- DL manuals
- D-Link
- Network Router
- DFL-260E
- Log Reference Manual
D-Link DFL-260E Log Reference Manual - page 529
Revision
1
Parameters
iface
table
net
gateway
2.47.9. unable_to_register_arp_monitor (ID: 04100009)
Default Severity
Log Message
Interface monitored via ARP, unable to register ARP monitor Explanation Internal Error: The route is no longer monitored. Failed to register ARP Route Monitor. Gateway Action disabled_monitor Recommended Action None. Revision 1 Parameters iface table net gateway 2.47.10. no_link (ID: 04100010) Default Severity Log Message Interface routes disabled. Explanation The interface has no link, and all associated routes has been disabled. Gateway Action associated_routes_disabled Recommended Action None. Revision 2 Parameters iface reason 2.47.11. has_link (ID: 04100011) Default Severity Log Message Interface to be enabled Chapter 2: Log Message Reference 529 Network security solution http://www.Dlink.Com netdefendos ver. 11.04.01 network security firewall log reference guide security security. Log reference guide dfl-260e/860e/870/1660/2560/2560g netdefendos version 11.04.01 d-link corporation no. 289, sinhu 3rd rd, neihu district, taipei city 114, taiwan r.O.C. Http://www.Dlink.Com published 2016-10-03 copyright © 2016. Log reference guide dfl-260e/860e/870/1660/2560/2560g netdefendos version 11.04.01 published 2016-10-03 copyright © 2016 copyright notice this publication, including all photographs, illustrations and software, is protected under international copyright laws, with all rights reserved. Neither this m... Table of contents preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 1. Introduction . . . . . . . . . . . . . . . . .... 2.1.50. Disallowed_user_agent (id: 00200146) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 2.1.51. Http_pipeline_full (id: 00200147) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 2.1.52. Protocol_upgrade_... 2.1.110. Failed_to_register_rawconn (id: 00200238) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 2.1.111. Failed_to_merge_conns (id: 00200239) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 2.1.112. Max_ftp_sessions_reached (id: 00200241) ... 2.1.171. Options_removed (id: 00200371) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 2.1.172. Failed_strip_option (id: 00200372) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 2.1.173. Failed_create_conne... 2.1.232. Failed_to_find_role (id: 00200528) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 2.1.233. Failed_to_update_port (id: 00200529) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 2.1.234. Failed_to_update_contact (i... 2.2.8. Link_protection_timeout (id: 05900031) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 2.2.9. Link_protection_wcf_error (id: 05900032) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 2.2.10. Link_protection_no_license (id: 05... 2.4.8. Application_content (id: 07200015) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 2.4.9. Application_content_allowed (id: 07200016) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 2.4.10. Application_content_denied (id: 07... 2.10.1. Buffers_flooded (id: 00500001) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 2.10.2. Buffers_profile (id: 00500002) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 2.11. Conn... 2.13.22. Got_reply_on_a_non_security_equivalent_interface (id: 00800022) 230 2.13.23. Assigned_ip_not_allowed (id: 00800023) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 2.13.24. Illegal_client_ip_assignment (id: 00800024) . . . . . . . . . . . . . . . . . . . . . . . . ... 2.16.12. Bad_udp_checksum (id: 07400012) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 2.16.13. Dhcpv6_packet_too_small (id: 07400013) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 2.16.14. Dhcpv6_faulty_length (id: 07400014) . . . ... 2.21.3. Gre_bad_version (id: 02200003) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 2.21.4. Gre_checksum_error (id: 02200004) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 2.21.5. Gre_length_error ... 2.24.10. Invalid_url_format (id: 01300010) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294 2.24.11. Idp_evasion (id: 01300011) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 2.24.12. Idp_ev... 2.29.7. 6in4_invalid_sender_decap (id: 07800007) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 2.30. Ippool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... 2.31.42. Failed_to_add_peer (id: 01800312) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 2.31.43. Failed_to_add_rules (id: 01800313) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340 2.31.44. Failed_to_add_rules (id:... 2.31.102. Ipsec_sa_created (id: 01800907) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 2.31.103. Ipsec_sa_rekeyed (id: 01800908) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 2.31.104. Ipsec_sa_deleted (... 2.31.162. Invalid_key_size (id: 01802217) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377 2.31.163. Invalid_cipher_keysize (id: 01802218) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 2.31.164. Invalid_key_size (id: 01... 2.31.223. Monitored_host_reachable (id: 01803600) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396 2.31.224. Monitored_host_unreachable (id: 01803601) . . . . . . . . . . . . . . . . . . . . . . . . . . . 396 2.31.225. Failed_to_attach_radius (id: 01803700) . . . . . . . . . . . . .... 2.33.2. Disallowed_ip_ver (id: 01500002) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418 2.33.3. Invalid_ip_length (id: 01500003) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418 2.33.4. Invalid_ip_l... 2.35.45. Excessive_padding (id: 01700066) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439 2.35.46. Repeated_option (id: 01700067) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439 2.35.47. More_optcount (id: ... 2.37.13. L2tp_session_request (id: 02800015) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461 2.37.14. L2tp_session_up (id: 02800016) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461 2.37.15. Failure_init_radius_... 2.40.25. Bad_seq_num (id: 02400104) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482 2.40.26. Non_dup_dd (id: 02400105) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483 2.40.27. As_e... 2.41.12. Response_value_too_long (id: 02500150) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501 2.41.13. Username_too_long (id: 02500151) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502 2.41.14. Username_too_long (id: 02500201) . . ... 2.46.5. Drop_due_to_buffer_starvation (id: 04800007) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524 2.46.6. Failed_to_send_ack (id: 04800008) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524 2.46.7. Processing_memory_limit_reached (id: 048000... 2.50.10. Sesmgr_session_activate (id: 04900010) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546 2.50.11. Sesmgr_session_disabled (id: 04900011) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546 2.50.12. Sesmgr_console_denied_init (id: 04900012) . .... 2.54.18. Ssh_force_conn_close (id: 04700105) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567 2.54.19. Scp_failed_not_admin (id: 04704000) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 568 2.55. Sslvpn . . . . . . . . . . . . . . .... 2.56.48. Bad_user_credentials (id: 03207010) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589 2.56.49. Bad_user_credentials (id: 03207011) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590 2.56.50. Method_not_allowed (id: 03207... 2.61.1. Impossible_hw_sender_address (id: 04400410) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614 2.61.2. Enet_hw_sender_broadcast (id: 04400411) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614 2.61.3. Enet_hw_sender_broadcast (id: 04400412) . . . . . . . . . . ... 2.62.48. Bad_clientfinished_msg (id: 03700506) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635 2.62.49. Bad_alert_msg (id: 03700507) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635 2.62.50. Unknown_ssl_error (id: 0... List of tables 1. Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 32. List of examples 1. Log message parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 2. Conditional log message parameters . . . . . . . . . . . . . . . . . . . . . . . . . ... Preface audience the target audience for this reference guide consists of: • administrators that are responsible for configuring and managing a netdefendos installation. • administrators that are responsible for troubleshooting a netdefendos installation. This guide assumes that the reader is famili... Depending on the context of the log message. Abbreviations the following abbreviations are used throughout this reference guide: abbreviation full name alg application layer gateway arp address resolution protocol dhcp dynamic host configuration protocol dns domain name system esp encapsulating secu... Chapter 1: introduction • log message structure, page 36 • context parameters, page 38 • severity levels, page 43 this guide is a reference for all log messages generated by netdefendos. It is designed to be a valuable information source for both management and troubleshooting. 1.1. Log message stru... Message reference. As previously mentioned, the category is identified by the first 3 digits in the message id. All messages in a particular category have the same first 3 digits in their id. Default severity the default severity level for this log message. For a list of severity levels, please see ... 1.2. Context parameters in many cases, information regarding a certain object is featured in the log message. This can be information about, for example, a connection. In this case, the log message should, besides all the normal log message attributes, also include information about which protocol i... [fragid] fragmentation id. Valid if the ip packet is fragmented. Ipproto the ip protocol. Ipdatalen the ip data length. [srcport] the source port. Valid if the protocol is tcp or udp. [destport] the destination port. Valid if the protocol is tcp or udp. [tcphdrlen] the tcp header length. Valid if th... [origsent] the number of bytes sent by the originator in this connection. Valid if the connection is closing or closed. [termsent] the number of bytes sent by the terminator in this connection. Valid if the connection is closing or closed. Idp specifies the name and a description of the signature th... Authrule the name of the user authentication rule. Authagent the name of the user authentication agent. Authevent the user authentication event that occurred. Possible values: login, logout, timedout, disallowed_login, accounting and unknown. Username the name of the user that triggered this event. ... Routemetric route metric (cost). Chapter 1: introduction 42. 1.3. Severity levels an event has a default severity level, based on how serious the event is. The following eight severity levels are possible, as defined by the syslog protocol: 0 - emergency emergency conditions, which most likely led to the system being unusable. 1 - alert alert conditions, whic... Chapter 1: introduction 44. Chapter 2: log message reference • alg, page 47 • antispam, page 159 • antivirus, page 171 • appcontrol, page 184 • arp, page 189 • authagents, page 196 • avse, page 202 • avupdate, page 203 • blacklist, page 206 • buffers, page 208 • conn, page 209 • dhcp, page 217 • dhcprelay, page 223 • dhcpserve... • idp, page 290 • idppipes, page 299 • idpupdate, page 302 • ifacemon, page 305 • igmp, page 307 • ip6in4, page 317 • ippool, page 320 • ipsec, page 326 • ipv6_nd, page 398 • ip_error, page 418 • ip_flag, page 423 • ip_opt, page 425 • ip_proto, page 445 • l2tp, page 457 • lacp, page 466 • natpool, p... • system, page 573 • tcp_flag, page 592 • tcp_opt, page 600 • threshold, page 607 • timesync, page 611 • transparency, page 614 • userauth, page 619 • vfs, page 640 • zonedefense, page 644 sort order all log messages are sorted by their category and then by their id number. 2.1. Alg these log messag... Recommended action none. Revision 1 context parameters alg module name alg session id 2.1.3. Max_line_length_exceeded (id: 00200003) default severity error log message maximum line length exceeded, got characters. Closing connection explanation the maximum length of an entered line was exceeded, and... Gateway action close recommended action research the source of this and try to find out why the client is sending an invalid header. Revision 1 parameters algname context parameters alg module name alg session id 2.1.6. Invalid_url_format (id: 00200101) default severity error log message httpalg: fa... 2.1.8. Allow_unknown_protocol (id: 00200103) default severity notice log message allowing unknown protocol. Alg name: . Explanation invalid protocol data received from the server. The connection will be allowed to pass through without inspection according to the configuration. Gateway action allow r... Gateway action closing_connecion recommended action research the source of this, and try to find out why the server is sending such large amounts of suspicious data. Revision 1 parameters algname context parameters alg module name alg session id 2.1.11. Invalid_chunked_encoding (id: 00200107) defaul... 2.1.13. Compressed_data_received (id: 00200109) default severity error log message httpalg: compressed data was received from the server, although uncompressed was requested. Closing connection. Alg name: . Explanation the unit requested that no compressed data should be used, but the server ignored... Gateway action close recommended action decrease the maximum allowed httpalg sessions, or try to free some of the ram used. Revision 2 context parameters alg module name 2.1.16. Failure_connect_http_server (id: 00200112) default severity error log message httpalg: failed to connect to the http serve... Default severity error log message httpalg: wcf override cache full explanation the wcf override hash is full. The oldest least used value will be replaced. Gateway action replace recommended action none. Revision 1 context parameters alg module name 2.1.19. No_valid_license (id: 00200115) default s... 2.1.21. Blocked_filetype (id: 00200117) default severity notice log message httpalg: requested file: is blocked as this file is identified as type , which is in block list. Explanation the file is present in the block list. It will be blocked as per configuration. Gateway action block recommended ac... 2.1.24. Wcf_srv_connection_error (id: 00200120) default severity error log message httpalg: http request not validated by web content filter and allowed. Explanation the web content filtering servers could not be contacted. The request has been allowed since fail-mode parameter is in allow mode. Gat... Revision 1 parameters server context parameters alg module name 2.1.27. Wcf_server_connected (id: 00200123) default severity informational log message httpalg: web content server connected explanation the connection with the web content server has been established. Gateway action none recommended ac... Revision 2 parameters categories audit override url algname context parameters connection connection alg module name alg session id 2.1.30. Request_url (id: 00200126) default severity notice log message httpalg: requesting url . Categories: . Audit: . Override: . Alg name: . Explanation the url has ... 2.1.32. Wcf_server_bad_reply (id: 00200128) default severity error log message httpalg: failed to parse wcf server response explanation the wcf service could not parse the server response. The wcf transmission queue is reset and a new server connection will be established. Gateway action restarting ... Gateway action none recommended action try to free up some ram by changing configuration parameters. Revision 1 context parameters alg module name 2.1.35. Wcf_bad_sync (id: 00200131) default severity error log message httpalg: wcf request out of sync explanation the wcf response received from the se... Default severity warning log message httpalg: reclassification request for url . New category . Alg name: . Explanation the user has requested a category reclassification for the url. Gateway action allow recommended action disable the allow_reclassification mode of parameter categories for this alg... Parameters categories audit override url user algname context parameters connection connection alg module name alg session id 2.1.40. Request_url (id: 00200136) default severity notice log message httpalg: requesting url . Categories: . User: . Audit: . Override: . Alg name: . Explanation the url ha... Parameters categories audit override url user algname context parameters connection connection alg module name alg session id 2.1.42. Restricted_site_notice (id: 00200138) default severity warning log message httpalg: user requests the forbidden url , even though restricted site notice was applied. ... Url user algname context parameters connection connection alg module name alg session id 2.1.44. Wcf_mem_optimized (id: 00200140) default severity debug log message httpalg: optimizing wcf memory usage explanation the web content filtering subsystem has optimized its memory usage and freed up some m... Recommended action none. Revision 1 parameters cache_size cache_repl_per_sec trans_per_sec queue_len in_transit rtt queue_delta_per_sec server srv_prec context parameters alg module name 2.1.47. Wcf_server_timeout (id: 00200143) default severity error log message httpalg: wcf request timeout explana... 2.1.49. Intercept_page_failed (id: 00200145) default severity debug log message httpalg: failed to send interception page to client explanation the httpalg failed to send an interception page to the client. Gateway action close recommended action none. Revision 1 parameters pagetype send algname con... Of resources. The connection is closed. Gateway action close recommended action investigate which client and software that sends this many pipelinied requests and see if they can be reconfigured. Revision 1 parameters count algname context parameters connection connection alg module name alg session... Context parameters connection alg module name alg session id 2.1.54. Max_smtp_sessions_reached (id: 00200150) default severity warning log message smtpalg: maximum number of smtp sessions () for service reached. Closing connection explanation the maximum number of concurrent smtp sessions has been r... Gateway action close recommended action decrease the maximum allowed smtpalg sessions, or try to free some of the ram used. Revision 2 context parameters alg module name 2.1.57. Failed_connect_smtp_server (id: 00200153) default severity error log message smtpalg: failed to connect to the smtp server... Gateway action spam tag recommended action disable the verify e-mail sender id setting if you experience that valid e-mails are being wrongly tagged. Revision 3 parameters sender_email_address recipient_email_addresses data_sender_address context parameters alg module name alg session id 2.1.60. Sen... 2.1.62. Recipient_email_id_in_blacklist (id: 00200159) default severity warning log message smtpalg: recipient e-mail address is in black list explanation since "rcpt to:" e-mail address is in black list, smtp alg rejected the client request. Gateway action reject recommended action none. Revision 1... Recommended action research how the sender is encoding the data. Revision 2 parameters filename filetype sender_email_address recipient_email_addresses context parameters alg module name alg session id 2.1.65. Base64_decode_failed (id: 00200165) default severity error log message smtpalg: base 64 de... Context parameters alg module name alg session id 2.1.67. Content_type_mismatch (id: 00200167) default severity warning log message smtpalg: content type mismatch in file . Identified filetype explanation the filetype of the file does not match the actual content type. As there is a content type mis... Log message smtpalg: content type mismatch found for the file . It is identified as type file explanation received type of data in the packet and its actual type do not match. As there is a mismatch and mime type check is disabled, the data will be allowed. Gateway action allow recommended action co... Alg session id 2.1.72. Invalid_end_of_mail (id: 00200176) default severity warning log message smtpalg: invalid end of mail "\.\" received. Explanation the client is sending invalid end of mail. Transaction will be terminated. Gateway action block recommended action research how the client is se... Revision 2 context parameters alg module name alg session id 2.1.75. Failed_send_reply_code (id: 00200181) default severity error log message smtpalg: could not send error code to client explanation the smtp alg failed to send an error response code to the client. Gateway action none recommended act... Parameters capa context parameters alg module name alg session id 2.1.78. Cmd_pipelined (id: 00200186) default severity error log message smtpalg: received pipelined request. Explanation the smtp alg does not support pipelined requests. The appearance of this log message indicates that the client us... Whitelist, this mark is removed. Gateway action none recommended action none. Revision 1 parameters sender_email_address context parameters alg module name alg session id 2.1.81. Illegal_data_direction (id: 00200202) default severity error log message ftpalg: tcp data from not allowed in this direct... 