hit counter script
D-Link DFL-260E Log Reference Manual
  1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. NetDefend DFL-260E
  6. Log reference manual

D-Link DFL-260E Log Reference Manual

Network security firewalls netdefendos
Hide thumbs Also See for DFL-260E:
1
2
3
Table Of Contents
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, Log Reference Manual
Network Security Firewall
Log Reference Guide
NetDefendOS
Security
Security
Ver.
2.40.03
Network Security Solution
http://www.dlink.com

Advertisement

Table of Contents
loading

Related Manuals for D-Link DFL-260E

Summary of Contents for D-Link DFL-260E

  • Page 1 Network Security Firewall Log Reference Guide NetDefendOS Security Security Ver. 2.40.03 Network Security Solution http://www.dlink.com...
  • Page 2 Log Reference Guide DFL-260E/860E/1660/2560/2560G NetDefendOS Version 2.40.03 D-Link Corporation No. 289, Sinhu 3rd Rd, Neihu District, Taipei City 114, Taiwan R.O.C. http://www.DLink.com Published 2013-02-20 Copyright © 2013...
  • Page 3 D-Link reserves the right to revise this publication and to make changes from time to time in the content hereof without any obligation to notify any person or parties of such revision or changes.

  • Page 4: Table Of Contents

    Table of Contents Preface .......................29 1. Introduction .....................31 1.1. Log Message Structure ................31 1.2. Context Parameters .................33 1.3. Severity levels ..................37 2. Log Message Reference ..................39 2.1. ALG ....................40 2.1.1. alg_session_open (ID: 00200001) ...........40 2.1.2. alg_session_closed (ID: 00200002) ..........41 2.1.3. max_line_length_exceeded (ID: 00200003) ........41 2.1.4.
  • Page 5 Log Reference Guide 2.1.51. sender_email_id_mismatched (ID: 00200157) .........59 2.1.52. sender_email_id_is_in_blacklist (ID: 00200158) ......59 2.1.53. recipient_email_id_in_blacklist (ID: 00200159) .......60 2.1.54. some_recipient_email_ids_are_in_blocklist (ID: 00200160) ....60 2.1.55. base64_decode_failed (ID: 00200164) ...........60 2.1.56. base64_decode_failed (ID: 00200165) ...........61 2.1.57. blocked_filetype (ID: 00200166) ...........61 2.1.58. content_type_mismatch (ID: 00200167) .........62 2.1.59.
  • Page 6 Log Reference Guide 2.1.112. failed_to_send_response_code (ID: 00200255) ......82 2.1.113. illegal_command (ID: 00200267) ..........83 2.1.114. unknown_state (ID: 00200300) ...........83 2.1.115. invalid_message (ID: 00200301) ..........83 2.1.116. decode_failed (ID: 00200302) .............84 2.1.117. encode_failed (ID: 00200303) .............84 2.1.118. encode_failed (ID: 00200304) .............84 2.1.119. encode_failed (ID: 00200305) .............85 2.1.120.
  • Page 7 Log Reference Guide 2.1.174. max_tls_sessions_reached (ID: 00200450) ........105 2.1.175. failed_create_new_session (ID: 00200451) ........105 2.1.176. failure_connect_http_server (ID: 00200452) ........ 106 2.1.177. tls_alert_received (ID: 00200453) ..........106 2.1.178. tls_renegotiation_attempted (ID: 00200454) ........ 106 2.1.179. tls_alert_sent (ID: 00200455) ............ 107 2.1.180. tls_cipher_suite_certificate_mismatch (ID: 00200456) ....107 2.1.181.
  • Page 8 Log Reference Guide 2.1.236. sipalg_callleg_created (ID: 00200554) ........130 2.1.237. failed_to_create_new_callleg (ID: 00200555) ......130 2.1.238. failed_to_find_callleg (ID: 00200556) ........131 2.1.239. failed_to_update_callleg (ID: 00200557) ........131 2.1.240. sipalg_callleg_deleted (ID: 00200558) ........131 2.1.241. failed_to_modify_response (ID: 00200559) ......... 132 2.1.242. sipalg_callleg_state_updated (ID: 00200560) ....... 132 2.1.243.
  • Page 9 Log Reference Guide 2.4.7. mismatching_hwaddrs_drop (ID: 00300007) ........154 2.4.8. hwaddr_change (ID: 00300008) ............ 154 2.4.9. arp_resolution_failed (ID: 00300009) ..........154 2.4.10. arp_resolution_success (ID: 00300020) ........155 2.4.11. arp_cache_size_limit_reached (ID: 00300030) ....... 155 2.4.12. invalid_arp_sender_ip_address (ID: 00300049) ......155 2.4.13. arp_access_allowed_expect (ID: 00300050) ........156 2.4.14.
