DL manuals
D-Link
Firewall
DFL- 860
Log Reference Manual

D-Link DFL- 860 Log Reference Manual

Other manuals for DFL- 860: User Manual

Manual is about: Network Security Firewall

Page of 476

Download

Print this page

Bookmark us

Network Security Solution

http://www.dlink.com

Security

DFL-210/ 800/1600/ 2500

DFL-260/ 860/1660/ 2560(G)

Ver

2.27.01

Network Security Firewall

Log Reference Guide

1 2 3 4 5 6 7 Next › »

Summary of DFL- 860

Page 1
Network security solution http://www.Dlink.Com security security dfl-210/ 800/1600/ 2500 dfl-260/ 860/1660/ 2560(g) ver 2.27.01 network security firewall log reference guide.
Page 2: Log Reference Guide
Log reference guide dfl-210/260/800/860/1600/1660/2500/2560/2560g netdefendos version 2.27.01 d-link corporation no. 289, sinhu 3rd rd, neihu district, taipei city 114, taiwan r.O.C. Http://www.Dlink.Com published 2010-06-22 copyright © 2010
Page 3
Log reference guide dfl-210/260/800/860/1600/1660/2500/2560/2560g netdefendos version 2.27.01 published 2010-06-22 copyright © 2010 copyright notice this publication, including all photographs, illustrations and software, is protected under international copyright laws, with all rights reserved. Nei...
Page 4: Table Of Contents
Table of contents preface ...............................................................................................................27 1. Introduction .....................................................................................................29 1.1. Log message structure ................
Page 5
2.1.51. Base64_decode_failed (id: 00200164) ...........................................57 2.1.52. Base64_decode_failed (id: 00200165) ...........................................57 2.1.53. Blocked_filetype (id: 00200166) ...................................................57 2.1.54. Content_type_misma...
Page 6
2.1.113. Encode_failed (id: 00200303) .....................................................80 2.1.114. Encode_failed (id: 00200304) .....................................................80 2.1.115. Encode_failed (id: 00200305) .....................................................81 2.1.116. Decode_fa...
Page 7
2.1.176. Tls_cipher_suite_certificate_mismatch (id: 00200456) ................... 103 2.1.177. Ssl_renegotiation_attempted (id: 00200457) ................................ 103 2.1.178. Tls_disallowed_key_exchange (id: 00200458) ............................. 104 2.1.179. Tls_invalid_message (id: 00200...
Page 8
2.1.239. Failed_to_modify_sat_request (id: 00200561) .............................. 128 2.1.240. Max_pptp_sessions_reached (id: 00200601) ............................... 129 2.1.241. Failed_create_new_session (id: 00200602) .................................. 129 2.1.242. Failed_connect_pptp_server (...
Page 9
2.4.15. Arp_collides_with_static (id: 00300054) ...................................... 152 2.4.16. Hwaddr_change_drop (id: 00300055) .......................................... 153 2.5. Avupdate ....................................................................................... 154 2.5.1. Av_db_u...
Page 10
2.10.8. Client_release (id: 00800008) ..................................................... 176 2.10.9. Got_reply_without_transaction_state (id: 00800009) ...................... 176 2.10.10. Maximum_dhcp_client_relay_routes_reached (id: 00800010) ........ 176 2.10.11. Unable_to_add_relay_route_since...
Page 11
2.13.5. Fail_suspect_timeout (id: 02000005) ........................................... 197 2.13.6. Fail_timeout (id: 02000006) ....................................................... 198 2.13.7. Disallowed_suspect (id: 02000007) ............................................. 198 2.13.8. Drop_frags_o...
Page 12
2.15.29. Config_sync_failure (id: 01200500) ........................................... 218 2.15.30. Action=deactivate reason=requested (id: 01200616) ...................... 218 2.15.31. Action=activate reason=requested (id: 01200617) ......................... 218 2.15.32. Action=going_online (id: 0...
Page 13
2.21.10. Lease_have_bad_gateway_ip (id: 01900010) ............................... 243 2.21.11. Lease_ip_is_already_occupied (id: 01900011) ............................. 244 2.21.12. Lease_rejected_by_server (id: 01900012) .................................... 244 2.21.13. Ip_offer_already_exist_in_th...
Page 14
2.22.55. Tunnel_disabled (id: 01800340) ................................................ 264 2.22.56. Tunnel_cfg_error (id: 01800341) ............................................... 264 2.22.57. Ippool_does_not_exist (id: 01800400) ....................................... 264 2.22.58. Cfgmode_ip_free...
Page 15
2.22.117. Malformed_tunnel_id_configured (id: 01802225) ....................... 282 2.22.118. Malformed_psk_configured (id: 01802229) ............................... 282 2.22.119. Rule_selection_failed (id: 01802300) ........................................ 282 2.22.120. Max_phase1_sa_reached (id: 0...
Page 16
2.22.180. Ipsec_sa_statistics (id: 01803021) ........................................... 300 2.22.181. Config_mode_exchange_event (id: 01803022) ........................... 300 2.22.182. Config_mode_exchange_event (id: 01803023) ........................... 300 2.22.183. Xauth_exchange_done (id: 0180...
Page 17
2.26.15. Oversize_ah (id: 07000052) ..................................................... 322 2.26.16. Oversize_skip (id: 07000053) ................................................... 322 2.26.17. Oversize_ospf (id: 07000054) ................................................... 322 2.26.18. Oversize_...
Page 18
2.29.16. Bad_auth_password (id: 02400051) ........................................... 343 2.29.17. Bad_auth_crypto_key_id (id: 02400052) .................................... 343 2.29.18. Bad_auth_crypto_seq_number (id: 02400053) ............................. 344 2.29.19. Bad_auth_crypto_digest (id: ...
Page 19
2.30.9. Lcp_negotiation_stalled (id: 02500052) ........................................ 362 2.30.10. Ppp_tunnel_limit_exceeded (id: 02500100) ................................ 363 2.30.11. Authentication_failed (id: 02500101) ......................................... 363 2.30.12. Response_value_too_l...
Page 20
2.34.9. Unable_to_register_arp_monitor (id: 04100009) ............................ 382 2.34.10. No_link (id: 04100010) ........................................................... 383 2.34.11. Has_link (id: 04100011) .......................................................... 383 2.34.12. Unable_to_re...
Page 21
2.40.6. Invalid_service_request (id: 04700015) ....................................... 404 2.40.7. Invalid_username_change (id: 04700020) .................................... 404 2.40.8. Invalid_username_change (id: 04700025) .................................... 405 2.40.9. Max_auth_tries_reached (i...
Page 22
2.42.7. Tcp_flag_set (id: 03300009) ....................................................... 426 2.42.8. Unexpected_tcp_flags (id: 03300010) .......................................... 426 2.42.9. Mismatched_syn_resent (id: 03300011) ....................................... 426 2.42.10. Mismatched_firs...
Page 23
2.47.3. No_accounting_start_server_response (id: 03700003) ..................... 450 2.47.4. Invalid_accounting_start_server_response (id: 03700004) ............... 451 2.47.5. No_accounting_start_server_response (id: 03700005) ..................... 451 2.47.6. Invalid_accounting_start_server_respon...
Page 24
2.49.3. Unable_to_allocate_block_entry (id: 03800003) ............................ 471 2.49.4. Switch_out_of_ip_profiles (id: 03800004) .................................... 471 2.49.5. Out_of_mac_profiles (id: 03800005) ........................................... 472 2.49.6. Failed_to_create_profile...
Page 25: List Of Tables
List of tables 1. Abbreviations ..................................................................................................28 25.
Page 26: List Of Examples
List of examples 1. Log message parameters ....................................................................................27 2. Conditional log message parameters ...................................................................27 26.
Page 27: Preface
Preface audience the target audience for this reference guide consists of: • administrators that are responsible for configuring and managing a netdefendos installation. • administrators that are responsible for troubleshooting a netdefendos installation. This guide assumes that the reader is famili...
Page 28
Table 1. Abbreviations abbreviation full name alg application layer gateway arp address resolution protocol dhcp dynamic host configuration protocol dns domain name system esp encapsulating security payload ftp file transfer protocol ha high availability http hyper text transfer protocol icmp intern...
Page 29: Chapter 1. Introduction
Chapter 1. Introduction • log message structure, page 29 • context parameters, page 31 • severity levels, page 35 this guide is a reference for all log messages generated by netdefendos. It is designed to be a valuable information source for both management and troubleshooting. 1.1. Log message stru...
Page 30
Is never actually included in the log message. Explanation a detailed explanation of the event. Note that this information is only featured in this reference guide, and is never actually included in the log message. Gateway action a short string, 1-3 words separated by _, of what action netdefendos ...
Page 31: 1.2. Context Parameters
1.2. Context parameters in many cases, information regarding a certain object is featured in the log message. This can be information about, for example, a connection. In this case, the log message should, besides all the normal log message attributes, also include information about which protocol i...
Page 32: Connection
[srcport] the source port. Valid if the protocol is tcp or udp. [destport] the destination port. Valid if the protocol is tcp or udp. [tcphdrlen] the tcp header length. Valid if the protocol is tcp. [udptotlen] the total udp data length. Valid if the protocol is udp. [[tcpflag]=1] the specific tcp f...
Page 33: Dropped Fragments
Specifies the name and a description of the signature that triggered this event. Note for idp log messages an additional log receiver, an smtp log receiver, can be configured. This information is only sent to log receives of that kind, and not included in the syslog format. Dropped fragments specifi...
Page 34: Ospf Lsa
Loglevel the log level value. Ospf lsa additional information about ospf lsa. Lsatype the lsa type possible values: router, network, ip summary, asbr summary and as external. Lsaid the lsa identifier. Lsaadvrtr the originating router for the lsa. Dynamic route additional information about events reg...
Page 35: 1.3. Severity Levels
1.3. Severity levels an event has a default severity level, based on how serious the event is. The following eight severity levels are possible, as defined by the syslog protocol: 0 - emergency emergency conditions, which most likely led to the system being unusable. 1 - alert alert conditions, whic...
Page 36
1.3. Severity levels chapter 1. Introduction 36.
Page 37
Chapter 2. Log message reference • alg, page 38 • antispam, page 133 • antivirus, page 138 • arp, page 148 • avupdate, page 154 • blacklist, page 157 • buffers, page 160 • conn, page 161 • dhcp, page 168 • dhcprelay, page 174 • dhcpserver, page 184 • dynrouting, page 193 • frag, page 196 • gre, page...
Page 38: 2.1. Alg
• pptp, page 368 • reassembly, page 377 • rfo, page 380 • rule, page 386 • sesmgr, page 391 • slb, page 397 • smtplog, page 398 • snmp, page 402 • sshd, page 403 • system, page 410 • tcp_flag, page 424 • tcp_opt, page 432 • threshold, page 439 • timesync, page 443 • transparency, page 445 • userauth...
Page 39
Connection 2.1.2. Alg_session_closed (id: 00200002) default severity informational log message alg session closed explanation an alg session has been closed. Gateway action none recommended action none. Revision 1 context parameters alg module name alg session id 2.1.3. Max_line_length_exceeded (id:...
Page 40
2.1.5. Invalid_client_http_header_received (id: 00200100) default severity warning log message httpalg: invalid http header was received from the client. Closing connection. Alg name: . Explanation an invalid http header was received from the client. Gateway action close recommended action research ...
Page 41
Sending an invalid request. Revision 1 parameters algname context parameters alg module name alg session id 2.1.8. Suspicious_data_received (id: 00200106) default severity warning log message httpalg: too much suspicious data has been received from the server. Closing the connection. Alg name: . Exp...
Page 42
Log message httpalg: an invalid http header was received from the server. Closing connection. Alg name: . Explanation an invalid http header was received from the server. Gateway action closing_connecion recommended action research the source of this and try to find out why the server is sending an ...
Page 43
Parameters max_sessions context parameters alg module name 2.1.13. Failed_create_new_session (id: 00200111) default severity critical log message httpalg: failed to create new httpalg session (out of memory) explanation an attempt to create a new httpalg session failed, because the unit is out of me...
Page 44
Revision 1 parameters filename filetype contenttype context parameters alg module name alg session id 2.1.16. Wcf_override_full (id: 00200114) default severity error log message httpalg: wcf override cache full explanation the wcf override hash is full. The oldest least used value will be replaced. ...
Page 45
Revision 2 parameters filename filesize max_download_size context parameters alg module name alg session id 2.1.19. Blocked_filetype (id: 00200117) default severity notice log message httpalg: requested file: is blocked as this file is identified as type , which is in block list. Explanation the fil...
Page 46
Gateway action none recommended action check_configuration. Revision 2 context parameters alg module name 2.1.22. Wcf_srv_connection_error (id: 00200120) default severity error log message httpalg: http request not validated by web content filter and allowed. Explanation the web content filtering se...
Page 47
Gateway action connecting recommended action none. Revision 1 parameters server context parameters alg module name 2.1.25. Wcf_server_connected (id: 00200123) default severity informational log message httpalg: web content server connected explanation the connection with the web content server has b...
Page 48
Revision 2 parameters categories audit override url algname context parameters connection connection alg module name alg session id 2.1.28. Request_url (id: 00200126) default severity notice log message httpalg: requesting url . Categories: . Audit: . Override: . Alg name: . Explanation the url has ...
Page 49
Default severity error log message httpalg: failed to parse wcf server response explanation the wcf service could not parse the server response. The wcf transmission queue is reset and a new server connection will be established. Gateway action restarting recommended action none. Revision 1 paramete...
Page 50
Context parameters alg module name 2.1.33. Wcf_bad_sync (id: 00200131) default severity error log message httpalg: wcf request out of sync explanation the wcf response received from the server did not match the expected value. The requested url is treaded as unknown category. Gateway action compensa...
Page 51
Gateway action allow recommended action disable the allow_reclassification mode of parameter categories for this alg. Revision 2 parameters newcat url algname context parameters connection connection alg module name alg session id 2.1.36. Request_url (id: 00200135) default severity notice log messag...
Page 52
Audit override url user algname context parameters connection connection alg module name alg session id 2.1.38. Request_url (id: 00200137) default severity notice log message httpalg: requesting url . Categories: . Audit: . Override: . Alg name: . Explanation the url has been requested. Gateway acti...
Page 53
Context parameters connection connection alg module name alg session id 2.1.40. Url_reclassification_request (id: 00200139) default severity warning log message httpalg: reclassification request for url . New category . Alg name: . Explanation the user has requested a category reclassification for t...
Page 54: 00200151)
Explanation the maximum number of concurrent smtp sessions has been reached for this service. No more sessions can be opened before old sessions have been released. Gateway action close recommended action if the maximum number of smtp sessions is too low, increase it. Revision 1 parameters max_sessi...
Page 55
Default severity error log message smtpalg: failed to connect to the smtp server. Closing the connection. Explanation the smtp alg could not connect to the receiving smtp server, resulting in that the alg session could not be successfully opened. Gateway action close recommended action none. Revisio...
Page 56: 00200160)
2.1.48. Sender_email_id_is_in_blacklist (id: 00200158) default severity warning log message smtpalg: sender e-mail address is in black list explanation since "mail from:" email id is in black list, smtp alg rejected the client request. Gateway action reject recommended action none. Revision 1 parame...
Page 57
Recipient_email_addresses context parameters alg module name alg session id 2.1.51. Base64_decode_failed (id: 00200164) default severity error log message smtpalg: base 64 decode failed. Attachment blocked explanation the base64 encoded attachment could not be decoded. This can occur if the email se...
Page 58
Log message smtpalg: requested file: is blocked as this file is identified as type , which is in block list. Explanation the file is present in the block list. It will be blocked as per configuration. Gateway action block recommended action if this file should be allowed, update the allow/block list...
Page 59: 00200171)
Parameters sender_email_address recipient_email_addresses max_email_size context parameters alg module name alg session id 2.1.56. Content_type_mismatch_mimecheck_disabled (id: 00200171) default severity notice log message smtpalg: content type mismatch found for the file . It is identified as type ...
