soon recommended action install a license. Revision ...
Page 575
2.56.7. Invalid_ip_match_access_section (id: 03200110) default severity warning log message failed to verify ip address as per access section. Dropping explanation the ip address was not verified according to the access section. Gateway action drop recommended action none. Revision 1 context paramet...
Page 576
Explanation the system has identified a hardware watchdog and initialized it. Gateway action none recommended action none. Revision 1 parameters hardware_watchdog_chip watchdog_timeout 2.56.11. Port_bind_failed (id: 03200300) default severity alert log message out of memory while tying to allocate d...
Page 577: 03200401)
Log message using high load mode for local ip destination ip pair explanation mode for local ip - destination ip pair has changed to high load because of heavy traffic. Gateway action none recommended action none. Revision 1 parameters localip destip 2.56.14. Port_llm_conversion (id: 03200303) defau...
Page 578
Default severity warning log message log messages lost due to log buffer exhaustion explanation due to extensive logging, a number of log messages was not sent. Gateway action none recommended action examine why the unit sent such a large amount of log messages. If this is normal activity, the "logs...
Page 579
Default severity error log message failed to open newly uploaded configuration file explanation the unit failed to open the uploaded configuration file. Gateway action none recommended action verify that the disk media is intact. Revision 1 parameters new_cfg 2.56.20. Disk_cannot_remove (id: 0320060...
Page 580
Explanation for reasons specified in earlier log events, the unit failed to switch to the new configuration and will continue to use the present configuration. Gateway action none recommended action consult the recommended action in the previous log message, which contained a more detailed error des...
Page 581
Explanation ip rules or policies have been altered due to changes in the configuration. Gateway action none recommended action none. Revision 1 parameters date 2.56.26. User_blocked (id: 03200802) default severity notice log message login for user : has failed: currently in blocked state for the nex...
Page 582
Log message shutdown aborted. Core file missing explanation the unit was issued a shutdown command, but no core executable file is seen. The shutdown process is aborted. Gateway action shutdown_gateway_aborted recommended action verify that the disk media is intact. Revision 1 parameters shutdown re...
Page 583
Log message firewall starting. Core: . Build: . Current uptime: . Using configuration file , version . Previous shutdown: explanation the firewall is starting up. Gateway action none recommended action none. Revision 2 parameters corever build uptime cfgfile localcfgver remotecfgver previous_shutdow...
Page 584
Recommended action none. Revision 1 parameters shutdown 2.56.34. Admin_login (id: 03203000) default severity notice log message administrative user logged in via . Access level: explanation an administrative user has logged in to the configuration system. Gateway action none recommended action none....
Page 585
2.56.36. Admin_login_failed (id: 03203002) default severity warning log message administrative user failed to log in via , because of bad credentials explanation an administrative user failed to log in to configuration system. This is most likely due to an invalid entered username or password. Gatew...
Page 586
Default severity notice log message ssl vpn user logged in via . Explanation an ssl vpn user has logged in to the ssl vpn user page. Gateway action none recommended action none. Revision 1 parameters authsystem username userdb server_ip server_port client_ip client_port 2.56.39. Activate_changes_fai...
Page 587
Config_system 2.56.41. Reject_configuration (id: 03204002) default severity notice log message new configuration rejected by user from . Explanation the new configuration has been rejected. Gateway action reconfiguration_using_old_config recommended action none. Revision 1 parameters username userdb...
Page 588
Recommended action none. Revision 1 parameters authsystem username userdb client_ip access_level 2.56.44. Admin_login_group_mismatch (id: 03206001) default severity warning log message administrative user not allowed access via explanation the user does not have proper administration access to the c...
Page 589
2.56.46. Admin_authsource_timeout (id: 03206003) default severity error log message remote server(s) could not be reached when attempting to authenticate administrative user . Explanation the unit did not receive a response from the authentication servers, and the authentication process failed. Gate...
Page 590
Recommended action none. Revision 1 parameters uri method context parameters user authentication 2.56.49. Bad_user_credentials (id: 03207011) default severity notice log message unable to decode authentication explanation rest api call failed. Unable to decode authentication. Gateway action none rec...
