D-Link DFL-260E Reference Manual

Other manuals for DFL-260E: User Manual, Manual, Manual, Datasheet, User Manual, Quick Installation Manual, Reference Manual, Log Reference Manual, Log Reference Manual, Reference Manual, Reference Manual

Manual is about: Network Security Firewall Application Control Signatures NetDefendOS

Page of 486

Download

Print this page

Bookmark us

Network Security Solution

http://www.dlink.com

NetDefendOS

Ver.

2.40.00

Network Security Firewall

Log Reference Guide

Security

1 2 3 4 5 6 7 Next › »

Summary of DFL-260E

Page 1
Network security solution http://www.Dlink.Com netdefendos ver. 2.40.00 network security firewall log reference guide security security.
Page 2: Log Reference Guide
Log reference guide dfl-260e/860e/1660/2560/2560g netdefendos version 2.40.00 d-link corporation no. 289, sinhu 3rd rd, neihu district, taipei city 114, taiwan r.O.C. Http://www.Dlink.Com published 2011-09-06 copyright © 2011.
Page 3
Log reference guide dfl-260e/860e/1660/2560/2560g netdefendos version 2.40.00 published 2011-09-06 copyright © 2011 copyright notice this publication, including all photographs, illustrations and software, is protected under international copyright laws, with all rights reserved. Neither this manual...
Page 4: Table Of Contents
Table of contents preface ...............................................................................................................27 1. Introduction .....................................................................................................29 1.1. Log message structure ................
Page 5
2.1.51. Some_recipient_email_ids_are_in_blocklist (id: 00200160) ...............57 2.1.52. Base64_decode_failed (id: 00200164) ...........................................57 2.1.53. Base64_decode_failed (id: 00200165) ...........................................58 2.1.54. Blocked_filetype (id: 0020016...
Page 6
2.1.112. Invalid_message (id: 00200301) .................................................80 2.1.113. Decode_failed (id: 00200302) .....................................................80 2.1.114. Encode_failed (id: 00200303) .....................................................81 2.1.115. Encode_fail...
Page 7
2.1.174. Tls_alert_received (id: 00200453) .............................................. 103 2.1.175. Tls_renegotiation_attempted (id: 00200454) ................................ 103 2.1.176. Tls_alert_sent (id: 00200455) .................................................... 104 2.1.177. Tls_cipher_s...
Page 8
2.1.236. Failed_to_update_callleg (id: 00200557) .................................... 128 2.1.237. Sipalg_callleg_deleted (id: 00200558) ........................................ 128 2.1.238. Failed_to_modify_response (id: 00200559) ................................. 129 2.1.239. Sipalg_callleg_state_...
Page 9
2.4.10. Arp_cache_size_limit_reached (id: 00300030) ............................... 152 2.4.11. Invalid_arp_sender_ip_address (id: 00300049) .............................. 152 2.4.12. Arp_access_allowed_expect (id: 00300050) .................................. 152 2.4.13. Impossible_hw_address (id: 0...
Page 10
2.10.1. Unable_to_save_dhcp_relay_list (id: 00800001) ............................ 175 2.10.2. Dhcp_relay_list_saved (id: 00800002) ......................................... 175 2.10.3. Dhcp_pkt_too_small (id: 00800003) ............................................ 175 2.10.4. Incorrect_bootp_dhcp_co...
Page 11
2.12.4. Failed_to_add_route_unable_to_alloc (id: 01100004) ..................... 195 2.12.5. Route_added (id: 01100005) ....................................................... 195 2.12.6. Route_removed (id: 01100006) ................................................... 195 2.13. Frag ...................
Page 12
2.15.20. Resync_conns_to_peer (id: 01200100) ........................................ 216 2.15.21. Hasync_connection_established (id: 01200200) ........................... 216 2.15.22. Hasync_connection_disconnected_lifetime_expired (id: 01200201) . 217 2.15.23. Hasync_connection_failed_timeout (id:...
Page 13
2.21. Ippool ............................................................................................ 242 2.21.1. No_offer_received (id: 01900001) ............................................... 242 2.21.2. No_valid_dhcp_offer_received (id: 01900002) .............................. 242 2.21.3. To...
Page 14
2.22.44. Failed_to_add_key_provider (id: 01800321) ................................ 261 2.22.45. Failed_to_add_certificate (id: 01800322) .................................... 262 2.22.46. Failed_to_set_remote_id (id: 01800323) .................................... 262 2.22.47. Failed_to_create_author...
Page 15
2.22.105. Ah_not_supported (id: 01802204) .......................................... 280 2.22.106. Invalid_tunnel_configuration (id: 01802208) ............................. 280 2.22.107. Invalid_tunnel_configuration (id: 01802209) ............................. 280 2.22.108. Invalid_tunnel_configurat...
Page 16
2.22.167. Init_inbound_spi_hash_failed (id: 01802915) ............................ 298 2.22.168. Init_transform_context_hash_failed (id: 01802916) .................... 298 2.22.169. Init_packet_context_cache_failed (id: 01802917) ....................... 298 2.22.170. Init_transform_context_table_fai...
Page 17
2.26.1. Multicast_ethernet_ip_address_missmatch (id: 07000011) ............... 319 2.26.2. Invalid_ip4_header_length (id: 07000012) ................................... 319 2.26.3. Ttl_zero (id: 07000013) ............................................................. 319 2.26.4. Ttl_low (id: 07000014)...
Page 18
2.29.1. Internal_error (id: 02400001) ..................................................... 342 2.29.2. Internal_error (id: 02400002) ..................................................... 342 2.29.3. Unable_to_map_ptp_neighbor (id: 02400003) ............................... 342 2.29.4. Bad_packet_len...
Page 19
2.29.59. Internal_error_unable_neighbor_iface_attached_back_to_me (id: 02400405) ........................................................................................ 362 2.29.60. Bad_iface_type_mapping_rtr_to_rtr_link (id: 02400406) ............... 362 2.29.61. Internal_error_unable_to_find_lnk_...
Page 20
2.33.2. Invalid_tcp_checksum (id: 04800003) ......................................... 383 2.33.3. Mismatching_data_in_overlapping_tcp_segment (id: 04800004) ...... 383 2.33.4. Memory_allocation_failure (id: 04800005) ................................... 384 2.33.5. Drop_due_to_buffer_starvation (id: ...
Page 21
2.38.3. Send_failure (id: 03000004) ....................................................... 404 2.38.4. Receive_timeout (id: 03000005) .................................................. 405 2.38.5. Rejected_connect (id: 03000006) ................................................ 405 2.38.6. Rejected_...
Page 22
2.42.20. Disk_cannot_rename (id: 03200604) .......................................... 425 2.42.21. Cfg_switch_fail (id: 03200605) ................................................. 425 2.42.22. Core_switch_fail (id: 03200606) ............................................... 425 2.42.23. Bidir_ok (id: ...
Page 23
2.45. Threshold ................................................................................... 449 2.45.1. Conn_threshold_exceeded (id: 05300100) .................................... 449 2.45.2. Reminder_conn_threshold (id: 05300101) ..................................... 449 2.45.3. Conn_thresh...
Page 24
2.48.34. Cant_create_new_request (id: 03700402) .................................... 471 2.48.35. Ldap_user_authentication_successful (id: 03700403) .................... 471 2.48.36. Ldap_user_authentication_failed (id: 03700404) ........................... 472 2.48.37. Ldap_context_new_out_of_memor...
Page 25: List Of Tables
List of tables 1. Abbreviations ..................................................................................................28 25.
Page 26: List Of Examples
List of examples 1. Log message parameters ....................................................................................27 2. Conditional log message parameters ...................................................................27 26.
Page 27: Preface
Preface audience the target audience for this reference guide consists of: • administrators that are responsible for configuring and managing a netdefendos installation. • administrators that are responsible for troubleshooting a netdefendos installation. This guide assumes that the reader is famili...
Page 28
The following abbreviations are used throughout this reference guide: table 1. Abbreviations abbreviation full name alg application layer gateway arp address resolution protocol dhcp dynamic host configuration protocol dns domain name system esp encapsulating security payload ftp file transfer proto...
Page 29: Chapter 1. Introduction
Chapter 1. Introduction • log message structure, page 29 • context parameters, page 31 • severity levels, page 35 this guide is a reference for all log messages generated by netdefendos. It is designed to be a valuable information source for both management and troubleshooting. 1.1. Log message stru...
Page 30
Is never actually included in the log message. Explanation a detailed explanation of the event. Note that this information is only featured in this reference guide, and is never actually included in the log message. Gateway action a short string, 1-3 words separated by _, of what action netdefendos ...
Page 31: 1.2. Context Parameters
1.2. Context parameters in many cases, information regarding a certain object is featured in the log message. This can be information about, for example, a connection. In this case, the log message should, besides all the normal log message attributes, also include information about which protocol i...
Page 32
Ipproto the ip protocol. Ipdatalen the ip data length. [srcport] the source port. Valid if the protocol is tcp or udp. [destport] the destination port. Valid if the protocol is tcp or udp. [tcphdrlen] the tcp header length. Valid if the protocol is tcp. [udptotlen] the total udp data length. Valid i...
Page 33
Connection is closing or closed. Idp specifies the name and a description of the signature that triggered this event. Note for idp log messages an additional log receiver, an smtp log receiver, can be configured. This information is only sent to log receives of that kind, and not included in the sys...
Page 34
Timedout, disallowed_login, accounting and unknown. Username the name of the user that triggered this event. Srcip the source ip address of the user that triggered this event. Ospf additional information about ospf. Logsection the ospf section possible values: packet, hello, ddesc, exchange, lsa, sp...
Page 35: 1.3. Severity Levels
1.3. Severity levels an event has a default severity level, based on how serious the event is. The following eight severity levels are possible, as defined by the syslog protocol: 0 - emergency emergency conditions, which most likely led to the system being unusable. 1 - alert alert conditions, whic...
Page 36
1.3. Severity levels chapter 1. Introduction 36.
Page 37
Chapter 2. Log message reference • alg, page 38 • antispam, page 134 • antivirus, page 139 • arp, page 149 • avupdate, page 155 • blacklist, page 158 • buffers, page 161 • conn, page 162 • dhcp, page 169 • dhcprelay, page 175 • dhcpserver, page 185 • dynrouting, page 194 • frag, page 197 • gre, page...
Page 38: 2.1. Alg
• pptp, page 373 • reassembly, page 383 • rfo, page 386 • rule, page 392 • sesmgr, page 397 • slb, page 403 • smtplog, page 404 • snmp, page 408 • sshd, page 409 • sslvpn, page 416 • system, page 419 • tcp_flag, page 434 • tcp_opt, page 442 • threshold, page 449 • timesync, page 453 • transparency, ...
Page 39
Context parameters alg module name alg session id connection 2.1.2. Alg_session_closed (id: 00200002) default severity informational log message alg session closed explanation an alg session has been closed. Gateway action none recommended action none. Revision 1 context parameters alg module name a...
Page 40
Algs or try to free up some ram depending on the situation. Revision 1 2.1.5. Invalid_client_http_header_received (id: 00200100) default severity warning log message httpalg: invalid http header was received from the client. Closing connection. Alg name: . Explanation an invalid http header was rece...
Page 41
Specified that no such data should be sent. Gateway action closing_connecion recommended action research the source of this, and try to find out why the client is sending an invalid request. Revision 1 parameters algname context parameters alg module name alg session id 2.1.8. Suspicious_data_receiv...
Page 42
2.1.10. Invalid_server_http_header_received (id: 00200108) default severity warning log message httpalg: an invalid http header was received from the server. Closing connection. Alg name: . Explanation an invalid http header was received from the server. Gateway action closing_connecion recommended ...
Page 43
Gateway action close recommended action if the maximum number of http sessions is too low, increase it. Revision 1 parameters max_sessions context parameters alg module name 2.1.13. Failed_create_new_session (id: 00200111) default severity critical log message httpalg: failed to create new httpalg s...
Page 44
Explanation the filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded. Gateway action block_data recommended action none. Revision 1 parameters filename filetype contenttype context parameters alg module name alg session id 2.1.16. Wcf_ov...
Page 45
Explanation the data received from the server exceeds the maximun allowed download file size, the request is rejected and the connection is closed. Gateway action close recommended action if the configurable maximum download size is too low, increase it. Revision 2 parameters filename filesize max_d...
Page 46
Default severity critical log message httpalg: failed to connect to web content servers explanation web content filtering was unable to connect to the web content filtering servers. Verify that the unit has been configured with internet access. Gateway action none recommended action check_configurat...
Page 47
2.1.24. Wcf_connecting (id: 00200122) default severity informational log message httpalg:connecting to web content server explanation connecting to web content filtering server. Gateway action connecting recommended action none. Revision 1 parameters server context parameters alg module name 2.1.25....
Page 48
Log message httpalg: requesting url . Categories: . Audit: . Override: . Alg name: . Explanation the url has been requested. Gateway action allow recommended action none. Revision 2 parameters categories audit override url algname context parameters connection connection alg module name alg session ...
Page 49
Recommended action none. Revision 1 parameters failedserver context parameters alg module name 2.1.30. Wcf_server_bad_reply (id: 00200128) default severity error log message httpalg: failed to parse wcf server response explanation the wcf service could not parse the server response. The wcf transmis...
Page 50
Default severity critical log message httpalg: failed to allocate memory explanation the unit does not have enough available ram. Gateway action none recommended action try to free up some ram by changing configuration parameters. Revision 1 context parameters alg module name 2.1.33. Wcf_bad_sync (i...
Page 51
2.1.35. Url_reclassification_request (id: 00200133) default severity warning log message httpalg: reclassification request for url . New category . Alg name: . Explanation the user has requested a category reclassification for the url. Gateway action allow recommended action disable the allow_reclas...
Page 52
Log message httpalg: requesting url . Categories: . Audit: . Override: . Alg name: . Explanation the url has been requested. Gateway action allow_audit_mode recommended action none. Revision 2 parameters categories audit override url user algname context parameters connection connection alg module n...
Page 53
Restricted site notice was applied. Gateway action allow recommended action disable the restricted_site_notice mode of parameter categories for this alg. Revision 2 parameters url user algname context parameters connection connection alg module name alg session id 2.1.40. Url_reclassification_reques...
Page 54: 00200151)
Revision 1 context parameters alg module name 2.1.42. Max_smtp_sessions_reached (id: 00200150) default severity warning log message smtpalg: maximum number of smtp sessions () for service reached. Closing connection explanation the maximum number of concurrent smtp sessions has been reached for this...
Page 55
Gateway action close recommended action decrease the maximum allowed smtpalg sessions, or try to free some of the ram used. Revision 2 context parameters alg module name 2.1.45. Failed_connect_smtp_server (id: 00200153) default severity error log message smtpalg: failed to connect to the smtp server...
Page 56
Recommended action disable the verify e-mail sender id setting if you experience that valid e-mails are being wrongly tagged. Revision 3 parameters sender_email_address recipient_email_addresses data_sender_address context parameters alg module name alg session id 2.1.48. Sender_email_id_mismatched ...
Page 57: 00200160)
Default severity warning log message smtpalg: recipient e-mail address is in black list explanation since "rcpt to:" e-mail address is in black list, smtp alg rejected the client request. Gateway action reject recommended action none. Revision 1 parameters sender_email_address recipient_email_addres...
Page 58
Parameters filename filetype sender_email_address recipient_email_addresses context parameters alg module name alg session id 2.1.53. Base64_decode_failed (id: 00200165) default severity error log message smtpalg: base 64 decode failed. Attachment is allowed explanation the data sent to base64 decod...
Page 59: 00200171)
Default severity warning log message smtpalg: content type mismatch in file . Identified filetype explanation the filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded. Gateway action block_data recommended action none. Revision 4 paramet...
Page 60: 00200172)
Recommended action content type should be matched. Revision 3 parameters filename filetype sender_email_address recipient_email_addresses context parameters alg module name alg session id 2.1.58. All_recipient_email_ids_are_in_blocklist (id: 00200172) default severity warning log message smtpalg: al...
Page 61