Page 60
Default severity alert log message smtpalg: failed to allocate memory (out of memory) explanation an attempt to allocate memory failed. Gateway action close recommended action try to free up unwanted memory. Revision 3 context parameters alg module name alg session id 2.1.59. Invalid_end_of_mail (id...
Page 61
Default severity error log message smtpalg: command line too long explanation the smtp command line exceeds the maximum command length of 712 characters. (rfc 2821 ch. 4.5.3.1 says 512). Gateway action reject recommended action none. Revision 2 context parameters alg module name alg session id 2.1.6...
Page 62
Gateway action allow recommended action none. Revision 1 context parameters alg module name alg session id 2.1.65. Unsupported_extension (id: 00200185) default severity informational log message smtpalg: removed capability from ehlo response explanation the smtp alg removed the [capa] capability fro...
Page 63: (Id: 00200195)
Gateway action reject recommended action none. Revision 1 parameters violation context parameters connection alg module name alg session id 2.1.68. Sender_email_dnsbl_spam_mark_removed_by_whitelist (id: 00200195) default severity warning log message smtpalg: whitelist override dnsbl result for email...
Page 64
Default severity informational log message ftpalg: hybrid connection made explanation a hybrid connection was successfully created. Gateway action none recommended action none. Revision 1 context parameters alg module name alg session id rule information connection 2.1.71. Hybrid_data (id: 00200209)...
Page 65
Connection 2.1.73. Control_chars (id: 00200211) default severity warning log message ftpalg: unexpected telnet control chars in control channel from . Closing connection explanation unexpected telnet control characters were discovered in the control channel. This is not allowed according to the ftpa...
Page 66
Explanation an invalid command was received on the control channel. This is allowed, but the command will be rejected as it is not understood. Gateway action rejecting_command recommended action if unknown commands should not be allowed, modify the ftpalg configuration. Revision 1 parameters peer st...
Page 67
Context parameters alg module name alg session id connection 2.1.78. Illegal_ip_address (id: 00200216) default severity critical log message ftpalg: illegal port command from , bad ip address . String=. Rejecting command explanation an illegal "port" command was received from the client. It requests...
Page 68
Default severity error log message ftpalg: failed to create connection(1). Connection: . String= explanation an error occured when creating a data connection from the server to client. This could possibly be a result of lack of memory. Gateway action none recommended action none. Revision 1 paramete...
Page 69
Revision 1 parameters peer context parameters alg module name alg session id connection 2.1.83. Illegal_direction2 (id: 00200221) default severity warning log message ftpalg: illegal direction for command(2), peer=. Closing connection. Explanation a command was sent in an invalid direction, and the ...
Page 70
Log message ftpalg: disallowed opts argument from . String:. Rejecting command. Explanation a disallowed opts argument was received, and the command will be rejected. Gateway action rejecting_command recommended action none. Revision 1 parameters peer string context parameters alg module name alg se...
Page 71
String context parameters alg module name alg session id connection 2.1.88. Unknown_command (id: 00200226) default severity warning log message ftpalg: unknown command from . String=. Rejecting command. Explanation an unknown command was received, and the command will be rejected. Gateway action rej...
Page 72
Default severity warning log message ftpalg: illegal multiline response () from . String=. Closing connection. Explanation an illegal multiline response was received from server, and the connection will be closed. Gateway action close recommended action none. Revision 1 parameters peer reply string ...
Page 73
Revision 1 parameters peer string context parameters alg module name alg session id connection 2.1.93. Bad_port (id: 00200233) default severity critical log message ftpalg: bad port from , should be within the range (). String=. Closing connection. Explanation an illegal "port" command was received ...
Page 74: 00200236)
2.1.95. Failed_to_create_connection2 (id: 00200235) default severity error log message ftpalg: failed to create connection(2) peer= connection=. String=. Explanation an error occured when creating a data connection from the client to server. This could possibly be a result of lack of memory. Gateway...
Page 75
Recommended action none. Revision 1 parameters peer context parameters alg module name alg session id connection 2.1.98. Failed_to_register_rawconn (id: 00200238) default severity error log message ftpalg: internal error - failed to register eventhandler. Closing connection explanation an internal e...
Page 76
Recommended action if the maximum number of ftp sessions is too low, increase it. Revision 1 parameters max_sessions context parameters alg module name 2.1.101. Failed_create_new_session (id: 00200242) default severity error log message ftpalg: failed to create new ftpalg session (out of memory) exp...
Page 77
Revision 1 parameters filename filetype context parameters alg module name alg session id 2.1.104. Failed_to_send_command (id: 00200251) default severity notice log message ftpalg:failed to send the command. Explanation the command sent by the alg to the server could not be sent. Gateway action none...
Page 78
Gateway action data_blocked_control_and_data_channel_closed recommended action if this file should be allowed, update the allow/block list. Revision 2 parameters filename filetype context parameters alg module name alg session id 2.1.107. Resumed_compressed_file_transfer (id: 00200254) default sever...
Page 79
Explanation the client tried to issue a "rest" command, which is not valid since the client is not allowed to do this. The command will be rejected. Gateway action rejecting_command recommended action if the client should be allowed to do issue "rest" commands, modify the ftpalg configuration. Revis...
Page 80
Alg session id connection 2.1.112. Decode_failed (id: 00200302) default severity warning log message h323alg: decoding of message from peer failed. Closing session explanation the h.225 parser failed to decode the h.225 message. The alg session will be closed. Gateway action close recommended action...
Page 81
Gateway action close recommended action none. Revision 1 parameters peer message_type context parameters alg module name alg session id connection 2.1.115. Encode_failed (id: 00200305) default severity warning log message h323alg: failed after encoding message from peer. Closing session explanation ...
Page 82: 00200308)
Default severity warning log message h323alg: failed after encoding h.245 message. Closing connection explanation the h.245 encoder failed to encode the message. The alg session will be closed. Gateway action close recommended action none. Revision 1 parameters peer context parameters alg module nam...
Page 83: (Id: 00200311)
Revision 1 parameters max_connections context parameters alg module name alg session id connection 2.1.120. Ignoring_channel (id: 00200310) default severity warning log message h323alg: ignoring mediachannel info in openlogicalchannel explanation media channel information in the openlogicalchannel m...
Page 84
Explanation the maximum number of concurrent h.323 sessions has been reached for this service. No more sessions can be opened before old sessions have been released. Gateway action close recommended action if the maximum number of h.323 session is too low, increase it. Revision 1 parameters max_sess...
Page 85: (Id: 00200317)
Log message h323alg: failed to create new gatekeeper session (out of memory) explanation could not create a new h.323 gatekeeper session due to lack of memory. No more sessions can be created unless the system increases the amount of free memory. Gateway action close recommended action none. Revisio...
Page 86
Log message tftpalg: packet failed initial test (invalid tftp packet). Packet length explanation an invalid tftp packet was received. Refusing connection. Gateway action reject recommended action none. Revision 1 parameters packet_length context parameters alg module name connection 2.1.129. Packet_...
Page 87
2.1.131. Option_value_invalid (id: 00200354) default severity warning log message tftpalg: option contained invalid value explanation option contained invalid value.Closing connection. Gateway action reject recommended action none. Revision 1 parameters option value context parameters alg module nam...
Page 88
Maxvalue context parameters alg module name alg session id connection 2.1.134. Unknown_option_blocked (id: 00200357) default severity warning log message tftpalg: request contained unknown option explanation request contained unknown option.Closing connection. Gateway action reject recommended actio...
Page 89
Gateway action close recommended action if connection should be allowed modify the tftp alg configuration . Revision 1 parameters option context parameters alg module name alg session id connection 2.1.137. Option_not_sent (id: 00200360) default severity warning log message tftpalg: the received opt...
Page 90
Log message tftpalg: option contained no readable value explanation option contained no readable value.Closing connection. Gateway action close recommended action none. Revision 1 parameters option context parameters alg module name alg session id connection 2.1.140. Blksize_out_of_range (id: 002003...
Page 91
2.1.142. Failed_create_new_session (id: 00200365) default severity error log message tftpalg: failed to create new tftpalg session (out of memory) explanation an attempt to create a new tftpalg session failed, because the unit is out of memory. Gateway action close recommended action decrease the ma...
Page 92
Context parameters alg module name alg session id 2.1.145. Invalid_packet_received_reopen (id: 00200368) default severity warning log message tftpalg: received invalid packet opcode packet length explanation received invalid packet.Closing listening connection and opening new instead. Gateway action...
Page 93
Gateway action close recommended action if connection should be allowed modify the filetransfersize option of the tftp alg configuration . Revision 1 parameters received maxvalue context parameters alg module name alg session id connection 2.1.148. Options_removed (id: 00200371) default severity war...
Page 94
Session could not be successfully opened. Gateway action close recommended action none. Revision 1 parameters error_code context parameters alg module name 2.1.151. Invalid_error_message_received (id: 00200374) default severity warning log message tftpalg: received invalid error message opcode packe...
Page 95
Default severity warning log message pop3alg: failed to create new pop3alg session (out of memory) explanation an attempt to create a new pop3alg session failed, because the unit is out of memory. Gateway action close recommended action decrease the maximum allowed pop3alg sessions, or try to free s...
Page 96
Identified as type , which is in block list. Explanation the file is present in the block list. It will be blocked as per configuration. Gateway action block recommended action if this file should be allowed, update the allow/block list. Revision 1 parameters filename filetype sender_email_address c...
Page 97
Context parameters alg module name alg session id 2.1.159. Possible_invalid_mail_end (id: 00200387) default severity warning log message pop3alg: possible invalid end of mail "\.\" received. Explanation the client is sending possible invalid end of mail. Gateway action allow recommended action r...
Page 98: 00200391)
Revision 1 parameters command" len context parameters alg module name alg session id 2.1.162. Content_type_mismatch (id: 00200390) default severity notice log message pop3alg: content type mismatch in file . Identified filetype explanation the filetype of the file does not match the actual content t...
Page 99
Default severity warning log message pop3alg: command blocked.Invalid argument given explanation the client is sending command with invalid argument. The command will be blocked. Gateway action block recommended action none. Revision 1 parameters command" argument context parameters alg module name ...
Page 100
Alg session id 2.1.167. Unexpected_mail_end (id: 00200396) default severity warning log message pop3alg: unexpected end of mail received while parsing mail content. Explanation unexpected end of mail received while parsing mail content.. Gateway action block recommended action research if mail is no...
Page 101
Parameters len retrigs context parameters alg module name alg session id 2.1.170. Max_tls_sessions_reached (id: 00200450) default severity warning log message tlsalg: maximum number of tls sessions () for service reached. Closing connection explanation the maximum number of concurrent tls sessions h...
Page 102
Recommended action verify that there is a listening http server on the specified address. Revision 1 parameters algname context parameters alg module name alg session id 2.1.173. Tls_alert_received (id: 00200453) default severity error log message tlsalg: received tls alert from peer. Explanation a ...
Page 103: 00200456)
Explanation a tls error has occured that caused an alert to be sent to the peer. The tls alg session will be closed. Gateway action close recommended action none. Revision 1 parameters alert level algname context parameters alg module name alg session id 2.1.176. Tls_cipher_suite_certificate_mismatc...
Page 104
2.1.178. Tls_disallowed_key_exchange (id: 00200458) default severity warning log message tlsalg: disallowed key exchange. Explanation the tls alg session will be closed because there are not enough resources to process any tls key exchanges at the moment. This could be a result of tls handshake mess...
Page 105
Recommended action none. Revision 1 parameters algname context parameters alg module name alg session id 2.1.181. Tls_no_shared_cipher_suites (id: 00200461) default severity warning log message tlsalg: no shared cipher suites. Explanation a connecting tls peer does not share any cipher suites with t...
Page 106
Message is used to verify that the key exchange and authentication processes were successful. The tls alg session will be closed. Gateway action close recommended action none. Revision 1 parameters algname context parameters alg module name alg session id 2.1.184. Unknown_tls_error (id: 00200464) de...
Page 107
2.1.186. Sdp_message_validation_failed (id: 00200502) default severity error log message sipalg: sdp message validation failed explanation sdp part of message failed validation due to malformed message. Reason: [reason]. Gateway action drop recommended action examine why client or server is sending ...
Page 108
Reason: [reason]. Gateway action drop recommended action examine why client or server is sending a malformed sip message. Revision 2 parameters reason from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.189. Max_sessions_per_uri_reached (id: 00200505) default severit...
Page 109
Parameters reg_hijack_count from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.191. Sip_signal_timeout (id: 00200507) default severity warning log message sipalg: sip signal timeout explanation sip signal timeout for session [method]. The session will be deleted. Ga...
Page 110
2.1.193. Registration_time_modified (id: 00200509) default severity notice log message sipalg: expire value modified in registration request explanation the sip-alg modified the requested registration time since it exceeds the configured maximum registration time value [cfg_registration_time]. Gatew...
Page 111: 00200512)
Gateway action drop recommended action none. Revision 2 parameters reason from_uri to_uri srcip srcport destip destport context parameters alg module name alg session id 2.1.196. Unsuccessful_search_in_registration_table (id: 00200512) default severity warning log message sipalg: registration entry ...
Page 112
From_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.198. Failed_to_create_session (id: 00200514) default severity error log message sipalg: failed to create sipalg session explanation a new sip-alg session for [method] request could not be created. Gateway action dro...
Page 113
2.1.200. Sipalg_session_deleted (id: 00200516) default severity informational log message sipalg: sip-alg session deleted explanation sip-alg session deleted for [method] request. Gateway action close recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport...
Page 114
Recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.203. Failed_to_create_new_transaction (id: 00200521) default severity error log message sipalg: failed to create transaction explanation the sip-alg failed to cr...
Page 115
Context parameters alg module name 2.1.205. Sipalg_transaction_deleted (id: 00200523) default severity notice log message sipalg: sipalg transaction deleted explanation the transaction for [method] request is deleted. Gateway action close recommended action none. Revision 2 parameters method from_ur...
Page 116
Log message sipalg: failed to find route for given host explanation no route information found for the given host. Reason: [reason]. Gateway action drop recommended action none. Revision 2 parameters reason from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.208. Fai...
Page 117
From_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.210. Failed_to_update_port (id: 00200529) default severity error log message sipalg: failed to update port information explanation failed to update port into session for [method] request. Gateway action drop recomme...
Page 118
2.1.212. Failed_to_modify_sdp_message (id: 00200531) default severity error log message sipalg: failed to modify sdp message explanation failed to modify sdp part of message. Reason: [reason]. Gateway action drop recommended action none. Revision 2 parameters reason from_uri to_uri srcip srcport des...