  • Page 10 Log Reference Guide 2.9.12. offered_broadcast_equals_gateway (ID: 00700013) ......175 2.9.13. ip_collision (ID: 00700014) ............176 2.9.14. route_collision (ID: 00700015) ........... 176 2.10. DHCPRELAY ................... 178 2.10.1. unable_to_save_dhcp_relay_list (ID: 00800001) ......178 2.10.2. dhcp_relay_list_saved (ID: 00800002) ......... 178 2.10.3. dhcp_pkt_too_small (ID: 00800003) ..........178 2.10.4.
  • Page 11 Log Reference Guide 2.12.1. failed_to_export_route_to_ospf_process_failed_to_alloc (ID: 01100001) ......................197 2.12.2. route_exported_to_ospf_as (ID: 01100002) ........197 2.12.3. route_unexported_from_ospf_as (ID: 01100003) ......197 2.12.4. failed_to_add_route_unable_to_alloc (ID: 01100004) ..... 198 2.12.5. route_added (ID: 01100005) ............198 2.12.6. route_removed (ID: 01100006) ........... 198 2.13. FRAG ....................200 2.13.1.
  • Page 12 Log Reference Guide 2.15.13. should_have_arrived_on_sync_iface (ID: 01200044) ....218 2.15.14. activate_failed (ID: 01200050) ..........218 2.15.15. merge_failed (ID: 01200051) ............ 219 2.15.16. ha_commit_error (ID: 01200052) ..........219 2.15.17. ha_write_failed (ID: 01200053) ..........219 2.15.18. ha_commit_unknown_error (ID: 01200054) ........ 219 2.15.19. linkmon_triggered_failover (ID: 01200055) ........ 220 2.15.20.
  • Page 13 Log Reference Guide 2.19.5. idp_detects_invalid_system_time (ID: 01400005) ......242 2.19.6. downloading_new_database (ID: 01400007) ......... 242 2.19.7. unsynced_databases (ID: 01400009) ..........242 2.20. IFACEMON ..................244 2.20.1. ifacemon_status_bad_rereport (ID: 03900001) ....... 244 2.20.2. ifacemon_status_bad (ID: 03900003) ........... 244 2.20.3. ifacemon_status_bad (ID: 03900004) ........... 244 2.21.
  • Page 14 Log Reference Guide 2.22.37. failed_to_add_peer (ID: 01800312) ..........263 2.22.38. failed_to_add_rules (ID: 01800313) ........... 264 2.22.39. failed_to_add_rules (ID: 01800314) ........... 264 2.22.40. new_remote_gw_ip (ID: 01800315) ........... 264 2.22.41. no_policymanager (ID: 01800316) ..........265 2.22.42. peer_is_dead (ID: 01800317) ............ 265 2.22.43. failed_to_set_dpd_cb (ID: 01800318) ......... 265 2.22.44.
  • Page 15 Log Reference Guide 2.22.98. invalid_rule_setting (ID: 01802108) ........... 282 2.22.99. invalid_rule_setting (ID: 01802109) ........... 282 2.22.100. max_number_of_policy_rules_reached (ID: 01802110) ....282 2.22.101. suspicious_outbound_rule (ID: 01802114) ......... 282 2.22.102. no_algorithms_configured_for_tunnel (ID: 01802200) ....283 2.22.103. no_encryption_algorithm_configured_for_tunnel (ID: 01802201) .. 283 2.22.104. no_authentication_algorithm_specified (ID: 01802203) ....283 2.22.105.
  • Page 16 Log Reference Guide 2.22.160. init_flow_id_table_failed (ID: 01802908) ........300 2.22.161. init_flow_table_failed (ID: 01802909) ........300 2.22.162. init_next_hop_table_failed (ID: 01802910) ........ 300 2.22.163. init_transform_table_failed (ID: 01802911) ....... 301 2.22.164. init_peer_hash_failed (ID: 01802912) ........301 2.22.165. init_peer_id_hash_failed (ID: 01802913) ........301 2.22.166. init_rule_table_failed (ID: 01802914) ........301 2.22.167.
  • Page 17 Log Reference Guide 2.23.22. nd_hoplimit_reached (ID: 06400047) ......... 318 2.23.23. nd_multicast_target_address (ID: 06400048) ....... 319 2.23.24. invalid_nd_sender_ip_address (ID: 06400049) ......319 2.23.25. nd_access_allowed_expect (ID: 06400050) ......... 320 2.23.26. nd_na_send_failure (ID: 06400051) ........... 320 2.23.27. nd_unknown_sender (ID: 06400052) .......... 320 2.23.28. nd_missing_tll_opt (ID: 06400053) ..........320 2.23.29.
  • Page 18 Log Reference Guide 2.26.18. ipopt_present_disallowed (ID: 01700023) ........341 2.26.19. invalid_ip6payload_for_jumbo (ID: 01700039) ......342 2.26.20. small_payload (ID: 01700040) ..........342 2.26.21. small_payload (ID: 01700041) ..........342 2.26.22. invalid_ip6payload_for_jumbo (ID: 01700042) ......343 2.26.23. recvd_jumbo (ID: 01700043) ............ 343 2.26.24. invalid_order (ID: 01700044) ........... 343 2.26.25.