Log message smtpalg: invalid end of mail "\.\" received. Explanation the client is sending invalid end of mail. Transaction will be terminated. Gateway action block recommended action research how the client is sending invalid end of mail. Revision 1 parameters sender_email_address recipient_ema...
Page 62
Log message smtpalg: received empty command. Explanation the smtp command line was empty. Ignoring command. Gateway action ignore recommended action none. Revision 1 context parameters alg module name alg session id 2.1.64. Failed_send_reply_code (id: 00200181) default severity error log message smt...
Page 63: (Id: 00200195)
Gateway action capability_removed recommended action none. Revision 1 parameters capa context parameters alg module name alg session id 2.1.67. Cmd_pipelined (id: 00200186) default severity error log message smtpalg: received pipelined request. Explanation the smtp alg does not support pipelined req...
Page 64
Log message smtpalg: whitelist override dnsbl result for email. Explanation email was marked as spam by dnsbl. As email id was matched in whitelist, this mark is removed. Gateway action none recommended action none. Revision 1 parameters sender_email_address context parameters alg module name alg se...
Page 65
2.1.72. Hybrid_data (id: 00200209) default severity informational log message ftpalg: hybrid data channel closed explanation a hybrid data channel was closed. Gateway action none recommended action none. Revision 1 context parameters alg module name alg session id rule information connection 2.1.73....
Page 66
Revision 1 parameters peer context parameters alg module name alg session id connection 2.1.75. Illegal_command (id: 00200212) default severity warning log message ftpalg: failed to parse command from as a ftp command. String=. Closing connection explanation an invalid command was received on the co...
Page 67
Default severity warning log message ftpalg: port command not allowed from . Rejecting command explanation the client tried to issue a "port" command, which is not valid since the client is not allowed to do active ftp. The command will be rejected. Gateway action rejecting_command recommended actio...
Page 68
Recommended action the ftp client could be compromised, and should not be trusted. Revision 1 parameters peer ip4addr string context parameters alg module name alg session id connection 2.1.80. Illegal_port_number (id: 00200217) default severity critical log message ftpalg: illegal port command from...
Page 69
Alg session id connection 2.1.82. Illegal_command (id: 00200219) default severity warning log message ftpalg: site exec from not allowed, rejecting command explanation the client tried to issue a "site exec" command, which is not valid since the client is not allowed to do this. The command will be ...
Page 70
Be closed. Gateway action close recommended action none. Revision 1 parameters peer context parameters alg module name alg session id connection 2.1.85. Illegal_option (id: 00200222) default severity warning log message ftpalg: invalid opts argument from . String=. Rejecting command. Explanation an ...
Page 71
Connection 2.1.87. Unknown_option (id: 00200224) default severity warning log message ftpalg: unknown opts argument from . String=. Rejecting command. Explanation an unknown opts argument was received, and the command will be rejected. Gateway action rejecting_command recommended action if unknown c...
Page 72
Rejected. Gateway action rejecting_command recommended action if unknown commands should be allowed, modify the ftpalg configuration. Revision 1 parameters peer string context parameters alg module name alg session id connection 2.1.90. Illegal_reply (id: 00200228) default severity warning log messa...
Page 73
String context parameters alg module name alg session id connection 2.1.92. Illegal_reply (id: 00200231) default severity warning log message ftpalg: unsolicted 227 (passive mode) response from . String=. Closing connection. Explanation an illegal response was received from the server, and the conne...
Page 74
Log message ftpalg: bad port from , should be within the range (). String=. Closing connection. Explanation an illegal "port" command was received from the server. It requests that the client should connect to a port which is out of range. This is not allowed, and the connection will be closed. Gate...
Page 75: 00200236)
Recommended action none. Revision 1 parameters peer connection string context parameters alg module name alg session id connection 2.1.97. Failed_to_create_server_data_connection (id: 00200236) default severity error log message ftpalg: failed to create server data connection. Peer= connection= expl...
Page 76
2.1.99. Failed_to_register_rawconn (id: 00200238) default severity error log message ftpalg: internal error - failed to register eventhandler. Closing connection explanation an internal error occured when registering an eventhandler, and the connection will be closed. Gateway action close recommende...
Page 77
2.1.102. Failed_create_new_session (id: 00200242) default severity error log message ftpalg: failed to create new ftpalg session (out of memory) explanation an attempt to create a new ftpalg session failed, because the unit is out of memory. Gateway action close recommended action decrease the maxim...
Page 78
2.1.105. Failed_to_send_command (id: 00200251) default severity notice log message ftpalg:failed to send the command. Explanation the command sent by the alg to the server could not be sent. Gateway action none recommended action none. Revision 1 context parameters alg module name 2.1.106. Resumed_c...
Page 79
Filetype context parameters alg module name alg session id 2.1.108. Resumed_compressed_file_transfer (id: 00200254) default severity warning log message ftpalg: the file (file type: ) cannot be sent to antivirus scan engine. Explanation decompression module cannot decompress a file that has been res...
Page 80
The ftpalg configuration. Revision 1 parameters filename peer context parameters alg module name alg session id connection 2.1.111. Unknown_state (id: 00200300) default severity warning log message h323alg: h.225 parser is in unknown state explanation the h.225 parser failed to parse the h.225 messa...
Page 81
Default severity warning log message h323alg: decoding of message from peer failed. Closing session explanation the h.225 parser failed to decode the h.225 message. The alg session will be closed. Gateway action close recommended action none. Revision 1 parameters peer message_type context parameter...
Page 82
Parameters peer message_type context parameters alg module name alg session id connection 2.1.116. Encode_failed (id: 00200305) default severity warning log message h323alg: failed after encoding message from peer. Closing session explanation the asn.1 encoder failed to encode the message properly. ...
Page 83: 00200308)
Explanation the h.245 encoder failed to encode the message. The alg session will be closed. Gateway action close recommended action none. Revision 1 parameters peer context parameters alg module name alg session id connection 2.1.119. Max_tcp_data_connections_exceeded (id: 00200308) default severity...
Page 84: (Id: 00200311)
Context parameters alg module name alg session id connection 2.1.121. Ignoring_channel (id: 00200310) default severity warning log message h323alg: ignoring mediachannel info in openlogicalchannel explanation media channel information in the openlogicalchannel message is not handled. Gateway action ...
Page 85
Have been released. Gateway action close recommended action if the maximum number of h.323 session is too low, increase it. Revision 1 parameters max_sessions context parameters alg module name 2.1.124. Failed_create_new_session (id: 00200313) default severity warning log message h323alg: failed to ...
Page 86: (Id: 00200317)
Explanation could not create a new h.323 gatekeeper session due to lack of memory. No more sessions can be created unless the system increases the amount of free memory. Gateway action close recommended action none. Revision 1 context parameters alg module name 2.1.127. Failure_connect_h323_server (...
Page 87
Log message tftpalg: packet failed initial test (invalid tftp packet). Packet length explanation an invalid tftp packet was received. Refusing connection. Gateway action reject recommended action none. Revision 1 parameters packet_length context parameters alg module name connection 2.1.130. Packet_...
Page 88
2.1.132. Option_value_invalid (id: 00200354) default severity warning log message tftpalg: option contained invalid value explanation option contained invalid value.Closing connection. Gateway action reject recommended action none. Revision 1 parameters option value context parameters alg module nam...
Page 89
Maxvalue context parameters alg module name alg session id connection 2.1.135. Unknown_option_blocked (id: 00200357) default severity warning log message tftpalg: request contained unknown option explanation request contained unknown option.Closing connection. Gateway action reject recommended actio...
Page 90
Gateway action close recommended action if connection should be allowed modify the tftp alg configuration . Revision 1 parameters option context parameters alg module name alg session id connection 2.1.138. Option_not_sent (id: 00200360) default severity warning log message tftpalg: the received opt...
Page 91
Default severity warning log message tftpalg: option contained no readable value explanation option contained no readable value.Closing connection. Gateway action close recommended action none. Revision 1 parameters option context parameters alg module name alg session id connection 2.1.141. Blksize...
Page 92
Context parameters alg module name 2.1.143. Failed_create_new_session (id: 00200365) default severity error log message tftpalg: failed to create new tftpalg session (out of memory) explanation an attempt to create a new tftpalg session failed, because the unit is out of memory. Gateway action close...
Page 93
Revision 1 parameters error_code context parameters alg module name alg session id 2.1.146. Invalid_packet_received_reopen (id: 00200368) default severity warning log message tftpalg: received invalid packet opcode packet length explanation received invalid packet.Closing listening connection and op...
Page 94
Log message tftpalg: received bytes exceeding allowed max value explanation transferred bytes exceeding allowed value.Closing connection. Gateway action close recommended action if connection should be allowed modify the filetransfersize option of the tftp alg configuration . Revision 1 parameters r...
Page 95
Default severity error log message tftpalg: failed to create listening connection,internal error(). Closing session explanation the unit failed to create listening connection, resulting in that the alg session could not be successfully opened. Gateway action close recommended action none. Revision 1...
Page 96
Context parameters alg module name 2.1.154. Failed_create_new_session (id: 00200381) default severity warning log message pop3alg: failed to create new pop3alg session (out of memory) explanation an attempt to create a new pop3alg session failed, because the unit is out of memory. Gateway action clo...
Page 97
2.1.157. Blocked_filetype (id: 00200384) default severity notice log message pop3alg: requested file: is blocked as this file is identified as type , which is in block list. Explanation the file is present in the block list. It will be blocked as per configuration. Gateway action block recommended a...
Page 98
Revision 1 parameters filename filetype sender_email_address context parameters alg module name alg session id 2.1.160. Possible_invalid_mail_end (id: 00200387) default severity warning log message pop3alg: possible invalid end of mail "\.\" received. Explanation the client is sending possible i...
Page 99: 00200391)
Explanation the server is sending response with invalid response length. The response will be blocked. Gateway action block recommended action none. Revision 1 parameters command" len context parameters alg module name alg session id 2.1.163. Content_type_mismatch (id: 00200390) default severity not...
Page 100: 00200392)
Context parameters alg module name 2.1.165. Command_blocked_invalid_argument (id: 00200392) default severity warning log message pop3alg: command blocked.Invalid argument given explanation the client is sending command with invalid argument. The command will be blocked. Gateway action block recommen...
Page 101
Recommended action if the command are to be allowed change the alg configuration. Revision 1 parameters command" context parameters alg module name alg session id 2.1.168. Unexpected_mail_end (id: 00200396) default severity warning log message pop3alg: unexpected end of mail received while parsing m...
Page 102
Last part was therefore blocked by the security gateway. Gateway action block recommended action none. Revision 1 parameters len retrigs context parameters alg module name alg session id 2.1.171. Max_tls_sessions_reached (id: 00200450) default severity warning log message tlsalg: maximum number of t...
Page 103
Log message tlsalg: failed to connect to the http server. Closing connection. Alg name: . Explanation the unit failed to connect to the http server, resulting in that the alg session could not be successfully opened. Gateway action close recommended action verify that there is a listening http serve...
Page 104: 00200456)
2.1.176. Tls_alert_sent (id: 00200455) default severity error log message tlsalg: sent tls alert to peer. Explanation a tls error has occured that caused an alert to be sent to the peer. The tls alg session will be closed. Gateway action close recommended action none. Revision 1 parameters alert lev...
Page 105
Recommended action none. Revision 1 parameters algname context parameters alg module name alg session id 2.1.179. Tls_disallowed_key_exchange (id: 00200458) default severity warning log message tlsalg: disallowed key exchange. Explanation the tls alg session will be closed because there are not enou...
Page 106
Default severity error log message tlsalg: bad tls handshake message order. Explanation a tls handshake message of a type that is not expected in the current state of the handshake was received. The tls alg session will be closed. Gateway action close recommended action none. Revision 1 parameters a...
Page 107
Alg session id 2.1.184. Tls_failed_to_verify_finished (id: 00200463) default severity error log message tlsalg: failed to verify finished message. Explanation the unit failed to verify the tls finished message. The finished message is used to verify that the key exchange and authentication processes...
Page 108
Revision 2 parameters reason from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.187. Sdp_message_validation_failed (id: 00200502) default severity error log message sipalg: sdp message validation failed explanation sdp part of message failed validation due to malfor...
Page 109
Destport context parameters alg module name 2.1.189. Sip_message_validation_failed (id: 00200504) default severity error log message sipalg: sip message validation failed due to malformed message explanation sip part of message failed validation due to malformed message. Reason: [reason]. Gateway ac...
Page 110
Default severity alert log message registration hijack attempt detected explanation the number of registration attempts [reg_hijack_count] has been exceeded. Gateway action drop recommended action check with the user, why he is using false authentication to register. Revision 2 parameters reg_hijack...
Page 111
Recommended action if the configured sip request-response timeout value is too low, increase it. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.194. Registration_time_modified (id: 00200509) default severity notice log message sipalg...
Page 112: 00200512)
Srcip srcport destip destport context parameters alg module name 2.1.196. Unsuccessful_unregistration (id: 00200511) default severity notice log message sipalg: failed unregistration explanation the user failed to unregister. Reason: [reason]. Gateway action drop recommended action none. Revision 2 ...
Page 113
2.1.198. Sipalg_session_created (id: 00200513) default severity notice log message sipalg: new sip-alg session created explanation new sip-alg session for [method] request created. Gateway action allow recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destpor...
Page 114
Recommended action none. Revision 2 parameters reason from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.201. Sipalg_session_deleted (id: 00200516) default severity informational log message sipalg: sip-alg session deleted explanation sip-alg session deleted for [me...
Page 115
Destport context parameters alg module name 2.1.203. Sipalg_transaction_created (id: 00200520) default severity notice log message sipalg: transaction created explanation sip-alg transaction created for [method] request. Gateway action allow recommended action none. Revision 2 parameters method from...
Page 116
Log message sipalg: failed to find transaction explanation failed to find transaction for [method] request. Gateway action drop recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.206. Sipalg_transaction_deleted (...
Page 117
Revision 2 parameters transaction_state from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.208. No_route_found (id: 00200526) default severity error log message sipalg: failed to find route for given host explanation no route information found for the given host. Re...
Page 118
Context parameters alg module name 2.1.210. Failed_to_find_role (id: 00200528) default severity error log message sipalg: failed to find role explanation sipalg: failed to find role for [method] request. Gateway action drop recommended action none. Revision 2 parameters method from_uri to_uri srcip ...
Page 119
Explanation failed to update contact into session for [method] request. Gateway action drop recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.213. Failed_to_modify_sdp_message (id: 00200531) default severity err...
Page 120
To_uri srcip srcport destip destport context parameters alg module name 2.1.215. Failed_to_modify_from (id: 00200533) default severity error log message sipalg: failed to modify from tag in message explanation failed to modify the from tag in message for [method] request. Gateway action drop recomme...
Page 121
Default severity error log message sipalg: failed to modify the request explanation failed to modify the topology info in the [method] request. Gateway action drop recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2...
Page 122