2.1.83. Hybrid_data (id: 00200209) default severity informational log message ftpalg: hybrid data channel closed explanation a hybrid data channel was closed. Gateway action none recommended action none. Revision 1 context parameters alg module name alg session id rule information connection 2.1.84.... Gateway action close recommended action if unknown commands should be allowed, modify the ftpalg configuration. Revision 1 parameters peer context parameters alg module name alg session id connection 2.1.86. Illegal_command (id: 00200212) default severity warning log message ftpalg: failed to parse ... Context parameters alg module name alg session id connection 2.1.88. Port_command_disabled (id: 00200214) default severity warning log message ftpalg: port command not allowed from . Rejecting command explanation the client tried to issue a "port" command, which is not valid since the client is not ... Default severity critical log message ftpalg: illegal port command from , bad ip address . String=. Rejecting command explanation an illegal "port" command was received from the client. It requests that the server should connect to another ip that it's own. This is not allowed, and the command will ... To client. This could possibly be a result of lack of memory. Gateway action none recommended action none. Revision 1 parameters peer connection string context parameters alg module name alg session id connection 2.1.93. Illegal_command (id: 00200219) default severity warning log message ftpalg: sit... Context parameters alg module name alg session id connection 2.1.95. Illegal_direction2 (id: 00200221) default severity warning log message ftpalg: illegal direction for command(2), peer=. Closing connection. Explanation a command was sent in an invalid direction, and the connection will be closed. ... Rejecting command. Explanation a disallowed opts argument was received, and the command will be rejected. Gateway action rejecting_command recommended action none. Revision 1 parameters peer string context parameters alg module name alg session id connection 2.1.98. Unknown_option (id: 00200224) def... Parameters peer string context parameters alg module name alg session id connection 2.1.100. Unknown_command (id: 00200226) default severity warning log message ftpalg: unknown command from . String=. Rejecting command. Explanation an unknown command was received, and the command will be rejected. G... 2.1.102. Illegal_reply (id: 00200230) default severity warning log message ftpalg: illegal multiline response () from . String=. Closing connection. Explanation an illegal multiline response was received from server, and the connection will be closed. Gateway action close recommended action none. Re... Explanation an illegal response was received from the server, and the connection is closed. Gateway action close recommended action none. Revision 1 parameters peer string context parameters alg module name alg session id connection 2.1.105. Bad_port (id: 00200233) default severity critical log mess... Revision 1 parameters peer ip4addr ip4addr_server string context parameters alg module name alg session id connection 2.1.107. Failed_to_create_connection2 (id: 00200235) default severity error log message ftpalg: failed to create connection(2) peer= connection=. String=. Explanation an error occure... Connection 2.1.109. Failed_to_send_port (id: 00200237) default severity warning log message ftpalg: failed to send port. Peer= explanation an error occured when trying to send the "port" command to the server. Gateway action none recommended action none. Revision 1 parameters peer context parameters... Revision 1 context parameters alg module name 2.1.112. Max_ftp_sessions_reached (id: 00200241) default severity warning log message ftpalg: maximum number of ftp sessions () for service reached. Closing connection explanation the maximum number of concurrent ftp sessions has been reached for this se... Recommended action verify that there is a listening ftp server on the specified address. Revision 1 context parameters alg module name alg session id 2.1.115. Content_type_mismatch (id: 00200250) default severity notice log message ftpalg: content type mismatch in file . Identified filetype explanat... Fail for compressed files. Gateway action data_blocked_control_and_data_channel_closed recommended action change fail mode setting to allow, if resumed file transfers of compressed files should be allowed. Revision 2 parameters filename filetype context parameters alg module name alg session id 2.1.... Context parameters alg module name alg session id 2.1.120. Failed_to_send_response_code (id: 00200255) default severity notice log message ftpalg:failed to send the response code. Explanation the ftp alg could not send the correct response code to the client. Gateway action none recommended action n... Revision 1 parameters algname context parameters alg module name alg session id connection 2.1.123. Http_not_allowed (id: 00200271) default severity error log message http protocol is not allowed. Explanation allowed protocols in alg don't include http. Gateway action block recommended action none. ... Log message httpalg: https (c) failed to parse clienthello datagram (). Explanation failed to parse clienthello datagram. Gateway action none recommended action none. Revision 1 parameters cause algname context parameters alg module name alg session id connection 2.1.126. Invalid_clienthello (id: 00... Connection 2.1.128. Invalid_clienthello_server_name (id: 00200276) default severity error log message httpalg: https (s) failed to parse 'server_name' from clienthello sni extension. Explanation failed to parse 'server_name' from clienthello sni extension. Gateway action none recommended action none... Recommended action none. Revision 1 parameters cause algname context parameters alg module name alg session id connection 2.1.131. Invalid_certificate (id: 00200279) default severity error log message httpalg: https (s) failed to parse certificate datagram. Explanation failed to parse certificate da... Default severity warning log message h323alg: h.225 parser is in unknown state explanation the h.225 parser failed to parse the h.225 message. The alg session will be closed. Gateway action none recommended action none. Revision 1 parameters peer state context parameters alg module name alg session ... Revision 1 parameters peer message_type context parameters alg module name alg session id connection 2.1.136. Encode_failed (id: 00200303) default severity warning log message h323alg: encoding of message from peer failed. Closing session explanation the asn.1 encoder failed to encode the message. T... Default severity warning log message h323alg: failed after encoding message from peer. Closing session explanation the asn.1 encoder failed to encode the message properly. The alg session will be closed. Gateway action close recommended action none. Revision 1 parameters peer message_type context pa... Parameters peer context parameters alg module name alg session id connection 2.1.141. Max_tcp_data_connections_exceeded (id: 00200308) default severity warning log message h323alg: maximum number of tcp data channels exceeded explanation the maximum number of concurrent tcp data channels has been re... Log message h323alg: ignoring mediachannel info in openlogicalchannel explanation media channel information in the openlogicalchannel message is not handled. Gateway action none recommended action none. Revision 1 parameters peer context parameters alg module name alg session id connection 2.1.144. ... Parameters max_sessions context parameters alg module name 2.1.146. Failed_create_new_session (id: 00200313) default severity warning log message h323alg: failed to create new h.323 session (out of memory) explanation could not create a new h.323 session due to lack of memory. No more sessions can b... Recommended action none. Revision 1 context parameters alg module name 2.1.149. Failure_connect_h323_server (id: 00200316) default severity error log message h323alg: failed to connect to the h.323 server. Closing connection explanation the unit failed to connect to the h.323 server, resulting in th... Explanation an invalid tftp packet was received. Refusing connection. Gateway action reject recommended action none. Revision 1 parameters packet_length context parameters alg module name connection 2.1.152. Packet_failed_traversal_test (id: 00200351) default severity warning log message tftpalg: fi... 2.1.154. Option_value_invalid (id: 00200354) default severity warning log message tftpalg: option contained invalid value explanation option contained invalid value.Closing connection. Gateway action reject recommended action none. Revision 1 parameters option value context parameters alg module nam... Revision 1 parameters value maxvalue context parameters alg module name alg session id connection 2.1.157. Unknown_option_blocked (id: 00200357) default severity warning log message tftpalg: request contained unknown option explanation request contained unknown option.Closing connection. Gateway act... Default severity warning log message tftpalg: request contained unknown option explanation request contained unknown option.Closing connection. Gateway action close recommended action if connection should be allowed modify the tftp alg configuration . Revision 1 parameters option context parameters ... Context parameters alg module name alg session id connection 2.1.162. Option_value_invalid (id: 00200362) default severity warning log message tftpalg: option contained no readable value explanation option contained no readable value.Closing connection. Gateway action close recommended action none. ... Reached for this service. No more sessions can be opened before old sessions have been released. Gateway action close recommended action if the maximum number of tftp sessions is too low, increase it. Revision 1 parameters max_sessions context parameters alg module name 2.1.165. Failed_create_new_se... Default severity error log message tftpalg: failed to create listening connection,internal error(). Closing session explanation the unit failed to create listening connection, resulting in that the alg session could not be successfully opened. Gateway action close recommended action none. Revision 1... Parameters opcode packet_length context parameters alg module name alg session id connection 2.1.170. Transfer_size_exceeded (id: 00200370) default severity warning log message tftpalg: received bytes exceeding allowed max value explanation transferred bytes exceeding allowed value.Closing connectio... Explanation an attempt to send request packet without options failed because of an internal error. Gateway action close recommended action none. Revision 1 context parameters alg module name 2.1.173. Failed_create_connection (id: 00200373) default severity error log message tftpalg: failed to create... Default severity warning log message pop3alg: maximum number of pop3 sessions () for service reached. Closing connection explanation the maximum number of concurrent pop3 sessions has been reached for this service. No more sessions can be opened before old sessions have been released. Gateway action... 2.1.178. Out_of_memory (id: 00200383) default severity error log message pop3alg: failed to allocate memory (out of memory) explanation an attempt to allocate memory failed. Gateway action close recommended action try to free up unwanted memory. Revision 1 context parameters alg module name alg sess... Parameters command" response context parameters alg module name alg session id 2.1.181. Base64_decode_failed (id: 00200386) default severity error log message pop3alg: base 64 decode failed. Attachment blocked explanation the data sent to base64 decoding failed. This can occur if the email sender se... Explanation the client is sending command with invalid command length. The command will be blocked. Gateway action block recommended action none. Revision 1 parameters len linebegin" context parameters alg module name alg session id 2.1.184. Response_blocked_invalid_len (id: 00200389) default severi... 2.1.186. Content_type_mismatch_mimecheck_disabled (id: 00200391) default severity notice log message pop3alg: content type mismatch found for the file . It is identified as type file explanation received type of data in the packet and its actual type do not match. As there is a mismatch and mime typ... Gateway action block recommended action if the command are to be allowed change the alg configuration.Note: the stls command is allways blocked!. Revision 1 parameters command context parameters alg module name alg session id 2.1.189. Unknown_command_blocked (id: 00200394) default severity warning l... Default severity warning log message pop3alg: mail contains invalid line endings. Explanation mail contains invalid line endings. Gateway action block recommended action research why mail contains invalid line endings. Revision 1 context parameters alg module name alg session id 2.1.192. Top_mail_en... Context parameters alg module name 2.1.194. Failed_create_new_session (id: 00200451) default severity warning log message tlsalg: failed to create new tlsalg session (out of memory) explanation an attempt to create a new tlsalg session failed, because the unit is out of memory. Gateway action close ... Parameters alert level algname context parameters alg module name alg session id 2.1.197. Tls_renegotiation_attempted (id: 00200454) default severity warning log message tlsalg: tls renegotiation attempted but not supported. Explanation the tls peer initiated a renegotiation. Renegotiation is howeve... Log message tlsalg: the negotiated cipher suite can not be used with the configured certificate. Explanation the negotiated cipher suite, which is an exportable cipher suite, does not permit using the certificate's key to perform the key exchange. The certificate can not be sent and the tls alg sess... Revision 1 parameters algname context parameters alg module name alg session id 2.1.202. Tls_invalid_message (id: 00200459) default severity error log message tlsalg: invalid tls message received. Explanation a badly formatted tls message has been received. The tls alg session will be closed. Gatewa... Explanation a connecting tls peer does not share any cipher suites with the unit. The tls alg session will be closed. Gateway action close recommended action make sure that the client and the unit share atleast one cipher suite. Revision 1 parameters algname context parameters alg module name alg se... 2.1.207. Unknown_tls_error (id: 00200464) default severity error log message tlsalg: unknown tls error. Explanation an unknown tls error has occured. The tls alg session will be closed. Gateway action close recommended action none. Revision 1 parameters algname context parameters alg module name alg... Gateway action drop recommended action examine why client or server is sending a malformed sdp message. Revision 2 parameters reason from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.210. Sip_message_parsing_failed (id: 00200503) default severity error log message ... Parameters reason from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.212. Max_sessions_per_uri_reached (id: 00200505) default severity warning log message sipalg: maximum number of sessions per sip uri has been reached explanation the configured maximum number of co... Destip destport context parameters alg module name 2.1.214. Sip_signal_timeout (id: 00200507) default severity warning log message sipalg: sip signal timeout explanation sip signal timeout for session [method]. The session will be deleted. Gateway action close recommended action if the configured si... 2.1.216. Registration_time_modified (id: 00200509) default severity notice log message sipalg: expire value modified in registration request explanation the sip-alg modified the requested registration time since it exceeds the configured maximum registration time value [cfg_registration_time]. Gatew... Log message sipalg: failed unregistration explanation the user failed to unregister. Reason: [reason]. Gateway action drop recommended action none. Revision 2 parameters reason from_uri to_uri srcip srcport destip destport context parameters alg module name alg session id 2.1.219. Unsuccessful_searc... Recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.221. Failed_to_create_session (id: 00200514) default severity error log message sipalg: failed to create sipalg session explanation a new sip-alg session for [me... Srcport destip destport context parameters alg module name 2.1.223. Sipalg_session_deleted (id: 00200516) default severity informational log message sipalg: sip-alg session deleted explanation sip-alg session deleted for [method] request. Gateway action close recommended action none. Revision 2 para... Default severity notice log message sipalg: transaction created explanation sip-alg transaction created for [method] request. Gateway action allow recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.226. Failed_to... Recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.228. Sipalg_transaction_deleted (id: 00200523) default severity notice log message sipalg: sipalg transaction deleted explanation the transaction for [method] re... To_uri srcip srcport destip destport context parameters alg module name 2.1.230. No_route_found (id: 00200526) default severity error log message sipalg: failed to find route for given host explanation no route information found for the given host. Reason: [reason]. Gateway action drop recommended a... 2.1.232. Failed_to_find_role (id: 00200528) default severity error log message sipalg: failed to find role explanation sipalg: failed to find role for [method] request. Gateway action drop recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context par... Explanation failed to update contact into session for [method] request. Gateway action drop recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.235. Failed_to_modify_sdp_message (id: 00200531) default severity err... From_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.237. Failed_to_modify_from (id: 00200533) default severity error log message sipalg: failed to modify from tag in message explanation failed to modify the from tag in message for [method] request. Gateway action dro... 2.1.239. Failed_to_modify_request (id: 00200535) default severity error log message sipalg: failed to modify the request explanation failed to modify the topology info in the [method] request. Gateway action drop recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport des... Explanation general error while processing message. Reason: [reason]. Gateway action drop recommended action none. Revision 2 parameters reason from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.242. Third_party_call_control (id: 00200538) default severity warning l... Parameters message 2.1.244. Null_sip_message_received (id: 00200540) default severity error log message sipalg: sip packet reception error. Reason: explanation packet without data received. Gateway action drop recommended action research how sipalg received null sip packet. Revision 1 parameters rea... Contact context parameters alg module name 2.1.247. Dns_resolution_failed (id: 00200545) default severity critical log message failed to do dns resolve explanation an attempt to resolve dns failed. Reason: [reason]. Gateway action drop recommended action check if the dns servers are configured. Revi... Gateway action drop recommended action none. Revision 1 context parameters alg module name 2.1.250. Failed_to_parse_media (id: 00200549) default severity error log message sipalg: failed to parse media explanation failed to parse media for the request [method]. Gateway action drop recommended action... Context parameters alg module name 2.1.252. Max_tsxn_per_session_reached (id: 00200551) default severity warning log message sipalg: maximum number of sessions per service has been reached explanation the configured maximum number of transaction [max_tsxn_per_session] per sip session has been reache... Default severity error log message sipalg: invalid session state change explanation invalid session state found [session_invalid_state]. Gateway action close recommended action none. Revision 2 parameters session_invalid_state from_uri to_uri srcip srcport destip destport context parameters alg modu... Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.257. Failed_to_find_callleg (id: 00200556) default severity warning log message sipalg: failed to find callleg explanation failed to find callleg for [method] request. Gateway action dro... Destport context parameters alg module name 2.1.259. Sipalg_callleg_deleted (id: 00200558) default severity notice log message sipalg: sipalg callleg deleted explanation the callleg for [method] request is deleted. Gateway action close recommended action none. Revision 2 parameters method from_uri t... Default severity debug log message sipalg: sip-alg callleg state updated explanation the sip-alg callleg state updated to [callleg_state] state. Gateway action allow recommended action none. Revision 2 parameters callleg_state from_uri to_uri srcip srcport destip destport context parameters alg modu... Reached for this service. No more sessions can be opened before old sessions have been released. Gateway action close recommended action if the maximum number of pptp sessions is too low, increase it. Revision 1 parameters max_sessions context parameters alg module name 2.1.264. Failed_create_new_se... Log message pptpalg: pptp tunnel established from client explanation a pptp tunnel has been established between pptp client and firewall. Gateway action none recommended action none. Revision 1 context parameters alg session id alg module name 2.1.267. Pptp_tunnel_removed_client (id: 00200605) defau... Log message pptpalg: pptp session established explanation a pptp session has been established. Gateway action none recommended action none. Revision 1 context parameters alg session id alg module name 2.1.270. Pptp_session_removed (id: 00200608) default severity notice log message pptpalg: pptp sess... Firewall. Gateway action none recommended action none. Revision 1 context parameters alg session id alg module name 2.1.273. Max_imap_sessions_reached (id: 00200650) default severity warning log message imapalg: maximum number of imap sessions () for service reached. Closing connection explanation t... Log message imapalg: failed to connect to the imap server. Closing the connection. Explanation the unit failed to connect to the remote imap server, resulting in that the alg session could not be successfully opened. Gateway action close recommended action verify that there is a listening imap serve... 2.1.278. Base64_decode_failed (id: 00200658) default severity error log message imapalg: base 64 decode failed. Attachment blocked explanation the data sent to base64 decoding failed. This can occur if the email sender sends incorrectly formatted data. The attachment has been blocked. Gateway action... Recommended action if the command are to be allowed change the alg configuration. Revision 1 parameters command" context parameters alg module name alg session id 2.1.281. Command_invalid (id: 00200661) default severity warning log message imap_alg: command invalid. Explanation the client is sending... Filetype explanation the filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded. Gateway action block_data recommended action none. Revision 1 parameters filename filetype sender_email_address context parameters alg module name 2.1.284. Pl... 2.2. Antispam these log messages refer to the antispam (anti-spam related events) category. 2.2.1. Spam_found (id: 05900001) default severity notice log message email was classified as spam. Explanation an email was classified as spam, but no action was taken. Gateway action none recommended action ... 2.2.3. Spam_found (id: 05900003) default severity informational log message email was classified as spam and was rejected. Explanation an email was classified as spam and was rejected. Gateway action reject recommended action none. Revision 1 parameters sourceip from to profile methods link_categori... Explanation domain verification failed because the dns query timed out. Gateway action none recommended action verify that dns is configured correctly. Revision 1 parameters sourceip from to profile context parameters connection alg module name alg session id 2.2.6. Domain_verification_error (id: 05... To profile context parameters connection alg module name alg session id 2.2.8. Link_protection_timeout (id: 05900031) default severity error log message link protection query timed out. Explanation a link could not be classified because the wcf servers did not respond. Gateway action none recommende... 2.2.10. Link_protection_no_license (id: 05900033) default severity error log message link protection has been disabled due to license restrictions. Explanation a valid web content filtering license is required to use link protection. Gateway action none recommended action extend valid time for web c... Explanation dnsbl check failed because the dns query timed out. Gateway action none recommended action verify that dns is configured correctly. Revision 1 parameters sourceip from to profile dnsbl context parameters connection alg module name alg session id 2.2.13. Dnsbl_error (id: 05900042) default... Revision 1 parameters sourceip from to profile context parameters connection alg module name alg session id 2.2.15. Dcc_timeout (id: 05900051) default severity error log message dcc query timed out. Explanation dcc check failed because no response was received from the dcc servers. Gateway action no... Alg session id 2.2.17. Dcc_no_license (id: 05900053) default severity error log message dcc has been disabled due to license restrictions. Explanation dcc has been disabled due to license restrictions. Gateway action none recommended action extend valid time for dcc. Revision 1 parameters sourceip f... Explanation could not allocate memory. Gateway action none recommended action check memory. Revision 1 parameters type 2.2.20. Dnsbl_ipcache_add (id: 05900810) default severity notice log message ip added to ip cache for explanation an ip address was added to the ip cache. Gateway action none recomm... Gateway action none recommended action none. Revision 1 parameters type algname ipaddr 2.2.23. Dnsbl_session_error (id: 05900813) default severity error log message error creating session for ip for explanation error creating new session. Gateway action dnsbl will not process mail recommended action... Gateway action none recommended action check configuration of dnsbl. Revision 1 parameters type algname 2.2.26. Dnsbl_active (id: 05900816) default severity notice log message dnsbl for has been activated explanation the dnsbl has changed status from disabled to active as contact with blacklists hav... Explanation blacklist was disable as it failed to respond to the query. Gateway action none recommended action check configuration if keeps begin disabled. Revision 1 parameters type algname blacklist 2.2.29. Dnsbl_txtrecord_truncated (id: 05900819) default severity warning log message txt records d... 2.3. Antivirus these log messages refer to the antivirus (anti-virus related events) category. 