Page 591
Gateway action none recommended action none. Revision 1 parameters uri method context parameters user authentication chapter 2: log message reference 591.
Page 592: 2.57. Tcp_Flag
2.57. Tcp_flag these log messages refer to the tcp_flag (events concerning the tcp header flags) category. 2.57.1. Tcp_flags_set (id: 03300001) default severity notice log message the tcp and flags are set. Allowing explanation the possible combinations for these flags are: syn urg, syn psh, syn rst...
Page 593
Default severity notice log message the tcp flag is set. Ignoring explanation the tcp flag is set. Ignoring. Gateway action ignore recommended action none. Revision 1 parameters bad_flag context parameters rule name packet buffer 2.57.4. Tcp_flag_set (id: 03300004) default severity notice log messag...
Page 594
Default severity warning log message the tcp and flags are set. Dropping explanation the possible combinations for these flags are: syn urg, syn psh, syn rst, syn fin and fin urg. Gateway action drop recommended action if any of these combinations should either be ignored or having the bad flag stri...
Page 595
Parameters flags endpoint state context parameters rule name connection packet buffer 2.57.9. Mismatched_syn_resent (id: 03300011) default severity warning log message mismatched syn "resent" with seq , expected . Dropping explanation mismatching sequence numbers. Dropping packet. Gateway action dro...
Page 596
Log message synack packet with seq . Expected . Dropping explanation mismatching sequence numbers. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters seqno expectseqno context parameters rule name connection packet buffer 2.57.12. Rst_out_of_bounds (id: 03300015) def...
Page 597
Parameters seqno accstart accend context parameters rule name connection packet buffer 2.57.14. Unacceptable_ack (id: 03300017) default severity notice log message tcp acknowledgement is not in the acceptable range -. Dropping explanation a tcp segment with an unacceptable acknowledgement number was...
Page 598
Default severity warning log message tcp sequence number is not in the acceptable range -. Dropping explanation a tcp segment with an unacceptable sequence number was received. The packet will be dropped. Gateway action drop recommended action none. Revision 1 parameters seqno accstart accend contex...
Page 599
Recommended action if the system is configured to use tcp based algs, increase the amount of maximum sessions parameter on the associated service. Revision 1 parameters max_windows [num_events] 2.57.19. Tcp_get_freesocket_failed (id: 03300024) default severity warning log message system was not able...
Page 600: 2.58. Tcp_Opt
2.58. Tcp_opt these log messages refer to the tcp_opt (events concerning the tcp header options) category. 2.58.1. Tcp_mss_too_low (id: 03400001) default severity notice log message tcp mss too low. Tcpmssmin= explanation the tcp mss is too low. Ignoring. Gateway action ignore recommended action non...
Page 601
Explanation the tcp mss is too high. Ignoring. Gateway action none recommended action none. Revision 1 parameters tcpopt mss maxmss context parameters rule name packet buffer 2.58.4. Tcp_mss_too_high (id: 03400004) default severity notice log message tcp mss too high. Tcpmssmax=. Adjusting explanati...
Page 602
Packet buffer 2.58.6. Tcp_option (id: 03400006) default severity notice log message packet has a type tcp option explanation the packet has a tcp option of the specified type. Ignoring. Gateway action ignore recommended action none. Revision 1 parameters tcpopt context parameters rule name packet bu...
Page 603
Parameters tcpopt minoptlen avail context parameters rule name packet buffer 2.58.9. Bad_tcpopt_length (id: 03400011) default severity warning log message type claims length= bytes, avail= bytes. Dropping explanation the tcp option type does not fit in the option space. Dropping packet. Gateway acti...
Page 604
Default severity warning log message tcp mss too low. Tcpmssmin=. Dropping explanation the tcp mss is too low. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters tcpopt mss minmss context parameters rule name packet buffer 2.58.12. Tcp_mss_too_high (id: 03400014) def...