Revision 2 parameters reason from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.220. Third_party_call_control (id: 00200538) default severity warning log message sipalg: block third party sip request explanation the sip-alg has detected a sip/sdp message involving t...
Page 123
Log message sipalg: sip packet reception error. Reason: explanation packet without data received. Gateway action drop recommended action research how sipalg received null sip packet. Revision 1 parameters reason context parameters alg module name 2.1.223. User_registered (id: 00200541) default sever...
Page 124
Log message failed to do dns resolve explanation an attempt to resolve dns failed. Reason: [reason]. Gateway action drop recommended action check if the dns servers are configured. Revision 1 parameters reason context parameters alg module name 2.1.226. Failed_to_modify_contact (id: 00200547) defaul...
Page 125
Default severity error log message sipalg: failed to parse media explanation failed to parse media for the request [method]. Gateway action drop recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.229. Max_session...
Page 126
Gateway action close recommended action none. Revision 2 parameters max_tsxn_per_session from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.231. Invalid_transaction_state (id: 00200552) default severity error log message sipalg: invalid transaction state change expl...
Page 127
Srcport destip destport context parameters alg module name 2.1.233. Sipalg_callleg_created (id: 00200554) default severity notice log message sipalg: callleg created explanation sip-alg callleg created for [method] request. Gateway action allow recommended action none. Revision 2 parameters method f...
Page 128
Default severity warning log message sipalg: failed to find callleg explanation failed to find callleg for [method] request. Gateway action drop recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.236. Failed_to_u...
Page 129
Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name alg session id 2.1.238. Failed_to_modify_response (id: 00200559) default severity error log message sipalg: failed to modify the response explanation failed to modify the topology info in th...
Page 130
Context parameters alg module name 2.1.240. Failed_to_modify_sat_request (id: 00200561) default severity error log message sipalg: failed to modify the sat request explanation failed to modify requst ip to sat destination ip in the [method] request. Gateway action drop recommended action none. Revis...
Page 131
Gateway action close recommended action decrease the maximum allowed pptpalg sessions, or try to free some of the ram used. Revision 1 context parameters alg module name 2.1.243. Failed_connect_pptp_server (id: 00200603) default severity error log message pptpalg: failed to connect to the pptp serve...
Page 132
Recommended action none. Revision 1 context parameters alg session id alg module name 2.1.246. Pptp_tunnel_removed_server (id: 00200606) default severity notice log message pptpalg: pptp tunnel between server and security gateway removed explanation a pptp tunnel has been removed betweem the pptp se...
Page 133
Context parameters alg session id alg module name 2.1.249. Pptp_malformed_packet (id: 00200609) default severity warning log message malformed packet received from on explanation a malformed packet was received by the pptp-alg. Gateway action drop recommended action none. Revision 1 parameters iface...
Page 134: 2.2. Antispam
2.2. Antispam these log messages refer to the antispam (anti-spam related events) category. 2.2.1. Recipient_email_changed_to_drop_address (id: 05900196) default severity notice log message smtpalg: recipient e-mail address is changed to dnsbl drop address explanation "rcpt to:" e-mail address is ch...
Page 135
Revision 1 parameters type algname ipaddr 2.2.4. Dnsbl_ipcache_remove (id: 05900811) default severity notice log message ip removed from ip cache for due to timeout explanation an ip address was removed from the ip cache due to timeout. Gateway action none recommended action none. Revision 1 paramet...
Page 136
Parameters type algname ipaddr 2.2.7. Dnsbl_ipcache_add (id: 05900814) default severity notice log message session for ip for is done with result explanation an ip address was added to the ip cache. Gateway action none recommended action none. Revision 1 parameters type algname ipaddr result 2.2.8. ...
Page 137
Algname 2.2.10. Dnsbl_query_add (id: 05900817) default severity notice log message query created for ip to blacklist for explanation a dns query was created. Gateway action none recommended action none. Revision 1 parameters type algname ipaddr blacklist query 2.2.11. Dnsbl_blacklist_disable (id: 05...
Page 138
Algname ipaddr 2.2.13. Dnsbl_record_truncated (id: 05900820) default severity warning log message dnsbl name not fit buffer for session with ip for explanation dnsbl name will not fit the string buffer and will be truncated. Gateway action none recommended action none. Revision 1 parameters type alg...
Page 139: 2.3. Antivirus
2.3. Antivirus these log messages refer to the antivirus (anti-virus related events) category. 2.3.1. Virus_found (id: 05800001) default severity warning log message virus found in file . Virus name: . Signature: . Advisory id: . Explanation a virus has been detected in a data stream. Since anti-vir...
Page 140
2.3.3. Excluded_file (id: 05800003) default severity notice log message file is excluded from scanning. Identified filetype: . Explanation the named file will be excluded from anti-virus scanning. The filetype is present in the anti-virus scan exclusion list. Gateway action allow_data_without_scan r...
Page 141
Explanation the file could not be scanned by the anti-virus module since the decompression of the compressed file failed. Since anti-virus is running in audit mode, the data transfer will be allowed to continue. Gateway action allow_data recommended action change fail mode parameter to deny if files...
Page 142
Resources. This can be a dos attack. Revision 1 parameters filename comp_ratio [layer7_srcinfo] [layer7_dstinfo] context parameters alg module name alg session id connection 2.3.8. Compression_ratio_violation (id: 05800008) default severity warning log message compression ratio violation for file . ...
Page 143
Context parameters alg module name alg session id connection 2.3.10. Out_of_memory (id: 05800010) default severity error log message out of memory explanation memory allocation failed. Since anti-virus is running in protect mode, the data transfer will be aborted in order to protect the receiver. Ga...
Page 144
Log message anti-virus scan engine failed for the file: explanation an error occured in the anti-virus scan engine. Since anti-virus is running in audit mode, the data transfer will be allowed to continue. Gateway action allow_data recommended action none. Revision 1 parameters filename [layer7_srci...
Page 145: 05800024)
Default severity critical log message avse: virus scanning aborted. General error occured during initialization. Explanation anti-virus scanning is aborted since the scan engine returned a general error during initialization. Gateway action av_scanning_aborted recommended action try to restart the u...
Page 146: 05800025)
Alg session id connection 2.3.18. Decompression_failed_encrypted_file (id: 05800025) default severity warning log message decompression failed for file . The file is encrypted. Explanation the file could not be scanned by the anti-virus module since the compressed file is encrypted with password pro...
Page 147
Default severity warning log message smtpalg: content transfer encoding is unknown or not present. Explanation antivirus module cannot scan the attachment since the transfer encoding is missing or unknown. Fail mode is allow so data is allowed without scanning. Gateway action allow_data_without_scan...
Page 148
Revision 1 parameters filename unknown_content_transfer_encoding sender_email_address context parameters alg module name alg session id 2.3.22. Unknown_encoding (id: 05800185) chapter 2. Log message reference 148.
Page 149: 2.4. Arp
2.4. Arp these log messages refer to the arp (arp events) category. 2.4.1. Already_exists (id: 00300001) default severity notice log message an entry for this ip address already exists explanation the entry was not added as a previous entry for this ip address already exists in the arp table. Gatewa...
Page 150
2.4.4. Arp_response_broadcast (id: 00300004) default severity notice log message arp response is a broadcast address explanation the arp response has a sender address which is a broadcast address. Allowing. Gateway action allow recommended action if this is not the desired behaviour, modify the conf...
Page 151
2.4.7. Mismatching_hwaddrs_drop (id: 00300007) default severity notice log message arp hw sender does not match ethernet hw sender. Dropping explanation the hardware sender address specified in the arp data does not match the ethernet hardware sender address. Dropping packet. Gateway action drop rec...
Page 152
2.4.10. Arp_cache_size_limit_reached (id: 00300030) default severity notice log message arp cache size limit reached explanation the arp cache size limit has been reached. Current license limit is [limit]. Gateway action none recommended action update your license to allow a greater amount of concur...
Page 153
2.4.13. Impossible_hw_address (id: 00300051) default severity notice log message impossible hardware address 0000:0000:0000 in arp response. Dropping explanation the arp response has sender hardware address 0000:0000:0000, which is illegal. Dropping packet. Gateway action drop recommended action ver...
Page 154
2.4.16. Arp_collides_with_static (id: 00300054) default severity warning log message known entry is =. Dropping explanation the hardware sender address does not match the static entry in the arp table. Static arp changes are not allowed. Dropping packet. Gateway action drop recommended action if thi...
Page 155: 2.5. Avupdate
2.5. Avupdate these log messages refer to the avupdate (antivirus signature update) category. 2.5.1. Av_db_update_failure (id: 05000001) default severity alert log message update of the anti-virus database failed, because of explanation the unit tried to update the anti-virus database, but failed. T...
Page 156
Log message anti-virus database could not be updated, as no valid subscription exist explanation the current license does not allow the anti-virus database to be updated. Gateway action none recommended action check the system's time and/or purchase a subscription. Revision 1 2.5.5. Av_detects_inval...
Page 157
Gateway action downloading_new_database recommended action none. Revision 1 2.5.7. Unsynced_databases (id: 05000008) chapter 2. Log message reference 157.
Page 158: 2.6. Blacklist
2.6. Blacklist these log messages refer to the blacklist (blacklist events) category. 2.6.1. Failed_to_write_list_of_blocked_hosts_to_media (id: 04600001) default severity critical log message failed to write list of blocked hosts to media explanation failed to write list of blocked hosts to media. ...
Page 159
Default severity notice log message found in blacklist. Triggered rule , description: . Protocol: , ip: , port: . Explanation a blacklist entry was added which matched the ip address of this connection. Thus it was closed accordingly. Gateway action close recommended action investigate threshold or ...
Page 160
Recommended action investigate threshold or intrusiondetection rules that could have triggered dynamic blacklisting. Revision 1 parameters rule description proto ip port 2.6.6. Packet_blacklisted (id: 04600006) chapter 2. Log message reference 160
Page 161: 2.7. Buffers
2.7. Buffers these log messages refer to the buffers (events regarding buffer usage) category. 2.7.1. Buffers_flooded (id: 00500001) default severity warning log message the buffers were flooded for seconds. Current usage is percent explanation the unit was temporarily out of buffers for a period of...
Page 162: 2.8. Conn
2.8. Conn these log messages refer to the conn (state engine events, e.G. Open/close connections) category. 2.8.1. Conn_open (id: 00600001) default severity informational log message connection opened explanation a connection has been opened. Gateway action none recommended action none. Revision 1 c...
Page 163
Context parameters rule name connection 2.8.4. Conn_open_natsat (id: 00600004) default severity informational log message connection opened explanation a connection has been opened. Gateway action none recommended action none. Revision 1 context parameters rule information connection packet buffer 2...
Page 164
2.8.7. Out_of_connections (id: 00600011) default severity warning log message out of connections. Dropping connection attempt explanation the connection table is currently full, and this new connection attempt will be dropped. Gateway action drop recommended action none. Revision 1 context parameter...
Page 165
Parameters protocol context parameters rule name packet buffer 2.8.10. No_return_route (id: 00600014) default severity warning log message failed to open a new connection since a return route to the sender address cant be found. Dropping packet explanation there was no return route found to the send...
Page 166
Recommended action none. Revision 1 context parameters rule name packet buffer 2.8.13. Udp_src_port_0_illegal (id: 00600021) default severity warning log message udp source port is set to 0. Dropping explanation the udp source port was set to 0. This can be used by udp streams not expecting return t...
Page 167
Context parameters packet buffer 2.8.16. Active_data (id: 00600100) default severity informational log message ftpalg: incoming active data channel explanation an active data channel connection has been established. Gateway action none recommended action none. Revision 1 context parameters alg modul...
Page 168
Rule information connection 2.8.19. Passive_data (id: 00600103) default severity informational log message ftpalg: passive data channel closed explanation a passive data channel was closed. Gateway action none recommended action none. Revision 1 context parameters alg module name alg session id rule...
Page 169: 2.9. Dhcp
2.9. Dhcp these log messages refer to the dhcp (dhcp client events) category. 2.9.1. Offered_ip_occupied (id: 00700001) default severity notice log message interface received a lease with an offered ip that appear to be occupied () explanation received a dhcp lease which appears to be in use by some...
Page 170
Parameters iface ip netmask bcast gw context parameters packet buffer 2.9.4. Renewed_lease (id: 00700004) default severity notice log message interface have renewed its lease. The new lease is valid for seconds explanation an interface have successfully renewed its lease. Gateway action none recomme...
Page 171
Recommended action check the dhcp server configuration or adjust the minimum leasetime limit. Revision 1 parameters iface lease_time minimum_lease_time context parameters packet buffer 2.9.7. Invalid_server_id (id: 00700008) default severity warning log message interface received a lease with an inv...
Page 172
() explanation an interface received a lease with an invalid broadcast address. Gateway action drop recommended action check dhcp server configuration. Revision 1 parameters iface broadcast context parameters packet buffer 2.9.10. Invalid_offered_ip (id: 00700011) default severity warning log messag...
Page 173
Default severity warning log message interface received a lease where the offered broadcast equals the offered gateway explanation an interface received a lease where the offered broadcast address is equal with the offered gateway address. Gateway action drop recommended action check dhcp server con...
Page 174
Parameters iface dhcp_route configured_route context parameters packet buffer 2.9.14. Route_collision (id: 00700015) chapter 2. Log message reference 174.
Page 175: 2.10. Dhcprelay
2.10. Dhcprelay these log messages refer to the dhcprelay (dhcp relayer events) category. 2.10.1. Unable_to_save_dhcp_relay_list (id: 00800001) default severity warning log message unable to auto save the dhcp relay list to disk explanation unable to autosave the dhcp relay list to disk. Gateway act...
Page 176
Log message incorrect bootp/dhcp cookie. Dropping explanation received a packet with an incorrect bootp/dhcp cookie. Gateway action drop recommended action investigate what client implementation is being used. Revision 1 context parameters packet buffer 2.10.5. Maximum_ppm_for_relayer_reached (id: 0...
Page 177: 00800010)
Explanation the maxmimum hop limit for the dhcp packet have been reached. Gateway action none recommended action verify maximum-hop-limit setting. Revision 1 context parameters packet buffer 2.10.8. Client_release (id: 00800008) default severity warning log message client requested release. Relay ca...
Page 178: (Id: 00800011)
Gateway action drop recommended action verify max-relay-routes-limit. Revision 1 context parameters rule name 2.10.11. Unable_to_add_relay_route_since_out_of_memory (id: 00800011) default severity error log message internal error: out of memory: can't add dhcp relay route. Dropping explanation unabl...
Page 179: (Id: 00800014)
Context parameters rule name packet buffer 2.10.14. Bad_inform_pkt_with_mismatching_source_ip_and_client_ip (id: 00800014) default severity warning log message inform packet did not pass through a relayer but the packet source ip and the client ip doesnt match. Dropping explanation received non rela...
Page 180: 00800018)
Recommended action verify max-relay-per-interface setting. Revision 1 parameters max_relays context parameters rule name packet buffer 2.10.17. Dhcp_server_is_unroutable (id: 00800017) default severity warning log message bootp/dhcp-server at is unroutable. Dropping explanation unable to find route ...
Page 181: (Id: 00800022)
Gateway action drop recommended action investigate what client implementation is being used. Revision 1 parameters gateway_ip context parameters rule name packet buffer 2.10.20. Relayed_request (id: 00800020) default severity notice log message relayed dhcp-request from client to explanation relayed...
Page 182
Default severity warning log message received reply for client on a non security equivalent interface. Dropping explanation received a reply for a client on a non security equivalent interface. Gateway action drop recommended action verify security-equivalent-interface setting. Revision 1 parameters...
Page 183
Context parameters rule name packet buffer 2.10.25. Ambiguous_host_route (id: 00800025) default severity warning log message a host route for already exists which points to another interface. Dropping explanation an ambiguous host route indicating another interface was detected trying to setup a dyn...