  • Page 19 Log Reference Guide 2.27.21. oversize_ip (ID: 07000058) ............362 2.27.22. hop_limit_zero (ID: 07000059) ..........362 2.27.23. hop_limit_low (ID: 07000060) ..........363 2.27.24. fragmented_icmp (ID: 07000070) ..........363 2.27.25. invalid_icmp_data_too_small (ID: 07000071) ......363 2.27.26. invalid_icmp_data_ip_ver (ID: 07000072) ........364 2.27.27. invalid_icmp_data_too_small (ID: 07000073) ......364 2.27.28.
  • Page 20 Log Reference Guide 2.30.17. bad_auth_crypto_key_id (ID: 02400052) ........384 2.30.18. bad_auth_crypto_seq_number (ID: 02400053) ......385 2.30.19. bad_auth_crypto_digest (ID: 02400054) ........385 2.30.20. checksum_mismatch (ID: 02400055) ......... 385 2.30.21. dd_mtu_exceeds_interface_mtu (ID: 02400100) ......386 2.30.22. m_ms_mismatch (ID: 02400101) ..........386 2.30.23. i_flag_misuse (ID: 02400102) ........... 387 2.30.24.
  • Page 21 Log Reference Guide 2.31.9. lcp_negotiation_stalled (ID: 02500052) ........404 2.31.10. ppp_tunnel_limit_exceeded (ID: 02500100) ........ 405 2.31.11. authentication_failed (ID: 02500101) ......... 405 2.31.12. response_value_too_long (ID: 02500150) ........405 2.31.13. username_too_long (ID: 02500151) ........... 406 2.31.14. username_too_long (ID: 02500201) ........... 406 2.31.15. username_too_long (ID: 02500301) ........... 406 2.31.16.
  • Page 22 Log Reference Guide 2.35.8. unable_to_register_arp_monitor (ID: 04100008) ......425 2.35.9. unable_to_register_arp_monitor (ID: 04100009) ......426 2.35.10. no_link (ID: 04100010) ............426 2.35.11. has_link (ID: 04100011) ............426 2.35.12. unable_to_register_interface_monitor (ID: 04100012) ....427 2.35.13. unable_to_register_interface_monitor (ID: 04100013) ....427 2.35.14. hostmon_failed (ID: 04100014) ..........427 2.35.15.
  • Page 23 Log Reference Guide 2.41.2. dh_key_exchange_failure (ID: 04700002) ........447 2.41.3. illegal_version_string (ID: 04700004) .......... 447 2.41.4. error_occurred (ID: 04700005) ........... 447 2.41.5. invalid_mac (ID: 04700007) ............448 2.41.6. invalid_service_request (ID: 04700015) ........448 2.41.7. invalid_username_change (ID: 04700020) ........448 2.41.8. invalid_username_change (ID: 04700025) ........449 2.41.9.
  • Page 24 Log Reference Guide 2.43.33. admin_logout (ID: 03203001) ........... 468 2.43.34. admin_login_failed (ID: 03203002) ........... 468 2.43.35. sslvpnuser_login (ID: 03203004) ..........469 2.43.36. activate_changes_failed (ID: 03204000) ........469 2.43.37. accept_configuration (ID: 03204001) ......... 470 2.43.38. reject_configuration (ID: 03204002) .......... 470 2.43.39. date_time_modified (ID: 03205000) .......... 470 2.43.40.
  • Page 25 Log Reference Guide 2.47.3. clockdrift_too_high (ID: 03500003) ..........492 2.48. TRANSPARENCY ................494 2.48.1. impossible_hw_sender_address (ID: 04400410) ......494 2.48.2. enet_hw_sender_broadcast (ID: 04400411) ........494 2.48.3. enet_hw_sender_broadcast (ID: 04400412) ........494 2.48.4. enet_hw_sender_broadcast (ID: 04400413) ........495 2.48.5. enet_hw_sender_multicast (ID: 04400414) ........495 2.48.6.
  • Page 26 Log Reference Guide 2.49.47. bad_clienthello_msg (ID: 03700503) .......... 514 2.49.48. bad_changecipher_msg (ID: 03700504) ........514 2.49.49. bad_clientkeyexchange_msg (ID: 03700505) ....... 515 2.49.50. bad_clientfinished_msg (ID: 03700506) ........515 2.49.51. bad_alert_msg (ID: 03700507) ..........515 2.49.52. unknown_ssl_error (ID: 03700508) ..........516 2.49.53. negotiated_cipher_does_not_permit_the_chosen_certificate_size (ID: 03700509) ..................
  • Page 27 List of Tables 1. Abbreviations ....................30...
  • Page 28 List of Examples 1. Log Message Parameters ..................29 2. Conditional Log Message Parameters ..............29...