Page 119
Recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.215. Failed_to_modify_request_uri (id: 00200534) default severity error log message sipalg: failed to modify request uri in message explanation failed to modify ...
Page 120
Context parameters alg module name 2.1.217. Method_not_supported (id: 00200536) default severity warning log message sipalg: method not supported explanation the method [method] is not supported. Gateway action drop recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport ...
Page 121
Ip address. Reason: [reason]. The request will be dropped. Gateway action drop recommended action none. Revision 2 parameters reason from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.220. Out_of_memory (id: 00200539) default severity emergency log message sipalg: o...
Page 122
Explanation user [user_name] registered. Gateway action none recommended action none. Revision 2 parameters user_name contact context parameters alg module name 2.1.223. User_unregistered (id: 00200542) default severity notice log message sipalg: successful unregistration explanation user [user_name...
Page 123
Gateway action drop recommended action none. Revision 2 parameters reason from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.226. Invalid_udp_packet (id: 00200548) default severity error log message sipalg: invalid sip udp packet received explanation the sip alg rec...
Page 124
Default severity warning log message sipalg: maximum number of transaction per session has been reached explanation the configured maximum number of concurrent sip sessions [max_ses_per_service] per sip service has been reached. Gateway action close recommended action if the maximum number of sipalg...
Page 125
Gateway action close recommended action none. Revision 2 parameters tsxn_invalid_state from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.231. Invalid_session_state (id: 00200553) default severity error log message sipalg: invalid session state change explanation in...
Page 126
Destip destport context parameters alg module name 2.1.233. Failed_to_create_new_callleg (id: 00200555) default severity error log message sipalg: failed to create callleg explanation the sip-alg failed to create callleg for [method] request. Gateway action drop recommended action none. Revision 2 p...
Page 127
Log message sipalg: failed to update callleg explanation failed to update callleg for [method] request. Gateway action drop recommended action none. Revision 2 parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.236. Sipalg_callleg_deleted (id: 0020...
Page 128
Parameters method from_uri to_uri srcip srcport destip destport context parameters alg module name 2.1.238. Sipalg_callleg_state_updated (id: 00200560) default severity debug log message sipalg: sip-alg callleg state updated explanation the sip-alg callleg state updated to [callleg_state] state. Gat...
Page 129
2.1.240. Max_pptp_sessions_reached (id: 00200601) default severity warning log message pptpalg: maximum number of pptp sessions () for service reached. Closing connection explanation the maximum number of concurrent pptp sessions has been reached for this service. No more sessions can be opened befo...
Page 130
2.1.243. Pptp_tunnel_established_client (id: 00200604) default severity notice log message pptpalg: pptp tunnel established from client explanation a pptp tunnel has been established between pptp client and security gateway. Gateway action none recommended action none. Revision 1 context parameters ...
Page 131
Default severity notice log message pptpalg: pptp session established explanation a pptp session has been established. Gateway action none recommended action none. Revision 1 context parameters alg session id alg module name 2.1.247. Pptp_session_removed (id: 00200608) default severity notice log me...
Page 132
Gateway. Gateway action none recommended action none. Revision 1 context parameters alg session id alg module name 2.1.249. Pptp_tunnel_established_server (id: 00200610) chapter 2. Log message reference 132.
Page 133: 2.2. Antispam
2.2. Antispam these log messages refer to the antispam (anti-spam related events) category. 2.2.1. Recipient_email_changed_to_drop_address (id: 05900196) default severity notice log message smtpalg: recipient e-mail address is changed to dnsbl drop address explanation "rcpt to:" e-mail address is ch...
Page 134
Parameters type algname ipaddr 2.2.4. Dnsbl_ipcache_remove (id: 05900811) default severity notice log message ip removed from ip cache for due to timeout explanation an ip address was removed from the ip cache due to timeout. Gateway action none recommended action none. Revision 1 parameters type al...
Page 135
2.2.7. Dnsbl_ipcache_add (id: 05900814) default severity notice log message session for ip for is done with result explanation an ip address was added to the ip cache. Gateway action none recommended action none. Revision 1 parameters type algname ipaddr result 2.2.8. Dnsbl_disabled (id: 05900815) d...
Page 136
Default severity notice log message query created for ip to blacklist for explanation a dns query was created. Gateway action none recommended action none. Revision 1 parameters type algname ipaddr blacklist query 2.2.11. Dnsbl_blacklist_disable (id: 05900818) default severity warning log message bl...
Page 137
Default severity warning log message dnsbl name not fit buffer for session with ip for explanation dnsbl name will not fit the string buffer and will be truncated. Gateway action none recommended action none. Revision 1 parameters type algname ipaddr 2.2.13. Dnsbl_record_truncated (id: 05900820) cha...
Page 138: 2.3. Antivirus
2.3. Antivirus these log messages refer to the antivirus (anti-virus related events) category. 2.3.1. Virus_found (id: 05800001) default severity warning log message virus found in file . Virus name: . Signature: . Advisory id: . Explanation a virus has been detected in a data stream. Since anti-vir...
Page 139
2.3.3. Excluded_file (id: 05800003) default severity notice log message file is excluded from scanning. Identified filetype: . Explanation the named file will be excluded from anti-virus scanning. The filetype is present in the anti-virus scan exclusion list. Gateway action allow_data_without_scan r...
Page 140
Explanation the file could not be scanned by the anti-virus module since the decompression of the compressed file failed. Since anti-virus is running in audit mode, the data transfer will be allowed to continue. Gateway action allow_data recommended action change fail mode parameter to deny if files...
Page 141
Revision 1 parameters filename comp_ratio [layer7_srcinfo] [layer7_dstinfo] context parameters alg module name alg session id connection 2.3.8. Compression_ratio_violation (id: 05800008) default severity warning log message compression ratio violation for file . Compression ratio threshold: explanat...
Page 142
Connection 2.3.10. Out_of_memory (id: 05800010) default severity error log message out of memory explanation memory allocation failed. Since anti-virus is running in protect mode, the data transfer will be aborted in order to protect the receiver. Gateway action block_data recommended action try to ...
Page 143
Running in audit mode, the data transfer will be allowed to continue. Gateway action allow_data recommended action none. Revision 1 parameters filename [layer7_srcinfo] [layer7_dstinfo] context parameters alg module name alg session id connection 2.3.13. No_valid_license (id: 05800015) default sever...
Page 144: 05800024)
Initialization. Explanation anti-virus scanning is aborted since the scan engine returned a general error during initialization. Gateway action av_scanning_aborted recommended action try to restart the unit in order to solve this issue. Revision 2 context parameters alg session id 2.3.16. Out_of_mem...
Page 145: 05800025)
2.3.18. Decompression_failed_encrypted_file (id: 05800025) default severity warning log message decompression failed for file . The file is encrypted. Explanation the file could not be scanned by the anti-virus module since the compressed file is encrypted with password protection. Since anti-virus ...
Page 146
Encoding is missing or unknown. Fail mode is allow so data is allowed without scanning. Gateway action allow_data_without_scan recommended action research the content transfer encoding format. Revision 1 parameters filename unknown_content_transfer_encoding sender_email_address recipient_email_addre...
Page 147
Context parameters alg module name alg session id 2.3.22. Unknown_encoding (id: 05800185) chapter 2. Log message reference 147.
Page 148: 2.4. Arp
2.4. Arp these log messages refer to the arp (arp events) category. 2.4.1. Already_exists (id: 00300001) default severity notice log message an entry for this ip address already exists explanation the entry was not added as a previous entry for this ip address already exists in the arp table. Gatewa...
Page 149
2.4.4. Arp_response_broadcast (id: 00300004) default severity notice log message arp response is a broadcast address explanation the arp response has a sender address which is a broadcast address. Allowing. Gateway action allow recommended action if this is not the desired behaviour, modify the conf...
Page 150
Default severity notice log message arp hw sender does not match ethernet hw sender. Dropping explanation the hardware sender address specified in the arp data does not match the ethernet hardware sender address. Dropping packet. Gateway action drop recommended action if this is not the desired beha...
Page 151
2.4.10. Invalid_arp_sender_ip_address (id: 00300049) default severity warning log message failed to verify arp sender ip address. Dropping explanation the arp sender ip address could not be verfied according to the "access" section, and the packet is dropped. Gateway action drop recommended action i...
Page 152
Default severity warning log message arp response is a broadcast address. Dropping explanation the arp response has a sender address which is a broadcast address. Dropping packet. Gateway action drop recommended action if this is not the desired behaviour, modify the configuration. Revision 1 contex...
Page 153
2.4.16. Hwaddr_change_drop (id: 00300055) default severity notice log message has a different address compared to the known hardware address . Dropping packet. Explanation a known dynamic arp entry has a different hardware address than the one in the arp packet. Dropping packet. Gateway action drop ...
Page 154: 2.5. Avupdate
2.5. Avupdate these log messages refer to the avupdate (antivirus signature update) category. 2.5.1. Av_db_update_failure (id: 05000001) default severity alert log message update of the anti-virus database failed, because of explanation the unit tried to update the anti-virus database, but failed. T...
Page 155
Log message anti-virus database could not be updated, as no valid subscription exist explanation the current license does not allow the anti-virus database to be updated. Gateway action none recommended action check the system's time and/or purchase a subscription. Revision 1 2.5.5. Av_detects_inval...
Page 156
Recommended action none. Revision 1 2.5.7. Unsynced_databases (id: 05000008) chapter 2. Log message reference 156.
Page 157: 2.6. Blacklist
2.6. Blacklist these log messages refer to the blacklist (blacklist events) category. 2.6.1. Failed_to_write_list_of_blocked_hosts_to_media (id: 04600001) default severity critical log message failed to write list of blocked hosts to media explanation failed to write list of blocked hosts to media. ...
Page 158
Default severity notice log message found in blacklist. Triggered rule , description: . Protocol: , ip: , port: . Explanation a blacklist entry was added which matched the ip address of this connection. Thus it was closed accordingly. Gateway action close recommended action investigate threshold or ...
Page 159
Triggered dynamic blacklisting. Revision 1 parameters rule description proto ip port 2.6.6. Packet_blacklisted (id: 04600006) chapter 2. Log message reference 159.
Page 160: 2.7. Buffers
2.7. Buffers these log messages refer to the buffers (events regarding buffer usage) category. 2.7.1. Buffers_flooded (id: 00500001) default severity warning log message the buffers were flooded for seconds. Current usage is percent explanation the unit was temporarily out of buffers for a period of...
Page 161: 2.8. Conn
2.8. Conn these log messages refer to the conn (state engine events, e.G. Open/close connections) category. 2.8.1. Conn_open (id: 00600001) default severity informational log message connection opened explanation a connection has been opened. Gateway action none recommended action none. Revision 1 c...
Page 162
Connection 2.8.4. Conn_open_natsat (id: 00600004) default severity informational log message connection opened explanation a connection has been opened. Gateway action none recommended action none. Revision 1 context parameters rule information connection packet buffer 2.8.5. Conn_close_natsat (id: ...
Page 163
2.8.7. Out_of_connections (id: 00600011) default severity warning log message out of connections. Dropping connection attempt explanation the connection table is currently full, and this new connection attempt will be dropped. Gateway action drop recommended action none. Revision 1 context parameter...
Page 164
Parameters protocol context parameters rule name packet buffer 2.8.10. No_return_route (id: 00600014) default severity warning log message failed to open a new connection since a return route to the sender address cant be found. Dropping packet explanation there was no return route found to the send...
Page 165
Recommended action none. Revision 1 context parameters rule name packet buffer 2.8.13. Udp_src_port_0_illegal (id: 00600021) default severity warning log message udp source port is set to 0. Dropping explanation the udp source port was set to 0. This can be used by udp streams not expecting return t...
Page 166
Context parameters packet buffer 2.8.16. Active_data (id: 00600100) default severity informational log message ftpalg: incoming active data channel explanation an active data channel connection has been established. Gateway action none recommended action none. Revision 1 context parameters alg modul...
Page 167
Connection 2.8.19. Passive_data (id: 00600103) default severity informational log message ftpalg: passive data channel closed explanation a passive data channel was closed. Gateway action none recommended action none. Revision 1 context parameters alg module name alg session id rule information conn...
Page 168: 2.9. Dhcp
2.9. Dhcp these log messages refer to the dhcp (dhcp client events) category. 2.9.1. Offered_ip_occupied (id: 00700001) default severity notice log message interface received a lease with an offered ip that appear to be occupied () explanation received a dhcp lease which appears to be in use by some...
Page 169
Parameters iface ip netmask bcast gw context parameters packet buffer 2.9.4. Renewed_lease (id: 00700004) default severity notice log message interface have renewed its lease. The new lease is valid for seconds explanation an interface have successfully renewed its lease. Gateway action none recomme...
Page 170
Recommended action check the dhcp server configuration or adjust the minimum leasetime limit. Revision 1 parameters iface lease_time minimum_lease_time context parameters packet buffer 2.9.7. Invalid_server_id (id: 00700008) default severity warning log message interface received a lease with an inv...
Page 171
Explanation an interface received a lease with an invalid broadcast address. Gateway action drop recommended action check dhcp server configuration. Revision 1 parameters iface broadcast context parameters packet buffer 2.9.10. Invalid_offered_ip (id: 00700011) default severity warning log message i...
Page 172
Log message interface received a lease where the offered broadcast equals the offered gateway explanation an interface received a lease where the offered broadcast address is equal with the offered gateway address. Gateway action drop recommended action check dhcp server configuration. Revision 1 pa...
Page 173
Context parameters packet buffer 2.9.14. Route_collision (id: 00700015) chapter 2. Log message reference 173.
Page 174: 2.10. Dhcprelay
2.10. Dhcprelay these log messages refer to the dhcprelay (dhcp relayer events) category. 2.10.1. Unable_to_save_dhcp_relay_list (id: 00800001) default severity warning log message unable to auto save the dhcp relay list to disk explanation unable to autosave the dhcp relay list to disk. Gateway act...
Page 175
Log message incorrect bootp/dhcp cookie. Dropping explanation received a packet with an incorrect bootp/dhcp cookie. Gateway action drop recommended action investigate what client implementation is being used. Revision 1 context parameters packet buffer 2.10.5. Maximum_ppm_for_relayer_reached (id: 0...
Page 176: 00800010)
Gateway action none recommended action verify maximum-hop-limit setting. Revision 1 context parameters packet buffer 2.10.8. Client_release (id: 00800008) default severity warning log message client requested release. Relay canceled explanation a client requested that lease should be canceled. Gatew...
Page 177: (Id: 00800011)
Recommended action verify max-relay-routes-limit. Revision 1 context parameters rule name 2.10.11. Unable_to_add_relay_route_since_out_of_memory (id: 00800011) default severity error log message internal error: out of memory: can't add dhcp relay route. Dropping explanation unable to add dhcp relay ...
Page 178: (Id: 00800014)
2.10.14. Bad_inform_pkt_with_mismatching_source_ip_and_client_ip (id: 00800014) default severity warning log message inform packet did not pass through a relayer but the packet source ip and the client ip doesnt match. Dropping explanation received non relayed inform dhcp packet with illegally misma...
Page 179: 00800018)
Parameters max_relays context parameters rule name packet buffer 2.10.17. Dhcp_server_is_unroutable (id: 00800017) default severity warning log message bootp/dhcp-server at is unroutable. Dropping explanation unable to find route to specified dhcp server. Gateway action drop recommended action updat...