Page 184
Revision 1 parameters client_hw context parameters rule name packet buffer 2.10.28. Relayed_dhcp_reply (id: 00800028) default severity notice log message relayed dhcp-reply to gateway explanation relayed dhcp reply to a gateway. Gateway action none recommended action none. Revision 1 parameters type...
Page 185: 2.11. Dhcpserver
2.11. Dhcpserver these log messages refer to the dhcpserver (dhcp server events) category. 2.11.1. Unable_to_send_response (id: 00900001) default severity warning log message failed to get buffer for sending. Unable to reply explanation unable to get a buffer for sending. Gateway action none recomme...
Page 186: (Id: 00900006)
Explanation the lease database was successfully saved to disk. Gateway action none recommended action none. Revision 1 2.11.5. Dhcp_packet_too_small (id: 00900005) default severity warning log message received dhcp packet which is smaller then the minimum allowed 300 bytes. Dropping explanation rece...
Page 187: (Id: 00900008)
Explanation received a request from a bound client without state. Gateway action reject recommended action none. Revision 1 parameters client client_ip context parameters packet buffer 2.11.8. Request_for_ip_from_non_bound_client_without_state (id: 00900008) default severity warning log message rece...
Page 188
Explanation received request with bad udp checksum. Gateway action drop recommended action check network equipment for errors. Revision 1 context parameters packet buffer 2.11.11. Lease_timeout (id: 00900012) default severity notice log message lease for ip timed out. Was bound to client explanation...
Page 189
Gateway action none recommended action extend the pools to support more clients. Revision 1 context parameters rule name packet buffer 2.11.14. Sending_offer (id: 00900015) default severity notice log message received discover from client . Sending ip offer explanation received discover (initial ip ...
Page 190
Recommended action none. Revision 1 parameters client_hw client_wanted client_offered context parameters rule name packet buffer 2.11.17. Request_for_non_bound_ip (id: 00900018) default severity warning log message client requested non bound ip. Rejecting explanation client requested a non bound ip....
Page 191
Log message client renewed ip explanation client successfully renewed its lease. Gateway action renew recommended action none. Revision 1 parameters client_hw client_ip context parameters rule name packet buffer 2.11.20. Got_inform_request (id: 00900021) default severity notice log message got infor...
Page 192: (Id: 00900025)
2.11.22. Decline_for_non_offered_ip (id: 00900023) default severity notice log message client declined non offered ip. Decline is ignored explanation client rejected non a offered ip. Gateway action none recommended action none. Revision 1 parameters client_hw context parameters rule name packet buf...
Page 193
Parameters client client_ip context parameters packet buffer 2.11.25. Release_for_ip_on_wrong_iface (id: 00900026) default severity warning log message got release for ip on wrong interface (recv: , lease: ). Decline is ignored explanation got release from a client on the wrong interface. Gateway ac...
Page 194: 2.12. Dynrouting
2.12. Dynrouting these log messages refer to the dynrouting (dynamic routing) category. 2.12.1. Failed_to_export_route_to_ospf_process_failed_to_alloc (id: 01100001) default severity critical log message failed to export route to ospf process (unable to alloc export node) explanation unable to expor...
Page 195
Context parameters dynamic route rule name route 2.12.4. Failed_to_add_route_unable_to_alloc (id: 01100004) default severity critical log message failed to add route (unable to alloc route) explanation failed to create a route since out of memory. Gateway action alert recommended action check memory...
Page 196
Route 2.12.6. Route_removed (id: 01100006) chapter 2. Log message reference 196.
Page 197: 2.13. Frag
2.13. Frag these log messages refer to the frag (fragmentation events) category. 2.13.1. Individual_frag_timeout (id: 02000001) default severity warning log message individual fragment timed out. Explanation a fragment of an ip packet timed out, and is dropped. Gateway action drop recommended action...
Page 198
Parameters srcip destip ipproto fragid fragact frags context parameters dropped fragments rule name 2.13.4. Fail_out_of_resources (id: 02000004) default severity critical log message out of reassembly resources. Frags: . - fragid: , state: explanation out of fragmentation-reassembly resources when p...
Page 199
Context parameters dropped fragments rule name 2.13.6. Fail_timeout (id: 02000006) default severity critical log message time out reassembling. Frags: . - fragid: , state: explanation timed out when reassembling a fragmented ip packet. Dropping packet. Gateway action drop recommended action none. Re...
Page 200: 02000010)
Default severity warning log message dropping stored fragments of disallowed packet. Frags: . - fragid: , state: explanation the fragments of a disallowed ip packet were dropped. Gateway action drop recommended action none. Revision 1 parameters srcip destip ipproto fragid fragact frags context para...
Page 201: 02000012)
Explanation a completed reassembled ip packet contains extraneous fragments, which are dropped. Gateway action drop recommended action none. Revision 1 parameters srcip destip ipproto fragid fragact frags context parameters dropped fragments rule name 2.13.11. Learn_state (id: 02000011) default seve...
Page 202: 02000014)
2.13.13. Drop_duplicate_frag (id: 02000013) default severity warning log message dropping duplicate fragment explanation a duplicate fragment of an ip packet was received. Dropping the duplicate fragment. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buf...
Page 203
Packet buffer 2.13.16. Bad_ipdatalen (id: 02000016) default severity error log message bad ipdatalen= explanation the partly reassembled ip packet has an invalid ip data length. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters ipdatalen context parameters rule name...
Page 204: 02000020)
Revision 1 context parameters rule name packet buffer 2.13.19. Bad_offs (id: 02000019) default severity error log message bad fragment offset explanation the fragment has an invalid offset. Dropping packet. Gateway action drop recommended action none. Revision 1 context parameters rule name packet b...
Page 205: 02000023)
Context parameters rule name packet buffer 2.13.22. Partial_overlap (id: 02000022) default severity error log message fragments partially overlap explanation two fragments partially overlap. Dropping packet. Gateway action drop recommended action none. Revision 1 context parameters rule name packet ...
Page 206
2.13.25. Already_completed (id: 02000025) default severity error log message dropping extraneous fragment of completed packet explanation a completed reassembled ip packet contains a extraneous fragment, which is dropped. Gateway action drop recommended action none. Revision 1 context parameters rul...
Page 207
Default severity warning log message dropping fragment of illegal packet explanation a fragment of an illegal ip packet is dropped. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.13.29. Fragments_available_freeing (id: 02000100) default severity ...
Page 208: 2.14. Gre
2.14. Gre these log messages refer to the gre (gre events) category. 2.14.1. Failed_to_setup_gre_tunnel (id: 02200001) default severity warning log message failed to setup open tunnel from to explanation unable to setup gre tunnel with endpoint. Gateway action drop recommended action check conn usag...
Page 209
Default severity warning log message gre packet with checksum error. Packet dropped explanation received gre packet with checksum errors. Gateway action drop recommended action check network equipment for errors. Revision 1 context parameters packet buffer 2.14.5. Gre_length_error (id: 02200005) def...
Page 210
Recommended action check gre session key settings on the remote gateway. Revision 1 parameters session_key context parameters packet buffer 2.14.8. Gre_routing_flag_set (id: 02200008) default severity warning log message received gre packet with routing flag set. Packet dropped explanation received ...
Page 211: 2.15. Ha
2.15. Ha these log messages refer to the ha (high availability events) category. 2.15.1. Peer_gone (id: 01200001) default severity notice log message peer firewall disappeared. Going active explanation the peer gateway (which was active) is not available anymore. This gateway will now go active inst...
Page 212
Explanation both memebrs are active, but the peer has higher local load. This gateway will stay active. Gateway action stay_active recommended action none. Revision 1 2.15.5. Peer_has_lower_local_load (id: 01200005) default severity notice log message both active, peer has lower local load; deactiva...
Page 213
Default severity notice log message conflict: both peers are inactive! Resolving... Explanation a conflict occured as both peers are inactive at the same time. The conflict will automatically be resolved. Gateway action none recommended action none. Revision 1 2.15.9. Peer_has_more_connections (id: ...
Page 214: 01200044)
Revision 1 2.15.12. Heartbeat_from_unknown (id: 01200043) default severity warning log message received ha heartbeat from unknown ip. Dropping explanation the received ha heartbeat packet was originating from an unknown ip. The packet will be dropped. Gateway action drop recommended action none. Rev...
Page 215
2.15.15. Merge_failed (id: 01200051) default severity warning log message failed to merge configuration from ha partner explanation the gateway failed to merge the configuration that was received from the peer. Gateway action ha_merge_conf recommended action none. Revision 1 2.15.16. Ha_commit_error...
Page 216
Recommended action none. Revision 1 2.15.19. Linkmon_triggered_failover (id: 01200055) default severity notice log message ha node going inactive. Explanation linkmon requested the node to go inactive. Gateway action none recommended action none. Revision 1 parameters reason 2.15.20. Resync_conns_to...
Page 217: (Id: 01200201)
2.15.22. Hasync_connection_disconnected_lifetime_expired (id: 01200201) default severity notice log message hasync connection lifetime expired. Reconnecting... Explanation the ha syncronization connection lifetime has expired. A new connection will be establised by reconnecting to the peer. Gateway ...
Page 218
Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.15.26. Sync_packet_on_nonsync_iface (id: 01200410) default severity warning log message received state sync packet on non-sync iface. Dropping explanation a ha state sync packet was recieved on a non...
Page 219: 01200616)
Recommended action none. Revision 1 context parameters rule name packet buffer 2.15.29. Config_sync_failure (id: 01200500) default severity critical log message tried to synchronize configuration to peer 3 times without success. Giving up. Explanation the gateway tried to synchronize the configurati...
Page 220
2.15.32. Action=going_online (id: 01200618) default severity notice log message ha unit going online. Explanation ha unit going online. Gateway action none recommended action none. Revision 1 parameters previous_shutdown= 2.15.32. Action=going_online (id: 01200618) chapter 2. Log message reference 2...
Page 221: 2.16. Hwm
2.16. Hwm these log messages refer to the hwm (hardware monitor events) category. 2.16.1. Temperature_alarm (id: 04000011) default severity warning log message temperature monitor () is outside the specified limit. Current value is , lower limit is , upper limit is explanation the unit may be overhe...
Page 222
Log message voltage monitor () is outside the specified limit. Current value is , lower limit is , upper limit is explanation the powersupply of this unit may be failing. Gateway action none recommended action change powersupply unit. Revision 1 parameters index name unit current_voltage min_limit m...
Page 223
Parameters index name unit current_fanrpm min_limit max_limit 2.16.6. Fanrpm_normal (id: 04000032) default severity warning log message fan rpm monitor () is outside the specified limit. Current value is , lower limit is , upper limit is explanation the sensor reports that the fan rpm value is back ...
Page 224
Default severity warning log message temperature monitor () is outside the specified limit. Current value is , lower limit is , upper limit is explanation the sensor reports that the gpio value is back inte the normal range. Gateway action none recommended action none. Revision 1 parameters index na...
Page 225
Memory consumption. Revision 1 parameters limit_megabyte total_mem free_mem free_percentage severity 2.16.11. Free_memory_normal_level (id: 04000103) default severity notice log message the amount of free memory is in the normal range, free mb of total mb, percentage free explanation the memory usag...
Page 226: 2.17. Idp
2.17. Idp these log messages refer to the idp (intrusion detection & prevention events) category. 2.17.1. Scan_detected (id: 01300001) default severity notice log message scan detected: , signature id=. Id rule: . Protocol: . Source ip: . Source port: . Destination ip: . Destination port: . Closing ...
Page 227
Srcip srcport destip destport context parameters rule name deep inspection 2.17.3. Intrusion_detected (id: 01300003) default severity warning log message intrusion detected: , signature id=. Id rule: . Protocol: . Source ip: . Source port: . Destination ip: . Destination port: . Closing connection. ...
Page 228
Srcip srcport destip destport context parameters rule name deep inspection 2.17.5. Scan_detected (id: 01300005) default severity notice log message scan detected: , signature id=. Id rule: . Protocol: . Source ip: . Source port: . Destination ip: . Destination port: . Explanation a scan signature ma...
Page 229
Srcport destip destport context parameters rule name deep inspection 2.17.7. Intrusion_detected (id: 01300007) default severity notice log message intrusion detected: , signature id=. Id rule: . Protocol: . Source ip: . Source port: . Destination ip: . Destination port: . Explanation an attack signa...
Page 230
Destport context parameters rule name deep inspection 2.17.9. Invalid_url_format (id: 01300009) default severity error log message failed to parse the http url. Id rule: . Url: . Source ip: . Source port: . Destination ip: . Destination port: . Closing connection. Explanation the unit failed parsing...
Page 231
2.17.11. Idp_evasion (id: 01300011) default severity error log message failed to reassemble data. Id rule: . Source ip: . Source port: . Destination ip: . Destination port: . Closing connection. Explanation the unit failed to reassemble data. The reason for this is problaby due to an idp engine evas...
Page 232
. Closing connection. Explanation the unit failed to scan data. The reason for this is due to low amount of memory. Gateway action close recommended action review your configuration. Revision 1 parameters idrule srcip srcport destip destport context parameters rule name 2.17.14. Idp_outofmem (id: 01...
Page 233
Revision 1 parameters idrule srcip srcport destip destport reason context parameters rule name 2.17.16. Idp_failscan (id: 01300016) default severity error log message failed to scan data. Id rule: . Source ip: . Source port: . Destination ip: . Destination port: . Reason: . Explanation the unit fail...
Page 234: 2.18. Idppipes
2.18. Idppipes these log messages refer to the idppipes (idp traffic shaping events) category. 2.18.1. Conn_idp_piped (id: 06100001) default severity warning log message idp pipe event triggered. Throughput limited to explanation an idp rule with pipe event triggered on the specified connection. The...
Page 235
Recommended action issue the "memory" cli command and check for modules with abnormal memory consumption. Otherwise, revise configuration in order to free more ram. Revision 1 2.18.4. Idp_piped_state_replaced (id: 06100004) default severity debug log message replaced idp pipe host entry explanation ...
Page 236
Parameters limit context parameters connection 2.18.7. Conn_idp_piped (id: 06100007) default severity warning log message idp dynamic pipe state found. Throughput limited to explanation a new connection is piped to [limit] kbps since either the source or destination ip is dynamically throttled by id...
Page 237: 2.19. Idpupdate
2.19. Idpupdate these log messages refer to the idpupdate (intrusion detection & prevention database update) category. 2.19.1. Idp_db_update_failure (id: 01400001) default severity alert log message update of the intrusion detection & prevention database failed, because of explanation the unit tried...
Page 238
Default severity notice log message intrusion detection & prevention database could not be updated, as no valid subscription exist explanation the current license does not allow intrusion detection & prevention database to be updated. Gateway action none recommended action check the system's time an...
Page 239
Explanation the idp hardware and software databases are not synchronized. A full update is automatically initiated. Gateway action downloading_new_database recommended action none. Revision 1 2.19.7. Unsynced_databases (id: 01400009) chapter 2. Log message reference 239.
Page 240: 2.20. Ifacemon
2.20. Ifacemon these log messages refer to the ifacemon (interface monitor events) category. 2.20.1. Ifacemon_status_bad_rereport (id: 03900001) default severity notice log message ifacemon reset interface 10 seconds ago. Link status: mbps duplex explanation the interface monitor reset the interface...
Page 241
Revision 1 parameters iface [linkspeed] [duplex] 2.20.3. Ifacemon_status_bad (id: 03900004) chapter 2. Log message reference 241.
Page 242: 2.21. Ippool
2.21. Ippool these log messages refer to the ippool (ippool events) category. 2.21.1. No_offer_received (id: 01900001) default severity error log message no offers were received explanation no dhcp offers where received by the ip pool general query. Gateway action none recommended action review dhcp...
Page 243
2.21.4. Lease_disallowed_by_lease_filter (id: 01900004) default severity warning log message the lease was rejected due to a lease filter explanation a lease was rejected by a lease filter. Gateway action lease_rejected recommended action verify the lease filters. Revision 1 parameters client_ip con...
Page 244