2.3.1. Virus_found (id: 05800001) default severity warning log message virus found in file . Virus name: . Signature: . Advisory id: . Explanation a virus has been detected in a data stream. Since anti-vir... Alg session id connection 2.3.3. Excluded_file (id: 05800003) default severity notice log message file is excluded from scanning. Identified filetype: . Explanation the named file will be excluded from anti-virus scanning. The filetype is present in the anti-virus scan exclusion list. Gateway action... Default severity error log message decompression error for file explanation the file could not be scanned by the anti-virus module since the decompression of the compressed file failed. Since anti-virus is running in audit mode, the data transfer will be allowed to continue. Gateway action allow_dat... Explanation anti-virus has scanned a compressed file with a compression ratio higher than the specified value. Action is set to continue scan. Gateway action abort_scan recommended action files with too high compression ratio can consume large amount of resources. This can be a dos attack. Revision ... Recommended action try to free some memory by changing configuration parameters. Revision 1 parameters filename filetype [layer7_srcinfo] [layer7_dstinfo] context parameters alg module name alg session id connection 2.3.10. Out_of_memory (id: 05800010) default severity error log message out of memor... [layer7_dstinfo] context parameters alg module name alg session id connection 2.3.12. Virus_scan_failure (id: 05800012) default severity error log message anti-virus scan engine failed for the file: explanation an error occured in the anti-virus scan engine. Since anti-virus is running in audit mode... Databases missing. Gateway action av_scanning_denied recommended action connect your gateway to the internet and download the anti-virus databases or configure automatic updates of anti-virus. Revision 3 context parameters alg session id 2.3.15. General_engine_error (id: 05800017) default severity c... Protect the receiver. Gateway action block_data recommended action none. Revision 1 parameters url advisoryid [layer7_srcinfo] [layer7_dstinfo] context parameters alg module name alg session id connection 2.3.18. Virus_url_detected (id: 05800021) default severity warning log message virus infected u... Revision 1 parameters filename [layer7_srcinfo] [layer7_dstinfo] context parameters alg module name alg session id connection 2.3.20. Decompression_failed_encrypted_file (id: 05800025) default severity warning log message decompression failed for file . The file is encrypted. Explanation the file co... Default severity warning log message the file has too many archive levels. Maximum allowed is . Explanation the file archive exceeds the maximum allowed depth. Since fail mode is set to deny the data transfer will be aborted in order to protect the receiver. Gateway action block_data recommended act... Log message smtpalg: content transfer encoding is unknown or not present explanation antivirus module cannot scan the attachment since the transfer encoding is missing or unknown. Fail mode is deny so data is blocked. Gateway action block_data recommended action none. Revision 1 parameters filename ... Recommended action none. Revision 1 parameters filename unknown_content_transfer_encoding sender_email_address context parameters alg module name alg session id 2.3.27. Unknown_encoding (id: 05800185) default severity warning log message pop3alg: content transfer encoding is unknown or not present. ... 2.3.29. Unknown_encoding (id: 05800655) default severity warning log message imapalg: content transfer encoding is unknown or not present. Explanation antivirus module cannot scan the attachment since the transfer encoding is missing or unknown. Fail mode is allow so data is allowed without scanning... 2.4. Appcontrol these log messages refer to the appcontrol (application control events) category. 2.4.1. Application_identified (id: 07200001) default severity informational log message application identified. Application: . Explanation an application protocol has been recognized by the application ... Explanation the end of an application protocol has been recognized by the application control function. Gateway action none recommended action none. Revision 2 parameters application origsent termsent ssl_inspected context parameters connection 2.4.4. No_valid_license (id: 07200004) default severity... Explanation application control has been disabled due fatal subsystem failure. The device will restart itself to try to restore application control functionality. Gateway action restart recommended action it is also possible to configure the device continue with application control disabled through ... Log message application content allowed. Application: attribute: value: explanation the identified application attribute and its value is allowed by the application content control policy. Gateway action none recommended action modify the application content control policy if this traffic should be ... 2.4.12. Application_content_limit_reached (id: 07200019) default severity error log message maximum number of concurrent non-classified (in progress) application control connections (50.000) reached. Explanation there is a maximum of 50.000 application content control attributes to store until conne... 2.5. Arp these log messages refer to the arp (arp events) category. 2.5.1. Unsolicited_reply_drop (id: 00300001) default severity notice log message unsolicited arp reply received and dropped explanation an arp reply was received even though no reply was currently expected for this ip. Gateway actio... Context parameters rule name packet buffer 2.5.4. Arp_response_broadcast (id: 00300004) default severity notice log message arp response is a broadcast address explanation the arp response has a sender address which is a broadcast address. Allowing. Gateway action allow recommended action if this is... Context parameters rule name packet buffer 2.5.7. Mismatching_hwaddrs_drop (id: 00300007) default severity notice log message arp hw sender does not match ethernet hw sender. Dropping explanation the hardware sender address specified in the arp data does not match the ethernet hardware sender addres... Recommended action none. Revision 1 parameters ipaddr iface 2.5.10. Unsolicited_reply_accept (id: 00300010) default severity notice log message unsolicited arp reply received and accepted explanation an arp reply was received even though no reply was currently expected for this ip. Gateway action no... Recommended action update your license to allow a greater amount of concurrent arp entries. Revision 1 parameters limit 2.5.13. Invalid_arp_sender_ip_address (id: 00300049) default severity warning log message failed to verify arp sender ip address. Dropping explanation the arp sender ip address cou... Gateway action drop recommended action verify that no fault network equipment exists. Revision 1 context parameters rule name packet buffer 2.5.16. Arp_response_broadcast_drop (id: 00300052) default severity warning log message arp response is a broadcast address. Dropping explanation the arp respon... Gateway action drop recommended action if this is not the desired behaviour, modify the configuration. Revision 1 parameters reason knowntype knownip knownhw context parameters rule name packet buffer 2.5.19. Hwaddr_change_drop (id: 00300055) default severity notice log message has a different addre... 2.6. Authagents these log messages refer to the authagents (authentication agent events) category. 2.6.1. Authagent_connected (id: 06500001) default severity informational log message connected to authentication agent at :: explanation connected to authentication agent. Gateway action connected reco... Parameters name ip4addr 2.6.4. Authagent_rekeying_error (id: 06500004) default severity informational log message agent : does not accept new key. Explanation rekeying error. Gateway action rekeying_error recommended action none. Revision 1 parameters name ip4addr 2.6.5. Authagent_protocol_mistmatch... Parameters name ip4addr 2.6.7. Authagent_decryption_error (id: 06500007) default severity informational log message error while decrypting message from agent :. Explanation decryption error. Gateway action decryption_error recommended action none. Revision 1 parameters name ip4addr 2.6.8. Authagent_... 2.6.10. Authagent_adduser_error (id: 06500010) default severity informational log message error adding user at . Explanation add user error. Gateway action adduser_error recommended action none. Revision 1 parameters name ip 2.6.11. Authagent_initial_error (id: 06500011) default severity information... Log message password error with agent :. Explanation password error. Gateway action password_error recommended action none. Revision 1 parameters name ip4addr 2.6.14. Authagent_user_login (id: 06500014) default severity notice log message user logged in. Idle timeout: , session timeout: explanation ... 2.6.16. Authagent_adduser_error (id: 06500040) default severity informational log message error adding user at . Explanation add user error. Gateway action adduser_error recommended action none. Revision 1 parameters username iface ip 2.6.17. Authagent_removeuser_error (id: 06500042) default severit... 2.7. Avse these log messages refer to the avse (events from anti virus scan engine) category. 2.7.1. Av_db_digital_signature (id: 05100001) default severity alert log message could not start anti-virus engine because of explanation the unit tried to read the anti-virus database, but failed. The reas... 2.8. Avupdate these log messages refer to the avupdate (antivirus signature update) category. 2.8.1. Av_db_update_failure (id: 05000001) default severity alert log message update of the anti-virus database failed, because of explanation the unit tried to update the anti-virus database, but failed. T... Default severity notice log message anti-virus database could not be updated, as no valid subscription exist explanation the current license does not allow the anti-virus database to be updated. Gateway action none recommended action check the system's time and/or purchase a subscription. Revision 1... Log message unsynchronized hardware and software databases detected explanation the anti-virus hardware and software databases are not synchronized. A full update is automatically initiated. Gateway action downloading_new_database recommended action none. Revision 1 2.8.8. Downloading_new_database (... 2.9. Blacklist these log messages refer to the blacklist (blacklist events) category. 2.9.1. Failed_to_write_list_of_blocked_hosts_to_media (id: 04600001) default severity critical log message failed to write list of blocked hosts to media explanation failed to write list of blocked hosts to media. ... 2.9.4. Host_unblacklisted (id: 04600004) default severity notice log message blacklist entry removed. Protocol: , ip: , port: . Explanation a blacklist entry has been removed. Gateway action none recommended action none. Revision 3 parameters proto ip port 2.9.5. Host_blacklisted (id: 04600006) defa... 2.10. Buffers these log messages refer to the buffers (events regarding buffer usage) category. 2.10.1. Buffers_flooded (id: 00500001) default severity warning log message the buffers were flooded for seconds. Current usage is percent explanation the unit was temporarily out of buffers for a period ... 2.11. Conn these log messages refer to the conn (state engine events, e.G. Open/close connections) category. 2.11.1. Conn_open (id: 00600001) default severity informational log message connection opened explanation a connection has been opened. Gateway action none recommended action none. Revision 1... Revision 1 context parameters rule name connection 2.11.4. Conn_open_natsat (id: 00600004) default severity informational log message connection opened explanation a connection has been opened. Gateway action none recommended action none. Revision 1 context parameters rule information connection pac... Context parameters rule name packet buffer 2.11.7. Out_of_connections (id: 00600011) default severity warning log message out of connections. Dropping connection attempt explanation the connection table is currently full, and this new connection attempt will be dropped. Gateway action drop recommend... Gateway action drop recommended action none. Revision 1 parameters protocol context parameters rule name packet buffer 2.11.10. No_return_route (id: 00600014) default severity warning log message failed to open a new connection since a return route to the sender address cant be found. Dropping packe... Default severity warning log message state inspector would not open a new connection for this icmpv6 packet, dropping packet explanation state inspector would not open a new connection for this icmpb6 packet since it is not an icmpv6 echo request. Only echo requests are allowed to open a new icmpv6 ... 2.11.15. Udp_src_port_0_forwarded (id: 00600022) default severity warning log message udp source port is set to 0. Forwards packet explanation the udp source port was set to 0. This can be used by udp streams not expecting return traffic. Forwarding packet. Gateway action none recommended action non... 2.11.18. Passive_data (id: 00600101) default severity informational log message ftpalg: incoming passive data channel explanation a passive data channel connection has been established. Gateway action none recommended action none. Revision 1 context parameters alg module name alg session id rule inf... Rule information connection chapter 2: log message reference 216. 2.12. Dhcp these log messages refer to the dhcp (dhcp client events) category. 2.12.1. Offered_ip_occupied (id: 00700001) default severity notice log message interface received a lease with an offered ip that appear to be occupied () explanation received a dhcp lease which appears to be in use by so... Revision 1 parameters iface ip netmask bcast gw context parameters packet buffer 2.12.4. Renewed_lease (id: 00700004) default severity notice log message interface have renewed its lease. The new lease is valid for seconds explanation an interface have successfully renewed its lease. Gateway action ... Explanation an interface received a lease with a leasetime which is lower then the configured minimum. Gateway action drop recommended action check the dhcp server configuration or adjust the minimum leasetime limit. Revision 1 parameters iface lease_time minimum_lease_time context parameters packet... 2.12.9. Invalid_broadcast (id: 00700010) default severity warning log message interface received a lease with an invalid broadcast address () explanation an interface received a lease with an invalid broadcast address. Gateway action drop recommended action check dhcp server configuration. Revision ... Parameters iface gateway context parameters packet buffer 2.12.12. Offered_broadcast_equals_gateway (id: 00700013) default severity warning log message interface received a lease where the offered broadcast equals the offered gateway explanation an interface received a lease where the offered broadc... Collision (dhcp route: collides with configured route ) explanation an interface received a lease which if used will cause a route collision with a configured route. Gateway action drop recommended action check dhcp server configuration and sg interface configuration. Revision 1 parameters iface dhc... 2.13. Dhcprelay these log messages refer to the dhcprelay (dhcp relayer events) category. 2.13.1. Unable_to_save_dhcp_relay_list (id: 00800001) default severity warning log message unable to auto save the dhcp relay list to disk explanation unable to autosave the dhcp relay list to disk. Gateway act... Default severity warning log message incorrect bootp/dhcp cookie. Dropping explanation received a packet with an incorrect bootp/dhcp cookie. Gateway action drop recommended action investigate what client implementation is being used. Revision 1 context parameters packet buffer 2.13.5. Maximum_ppm_f... Default severity warning log message hop limit exceeded. Dropping explanation the maxmimum hop limit for the dhcp packet have been reached. Gateway action none recommended action verify maximum-hop-limit setting. Revision 1 context parameters packet buffer 2.13.8. Client_release (id: 00800008) defau... Default severity warning log message the limit for dhcp relay routes have been reached. Dropping explanation the dhcp relay routes limit have been reached. Gateway action drop recommended action verify max-relay-routes-limit. Revision 1 context parameters rule name 2.13.11. Unable_to_add_relay_route... Log message no message type. Dropping explanation received dhcp packet without the required message type parameter. Gateway action drop recommended action investigate what client implementation is being used. Revision 1 context parameters rule name packet buffer 2.13.14. Bad_inform_pkt_with_mismatch... 00800016) default severity warning log message the maximum number of current dhcp relays for this interface have been reached. Dropping explanation the maximum number of dhcp relayed through a specified interface have been reached. Gateway action drop recommended action verify max-relay-per-interfac... Context parameters rule name packet buffer 2.13.19. Invalid_gateway (id: 00800019) default severity warning log message received request with invalid gateway (). Dropping explanation received dhcp request with an invalid gateway. Gateway action drop recommended action investigate what client impleme... Revision 1 parameters client_hw dest_ip context parameters rule name packet buffer 2.13.22. Got_reply_on_a_non_security_equivalent_interface (id: 00800022) default severity warning log message received reply for client on a non security equivalent interface. Dropping explanation received a reply for... Default severity warning log message dhcp/bootp-server tried to assign a client with an illegal ip . Dropping explanation received a lease with an illegal client assignment ip. Gateway action drop recommended action check dhcp server configuration. Revision 1 parameters server_ip ip context paramete... Context parameters rule name packet buffer 2.13.27. Relayed_bootp_reply (id: 00800027) default severity notice log message relayed bootp-reply to client explanation relayed bootp reply to client. Gateway action none recommended action none. Revision 1 parameters client_hw context parameters rule nam... Revision 1 parameters gateway_ip context parameters rule name packet buffer chapter 2: log message reference 233. 2.14. Dhcpserver these log messages refer to the dhcpserver (dhcp server events) category. 2.14.1. Unable_to_send_response (id: 00900001) default severity warning log message failed to get buffer for sending. Unable to reply explanation unable to get a buffer for sending. Gateway action none recomme... Log message lease database was successfully auto saved to disk explanation the lease database was successfully saved to disk. Gateway action none recommended action none. Revision 1 2.14.5. Dhcp_packet_too_small (id: 00900005) default severity warning log message received dhcp packet which is smalle... Log message received a request from client(in bound) for ip without state. Rejecting explanation received a request from a bound client without state. Gateway action reject recommended action none. Revision 1 parameters client client_ip context parameters packet buffer 2.14.8. Request_for_ip_from_no... Default severity warning log message received request with bad udp checksum. Dropping explanation received request with bad udp checksum. Gateway action drop recommended action check network equipment for errors. Revision 1 context parameters packet buffer 2.14.11. Lease_timeout (id: 00900012) defau... Default severity warning log message all ips in the pool are in use. Request cannot be fulfilled explanation a request cannot be fullfilled since all pools are in use. Gateway action none recommended action extend the pools to support more clients. Revision 1 context parameters rule name packet buff... Default severity warning log message client requested non offered ip. Rejecting explanation client sent a request for a non offered ip. Gateway action nak recommended action none. Revision 1 parameters client_hw client_wanted client_offered context parameters rule name packet buffer 2.14.17. Request... Context parameters rule name packet buffer 2.14.19. Client_renewed (id: 00900020) default severity notice log message client renewed ip explanation client successfully renewed its lease. Gateway action renew recommended action none. Revision 1 parameters client_hw client_ip context parameters rule n... Recommended action check network for inconsistent routes. Revision 1 parameters client_hw client_ip recv_if client_if context parameters rule name packet buffer 2.14.22. Decline_for_non_offered_ip (id: 00900023) default severity notice log message client declined non offered ip. Decline is ignored e... Default severity warning log message received a request from client(bound) for ip without state. Ignoring explanation received a request from a bound client without state. Gateway action none recommended action none. Revision 1 parameters client client_ip context parameters packet buffer 2.14.25. Re... Client_ip context parameters rule name packet buffer chapter 2: log message reference 243. 2.15. Dhcpv6client these log messages refer to the dhcpv6client (dhcpv6 client events) category. 2.15.1. Offered_ip_occupied (id: 07300001) default severity notice log message interface received a lease with an offered ip that appear to be occupied () explanation received a dhcpv6 lease which appear... Recommended action none. Revision 1 parameters iface valid_seconds context parameters packet buffer 2.15.4. Lease_expired (id: 07300005) default severity notice log message interface lease expired explanation a lease have expired and the ip data for this interface are no longer valid. Gateway action... Recommended action none. Revision 1 parameters code iface 2.15.7. Bad_server_address (id: 07300008) default severity warning log message dhcpv6 server reply contained a bad server address . Explanation a dhcpv6 reply was received containing a bad server address. Gateway action drop recommended actio... Revision 1 parameters t1 t2 iface 2.15.10. Low_life_time (id: 07300011) default severity warning log message dhcpv6 server reply ia_na offered address lifetime too low on . Preferred lifetime , valid lifetime . Explanation a dhcpv6 reply ia_na option was received containing an address life time too ... 2.16. Dhcpv6server these log messages refer to the dhcpv6server (dhcpv6 server events) category. 2.16.1. Client_id_missing (id: 07400001) default severity warning log message client id option missing in received message. Explanation the received packet is missing vital information. Gateway action dr... Default severity warning log message unexpected server id option in received message. Explanation the received message contains unexpected information. Gateway action drop recommended action investigate what client implementation is being used. Dropping. Revision 1 context parameters packet buffer 2... Explanation received request message from a client. Gateway action none recommended action none. Revision 1 parameters client_hw iface offer_ip 2.16.8. Client_renewed (id: 07400008) default severity notice log message client on renewed ip . Explanation client successfully renewed its address lease. ... Explanation a client lease wasn't renewed and timed out. Gateway action lease_inactive recommended action none. Revision 1 parameters client_ip context parameters rule name 2.16.11. Pool_depleted (id: 07400011) default severity warning log message all ips in the pool are now in use. Request for new ... Allowed bytes. Gateway action drop recommended action investigate what client implementation is being used. Revision 1 context parameters packet buffer 2.16.14. Dhcpv6_faulty_length (id: 07400014) default severity warning log message received dhcpv6 packet with faulty length. Dropping. Explanation r... Revision 1 2.16.17. Unable_to_save_lease_db (id: 07400017) default severity warning log message unable to auto save the lease database to disk explanation some sort of error occurred saving the lease database to disk. Gateway action none recommended action make sure that there is sufficient diskspac... Default severity notice log message unexpected message type (reconfigure) in received packet. Explanation received dhcpv6 packet with unexpected message type (reconfigure). Gateway action drop recommended action none. Revision 1 context parameters packet buffer 2.16.21. Unexpected_relay_reply_messag... 2.17. Dnscache these log messages refer to the dnscache (dns cache) category. 2.17.1. Ipv6_max_addresses (id: 08000001) default severity warning log message fqdn object reached the limit for ipv6 addresses. Explanation maximum number of ip addresses for the fqdn has been exceeded. Gateway action ign... 2.18. Dynrouting these log messages refer to the dynrouting (dynamic routing) category. 2.18.1. Failed_to_export_route_to_ospf_process_failed_to_alloc (id: 01100001) default severity critical log message failed to export route to ospf process (unable to alloc export node) explanation unable to expor... Revision 1 context parameters dynamic route rule name route 2.18.4. Failed_to_add_route_unable_to_alloc (id: 01100004) default severity critical log message failed to add route (unable to alloc route) explanation failed to create a route since out of memory. Gateway action alert recommended action c... Revision 1 context parameters dynamic route rule name route chapter 2: log message reference 258. 2.19. Frag these log messages refer to the frag (fragmentation events) category. 