Page 180: (Id: 00800022)
Revision 1 parameters gateway_ip context parameters rule name packet buffer 2.10.20. Relayed_request (id: 00800020) default severity notice log message relayed dhcp-request from client to explanation relayed a dhcp request. Gateway action none recommended action none. Revision 1 parameters type clie...
Page 181
Explanation received a reply for a client on a non security equivalent interface. Gateway action drop recommended action verify security-equivalent-interface setting. Revision 1 parameters client_hw context parameters rule name packet buffer 2.10.23. Assigned_ip_not_allowed (id: 00800023) default se...
Page 182
Default severity warning log message a host route for already exists which points to another interface. Dropping explanation an ambiguous host route indicating another interface was detected trying to setup a dynamic hostroute for a client. Gateway action drop recommended action review previous conf...
Page 183
2.10.28. Relayed_dhcp_reply (id: 00800028) default severity notice log message relayed dhcp-reply to gateway explanation relayed dhcp reply to a gateway. Gateway action none recommended action none. Revision 1 parameters type gateway_ip context parameters rule name packet buffer 2.10.29. Relayed_boo...
Page 184: 2.11. Dhcpserver
2.11. Dhcpserver these log messages refer to the dhcpserver (dhcp server events) category. 2.11.1. Unable_to_send_response (id: 00900001) default severity warning log message failed to get buffer for sending. Unable to reply explanation unable to get a buffer for sending. Gateway action none recomme...
Page 185: (Id: 00900006)
Gateway action none recommended action none. Revision 1 2.11.5. Dhcp_packet_too_small (id: 00900005) default severity warning log message received dhcp packet which is smaller then the minimum allowed 300 bytes. Dropping explanation received a dhcp packet which is smaller then the minimum allowed 30...
Page 186: (Id: 00900008)
Gateway action reject recommended action none. Revision 1 parameters client client_ip context parameters packet buffer 2.11.8. Request_for_ip_from_non_bound_client_without_state (id: 00900008) default severity warning log message received a request from client(not in bound) for ip without state. Ign...
Page 187
Gateway action drop recommended action check network equipment for errors. Revision 1 context parameters packet buffer 2.11.11. Lease_timeout (id: 00900012) default severity notice log message lease for ip timed out. Was bound to client explanation a client lease wasn't renewed and timed out. Gatewa...
Page 188
Revision 1 context parameters rule name packet buffer 2.11.14. Sending_offer (id: 00900015) default severity notice log message received discover from client . Sending ip offer explanation received discover (initial ip query) from a client. Gateway action none recommended action none. Revision 1 par...
Page 189
Parameters client_hw client_wanted client_offered context parameters rule name packet buffer 2.11.17. Request_for_non_bound_ip (id: 00900018) default severity warning log message client requested non bound ip. Rejecting explanation client requested a non bound ip. Gateway action reject recommended a...
Page 190
Recommended action none. Revision 1 parameters client_hw client_ip context parameters rule name packet buffer 2.11.20. Got_inform_request (id: 00900021) default severity notice log message got inform request from client . Acknowledging explanation got an inform (client already got an ip and asks for...
Page 191: (Id: 00900025)
Log message client declined non offered ip. Decline is ignored explanation client rejected non a offered ip. Gateway action none recommended action none. Revision 1 parameters client_hw context parameters rule name packet buffer 2.11.23. Declined_by_client (id: 00900024) default severity warning log...
Page 192
2.11.25. Release_for_ip_on_wrong_iface (id: 00900026) default severity warning log message got release for ip on wrong interface (recv: , lease: ). Decline is ignored explanation got release from a client on the wrong interface. Gateway action none recommended action check network for inconsistent r...
Page 193: 2.12. Dynrouting
2.12. Dynrouting these log messages refer to the dynrouting (dynamic routing) category. 2.12.1. Failed_to_export_route_to_ospf_process_failed_to_alloc (id: 01100001) default severity critical log message failed to export route to ospf process (unable to alloc export node) explanation unable to expor...
Page 194
Rule name route 2.12.4. Failed_to_add_route_unable_to_alloc (id: 01100004) default severity critical log message failed to add route (unable to alloc route) explanation failed to create a route since out of memory. Gateway action alert recommended action check memory consumption. Revision 1 context ...
Page 195
2.12.6. Route_removed (id: 01100006) chapter 2. Log message reference 195.
Page 196: 2.13. Frag
2.13. Frag these log messages refer to the frag (fragmentation events) category. 2.13.1. Individual_frag_timeout (id: 02000001) default severity warning log message individual fragment timed out. Explanation a fragment of an ip packet timed out, and is dropped. Gateway action drop recommended action...
Page 197
Destip ipproto fragid fragact frags context parameters dropped fragments rule name 2.13.4. Fail_out_of_resources (id: 02000004) default severity critical log message out of reassembly resources. Frags: . - fragid: , state: explanation out of fragmentation-reassembly resources when processing the ip ...
Page 198
Rule name 2.13.6. Fail_timeout (id: 02000006) default severity critical log message time out reassembling. Frags: . - fragid: , state: explanation timed out when reassembling a fragmented ip packet. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters srcip destip ippr...
Page 199: 02000010)
Default severity warning log message dropping stored fragments of disallowed packet. Frags: . - fragid: , state: explanation the fragments of a disallowed ip packet were dropped. Gateway action drop recommended action none. Revision 1 parameters srcip destip ipproto fragid fragact frags context para...
Page 200: 02000012)
Which are dropped. Gateway action drop recommended action none. Revision 1 parameters srcip destip ipproto fragid fragact frags context parameters dropped fragments rule name 2.13.11. Learn_state (id: 02000011) default severity error log message internal error: invalid state explanation internal err...
Page 201: 02000014)
Default severity warning log message dropping duplicate fragment explanation a duplicate fragment of an ip packet was received. Dropping the duplicate fragment. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.13.14. Frag_offset_plus_length_not_in_...
Page 202
2.13.16. Bad_ipdatalen (id: 02000016) default severity error log message bad ipdatalen= explanation the partly reassembled ip packet has an invalid ip data length. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters ipdatalen context parameters rule name packet buffer...
Page 203: 02000020)
2.13.19. Bad_offs (id: 02000019) default severity error log message bad fragment offset explanation the fragment has an invalid offset. Dropping packet. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.13.20. Duplicate_frag_with_different_length (i...
Page 204: 02000023)
Default severity error log message fragments partially overlap explanation two fragments partially overlap. Dropping packet. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.13.23. Drop_frag_disallowed_suspect_packet (id: 02000023) default severity...
Page 205
Log message dropping extraneous fragment of completed packet explanation a completed reassembled ip packet contains a extraneous fragment, which is dropped. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.13.26. Drop_frag_failed_suspect_packet (id...
Page 206
Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.13.29. Fragments_available_freeing (id: 02000100) default severity critical log message internal error: contains fragments even when freeing. Dropping explanation an internal error occured when freei...
Page 207: 2.14. Gre
2.14. Gre these log messages refer to the gre (gre events) category. 2.14.1. Failed_to_setup_gre_tunnel (id: 02200001) default severity warning log message failed to setup open tunnel from to explanation unable to setup gre tunnel with endpoint. Gateway action drop recommended action check conn usag...
Page 208
Default severity warning log message gre packet with checksum error. Packet dropped explanation received gre packet with checksum errors. Gateway action drop recommended action check network equipment for errors. Revision 1 context parameters packet buffer 2.14.5. Gre_length_error (id: 02200005) def...
Page 209
Revision 1 parameters session_key context parameters packet buffer 2.14.8. Gre_routing_flag_set (id: 02200008) default severity warning log message received gre packet with routing flag set. Packet dropped explanation received gre packet with unsupported routing option enabled. Gateway action drop r...
Page 210: 2.15. Ha
2.15. Ha these log messages refer to the ha (high availability events) category. 2.15.1. Peer_gone (id: 01200001) default severity notice log message peer firewall disappeared. Going active explanation the peer gateway (which was active) is not available anymore. This gateway will now go active inst...
Page 211
Explanation both memebrs are active, but the peer has higher local load. This gateway will stay active. Gateway action stay_active recommended action none. Revision 1 2.15.5. Peer_has_lower_local_load (id: 01200005) default severity notice log message both active, peer has lower local load; deactiva...
Page 212
Default severity notice log message conflict: both peers are inactive! Resolving... Explanation a conflict occured as both peers are inactive at the same time. The conflict will automatically be resolved. Gateway action none recommended action none. Revision 1 2.15.9. Peer_has_more_connections (id: ...
Page 213: 01200044)
2.15.12. Heartbeat_from_unknown (id: 01200043) default severity warning log message received ha heartbeat from unknown ip. Dropping explanation the received ha heartbeat packet was originating from an unknown ip. The packet will be dropped. Gateway action drop recommended action none. Revision 1 con...
Page 214
Default severity warning log message failed to merge configuration from ha partner explanation the gateway failed to merge the configuration that was received from the peer. Gateway action ha_merge_conf recommended action none. Revision 1 2.15.16. Ha_commit_error (id: 01200052) default severity warn...
Page 215: (Id: 01200201)
2.15.19. Linkmon_triggered_failover (id: 01200055) default severity notice log message ha node going inactive. Explanation linkmon requested the node to go inactive. Gateway action none recommended action none. Revision 1 parameters reason 2.15.20. Resync_conns_to_peer (id: 01200100) default severit...
Page 216
Default severity notice log message hasync connection lifetime expired. Reconnecting... Explanation the ha syncronization connection lifetime has expired. A new connection will be establised by reconnecting to the peer. Gateway action reconnect recommended action none. Revision 1 2.15.23. Hasync_con...
Page 217
Context parameters rule name packet buffer 2.15.26. Sync_packet_on_nonsync_iface (id: 01200410) default severity warning log message received state sync packet on non-sync iface. Dropping explanation a ha state sync packet was recieved on a non-sync interface. This should never happend, and the pack...
Page 218: 01200616)
2.15.29. Config_sync_failure (id: 01200500) default severity critical log message tried to synchronize configuration to peer 3 times without success. Giving up. Explanation the gateway tried to synchronize the configuration to peer three times, but failed. It will now give up trying to do so. Gatewa...
Page 219
Gateway action none recommended action none. Revision 1 parameters previous_shutdown= 2.15.32. Action=going_online (id: 01200618) chapter 2. Log message reference 219.
Page 220: 2.16. Hwm
2.16. Hwm these log messages refer to the hwm (hardware monitor events) category. 2.16.1. Temperature_alarm (id: 04000011) default severity warning log message temperature monitor () is outside the specified limit. Current value is , lower limit is , upper limit is explanation the unit may be overhe...
Page 221
Log message voltage monitor () is outside the specified limit. Current value is , lower limit is , upper limit is explanation the powersupply of this unit may be failing. Gateway action none recommended action change powersupply unit. Revision 1 parameters index name unit current_voltage min_limit m...
Page 222
Name unit current_fanrpm min_limit max_limit 2.16.6. Fanrpm_normal (id: 04000032) default severity warning log message fan rpm monitor () is outside the specified limit. Current value is , lower limit is , upper limit is explanation the sensor reports that the fan rpm value is back in the normal ran...
Page 223
Log message temperature monitor () is outside the specified limit. Current value is , lower limit is , upper limit is explanation the sensor reports that the gpio value is back inte the normal range. Gateway action none recommended action none. Revision 1 parameters index name unit current_gpio min_...
Page 224
Parameters limit_megabyte total_mem free_mem free_percentage severity 2.16.11. Free_memory_normal_level (id: 04000103) default severity notice log message the amount of free memory is in the normal range, free mb of total mb, percentage free explanation the memory usage is in the normal range. Gatew...
Page 225: 2.17. Idp
2.17. Idp these log messages refer to the idp (intrusion detection & prevention events) category. 2.17.1. Scan_detected (id: 01300001) default severity notice log message scan detected: , signature id=. Id rule: . Protocol: . Source ip: . Source port: . Destination ip: . Destination port: . Closing ...
Page 226
Srcport destip destport context parameters rule name deep inspection 2.17.3. Intrusion_detected (id: 01300003) default severity warning log message intrusion detected: , signature id=. Id rule: . Protocol: . Source ip: . Source port: . Destination ip: . Destination port: . Closing connection. Explan...
Page 227
Destip destport context parameters rule name deep inspection 2.17.5. Scan_detected (id: 01300005) default severity notice log message scan detected: , signature id=. Id rule: . Protocol: . Source ip: . Source port: . Destination ip: . Destination port: . Explanation a scan signature matched the traf...
Page 228
Context parameters rule name deep inspection 2.17.7. Intrusion_detected (id: 01300007) default severity notice log message intrusion detected: , signature id=. Id rule: . Protocol: . Source ip: . Source port: . Destination ip: . Destination port: . Explanation an attack signature matched the traffic...
Page 229
2.17.9. Invalid_url_format (id: 01300009) default severity error log message failed to parse the http url. Id rule: . Url: . Source ip: . Source port: . Destination ip: . Destination port: . Closing connection. Explanation the unit failed parsing an url. The reason for this is problaby because the u...
Page 230
Log message failed to reassemble data. Id rule: . Source ip: . Source port: . Destination ip: . Destination port: . Closing connection. Explanation the unit failed to reassemble data. The reason for this is problaby due to an idp engine evasion attack. Gateway action close recommended action none. R...
Page 231
Recommended action review your configuration. Revision 1 parameters idrule srcip srcport destip destport context parameters rule name 2.17.14. Idp_outofmem (id: 01300014) default severity error log message failed to scan data. Id rule: . Source ip: . Source port: . Destination ip: . Destination port...
Page 232
Context parameters rule name 2.17.16. Idp_failscan (id: 01300016) default severity error log message failed to scan data. Id rule: . Source ip: . Source port: . Destination ip: . Destination port: . Reason: . Explanation the unit failed to scan data. Gateway action ignore recommended action none. Re...
Page 233: 2.18. Idppipes
2.18. Idppipes these log messages refer to the idppipes (idp traffic shaping events) category. 2.18.1. Conn_idp_piped (id: 06100001) default severity warning log message idp pipe event triggered. Throughput limited to explanation an idp rule with pipe event triggered on the specified connection. The...
Page 234
Abnormal memory consumption. Otherwise, revise configuration in order to free more ram. Revision 1 2.18.4. Idp_piped_state_replaced (id: 06100004) default severity debug log message replaced idp pipe host entry explanation an old dynamic pipe entry was removed and replaced since the maximum number o...
Page 235
Context parameters connection 2.18.7. Conn_idp_piped (id: 06100007) default severity warning log message idp dynamic pipe state found. Throughput limited to explanation a new connection is piped to [limit] kbps since either the source or destination ip is dynamically throttled by idp dynamic pipe st...
Page 236: 2.19. Idpupdate
2.19. Idpupdate these log messages refer to the idpupdate (intrusion detection & prevention database update) category. 2.19.1. Idp_db_update_failure (id: 01400001) default severity alert log message update of the intrusion detection & prevention database failed, because of explanation the unit tried...
Page 237
Default severity notice log message intrusion detection & prevention database could not be updated, as no valid subscription exist explanation the current license does not allow intrusion detection & prevention database to be updated. Gateway action none recommended action check the system's time an...
Page 238
Update is automatically initiated. Gateway action downloading_new_database recommended action none. Revision 1 2.19.7. Unsynced_databases (id: 01400009) chapter 2. Log message reference 238.
Page 239: 2.20. Ifacemon
2.20. Ifacemon these log messages refer to the ifacemon (interface monitor events) category. 2.20.1. Ifacemon_status_bad_rereport (id: 03900001) default severity notice log message ifacemon reset interface 10 seconds ago. Link status: mbps duplex explanation the interface monitor reset the interface...