Default severity warning log message the lease was rejected due to a bad offered netmask address explanation a lease was rejected due to a bad offered netmask address. Gateway action lease_rejected recommended action check dhcp server configuration. Revision 1 parameters netmask context parameters r...
Page 245
Log message the lease was rejected due to a bad offered gateway address explanation a lease was rejected due to a bad offered gateway address. Gateway action lease_rejected recommended action check dhcp server configuration. Revision 1 parameters gateway_ip context parameters rule name 2.21.11. Leas...
Page 246
Explanation a lease was rejected since the offered ip already exists in the pool. Gateway action lease_rejected recommended action check ip pool configuration. Revision 1 parameters client_ip context parameters rule name 2.21.14. Pool_reached_max_dhcp_clients (id: 01900014) default severity error lo...
Page 247
Revision 1 parameters client_ip subsystem context parameters rule name 2.21.17. Ip_returned_to_pool (id: 01900017) default severity notice log message subsystem returned an ip to the pool explanation a subsystem returned an ip to the pool. Gateway action inform recommended action none. Revision 1 pa...
Page 248: 2.22. Ipsec
2.22. Ipsec these log messages refer to the ipsec (ipsec (vpn) events) category. 2.22.1. Fatal_ipsec_event (id: 01800100) default severity alert log message fatal event occured, because of explanation fatal event occured in ipsec stack. Gateway action none recommended action none. Revision 1 paramet...
Page 249
Reason 2.22.4. Audit_flood (id: 01800104) default severity notice log message . Explanation the rate limit for audit messages was reached. Gateway action none recommended action none. Revision 1 parameters reason 2.22.5. Ike_delete_notification (id: 01800105) default severity notice log message loca...
Page 250
Reason 2.22.7. Ike_invalid_proposal (id: 01800107) default severity warning log message local ip: , remote ip: , cookies: , reason: . Explanation the proposal for the security association could not be accepted. Gateway action none recommended action none. Revision 1 parameters local_ip remote_ip coo...
Page 251
Parameters local_ip remote_ip cookies reason 2.22.10. Packet_corrupt (id: 01800110) default severity notice log message source ip: , destination ip: , spi: , seq: , protocol: , reason: . Explanation received a corrupt packet. Gateway action drop recommended action none. Revision 1 parameters source_...
Page 252
Explanation the received packet did not fall within the sliding window. Gateway action drop recommended action none. Revision 1 parameters source_ip dest_ip spi seq protocol reason 2.22.13. Sa_lookup_failure (id: 01800113) default severity notice log message source ip: , destination ip: , spi: , seq...
Page 253
Reason 2.22.15. Sequence_number_overflow (id: 01800115) default severity notice log message source ip: , destination ip: , spi: , seq: , protocol: , reason: . Explanation an attempt to transmit a packet that would result in sequence number overflow. Gateway action none recommended action none. Revis...
Page 254
Gateway action drop recommended action none. Revision 1 parameters source_ip dest_ip spi seq protocol reason 2.22.18. Hardware_acceleration_failure (id: 01800118) default severity notice log message source ip: , destination ip: , spi: , seq: , protocol: , reason: . Explanation hardware acceleration ...
Page 255
Explanation succeeded to commit ipsec configuration. Flows will be recalculated and reapplied. Gateway action none recommended action none. Revision 1 2.22.21. Ipsec_successfully_started (id: 01800202) default severity informational log message ipsec is up and running explanation ipsec configured an...
Page 256
Log message disable all ipsec tunnels explanation disable all ipsec tunnels due to memory limitations. Gateway action disable_all_ipsec_interfaces recommended action none. Revision 1 2.22.25. Failed_create_audit_module (id: 01800207) default severity error log message failed to create audit module. ...
Page 257: 01800303)
Default severity critical log message failed to initialize ipsec explanation failed to start ipsec. Gateway action ipsec_configuration_disabled recommended action restart. Revision 1 2.22.29. Ipsec_started_successfully (id: 01800214) default severity informational log message ipsec started successfu...
Page 258
Recommended action none. Revision 1 parameters tunnel 2.22.32. Failed_to_set_algorithm_properties (id: 01800304) default severity error log message failed to set properties ipsec alogorithm , for tunnel explanation failed to set specified properties (keysize, lifetimes) for ipsec algorithm. Gateway ...
Page 259
Parameters certificate tunnel 2.22.35. Dns_resolve_failed (id: 01800308) default severity warning log message failed to resolve remote gateway for ipsec tunnel . Keeping old ip explanation failed to resolve remote gateway through dns. Gateway action keeping_old_ip recommended action none. Revision 1...
Page 260
Parameters gateway ipsectunnel 2.22.38. Failed_to_add_rules (id: 01800313) default severity error log message failed to add rules after remote gw: have been resolved by dns for ipsec tunnel: explanation failed to add rules to tunnel after remote gateway have been resolved by dns. Gateway action ipse...
Page 261
Parameters gateway ipsectunnel ip 2.22.41. No_policymanager (id: 01800316) default severity critical log message no policymanager!! To free tunnel object from explanation no policymanager to free tunnel from!!! Ipsec does not work properly. Gateway action ipsec_out_of_work recommended action restart...
Page 262
Log message failed with error: , when adding external key provider for certificate handling explanation failed to add external key provider. All certificate authantication will be disabled. Gateway action ipsec_disabled recommended action restart. Revision 1 parameters status_msg 2.22.45. Failed_to_...
Page 263
Explanation failed to create local authorization object. Configured remote access groups will not be posible to use. Gateway action ipsec_disabled recommended action none. Revision 1 2.22.48. Failed_to_set_xauth (id: 01800328) default severity error log message failed set xauth for tunnel explanatio...
Page 264
2.22.51. Ipsec_tunnel_added_bysgw (id: 01800334) default severity informational log message ipsec tunnel added by the security gateway explanation an ipsec tunnel has been added by the security gateway. Gateway action reconfiguration_by_sgw recommended action none. Revision 1 parameters username cli...
Page 265
Default severity informational log message ipsec tunnel removed from the configuration explanation an ipsec tunnel has been disabled or removed from the configuration. Gateway action reconfiguration recommended action none. Revision 1 parameters client_ip username ipsec_tunnel 2.22.55. Tunnel_disabl...
Page 266
Result, ipsec clients using config mode will not be able lease ip addresses. Gateway action none recommended action update your config mode configuration. Revision 1 parameters ippool 2.22.58. Cfgmode_ip_freed (id: 01800402) default severity notice log message returned a dynamic cfg mode ip to the i...
Page 267: (Id: 01800502)
2.22.61. Recieved_plaintext_packet_for_disabled_ipsec_interface (id: 01800502) default severity warning log message ipsec tunnel is disabled. Packet will be dropped explanation a packed was dropped due to the ipsec interface being disabled. Gateway action packet_will_be_dropped recommended action th...
Page 268: 01800900)
Explanation ipsec ping monitor detects loss if ping replies of packets inside the tunnel. Gateway action tunnel_will_disabled_after_8_number_of_lost_packets recommended action none. Revision 1 2.22.65. Ipsec_interface_disabled (id: 01800506) default severity error log message ipsec interface disable...
Page 269
Parameters remotepeer 2.22.68. Sa_write_congestion (id: 01801337) default severity informational log message failed to write sa to nitrox ii due to congestion. Explanation there was not enough free buffers to write the sa to nitrox ii. Every new packet on the sa will trigger a new try. Gateway actio...
Page 270: 01802004)
Default severity warning log message the rule is not in the active configuration. Dropping request for policy explanation the rule is not in the active configuration, dropping request. Gateway action dropping_request recommended action none. Revision 1 2.22.72. Malformed_packet (id: 01802003) defaul...
Page 271
Revision 1 parameters maxtunnels 2.22.75. Ike_sa_failed (id: 01802022) default severity warning log message ike sa negotiation failed: local ike peer: remote ike peer: initiator spi: . Explanation negotiation of ike sa failed. Gateway action no_ike_sa recommended action none. Revision 2 parameters s...
Page 272
Explanation no ike sa negotiations done because of authentication problems. Gateway action no_ike_sa recommended action none. Revision 1 2.22.78. Ike_sa_negotiation_failed (id: 01802031) default severity warning log message type of the local id is not key-id for the mamros-pskeyext negotiation. The ...
Page 274
Gateway action none recommended action none. Revision 1 parameters kb sec 2.22.84. Ipsec_sa_lifetime (id: 01802046) default severity informational log message local lifetime child sa: seconds explanation inform about lifetime for child sa:. Gateway action none recommended action none. Revision 1 par...
Page 275
2.22.87. Ipsec_sa_informal (id: 01802058) default severity informational log message local proxy id: , remote proxy id: explanation information about proxy id's for child sa. Gateway action none recommended action none. Revision 1 parameters local_id remote_id 2.22.88. Ipsec_invalid_protocol (id: 01...
Page 276: 01802100)
Protocol. Gateway action vpn_tunnel_disabled recommended action reconfigure_ipsec. Revision 1 2.22.91. Create_rules_failed (id: 01802081) default severity error log message cannot insert this rule, the forced nat protocol type does not match rule protocol explanation failed to insert rule since forc...
Page 277: 01802104)
2.22.94. Invalid_configuration_of_force_open (id: 01802104) default severity error log message auto-start rule does not specify single ip address or domain name for its remote peer explanation can not use auto-start rule (force open) for roaming tunnels. Gateway action vpn_tunnel_disabled recommende...
Page 278: 01802110)
Recommended action none. Revision 1 2.22.98. Invalid_rule_setting (id: 01802108) default severity error log message no from-tunnel specified for an authentication-only rule explanation from-tunnel must be specified for an authentication-only rule. Gateway action none recommended action none. Revisio...
Page 279: 01802200)
Log message detected suspicious outbound ipsec rule without any selectors explanation detected suspicious outbound ipsec rule without any selectors specified. Gateway action the_rule_might_not_work recommended action reconfigure_ipsec. Revision 2 2.22.102. No_algorithms_configured_for_tunnel (id: 01...
Page 280
Explanation ah tunnel is configured without spetication algorithm. Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. Revision 1 parameters tunnel 2.22.105. Ah_not_supported (id: 01802204) default severity error log message ah configured but not supported explanation tunnel [t...
Page 281
Parameters tunnel 2.22.108. Invalid_tunnel_configuration (id: 01802210) default severity error log message both `auto-start' and `dont-initiate' specified for tunnel explanation both `auto-start' and `dont-initiate' can not be specified for a tunnel. Gateway action vpn_tunnel_disabled recommended ac...
Page 282
Explanation algorithm key sizes specified for unknown algorithm. Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. Revision 2 2.22.112. Invalid_key_size (id: 01802216) default severity error log message algorithm key sizes specified for unknown algorithm explanation algorithm...
Page 283
2.22.115. Invalid_key_size (id: 01802219) default severity error log message tunnel specified key size limits for mac with fixed key size explanation configuration specifies key size limits for cipher with fixed key size. Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. Revi...
Page 284: 01802402)
Explanation malformed ike secret specified in configuration. Gateway action vpn_tunnel_invalid recommended action reconfigure_psk. Revision 1 2.22.119. Rule_selection_failed (id: 01802300) default severity notice log message rule selection failed: . Internal severity level: explanation rule selectio...
Page 285: 01802403)
2.22.122. Max_active_quickmode_negotiation_reached (id: 01802403) default severity notice log message the maximum number of active quick-mode negotiations reached explanation maximum number of active quick-mode negotiations reached. Gateway action quick-mode_not_done recommended action none. Revisio...
Page 286: 01802603)
Gateway action certificate_not_trusted recommended action none. Revision 1 2.22.126. Could_not_set_cert_to_non_crl_issuer (id: 01802603) default severity warning log message could not set ca certificate to non-crl issuer. This may cause authentication errors if valid crls are not available explanati...
Page 287
Default severity error log message can not insert ca certificate into local database explanation can not insert ca certificate into local database. Gateway action certificate_disabled recommended action none. Revision 1 2.22.130. Could_not_decode_certificate (id: 01802607) default severity warning l...
Page 288
2.22.133. Could_not_decode_crl (id: 01802610) default severity warning log message could not decode crl. The certificate may be corrupted or it was given in unrecognized format. File format may be wrong explanation could_not_decode_crl. Gateway action certificate_invalid recommended action none. Rev...
Page 289: 01802705)
2.22.136. Certificate_contains_bad_ip_address (id: 01802705) default severity warning log message certificate contains bad ip address: length= explanation certificate contains bad ip address. Gateway action try_next_certificate recommended action none. Revision 1 parameters len 2.22.137. Dn_name_as_...
Page 290
Explanation ike sa is destroyed. Gateway action ike_sa_killed recommended action none. Revision 1 parameters ike_sa 2.22.140. Cfgmode_exchange_event (id: 01802709) default severity informational log message event occured for config mode exchange: . Internal severity level: explanation config mode ex...
Page 291
Recommended action none. Revision 1 parameters dns_server 2.22.143. Remote_access_wins (id: 01802712) default severity informational log message wins for remote access attributes: explanation wins for remote access attributes. Gateway action none recommended action none. Revision 1 parameters win 2....
Page 292
Default severity warning log message event: occured for ike sa: . Internal severity level: explanation event occured at ike sa. Gateway action none recommended action none. Revision 1 parameters side msg int_severity 2.22.147. Ipsec_sa_selection_failed (id: 01802717) default severity warning log mes...
Page 293: 2.22.152. (Id: 01802735)
Default severity warning log message ipsec sa negotiation event: , , . Internal severity level: explanation event occured for ipsec sa. Gateway action none recommended action none. Revision 2 parameters msg local_proxy remote_proxy int_severity 2.22.150. Ipsec_sa_event (id: 01802731) default severit...
Page 294: 2.22.153. (Id: 01802736)
Log message l2tp negotiation event: . , . Internal severity level: explanation l2tp negotiation event. Gateway action l2tp_negotiation_event recommended action none. Revision 1 parameters side msg local_peer remote_peer int_severity 2.22.153. (id: 01802736) default severity informational log message...
Page 295
Log message initialization of rule lookup failed explanation initialization of rule lookup failed. Gateway action ipsec_disabled recommended action none. Revision 1 2.22.156. Init_rule_looklup_failed (id: 01802904) default severity critical log message allocating default drop rule failed! Explanatio...
Page 296
Default severity critical log message initialization of interface table failed explanation initialization of interface table failed. Gateway action ipsec_disabled recommended action none. Revision 1 2.22.160. Init_flow_id_table_failed (id: 01802908) default severity critical log message allocation o...
Page 297
2.22.163. Init_transform_table_failed (id: 01802911) default severity critical log message allocation of transform table failed (size ) explanation allocation of transform table failed. Gateway action ipsec_disabled recommended action none. Revision 1 parameters size 2.22.164. Init_peer_hash_failed ...
Page 298: 01802916)
Revision 1 2.22.167. Init_inbound_spi_hash_failed (id: 01802915) default severity critical log message allocation of inbound spi hash table failed explanation allocation of inbound spi hash table failed. Gateway action ipsec_disabled recommended action none. Revision 1 2.22.168. Init_transform_conte...
Page 299
Explanation allocation of transform context table failed. Gateway action ipsec_disabled recommended action none. Revision 1 2.22.171. Init_nat_table_failed (id: 01802919) default severity critical log message allocation of nat tables failed explanation allocation of nat tables failed. Gateway action...
Page 300
Log message opening the interceptor failed explanation opening the interceptor failed. Gateway action ipsec_disabled recommended action none. Revision 1 2.22.175. Malformed_ike_sa_proposal (id: 01803000) default severity warning log message malformed ike sa proposal: explanation received a malformed...
Page 301
Default severity warning log message phase-1 notification from for protocol , spi : () ( bytes) explanation received a ike phase-2 notification. Gateway action none recommended action none. Revision 1 parameters status remote_peer proto spi msg type size 2.22.179. Ipsec_sa_failed (id: 01803020) defa...
Page 302
2.22.181. Config_mode_exchange_event (id: 01803022) default severity informational log message config mode exchange event: . . Explanation a config mode exchange event occured. Gateway action none recommended action none. Revision 1 parameters msg reason 2.22.182. Config_mode_exchange_event (id: 018...
Page 303
Gateway action none recommended action none. Revision 1 parameters msg reason 2.22.185. Config_mode_exchange_event (id: 01803026) default severity informational log message config mode exchange event: . Explanation a config mode exchange event occured. Gateway action none recommended action none. Re...
Page 304
Revision 1 parameters remote_peer spi_size 2.22.188. Ike_phase2_notification (id: 01803029) default severity warning log message phase-2 notification from for protocol , spi : () ( bytes) explanation received a ike phase-2 notification. Gateway action none recommended action none. Revision 1 paramet...