2.19.1. Individual_frag_timeout (id: 02000001) default severity warning log message individual fragment timed out. Explanation a fragment of an ip packet timed out, and is dropped. Gateway action drop recommended action... Revision 1 parameters srcip destip ipproto fragid fragact frags context parameters dropped fragments rule name 2.19.4. Fail_out_of_resources (id: 02000004) default severity critical log message out of reassembly resources. Frags: . - fragid: , state: explanation out of fragmentation-reassembly resou... Ipproto fragid fragact frags context parameters dropped fragments rule name 2.19.6. Fail_timeout (id: 02000006) default severity critical log message time out reassembling. Frags: . - fragid: , state: explanation timed out when reassembling a fragmented ip packet. Dropping packet. Gateway action dro... Frags context parameters dropped fragments rule name 2.19.8. Drop_frags_of_disallowed_packet (id: 02000008) default severity warning log message dropping stored fragments of disallowed packet. Frags: . - fragid: , state: explanation the fragments of a disallowed ip packet were dropped. Gateway actio... 2.19.10. Drop_extraneous_frags_of_completed_packet (id: 02000010) default severity warning log message dropping extraneous fragments of completed packet. Frags: . - fragid: , state: explanation a completed reassembled ip packet contains extraneous fragments, which are dropped. Gateway action drop re... Fragments, was received. Dropping the duplicate fragment. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.19.13. Drop_duplicate_frag (id: 02000013) default severity warning log message dropping duplicate fragment explanation a duplicate fragment o... Log message internal error: no available resources (out of memory?). Explanation an internal error occured. Failed to create necessary fragmentation reassembly resources. This could be a result of the unit being out of memory. Gateway action drop recommended action none. Revision 1 context parameter... 2.19.18. Overlapping_frag (id: 02000018) default severity error log message overlapping fragment explanation this fragment would overlap the next fragment offset. Dropping packet. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.19.19. Bad_offs (id... 2.19.21. Duplicate_frag_with_different_data (id: 02000021) default severity error log message duplicate fragment with different data received explanation the fragment is a duplicate of an already received fragment, but the fragment data differs. Dropping packet. Gateway action drop recommended actio... 2.19.24. Drop_frag_disallowed_packet (id: 02000024) default severity warning log message dropping fragment of disallowed packet explanation a fragment of a disallowed ip packet is dropped. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.19.25. Alr... 2.19.27. Drop_frag_failed_packet (id: 02000027) default severity warning log message dropping fragment of failed packet explanation a fragment of a failed ip packet is dropped. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.19.28. Drop_frag_illeg... Default severity error log message bad ipdatalen= explanation the partly reassembled ip packet has an invalid ip data length. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters ipdatalen context parameters rule name packet buffer 2.19.31. Single_frag (id: 02000117) d... 2.20. Geoip these log messages refer to the geoip (geoip events) category. 2.20.1. Database_load_failed (id: 08100001) default severity warning log message unable to load ipv4 geolocation database, because of explanation the unit failed to load the ipv4 geolocation database. Gateway action none reco... 2.21. Gre these log messages refer to the gre (gre events) category. 2.21.1. Failed_to_setup_gre_tunnel (id: 02200001) default severity warning log message failed to setup open tunnel from to explanation unable to setup gre tunnel with endpoint. Gateway action drop recommended action check conn usag... 2.21.4. Gre_checksum_error (id: 02200004) default severity warning log message gre packet with checksum error. Packet dropped explanation received gre packet with checksum errors. Gateway action drop recommended action check network equipment for errors. Revision 1 context parameters packet buffer 2... Log message received gre packet with unmatched session key. Packet dropped explanation received gre packet with unmatched session key. Gateway action drop recommended action check gre session key settings on the remote gateway. Revision 1 parameters session_key context parameters packet buffer 2.21.... 2.22. Ha these log messages refer to the ha (high availability events) category. 2.22.1. Peer_gone (id: 01200001) default severity notice log message peer firewall disappeared. Going active explanation the peer gateway (which was active) is not available anymore. This gateway will now go active inst... Default severity notice log message both active, peer has higher local load; staying active explanation both memebrs are active, but the peer has higher local load. This gateway will stay active. Gateway action stay_active recommended action none. Revision 1 2.22.5. Peer_has_lower_local_load (id: 01... Recommended action none. Revision 1 2.22.8. Conflict_both_peers_inactive (id: 01200008) default severity notice log message conflict: both peers are inactive! Resolving... Explanation a conflict occured as both peers are inactive at the same time. The conflict will automatically be resolved. Gateway... Default severity notice log message peer firewall is alive explanation the peer gateway is alive. Gateway action none recommended action none. Revision 1 2.22.12. Heartbeat_from_unknown (id: 01200043) default severity warning log message received ha heartbeat from unknown ip. Dropping explanation th... Explanation the gateway failed to activate the merged configuration that was received from the peer. Gateway action ha_activate_conf recommended action none. Revision 1 2.22.15. Merge_failed (id: 01200051) default severity warning log message failed to merge configuration from ha partner explanation... 2.22.18. Ha_commit_unknown_error (id: 01200054) default severity warning log message an unknown error occured while saving the ha configuration explanation an unknown error occured when the ha configuration was to be saved. It has not been commited. Gateway action ha_commitchanges recommended action... Default severity notice log message hasync connection to peer firewall established explanation ha synchronization connection to peer has been establihsed. Supported events will now be synchronized between the members of the ha cluster. Gateway action none recommended action none. Revision 2 2.22.22.... Gateway action none recommended action none. Revision 1 2.22.25. Disallowed_on_sync_iface (id: 01200400) default severity warning log message received non-ha traffic on sync iface. Dropping explanation a packet which is not a ha-related packet was received on the sync interface. This should not happ... Revision 1 context parameters rule name packet buffer 2.22.28. Heartbeat_from_myself (id: 01200412) default severity warning log message received ha heartbeat from the gateway itself. Dropping explanation the received ha heartbeat packet was originating from the gateway itself. The packet will be dr... 2.22.31. Both_inactive (id: 01200617) default severity notice log message both not active, activation in progress. Explanation both not active, activation in progress. Gateway action activate recommended action none. Revision 2 2.22.32. Going_online (id: 01200618) default severity notice log message... 2.23. Hwm these log messages refer to the hwm (hardware monitor events) category. 2.23.1. Temperature_alarm (id: 04000011) default severity warning log message temperature monitor () is outside the specified limit. Current value is , lower limit is , upper limit is explanation the unit may be overhe... Default severity warning log message voltage monitor () is outside the specified limit. Current value is , lower limit is , upper limit is explanation the powersupply of this unit may be failing. Gateway action none recommended action change powersupply unit. Revision 1 parameters index name unit cu... Gateway action none recommended action unblock or change the corresponding fan. Revision 1 parameters index name unit current_fanrpm min_limit max_limit 2.23.6. Fanrpm_normal (id: 04000032) default severity warning log message fan rpm monitor () is outside the specified limit. Current value is , low... Unit current_gpio min_limit max_limit 2.23.8. Gpio_normal (id: 04000042) default severity warning log message temperature monitor () is outside the specified limit. Current value is , lower limit is , upper limit is explanation the sensor reports that the gpio value is back inte the normal range. Ga... Default severity warning log message free memory has fallen below the specified limit of megabyte, limit classified is , free mb of total mb, percentage free explanation the amount of free memory is getting low. Gateway action none recommended action review the configuration and disable or lower set... 2.24. Idp these log messages refer to the idp (intrusion detection & prevention events) category. 2.24.1. Scan_detected (id: 01300001) default severity notice log message scan detected: , signature id=. Id rule: . Protocol: . Source ip: . Source port: . Destination ip: . Destination port: . Internal... Signatureid idrule ipproto srcip srcport destip destport internalid context parameters rule name deep inspection 2.24.3. Intrusion_detected (id: 01300003) default severity warning log message intrusion detected: , signature id=. Id rule: . Protocol: . Source ip: . Source port: . Destination ip: . De... Recommended action research the advisory (searchable by the unique id). Revision 2 parameters description signatureid idrule ipproto srcip srcport destip destport internalid context parameters rule name deep inspection 2.24.5. Scan_detected (id: 01300005) default severity notice log message scan det... Explanation a notice signature matched the traffic. Gateway action none recommended action this is probably not an attack, but you may research the advisory (searchable by the unique id). Revision 2 parameters description signatureid idrule ipproto srcip srcport destip destport internalid context pa... Log message virus/worm detected: , signature id=. Id rule: . Protocol: . Source ip: . Source port: . Destination ip: . Destination port: . Internal id: . Explanation a virus signature matched the traffic. Gateway action none recommended action research the advisory (searchable by the unique id). Rev... Log message failed to parse the http url. Id rule: . Url: . Source ip: . Source port: . Destination ip: . Destination port: . Ignoring the url. Explanation the unit failed parsing an url. The reason for this is problaby because the url has an invalid format, or it contains invalid utf8 formatted cha... Explanation the unit failed to reassemble data. The reason for this is problaby due to an idp engine evasion attack. Gateway action ignore recommended action none. Revision 1 parameters idrule srcip srcport destip destport context parameters rule name 2.24.13. Idp_outofmem (id: 01300013) default sev... Revision 1 parameters idrule srcip srcport destip destport context parameters rule name 2.24.15. Idp_failscan (id: 01300015) default severity error log message failed to scan data. Id rule: . Source ip: . Source port: . Destination ip: . Destination port: . Reason: reason>. Closing connection. Expla... Reason context parameters rule name 2.24.17. No_valid_license_or_no_signature_file (id: 01300017) default severity critical log message idp: no signatures loaded, skipping idp filtering explanation idp scanning is aborted since the signature file has been disabled or no signature file was found. Gat... 2.25. Idppipes these log messages refer to the idppipes (idp traffic shaping events) category. 2.25.1. Conn_idp_piped (id: 06100001) default severity warning log message idp pipe event triggered. Throughput limited to explanation an idp rule with pipe event triggered on the specified connection. The... Gateway action host_state_creation_aborted recommended action issue the "memory" cli command and check for modules with abnormal memory consumption. Otherwise, revise configuration in order to free more ram. Revision 1 2.25.4. Idp_piped_state_replaced (id: 06100004) default severity debug log messag... Recommended action none. Revision 1 parameters limit context parameters connection 2.25.7. Conn_idp_piped (id: 06100007) default severity warning log message idp dynamic pipe state found. Throughput limited to explanation a new connection is piped to [limit] kbps since either the source or destinati... 2.26. Idpupdate these log messages refer to the idpupdate (intrusion detection & prevention database update) category. 2.26.1. Idp_db_update_failure (id: 01400001) default severity alert log message update of the intrusion detection & prevention database failed, because of explanation the unit tried... 2.26.4. Idp_db_update_denied (id: 01400004) default severity notice log message intrusion detection & prevention database could not be updated, as no valid subscription exist explanation the current license does not allow intrusion detection & prevention database to be updated. Gateway action none r... Default severity warning log message unsynchronized hardware and software databases detected explanation the idp hardware and software databases are not synchronized. A full update is automatically initiated. Gateway action downloading_new_database recommended action none. Revision 1 2.26.8. Sigfile... 2.27. Ifacemon these log messages refer to the ifacemon (interface monitor events) category. 2.27.1. Ifacemon_status_bad_rereport (id: 03900001) default severity notice log message ifacemon reset interface 10 seconds ago. Link status: mbps duplex explanation the interface monitor reset the interface... Recommended action none. Revision 1 parameters iface [linkspeed] [duplex] chapter 2: log message reference 306. 2.28. Igmp these log messages refer to the igmp (igmp events) category. 2.28.1. Querier_election_won (id: 04200001) default severity notice log message taking on the role of querier at interface . Explanation this router is now the igmp querier at the specified interface. Gateway action none recomme... Parameters recv_if ip_dest context parameters packet buffer 2.28.4. Invalid_destination_ethernet_address (id: 04200004) default severity warning log message rejected igmp message with inconsistent ip/ethernet addresses (/) at interface . Explanation rejected igmp message directed to a unicast ethern... Gateway action drop recommended action none, but keep an eye open for malfunctional software/hardware somewhere on the network. Revision 1 parameters recv_if context parameters packet buffer 2.28.7. Invalid_query_group_address (id: 04200008) default severity error log message igmp group specific que... 2.28.9. Igmp_query_received (id: 04200010) default severity notice log message rule igmp query about group and source at interface from router . Group is translated into and source into . Explanation got igmp query. Gateway action allow recommended action none. Revision 1 parameters if rip igmpver g... 2.28.11. Igmp_report_received (id: 04200012) default severity notice log message rule igmp member report concerning group and source at interface from host . Group is translated into and source into explanation got igmp report. Gateway action allow recommended action none. Revision 1 parameters if h... Makes payload larger than igmp packet size. Explanation harmful condition that potentially could give an attacker full access to the system. May indicate faulty hardware, an attack or experimental software. Gateway action drop recommended action none, but keep an eye open for for broken hardware som... 2.28.16. Igmp_report_dropped (id: 04200017) default severity notice log message rule drops igmp member report concerning group and source at interface from host . Explanation dropped igmp report. Gateway action drop recommended action none. Revision 1 parameters if hip igmpver grp src sat_grp sat_sr... Gateway action drop recommended action assign a different ip to the offending application. Revision 1 parameters src iface context parameters packet buffer 2.28.19. Max_global_requests_per_second_reached (id: 04200020) default severity warning log message rejected igmp message. Global requests per s... Default severity notice log message disallowed igmp version explanation a system is using a too old igmp version. Gateway action drop recommended action upgrade the host/router running the disallowed version, or lower lowestigmpver limit. Revision 1 parameters recv_ver required_ver context parameter... 2.28.24. Older_querier_gone (id: 04200025) default severity notice log message no igmpv querier present. Older querier present (igmpv) compatibility mode on interface has ended. Entering igmpv mode. Explanation the router has not heard any igmpv[igmpver] general queries and will switch and use igmpv... 2.29. Ip6in4 these log messages refer to the ip6in4 (6in4 tunnel events) category. 2.29.1. Failed_to_setup_6in4_tunnel (id: 07800001) default severity warning log message failed to setup open tunnel from to explanation unable to setup 6in4 tunnel with endpoint. Gateway action drop recommended action... Revision 1 parameters iface remotegwname 2.29.4. 6in4_invalid_sender_encap (id: 07800004) default severity warning log message invalid ipv6 sender entering 6in4 tunnel . Packet dropped explanation packet should be dropped according to rfc 4213 since the source ip address is invalid. Gateway action d... Revision 1 context parameters packet buffer 2.29.7. 6in4_invalid_sender_decap (id: 07800007) default severity warning log message invalid ipv6 sender in 6in4 tunnel . Packet dropped explanation packet should be dropped according to rfc 4213 since the source ip address is invalid. Gateway action drop... 2.30. Ippool these log messages refer to the ippool (ippool events) category. 2.30.1. No_offer_received (id: 01900001) default severity error log message no offers were received explanation no dhcp offers where received by the ip pool general query. Gateway action none recommended action review dhcp... 2.30.4. Lease_disallowed_by_lease_filter (id: 01900004) default severity warning log message the lease was rejected due to a lease filter explanation a lease was rejected by a lease filter. Gateway action lease_rejected recommended action verify the lease filters. Revision 1 parameters client_ip con... 2.30.7. Lease_have_bad_netmask (id: 01900007) default severity warning log message the lease was rejected due to a bad offered netmask address explanation a lease was rejected due to a bad offered netmask address. Gateway action lease_rejected recommended action check dhcp server configuration. Revi... 2.30.10. Lease_have_bad_gateway_ip (id: 01900010) default severity warning log message the lease was rejected due to a bad offered gateway address explanation a lease was rejected due to a bad offered gateway address. Gateway action lease_rejected recommended action check dhcp server configuration. ... 2.30.13. Ip_offer_already_exist_in_the_pool (id: 01900013) default severity warning log message the lease was rejected since the offered ip already exist in the pool explanation a lease was rejected since the offered ip already exists in the pool. Gateway action lease_rejected recommended action che... Default severity notice log message subsystem fetched a ip from the pool explanation a subsystem fetched an ip from the pool. Gateway action inform recommended action none. Revision 1 parameters client_ip subsystem context parameters rule name 2.30.17. Ip_returned_to_pool (id: 01900017) default seve... 2.31. Ipsec these log messages refer to the ipsec (ipsec (vpn) events) category. 2.31.1. Fatal_ipsec_event (id: 01800100) default severity alert log message fatal event occured, because of explanation fatal event occured in ipsec stack. Gateway action none recommended action none. Revision 1 paramet... Seq protocol reason 2.31.4. Audit_flood (id: 01800104) default severity notice log message . Explanation the rate limit for audit messages was reached. Gateway action none recommended action none. Revision 1 parameters reason 2.31.5. Ike_delete_notification (id: 01800105) default severity notice log... Parameters local_ip remote_ip cookies reason 2.31.7. Ike_invalid_proposal (id: 01800107) default severity warning log message local ip: , remote ip: , cookies: , reason: . Explanation the proposal for the security association could not be accepted. Gateway action none recommended action none. Revisi... Gateway action none recommended action none. Revision 1 parameters local_ip remote_ip cookies reason 2.31.10. Packet_corrupt (id: 01800110) default severity notice log message source ip: , destination ip: , spi: , seq: , protocol: , reason: . Explanation received a corrupt packet. Gateway action dro... 2.31.12. Sequence_number_failure (id: 01800112) default severity notice log message source ip: , destination ip: , spi: , seq: , protocol: , reason: . Explanation the received packet did not fall within the sliding window. Gateway action drop recommended action none. Revision 1 parameters source_ip ... Gateway action none recommended action none. Revision 2 parameters source_ip dest_ip spi seq protocol reason packet_data 2.31.15. Sequence_number_overflow (id: 01800115) default severity notice log message source ip: , destination ip: , spi: , seq: , protocol: , reason: . Explanation an attempt to t... Protocol reason packet_data 2.31.17. Hardware_accelerator_congested (id: 01800117) default severity notice log message source ip: , destination ip: , spi: , seq: , protocol: , reason: . Explanation hardware accleration failed due to resource shortage. Gateway action drop recommended action none. Rev... Log message source ip: , destination ip: , spi: , seq: , protocol: , id: , reason: . Explanation the source or destination address/port did not match the traffic selectors for the sa. Gateway action drop recommended action none. Revision 1 parameters source_ip dest_ip spi seq protocol id reason 2.31... Explanation failed to initilaze x509 library. Gateway action ipsec_configuration_disabled recommended action none. Revision 1 2.31.23. Pm_create_failed (id: 01800204) default severity error log message failed to create policymanager explanation failed to create policymanager. Out of memory. Gateway ... Default severity error log message failed to create audit module. Explanation failed to create audit module. Gateway action ipsec_audit_disabled recommended action none. Revision 1 2.31.27. Failed_attach_audit_module (id: 01800208) default severity error log message failed to attach audit module. Ex... Recommended action reconfigure_ipsec. Revision 1 parameters error_msg 2.31.30. Reconfig_ipsec (id: 01800211) default severity informational log message reconfiguration of ipsec started explanation reconfiguration of ipsec started. Gateway action ipsec_reconfigured recommended action none. Revision 2... Log message ipsec started successfully explanation succeeded to create policymanger and commit ipsec configuration. Gateway action ipsec_started recommended action none. Revision 2 2.31.34. Failed_to_set_local_id (id: 01800301) default severity error log message failed to configure local id for tunn... Recommended action none. Revision 1 parameters tunnel 2.31.37. Failed_to_set_algorithm_properties (id: 01800304) default severity error log message failed to set properties ipsec alogorithm , for tunnel explanation failed to set specified properties (keysize, lifetimes) for ipsec algorithm. Gateway ... Revision 1 parameters certificate tunnel 2.31.40. Dns_resolve_failed (id: 01800308) default severity warning log message failed to resolve remote endpoint for ipsec tunnel . Keeping old ip explanation failed to resolve remote endpoint through dns. Gateway action keeping_old_ip recommended action non... Recommended action none. Revision 2 parameters endpoint ipsectunnel 2.31.43. Failed_to_add_rules (id: 01800313) default severity error log message failed to add rules after remote endpoint have been resolved by dns for ipsec tunnel: explanation failed to add rules to tunnel after remote endpoint hav... Gateway action none recommended action none. Revision 2 parameters endpoint ipsectunnel ip 2.31.46. No_policymanager (id: 01800316) default severity critical log message no policymanager!! To free tunnel object from explanation no policymanager to free tunnel from!!! Ipsec does not work properly. Ga... Recommended action none. Revision 1 2.31.49. Failed_to_add_certificate (id: 01800319) default severity error log message failed with error: , message , when adding certificate: explanation failed to add endpoint certificate to external key provider. Gateway action certificate_disabled recommended ac... Parameters status_msg 2.31.52. Failed_to_add_certificate (id: 01800322) default severity error log message failed add certificate: , for tunnel explanation failed to add certificate. Tunnel configured with this certificate for authentication will fail while negotiate. Gateway action certificate_disa... 2.31.55. Failed_to_set_crl_distribution_points (id: 01800343) default severity error log message failed set crl distribution points for certificate: explanation failed to set crl distribution points for the specified certificate. Gateway action certificate_disabled recommended action none. Revision ... 