Page 240
Revision 1 parameters iface [linkspeed] [duplex] 2.20.3. Ifacemon_status_bad (id: 03900004) chapter 2. Log message reference 240
Page 241: 2.21. Ippool
2.21. Ippool these log messages refer to the ippool (ippool events) category. 2.21.1. No_offer_received (id: 01900001) default severity error log message no offers were received explanation no dhcp offers where received by the ip pool general query. Gateway action none recommended action review dhcp...
Page 242
Default severity warning log message the lease was rejected due to a lease filter explanation a lease was rejected by a lease filter. Gateway action lease_rejected recommended action verify the lease filters. Revision 1 parameters client_ip context parameters rule name 2.21.5. Lease_disallowed_by_se...
Page 243
Log message the lease was rejected due to a bad offered netmask address explanation a lease was rejected due to a bad offered netmask address. Gateway action lease_rejected recommended action check dhcp server configuration. Revision 1 parameters netmask context parameters rule name 2.21.8. Lease_ha...
Page 244
Gateway action lease_rejected recommended action check dhcp server configuration. Revision 1 parameters gateway_ip context parameters rule name 2.21.11. Lease_ip_is_already_occupied (id: 01900011) default severity warning log message the lease was rejected since it seem to be occupied explanation a ...
Page 245
Revision 1 parameters client_ip context parameters rule name 2.21.14. Pool_reached_max_dhcp_clients (id: 01900014) default severity error log message the maximum number of clients for this ip pool have been reached explanation the maximum number of clients for this pool have been reached. Gateway ac...
Page 246
2.21.17. Ip_returned_to_pool (id: 01900017) default severity notice log message subsystem returned an ip to the pool explanation a subsystem returned an ip to the pool. Gateway action inform recommended action none. Revision 1 parameters client_ip subsystem context parameters rule name 2.21.17. Ip_r...
Page 247: 2.22. Ipsec
2.22. Ipsec these log messages refer to the ipsec (ipsec (vpn) events) category. 2.22.1. Fatal_ipsec_event (id: 01800100) default severity alert log message fatal event occured, because of explanation fatal event occured in ipsec stack. Gateway action none recommended action none. Revision 1 paramet...
Page 248
2.22.4. Audit_flood (id: 01800104) default severity notice log message . Explanation the rate limit for audit messages was reached. Gateway action none recommended action none. Revision 1 parameters reason 2.22.5. Ike_delete_notification (id: 01800105) default severity notice log message local ip: ,...
Page 249
2.22.7. Ike_invalid_proposal (id: 01800107) default severity warning log message local ip: , remote ip: , cookies: , reason: . Explanation the proposal for the security association could not be accepted. Gateway action none recommended action none. Revision 1 parameters local_ip remote_ip cookies re...
Page 250
Reason 2.22.10. Packet_corrupt (id: 01800110) default severity notice log message source ip: , destination ip: , spi: , seq: , protocol: , reason: . Explanation received a corrupt packet. Gateway action drop recommended action none. Revision 1 parameters source_ip dest_ip spi seq protocol reason 2.2...
Page 251
Recommended action none. Revision 1 parameters source_ip dest_ip spi seq protocol reason 2.22.13. Sa_lookup_failure (id: 01800113) default severity notice log message source ip: , destination ip: , spi: , seq: , protocol: , reason: . Explanation the received packet could not be mapped to an appropri...
Page 252
Default severity notice log message source ip: , destination ip: , spi: , seq: , protocol: , reason: . Explanation an attempt to transmit a packet that would result in sequence number overflow. Gateway action none recommended action none. Revision 1 parameters source_ip dest_ip spi seq protocol reas...
Page 253
Parameters source_ip dest_ip spi seq protocol reason 2.22.18. Hardware_acceleration_failure (id: 01800118) default severity notice log message source ip: , destination ip: , spi: , seq: , protocol: , reason: . Explanation hardware acceleration failed due to resource shortage, a corrupt packet or oth...
Page 254
Revision 1 2.22.21. Ipsec_successfully_started (id: 01800202) default severity informational log message ipsec is up and running explanation ipsec configured and started. Gateway action none recommended action none. Revision 1 2.22.22. X509_init_failed (id: 01800203) default severity critical log me...
Page 255
Revision 1 2.22.25. Failed_create_audit_module (id: 01800207) default severity error log message failed to create audit module. Explanation failed to create audit module. Gateway action ipsec_audit_disabled recommended action none. Revision 1 2.22.26. Failed_to_configure_ipsec (id: 01800210) default...
Page 256: 01800303)
Recommended action restart. Revision 1 2.22.29. Ipsec_started_successfully (id: 01800214) default severity informational log message ipsec started successfully explanation succeeded to create policymanger and commit ipsec configuration. Gateway action ipsec_started recommended action none. Revision ...
Page 257
Default severity error log message failed to set properties ipsec alogorithm , for tunnel explanation failed to set specified properties (keysize, lifetimes) for ipsec algorithm. Gateway action use_default_values_for_algorithm recommended action none. Revision 1 parameters alg tunnel 2.22.33. Failed...
Page 258
. Keeping old ip explanation failed to resolve remote gateway through dns. Gateway action keeping_old_ip recommended action none. Revision 1 parameters gateway ipsectunnel old_ip 2.22.36. Dns_resolve_failed (id: 01800309) default severity warning log message failed to resolve remote gateway for ipse...
Page 259
Explanation failed to add rules to tunnel after remote gateway have been resolved by dns. Gateway action ipsec_tunnel_disabled recommended action none. Revision 1 parameters gateway ipsectunnel 2.22.39. Failed_to_add_rules (id: 01800314) default severity error log message failed to commit rules afte...
Page 260
Explanation no policymanager to free tunnel from!!! Ipsec does not work properly. Gateway action ipsec_out_of_work recommended action restart. Revision 1 2.22.42. Peer_is_dead (id: 01800317) default severity informational log message peer has been detected dead explanation a remote peer have been de...
Page 261
Parameters status_msg 2.22.45. Failed_to_add_certificate (id: 01800322) default severity error log message failed add certificate: , for tunnel explanation failed to add certificate. Tunnel configured with this certificate for authentication will fail while negotiate. Gateway action certificate_disa...
Page 262
Default severity error log message failed set xauth for tunnel explanation failed to set extended authentication (xauth) for the tunnel. Gateway action none recommended action reconfigure_tunnnel. Revision 1 parameters tunnel 2.22.49. Failed_to_create_xauth_group (id: 01800329) default severity crit...
Page 263
Recommended action none. Revision 1 parameters username client_ip ipsec_tunnel 2.22.52. Ipsec_tunnel_modified_bysgw (id: 01800335) default severity informational log message ipsec tunnel changed by the security gateway explanation an ipsec tunnel has been changed by the security gateway. Gateway act...
Page 264
Parameters client_ip username ipsec_tunnel 2.22.55. Tunnel_disabled (id: 01800340) default severity warning log message tunnel disabled due to configuration error. Explanation tunnel [tunnel] disabled due to configuration error. Gateway action tunnel_disabled recommended action tunnel_disabled. Revi...
Page 265: (Id: 01800502)
Default severity notice log message returned a dynamic cfg mode ip to the ip pool explanation a dynamically allocated ip used for ike cfg mode was returned to the ip pool. Gateway action none recommended action none. Revision 1 parameters ip 2.22.59. Recieved_packet_to_disabled_ipsec (id: 01800500) ...
Page 266
Recommended action this is usualy a consequence of low memory or a bad configuration. Look for previous log messages to find the cause for the interface being disabled. Revision 1 parameters ipsec_connection 2.22.62. No_remote_gateway (id: 01800503) default severity error log message remote gateway ...
Page 267: 01800900)
Default severity error log message ipsec interface disabled explanation ipsec interface disabled. Gateway action none recommended action none. Revision 1 2.22.66. Maximum_allowed_tunnels_limit_reached (id: 01800900) default severity alert log message negotiation aborted due to license restrictions. ...
Page 268
Gateway action none recommended action none. Revision 1 parameters dir spi 2.22.69. Sa_write_congestion (id: 01801338) default severity warning log message failed to write sa to nitrox ii; the request timed out. Explanation a request to write an sa to nitrox ii timed out\r. Gateway action none rec...
Page 269: 01802004)
2.22.72. Malformed_packet (id: 01802003) default severity warning log message malformed packet for trigger.Dropping request for policy explanation malformed packet for trigger, dropping request. Gateway action dropping_request recommended action none. Revision 1 2.22.73. Max_ipsec_sa_negotiations_re...
Page 270
Explanation negotiation of ike sa failed. Gateway action no_ike_sa recommended action none. Revision 2 parameters statusmsg local_peer remote_peer initiator_spi 2.22.76. Ike_sa_negotiation_completed (id: 01802024) default severity informational log message ike sa negotiation completed: using ( - ) d...
Page 271
Default severity warning log message type of the local id is not key-id for the mamros-pskeyext negotiation. The negotiation might fail. Explanation type of the local id is not key-id for the mamros-pskeyext negotiation. The negotiation might fail. Gateway action no_ike_sa recommended action none. R...
Page 273
Default severity informational log message local lifetime child sa: seconds explanation inform about lifetime for child sa:. Gateway action none recommended action none. Revision 1 parameters sec 2.22.85. Ipsec_sa_lifetime (id: 01802047) default severity informational log message local lifetime chil...
Page 274
Parameters local_id remote_id 2.22.88. Ipsec_invalid_protocol (id: 01802059) default severity error log message invalid protocol received for sa explanation invalid protocol received for sa. Gateway action none recommended action none. Revision 1 parameters proto 2.22.89. Ipsec_sa_negotiation_aborte...
Page 275: 01802100)
Rule protocol explanation failed to insert rule since forced nat protocol do not match rule protocol. Gateway action vpn_tunnel_disabled recommended action reconfigure_ipsec. Revision 1 2.22.92. No_authentication_method_specified (id: 01802100) default severity error log message neither pre-shared k...
Page 276
Revision 1 2.22.95. Invalid_rule_setting (id: 01802105) default severity error log message both reject and pass defined for a rule explanation can not specify both pass and reject for a rule. Gateway action none recommended action none. Revision 1 2.22.96. Invalid_rule_setting (id: 01802106) default...
Page 277: 01802110)
Gateway action none recommended action none. Revision 1 2.22.99. Invalid_rule_setting (id: 01802109) default severity error log message to-tunnel specified for an authentication-only rule explanation to-tunnel can not be specified for an authentication-only rule. Gateway action none recommended acti...
Page 278: (Id: 01802201)
Default severity error log message esp tunnel is missing encryption and authentication algorithms explanation esp tunnel [tunnel] not configured with encryption and authentication algorithms. Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. Revision 1 parameters tunnel 2.22....
Page 279
Log message ah configured but not supported explanation tunnel [tunnel] configured for ah, but ah is not supported. Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. Revision 1 parameters tunnel 2.22.106. Invalid_tunnel_configuration (id: 01802208) default severity error log ...
Page 280
Revision 1 parameters tunnel 2.22.109. Out_of_memory_for_tunnel (id: 01802211) default severity error log message out of memory. Could not allocate memory for tunnel name! Explanation out of memory. Could not allocate memory for tunnel name!. Gateway action vpn_tunnel_disabled recommended action non...
Page 281
Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. Revision 2 2.22.113. Invalid_key_size (id: 01802217) default severity error log message specified key size limits for cipher with fixed key size explanation configuration specifies key size limits for cipher with fixed key siz...
Page 282
2.22.116. Invalid_cipher_keysize (id: 01802220) default severity error log message configured max mac key size is bigger than the built-in maximum explanation tunnel configured invalid key size for mac. Gateway action vpn_tunnel_disabled recommended action reconfigure_tunnel. Revision 1 parameters k...
Page 283: 01802402)
Gateway action none recommended action none. Revision 1 parameters info int_severity 2.22.120. Max_phase1_sa_reached (id: 01802400) default severity notice log message the maximum number of active phase-1 sas reached explanation maximum number of active phase-1 sas reached. Gateway action negotiatio...
Page 284: 01802602)
Default severity warning log message could not decode certificate to pem format. The certificate may be corrupted or it was given in unrecognized format. Explanation could_not_decode_certificate. Gateway action certificate_invalid recommended action none. Revision 1 2.22.124. Could_not_convert_certi...
Page 285: 01802604)
Gateway action certificate_not_usable_if_no_valid_crls recommended action none. Revision 1 2.22.127. Could_not_force_cert_to_be_trusted (id: 01802604) default severity warning log message could not force ca certificate as a point of trust explanation could not force ca certificate as a point of trus...
Page 286
Corrupted or it was given in unrecognized format. Explanation could_not_decode_certificate. Gateway action certificate_invalid recommended action none. Revision 1 2.22.131. Could_not_loack_certificate (id: 01802608) default severity warning log message could not lock certificate in cache explanation...
Page 287: 01802705)
Default severity informational log message ike sa: local ike peer: remote ike peer: initiator spi: responder spi: . Internal severity level: . Explanation ike sa sucessfully installed. Gateway action ike_sa_completed recommended action none. Revision 1 parameters local_peer remote_peer initiator_spi...
Page 288
Default severity warning log message directory names are not supported as subject alternative names. Skipping dn: explanation directory specified as subject alternative name. Gateway action skip_dn_name recommended action none. Revision 1 parameters dn_name 2.22.138. Could_not_decode_certificate (id...
Page 289
Recommended action none. Revision 1 parameters cfgmode msg int_severity 2.22.141. Remote_access_address (id: 01802710) default severity informational log message addresses for remote access attributes: expires time explanation addresses for remote access attributes. Gateway action none recommended a...
Page 290
2.22.144. Remote_access_dhcp (id: 01802713) default severity informational log message dhcp for remote access attributes: explanation dhcp remote access attributes. Gateway action none recommended action none. Revision 1 parameters dhcp_s 2.22.145. Remote_access_subnets (id: 01802714) default severi...
Page 291
Log message selection of ipsec sa failed due to . Internal severity level: explanation failed to select a sa. Gateway action no_ipsec_sa_selected recommended action none. Revision 2 parameters reason int_severity 2.22.148. Certificate_search_failed (id: 01802718) default severity warning log message...
Page 293
Explanation l2tp negotiation event. Gateway action l2tp_negotiation_event recommended action none. Revision 1 parameters side msg local_id remote_id int_severity 2.22.154. Outofmem_create_engine (id: 01802901) default severity critical log message failed to allocate memory for engine object explanat...
Page 294
2.22.157. Init_rule_looklup_failed (id: 01802905) default severity critical log message allocating default pass rule failed! Explanation allocating default pass rule failed!. Gateway action ipsec_disabled recommended action none. Revision 1 2.22.158. Init_mutexes_failed (id: 01802906) default severi...
Page 295
2.22.161. Init_flow_table_failed (id: 01802909) default severity critical log message allocation of flow table failed (size ) explanation allocation of flow table failed. Gateway action ipsec_disabled recommended action none. Revision 1 parameters size 2.22.162. Init_next_hop_table_failed (id: 01802...
Page 296: 01802916)
Recommended action none. Revision 1 2.22.165. Init_peer_id_hash_failed (id: 01802913) default severity critical log message allocation of peer id hash table failed explanation allocation of peer id hash table failed. Gateway action ipsec_disabled recommended action none. Revision 1 2.22.166. Init_ru...
Page 297: 01802918)
Gateway action ipsec_disabled recommended action none. Revision 1 2.22.169. Init_packet_context_cache_failed (id: 01802917) default severity critical log message allocation of packet context cache failed explanation allocation of packet context cache failed. Gateway action ipsec_disabled recommended...
Page 298
Explanation allocation of fragmentation tables failed. Gateway action ipsec_disabled recommended action none. Revision 1 2.22.173. Init_engine_tables_failed (id: 01802921) default severity critical log message allocation of engine tables failed explanation allocation of engine tables failed. Gateway...
Page 299
Log message could not select policy rule explanation could not select policy rule. Gateway action none recommended action none. Revision 1 2.22.177. Failed_to_select_ike_sa (id: 01803002) default severity informational log message could not select sa from ike sa proposal explanation could not select...
Page 300
Recommended action none. Revision 1 parameters statusmsg 2.22.180. Ipsec_sa_statistics (id: 01803021) default severity informational log message ipsec sa negotiations: done, successful, failed explanation ipsec sa statistics. Gateway action none recommended action none. Revision 1 parameters done su...