  • Page 29: Preface

    Preface Audience The target audience for this reference guide consists of: • Administrators that are responsible for configuring and managing a NetDefendOS installation. • Administrators that are responsible for troubleshooting a NetDefendOS installation. This guide assumes that the reader is familiar with NetDefendOS and understands the fundamentals of IP network security.
  • Page 30 Preface The following abbreviations are used throughout this reference guide: Table 1. Abbreviations Abbreviation Full name Application Layer Gateway Address Resolution Protocol DHCP Dynamic Host Configuration Protocol Domain Name System Encapsulating Security Payload File Transfer Protocol High Availability HTTP Hyper Text Transfer Protocol ICMP Internet Control Message Protocol Intrusion Detection System...

  • Page 31: Introduction

    Chapter 1. Introduction • Log Message Structure, page 31 • Context Parameters, page 33 • Severity levels, page 37 This guide is a reference for all log messages generated by NetDefendOS. It is designed to be a valuable information source for both management and troubleshooting. 1.1.
  • Page 32 1.1. Log Message Structure Chapter 1. Introduction is never actually included in the log message. Explanation A detailed explanation of the event. Note that this information is only featured in this reference guide, and is never actually included in the log message. Gateway Action A short string, 1-3 words separated by _, of what action NetDefendOS will take.