2.31.58. Cfgmode_ip_freed_by_ippool (id: 01800402) default severity notice log message returned a dynamic cfg mode ip to the ip pool explanation a dynamically allocated ip used for ike cfg mode was returned to the ip pool. Gateway action none recommended action none. Revision 1 parameters ip 2.31.59... Default severity warning log message no ip address fetched from ip pool () explanation no ip address could be fetched from the ip pool. Gateway action none recommended action none. Revision 1 parameters ippool 2.31.62. Cfgmode_no_ip_data_acquired (id: 01800406) default severity warning log message n... Gateway action packet_will_be_dropped recommended action none. Revision 2 2.31.65. Recieved_packet_to_disabled_ipsec (id: 01800501) default severity notice log message received plain text packet to ipsec while shutting down. Packet will be dropped explanation received plain text packet to ipsec whil... 2.31.68. No_route (id: 01800504) default severity error log message failed to lookup route. No route for packet. Explanation no remote gateway for packet, i.E no route defined. Gateway action packet_will_be_dropped recommended action none. Revision 1 2.31.69. Ipsec_interface_disabled (id: 01800506) ... Peer: explanation no user authentication rule avaliable for eap authentication. Gateway action eap_protocols_disabled recommended action reconfigure_tunnel. Revision 1 parameters remote_peer 2.31.72. No_radius_server_configured_for_eap (id: 01800601) default severity error log message no radius serv... 2.31.75. Unknown_eap_status (id: 01800604) default severity error log message failed to add eap-sim as eap protocol explanation failed to add eap-sim as accepted eap protocol. Gateway action none recommended action none. Revision 1 2.31.76. Eap_but_not_passthrough (id: 01800605) default severity inf... Gateway action continue_with_next_eap_userauth_rule recommended action none. Revision 1 2.31.79. Eap_disabled (id: 01800608) default severity notice log message eap is not set as authentication method explanation eap is not set as authentication method for phase 1. Gateway action none recommended ac... Default severity error log message eapstate/phase1 not available explanation no eapstate/phase1 to get eap identity from. Gateway action none recommended action none. Revision 1 2.31.83. Idi_used_as_eap_id (id: 01800612) default severity informational log message ikev2 idi will be used as eap identi... Parameters error 2.31.86. No_eap_identity_or_radius_username (id: 01800631) default severity error log message we did not get any eap identity/ radius username explanation we did not get any eap identity/ radius username. Gateway action continue_radius_message recommended action none. Revision 1 2.3... Gateway action none recommended action none. Revision 1 2.31.90. Outofmem_forward_eap_packet (id: 01800636) default severity error log message cannot create eap packet to be sent to client explanation out of memory. Cannot create eap packet to be sent to client. Gateway action eap_packet_dropped rec... 2.31.93. Outofmem_forward_eap_packet (id: 01800639) default severity error log message out of memory. Unable to create radius request explanation out of memory. Unable to create radius request. Gateway action eap_packet_dropped recommended action none. Revision 1 2.31.94. Failed_to_send_eap_id_respo... Of active ipsec tunnels explanation more tunnels and/or unique peers than the license allow are trying to establish. Gateway action negotiation_aborted recommended action none. Revision 2 parameters allowed_tunnels 2.31.97. Ipsec_sa_destroy_peer_imsi (id: 01800902) default severity informational log... Explanation an ike sa was successfully created. Gateway action none recommended action none. Revision 3 parameters ipsec_if local_ip local_port remote_iface remote_ip remote_port local_id remote_id local_ike_spi remote_ike_spi initiator algorithms mode lifetime ikeversion local_behind_nat remote_beh... 2.31.101. Ike_sa_deleted (id: 01800906) default severity informational log message ike sa deleted, local ike peer: : , remote ike peer: :: . Explanation an ike sa was deleted. Gateway action none recommended action none. Revision 3 parameters ipsec_if local_ip local_port remote_iface remote_ip remot... Dh_group dh_bits local_ts remote_ts imsi 2.31.103. Ipsec_sa_rekeyed (id: 01800908) default severity informational log message ipsec sa rekeyed, source ip: , destination ip: , inbound spi: , outbound spi: ). Explanation an ipsec sa rekeyed successfully. Gateway action none recommended action none. Re... Revision 2 parameters ipsec_if esp_spi_in esp_spi_out 2.31.105. Ipsec_sa_keys (id: 01800910) default severity informational log message ipsec sa keys, inbound spi: , outbound spi: . Explanation encryption and authentication keys for an ipsec sa. Gateway action none recommended action none. Revision ... Revision 1 2.31.108. Out_of_memory (id: 01801102) default severity alert log message out of memory while allocating client context. Explanation system ran out of memory while allocating client context. Gateway action scip_disabled_for_client recommended action none. Revision 1 2.31.109. Connected (i... Default severity notice log message scip-packet dropped while trying to sen to a closed scip connection. Explanation scip-packet dropped while trying to sen to a closed scip connection. Gateway action drop recommended action none. Revision 2 2.31.112. Send_failed_no_free_socket (id: 01801107) defaul... Log message the rule is not in the active configuration. Dropping request for policy explanation the rule is not in the active configuration, dropping request. Gateway action dropping_request recommended action none. Revision 1 2.31.115. Malformed_packet (id: 01802003) default severity warning log m... Parameters num_p1_negs_active ikestr 2.31.118. Psk_length_invalid (id: 01802012) default severity informational log message remote identity specifies psk that is not usable for selected ike sa mac algorithm (xcbcmac-aes) explanation psk key length invalid for xcbcmac-aes (restriced to 16 chars). Gat... Explanation ike sa statistics. Gateway action none recommended action none. Revision 1 parameters done success failed 2.31.121. Ike_sa_failed (id: 01802022) default severity warning log message ike sa negotiation failed: , local ike peer: , remote ike peer: , initiator spi: , responder spi: . Explan... 2.31.123. Ike_sa_negotiation_failed (id: 01802030) default severity informational log message no ike sa negotiations done. Reason: the authentication credentials were not specified or private key was not available explanation no ike sa negotiations done because of authentication problems. Gateway ac... Parameters local_endpoint remote_endpoint ike_spi_i ike_spi_r ip_addr port 2.31.126. Ipsec_sa_negotiation_aborted (id: 01802060) default severity error log message ipsec sa negotiation aborted: ah can not be initiated with nat-t explanation negotiation aborted since ah can not be initiated with nat-... Default severity error log message malformed remote ike identity configured for tunnel explanation malformed remote identity for psk specified in configuration. Gateway action vpn_tunnel_invalid recommended action reconfigure_remote_id. Revision 1 parameters remoteid 2.31.130. Malformed_psk_configur... Explanation no authentication method is specified for the tunnel. Gateway action vpn_tunnel_disabled recommended action reconfigure_ipsec. Revision 1 2.31.133. Invalid_authentication_algorithm_configured (id: 01802101) default severity error log message aes counter mode cannot be used without an aut... Revision 1 2.31.136. Invalid_configuration_of_force_open (id: 01802104) default severity error log message auto-start rule does not specify single ip address or domain name for its remote peer explanation can not use auto-start rule (force open) for roaming tunnels. Gateway action vpn_tunnel_disable... Log message the maximum number of policy rules reached explanation the maximum number of policy rules reached. Gateway action vpn_configuration_disabled recommended action review the advanced setting ipsecmaxrules. Revision 2 2.31.140. Input_traffic_selector_corrupt (id: 01802111) default severity e... 2.31.143. Suspicious_outbound_rule (id: 01802114) default severity error log message detected suspicious outbound ipsec rule without any selectors explanation detected suspicious outbound ipsec rule without any selectors specified. Gateway action the_rule_might_not_work recommended action reconfigur... Log message esp tunnel is missing encryption algorithm. Null encryption algorithm must be specified if no encryption is required explanation esp tunnel not configured with any encryption algorithm, not even null. Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. Revision 1 pa... Explanation tunnel [tunnel] configured for ah, but ah is not supported. Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. Revision 1 parameters tunnel 2.31.150. Invalid_cipher_keysize (id: 01802205) default severity error log message configured max cipher key size for tunnel ... Explanation anti-replay detection must be enabled when using 64 bit sequence numbers. Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. Revision 1 parameters tunnel 2.31.153. Invalid_tunnel_configuration (id: 01802208) default severity error log message no ipsec transform (ah... Recommended action reconfigure_tunnel. Revision 1 parameters tunnel 2.31.156. Out_of_memory_for_tunnel (id: 01802211) default severity error log message out of memory. Could not allocate memory for tunnel name! Explanation out of memory. Could not allocate memory for tunnel name!. Gateway action vpn... Recommended action reconfigure_tunnel. Revision 2 2.31.159. Invalid_key_size (id: 01802214) default severity error log message invalid key sizes specified for algorithms explanation invalid key sizes specified for algorithms. Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. ... Explanation configuration specifies key size limits for cipher with fixed key size. Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. Revision 2 parameters alg 2.31.163. Invalid_cipher_keysize (id: 01802218) default severity error log message configured max cipher key size is... Recommended action reconfigure_tunnel. Revision 1 parameters keysize max 2.31.166. No_matching_tunnel_found (id: 01802221) default severity error log message no tunnel found matching the local address , remote address and source interface explanation no tunnel found matching the local address and re... 2.31.169. Several_local_id_specified_for_tunnel (id: 01802224) default severity error log message more than one remote id specified for tunnel explanation cannot add more than one remote identity to a tunnel. Gateway action vpn_tunnel_disabled recommended action reconfigure_vpn. Revision 1 2.31.170.... Gateway action vpn_tunnel_invalid recommended action reconfigure_psk. Revision 1 2.31.173. Max_ike_sa_reached (id: 01802400) default severity warning log message the maximum number of active ike sas reached explanation maximum number of active ike sas reached. Gateway action negotiation_aborted reco... Default severity notice log message the maximum number of active quick-mode negotiations reached explanation maximum number of active quick-mode negotiations reached. Gateway action quick-mode_not_done recommended action none. Revision 1 2.31.177. Warning_level_active_ipsec_sas_reached (id: 01802404... 2.31.180. Invalid_format_syslog_audit (id: 01802500) default severity notice log message cannot use binary formatting for syslog auditing. Explanation cannot use binary formatting for syslog auditing. Gateway action none recommended action none. Revision 1 2.31.181. Cannot_create_audit_file_context ... Gateway action certificate_invalid recommended action none. Revision 1 2.31.184. Could_not_get_subject_nam_from_ca_cert (id: 01802602) default severity warning log message could not get subject name from a ca certificate. This certificate is not usable as an ipsec authenticator, and is not inserted ... 2.31.187. Could_not_trusted_set_for_cert (id: 01802605) default severity warning log message could not set the trusted set for a ca certificate explanation could not set the trusted set for a ca certificate. Gateway action certificate_disabled recommended action none. Revision 1 2.31.188. Could_not_... Recommended action none. Revision 1 2.31.191. Could_not_insert_cert_to_db (id: 01802609) default severity error log message could not insert certificate into local database explanation could not insert certificate into local database. Gateway action certificate_disabled recommended action none. Revi... Default severity warning log message directory names are not supported as subject alternative names. Skipping dn: explanation directory specified as subject alternative name. Gateway action skip_dn_name recommended action none. Revision 1 parameters dn_name 2.31.195. Could_not_decode_certificate (id... Explanation addresses for remote access attributes. Gateway action none recommended action none. Revision 1 parameters ipaddr time 2.31.198. Remote_access_dns (id: 01802711) default severity informational log message dns for remote access attributes: explanation dns for remote access attributes. Gat... Recommended action none. Revision 1 parameters dhcp_s 2.31.201. Remote_access_subnets (id: 01802714) default severity informational log message subnets remote access attributes: explanation subnets remote access attributes. Gateway action none recommended action none. Revision 1 parameters subnets 2... Revision 2 parameters reason int_severity 2.31.204. Crl_search_failed (id: 01802719) default severity warning log message certificate manager search failure: . Internal severity level: explanation search for a crl failed. Certificate validation will conintue as crl checks are not enforced by the cur... Default severity error log message failed to set init info to external key accelerator explanation invalid init info to external key accelerator. Gateway action ipsec_disabled recommended action none. Revision 1 2.31.208. Outofmem_create_engine (id: 01802901) default severity critical log message fa... 2.31.211. Init_rule_looklup_failed (id: 01802904) default severity critical log message allocating default drop rule failed! Explanation allocating default drop rule failed!. Gateway action ipsec_disabled recommended action none. Revision 1 2.31.212. Init_rule_looklup_failed (id: 01802905) default s... Default severity error log message maximum number of ipsec sas limit has been violated too many times () explanation maximum number of ipsec sas limit has been violated too many times. Gateway action discarding request and deleting sa recommended action discarding request and deleting sa. Revision 1... Log message an audit event occured: . Internal severity level: explanation an audit event occured in the ipsec stack. Gateway action none recommended action none. Revision 1 parameters msg int_severity 2.31.218. Faild_to_link_ike_and_userauth (id: 01803300) default severity warning log message faild... Default severity notice log message hardware acceleration of modexp calculation failed due to . Explanation the failed calculation will be made in software instead. Hardware acceleration can fail due to valid reasons like a full request queue. A lot of these logs during a short timeframe could indic... 2.31.223. Monitored_host_reachable (id: 01803600) default severity informational log message monitored host is reachable over tunnel . Explanation monitored host started to respond on icmp ping. Gateway action none recommended action none. Revision 1 parameters ip tunnel 2.31.224. Monitored_host_unr... Peer_ip peer_port 2.31.226. Failed_to_attach_radius (id: 01803701) default severity warning log message failed to attach radius () server in ike negotiation for peer : explanation failed to attach radius server communication, ike negotiation will fail. Gateway action fail_ike_negotiation recommended... 2.32. Ipv6_nd these log messages refer to the ipv6_nd (neighbor discovery events) category. 2.32.1. Neighbor_discovery_resolution_failed (id: 06400009) default severity warning log message neighbor discovery resolution failed explanation neighbor discovery query was not resolved before the cache ent... Revision 1 context parameters rule name packet buffer 2.32.4. Nd_spoofed_hw_sender (id: 06400029) default severity warning log message nd hw sender address matches our own address. Dropping packet. Explanation the neighbor discovery packet ethernet sender address appears to be our own. Dropping pack... Recommended action verify that no faulty network equipment exists. Revision 1 context parameters rule name packet buffer 2.32.7. Nd_option_hw_address_mismatch (id: 06400032) default severity warning log message nd link layer option enet sender mismatch. Dropping packet. Explanation the neighbor disc... Recommended action verify that no faulty network equipment exists. Revision 1 context parameters rule name packet buffer 2.32.10. Nd_duplicated_option (id: 06400035) default severity warning log message the same nd option appears more than once in the same packet. Dropping packet. Explanation the ne... Recommended action verify that no faulty network equipment exists. Revision 1 context parameters rule name packet buffer 2.32.13. Nd_illegal_prefix_info_option_size (id: 06400038) default severity warning log message illegal option size. Dropping explanation the neighbor discovery packet option size... Recommended action verify that no faulty network equipment exists. Revision 1 context parameters rule name packet buffer 2.32.16. Nd_zero_size_option (id: 06400041) default severity warning log message illegal option size. Dropping explanation the neighbor discovery packet option size is zero. Dropp... Revision 1 context parameters rule name packet buffer 2.32.19. Nd_unknown_icmp_code (id: 06400044) default severity warning log message unsupported icmp code. Dropping explanation the neighbor discovery packet icmp code is unknown. Dropping packet. Gateway action drop recommended action verify that ... Gateway action drop recommended action verify that no faulty network equipment exists. Revision 1 parameters senderip context parameters rule name packet buffer 2.32.22. Nd_hoplimit_reached (id: 06400047) default severity warning log message neighbor discovery packet from appears to have been routed... Default severity warning log message failed to verify neighbor discovery sender ip address. Dropping explanation the neighbor discovery sender ip address could not be verified according to the "access" section, and the packet is dropped. Gateway action drop recommended action if all neighbor discove... Log message sender ip is the unknown address. Dropping packet. Explanation the neighbor advertisement packet sender ip address matches that of the unknown address (::). Dropping packet. Gateway action drop recommended action verify that no faulty network equipment exists. Revision 1 parameters sende... Packet buffer 2.32.30. Nd_mcast_dpd_reply (id: 06400055) default severity warning log message dead peer probe answered with multicast message. Dropping packet. Explanation the dead peer probe reply packet destination ip is a multicast address. Dropping packet. Gateway action drop recommended action ... Recommended action verify that no faulty network equipment exists. Revision 1 parameters cachedenet targetenet context parameters rule name packet buffer 2.32.33. Nd_updated_entry (id: 06400058) default severity notice log message nd cache entry updated from to . Explanation a neighbor advertisement... 2.32.35. Nd_update_entry_request (id: 06400060) default severity notice log message nd cache entry update from to request. Dropping packet. Explanation a neighbor advertisement requests updating an entry in the neighbor discovery cache. Dropping packet. Gateway action drop recommended action none. R... Recommended action verify that no faulty network equipment exists. Revision 1 parameters sendermac context parameters rule name packet buffer 2.32.38. Nd_rs_unicast_target (id: 06400063) default severity warning log message router solicitation destination address isn't multicast. Dropping explanatio... Explanation the neighbor solicitation packet contains a source link layer adderss option, this is illegal according to rfc4861. Dropping packet. Gateway action drop recommended action verify that no faulty network equipment exists. Revision 1 context parameters rule name packet buffer 2.32.41. Nd_up... Packet buffer 2.32.43. Nd_update_entry_request (id: 06400068) default severity notice log message nd cache entry update from to request. Dropping packet. Explanation a neighbor solicitation requests updating an entry in the neighbor discovery cache. Dropping packet. Gateway action drop recommended a... Explanation the neighbor solicitation duplicatge address probe packet destination ip address is not a solicited node multicast address. Dropping packet. Gateway action drop recommended action verify that no faulty network equipment exists. Revision 1 parameters sendermac context parameters rule name... Context parameters rule name packet buffer 2.32.48. More_ndoptcount (id: 06400073) default severity warning log message number of options more than icmp6maxoptnd - explanation received a packet with number of options more than icmp6maxoptnd. Gateway action none recommended action none. Revision 1 pa... Revision 1 context parameters rule name packet buffer 2.32.51. Router_discovered (id: 06400076) default severity notice log message interface have successfully processed a router advertisement explanation an interface have successfully processed a router advertisement. Gateway action none recommende... Gateway action none recommended action none. Revision 1 parameters iface ip context parameters packet buffer 2.32.54. Router_not_found (id: 06400079) default severity notice log message unable to find router on interface explanation the gateway has solicited the local network for a router but have n... 2.33. Ip_error these log messages refer to the ip_error (packet discarded due to ip header error(s)) category. 2.33.1. Too_small_packet (id: 01500001) default severity warning log message packet is too small to contain ipv4 header explanation the received packet is too small to contain an ipv4 heade... Gateway action drop recommended action none. Revision 1 parameters iptotlen iphdrlen context parameters rule name packet buffer 2.33.4. Invalid_ip_length (id: 01500004) default severity warning log message invalid ip header length, iptotlen=, recvlen= explanation the received packet ip total length ... Default severity warning log message invalid flow label value explanation the received packet with flow label other than zero. Gateway action none recommended action none. Revision 1 parameters flow_label context parameters rule name packet buffer 2.33.7. Invalid_ip6_flow (id: 01500021) default seve... 2.33.9. Invalid_ip6_tc (id: 01500023) default severity warning log message invalid traffic class value explanation the received packet with traffic class other than zero. Gateway action strip recommended action none. Revision 1 parameters traffic_class context parameters rule name packet buffer 2.33... Ipactpaylen context parameters rule name packet buffer 2.33.12. Too_small_packet (id: 01500026) default severity warning log message packet is too small to contain ipv6 header explanation the received packet is too small to contain an ipv6 header, and will be dropped. Gateway action drop recommended... 2.34. Ip_flag these log messages refer to the ip_flag (events concerning the ip header flags) category. 2.34.1. Ttl_low (id: 01600001) default severity warning log message received packet with too low ttl of . Min ttl is . Ignoring explanation the received packet has a ttl (time-to-live) field which... Revision 1 context parameters rule name packet buffer 2.34.4. Hop_limit_low (id: 01600004) default severity warning log message received packet with too low hoplimit of . Min hoplimit is . Ignoring explanation the received packet has a hoplimit field which is too low. Ignoring and forwarding packet ... 2.35. Ip_opt these log messages refer to the ip_opt (events concerning the ip header options) category. 