Page 305
Explanation could not verify remote peer's identity. Gateway action none recommended action none. Revision 1 2.22.191. Malformed_ipsec_sa_proposal (id: 01803050) default severity warning log message malformed ipsec sa proposal: explanation received a malformed ipsec sa proposal. Gateway action none ...
Page 306: 01803101)
2.22.194. Failed_to_select_ipsec_proposal (id: 01803053) default severity warning log message could not select proposal for ipsec sa explanation could not select proposal for ipsec sa. Gateway action none recommended action none. Revision 2 parameters sa_index 2.22.195. Failed_to_select_ipsec_sa (id...
Page 307
Gateway action none recommended action none. Revision 1 parameters msg int_severity 2.22.198. Ipsec_hwaccel_failed (id: 01803410) default severity warning log message failed to create a hardware acceleration context for ipsec sa ( spi ). Packets will be processed in software. Explanation hardware ac...
Page 308: 2.23. Ip_Error
2.23. Ip_error these log messages refer to the ip_error (packet discarded due to ip header error(s)) category. 2.23.1. Too_small_packet (id: 01500001) default severity warning log message packet is too small to contain ipv4 header explanation the received packet is too small to contain an ipv4 heade...
Page 309
Revision 1 parameters iptotlen iphdrlen context parameters rule name packet buffer 2.23.4. Invalid_ip_length (id: 01500004) default severity warning log message invalid ip header length, iptotlen=, recvlen= explanation the received packet ip total length is larger than the received transport data. D...
Page 310: 2.24. Ip_Flag
2.24. Ip_flag these log messages refer to the ip_flag (events concerning the ip header flags) category. 2.24.1. Ttl_low (id: 01600001) default severity warning log message received packet with too low ttl of . Min ttl is . Ignoring explanation the received packet has a ttl (time-to-live) field which...
Page 311
Context parameters rule name packet buffer 2.24.3. Ip_rsv_flag_set (id: 01600003) chapter 2. Log message reference 311.
Page 312: 2.25. Ip_Opt
2.25. Ip_opt these log messages refer to the ip_opt (events concerning the ip header options) category. 2.25.1. Source_route (id: 01700001) default severity notice log message packet has a source route explanation the packet has a source route. Ignoring. Gateway action ignore recommended action none...
Page 313
2.25.4. Ipopt_present (id: 01700004) default severity notice log message ip option () is present explanation the packet contains an ip option. Ignoring. Gateway action ignore recommended action none. Revision 1 parameters ipopt optname context parameters rule name packet buffer 2.25.5. Ipoptlen_too_...
Page 314
Avail context parameters rule name packet buffer 2.25.7. Multiple_ip_option_routes (id: 01700012) default severity warning log message multiple source/return routes in ip options. Dropping explanation there are multiple source/return routes specified among the ip options. Dropping packet. Gateway ac...
Page 315
Recommended action none. Revision 1 parameters ipopt routeptr context parameters rule name packet buffer 2.25.10. Source_route_disallowed (id: 01700015) default severity warning log message source route ip option disallowed. Dropping explanation the packet has a source route, which is disallowed. Dr...
Page 316
Recommended action none. Revision 1 parameters ipopt optlen context parameters rule name packet buffer 2.25.13. Bad_timestamp_pointer (id: 01700018) default severity warning log message ip option type : bad timestamp pointer . Dropping explanation the packet contains an invalid timestamp pointer. Dr...
Page 317
Log message timestamp ip option disallowed. Dropping explanation the packet contains a timestamp ip option, which is disallowed. Dropping packet. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.25.16. Router_alert_bad_len (id: 01700021) default se...
Page 318
Log message ip option () is present. Dropping explanation the packet contains an ip option, which is disallowed. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters ipopt optname context parameters rule name packet buffer 2.25.18. Ipopt_present_disallowed (id: 0170002...
Page 319: 2.26. Ip_Proto
2.26. Ip_proto these log messages refer to the ip_proto (ip protocol verification events) category. 2.26.1. Multicast_ethernet_ip_address_missmatch (id: 07000011) default severity warning log message received packet with a destination ip address that does not match the ethernet multicast address exp...
Page 320
Explanation a packet was received with a ttl (time-to-live) field set to zero, which is not allowed. Dropping packet. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.26.4. Ttl_low (id: 07000014) default severity warning log message received packet...
Page 321
Explanation the configured size limit for the tcp protocol was exceeded. Dropping packet. Gateway action drop recommended action this can be changed under the advanced settings section. Revision 1 parameters proto context parameters rule name packet buffer 2.26.7. Invalid_tcp_header (id: 07000019) d...
Page 322
Default severity warning log message invalid udp header - ipdatalen=, udptotlen=. Dropping explanation the udp packet contains an invalid header. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters ipdatalen udptotlen context parameters rule name packet buffer 2.26.10...
Page 323: 07000033)
Packet buffer 2.26.12. Multicast_ethernet_ip_address_missmatch (id: 07000033) default severity warning log message received packet with a destination ip address that does not match the ethernet multicast address explanation a packet was received with an ip multicast ethernet address as destination a...
Page 324
Dropping packet. Gateway action drop recommended action this can be changed under the advanced settings section. Revision 1 parameters proto context parameters rule name packet buffer 2.26.15. Oversize_ah (id: 07000052) default severity warning log message configured size limit for the ah protocol e...
Page 325
Log message configured size limit for the ospf protocol exceeded. Dropping explanation the configured size limit for the ospf protocol was exceeded. Dropping packet. Gateway action drop recommended action this can be changed under the advanced settings section. Revision 1 parameters proto context pa...
Page 326
Default severity warning log message configured size limit for the l2tp protocol exceeded. Dropping explanation the configured size limit for the l2tp protocol was exceeded. Dropping packet. Gateway action drop recommended action this can be changed under the advanced settings section. Revision 1 pa...
Page 327
2.26.23. Invalid_icmp_data_too_small (id: 07000071) default severity warning log message invalid icmp data length. Icmpdatalen= icmpiphdrminlen=. Dropping explanation the icmp data is not large enough to contain an ipv4 header. Dropping packet. Gateway action drop recommended action none. Revision 1...
Page 328: 07000074)
Revision 1 parameters icmpdatalen icmphdrlen context parameters rule name packet buffer 2.26.26. Invalid_icmp_data_invalid_ip_length (id: 07000074) default severity warning log message invalid icmp data length. Icmpdatalen= icmpipdatalen= icmpipdataminlen=. Dropping explanation the icmp data length ...
Page 329
2.26.27. Invalid_icmp_data_invalid_paramprob (id: 07000075) chapter 2. Log message reference 329.
Page 330: 2.27. L2Tp
2.27. L2tp these log messages refer to the l2tp (l2tp tunnel events) category. 2.27.1. L2tpclient_resolve_successful (id: 02800001) default severity notice log message l2tp client resolved to explanation the l2tp client successfully resolved the dns name of the remote gateway. Gateway action none re...
Page 331: 02800006)
Parameters iface remotegw 2.27.4. L2tp_connection_disallowed (id: 02800004) default severity notice log message l2tp connection disallowed according to rule ! Tunnel id: , session id: explanation the l2tp connection is disallowed according to the specified userauth rule. Gateway action none recommen...
Page 332
Gateway action drop recommended action make sure no manually configured routes to the l2tp server interface exists in the configuration. Revision 1 parameters iface 2.27.7. L2tp_session_closed (id: 02800007) default severity notice log message closed l2tp session. Session id: , tunnel id: explanatio...
Page 333
Recommended action make sure the peer is capable of mppe encryption, or disable the mppe requirement. Revision 1 parameters iface sessionid remotegw 2.27.10. L2tp_session_request (id: 02800010) default severity notice log message l2tp session request sent. Tunnel id: explanation an l2tp session requ...
Page 334
Recommended action make sure the userauth rules are configured correctly. Revision 1 parameters tunnelid sessionid 2.27.13. L2tp_session_request (id: 02800015) default severity notice log message l2tp session request received. Tunnel id: explanation a new session request was received on the specifie...
Page 335
Gateway action accounting_disabled recommended action make sure the radius accounting configuration is correct. Revision 1 2.27.16. L2tpclient_tunnel_up (id: 02800018) default severity notice log message l2tp tunnel to is up. Tunnel id: explanation l2tp tunnel negotiated successfully. Gateway action...
Page 336
Address to the interface. Revision 1 parameters iface 2.27.18. Waiting_for_ip_to_listen_on (id: 02800050) chapter 2. Log message reference 336.
Page 337: 2.28. Natpool
2.28. Natpool these log messages refer to the natpool (events related to nat pools) category. 2.28.1. Uninitialized_ippool (id: 05600001) default severity error log message natpool has not been initialized explanation the natpool is not initialized. This can happen if the natpool contains no valid i...
Page 338
Revision 1 parameters address poolname context parameters connection 2.28.4. Out_of_memory (id: 05600005) default severity error log message out of memory while allocating natpool state for explanation a state could not be allocated since the unit is out of memory. Gateway action drop recommended ac...
Page 339
Parameters poolname 2.28.7. Proxyarp_failed (id: 05600008) default severity error log message could not add dynamic proxyarp route. Natpool explanation it was not possible to dynamically add a core route for the given ip address. Gateway action none recommended action try to configure a core route w...
Page 340
Concurrent states are wanted. Revision 1 parameters poolname num_states replacedip 2.28.10. Registerip_failed (id: 05600011) default severity warning log message request to activate already active translation ip address in pool explanation attempt to activate an already active translation ip. Gatewa...
Page 341
Revision 1 parameters poolname 2.28.13. Synchronization_failed (id: 05600014) default severity error log message failed to synchronize translation ip address to peer explanation failed to synchronize translation ip address to peer. Gateway action none recommended action check status of peer and veri...
Page 342: 2.29. Ospf
2.29. Ospf these log messages refer to the ospf (ospf events) category. 2.29.1. Internal_error (id: 02400001) default severity warning log message internal error. Iface got ievent in istate . Ignored explanation internal error in the ospf interface state engine. Gateway action ignore recommended act...
Page 343
Gateway action none recommended action check ospf interface configuration. Revision 1 parameters iface neighborid myifaceip context parameters rule name 2.29.4. Bad_packet_len (id: 02400004) default severity warning log message received ospf packet with bad length explanation received ospf packet wi...
Page 344
Log message sender source not within interface range () explanation received ospf data from a neighboring router not within the receive interface range. Gateway action drop recommended action make sure all locally attached ospf routes are on the same network. Revision 1 parameters srcip ifacerange c...
Page 345
Packet buffer 2.29.9. Hello_interval_mismatch (id: 02400009) default severity warning log message hello interval mismatch. Received was , mine is . Dropping explanation received ospf data from a neighboring router with a mismatching hello interval. Gateway action drop recommended action make sure al...
Page 346
E-flag (describes how as-external-lsas are flooded) configuration. Gateway action drop recommended action make sure all locally attached ospf routers share the same e-flag configuration. Revision 1 parameters recv_e_flag my_e_flag context parameters rule name packet buffer 2.29.12. Hello_n_flag_mism...
Page 347
Default severity warning log message unknown lsa type . Dropping explanation received ospf data from a neighbor which contained a unknown lsa. Gateway action drop recommended action check the configuration on the neighboring router. Revision 1 parameters lsatype context parameters rule name packet b...
Page 348
Default severity warning log message authentication mismatch. Bad crypto key id. Received was , mine is explanation authentication failed due to a bad crypto key id. Gateway action drop recommended action verify that the neighboring ospf router share the same crypto key id. Revision 1 parameters rec...
Page 349
Default severity warning log message checksum mismatch. Received was , mine is explanation received ospf data from neighbor with mismatching checksum. Gateway action drop recommended action check network equipment for problems. Revision 1 parameters recv_chksum my_chksum context parameters rule name...
Page 350
2.29.23. I_flag_misuse (id: 02400102) default severity warning log message neighbor misused the i-flag. Restarting exchange explanation neighbor misused the i-flag. Gateway action restart recommended action none. Revision 1 parameters neighbor context parameters rule name 2.29.24. Opt_change (id: 02...
Page 351
2.29.26. Non_dup_dd (id: 02400105) default severity warning log message neighbor sent a non dup dd from a higher state then exchange. Restarting exchange explanation received a non dup database descriptor from a neighbor in a higher state then exchange. Gateway action restart recommended action none...
Page 352
2.29.29. Bad_lsa_sequencenumber (id: 02400108) default severity warning log message got lsa with bad sequence number . Restarting exchange explanation received a lsa with a bad sequence number. Gateway action restart recommended action none. Revision 1 parameters seqnum context parameters rule name ...
Page 353
Default severity warning log message unknown lsa type (). Lsa is discarded explanation received lsa of unknown type. Gateway action discard recommended action check originating router configuration. Revision 1 parameters lsa_type context parameters rule name 2.29.33. Bad_lsa_sequencenumber (id: 0240...
Page 354: 02400155)
Log message received as-ext lsa on stub. Lsa is discarded explanation received as external lsa which is illegal on a stub area. Gateway action discard recommended action none. Revision 1 context parameters rule name 2.29.36. Received_selforg_for_unknown_lsa_type (id: 02400155) default severity warni...
Page 355
Default severity warning log message got ack for mismatched lsa (lsa- id: advrtr:). Ack ingored explanation received acknowledge for mismatched lsa. Gateway action none recommended action none. Revision 1 parameters lsa lsaid lsartr context parameters rule name 2.29.39. Upd_packet_lsa_size_mismatch ...
Page 356
Default severity warning log message ack packet lsa size mismatch. Parsing aborted explanation received ospf ack packet with a mismatching lsa size. Gateway action abort recommended action none. Revision 1 context parameters rule name packet buffer 2.29.42. Failed_to_create_replacement_lsa (id: 0240...
Page 357
Log message unknown neighbor(ip: id:) seen on . Ignoring explanation unknown neighbor seen on ptp based interface. Gateway action none recommended action check for incorrectly configured neighbors. Revision 1 parameters neighbor neighborid iface context parameters rule name 2.29.45. Too_many_neighbo...
Page 358: 02400301)
Default severity warning log message unable to find transport area for vlink when building router lsa. Iface skipped explanation unable to find transport area for a vlink. Gateway action skip_iface recommended action check ospf area configuration. Revision 1 parameters area vlink context parameters ...
Page 359: (Id: 02400303)
2.29.50. Memory_usage_exceeded_70_percent_of_max_allowed (id: 02400303) default severity warning log message memory usage for ospf process have now exceeded 70 percent of the maximum allowed explanation the memory usage for a ospf process have exceeded 70 percent of the maximum allowed. Gateway acti...
Page 360: (Id: 02400401)
Context parameters rule name 2.29.53. Internal_lsa_chksum_error (id: 02400306) default severity critical log message lsa internal checksum error explanation internal lsa checksum error. Gateway action alert recommended action check hardware for defects. Revision 1 context parameters rule name 2.29.5...
Page 361: (Id: 02400402)
2.29.56. Internal_error_unable_to_find_iface_connecting_to_lsa (id: 02400402) default severity warning log message internal error: unable to find my interface connecting to described lsa (netvtxid: ) explanation unable to find local interface connecting to described lsa. Gateway action none recommen...
Page 362: (Id: 02400405)
Parameters rtrvtxid context parameters rule name 2.29.59. Internal_error_unable_neighbor_iface_attached_back_to_me (id: 02400405) default severity warning log message internal error: unable to find neighbor (rtrvtxid: ) interface attached back to me explanation unable to find neighbor interface atta...
Page 363
Gateway action none recommended action contact support with a scenario description. Revision 1 parameters netvtxid context parameters rule name 2.29.62. Memory_allocation_failure (id: 02400500) default severity critical log message internal error: memory allocation failure! Ospf process now consider...
Page 364
Revision 1 parameters route context parameters rule name 2.29.64. Failed_to_add_route (id: 02400502) chapter 2. Log message reference 364.
Page 365: 2.30. Ppp
2.30. Ppp these log messages refer to the ppp (ppp tunnel events) category. 2.30.1. Ip_pool_empty (id: 02500001) default severity warning log message ipcp can not assign ip address to peer because the ip address pool is empty explanation ipcp can not assign an ip address to the peer because there ar...
Page 366: (Id: 02500004)
Revision 1 parameters tunnel_type 2.30.4. Seconday_dns_address_required_but_not_received (id: 02500004) default severity warning log message secondary dns address required but not received. Ppp terminated explanation peer refuses to give out a secondary dns address. Since reception of a secondary dn...