Page 301
2.22.183. Xauth_exchange_done (id: 01803024) default severity informational log message xauth exchange done: explanation information about the result of a completed xauth exchange. Gateway action none recommended action none. Revision 1 parameters statusmsg 2.22.184. Config_mode_exchange_event (id: ...
Page 302
Explanation rejected ipsec sa delete notification due to protocol mismatch. Gateway action none recommended action none. Revision 1 parameters remote_peer proto 2.22.187. Rejecting_ipsec_sa_delete (id: 01803028) default severity warning log message rejecting ipsec sa delete notification from since t...
Page 303
Log message quick-mode notification from for protocol , spi : () ( bytes) explanation received a ike quick-mode notification. Gateway action none recommended action none. Revision 1 parameters remote_peer proto spi msg type size 2.22.190. Failed_to_verify_peer_identity (id: 01803040) default severit...
Page 304: 01803101)
Recommended action none. Revision 1 parameters reason 2.22.193. Malformed_ipsec_ah_proposal (id: 01803052) default severity warning log message malformed ipsec ah proposal: explanation received a malformed ipsec ah proposal. Gateway action none recommended action none. Revision 1 parameters reason 2...
Page 305
Default severity notice log message negotiation aborted due to license restrictions: ike responder mode not available. Explanation a negotiation was aborted because it was not initiated by the correct side in accordance with license restrictions. Gateway action ike_negotiation_aborted recommended ac...
Page 306: 2.23. Ip_Error
2.23. Ip_error these log messages refer to the ip_error (packet discarded due to ip header error(s)) category. 2.23.1. Too_small_packet (id: 01500001) default severity warning log message packet is too small to contain ipv4 header explanation the received packet is too small to contain an ipv4 heade...
Page 307
Revision 1 parameters iptotlen iphdrlen context parameters rule name packet buffer 2.23.4. Invalid_ip_length (id: 01500004) default severity warning log message invalid ip header length, iptotlen=, recvlen= explanation the received packet ip total length is larger than the received transport data. D...
Page 308: 2.24. Ip_Flag
2.24. Ip_flag these log messages refer to the ip_flag (events concerning the ip header flags) category. 2.24.1. Ttl_low (id: 01600001) default severity warning log message received packet with too low ttl of . Min ttl is . Ignoring explanation the received packet has a ttl (time-to-live) field which...
Page 309
Context parameters rule name packet buffer 2.24.3. Ip_rsv_flag_set (id: 01600003) chapter 2. Log message reference 309.
Page 310: 2.25. Ip_Opt
2.25. Ip_opt these log messages refer to the ip_opt (events concerning the ip header options) category. 2.25.1. Source_route (id: 01700001) default severity notice log message packet has a source route explanation the packet has a source route. Ignoring. Gateway action ignore recommended action none...
Page 311
2.25.4. Ipopt_present (id: 01700004) default severity notice log message ip option () is present explanation the packet contains an ip option. Ignoring. Gateway action ignore recommended action none. Revision 1 parameters ipopt optname context parameters rule name packet buffer 2.25.5. Ipoptlen_too_...
Page 312
Avail context parameters rule name packet buffer 2.25.7. Multiple_ip_option_routes (id: 01700012) default severity warning log message multiple source/return routes in ip options. Dropping explanation there are multiple source/return routes specified among the ip options. Dropping packet. Gateway ac...
Page 313
Recommended action none. Revision 1 parameters ipopt routeptr context parameters rule name packet buffer 2.25.10. Source_route_disallowed (id: 01700015) default severity warning log message source route ip option disallowed. Dropping explanation the packet has a source route, which is disallowed. Dr...
Page 314
Revision 1 parameters ipopt optlen context parameters rule name packet buffer 2.25.13. Bad_timestamp_pointer (id: 01700018) default severity warning log message ip option type : bad timestamp pointer . Dropping explanation the packet contains an invalid timestamp pointer. Dropping packet. Gateway ac...
Page 315
Explanation the packet contains a timestamp ip option, which is disallowed. Dropping packet. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.25.16. Router_alert_bad_len (id: 01700021) default severity warning log message ip option type : bad lengt...
Page 316
Explanation the packet contains an ip option, which is disallowed. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters ipopt optname context parameters rule name packet buffer 2.25.18. Ipopt_present_disallowed (id: 01700023) chapter 2. Log message reference 316.
Page 317: 2.26. Ip_Proto
2.26. Ip_proto these log messages refer to the ip_proto (ip protocol verification events) category. 2.26.1. Multicast_ethernet_ip_address_missmatch (id: 07000011) default severity warning log message received packet with a destination ip address that does not match the ethernet multicast address exp...
Page 318
Which is not allowed. Dropping packet. Gateway action drop recommended action none. Revision 1 context parameters rule name packet buffer 2.26.4. Ttl_low (id: 07000014) default severity warning log message received packet with too low ttl of . Min ttl is . Dropping explanation the received packet ha...
Page 319
Dropping packet. Gateway action drop recommended action this can be changed under the advanced settings section. Revision 1 parameters proto context parameters rule name packet buffer 2.26.7. Invalid_tcp_header (id: 07000019) default severity warning log message invalid tcp header - ipdatalen=, tcph...
Page 320
Log message invalid udp header - ipdatalen=, udptotlen=. Dropping explanation the udp packet contains an invalid header. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters ipdatalen udptotlen context parameters rule name packet buffer 2.26.10. Oversize_icmp (id: 0700...
Page 321: 07000033)
2.26.12. Multicast_ethernet_ip_address_missmatch (id: 07000033) default severity warning log message received packet with a destination ip address that does not match the ethernet multicast address explanation a packet was received with an ip multicast ethernet address as destination address, but th...
Page 322
Revision 1 parameters proto context parameters rule name packet buffer 2.26.15. Oversize_ah (id: 07000052) default severity warning log message configured size limit for the ah protocol exceeded. Dropping explanation the configured size limit for the ah protocol was exceeded. Dropping packet. Gatewa...
Page 323
Recommended action this can be changed under the advanced settings section. Revision 1 parameters proto context parameters rule name packet buffer 2.26.18. Oversize_ipip (id: 07000055) default severity warning log message configured size limit for the ipip protocol exceeded. Dropping explanation the...
Page 324
Gateway action drop recommended action this can be changed under the advanced settings section. Revision 1 parameters proto context parameters rule name packet buffer 2.26.21. Oversize_ip (id: 07000058) default severity warning log message configured size limit for ip protocol exceeded. Dropping exp...
Page 325
Dropping packet. Gateway action drop recommended action none. Revision 1 parameters icmpdatalen icmpiphdrminlen context parameters rule name packet buffer 2.26.24. Invalid_icmp_data_ip_ver (id: 07000072) default severity warning log message invalid icmp data. Icmpdatalen= icmpipver=. Dropping explan...
Page 326: 07000074)
2.26.26. Invalid_icmp_data_invalid_ip_length (id: 07000074) default severity warning log message invalid icmp data length. Icmpdatalen= icmpipdatalen= icmpipdataminlen=. Dropping explanation the icmp data length is invalid. The contained ip data must be atleast 8 bytes long. Dropping packet. Gateway...
Page 327: 2.27. L2Tp
2.27. L2tp these log messages refer to the l2tp (l2tp tunnel events) category. 2.27.1. L2tpclient_resolve_successful (id: 02800001) default severity notice log message l2tp client resolved to explanation the l2tp client successfully resolved the dns name of the remote gateway. Gateway action none re...
Page 328: 02800006)
Parameters iface remotegw 2.27.4. L2tp_connection_disallowed (id: 02800004) default severity notice log message l2tp connection disallowed according to rule ! Tunnel id: , session id: explanation the l2tp connection is disallowed according to the specified userauth rule. Gateway action none recommen...
Page 329
Recommended action make sure no manually configured routes to the l2tp server interface exists in the configuration. Revision 1 parameters iface 2.27.7. L2tp_session_closed (id: 02800007) default severity notice log message closed l2tp session. Session id: , tunnel id: explanation the l2tp session w...
Page 330
Revision 1 parameters iface sessionid remotegw 2.27.10. L2tp_session_request (id: 02800010) default severity notice log message l2tp session request sent. Tunnel id: explanation an l2tp session request has been sent over the specified l2tp tunnel. Gateway action none recommended action none. Revisio...
Page 331
Parameters tunnelid sessionid 2.27.13. L2tp_session_request (id: 02800015) default severity notice log message l2tp session request received. Tunnel id: explanation a new session request was received on the specified tunnel. Gateway action none recommended action none. Revision 1 parameters tunnelid...
Page 332
2.27.16. L2tpclient_tunnel_up (id: 02800018) default severity notice log message l2tp tunnel to is up. Tunnel id: explanation l2tp tunnel negotiated successfully. Gateway action none recommended action none. Revision 1 parameters tunnelid iface remotegw 2.27.17. Malformed_packet (id: 02800019) defau...
Page 333: 2.28. Natpool
2.28. Natpool these log messages refer to the natpool (events related to nat pools) category. 2.28.1. Uninitialized_ippool (id: 05600001) default severity error log message natpool has not been initialized explanation the natpool is not initialized. This can happen if the natpool contains no valid i...
Page 334
Revision 1 parameters address poolname context parameters connection 2.28.4. Out_of_memory (id: 05600005) default severity error log message out of memory while allocating natpool state for explanation a state could not be allocated since the unit is out of memory. Gateway action drop recommended ac...
Page 335
Parameters poolname 2.28.7. Proxyarp_failed (id: 05600008) default severity error log message could not add dynamic proxyarp route. Natpool explanation it was not possible to dynamically add a core route for the given ip address. Gateway action none recommended action try to configure a core route w...
Page 336
Revision 1 parameters poolname num_states replacedip 2.28.10. Registerip_failed (id: 05600011) default severity warning log message request to activate already active translation ip address in pool explanation attempt to activate an already active translation ip. Gateway action none recommended acti...
Page 337
2.28.13. Synchronization_failed (id: 05600014) default severity error log message failed to synchronize translation ip address to peer explanation failed to synchronize translation ip address to peer. Gateway action none recommended action check status of peer and verify high availability configurat...
Page 338: 2.29. Ospf
2.29. Ospf these log messages refer to the ospf (ospf events) category. 2.29.1. Internal_error (id: 02400001) default severity warning log message internal error. Iface got ievent in istate . Ignored explanation internal error in the ospf interface state engine. Gateway action ignore recommended act...
Page 339
Recommended action check ospf interface configuration. Revision 1 parameters iface neighborid myifaceip context parameters rule name 2.29.4. Bad_packet_len (id: 02400004) default severity warning log message received ospf packet with bad length explanation received ospf packet with a bad length. Gat...
Page 340
Interface range. Gateway action drop recommended action make sure all locally attached ospf routes are on the same network. Revision 1 parameters srcip ifacerange context parameters rule name packet buffer 2.29.7. Area_mismatch (id: 02400007) default severity warning log message bad area explanation...
Page 341
2.29.9. Hello_interval_mismatch (id: 02400009) default severity warning log message hello interval mismatch. Received was , mine is . Dropping explanation received ospf data from a neighboring router with a mismatching hello interval. Gateway action drop recommended action make sure all locally atta...
Page 342
Recommended action make sure all locally attached ospf routers share the same e-flag configuration. Revision 1 parameters recv_e_flag my_e_flag context parameters rule name packet buffer 2.29.12. Hello_n_flag_mismatch (id: 02400012) default severity warning log message hello n-flag mismatch. Receive...
Page 343
Explanation received ospf data from a neighbor which contained a unknown lsa. Gateway action drop recommended action check the configuration on the neighboring router. Revision 1 parameters lsatype context parameters rule name packet buffer 2.29.15. Auth_mismatch (id: 02400050) default severity warn...
Page 344
Explanation authentication failed due to a bad crypto key id. Gateway action drop recommended action verify that the neighboring ospf router share the same crypto key id. Revision 1 parameters recv_id my_id context parameters rule name 2.29.18. Bad_auth_crypto_seq_number (id: 02400053) default sever...
Page 345
Gateway action drop recommended action check network equipment for problems. Revision 1 parameters recv_chksum my_chksum context parameters rule name 2.29.21. Dd_mtu_exceeds_interface_mtu (id: 02400100) default severity warning log message neighbor mtu is too high. Received dd has mtu . Interface mt...
Page 346
Explanation neighbor misused the i-flag. Gateway action restart recommended action none. Revision 1 parameters neighbor context parameters rule name 2.29.24. Opt_change (id: 02400103) default severity warning log message neighbor changed options during exchange. Restarting exchange explanation neigh...
Page 347
Explanation received a non dup database descriptor from a neighbor in a higher state then exchange. Gateway action restart recommended action none. Revision 1 parameters neighbor context parameters rule name 2.29.27. As_ext_on_stub (id: 02400106) default severity warning log message neighbor implied...
Page 348
Explanation received a lsa with a bad sequence number. Gateway action restart recommended action none. Revision 1 parameters seqnum context parameters rule name 2.29.30. Bad_lsa_maxage (id: 02400109) default severity warning log message got lsa with bad maxage ( > ). Restarting exchange explanation ...
Page 349
Recommended action check originating router configuration. Revision 1 parameters lsa_type context parameters rule name 2.29.33. Bad_lsa_sequencenumber (id: 02400152) default severity warning log message bad lsa sequence number (). Lsa is discarded explanation received lsa with a bad sequence number....
Page 350: 02400155)
Context parameters rule name 2.29.36. Received_selforg_for_unknown_lsa_type (id: 02400155) default severity warning log message received selforginated lsa for unknown lsa type? Flushing explanation received selforginated lsa of unknown type. Gateway action flush recommended action none. Revision 1 p...
Page 351
Recommended action none. Revision 1 parameters lsa lsaid lsartr context parameters rule name 2.29.39. Upd_packet_lsa_size_mismatch (id: 02400158) default severity warning log message upd packet lsa size mismatch. Parsing aborted explanation received ospf upd packet with a mismatching lsa size. Gatew...
Page 352
Context parameters rule name packet buffer 2.29.42. Failed_to_create_replacement_lsa (id: 02400161) default severity critical log message failed to prepare replacement lsa (lsa- id: advrtr:) explanation failed to create lsa. Gateway action alert recommended action check memory consumption. Revision ...
Page 353
Iface context parameters rule name 2.29.45. Too_many_neighbors (id: 02400201) default severity warning log message too many neighbors on . Unable to maintain 2-way with all of them(hello packet) explanation there are too many ospf routers on a directly connected network. Gateway action none recommen...
Page 354: 02400301)
Parameters area vlink context parameters rule name 2.29.48. Internal_error_unable_to_map_identifier (id: 02400301) default severity warning log message internal error: unable to map a identifier for lsa type: id: advrouter: explanation unable to map an identifier for a lsa. Gateway action none recom...
Page 355: (Id: 02400304)
Gateway action none recommended action check memory consumption. Revision 1 parameters ospfproc context parameters rule name 2.29.51. Memory_usage_exceeded_90_percent_of_max_allowed (id: 02400304) default severity warning log message memory usage for ospf process have now exceeded 90 percent of the ...
Page 356: (Id: 02400401)
Recommended action check hardware for defects. Revision 1 context parameters rule name 2.29.54. Unable_to_find_iface_to_stub_net (id: 02400400) default severity warning log message internal error: unable to find my interface attached to stub network explanation unable to find local interface attache...
Page 357: (Id: 02400403)
Recommended action contact support with a scenario description. Revision 1 parameters netvtxid context parameters rule name 2.29.57. Internal_error_unable_to_find_lnk_connecting_to_lsa (id: 02400403) default severity warning log message internal error: unable to find my link connecting to described ...
Page 358: 02400406)
Explanation unable to find neighbor interface attached back. Gateway action none recommended action contact support with a scenario description. Revision 1 parameters rtrvtxid context parameters rule name 2.29.60. Bad_iface_type_mapping_rtr_to_rtr_link (id: 02400406) default severity warning log mes...
Page 359