2.35.1. Source_route (id: 01700001) default severity notice log message packet has a source route explanation the packet has a source route. Ignoring. Gateway action ignore recommended action none... 2.35.4. Ipopt_present (id: 01700004) default severity notice log message ip option () is present explanation the packet contains an ip option. Ignoring. Gateway action ignore recommended action none. Revision 1 parameters ipopt optname context parameters rule name packet buffer 2.35.5. Ipoptlen_too_... Revision 1 parameters ipopt optlen avail context parameters rule name packet buffer 2.35.7. Multiple_ip_option_routes (id: 01700012) default severity warning log message multiple source/return routes in ip options. Dropping explanation there are multiple source/return routes specified among the ip o... Log message ip option type : bad source route pointer . Dropping explanation the packet has a source route pointer, which is invalid. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters ipopt routeptr context parameters rule name packet buffer 2.35.10. Source_route_di... Default severity warning log message ip option type : bad length . Dropping explanation the packet contains an ip option, which has an invalid lengh. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters ipopt optlen context parameters rule name packet buffer 2.35.13. B... Tsptr oflo context parameters rule name packet buffer 2.35.15. Timestamp_disallowed (id: 01700020) default severity warning log message timestamp ip option disallowed. Dropping explanation the packet contains a timestamp ip option, which is disallowed. Dropping packet. Gateway action drop recommende... Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.35.18. Ipopt_present_disallowed (id: 01700023) default severity warning log message ip option () is present. Dropping explanation the packet contains an ip option, which is disallowed. Dropping packe... Gateway action drop recommended action none. Revision 1 context parameters rule name 2.35.21. Small_payload (id: 01700041) default severity warning log message jumbo option packet with a payload less than 65535 explanation received a jumbo option packet with a payload less than 65535. Gateway action... Context parameters rule name 2.35.24. Invalid_order (id: 01700044) default severity warning log message invalid jumbogram packet option other than in hop by hop header explanation received a jumbogram packet other than in hop by hop header. Gateway action drop recommended action none. Revision 1 con... Default severity warning log message received router alert option packet explanation received router alert option packet. Gateway action none recommended action none. Revision 1 context parameters rule name 2.35.28. Rcvd_router_alert (id: 01700048) default severity warning log message received route... Type. The option will be ignored and the rest of the packet will be processed. Gateway action none recommended action none. Revision 1 context parameters rule name packet buffer 2.35.31. Invalid_option (id: 01700051) default severity warning log message invalid ipv6 extension header option encounter... Explanation received home address option packet. Gateway action none recommended action none. Revision 1 context parameters rule name 2.35.34. Rcvd_ha_option (id: 01700054) default severity warning log message received home address option packet explanation received home address option packet. Gatew... Revision 1 context parameters rule name 2.35.37. Invalid_padn_data (id: 01700057) default severity warning log message option data containing non-zero value explanation option data containing non-zero value. Gateway action strip recommended action none. Revision 1 context parameters rule name 2.35.3... 2.35.40. Mismatch_ip_eth (id: 01700060) default severity warning log message ip and ethernet destination mismatch explanation ip and ethernet destination mismatch. Gateway action none recommended action none. Revision 1 context parameters rule name 2.35.41. Mismatch_ip_eth (id: 01700061) default sev... Log message invalid router alert option other than in hop by hop header explanation received a router alert packet other than in hop by hop header. Gateway action drop recommended action none. Revision 1 context parameters rule name 2.35.44. Invalid_order (id: 01700065) default severity warning log ... Recommended action none. Revision 1 context parameters rule name 2.35.47. More_optcount (id: 01700068) default severity warning log message number of options more than ip6maxoph - explanation received a packet with number of options more than ip6maxoph. Gateway action none recommended action none. R... Revision 1 context parameters rule name 2.35.50. Ip6_rhother (id: 01700071) default severity warning log message routing packet with type other than 0 or 2 explanation received routing packet other than 0 or 2. Gateway action drop recommended action none. Revision 1 context parameters rule name 2.35... Default severity warning log message routing header with type 0 packet explanation received routing header type 0 packet. Gateway action none recommended action none. Revision 1 context parameters rule name 2.35.54. Ip6_rh0 (id: 01700075) default severity warning log message routing header with type... Explanation received a packet with invalid header order. Gateway action drop recommended action none. Revision 1 context parameters rule name 2.35.57. Invalid_ip6_exthdr (id: 01700078) default severity warning log message extension header length is greater than ip6exthdr setting explanation the rece... Recommended action none. Revision 1 context parameters rule name chapter 2: log message reference 444. 2.36. Ip_proto these log messages refer to the ip_proto (ip protocol verification events) category. 2.36.1. Multicast_ethernet_ip_address_mismatch (id: 07000011) default severity warning log message received packet with a destination ip address that does not match the ethernet multicast address expl... Log message received packet with zero ttl. Dropping explanation a packet was received with a ttl (time-to-live) field set to zero, which is not allowed. Dropping packet. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.36.4. Ttl_low (id: 07000014) ... Default severity warning log message configured size limit for the tcp protocol exceeded. Dropping explanation the configured size limit for the tcp protocol was exceeded. Dropping packet. Gateway action drop recommended action this can be changed under the advanced settings section. Revision 1 para... Context parameters rule name packet buffer 2.36.9. Invalid_udp_header (id: 07000022) default severity warning log message invalid udp header - ipdatalen=, udptotlen=. Dropping explanation the udp packet contains an invalid header. Dropping packet. Gateway action drop recommended action none. Revisio... Recommended action none. Revision 1 parameters ipdatalen icmpminlen context parameters rule name packet buffer 2.36.12. Multicast_ethernet_ip_address_mismatch (id: 07000033) default severity warning log message received packet with a destination ip address that does not match the ethernet multicast ... 2.36.14. Oversize_esp (id: 07000051) default severity warning log message configured size limit for the esp protocol exceeded. Dropping explanation the configured size limit for the esp protocol was exceeded. Dropping packet. Gateway action drop recommended action this can be changed under the advan... Parameters proto context parameters rule name packet buffer 2.36.17. Oversize_ospf (id: 07000054) default severity warning log message configured size limit for the ospf protocol exceeded. Dropping explanation the configured size limit for the ospf protocol was exceeded. Dropping packet. Gateway act... Gateway action drop recommended action this can be changed under the advanced settings section. Revision 1 parameters proto context parameters rule name packet buffer 2.36.20. Oversize_l2tp (id: 07000057) default severity warning log message configured size limit for the l2tp protocol exceeded. Drop... Log message forward ipv6 packet with zero hoplimit. Dropping explanation try to forward a ipv6 packet with the hoplimit field set to zero, which is not allowed. Dropping packet. Gateway action drop recommended action none. Revision 3 context parameters rule name packet buffer 2.36.23. Hop_limit_low ... Default severity warning log message invalid icmp data length. Icmpdatalen= icmpiphdrminlen=. Dropping explanation the icmp data is not large enough to contain an ipv4 header. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters icmpdatalen icmpiphdrminlen context para... Revision 1 parameters icmpdatalen icmphdrlen context parameters rule name packet buffer 2.36.28. Invalid_icmp_data_invalid_ip_length (id: 07000074) default severity warning log message invalid icmp data length. Icmpdatalen= icmpipdatalen= icmpipdataminlen=. Dropping explanation the icmp data length ... 2.36.30. Illegal_sender_address (id: 07000076) default severity warning log message source address does not identify a single node uniquely. Dropping explanation the source address is ending in zeroes. Dropping packet. Gateway action drop recommended action verify that no faulty network equipment ex... 2.37. L2tp these log messages refer to the l2tp (l2tp tunnel events) category. 2.37.1. L2tpclient_resolve_successful (id: 02800001) default severity notice log message l2tp client resolved to explanation the l2tp client successfully resolved the dns name of the remote gateway. Gateway action none re... Revision 1 parameters iface remotegw 2.37.4. L2tp_connection_disallowed (id: 02800004) default severity notice log message l2tp connection disallowed according to rule ! Tunnel id: , session id: explanation the l2tp connection is disallowed according to the specified userauth rule. Gateway action no... Explanation the l2tp server received a packet that was routed to the interface by a route that was either manually configured or set up by another subsystem. Gateway action drop recommended action make sure no manually configured routes to the l2tp server interface exists in the configuration. Revis... On explanation mppe is required by the configuration but the mppe negotiation failed. Session will be closed. Gateway action none recommended action make sure the peer is capable of mppe encryption, or disable the mppe requirement. Revision 1 parameters iface sessionid remotegw 2.37.10. L2tp_session... Default severity warning log message did not find a matching userauth rule for this l2tp server! Tunnel id: , session id: explanation the l2tp server was unsuccessful trying to find a matching userauth rule. Gateway action none recommended action make sure the userauth rules are configured correctly... 2.37.15. Failure_init_radius_accounting (id: 02800017) default severity warning log message failed to send accounting start to radius accounting server. Accounting will be disabled explanation failed to send start message to radius accounting server. Radius accounting will be disabled for this sessi... 2.37.18. Unknown_ctrl_conn_id (id: 02800020) default severity warning log message unknown control connection id from on tunnel . Explanation a packet with an unknown control connection id was received by the l2tp interface. Gateway action none recommended action none. Revision 1 parameters iface rem... Parameters iface ctrlconnid 2.37.21. L2tp_session_request (id: 02800045) default severity notice log message l2tp session request received. Control connection id: explanation a new session request was received on the specified tunnel. Gateway action none recommended action none. Revision 1 parameter... 2.37.24. Waiting_for_ip_to_listen_on (id: 02800050) default severity notice log message l2tp server cannot start until it has an ip address to listen on explanation the l2tp server cannot start until the l2tp interface has a proper ip address to listen on. Gateway action none recommended action make... 2.38. Lacp these log messages refer to the lacp (link aggregation control protocol) category. 2.38.1. Lacp_up (id: 07700001) default severity informational log message negotiation was successful and was added to the aggregation. Explanation lacp has successfully negotiated with a partner system and ... Gateway action exclude_link recommended action verify that the link is operational and connected to a properly configured lacp system. Revision 1 parameters physiface laiface 2.38.4. Lacp_partner_mismatch (id: 07700004) default severity error log message the information exchanged with the partner sy... 2.38.6. Lacp_link_down (id: 07700006) default severity error log message appears to be down. Explanation . Gateway action exclude_link recommended action . Revision 1 parameters physiface laiface 2.38.7. Lacp_disabled_half_duplex (id: 07700007) default severity error log message has been disabled be... 2.39. Natpool these log messages refer to the natpool (events related to nat pools) category. 2.39.1. Uninitialized_ippool (id: 05600001) default severity error log message natpool has not been initialized explanation the natpool is not initialized. This can happen if the natpool contains no valid i... Recommended action none. Revision 1 parameters address poolname context parameters connection 2.39.4. Out_of_memory (id: 05600005) default severity error log message out of memory while allocating natpool state for explanation a state could not be allocated since the unit is out of memory. Gateway a... Recommended action none. Revision 1 parameters poolname 2.39.7. Proxyarp_failed (id: 05600008) default severity error log message could not add dynamic proxyarp route. Natpool explanation it was not possible to dynamically add a core route for the given ip address. Gateway action none recommended ac... Been reached. Natpool subsystem must replace an active state since no lingering states exist. Gateway action replace_active recommended action increase the maxstates variable for this natpool if more concurrent states are wanted. Revision 1 parameters poolname num_states replacedip 2.39.10. Register... Explanation failed to fetch new translation ip address from ip pool. Gateway action none recommended action check configuration for nat pool and ip pool. Revision 1 parameters poolname 2.39.13. Synchronization_failed (id: 05600014) default severity error log message failed to synchronize translation... 2.40. Ospf these log messages refer to the ospf (ospf events) category. 2.40.1. Internal_error (id: 02400001) default severity warning log message internal error. Iface got ievent in istate . Ignored explanation internal error in the ospf interface state engine. Gateway action ignore recommended act... Failover. Gateway action none recommended action check ospf interface configuration. Revision 1 parameters iface neighborid myifaceip context parameters rule name 2.40.4. Bad_packet_len (id: 02400004) default severity warning log message received ospf packet with bad length explanation received ospf... Default severity warning log message sender source not within interface range () explanation received ospf data from a neighboring router not within the receive interface range. Gateway action drop recommended action make sure all locally attached ospf routes are on the same network. Revision 1 para... Parameters recv_netmask my_netmask context parameters rule name packet buffer 2.40.9. Hello_interval_mismatch (id: 02400009) default severity warning log message hello interval mismatch. Received was , mine is . Dropping explanation received ospf data from a neighboring router with a mismatching hel... Default severity warning log message hello e-flag mismatch. Received was , mine is . Dropping explanation received ospf data from a neighboring router with mismatching e-flag (describes how as-external-lsas are flooded) configuration. Gateway action drop recommended action make sure all locally atta... Revision 1 context parameters rule name packet buffer 2.40.14. Unknown_lsa_type (id: 02400014) default severity warning log message unknown lsa type . Dropping explanation received ospf data from a neighbor which contained a unknown lsa. Gateway action drop recommended action check the configuration... Gateway action drop recommended action verify that the neighboring ospf router share the same password. Revision 1 context parameters rule name 2.40.17. Bad_auth_crypto_key_id (id: 02400052) default severity warning log message authentication mismatch. Bad crypto key id. Received was , mine is expla... Explanation authentication failed due to bad crypto digest. Gateway action drop recommended action verify that the neighboring ospf router share the same crypto digest. Revision 1 context parameters rule name 2.40.20. Checksum_mismatch (id: 02400055) default severity warning log message checksum mis... Default severity warning log message neighbor m/ms mismatch. Restarting exchange explanation received indication that a neighbor got the m/ms (master/slave) role wrong. Gateway action restart recommended action none. Revision 1 parameters neighbor context parameters rule name 2.40.23. I_flag_misuse ... Default severity warning log message neighbor replied with a unexpected sequence number. Restarting exchange explanation received neighbor reply with a unexpected sequence number. Gateway action restart recommended action none. Revision 1 parameters neighbor context parameters rule name 2.40.26. Non... 2.40.28. Unknown_lsa (id: 02400107) default severity warning log message neighbor implied unknown lsa (). Restarting exchange explanation a neighbor described an unknown lsa type. Gateway action restart recommended action check neighboring ospf router configuration. Revision 1 parameters neighbor ls... Def_maxage context parameters rule name 2.40.31. Lsa_checksum_mismatch (id: 02400150) default severity warning log message lsa checksum mismatch. Lsa is discarded explanation received lsa with mismatching checksum. Gateway action discard recommended action check network equipment for problems. Revis... Context parameters rule name 2.40.34. Bad_lsa_maxage (id: 02400153) default severity warning log message bad lsa maxage (). Lsa is discarded explanation received lsa with a bad max age. Gateway action discard recommended action none. Revision 1 parameters maxage context parameters rule name 2.40.35.... Context parameters rule name 2.40.37. Db_copy_more_recent_then_received (id: 02400156) default severity warning log message received lsa(lsa- id: advrtr:) is older then db copy. Discarding received lsa explanation received lsa which is older then the copy in the database. Gateway action discard reco... Recommended action none. Revision 1 context parameters rule name packet buffer 2.40.40. Req_packet_lsa_size_mismatch (id: 02400159) default severity warning log message req packet lsa size mismatch. Parsing aborted explanation received ospf req packet with a mismatching lsa size. Gateway action abor... Revision 1 parameters lsa lsaid lsartr context parameters rule name 2.40.43. Unable_to_send_ack (id: 02400162) default severity critical log message unable to send ack explanation unable to send acknowledgement. Gateway action alert recommended action check memory consumption. Revision 1 context par... Recommended action check for incorrectly configured neighbors. Revision 1 parameters neighbor neighborid iface context parameters rule name 2.40.46. Too_many_neighbors (id: 02400201) default severity warning log message too many neighbors on . Unable to maintain 2-way with all of them(hello packet) ... Explanation unable to find transport area for a vlink. Gateway action skip_iface recommended action check ospf area configuration. Revision 1 parameters area vlink context parameters rule name 2.40.49. Internal_error_unable_to_map_identifier (id: 02400301) default severity warning log message intern... (id: 02400303) default severity warning log message memory usage for ospf process have now exceeded 70 percent of the maximum allowed explanation the memory usage for a ospf process have exceeded 70 percent of the maximum allowed. Gateway action none recommended action check memory consumption. Revi... Context parameters rule name 2.40.54. Internal_lsa_chksum_error (id: 02400306) default severity critical log message lsa internal checksum error explanation internal lsa checksum error. Gateway action alert recommended action check hardware for defects. Revision 1 context parameters rule name 2.40.5... Parameters netvtxid context parameters rule name 2.40.57. Internal_error_unable_to_find_iface_connecting_to_lsa (id: 02400402) default severity warning log message internal error: unable to find my interface connecting to described lsa (netvtxid: ) explanation unable to find local interface connecti... Explanation unable to find local interface connecting to descried lsa. Gateway action none recommended action contact support with a scenario description. Revision 1 parameters rtrvtxid context parameters rule name 2.40.60. Internal_error_unable_neighbor_iface_attached_back_to_me (id: 02400405) defa... (id: 02400407) default severity warning log message internal error: unable to find my link connecting to described lsa (netvtxid:) explanation unable to find local link connected to described lsa. Gateway action none recommended action contact support with a scenario description. Revision 1 paramete... Default severity critical log message failed to add route ! Ospf process should now be considered inconsistent explanation unable to add route. Gateway action alert recommended action check memory consumption. Revision 1 parameters route context parameters rule name chapter 2: log message reference ... 2.41. Ppp these log messages refer to the ppp (ppp tunnel events) category. 2.41.1. Ip_pool_empty (id: 02500001) default severity warning log message ipcp can not assign ip address to peer because the ip address pool is empty explanation ipcp can not assign an ip address to the peer because there ar... Revision 1 parameters tunnel_type 2.41.4. Seconday_dns_address_required_but_not_received (id: 02500004) default severity warning log message secondary dns address required but not received. Ppp terminated explanation peer refuses to give out a secondary dns address. Since reception of a secondary dn... Recommended action none. Revision 1 parameters tunnel_type 2.41.7. Failed_to_agree_on_authentication_protocol (id: 02500050) default severity error log message failed to agree on authentication protocol. Ppp terminated explanation failed to agree on ppp authentication protocol. Ppp is terminated. Ga... Gateway action ppp_terminated recommended action try to reconfigure the peer so it does not demand the use of this lcp option. Revision 1 parameters tunnel_type unsupported_lcp_option 2.41.10. Ppp_tunnel_limit_exceeded (id: 02500100) default severity alert log message ppp tunnel license limit exceed... Gateway action chap_response_value_truncated recommended action none. Revision 1 parameters tunnel_type 2.41.13. Username_too_long (id: 02500151) default severity warning log message ppp chap username was truncated because it was too long explanation ppp chap username was truncated because it was to... Parameters tunnel_type 2.41.16. Username_too_long (id: 02500350) default severity warning log message ppp pap username was truncated because it was too long explanation ppp pap username was truncated because it was too long. Gateway action pap_username_truncated recommended action reconfigure the en... Default severity error log message radius server authentication error. Ppp authentication terminated explanation there was an error while authenticating using a radius server. Ppp authentication terminated. Gateway action authentication_terminated recommended action none. Revision 1 parameters tunne... Log message mppe decryption resulted in the unsupported protocol . Terminating ppp explanation mppe decryption resulted in an unsupported protocol. Ip is the only protocol supported. This either means that the decryption failed or that the peer actually sent data using an unsupported protocol. Ppp i... 2.42. Pppoe these log messages refer to the pppoe (pppoe tunnel events) category. 2.42.1. Pppoe_tunnel_up (id: 02600001) default severity notice log message pppoe tunnel on established to . Auth: , ifaceip: , downtime: explanation the pppoe tunnel for the interface have been established. . Gateway a... 2.43. Pptp these log messages refer to the pptp (pptp tunnel events) category. 