Page 367: 02500050)
Revision 1 parameters tunnel_type 2.30.7. Failed_to_agree_on_authentication_protocol (id: 02500050) default severity error log message failed to agree on authentication protocol. Ppp terminated explanation failed to agree on ppp authentication protocol. Ppp is terminated. Gateway action ppp_terminat...
Page 368
Revision 1 parameters tunnel_type unsupported_lcp_option 2.30.10. Ppp_tunnel_limit_exceeded (id: 02500100) default severity alert log message ppp tunnel license limit exceeded. Ppp terminated explanation ppp is terminated because the license restrictions do not allow any more ppp tunnels. No new ppp...
Page 369
2.30.13. Username_too_long (id: 02500151) default severity warning log message ppp chap username was truncated because it was too long explanation ppp chap username was truncated because it was too long. Gateway action chap_username_truncated recommended action reconfigure the endpoints to use a sho...
Page 370
Gateway action pap_username_truncated recommended action reconfigure the endpoints to use a shorter username. Revision 1 parameters tunnel_type 2.30.17. Password_too_long (id: 02500351) default severity warning log message ppp pap password was truncated because it was too long explanation ppp pap pa...
Page 371
2.30.20. Authdb_error (id: 02500502) default severity error log message local database authentication error. Ppp authentication terminated explanation there was an error while authenticating using a local user database. Ppp authentication terminated. Gateway action authentication_terminated recommen...
Page 372: 2.31. Pppoe
2.31. Pppoe these log messages refer to the pppoe (pppoe tunnel events) category. 2.31.1. Pppoe_tunnel_up (id: 02600001) default severity notice log message pppoe tunnel on established to . Auth: , ifaceip: , downtime: explanation the pppoe tunnel for the interface have been established. . Gateway a...
Page 373: 2.32. Pptp
2.32. Pptp these log messages refer to the pptp (pptp tunnel events) category. 2.32.1. Pptpclient_resolve_successful (id: 02700001) default severity notice log message pptp client resolved to explanation the pptp client succesfully resolved the dns name of remote gateway. Gateway action none recomme...
Page 374: 02700006)
Revision 1 parameters rule remotegw callid 2.32.4. Unknown_pptp_auth_source (id: 02700004) default severity warning log message unknown pptp authentication source for ! Remote gateway: , call id: explanation the authentication source for the specified userauth rule found in the new configuration is ...
Page 375
Interface by a route that was either manually configured or set up by another subsystem. Traffic can only be sent out on the pptp server using the dynamic routes set up by the interface itself. Gateway action drop recommended action make sure there are no manually configured routes pointing to the p...
Page 376
Log message pptp session request sent on control connection to explanation an pptp session request has been sent on the control connection to the specified remote gateway. Gateway action none recommended action none. Revision 1 parameters remotegw 2.32.10. Unsupported_message (id: 02700010) default ...
Page 377
Default severity warning log message ppp negotiation completed for session to on . User: , auth: , mppe: , assigned ip: explanation the ppp negotiation has completed successfully for this session. The specified interface, remote gateway and call id identify the specific session. Gateway action none ...
Page 378
Recommended action none. Revision 1 parameters iface remotegw 2.32.15. Session_idle_timeout (id: 02700015) default severity warning log message pptp session to on has been idle for too long. Closing it. Explanation a pptp session has been idle for too long. Session will be closed. Gateway action clo...
Page 379
Revision 1 parameters iface remotegw 2.32.18. Pptp_tunnel_up (id: 02700019) default severity notice log message pptp tunnel up, client connected to explanation a remote pptp client has established a connection to this pptp server. Gateway action none recommended action none. Revision 1 parameters if...
Page 380
Revision 1 parameters iface remotegw 2.32.21. Pptp_tunnel_closed (id: 02700022) default severity notice log message pptp tunnel to on closed. Explanation the pptp tunnel to has been closed. Gateway action none recommended action none. Revision 1 parameters iface remotegw 2.32.22. Pptp_connection_dis...
Page 381
Revision 1 parameters rule iface remotegw 2.32.24. Pptp_no_userauth_rule_found (id: 02700026) default severity warning log message did not find a matching userauth rule for the incoming pptp connection. Interface: , remote gateway: . Explanation the pptp server was unsuccessful trying to find a user...
Page 382
Server interface. If the pptp server is supposed to listen on an ip assigned by a dhcp server, make sure that the dhcp server is working properly. Revision 1 parameters iface 2.32.26. Waiting_for_ip_to_listen_on (id: 02700050) chapter 2. Log message reference 382.
Page 383: 2.33. Reassembly
2.33. Reassembly these log messages refer to the reassembly (events concerning data reassembly) category. 2.33.1. Ack_of_not_transmitted_data (id: 04800002) default severity informational log message tcp segment acknowledges data not yet transmitted explanation a tcp segment that acknowledges data n...
Page 384
Revision 1 context parameters connection 2.33.4. Memory_allocation_failure (id: 04800005) default severity error log message can't allocate memory to keep track of a packet explanation the gateway is unable to allocate memory to keep track of packet that was received. The packet will be dropped. Gat...
Page 385: 04800010)
Default severity notice log message maximum processing memory limit reached explanation the reassembly subsystem has reached the maximum limit set on its processing memory. This will decrease the performance of connections that are processed by the reassembly subsystem. Gateway action drop recommend...
Page 386: 2.34. Rfo
2.34. Rfo these log messages refer to the rfo (route fail over events) category. 2.34.1. Has_ping (id: 04100001) default severity notice log message interface , table , net : route enabled, got ping reply from gw explanation route is available. Received ping reply from the gateway. Gateway action no...
Page 387
Recommended action none. Revision 1 parameters iface table net gateway 2.34.4. Unable_to_register_pingmon (id: 04100004) default severity warning log message interface , table , net : route no longer monitored, unable to register ping monitor explanation internal error: the route is no longer monito...
Page 388
Reply from gateway explanation route is available. Received arp reply from the gateway. Gateway action route_enabled recommended action none. Revision 2 parameters iface table net gateway 2.34.7. No_arp (id: 04100007) default severity error log message interface , table , net : route disabled, no ar...
Page 389
2.34.9. Unable_to_register_arp_monitor (id: 04100009) default severity warning log message interface , table , net : route no longer monitored via arp, unable to register arp monitor explanation internal error: the route is no longer monitored. Failed to register arp route monitor. Gateway action di...
Page 390: 04100012)
2.34.12. Unable_to_register_interface_monitor (id: 04100012) default severity error log message interface , table , net : route no longer monitored, unable to register interface monitor explanation internal error: route is no longer monitored. Unable to register interface monitor. Gateway action no_...
Page 391
Revision 1 parameters iface table net 2.34.15. Hostmon_successful (id: 04100015) default severity notice log message interface , table , net : route enabled, host monitoring successful explanation route is available. Host monitoring successful. Gateway action route_enabled recommended action none. R...
Page 392: 2.35. Rule
2.35. Rule these log messages refer to the rule (events triggered by rules) category. 2.35.1. Ruleset_fwdfast (id: 06000003) default severity notice log message packet statelessly forwarded (fwdfast) explanation the packet matches a rule with a "fwdfast" action, and is statelessly forwarded. Gateway...
Page 393
Rule information packet buffer 2.35.4. Rule_match (id: 06000007) default severity debug log message return action trigged explanation a rule with a special return action was trigged by an ip-rule lookup. This log message only appears if you explicitly requested it for the rule in question, and it is...
Page 394
Context parameters rule name packet buffer 2.35.7. Block127net (id: 06000012) default severity warning log message destination address is the 127.* net. Dropping explanation the destination address was the 127.* net, which is not allowed according to the configuration. The packet is dropped. Gateway...
Page 395
Context parameters rule name 2.35.10. Directed_broadcasts (id: 06000031) default severity notice log message packet directed to the broadcast address of the destination network. Dropping explanation the packet was directed to the broadcast address of the destination network, and the unit is configur...
Page 396
2.35.13. Ruleset_drop_packet (id: 06000051) default severity warning log message packet dropped by rule-set. Dropping explanation the rule-set is configured to drop this packet. Gateway action drop recommended action if this is not the indended behaviour, modify the rule-set. Revision 1 context para...
Page 397: 2.36. Sesmgr
2.36. Sesmgr these log messages refer to the sesmgr (session manager events) category. 2.36.1. Sesmgr_session_created (id: 04900001) default severity notice log message session connected for user: . Database: . Ip: . Type: . Explanation new session created in session manager. Gateway action none rec...
Page 398
Revision 1 parameters user database ip type 2.36.4. Sesmgr_access_set (id: 04900004) default severity notice log message access level changed to for user: . Database: . Ip: . Type: . Explanation access level has been changed for session. Gateway action none recommended action none. Revision 1 parame...
Page 399
Gateway action deny_upload recommended action terminate administrator session and try again. Revision 1 parameters user ip type 2.36.7. Sesmgr_console_denied (id: 04900007) default severity warning log message could not create new console for user: . Database: . Ip: . Type: . Explanation could not c...
Page 400
Revision 1 2.36.10. Sesmgr_session_activate (id: 04900010) default severity notice log message session has been activated for user: . Database: . Ip: . Type: . Explanation disabled session has been activated. Gateway action none recommended action none. Revision 1 parameters user database ip type 2....
Page 401
Parameters user database ip type 2.36.13. Sesmgr_session_access_missing (id: 04900015) default severity warning log message no access level set for user: . Database: . Ip: . Type: . Explanation no access level set for user, new session denied. Gateway action deny_session recommended action check use...
Page 402
Recommended action check available memory. Revision 1 2.36.16. Sesmgr_techsupport (id: 04900018) default severity notice log message sending technical support file. Explanation technical support file created and is being sent to user. Gateway action techsupport_created recommended action none. Revis...
Page 403: 2.37. Slb
2.37. Slb these log messages refer to the slb (slb events) category. 2.37.1. Server_online (id: 02900001) default severity notice log message slb server is online according to monitor explanation a disabled server has been determined to be alive again. Gateway action adding this server to the active...
Page 404: 2.38. Smtplog
2.38. Smtplog these log messages refer to the smtplog (smtplog events) category. 2.38.1. Unable_to_establish_connection (id: 03000001) default severity warning log message unable to establish connection to smtp server . Send aborted explanation the unit failed to establish a connection to the smtp s...
Page 405
2.38.4. Receive_timeout (id: 03000005) default severity warning log message receive timeout from smtp server . Send aborted explanation the unit timed out while receiving data from the smtp server. No smtp log will be sent. Gateway action abort_sending recommended action none. Revision 1 parameters ...
Page 406
Default severity warning log message smtp server rejected sender . Send aborted explanation the smtp server rejected the sender. No smtp log will be sent. Gateway action abort_sending recommended action verify that the smtp server is configured to accept this sender. Revision 1 parameters smtp_serve...
Page 407
Gateway action none recommended action verify that the smtp server is properly configured. Revision 1 parameters smtp_server 2.38.11. Rejected_message_text (id: 03000012) default severity warning log message smtp server rejected message text. Send aborted explanation the smtp server rejected the mes...
Page 408: 2.39. Snmp
2.39. Snmp these log messages refer to the snmp (allowed and disallowed snmp accesses) category. 2.39.1. Disallowed_sender (id: 03100001) default severity notice log message disallowed snmp from , disallowed sender ip explanation the sender ip address is not allowed to send snmp data to the unit. Dr...
Page 409: 2.40. Sshd
2.40. Sshd these log messages refer to the sshd (ssh server events) category. 2.40.1. Out_of_mem (id: 04700001) default severity error log message out of memory explanation memory allocation failure. System is running low on ram memory. Gateway action close recommended action try to free some of the...
Page 410
Default severity error log message occurred with the connection from client . Explanation an error occurred, and the connection will be closed. Gateway action close recommended action none. Revision 1 parameters error client 2.40.5. Invalid_mac (id: 04700007) default severity warning log message mac...
Page 411
Gateway action close recommended action none. Revision 1 parameters fromname toname client 2.40.8. Invalid_username_change (id: 04700025) default severity warning log message service change is not allowed. From serivce to . Client: explanation user changed the service between two authentication phas...
Page 412
Gateway action close recommended action increase the grace timeout value if it is set too low. Revision 1 parameters gracetime client 2.40.11. Ssh_inactive_timeout_expired (id: 04700036) default severity warning log message ssh session inactivity limit () has been reached. Closing connection. Client...
Page 413
Revision 1 parameters client 2.40.14. Key_algo_not_supported. (id: 04700055) default severity error log message the authentication algorithm type is not supported. Client explanation the authentication algorithm that the client uses is not supported. Closing connection. Gateway action close recommen...
Page 414
Recommended action none. Revision 1 parameters maxclients client 2.40.17. Client_disallowed (id: 04700061) default severity warning log message client not allowed access according to the "remotes" section. Explanation the client is not allowed access to the ssh server. Closing connection. Gateway ac...
Page 415
Revision 1 parameters ip 2.40.19. Scp_failed_not_admin (id: 04704000) chapter 2. Log message reference 415.
Page 416: 2.41. Sslvpn
2.41. Sslvpn these log messages refer to the sslvpn (sslvpn events.) category. 2.41.1. Sslvpn_session_created (id: 06300010) default severity informational log message ssl vpn session created :. Explanation ssl vpn session created [remoteip]:[remoteport]. Gateway action none recommended action none....
Page 417
Default severity warning log message ssl vpn connection from disallowed according to rule ! Explanation the ssl vpn connection is disallowed by the new configuration according to the specified userauth rule. Closing down the ssl vpn connection. Gateway action sslvpn_connection_closed recommended act...
Page 418
Default severity warning log message ssl vpn connection from disallowed according to rule . Interface: . Explanation the ssl vpn connection is disallowed according to the specified userauth rule. Gateway action none recommended action make sure the userauth rules are configured correctly. Revision 1...
Page 419: 2.42. System
2.42. System these log messages refer to the system (system-wide events: startup, shutdown, etc..) category. 2.42.1. Demo_expired (id: 03200020) default severity emergency log message the demo period for this copy of d-link firewall has expired. Please install license and re-run d-link firewall, or ...
Page 420
Parameters oldtime newtime user 2.42.4. Reset_clock (id: 03200101) default severity notice log message the clock at was manually reset to explanation the clock has manually been reset. Gateway action none recommended action none. Revision 1 parameters oldtime newtime 2.42.5. Invalid_ip_match_access_...
Page 421
Default severity error log message nitrox ii interfaces restarted. Explanation nitrox ii interfaces restarted. Gateway action none recommended action none. Revision 1 2.42.8. Hardware_watchdog_initialized (id: 03200260) default severity notice log message hardware watchdog found and initialized with...
Page 422: 03200400)
Explanation failed to allocate a dynamic port, as all ports are in use. Gateway action none recommended action none. Revision 1 parameters reason localip destip port_base port_end 2.42.11. Port_hlm_conversion (id: 03200302) default severity notice log message using high load mode for local ip destin...
Page 423: (Id: 03200401)
Default severity warning log message messages lost due to throttling explanation due to extensive logging, a number of log messages was not sent. Gateway action none recommended action examine why the unit sent such a large amount of log messages. If this is normal activity, the "logsendpersec" sett...
Page 424
Gateway action none recommended action verify that the new configuration file does not contain errors that would cause bi-directional communication failure. Revision 2 parameters localcfgver remotecfgver timeout 2.42.17. Disk_cannot_remove_file (id: 03200601) default severity critical log message fa...
Page 425
Protected. Revision 1 parameters old_cfg 2.42.20. Disk_cannot_rename (id: 03200604) default severity error log message failed to rename to explanation the unit failed to rename the new configuration file to the real configuration file name. Gateway action none recommended action verify that the disk...
Page 426