Log message internal error: memory allocation failure! Ospf process now considered inconsistent explanation memory allocation failure. Gateway action alert recommended action check memory consumption. Revision 1 context parameters rule name 2.29.63. Unable_to_send (id: 02400501) default severity cri...
Page 360: 2.30. Ppp
2.30. Ppp these log messages refer to the ppp (ppp tunnel events) category. 2.30.1. Ip_pool_empty (id: 02500001) default severity warning log message ipcp can not assign ip address to peer because the ip address pool is empty explanation ipcp can not assign an ip address to the peer because there ar...
Page 361: (Id: 02500004)
Revision 1 parameters tunnel_type 2.30.4. Seconday_dns_address_required_but_not_received (id: 02500004) default severity warning log message secondary dns address required but not received. Ppp terminated explanation peer refuses to give out a secondary dns address. Since reception of a secondary dn...
Page 362: 02500050)
Parameters tunnel_type 2.30.7. Failed_to_agree_on_authentication_protocol (id: 02500050) default severity error log message failed to agree on authentication protocol. Ppp terminated explanation failed to agree on ppp authentication protocol. Ppp is terminated. Gateway action ppp_terminated recommen...
Page 363
Parameters tunnel_type unsupported_lcp_option 2.30.10. Ppp_tunnel_limit_exceeded (id: 02500100) default severity alert log message ppp tunnel license limit exceeded. Ppp terminated explanation ppp is terminated because the license restrictions do not allow any more ppp tunnels. No new ppp tunnels ca...
Page 364
2.30.13. Username_too_long (id: 02500151) default severity warning log message ppp chap username was truncated because it was too long explanation ppp chap username was truncated because it was too long. Gateway action chap_username_truncated recommended action reconfigure the endpoints to use a sho...
Page 365
Gateway action pap_username_truncated recommended action reconfigure the endpoints to use a shorter username. Revision 1 parameters tunnel_type 2.30.17. Password_too_long (id: 02500351) default severity warning log message ppp pap password was truncated because it was too long explanation ppp pap pa...
Page 366
2.30.20. Authdb_error (id: 02500502) default severity error log message local database authentication error. Ppp authentication terminated explanation there was an error while authenticating using a local user database. Ppp authentication terminated. Gateway action authentication_terminated recommen...
Page 367: 2.31. Pppoe
2.31. Pppoe these log messages refer to the pppoe (pppoe tunnel events) category. 2.31.1. Pppoe_tunnel_up (id: 02600001) default severity notice log message pppoe tunnel on established to . Auth: , ifaceip: , downtime: explanation the pppoe tunnel for the interface have been established. . Gateway a...
Page 368: 2.32. Pptp
2.32. Pptp these log messages refer to the pptp (pptp tunnel events) category. 2.32.1. Pptpclient_resolve_successful (id: 02700001) default severity notice log message pptp client resolved to explanation the pptp client succesfully resolved the dns name of remote gateway. Gateway action none recomme...
Page 369: 02700006)
Revision 1 parameters rule remotegw callid 2.32.4. Unknown_pptp_auth_source (id: 02700004) default severity warning log message unknown pptp authentication source for ! Remote gateway: , call id: explanation the authentication source for the specified userauth rule found in the new configuration is ...
Page 370
Another subsystem. Traffic can only be sent out on the pptp server using the dynamic routes set up by the interface itself. Gateway action drop recommended action make sure there are no manually configured routes pointing to the pptp server interface in the configuration. Revision 1 parameters iface...
Page 371
Explanation an pptp session request has been sent on the control connection to the specified remote gateway. Gateway action none recommended action none. Revision 1 parameters remotegw 2.32.10. Unsupported_message (id: 02700010) default severity warning log message unsupported message type received ...
Page 372
Log message ppp negotiation completed for session to on . User: , auth: , mppe: , assigned ip: explanation the ppp negotiation has completed successfully for this session. The specified interface, remote gateway and call id identify the specific session. Gateway action none recommended action none. ...
Page 373
Parameters iface remotegw 2.32.15. Session_idle_timeout (id: 02700015) default severity warning log message pptp session to on has been idle for too long. Closing it. Explanation a pptp session has been idle for too long. Session will be closed. Gateway action close_session recommended action none. ...
Page 374
2.32.18. Pptp_tunnel_up (id: 02700019) default severity notice log message pptp tunnel up, client connected to explanation a remote pptp client has established a connection to this pptp server. Gateway action none recommended action none. Revision 1 parameters iface remotegw 2.32.19. Ctrlconn_refuse...
Page 375
2.32.21. Pptp_tunnel_closed (id: 02700022) default severity notice log message pptp tunnel to on closed. Explanation the pptp tunnel to has been closed. Gateway action none recommended action none. Revision 1 parameters iface remotegw 2.32.22. Pptp_connection_disallowed (id: 02700024) default severi...
Page 376
2.32.24. Pptp_no_userauth_rule_found (id: 02700026) default severity warning log message did not find a matching userauth rule for the incoming pptp connection. Interface: , remote gateway: . Explanation the pptp server was unsuccessful trying to find a userauth rule matching the incoming pptp conne...
Page 377: 2.33. Reassembly
2.33. Reassembly these log messages refer to the reassembly (events concerning data reassembly) category. 2.33.1. Ack_of_not_transmitted_data (id: 04800002) default severity informational log message tcp segment acknowledges data not yet transmitted explanation a tcp segment that acknowledges data n...
Page 378
Context parameters connection 2.33.4. Memory_allocation_failure (id: 04800005) default severity error log message can't allocate memory to keep track of a packet explanation the gateway is unable to allocate memory to keep track of packet that was received. The packet will be dropped. Gateway action...
Page 379: 04800010)
Log message maximum processing memory limit reached explanation the reassembly subsystem has reached the maximum limit set on its processing memory. This will decrease the performance of connections that are processed by the reassembly subsystem. Gateway action drop recommended action consider incre...
Page 380: 2.34. Rfo
2.34. Rfo these log messages refer to the rfo (route fail over events) category. 2.34.1. Has_ping (id: 04100001) default severity notice log message interface , table , net : route enabled, got ping reply from gw explanation route is available. Received ping reply from the gateway. Gateway action no...
Page 381
Recommended action none. Revision 1 parameters iface table net gateway 2.34.4. Unable_to_register_pingmon (id: 04100004) default severity warning log message interface , table , net : route no longer monitored, unable to register ping monitor explanation internal error: the route is no longer monito...
Page 382
Reply from gateway explanation route is available. Received arp reply from the gateway. Gateway action route_enabled recommended action none. Revision 2 parameters iface table net gateway 2.34.7. No_arp (id: 04100007) default severity error log message interface , table , net : route disabled, no ar...
Page 383
Default severity warning log message interface , table , net : route no longer monitored via arp, unable to register arp monitor explanation internal error: the route is no longer monitored. Failed to register arp route monitor. Gateway action disabled_monitor recommended action none. Revision 1 par...
Page 384: 04100012)
04100012) default severity error log message interface , table , net : route no longer monitored, unable to register interface monitor explanation internal error: route is no longer monitored. Unable to register interface monitor. Gateway action no_monitoring recommended action none. Revision 1 para...
Page 385
Parameters iface table net 2.34.15. Hostmon_successful (id: 04100015) default severity notice log message interface , table , net : route enabled, host monitoring successful explanation route is available. Host monitoring successful. Gateway action route_enabled recommended action none. Revision 1 p...
Page 386: 2.35. Rule
2.35. Rule these log messages refer to the rule (events triggered by rules) category. 2.35.1. Ruleset_fwdfast (id: 06000003) default severity notice log message packet statelessly forwarded (fwdfast) explanation the packet matches a rule with a "fwdfast" action, and is statelessly forwarded. Gateway...
Page 387
Packet buffer 2.35.4. Rule_match (id: 06000007) default severity debug log message return action trigged explanation a rule with a special return action was trigged by an ip-rule lookup. This log message only appears if you explicitly requested it for the rule in question, and it is considered of de...
Page 388
Packet buffer 2.35.7. Block127net (id: 06000012) default severity warning log message destination address is the 127.* net. Dropping explanation the destination address was the 127.* net, which is not allowed according to the configuration. The packet is dropped. Gateway action drop recommended acti...
Page 389
2.35.10. Directed_broadcasts (id: 06000031) default severity notice log message packet directed to the broadcast address of the destination network. Dropping explanation the packet was directed to the broadcast address of the destination network, and the unit is configured to disallow this. Gateway ...
Page 390
Default severity warning log message packet dropped by rule-set. Dropping explanation the rule-set is configured to drop this packet. Gateway action drop recommended action if this is not the indended behaviour, modify the rule-set. Revision 1 context parameters rule information packet buffer 2.35.1...
Page 391: 2.36. Sesmgr
2.36. Sesmgr these log messages refer to the sesmgr (session manager events) category. 2.36.1. Sesmgr_session_created (id: 04900001) default severity notice log message session connected for user: . Database: . Ip: . Type: . Explanation new session created in session manager. Gateway action none rec...
Page 392
Revision 1 parameters user database ip type 2.36.4. Sesmgr_access_set (id: 04900004) default severity notice log message access level changed to for user: . Database: . Ip: . Type: . Explanation access level has been changed for session. Gateway action none recommended action none. Revision 1 parame...
Page 393
Gateway action deny_upload recommended action terminate administrator session and try again. Revision 1 parameters user ip type 2.36.7. Sesmgr_console_denied (id: 04900007) default severity warning log message could not create new console for user: . Database: . Ip: . Type: . Explanation could not c...
Page 394
Revision 1 2.36.10. Sesmgr_session_activate (id: 04900010) default severity notice log message session has been activated for user: . Database: . Ip: . Type: . Explanation disabled session has been activated. Gateway action none recommended action none. Revision 1 parameters user database ip type 2....
Page 395
Parameters user database ip type 2.36.13. Sesmgr_session_access_missing (id: 04900015) default severity warning log message no access level set for user: . Database: . Ip: . Type: . Explanation no access level set for user, new session denied. Gateway action deny_session recommended action check use...
Page 396
Revision 1 2.36.16. Sesmgr_techsupport (id: 04900018) default severity notice log message sending technical support file. Explanation technical support file created and is being sent to user. Gateway action techsupport_created recommended action none. Revision 1 2.36.16. Sesmgr_techsupport (id: 0490...
Page 397: 2.37. Slb
2.37. Slb these log messages refer to the slb (slb events) category. 2.37.1. Server_online (id: 02900001) default severity notice log message slb server is online according to monitor explanation a disabled server has been determined to be alive again. Gateway action adding this server to the active...
Page 398: 2.38. Smtplog
2.38. Smtplog these log messages refer to the smtplog (smtplog events) category. 2.38.1. Unable_to_establish_connection (id: 03000001) default severity warning log message unable to establish connection to smtp server . Send aborted explanation the unit failed to establish a connection to the smtp s...
Page 399
2.38.4. Receive_timeout (id: 03000005) default severity warning log message receive timeout from smtp server . Send aborted explanation the unit timed out while receiving data from the smtp server. No smtp log will be sent. Gateway action abort_sending recommended action none. Revision 1 parameters ...
Page 400
Log message smtp server rejected sender . Send aborted explanation the smtp server rejected the sender. No smtp log will be sent. Gateway action abort_sending recommended action verify that the smtp server is configured to accept this sender. Revision 1 parameters smtp_server sender 2.38.8. Rejected...
Page 401
Recommended action verify that the smtp server is properly configured. Revision 1 parameters smtp_server 2.38.11. Rejected_message_text (id: 03000012) default severity warning log message smtp server rejected message text. Send aborted explanation the smtp server rejected the message text. No smtp l...
Page 402: 2.39. Snmp
2.39. Snmp these log messages refer to the snmp (allowed and disallowed snmp accesses) category. 2.39.1. Disallowed_sender (id: 03100001) default severity notice log message disallowed snmp from , disallowed sender ip explanation the sender ip address is not allowed to send snmp data to the unit. Dr...
Page 403: 2.40. Sshd
2.40. Sshd these log messages refer to the sshd (ssh server events) category. 2.40.1. Out_of_mem (id: 04700001) default severity error log message out of memory explanation memory allocation failure. System is running low on ram memory. Gateway action close recommended action try to free some of the...
Page 404
Default severity error log message occurred with the connection from client . Explanation an error occurred, and the connection will be closed. Gateway action close recommended action none. Revision 1 parameters error client 2.40.5. Invalid_mac (id: 04700007) default severity warning log message mac...
Page 405
Gateway action close recommended action none. Revision 1 parameters fromname toname client 2.40.8. Invalid_username_change (id: 04700025) default severity warning log message service change is not allowed. From serivce to . Client: explanation user changed the service between two authentication phas...
Page 406
Gateway action close recommended action increase the grace timeout value if it is set too low. Revision 1 parameters gracetime client 2.40.11. Ssh_inactive_timeout_expired (id: 04700036) default severity warning log message ssh session inactivity limit () has been reached. Closing connection. Client...
Page 407
Parameters client 2.40.14. Key_algo_not_supported. (id: 04700055) default severity error log message the authentication algorithm type is not supported. Client explanation the authentication algorithm that the client uses is not supported. Closing connection. Gateway action close recommended action ...
Page 408
Parameters maxclients client 2.40.17. Client_disallowed (id: 04700061) default severity warning log message client not allowed access according to the "remotes" section. Explanation the client is not allowed access to the ssh server. Closing connection. Gateway action close recommended action if thi...
Page 409
2.40.19. Scp_failed_not_admin (id: 04704000) chapter 2. Log message reference 409.
Page 410: 2.41. System
2.41. System these log messages refer to the system (system-wide events: startup, shutdown, etc..) category. 2.41.1. Demo_expired (id: 03200020) default severity emergency log message the demo period for this copy of d-link firewall has expired. Please install license and re-run d-link firewall, or ...
Page 411
Parameters oldtime newtime user 2.41.4. Reset_clock (id: 03200101) default severity notice log message the clock at was manually reset to explanation the clock has manually been reset. Gateway action none recommended action none. Revision 1 parameters oldtime newtime 2.41.5. Invalid_ip_match_access_...
Page 412
Default severity error log message nitrox ii interfaces restarted. Explanation nitrox ii interfaces restarted. Gateway action none recommended action none. Revision 1 2.41.8. Hardware_watchdog_initialized (id: 03200260) default severity notice log message hardware watchdog found and initialized with...
Page 413: 03200400)
Gateway action none recommended action none. Revision 1 parameters reason localip destip port_base port_end 2.41.11. Port_hlm_conversion (id: 03200302) default severity notice log message using high load mode for local ip destination ip pair explanation mode for local ip - destination ip pair has ch...
Page 414: (Id: 03200401)
Explanation due to extensive logging, a number of log messages was not sent. Gateway action none recommended action examine why the unit sent such a large amount of log messages. If this is normal activity, the "logsendpersec" setting might be set too low. Revision 1 parameters logcnt 2.41.14. Log_m...
Page 415
Would cause bi-directional communication failure. Revision 2 parameters localcfgver remotecfgver timeout 2.41.17. Disk_cannot_remove_file (id: 03200601) default severity critical log message failed to remove , bi-directional communication will now probably be impossible explanation the unit failed t...
Page 416
Parameters old_cfg 2.41.20. Disk_cannot_rename (id: 03200604) default severity error log message failed to rename to explanation the unit failed to rename the new configuration file to the real configuration file name. Gateway action none recommended action verify that the disk media is intact. Revi...
Page 417
Default severity notice log message configuration verified for bi-directional communication explanation the new configuration has been verified for communication back to peer, and will now be used as the active configuration. Gateway action none recommended action none. Revision 2 parameters localcf...