Page 605
Packet buffer 2.58.14. Tcp_null_flags (id: 03400016) default severity warning log message packet has no syn, ack, fin or rst flag set. Dropping explanation the packet has no syn, ack, fin or rst flag set. Dropping packet. Gateway action drop recommended action none. Revision 1 context parameters rul...
Page 606
Context parameters connection packet buffer 2.58.17. Mismatching_tcp_window_scale (id: 03400019) default severity warning log message mismatching tcp window scale shift count. Expected got will use explanation tcp segment with a window scale option specifying a different shift count than previous se...
Page 607: 2.59. Threshold
2.59. Threshold these log messages refer to the threshold (threshold rule events) category. 2.59.1. Conn_threshold_exceeded (id: 05300100) default severity warning log message connection threshold exceeded . Source ip: . Closing connection explanation the source ip is opening up new connections too ...
Page 608
Gateway action none recommended action investigate worms and dos attacks. Revision 1 parameters description threshold srcip context parameters rule name 2.59.4. Failed_to_keep_connection_count (id: 05300200) default severity error log message failed to keep connection count. Reason: out of memory ex...
Page 609
Exceeds . Explanation the number of connections matching the threshold rule and originating from a single host exceeds the configured threshold. Note: this log message is rate limited via an exponential back-off procedure. Gateway action none recommended action none. Revision 1 parameters threshold ...
Page 610
Recommended action none. Revision 1 parameters threshold srcip [username] context parameters rule name 2.59.9. Threshold_conns_from_filter_exceeded (id: 05300213) default severity notice log message the number of connections matching the rule exceeds . The offending host is . Explanation the number ...
Page 611: 2.60. Timesync
2.60. Timesync these log messages refer to the timesync (firewall time synchronization events) category. 2.60.1. Synced_clock (id: 03500001) default severity notice log message the clock at , was off by second(s) and synchronized with to explanation the clock has been synchronized with the time serv...
Page 612
Revision 1 parameters clockdrift timeserver interval 2.60.4. Leaving_daylight_saving (id: 03500010) default severity notice log message leaving daylight saving time and switching to non-dst time zone. Explanation automatic dst is activated and time is adjusted by the system. Gateway action none reco...
Page 613
Parameters location chapter 2: log message reference 613.
Page 614: 2.61. Transparency
2.61. Transparency these log messages refer to the transparency (events concerning the transparent mode feature) category. 2.61.1. Impossible_hw_sender_address (id: 04400410) default severity warning log message impossible hardware sender address 0000:0000:0000. Dropping. Explanation some equipment ...
Page 615
Gateway action rewrite recommended action none. Revision 1 context parameters rule name packet buffer 2.61.4. Enet_hw_sender_broadcast (id: 04400413) default severity warning log message ethernet hardware sender is a broadcast address. Dropping. Explanation the ethernet hardware sender address is a ...
Page 616
Explanation the ethernet hardware sender address is a multicast address. The packet will be rewritten with the hardware sender address of the forwarding interface. Gateway action rewrite recommended action none. Revision 1 context parameters rule name packet buffer 2.61.7. Enet_hw_sender_multicast (...
Page 617
Log message dropping stp frame from explanation an incoming stp frame has been dropped. Gateway action drop recommended action none. Revision 1 parameters recvif 2.61.10. Invalid_stp_frame (id: 04400419) default severity warning log message incoming stp frame from dropped. Reason: explanation an inc...
Page 618
Default severity informational log message dropping mpls packet from explanation an incoming mpls packet has been dropped. Gateway action drop recommended action none. Revision 1 parameters recvif 2.61.13. Invalid_mpls_packet (id: 04400422) default severity warning log message incoming mpls packet o...
Page 619: 2.62. Userauth
2.62. Userauth these log messages refer to the userauth (user authentication (e.G. Radius) events) category. 2.62.1. Accounting_start (id: 03700001) default severity informational log message successfully received radius accounting start response from radius accounting server explanation the unit re...