2.43.1. Pptpclient_resolve_successful (id: 02700001) default severity notice log message pptp client resolved to explanation the pptp client succesfully resolved the dns name of remote gateway. Gateway action none recomme... Recommended action make sure the userauth rules are configured correctly. Revision 1 parameters rule remotegw callid 2.43.4. Unknown_pptp_auth_source (id: 02700004) default severity warning log message unknown pptp authentication source for ! Remote gateway: , call id: explanation the authentication... Log message pptp server received a packet routed by a route not set up by the interface itself. Dropping packet. Explanation the pptp server interface received a packet that was routed to the interface by a route that was either manually configured or set up by another subsystem. Traffic can only be... 2.43.9. Pptp_session_request (id: 02700009) default severity notice log message pptp session request sent on control connection to explanation an pptp session request has been sent on the control connection to the specified remote gateway. Gateway action none recommended action none. Revision 1 para... Revision 1 parameters callid remotegw iface 2.43.12. Pptp_session_up (id: 02700012) default severity warning log message ppp negotiation completed for session to on . User: , auth: , mppe: , assigned ip: explanation the ppp negotiation has completed successfully for this session. The specified inter... 2.43.14. Tunnel_idle_timeout (id: 02700014) default severity warning log message pptp tunnel to on has been idle for too long. Closing it. Explanation a pptp tunnel has been idle for too long. Tunnel will be closed. Gateway action close_tunnel recommended action none. Revision 1 parameters iface rem... 2.43.17. Pptpclient_connected (id: 02700018) default severity notice log message pptp client connected to , requesting control connection explanation a pptp client has established a connection to its remote gateway and is sending a control connection request message. Gateway action none recommended ... Iface remotegw 2.43.20. Pptp_tunnel_up (id: 02700021) default severity notice log message pptp tunnel on is up. Connected to server on . Explanation this pptp client has established a control connection to the remote pptp server. Gateway action none recommended action none. Revision 1 parameters ifa... Parameters rule iface remotegw 2.43.23. Unknown_pptp_auth_source (id: 02700025) default severity warning log message unknown pptp authentication source for !. Interface: , remote gateway: . Explanation the authentication source for the specified userauth rule is unknown to the pptp server. Gateway a... Recommended action none. Revision 1 parameters iface remotegw error_code 2.43.26. Waiting_for_ip_to_listen_on (id: 02700050) default severity warning log message pptp server cannot start until it has an ip address to listen on. Explanation the pptp server cannot start until it has a proper ip addres... 2.44. Radiusrelay these log messages refer to the radiusrelay (radius relay) category. 2.44.1. Malformed_packet (id: 07500001) default severity warning log message malformed packet received. Explanation a malformed packet was received. Gateway action none recommended action none. Revision 1 paramete... Revision 1 parameters username imsi mac iface ip calledstationid 2.44.4. User_removed_timeout (id: 07500004) default severity notice log message user was removed due to timeout. Explanation a user was removed because a timeout was reached. Gateway action none recommended action none. Revision 1 para... Log message user was logged out. Explanation a user was logged out. Gateway action none recommended action none. Revision 1 parameters username imsi mac iface ip 2.44.7. Login_from_same_mac (id: 07500007) default severity notice log message user is logging from in the same mac address as , logging o... Ip port 2.44.9. Login_from_new_mac (id: 07500010) default severity notice log message user is logging in from another mac address, logging out current user. Explanation an already authenticated user is logging in from a new mac address than before. The current user instance will be logged out. Gatew... 2.45. Realtimemonitor these log messages refer to the realtimemonitor (real-time monitor events) category. Note the log message ids in this category are assigned dynamically based on the realtime monitor configuration. The variable part of the id (indicated by x below) corresponds to the assigned id... 2.45.3. Value_below_high_threshold (id: 054xxxxx) default severity informational log message firewall monitoring. Current uptime: . The value of: is now bellow the high threshold low threshold: current mean of : . Explanation low threshold passed. Gateway action none recommended action none. Revisio... 2.46. Reassembly these log messages refer to the reassembly (events concerning data reassembly) category. 2.46.1. Ack_of_not_transmitted_data (id: 04800002) default severity informational log message tcp segment acknowledges data not yet transmitted explanation a tcp segment that acknowledges data n... Recommended action research the source of this errornous traffic. Revision 1 context parameters connection 2.46.4. Memory_allocation_failure (id: 04800005) default severity error log message can't allocate memory to keep track of a packet explanation the gateway is unable to allocate memory to keep ... 2.46.7. Processing_memory_limit_reached (id: 04800009) default severity notice log message maximum processing memory limit reached explanation the reassembly subsystem has reached the maximum limit set on its processing memory. This will decrease the performance of connections that are processed by ... 2.47. Rfo these log messages refer to the rfo (route fail over events) category. 2.47.1. Has_ping (id: 04100001) default severity notice log message interface , table , net : route enabled, got ping reply from gw explanation route is available. Received ping reply from the gateway. Gateway action no... Reply from the gateway. Gateway action route_disabled recommended action none. Revision 1 parameters iface table net gateway 2.47.4. Unable_to_register_pingmon (id: 04100004) default severity warning log message interface , table , net : route no longer monitored, unable to register ping monitor exp... 2.47.6. Has_arp (id: 04100006) default severity notice log message interface , table , net : route enabled, got arp reply from gateway explanation route is available. Received arp reply from the gateway. Gateway action route_enabled recommended action none. Revision 2 parameters iface table net gate... Revision 1 parameters iface table net gateway 2.47.9. Unable_to_register_arp_monitor (id: 04100009) default severity warning log message interface , table , net : route no longer monitored via arp, unable to register arp monitor explanation internal error: the route is no longer monitored. Failed to... Explanation the interface has a link. Some associated routes may require arp to be enabled. Gateway action none recommended action none. Revision 2 parameters iface 2.47.12. Unable_to_register_interface_monitor (id: 04100012) default severity error log message interface , table , net : route no long... Default severity notice log message interface , table , net : route disabled, host monitoring failed explanation route is disabled. Host monitoring failed. Gateway action route_disabled recommended action none. Revision 1 parameters iface table net 2.47.15. Hostmon_successful (id: 04100015) default ... 2.48. Rule these log messages refer to the rule (events triggered by rules) category. 2.48.1. Ruleset_fwdfast (id: 06000003) default severity notice log message packet statelessly forwarded (fwdfast) explanation the packet matches a rule with a "fwdfast" action, and is statelessly forwarded. Gateway... Context parameters rule name rule information packet buffer 2.48.4. Rule_match (id: 06000007) default severity debug log message return action trigged explanation a rule with a special return action was trigged by an ip-rule lookup. This log message only appears if you explicitly requested it for th... Section in the configuration. Revision 1 context parameters rule name packet buffer 2.48.7. Block127net (id: 06000012) default severity warning log message destination address is the 127.* net. Dropping explanation the destination address was the 127.* net, which is not allowed according to the conf... Recommended action none. Revision 1 context parameters rule name packet buffer 2.48.10. Allow_broadcast (id: 06000016) default severity notice log message broadcast packet statelessly forwarded explanation the broadcast packet matches a rule with a "allow" action, and is statelessly forwarded. Gatew... Recommended action if this type of traffic should be dropped, modify the "settings" section in the configuration. Revision 1 context parameters rule name packet buffer 2.48.13. Directed_broadcasts (id: 06000030) default severity notice log message packet directed to the broadcast address of the dest... Packet is dropped. Gateway action drop recommended action none. Revision 3 parameters type vlanid context parameters rule name packet buffer 2.48.16. Ruleset_reject_packet (id: 06000050) default severity warning log message packet rejected by rule-set. Rejecting explanation the rule-set is configure... Explanation a packet directed to the unit itself was received. The packet is allowed, but there is no matching state information for this packet. It is not part of any open connections, and will be dropped. Gateway action drop recommended action none. Revision 1 context parameters rule name packet b... 2.48.21. Ip4_address_removed (id: 06000072) default severity informational log message ip address removed from fqdn address used in ippolicy explanation the ippolicy address filter was updated by the dns cache. Gateway action policy_updated recommended action none. Revision 1 parameters fqdn_name di... Recommended action verify that the fqdn address was entered correctly. Revision 1 parameters fqdn_name dir context parameters rule name 2.48.24. Dns_timeout (id: 06000075) default severity error log message dns query of fqdn address in ippolicy filter timed out. Explanation the dns cache did not rec... 2.49. Services these log messages refer to the services (system services events) category. 2.49.1. Httpposter_success (id: 06600100) default severity notice log message success updating using http poster, next update in seconds explanation the http poster update failed. Gateway action none recommend... Gateway action none recommended action none. Revision 1 parameters host retry_delay reason chapter 2: log message reference 542. 2.50. Sesmgr these log messages refer to the sesmgr (session manager events) category. 2.50.1. Sesmgr_session_created (id: 04900001) default severity notice log message session connected for user: . Database: . Ip: . Type: . Explanation new session created in session manager. Gateway action none rec... Recommended action none. Revision 1 parameters user database ip type 2.50.4. Sesmgr_access_set (id: 04900004) default severity notice log message access level changed to for user: . Database: . Ip: . Type: . Explanation access level has been changed for session. Gateway action none recommended actio... Log message file upload connection denied for user: . Ip: . Type: . Explanation administrator session already active, file upload session denied. Gateway action deny_upload recommended action terminate administrator session and try again. Revision 1 parameters user ip type 2.50.7. Sesmgr_console_den... Log message could not allocate memory for new session explanation could not allocate memory for new session. Gateway action none recommended action check memory. Revision 1 2.50.10. Sesmgr_session_activate (id: 04900010) default severity notice log message session has been activated for user: . Data... Log message could not create new console at initialization of firewall for user: . Database: . Ip: . Type: . Explanation could not create new console at initialization of firewall. Gateway action remove_session recommended action check maximum number of sessions and consoles. Revision 1 parameters u... 2.50.15. Sesmgr_file_error (id: 04900017) default severity alert log message error accessing files. Explanation error occured when accessing files for reading/writing. Gateway action file_error recommended action check available memory. Revision 1 2.50.16. Sesmgr_techsupport (id: 04900018) default s... 2.51. Slb these log messages refer to the slb (slb events) category. 2.51.1. Server_online (id: 02900001) default severity notice log message slb server is online according to monitor explanation a disabled server has been determined to be alive again. Gateway action adding this server to the active... 2.52. Smtplog these log messages refer to the smtplog (smtplog events) category. 2.52.1. Unable_to_establish_connection (id: 03000001) default severity warning log message unable to establish connection to smtp server . Send aborted explanation the unit failed to establish a connection to the smtp s... Parameters smtp_server 2.52.4. Receive_timeout (id: 03000005) default severity warning log message receive timeout from smtp server . Send aborted explanation the unit timed out while receiving data from the smtp server. No smtp log will be sent. Gateway action abort_sending recommended action none.... 2.52.7. Rejected_sender (id: 03000008) default severity warning log message smtp server rejected sender . Send aborted explanation the smtp server rejected the sender. No smtp log will be sent. Gateway action abort_sending recommended action verify that the smtp server is configured to accept this s... Default severity warning log message smtp server rejected data request. Send aborted explanation the smtp server rejected the data request. No smtp log will be sent. Gateway action none recommended action verify that the smtp server is properly configured. Revision 1 parameters smtp_server 2.52.11. ... Log message ip address removed from fqdn address used in smtp logger . Explanation the ip address used by [logger] has been deleted by the dns module. Gateway action smtplogger_updated recommended action none. Revision 1 parameters ip fqdn_name logger 2.52.14. Dns_no_record (id: 03000022) default se... Default severity error log message dns query of fqdn address in smtp logger failed. Explanation the system was unable to resolve the fqdn address due to an internal error. Gateway action none recommended action if the problem persists, please contact the support and report this issue. Revision 1 par... Logger chapter 2: log message reference 556. 2.53. Snmp these log messages refer to the snmp (allowed and disallowed snmp accesses) category. 2.53.1. Disallowed_sender (id: 03100001) default severity notice log message disallowed snmp from , disallowed sender ip explanation the sender ip address is not allowed to send snmp data to the unit. Dr... Revision 1 parameters peer context parameters connection 2.53.4. Snmp3_local_password_too_short (id: 03100101) default severity notice log message disallowed snmp from , local password is too short explanation snmpv3 specification rfc3414 ch. 11.2 demands that the passowrd is at least 8 characters. ... Gateway action drop recommended action make sure the security level of the snmp client match the security level of the system. Revision 1 parameters peer context parameters connection 2.53.7. Snmp3_message_intended_for_other_system (id: 03100104) default severity warning log message disallowed snmp ... Default severity notice log message disallowed snmp from , message is outside of the time window +/-150 seconds explanation according to snmpv3 specification rfc3414 a message containing engine time that differs more than +/-150 seconds from current time is to be dropped to prevent replay attacks. G... 2.53.12. Snmp3_decryption_failed (id: 03100109) default severity warning log message disallowed snmp from , decryption failed explanation the snmp decryption failed. Gateway action drop recommended action check that peer uses correct cipher. Revision 1 parameters peer context parameters connection 2... 2.54. Sshd these log messages refer to the sshd (ssh server events) category. 2.54.1. Out_of_mem (id: 04700001) default severity error log message out of memory explanation memory allocation failure. System is running low on ram memory. Gateway action close recommended action try to free some of the... 2.54.4. Error_occurred (id: 04700005) default severity error log message occurred with the connection from client . Explanation an error occurred, and the connection will be closed. Gateway action close recommended action none. Revision 1 parameters error client 2.54.5. Invalid_mac (id: 04700007) de... Log message username change is not allowed. From name to client. Client: explanation user changed the username between two authentication phases, which is not allowed. Closing connection. Gateway action close recommended action none. Revision 1 parameters fromname toname client 2.54.8. Invalid_usern... Default severity warning log message ssh login grace timeout ( seconds) expired, closing connection. Client: explanation the client failed to login within the given login grace time. Closing connection. Gateway action close recommended action increase the grace timeout value if it is set too low. Re... Default severity error log message dsa signature verification for client failed. Explanation the client dsa signuature could not be verified. Closing connection. Gateway action close recommended action none. Revision 1 parameters client 2.54.14. Key_algo_not_supported. (id: 04700055) default severit... Default severity warning log message maximum number of connected ssh clients () has been reached. Denying acces for client: . Explanation the maximum number of simultaneously connected ssh clients has been reached. Denying access for this attempt, and closing the connection. Gateway action close rec... 2.54.19. Scp_failed_not_admin (id: 04704000) default severity notice log message administrator access could not set for session from this ip: explanation scp transfers can only be used if sessions has administrator access. Closing connection. Gateway action close recommended action if there are othe... 2.55. Sslvpn these log messages refer to the sslvpn (sslvpn events.) category. 2.55.1. Sslvpn_session_created (id: 06300010) default severity informational log message ssl vpn session created :->: at explanation ssl vpn session created [remoteip]:[remoteport]->[localip]:[localport] at [ssliface]. Ga... Reached. Explanation ssl vpn can not create session. Maximun allowed sslvpn tunnels reached. Gateway action none recommended action none. Revision 2 2.55.4. Failure_init_radius_accounting (id: 06300013) default severity warning log message failed to send accounting start to radius accounting server.... Log message unknown ssl vpn authentication source for ! Remote gateway: explanation the authentication source for the specified userauth rule found in the new configuration is unknown to the ssl vpn server. Closing down the ssl vpn connection. Gateway action sslvpn_connection_closed recommended acti... Default severity warning log message unknown ssl vpn authentication source for !. Interface: , remote gateway: . Explanation the authentication source for the specified userauth rule is unknown to the ssl vpn server. Gateway action none recommended action make sure the userauth rules are configured ... 2.56. System these log messages refer to the system (system-wide events: startup, shutdown, etc..) category. 2.56.1. Demo_expired (id: 03200020) default severity emergency log message the unit will no longer operate, as the demo period has expired. Install a license in order to avoid this. Explanati... Parameters reason time 2.56.4. Demo_mode (id: 03200023) default severity alert log message demo mode resumed at the count of seconds. Reason: . Explanation demo mode resumed at the count of [time] seconds. Reason: [reason]. Gateway action shutdown_soon recommended action install a license. Revision ... 2.56.7. Invalid_ip_match_access_section (id: 03200110) default severity warning log message failed to verify ip address as per access section. Dropping explanation the ip address was not verified according to the access section. Gateway action drop recommended action none. Revision 1 context paramet... Explanation the system has identified a hardware watchdog and initialized it. Gateway action none recommended action none. Revision 1 parameters hardware_watchdog_chip watchdog_timeout 2.56.11. Port_bind_failed (id: 03200300) default severity alert log message out of memory while tying to allocate d... Log message using high load mode for local ip destination ip pair explanation mode for local ip - destination ip pair has changed to high load because of heavy traffic. Gateway action none recommended action none. Revision 1 parameters localip destip 2.56.14. Port_llm_conversion (id: 03200303) defau... Default severity warning log message log messages lost due to log buffer exhaustion explanation due to extensive logging, a number of log messages was not sent. Gateway action none recommended action examine why the unit sent such a large amount of log messages. If this is normal activity, the "logs... Default severity error log message failed to open newly uploaded configuration file explanation the unit failed to open the uploaded configuration file. Gateway action none recommended action verify that the disk media is intact. Revision 1 parameters new_cfg 2.56.20. Disk_cannot_remove (id: 0320060... Explanation for reasons specified in earlier log events, the unit failed to switch to the new configuration and will continue to use the present configuration. Gateway action none recommended action consult the recommended action in the previous log message, which contained a more detailed error des... Explanation ip rules or policies have been altered due to changes in the configuration. Gateway action none recommended action none. Revision 1 parameters date 2.56.26. User_blocked (id: 03200802) default severity notice log message login for user : has failed: currently in blocked state for the nex... Log message shutdown aborted. Core file missing explanation the unit was issued a shutdown command, but no core executable file is seen. The shutdown process is aborted. Gateway action shutdown_gateway_aborted recommended action verify that the disk media is intact. Revision 1 parameters shutdown re... Log message firewall starting. Core: . Build: . Current uptime: . Using configuration file , version . Previous shutdown: explanation the firewall is starting up. Gateway action none recommended action none. Revision 2 parameters corever build uptime cfgfile localcfgver remotecfgver previous_shutdow... Recommended action none. Revision 1 parameters shutdown 2.56.34. Admin_login (id: 03203000) default severity notice log message administrative user logged in via . Access level: explanation an administrative user has logged in to the configuration system. Gateway action none recommended action none.... 2.56.36. Admin_login_failed (id: 03203002) default severity warning log message administrative user failed to log in via , because of bad credentials explanation an administrative user failed to log in to configuration system. This is most likely due to an invalid entered username or password. Gatew... Default severity notice log message ssl vpn user logged in via . Explanation an ssl vpn user has logged in to the ssl vpn user page. Gateway action none recommended action none. Revision 1 parameters authsystem username userdb server_ip server_port client_ip client_port 2.56.39. Activate_changes_fai... Config_system 2.56.41. Reject_configuration (id: 03204002) default severity notice log message new configuration rejected by user from . Explanation the new configuration has been rejected. Gateway action reconfiguration_using_old_config recommended action none. Revision 1 parameters username userdb... Recommended action none. Revision 1 parameters authsystem username userdb client_ip access_level 2.56.44. Admin_login_group_mismatch (id: 03206001) default severity warning log message administrative user not allowed access via explanation the user does not have proper administration access to the c... 2.56.46. Admin_authsource_timeout (id: 03206003) default severity error log message remote server(s) could not be reached when attempting to authenticate administrative user . Explanation the unit did not receive a response from the authentication servers, and the authentication process failed. Gate... Recommended action none. Revision 1 parameters uri method context parameters user authentication 2.56.49. Bad_user_credentials (id: 03207011) default severity notice log message unable to decode authentication explanation rest api call failed. Unable to decode authentication. Gateway action none rec... Gateway action none recommended action none. Revision 1 parameters uri method context parameters user authentication chapter 2: log message reference 591. 2.57. Tcp_flag these log messages refer to the tcp_flag (events concerning the tcp header flags) category. 