Page 418
Log message shutdown aborted. Core file missing explanation the unit was issued a shutdown command, but no core executable file is seen. The shutdown process is aborted. Gateway action shutdown_gateway_aborted recommended action verify that the disk media is intact. Revision 1 parameters shutdown re...
Page 419
. Previous shutdown: explanation the security gateway is starting up. Gateway action none recommended action none. Revision 2 parameters corever build uptime cfgfile localcfgver remotecfgver previous_shutdown 2.41.30. Startup_echo (id: 03202001) default severity notice log message security gateway s...
Page 420
Parameters shutdown 2.41.32. Admin_login (id: 03203000) default severity notice log message administrative user logged in via . Access level: explanation an adminsitrative user has logged in to the configuration system. Gateway action none recommended action none. Revision 1 parameters authsystem us...
Page 421
Gateway action disallow_admin_access recommended action none. Revision 1 parameters authsystem username [server_ip] [server_port] [client_ip] [client_port] 2.41.35. Activate_changes_failed (id: 03204000) default severity notice log message bidirectional confirmation of the new configuration failed, ...
Page 422
. Explanation the new configuration has been rejected. Gateway action reconfiguration_using_old_config recommended action none. Revision 1 parameters username userdb" client_ip config_system 2.41.38. Date_time_modified (id: 03205000) default severity notice log message the local date and time has be...
Page 423
Default severity warning log message administrative user not allowed access via explanation the user does not have proper administration access to the configuration system. Gateway action disallow_admin_access recommended action none. Revision 1 parameters authsystem username server_ip server_port c...
Page 424: 2.42. Tcp_Flag
2.42. Tcp_flag these log messages refer to the tcp_flag (events concerning the tcp header flags) category. 2.42.1. Tcp_flags_set (id: 03300001) default severity notice log message the tcp and flags are set. Allowing explanation the possible combinations for these flags are: syn urg, syn psh, syn rst...
Page 425
Gateway action ignore recommended action none. Revision 1 parameters bad_flag context parameters rule name packet buffer 2.42.4. Tcp_flag_set (id: 03300004) default severity notice log message the tcp flag is set. Stripping explanation a "bad" tcp flag is set. Removing it. Gateway action strip_flag ...
Page 426
Recommended action if any of these combinations should either be ignored or having the bad flag stripped, specify this in configuration, in the "settings" sub system. Revision 1 parameters good_flag bad_flag context parameters rule name packet buffer 2.42.7. Tcp_flag_set (id: 03300009) default sever...
Page 427
Default severity warning log message mismatched syn "resent" with seq , expected . Dropping explanation mismatching sequence numbers. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters seqno origseqno context parameters rule name connection packet buffer 2.42.10. Mis...
Page 428
Context parameters rule name connection packet buffer 2.42.12. Rst_out_of_bounds (id: 03300015) default severity warning log message originator rst seq is not in window .... Dropping explanation the rst flag sequence number is not within the receiver window. Dropping packet. Gateway action drop reco...
Page 429
Log message tcp acknowledgement is not in the acceptable range -. Dropping explanation a tcp segment with an unacceptable acknowledgement number was received during state syn_sent. The packet will be dropped. Gateway action drop recommended action none. Revision 1 parameters ack accstart accend cont...
Page 430
Context parameters rule name connection packet buffer 2.42.17. Tcp_recv_windows_drained (id: 03300022) default severity critical log message out of large tcp receive windows. Maximum windows: . Triggered times last 10 seconds. Explanation the tcp stack could not accept incomming data since it has ru...
Page 431
Gateway action none recommended action none. Revision 1 2.42.20. Tcp_seqno_too_low_with_syn (id: 03300025) default severity debug log message tcp sequence number is not in the acceptable range -. Dropping explanation a tcp segment with an unacceptable sequence number was received. The packet will be...
Page 432: 2.43. Tcp_Opt
2.43. Tcp_opt these log messages refer to the tcp_opt (events concerning the tcp header options) category. 2.43.1. Tcp_mss_too_low (id: 03400001) default severity notice log message tcp mss too low. Tcpmssmin= explanation the tcp mss is too low. Ignoring. Gateway action ignore recommended action non...
Page 433
Recommended action none. Revision 1 parameters tcpopt mss maxmss context parameters rule name packet buffer 2.43.4. Tcp_mss_too_high (id: 03400004) default severity notice log message tcp mss too high. Tcpmssmax=. Adjusting explanation the tcp mss is too high. Adjusting to use the configured maximum...
Page 434
Default severity notice log message packet has a type tcp option explanation the packet has a tcp option of the specified type. Ignoring. Gateway action ignore recommended action none. Revision 1 parameters tcpopt context parameters rule name packet buffer 2.43.7. Tcp_option_strip (id: 03400007) def...
Page 435
2.43.9. Bad_tcpopt_length (id: 03400011) default severity warning log message type claims length= bytes, avail= bytes. Dropping explanation the tcp option type does not fit in the option space. Dropping packet. Gateway action drop recommended action none. Revision 1 parameters tcpopt len avail conte...
Page 436
Parameters tcpopt mss minmss context parameters rule name packet buffer 2.43.12. Tcp_mss_too_high (id: 03400014) default severity warning log message tcp mss too high. Tcpmssmax=. Dropping explanation the tcp mss is too high. Dropping packet. Gateway action drop recommended action none. Revision 1 p...
Page 437
Recommended action none. Revision 1 context parameters rule name packet buffer 2.43.15. Multiple_tcp_ws_options (id: 03400017) default severity warning log message multiple window scale options present in a single tcp segment explanation multiple tcp window scale options present in a single tcp segm...
Page 438
Gateway action adjust recommended action none. Revision 1 parameters old new effective context parameters connection packet buffer 2.43.17. Mismatching_tcp_window_scale (id: 03400019) chapter 2. Log message reference 438.
Page 439: 2.44. Threshold
2.44. Threshold these log messages refer to the threshold (threshold rule events) category. 2.44.1. Conn_threshold_exceeded (id: 05300100) default severity warning log message connection threshold exceeded . Source ip: . Closing connection explanation the source ip is opening up new connections too ...
Page 440: 05300210)
Recommended action investigate worms and dos attacks. Revision 1 parameters description threshold srcip context parameters rule name 2.44.4. Failed_to_keep_connection_count (id: 05300200) default severity error log message failed to keep connection count. Reason: out of memory explanation the device...
Page 441: 05300211)
From a single host exceeds the configured threshold. Note: this log message is rate limited via an exponential back-off procedure. Gateway action none recommended action none. Revision 1 parameters threshold srcip [username] context parameters rule name 2.44.7. Threshold_conns_from_srcip_exceeded (i...
Page 442: 05300213)
Parameters threshold srcip [username] context parameters rule name 2.44.9. Threshold_conns_from_filter_exceeded (id: 05300213) default severity notice log message the number of connections matching the rule exceeds . The offending host is . Explanation the number of connections matching the threshol...
Page 443: 2.45. Timesync
2.45. Timesync these log messages refer to the timesync (firewall time synchronization events) category. 2.45.1. Synced_clock (id: 03500001) default severity notice log message the clock at , was off by second(s) and synchronized with to explanation the clock has been synchronized with the time serv...
Page 444
Revision 1 parameters clockdrift timeserver interval 2.45.3. Clockdrift_too_high (id: 03500003) chapter 2. Log message reference 444.
Page 445: 2.46. Transparency
2.46. Transparency these log messages refer to the transparency (events concerning the transparent mode feature) category. 2.46.1. Impossible_hw_sender_address (id: 04400410) default severity warning log message impossible hardware sender address 0000:0000:0000. Dropping. Explanation some equipment ...
Page 446
Revision 1 context parameters rule name packet buffer 2.46.4. Enet_hw_sender_broadcast (id: 04400413) default severity warning log message ethernet hardware sender is a broadcast address. Dropping. Explanation the ethernet hardware sender address is a broadcast address. The packet will be dropped. G...
Page 447
Revision 1 context parameters rule name packet buffer 2.46.7. Enet_hw_sender_multicast (id: 04400416) default severity warning log message ethernet hardware sender is a multicast address. Dropping. Explanation the ethernet hardware sender address is a multicast address. The packet will be dropped. G...
Page 448
2.46.10. Invalid_stp_frame (id: 04400419) default severity warning log message incomming stp frame from dropped. Reason: explanation an incomming spanning-tree frame has been dropped since it is either malformed or its type is unknown. Supported spanning-tree versions are stp, rstp, mstp and pvst+. ...
Page 449
Default severity warning log message incomming mpls packet on dropped. Reason: explanation an incomming mpls packet has been dropped since it was malformed. Gateway action drop recommended action if the packet format is invalid, locate the unit which is sending the malformed packet. Revision 1 param...
Page 450: 2.47. Userauth
2.47. Userauth these log messages refer to the userauth (user authentication (e.G. Radius) events) category. 2.47.1. Accounting_start (id: 03700001) default severity informational log message successfully received radius accounting start response from radius accounting server explanation the unit re...
Page 451: 03700004)
Recommended action verify that the radius accounting server daemon is running on the accounting server. Revision 1 context parameters user authentication 2.47.4. Invalid_accounting_start_server_response (id: 03700004) default severity alert log message received an invalid radius accounting start res...
Page 452
Accounting-start event was received from the accounting server. Gateway action logout_user recommended action verify that the radius accounting server is properly configured. Revision 1 context parameters user authentication 2.47.7. Failed_to_send_accounting_stop (id: 03700007) default severity aler...
Page 453: 03700009)
03700009) default severity warning log message received a radius accounting stop response with an identifier mismatch. Ignoring this packet explanation the unit received a response with an invalid identifier mismatch. This can be the result of a busy network, causing accounting event re-sends. This ...
Page 454: 03700014)
Revision 1 context parameters user authentication 2.47.12. Failure_init_radius_accounting (id: 03700012) default severity alert log message failed to send accounting start to radius accounting server. Accounting will be disabled explanation the unit failed to send an accounting-start event to the ac...
Page 455: 03700021)
Recommended action verify that a route exists from the unit to the radius accounting server, and that it is properly configured. Revision 1 context parameters user authentication 2.47.15. User_timeout (id: 03700020) default severity notice log message user timeout expired, user is automatically logg...
Page 456: 03700052)
Revision 1 parameters username 2.47.18. Accounting_alive (id: 03700050) default severity notice log message successfully received radius accounting interim response from radius accounting server. Bytes sent=, bytes recv=, packets sent=, packets recv=, session time= explanation the unit successfully ...
Page 457: 03700053)
Default severity alert log message did not receive a radius accounting interim response. User statistics might not have been updated on the accounting server explanation the unit did not receive a response to an accounting-interim event from the accounting server. Accounting information might not ha...
Page 458
Context parameters user authentication 2.47.23. Relogin_from_new_srcip (id: 03700100) default severity warning log message user with the same username is logging in from another ip address, logging out current instance explanation a user with the same username as an already authenticated user is log...
Page 459
Context parameters user authentication 2.47.26. Bad_user_credentials (id: 03700104) default severity notice log message unknown user or invalid password explanation a user failed to log in. The entered username or password was invalid. Gateway action none recommended action none. Revision 1 context ...
Page 460
Default severity warning log message denied access according to userauthrules rule-set explanation the user is not allowed to authenticate according to the userauthrules rule-set. Gateway action none recommended action none. Revision 1 context parameters user authentication 2.47.30. Challenges_not_s...
Page 461: 03700403)
Explanation a user logged out, and is no longer authenticated. Gateway action none recommended action none. Revision 1 context parameters user authentication 2.47.33. Ldap_session_new_out_of_memory (id: 03700401) default severity alert log message out of memory while trying to allocate new ldap sess...
Page 462
2.47.36. Ldap_user_authentication_failed (id: 03700404) default severity notice log message ldap authentication failed for explanation authentication attempt failed. Gateway action none recommended action none. Revision 1 parameters user 2.47.37. Ldap_context_new_out_of_memory (id: 03700405) default...
Page 463
And password. Gateway action database connection disabled recommended action check configuration. Revision 1 parameters database 2.47.40. Invalid_username_or_password (id: 03700408) default severity error log message invalid provided username or password explanation username or password does not con...
Page 464
Parameters client_ip 2.47.43. Disallow_clientkeyexchange (id: 03700501) default severity error log message ssl handshake: disallow clientkeyexchange. Closing down ssl connection explanation the ssl connection will be closed because there are not enough resources to process any clientkeyexchange mess...
Page 465
Parameters client_ip 2.47.46. Bad_changecipher_msg (id: 03700504) default severity error log message ssl handshake: bad changecipher message. Closing down ssl connection explanation the changecipher message (which is a part of a ssl handshake) is invalid, and the ssl connection is closed. Gateway ac...
Page 466: (Id: 03700509)
2.47.49. Bad_alert_msg (id: 03700507) default severity error log message bad alert message. Closing down ssl connection explanation the alert message (which can be a part of a ssl handshake) is invalid, and the ssl connection is closed. Gateway action ssl_close recommended action none. Revision 1 pa...
Page 467
Default severity error log message received ssl alert. Closing down ssl connection explanation a ssl alert message was received during an established ssl connection, and the ssl connection will be closed. Gateway action close recommended action none. Revision 1 parameters client_ip level description...
Page 468: 2.48. Vfs
2.48. Vfs these log messages refer to the vfs (vfs file handling events) category. 2.48.1. Odm_execute_failded (id: 05200001) default severity notice log message usage of file "" failed. File validated as "". Explanation an uploaded file ([filename]) was validated as "[description]". An error occure...
Page 469
Parameters filename description 2.48.4. Odm_execute_action_none (id: 05200004) default severity notice log message uploaded file () could not be recognized as a known type. Explanation an uploaded file could not be recognized as a known type. Gateway action none recommended action none. Revision 1 p...
Page 470
2.48.7. Upload_certificate_fail (id: 05200007) default severity notice log message certificate data in file , could not be added to the configuration explanation certificate data could not be added to the configuration. Gateway action none recommended action make sure that the certificate data is of...
Page 471: 2.49. Zonedefense
2.49. Zonedefense these log messages refer to the zonedefense (zonedefense events) category. 2.49.1. Unable_to_allocate_send_entries (id: 03800001) default severity warning log message unable to allocate send entry. Sending of request to abandoned explanation unable to allocate send entry. Unit is l...
Page 472
Default severity warning log message unable to accommodate block request since out of ip profiles on explanation there are no free ip profiles left on the switch. No more hosts can be be blocked/excluded on this switch. Gateway action no_block recommended action check if it is possible to unblock so...
Page 473: 03800008)
In profile explanation several attempts to create a rule in the switch has timed out. No more attempts will be made. Gateway action no_rule recommended action verify that the firewall is able to communicate with the switch. Revision 1 parameters type profile switch 2.49.8. Failed_writing_zonededense...
Page 474
Explanation several attempts to erase a profile in the switch has timed out. No more attempts will be made. Gateway action task_ignored recommended action verify that the firewall is able to communicate with the switch. Revision 1 parameters type profile switch 2.49.11. Failed_to_erase_profile (id: ...
Page 475
Gateway action task_ignored recommended action verify that the firewall is able to communicate with the switch. Revision 1 parameters switch 2.49.14. Zd_block (id: 03800014) default severity warning log message zonedefense blocking host . Alert type: explanation a configured action of type [type] ha...
Page 476
2.49.14. Zd_block (id: 03800014) chapter 2. Log message reference 476.