Page 620: 03700004)
Gateway action accounting_disabled recommended action verify that the radius accounting server daemon is running on the accounting server. Revision 2 context parameters user authentication 2.62.4. Invalid_accounting_start_server_response (id: 03700004) default severity alert log message received an ...
Page 621
Log message logging out the authenticated user, as an invalid radius accounting start response was received from radius accounting server explanation the authenticated user is logged out as an invalid response to the accounting-start event was received from the accounting server. Gateway action logo...
Page 622: 03700009)
Gigawrapsent gigawraprecv sestime context parameters user authentication 2.62.9. Invalid_accounting_stop_server_response (id: 03700009) default severity warning log message received a radius accounting stop response with an identifier mismatch. Ignoring this packet explanation the unit received a re...
Page 623
Accounting server. User statistics might not have been updated on the accounting server explanation the unit received an invalid response to an accounting-stop event from the accounting server. Accounting information might not have been propery received by the accounting server. Gateway action none ...
Page 624
Default severity alert log message did not send a radius accounting start request. Accounting has been disabled explanation the unit did not send an accounting-start event to the accounting server. Accounting features will be disabled. This could be a result of missing a route from the unit to the a...
Page 625: 03700052)
2.62.17. Accounting_alive (id: 03700050) default severity notice log message successfully received radius accounting interim response from radius accounting server. Bytes sent=, bytes recv=, packets sent=, packets recv=, session time= explanation the unit successfully received a radius accounting in...
Page 626: 03700053)
Default severity alert log message did not receive a radius accounting interim response. User statistics might not have been updated on the accounting server explanation the unit did not receive a response to an accounting-interim event from the accounting server. Accounting information might not ha...
Page 627
Revision 2 context parameters user authentication 2.62.22. Relogin_from_new_srcip (id: 03700100) default severity warning log message user with the same username is logging in from another ip address, logging out current instance explanation a user with the same username as an already authenticated ...
Page 628
Parameters idle_timeout session_timeout [groups] context parameters user authentication 2.62.25. Bad_user_credentials (id: 03700104) default severity notice log message unknown user or invalid password explanation a user failed to log in. The entered username or password was invalid. Gateway action ...
Page 629
Revision 2 context parameters user authentication 2.62.28. Userauthrules_disallowed (id: 03700107) default severity warning log message denied access according to userauthrules rule-set explanation the user is not allowed to authenticate according to the userauthrules rule-set. Gateway action none r...
Page 630
Context parameters user authentication 2.62.31. Ldap_session_new_out_of_memory (id: 03700401) default severity alert log message out of memory while trying to allocate new ldap session explanation the unit failed to allocate a ldap session, as it is out of memory. Gateway action none recommended act...
Page 631
Log message ldap authentication failed for explanation authentication attempt failed. Gateway action none recommended action none. Revision 1 parameters user 2.62.35. Ldap_context_new_out_of_memory (id: 03700405) default severity alert log message out of memory while trying to allocate new ldap cont...
Page 632
Recommended action check configuration. Revision 1 parameters database 2.62.38. Invalid_username_or_password (id: 03700408) default severity error log message invalid provided username or password explanation username or password does not contain any information. Gateway action authentication_failed...
Page 633
2.62.41. Ldap_no_working_server_found (id: 03700424) default severity notice log message ldap no working server found explanation ldap no working server found. Gateway action none recommended action none. Revision 1 parameters sessionid user 2.62.42. No_shared_ciphers (id: 03700500) default severity...
Page 634
Revision 2 parameters client_ip 2.62.44. Bad_packet_order (id: 03700502) default severity error log message bad ssl handshake packet order. Closing down ssl connection explanation two or more ssl handshake message were received in the wrong order, and the ssl connection is closed. Gateway action ssl...
Page 635
Parameters client_ip 2.62.47. Bad_clientkeyexchange_msg (id: 03700505) default severity error log message ssl handshake: bad clientkeyexchange message. Closing down ssl connection explanation the clientkeyexchange message (which is a part of a ssl handshake) is invalid, and the ssl connection is clo...