2.57.1. Tcp_flags_set (id: 03300001) default severity notice log message the tcp and flags are set. Allowing explanation the possible combinations for these flags are: syn urg, syn psh, syn rst... Default severity notice log message the tcp flag is set. Ignoring explanation the tcp flag is set. Ignoring. Gateway action ignore recommended action none. Revision 1 parameters bad_flag context parameters rule name packet buffer 2.57.4. Tcp_flag_set (id: 03300004) default severity notice log messag... Default severity warning log message the tcp and flags are set. Dropping explanation the possible combinations for these flags are: syn urg, syn psh, syn rst, syn fin and fin urg. Gateway action drop recommended action if any of these combinations should either be ignored or having the bad flag stri... Parameters flags endpoint state context parameters rule name connection packet buffer 2.57.9. Mismatched_syn_resent (id: 03300011) default severity warning log message mismatched syn "resent" with seq , expected . Dropping explanation mismatching sequence numbers. Dropping packet. Gateway action dro... Log message synack packet with seq . Expected . Dropping explanation mismatching sequence numbers. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters seqno expectseqno context parameters rule name connection packet buffer 2.57.12. Rst_out_of_bounds (id: 03300015) def... Parameters seqno accstart accend context parameters rule name connection packet buffer 2.57.14. Unacceptable_ack (id: 03300017) default severity notice log message tcp acknowledgement is not in the acceptable range -. Dropping explanation a tcp segment with an unacceptable acknowledgement number was... Default severity warning log message tcp sequence number is not in the acceptable range -. Dropping explanation a tcp segment with an unacceptable sequence number was received. The packet will be dropped. Gateway action drop recommended action none. Revision 1 parameters seqno accstart accend contex... Recommended action if the system is configured to use tcp based algs, increase the amount of maximum sessions parameter on the associated service. Revision 1 parameters max_windows [num_events] 2.57.19. Tcp_get_freesocket_failed (id: 03300024) default severity warning log message system was not able... 2.58. Tcp_opt these log messages refer to the tcp_opt (events concerning the tcp header options) category. 2.58.1. Tcp_mss_too_low (id: 03400001) default severity notice log message tcp mss too low. Tcpmssmin= explanation the tcp mss is too low. Ignoring. Gateway action ignore recommended action non... Explanation the tcp mss is too high. Ignoring. Gateway action none recommended action none. Revision 1 parameters tcpopt mss maxmss context parameters rule name packet buffer 2.58.4. Tcp_mss_too_high (id: 03400004) default severity notice log message tcp mss too high. Tcpmssmax=. Adjusting explanati... Packet buffer 2.58.6. Tcp_option (id: 03400006) default severity notice log message packet has a type tcp option explanation the packet has a tcp option of the specified type. Ignoring. Gateway action ignore recommended action none. Revision 1 parameters tcpopt context parameters rule name packet bu... Parameters tcpopt minoptlen avail context parameters rule name packet buffer 2.58.9. Bad_tcpopt_length (id: 03400011) default severity warning log message type claims length= bytes, avail= bytes. Dropping explanation the tcp option type does not fit in the option space. Dropping packet. Gateway acti... Default severity warning log message tcp mss too low. Tcpmssmin=. Dropping explanation the tcp mss is too low. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters tcpopt mss minmss context parameters rule name packet buffer 2.58.12. Tcp_mss_too_high (id: 03400014) def... Packet buffer 2.58.14. Tcp_null_flags (id: 03400016) default severity warning log message packet has no syn, ack, fin or rst flag set. Dropping explanation the packet has no syn, ack, fin or rst flag set. Dropping packet. Gateway action drop recommended action none. Revision 1 context parameters rul... Context parameters connection packet buffer 2.58.17. Mismatching_tcp_window_scale (id: 03400019) default severity warning log message mismatching tcp window scale shift count. Expected got will use explanation tcp segment with a window scale option specifying a different shift count than previous se... 2.59. Threshold these log messages refer to the threshold (threshold rule events) category. 2.59.1. Conn_threshold_exceeded (id: 05300100) default severity warning log message connection threshold exceeded . Source ip: . Closing connection explanation the source ip is opening up new connections too ... Gateway action none recommended action investigate worms and dos attacks. Revision 1 parameters description threshold srcip context parameters rule name 2.59.4. Failed_to_keep_connection_count (id: 05300200) default severity error log message failed to keep connection count. Reason: out of memory ex... Exceeds . Explanation the number of connections matching the threshold rule and originating from a single host exceeds the configured threshold. Note: this log message is rate limited via an exponential back-off procedure. Gateway action none recommended action none. Revision 1 parameters threshold ... Recommended action none. Revision 1 parameters threshold srcip [username] context parameters rule name 2.59.9. Threshold_conns_from_filter_exceeded (id: 05300213) default severity notice log message the number of connections matching the rule exceeds . The offending host is . Explanation the number ... 2.60. Timesync these log messages refer to the timesync (firewall time synchronization events) category. 2.60.1. Synced_clock (id: 03500001) default severity notice log message the clock at , was off by second(s) and synchronized with to explanation the clock has been synchronized with the time serv... Revision 1 parameters clockdrift timeserver interval 2.60.4. Leaving_daylight_saving (id: 03500010) default severity notice log message leaving daylight saving time and switching to non-dst time zone. Explanation automatic dst is activated and time is adjusted by the system. Gateway action none reco... Parameters location chapter 2: log message reference 613. 2.61. Transparency these log messages refer to the transparency (events concerning the transparent mode feature) category. 2.61.1. Impossible_hw_sender_address (id: 04400410) default severity warning log message impossible hardware sender address 0000:0000:0000. Dropping. Explanation some equipment ... Gateway action rewrite recommended action none. Revision 1 context parameters rule name packet buffer 2.61.4. Enet_hw_sender_broadcast (id: 04400413) default severity warning log message ethernet hardware sender is a broadcast address. Dropping. Explanation the ethernet hardware sender address is a ... Explanation the ethernet hardware sender address is a multicast address. The packet will be rewritten with the hardware sender address of the forwarding interface. Gateway action rewrite recommended action none. Revision 1 context parameters rule name packet buffer 2.61.7. Enet_hw_sender_multicast (... Log message dropping stp frame from explanation an incoming stp frame has been dropped. Gateway action drop recommended action none. Revision 1 parameters recvif 2.61.10. Invalid_stp_frame (id: 04400419) default severity warning log message incoming stp frame from dropped. Reason: explanation an inc... Default severity informational log message dropping mpls packet from explanation an incoming mpls packet has been dropped. Gateway action drop recommended action none. Revision 1 parameters recvif 2.61.13. Invalid_mpls_packet (id: 04400422) default severity warning log message incoming mpls packet o... 2.62. Userauth these log messages refer to the userauth (user authentication (e.G. Radius) events) category. 2.62.1. Accounting_start (id: 03700001) default severity informational log message successfully received radius accounting start response from radius accounting server explanation the unit re... Gateway action accounting_disabled recommended action verify that the radius accounting server daemon is running on the accounting server. Revision 2 context parameters user authentication 2.62.4. Invalid_accounting_start_server_response (id: 03700004) default severity alert log message received an ... Log message logging out the authenticated user, as an invalid radius accounting start response was received from radius accounting server explanation the authenticated user is logged out as an invalid response to the accounting-start event was received from the accounting server. Gateway action logo... Gigawrapsent gigawraprecv sestime context parameters user authentication 2.62.9. Invalid_accounting_stop_server_response (id: 03700009) default severity warning log message received a radius accounting stop response with an identifier mismatch. Ignoring this packet explanation the unit received a re... Accounting server. User statistics might not have been updated on the accounting server explanation the unit received an invalid response to an accounting-stop event from the accounting server. Accounting information might not have been propery received by the accounting server. Gateway action none ... Default severity alert log message did not send a radius accounting start request. Accounting has been disabled explanation the unit did not send an accounting-start event to the accounting server. Accounting features will be disabled. This could be a result of missing a route from the unit to the a... 2.62.17. Accounting_alive (id: 03700050) default severity notice log message successfully received radius accounting interim response from radius accounting server. Bytes sent=, bytes recv=, packets sent=, packets recv=, session time= explanation the unit successfully received a radius accounting in... Default severity alert log message did not receive a radius accounting interim response. User statistics might not have been updated on the accounting server explanation the unit did not receive a response to an accounting-interim event from the accounting server. Accounting information might not ha... Revision 2 context parameters user authentication 2.62.22. Relogin_from_new_srcip (id: 03700100) default severity warning log message user with the same username is logging in from another ip address, logging out current instance explanation a user with the same username as an already authenticated ... Parameters idle_timeout session_timeout [groups] context parameters user authentication 2.62.25. Bad_user_credentials (id: 03700104) default severity notice log message unknown user or invalid password explanation a user failed to log in. The entered username or password was invalid. Gateway action ... Revision 2 context parameters user authentication 2.62.28. Userauthrules_disallowed (id: 03700107) default severity warning log message denied access according to userauthrules rule-set explanation the user is not allowed to authenticate according to the userauthrules rule-set. Gateway action none r... Context parameters user authentication 2.62.31. Ldap_session_new_out_of_memory (id: 03700401) default severity alert log message out of memory while trying to allocate new ldap session explanation the unit failed to allocate a ldap session, as it is out of memory. Gateway action none recommended act... Log message ldap authentication failed for explanation authentication attempt failed. Gateway action none recommended action none. Revision 1 parameters user 2.62.35. Ldap_context_new_out_of_memory (id: 03700405) default severity alert log message out of memory while trying to allocate new ldap cont... Recommended action check configuration. Revision 1 parameters database 2.62.38. Invalid_username_or_password (id: 03700408) default severity error log message invalid provided username or password explanation username or password does not contain any information. Gateway action authentication_failed... 2.62.41. Ldap_no_working_server_found (id: 03700424) default severity notice log message ldap no working server found explanation ldap no working server found. Gateway action none recommended action none. Revision 1 parameters sessionid user 2.62.42. No_shared_ciphers (id: 03700500) default severity... Revision 2 parameters client_ip 2.62.44. Bad_packet_order (id: 03700502) default severity error log message bad ssl handshake packet order. Closing down ssl connection explanation two or more ssl handshake message were received in the wrong order, and the ssl connection is closed. Gateway action ssl... Parameters client_ip 2.62.47. Bad_clientkeyexchange_msg (id: 03700505) default severity error log message ssl handshake: bad clientkeyexchange message. Closing down ssl connection explanation the clientkeyexchange message (which is a part of a ssl handshake) is invalid, and the ssl connection is clo... 2.62.50. Unknown_ssl_error (id: 03700508) default severity error log message unknown ssl error. Closing down ssl connection explanation an unknown error occured in the ssl connection, and the ssl connection is closed. Gateway action ssl_close recommended action none. Revision 1 parameters client_ip ... Description 2.62.53. Sent_sslalert (id: 03700511) default severity error log message sent ssl alert. Closing down ssl connection explanation the unit has sent a ssl alert message to the client, due to some abnormal event. The connection will be closed down. Gateway action close recommended action co... Recommended action none. Revision 2 context parameters user authentication 2.62.56. User_login (id: 03707002) default severity notice log message user logged in. Idle timeout: , session timeout: explanation a user logged in and has been granted access. The mac address has been found. Gateway action ... Recommended action verify that the ldap authentication server daemon is running on the authenication server. Revision 2 context parameters user authentication 2.62.59. Bad_user_credentials (id: 03707005) default severity notice log message unknown user explanation a user failed to log in. Gateway ac... 2.63. Vfs these log messages refer to the vfs (vfs file handling events) category. 2.63.1. Odm_execute_failed (id: 05200001) default severity notice log message usage of file "" failed. File validated as "". Explanation an uploaded file ([filename]) was validated as "[description]". An error occured... Recommended action none. Revision 1 parameters filename description 2.63.4. Odm_execute_action_none (id: 05200004) default severity notice log message uploaded file () could not be recognized as a known type. Explanation an uploaded file could not be recognized as a known type. Gateway action none r... Recommended action make sure that the certificate data is of the correct format. Revision 1 parameters filename 2.63.7. Upload_certificate_fail (id: 05200007) default severity notice log message certificate data in file , could not be added to the configuration explanation certificate data could not... Revision 1 2.63.10. Secaas_lic_installation_failed (id: 05208003) default severity emergency log message license file could not be installed. Explanation none. Gateway action none recommended action none. Revision 1 chapter 2: log message reference 643. 2.64. Zonedefense these log messages refer to the zonedefense (zonedefense events) category. 2.64.1. Unable_to_allocate_send_entries (id: 03800001) default severity warning log message unable to allocate send entry. Sending of request to abandoned. Explanation unable to allocate send entry. Unit is ... 2.64.4. Switch_out_of_ip_profiles (id: 03800004) default severity warning log message unable to accommodate block request since out of ip profiles on . Explanation there are no free ip profiles left on the switch. No more hosts can be be blocked/excluded on this switch. Gateway action no_block recom... 2.64.7. No_response_trying_to_create_rule (id: 03800007) default severity critical log message no response from switch while trying to create rule in profile . Explanation several attempts to create a rule in the switch has timed out. No more attempts will be made. Gateway action no_rule recommended... 2.64.10. No_response_trying_to_erase_profile (id: 03800010) default severity critical log message no response from switch while trying to erase profile . Explanation several attempts to erase a profile in the switch has timed out. No more attempts will be made. Gateway action none recommended action... 2.64.13. Timeout_saving_configuration (id: 03800013) default severity critical log message timeout to save configuration on . Explanation several attempts to save the configuration in the switch has timed out. No more attempts will be made. Gateway action none recommended action verify that the fire... 2.64.16. Zonedefense_table_exhausted (id: 03800016) default severity warning log message unable to accommodate block request since free space in zone defense table is exhausted. Explanation number of free row in zone defense table is 0. Can not block more hosts. Gateway action no_block recommended a... 2.64.19. Enabling_zonedefense_failed (id: 03800019) default severity critical log message zonedefense has failed to be enabled on . Explanation an attempt to automatically enable the zonedefense feaure has been made but failed. No further attempts will be made. Gateway action none recommended action... Chapter 2: log message reference 651. Chapter 2: log message reference 652., Net
Summary of DFL-260E
Page 1
Page 2: Log Reference Guide
Page 3: Log Reference Guide
Page 4: Table Of Contents
Page 5
Page 6
Page 7
Page 8
Page 9
Page 10
Page 11
Page 12
Page 13
Page 14
Page 15
Page 16
Page 17
Page 18
Page 19
Page 20
Page 21
Page 22
Page 23
Page 24
Page 25
Page 26
Page 27
Page 28
Page 29
Page 30
Page 31
Page 32: List Of Tables
Page 33: List Of Examples
Page 34: Preface
Page 35
Page 36: Chapter 1: Introduction
Page 37
Page 38: 1.2. Context Parameters
Page 39
Page 40
Page 41
Page 42
Page 43: 1.3. Severity Levels
Page 44
Page 45
Page 46
Page 47: 2.1. Alg
Page 48
Page 49
Page 50
Page 51
Page 52
Page 53
Page 54
Page 55
Page 56
Page 57
Page 58
Page 59
Page 60
Page 61
Page 62
Page 63
Page 64
Page 65
Page 66
Page 67
Page 68
Page 69
Page 70
Page 71: 00200160)
Page 72
Page 73: 00200171)
Page 74
Page 75
Page 76
Page 77: (Id: 00200195)
Page 78
Page 79
Page 80
Page 81
Page 82
Page 83
Page 84
Page 85
Page 86
Page 87
Page 88
Page 89: 00200236)
Page 90
Page 91
Page 92
Page 93
Page 94
Page 95
Page 96
Page 97
Page 98
Page 99
Page 100
Page 101
Page 102
Page 103: 00200311)
Page 104
Page 105: 00200317)
Page 106
Page 107
Page 108
Page 109
Page 110
Page 111
Page 112
Page 113
Page 114
Page 115
Page 116
Page 117
Page 118
Page 119: 00200391)
Page 120
Page 121
Page 122
Page 123
Page 124
Page 125
Page 126
Page 127
Page 128
Page 129
Page 130
Page 131
Page 132: 00200512)
Page 133
Page 134
Page 135
Page 136
Page 137
Page 138
Page 139
Page 140
Page 141
Page 142
Page 143
Page 144
Page 145
Page 146
Page 147
Page 148
Page 149
Page 150
Page 151
Page 152
Page 153
Page 154
Page 155
Page 156
Page 157
Page 158
Page 159: 2.2. Antispam
Page 160
Page 161
Page 162
Page 163
Page 164
Page 165
Page 166: 05900196)
Page 167
Page 168
Page 169
Page 170
Page 171: 2.3. Antivirus
Page 172
Page 173
Page 174
Page 175
Page 176
Page 177
Page 178
Page 179
Page 180
Page 181
Page 182
Page 183
Page 184: 2.4. Appcontrol
Page 185
Page 186
Page 187
Page 188
Page 189: 2.5. Arp
Page 190
Page 191
Page 192
Page 193
Page 194
Page 195
Page 196: 2.6. Authagents
Page 197
Page 198
Page 199
Page 200
Page 201
Page 202: 2.7. Avse
Page 203: 2.8. Avupdate
Page 204
Page 205
Page 206: 2.9. Blacklist
Page 207
Page 208: 2.10. Buffers
Page 209: 2.11. Conn
Page 210
Page 211
Page 212
Page 213
Page 214
Page 215
Page 216
Page 217: 2.12. Dhcp
Page 218
Page 219
Page 220
Page 221
Page 222
Page 223: 2.13. Dhcprelay
Page 224
Page 225: 00800010)
Page 226: (Id: 00800011)
Page 227: (Id: 00800014)
Page 228: 00800016)
Page 229
Page 230: (Id: 00800022)
Page 231
Page 232
Page 233
Page 234: 2.14. Dhcpserver
Page 235: (Id: 00900006)
Page 236: (Id: 00900008)
Page 237
Page 238
Page 239
Page 240
Page 241: 00900025)
Page 242
Page 243
Page 244: 2.15. Dhcpv6Client
Page 245
Page 246
Page 247
Page 248: 2.16. Dhcpv6Server
Page 249
Page 250
Page 251
Page 252
Page 253
Page 254
Page 255: 2.17. Dnscache
Page 256: 2.18. Dynrouting
Page 257
Page 258
Page 259: 2.19. Frag
Page 260
Page 261
Page 262
Page 263: 02000010)
Page 264
Page 265
Page 266
Page 267
Page 268
Page 269
Page 270
Page 271: 2.20. Geoip
Page 272: 2.21. Gre
Page 273
Page 274
Page 275: 2.22. Ha
Page 276
Page 277
Page 278
Page 279
Page 280
Page 281: (Id: 01200201)
Page 282
Page 283
Page 284
Page 285: 2.23. Hwm
Page 286
Page 287
Page 288
Page 289
Page 290: 2.24. Idp
Page 291
Page 292
Page 293
Page 294
Page 295
Page 296
Page 297
Page 298
Page 299: 2.25. Idppipes
Page 300
Page 301
Page 302: 2.26. Idpupdate
Page 303
Page 304
Page 305: 2.27. Ifacemon
Page 306
Page 307: 2.28. Igmp
Page 308
Page 309
Page 310
Page 311
Page 312
Page 313
Page 314: 04200020)
Page 315
Page 316
Page 317: 2.29. Ip6In4
Page 318
Page 319
Page 320: 2.30. Ippool
Page 321
Page 322
Page 323
Page 324
Page 325
Page 326: 2.31. Ipsec
Page 327
Page 328
Page 329
Page 330
Page 331
Page 332
Page 333
Page 334
Page 335
Page 336
Page 337
Page 338
Page 339
Page 340
Page 341
Page 342
Page 343
Page 344
Page 345
Page 346
Page 347: (Id: 01800502)
Page 348
Page 349
Page 350
Page 351
Page 352
Page 353
Page 354
Page 355: 01800640)
Page 356
Page 357
Page 358
Page 359
Page 360
Page 361
Page 362
Page 363
Page 364
Page 365
Page 366
Page 367
Page 368
Page 369: 01802101)
Page 370: 01802110)
Page 371
Page 372: 01802201)
Page 373: 01802203)
Page 374
Page 375
Page 376: (Id: 01802213)
Page 377
Page 378
Page 379
Page 380
Page 381: 01802403)
Page 382: 01802404)
Page 383
Page 384: 01802602)
Page 385
Page 386
Page 387
Page 388
Page 389
Page 390
Page 391
Page 392: 01803000)
Page 393
Page 394: 01803302)
Page 395
Page 396
Page 397
Page 398: 2.32. Ipv6_Nd
Page 399: 06400030)
Page 400
Page 401
Page 402
Page 403
Page 404
Page 405
Page 406
Page 407
Page 408
Page 409
Page 410
Page 411
Page 412
Page 413
Page 414
Page 415
Page 416
Page 417
Page 418: 2.33. Ip_Error
Page 419
Page 420
Page 421
Page 422
Page 423: 2.34. Ip_Flag
Page 424
Page 425: 2.35. Ip_Opt
Page 426
Page 427
Page 428
Page 429
Page 430
Page 431
Page 432
Page 433
Page 434
Page 435
Page 436
Page 437
Page 438
Page 439
Page 440
Page 441
Page 442
Page 443
Page 444
Page 445: 2.36. Ip_Proto
Page 446
Page 447
Page 448
Page 449: 07000033)
Page 450
Page 451
Page 452
Page 453
Page 454
Page 455
Page 456
Page 457: 2.37. L2Tp
Page 458: 02800006)
Page 459
Page 460
Page 461
Page 462
Page 463
Page 464
Page 465
Page 466: 2.38. Lacp
Page 467
Page 468
Page 469: 2.39. Natpool
Page 470
Page 471
Page 472
Page 473
Page 474: 2.40. Ospf
Page 475
Page 476
Page 477
Page 478
Page 479
Page 480
Page 481
Page 482
Page 483
Page 484
Page 485
Page 486: 02400155)
Page 487
Page 488
Page 489
Page 490
Page 491: 02400301)
Page 492: (Id: 02400303)
Page 493: (Id: 02400401)
Page 494: (Id: 02400402)
Page 495: (Id: 02400405)
Page 496: (Id: 02400407)
Page 497
Page 498: 2.41. Ppp
Page 499: 02500004)
Page 500: 02500050)
Page 501
Page 502
Page 503
Page 504
Page 505
Page 506: 2.42. Pppoe
Page 507: 2.43. Pptp
Page 508: 02700006)
Page 509
Page 510
Page 511
Page 512
Page 513
Page 514
Page 515
Page 516
Page 517: 2.44. Radiusrelay
Page 518
Page 519
Page 520
Page 521: 2.45. Realtimemonitor
Page 522
Page 523: 2.46. Reassembly
Page 524
Page 525
Page 526: 2.47. Rfo
Page 527
Page 528
Page 529
Page 530
Page 531
Page 532: 2.48. Rule
Page 533
Page 534
Page 535
Page 536
Page 537
Page 538
Page 539
Page 540
Page 541: 2.49. Services
Page 542
Page 543: 2.50. Sesmgr
Page 544
Page 545
Page 546
Page 547
Page 548
Page 549: 2.51. Slb
Page 550: 2.52. Smtplog
Page 551
Page 552
Page 553
Page 554
Page 555
Page 556
Page 557: 2.53. Snmp
Page 558
Page 559: 03100104)
Page 560
Page 561
Page 562: 2.54. Sshd
Page 563
Page 564
Page 565
Page 566
Page 567
Page 568
Page 569: 2.55. Sslvpn
Page 570
Page 571
Page 572
Page 573: 2.56. System
Page 574
Page 575
Page 576
Page 577: 03200401)
Page 578
Page 579
Page 580
Page 581
Page 582
Page 583
Page 584
Page 585
Page 586
Page 587
Page 588
Page 589
Page 590
Page 591
Page 592: 2.57. Tcp_Flag
Page 593
Page 594
Page 595
Page 596
Page 597
Page 598
Page 599
Page 600: 2.58. Tcp_Opt
Page 601
Page 602
Page 603
Page 604
Page 605
Page 606
Page 607: 2.59. Threshold
Page 608
Page 609
Page 610
Page 611: 2.60. Timesync
Page 612
Page 613
Page 614: 2.61. Transparency
Page 615
Page 616
Page 617
Page 618
Page 619: 2.62. Userauth
Page 620: 03700004)
Page 621
Page 622: 03700009)
Page 623
Page 624
Page 625: 03700052)
Page 626: 03700053)
Page 627
Page 628
Page 629
Page 630
Page 631
Page 632
Page 633
Page 634
Page 635
Page 636: (Id: 03700509)
Page 637
Page 638
Page 639
Page 640: 2.63. Vfs
Page 641
Page 642
Page 643
Page 644: 2.64. Zonedefense
Page 645
Page 646: 03800008)
Page 647
Page 648
Page 649
Page 650
Page 651
Page 652