Revision 1 2.42.23. Bidir_ok (id: 03200607) default severity notice log message configuration verified for bi-directional communication explanation the new configuration has been verified for communication back to peer, and will now be used as the active configuration. Gateway action none recommende...
Page 427
2.42.26. Shutdown (id: 03201011) default severity notice log message shutdown aborted. Core file missing explanation the unit was issued a shutdown command, but no core executable file is seen. The shutdown process is aborted. Gateway action shutdown_gateway_aborted recommended action verify that th...
Page 428
2.42.29. Startup_normal (id: 03202000) default severity notice log message security gateway starting. Core: . Build: . Current uptime: . Using configuration file , version . Previous shutdown: explanation the security gateway is starting up. Gateway action none recommended action none. Revision 2 pa...
Page 429
Explanation the security gateway is shutting down. Gateway action shutdown recommended action none. Revision 1 parameters shutdown 2.42.32. Admin_login (id: 03203000) default severity notice log message administrative user logged in via . Access level: explanation an adminsitrative user has logged i...
Page 430
Default severity warning log message administrative user failed to log in via , because of bad credentials explanation an adminsitrative user failed to log in to configuration system. This is most likely due to an invalid entered username or password. Gateway action disallow_admin_access recommended...
Page 431
Revision 1 parameters authsystem 2.42.37. Accept_configuration (id: 03204001) default severity notice log message new configuration activated by user from . Explanation the new configuration has been successfully activated. Gateway action using_new_config recommended action none. Revision 1 paramete...
Page 432
Recommended action none. Revision 2 parameters authsystem user pre_change_date_time post_change_date_time 2.42.40. Admin_timeout (id: 03206000) default severity notice log message administrative user timed out from explanation the administrative user has been inactive for too long, and has been auto...
Page 433
Log message internal error occured when administrative user tried to login, not allowed access via explanation an internal error occured when the user tried to log in, and as a result has not been given administration access. Gateway action disallow_admin_access recommended action please contact the...
Page 434: 2.43. Tcp_Flag
2.43. Tcp_flag these log messages refer to the tcp_flag (events concerning the tcp header flags) category. 2.43.1. Tcp_flags_set (id: 03300001) default severity notice log message the tcp and flags are set. Allowing explanation the possible combinations for these flags are: syn urg, syn psh, syn rst...
Page 435
Explanation the tcp flag is set. Ignoring. Gateway action ignore recommended action none. Revision 1 parameters bad_flag context parameters rule name packet buffer 2.43.4. Tcp_flag_set (id: 03300004) default severity notice log message the tcp flag is set. Stripping explanation a "bad" tcp flag is s...
Page 436
Syn rst, syn fin and fin urg. Gateway action drop recommended action if any of these combinations should either be ignored or having the bad flag stripped, specify this in configuration, in the "settings" sub system. Revision 1 parameters good_flag bad_flag context parameters rule name packet buffer...
Page 437
2.43.9. Mismatched_syn_resent (id: 03300011) default severity warning log message mismatched syn "resent" with seq , expected . Dropping explanation mismatching sequence numbers. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters seqno origseqno context parameters ru...
Page 438
Parameters seqno expectseqno context parameters rule name connection packet buffer 2.43.12. Rst_out_of_bounds (id: 03300015) default severity warning log message originator rst seq is not in window .... Dropping explanation the rst flag sequence number is not within the receiver window. Dropping pac...
Page 439
Default severity notice log message tcp acknowledgement is not in the acceptable range -. Dropping explanation a tcp segment with an unacceptable acknowledgement number was received during state syn_sent. The packet will be dropped. Gateway action drop recommended action none. Revision 1 parameters ...
Page 440
Parameters seqno accstart accend context parameters rule name connection packet buffer 2.43.17. Tcp_recv_windows_drained (id: 03300022) default severity critical log message out of large tcp receive windows. Maximum windows: . Triggered times last 10 seconds. Explanation the tcp stack could not acce...
Page 441
Explanation the tcp stack could not get a free socket. This event was triggered [num_events] times during the last 10 seconds. Gateway action none recommended action none. Revision 1 2.43.20. Tcp_seqno_too_low_with_syn (id: 03300025) default severity debug log message tcp sequence number is not in t...
Page 442: 2.44. Tcp_Opt
2.44. Tcp_opt these log messages refer to the tcp_opt (events concerning the tcp header options) category. 2.44.1. Tcp_mss_too_low (id: 03400001) default severity notice log message tcp mss too low. Tcpmssmin= explanation the tcp mss is too low. Ignoring. Gateway action ignore recommended action non...
Page 443
Gateway action none recommended action none. Revision 1 parameters tcpopt mss maxmss context parameters rule name packet buffer 2.44.4. Tcp_mss_too_high (id: 03400004) default severity notice log message tcp mss too high. Tcpmssmax=. Adjusting explanation the tcp mss is too high. Adjusting to use th...
Page 444
2.44.6. Tcp_option (id: 03400006) default severity notice log message packet has a type tcp option explanation the packet has a tcp option of the specified type. Ignoring. Gateway action ignore recommended action none. Revision 1 parameters tcpopt context parameters rule name packet buffer 2.44.7. T...
Page 445
Packet buffer 2.44.9. Bad_tcpopt_length (id: 03400011) default severity warning log message type claims length= bytes, avail= bytes. Dropping explanation the tcp option type does not fit in the option space. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters tcpopt l...
Page 446
Recommended action none. Revision 1 parameters tcpopt mss minmss context parameters rule name packet buffer 2.44.12. Tcp_mss_too_high (id: 03400014) default severity warning log message tcp mss too high. Tcpmssmax=. Dropping explanation the tcp mss is too high. Dropping packet. Gateway action drop r...
Page 447
Explanation the packet has no syn, ack, fin or rst flag set. Dropping packet. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.44.15. Multiple_tcp_ws_options (id: 03400017) default severity warning log message multiple window scale options present ...
Page 448
Explanation tcp segment with a window scale option specifying a different shift count than previous segments was received. The lower of the two values will be used. Gateway action adjust recommended action none. Revision 1 parameters old new effective context parameters connection packet buffer 2.44...
Page 449: 2.45. Threshold
2.45. Threshold these log messages refer to the threshold (threshold rule events) category. 2.45.1. Conn_threshold_exceeded (id: 05300100) default severity warning log message connection threshold exceeded . Source ip: . Closing connection explanation the source ip is opening up new connections too ...
Page 450: 05300210)
Recommended action investigate worms and dos attacks. Revision 1 parameters description threshold srcip context parameters rule name 2.45.4. Failed_to_keep_connection_count (id: 05300200) default severity error log message failed to keep connection count. Reason: out of memory explanation the device...
Page 451: 05300211)
Explanation the number of connections matching the threshold rule and originating from a single host exceeds the configured threshold. Note: this log message is rate limited via an exponential back-off procedure. Gateway action none recommended action none. Revision 1 parameters threshold srcip [use...
Page 452: 05300213)
Revision 1 parameters threshold srcip [username] context parameters rule name 2.45.9. Threshold_conns_from_filter_exceeded (id: 05300213) default severity notice log message the number of connections matching the rule exceeds . The offending host is . Explanation the number of connections matching t...
Page 453: 2.46. Timesync
2.46. Timesync these log messages refer to the timesync (firewall time synchronization events) category. 2.46.1. Synced_clock (id: 03500001) default severity notice log message the clock at , was off by second(s) and synchronized with to explanation the clock has been synchronized with the time serv...
Page 454
Revision 1 parameters clockdrift timeserver interval 2.46.3. Clockdrift_too_high (id: 03500003) chapter 2. Log message reference 454.
Page 455: 2.47. Transparency
2.47. Transparency these log messages refer to the transparency (events concerning the transparent mode feature) category. 2.47.1. Impossible_hw_sender_address (id: 04400410) default severity warning log message impossible hardware sender address 0000:0000:0000. Dropping. Explanation some equipment ...
Page 456
Recommended action none. Revision 1 context parameters rule name packet buffer 2.47.4. Enet_hw_sender_broadcast (id: 04400413) default severity warning log message ethernet hardware sender is a broadcast address. Dropping. Explanation the ethernet hardware sender address is a broadcast address. The ...
Page 457
Gateway action rewrite recommended action none. Revision 1 context parameters rule name packet buffer 2.47.7. Enet_hw_sender_multicast (id: 04400416) default severity warning log message ethernet hardware sender is a multicast address. Dropping. Explanation the ethernet hardware sender address is a ...
Page 458
Recommended action none. Revision 1 parameters recvif 2.47.10. Invalid_stp_frame (id: 04400419) default severity warning log message incomming stp frame from dropped. Reason: explanation an incomming spanning-tree frame has been dropped since it is either malformed or its type is unknown. Supported ...
Page 459
Revision 1 parameters recvif 2.47.13. Invalid_mpls_packet (id: 04400422) default severity warning log message incomming mpls packet on dropped. Reason: explanation an incomming mpls packet has been dropped since it was malformed. Gateway action drop recommended action if the packet format is invalid...
Page 460: 2.48. Userauth
2.48. Userauth these log messages refer to the userauth (user authentication (e.G. Radius) events) category. 2.48.1. Accounting_start (id: 03700001) default severity informational log message successfully received radius accounting start response from radius accounting server explanation the unit re...
Page 461: 03700004)
Recommended action verify that the radius accounting server daemon is running on the accounting server. Revision 1 context parameters user authentication 2.48.4. Invalid_accounting_start_server_response (id: 03700004) default severity alert log message received an invalid radius accounting start res...
Page 462
Explanation the authenticated user is logged out as an invalid response to the accounting-start event was received from the accounting server. Gateway action logout_user recommended action verify that the radius accounting server is properly configured. Revision 1 context parameters user authenticat...
Page 463: 03700009)
2.48.9. Invalid_accounting_stop_server_response (id: 03700009) default severity warning log message received a radius accounting stop response with an identifier mismatch. Ignoring this packet explanation the unit received a response with an invalid identifier mismatch. This can be the result of a b...
Page 464: 03700014)
Recommended action verify that the radius accounting server is properly configured. Revision 1 context parameters user authentication 2.48.12. Failure_init_radius_accounting (id: 03700012) default severity alert log message failed to send accounting start to radius accounting server. Accounting will...
Page 465: 03700021)
Gateway action accounting_disabled recommended action verify that a route exists from the unit to the radius accounting server, and that it is properly configured. Revision 1 context parameters user authentication 2.48.15. User_timeout (id: 03700020) default severity notice log message user timeout ...
Page 466
Recommended action lower the number of groups that this user belongs to. Revision 1 parameters username 2.48.18. Accounting_alive (id: 03700050) default severity notice log message successfully received radius accounting interim response from radius accounting server. Bytes sent=, bytes recv=, packe...
Page 467: 03700052)
2.48.20. No_accounting_interim_server_response (id: 03700052) default severity alert log message did not receive a radius accounting interim response. User statistics might not have been updated on the accounting server explanation the unit did not receive a response to an accounting-interim event f...
Page 468
Recommended action none. Revision 1 context parameters user authentication 2.48.23. Relogin_from_new_srcip (id: 03700100) default severity warning log message user with the same username is logging in from another ip address, logging out current instance explanation a user with the same username as ...
Page 469
Parameters idle_timeout session_timeout [groups] context parameters user authentication 2.48.26. Bad_user_credentials (id: 03700104) default severity notice log message unknown user or invalid password explanation a user failed to log in. The entered username or password was invalid. Gateway action ...
Page 470
2.48.29. Userauthrules_disallowed (id: 03700107) default severity warning log message denied access according to userauthrules rule-set explanation the user is not allowed to authenticate according to the userauthrules rule-set. Gateway action none recommended action none. Revision 1 context paramet...
Page 471: 03700403)
Default severity notice log message user logged out explanation a user logged out, and is no longer authenticated. Gateway action none recommended action none. Revision 1 context parameters user authentication 2.48.33. Ldap_session_new_out_of_memory (id: 03700401) default severity alert log message ...
Page 472
Recommended action none. Revision 1 parameters user 2.48.36. Ldap_user_authentication_failed (id: 03700404) default severity notice log message ldap authentication failed for explanation authentication attempt failed. Gateway action none recommended action none. Revision 1 parameters user 2.48.37. L...
Page 473
Default severity alert log message cannot bind to ldap database explanation cannot bind the the ldap database using the configured username and password. Gateway action database connection disabled recommended action check configuration. Revision 1 parameters database 2.48.40. Invalid_username_or_pa...
Page 474
Gateway action ssl_close recommended action make sure that the client and unit share atleast one cipher. Revision 1 parameters client_ip 2.48.43. Disallow_clientkeyexchange (id: 03700501) default severity error log message ssl handshake: disallow clientkeyexchange. Closing down ssl connection explan...
Page 475
Is invalid, and the ssl connection is closed. Gateway action ssl_close recommended action none. Revision 1 parameters client_ip 2.48.46. Bad_changecipher_msg (id: 03700504) default severity error log message ssl handshake: bad changecipher message. Closing down ssl connection explanation the changec...
Page 476: (Id: 03700509)
Gateway action ssl_close recommended action none. Revision 1 parameters client_ip 2.48.49. Bad_alert_msg (id: 03700507) default severity error log message bad alert message. Closing down ssl connection explanation the alert message (which can be a part of a ssl handshake) is invalid, and the ssl con...
Page 477
Recommended action change ciphers and/or certificate. Revision 1 parameters client_ip 2.48.52. Received_sslalert (id: 03700510) default severity error log message received ssl alert. Closing down ssl connection explanation a ssl alert message was received during an established ssl connection, and th...
Page 478: 2.49. Vfs
2.49. Vfs these log messages refer to the vfs (vfs file handling events) category. 2.49.1. Odm_execute_failded (id: 05200001) default severity notice log message usage of file "" failed. File validated as "". Explanation an uploaded file ([filename]) was validated as "[description]". An error occure...
Page 479
Revision 1 parameters filename description 2.49.4. Odm_execute_action_none (id: 05200004) default severity notice log message uploaded file () could not be recognized as a known type. Explanation an uploaded file could not be recognized as a known type. Gateway action none recommended action none. R...
Page 480
2.49.7. Upload_certificate_fail (id: 05200007) default severity notice log message certificate data in file , could not be added to the configuration explanation certificate data could not be added to the configuration. Gateway action none recommended action make sure that the certificate data is of...
Page 481: 2.50. Zonedefense
2.50. Zonedefense these log messages refer to the zonedefense (zonedefense events) category. 2.50.1. Unable_to_allocate_send_entries (id: 03800001) default severity warning log message unable to allocate send entry. Sending of request to abandoned explanation unable to allocate send entry. Unit is l...
Page 482
Default severity warning log message unable to accommodate block request since out of ip profiles on explanation there are no free ip profiles left on the switch. No more hosts can be be blocked/excluded on this switch. Gateway action no_block recommended action check if it is possible to unblock so...
Page 483: 03800008)
Log message no response from switch while trying to create rule in profile explanation several attempts to create a rule in the switch has timed out. No more attempts will be made. Gateway action no_rule recommended action verify that the firewall is able to communicate with the switch. Revision 1 p...
Page 484
Log message no response from switch while trying to erase profile explanation several attempts to erase a profile in the switch has timed out. No more attempts will be made. Gateway action task_ignored recommended action verify that the firewall is able to communicate with the switch. Revision 1 par...
Page 485
Explanation several attempts to save the configuration in the switch has timed out. No more attempts will be made. Gateway action task_ignored recommended action verify that the firewall is able to communicate with the switch. Revision 1 parameters switch 2.50.14. Zd_block (id: 03800014) default sev...
Page 486
2.50.14. Zd_block (id: 03800014) chapter 2. Log message reference 486.