Page 636: (Id: 03700509)
2.62.50. Unknown_ssl_error (id: 03700508) default severity error log message unknown ssl error. Closing down ssl connection explanation an unknown error occured in the ssl connection, and the ssl connection is closed. Gateway action ssl_close recommended action none. Revision 1 parameters client_ip ...
Page 637
Description 2.62.53. Sent_sslalert (id: 03700511) default severity error log message sent ssl alert. Closing down ssl connection explanation the unit has sent a ssl alert message to the client, due to some abnormal event. The connection will be closed down. Gateway action close recommended action co...
Page 638
Recommended action none. Revision 2 context parameters user authentication 2.62.56. User_login (id: 03707002) default severity notice log message user logged in. Idle timeout: , session timeout: explanation a user logged in and has been granted access. The mac address has been found. Gateway action ...
Page 639
Recommended action verify that the ldap authentication server daemon is running on the authenication server. Revision 2 context parameters user authentication 2.62.59. Bad_user_credentials (id: 03707005) default severity notice log message unknown user explanation a user failed to log in. Gateway ac...
Page 640: 2.63. Vfs
2.63. Vfs these log messages refer to the vfs (vfs file handling events) category. 2.63.1. Odm_execute_failed (id: 05200001) default severity notice log message usage of file "" failed. File validated as "". Explanation an uploaded file ([filename]) was validated as "[description]". An error occured...
Page 641
Recommended action none. Revision 1 parameters filename description 2.63.4. Odm_execute_action_none (id: 05200004) default severity notice log message uploaded file () could not be recognized as a known type. Explanation an uploaded file could not be recognized as a known type. Gateway action none r...
Page 642
Recommended action make sure that the certificate data is of the correct format. Revision 1 parameters filename 2.63.7. Upload_certificate_fail (id: 05200007) default severity notice log message certificate data in file , could not be added to the configuration explanation certificate data could not...
Page 643
Revision 1 2.63.10. Secaas_lic_installation_failed (id: 05208003) default severity emergency log message license file could not be installed. Explanation none. Gateway action none recommended action none. Revision 1 chapter 2: log message reference 643.
Page 644: 2.64. Zonedefense
2.64. Zonedefense these log messages refer to the zonedefense (zonedefense events) category. 2.64.1. Unable_to_allocate_send_entries (id: 03800001) default severity warning log message unable to allocate send entry. Sending of request to abandoned. Explanation unable to allocate send entry. Unit is ...
Page 645
2.64.4. Switch_out_of_ip_profiles (id: 03800004) default severity warning log message unable to accommodate block request since out of ip profiles on . Explanation there are no free ip profiles left on the switch. No more hosts can be be blocked/excluded on this switch. Gateway action no_block recom...
Page 646: 03800008)
2.64.7. No_response_trying_to_create_rule (id: 03800007) default severity critical log message no response from switch while trying to create rule in profile . Explanation several attempts to create a rule in the switch has timed out. No more attempts will be made. Gateway action no_rule recommended...
Page 647
2.64.10. No_response_trying_to_erase_profile (id: 03800010) default severity critical log message no response from switch while trying to erase profile . Explanation several attempts to erase a profile in the switch has timed out. No more attempts will be made. Gateway action none recommended action...
Page 648
2.64.13. Timeout_saving_configuration (id: 03800013) default severity critical log message timeout to save configuration on . Explanation several attempts to save the configuration in the switch has timed out. No more attempts will be made. Gateway action none recommended action verify that the fire...
Page 649
2.64.16. Zonedefense_table_exhausted (id: 03800016) default severity warning log message unable to accommodate block request since free space in zone defense table is exhausted. Explanation number of free row in zone defense table is 0. Can not block more hosts. Gateway action no_block recommended a...
Page 650
2.64.19. Enabling_zonedefense_failed (id: 03800019) default severity critical log message zonedefense has failed to be enabled on . Explanation an attempt to automatically enable the zonedefense feaure has been made but failed. No further attempts will be made. Gateway action none recommended action...
Page 651
Chapter 2: log message reference 651.
Page 652
Chapter 2: log message reference 652.