  • Page 33: 1.2. Context Parameters

    1.2. Context Parameters Chapter 1. Introduction 1.2. Context Parameters In many cases, information regarding a certain object is featured in the log message. This can be information about, for example, a connection. In this case, the log message should, besides all the normal log message attributes, also include information about which protocol is used, source and destination IP addresses and ports (if applicable), and so on.
  • Page 34 1.2. Context Parameters Chapter 1. Introduction ipproto The IP Protocol. ipdatalen The IP data length. [srcport] The source port. Valid if the protocol is TCP or UDP. [destport] The destination port. Valid if the protocol is TCP or UDP. [tcphdrlen] The TCP header length.
  • Page 35 1.2. Context Parameters Chapter 1. Introduction connection is closing or closed. Specifies the name and a description of the signature that triggered this event. Note For IDP log messages an additional log receiver, an SMTP log receiver, can be configured. This information is only sent to log receives of that kind, and not included in the Syslog format.
  • Page 36 1.2. Context Parameters Chapter 1. Introduction timedout, disallowed_login, accounting and unknown. username The name of the user that triggered this event. srcip The source IP address of the user that triggered this event. OSPF Additional information about OSPF. logsection The OSPF section Possible values: packet, hello, ddesc, exchange, lsa, spf, route and unknown.

  • Page 37: 1.3. Severity Levels

    1.3. Severity levels Chapter 1. Introduction 1.3. Severity levels An event has a default severity level, based on how serious the event is. The following eight severity levels are possible, as defined by the Syslog protocol: 0 - Emergency Emergency conditions, which most likely led to the system being unusable.
  • Page 38 1.3. Severity levels Chapter 1. Introduction...

  • Page 39: Log Message Reference

    Chapter 2. Log Message Reference • ALG, page 40 • ANTISPAM, page 137 • ANTIVIRUS, page 142 • ARP, page 152 • AVUPDATE, page 159 • BLACKLIST, page 162 • BUFFERS, page 164 • CONN, page 165 • DHCP, page 172 •...

  • Page 40: 2.1. Alg

    2.1. ALG Chapter 2. Log Message Reference • PPPOE, page 409 • PPTP, page 410 • REASSEMBLY, page 420 • RFO, page 423 • RULE, page 429 • SESMGR, page 435 • SLB, page 441 • SMTPLOG, page 442 • SNMP, page 446 •...

  • Page 41: Alg_Session_Closed (Id: 00200002)

    2.1.2. alg_session_closed (ID: Chapter 2. Log Message Reference 00200002) Revision Context Parameters ALG Module Name ALG Session ID Connection 2.1.2. alg_session_closed (ID: 00200002) Default Severity INFORMATIONAL Log Message ALG session closed Explanation An ALG session has been closed. Gateway Action None Recommended Action None.

  • Page 42: Invalid_Client_Http_Header_Received (Id: 00200100)

    2.1.5. invalid_client_http_header_received Chapter 2. Log Message Reference (ID: 00200100) Recommended Action Increase the number of ALG sessions on services configured with ALGs or try to free up some RAM depending on the situation. Revision 2.1.5. invalid_client_http_header_received (ID: 00200100) Default Severity WARNING Log Message HTTPALG: Invalid HTTP header was received from the client.

  • Page 43: Suspicious_Data_Received (Id: 00200106)

    2.1.8. suspicious_data_received (ID: Chapter 2. Log Message Reference 00200106) Explanation Data was received after the client request header, although the header specified that no such data should be sent. Gateway Action closing_connecion Recommended Action Research the source of this, and try to find out why the client is sending an invalid request.

  • Page 44: Invalid_Server_Http_Header_Received (Id: 00200108)

    2.1.10. invalid_server_http_header_received Chapter 2. Log Message Reference (ID: 00200108) ALG Session ID 2.1.10. invalid_server_http_header_received (ID: 00200108) Default Severity WARNING Log Message HTTPALG: An invalid HTTP header was received from the server. Closing connection. ALG name: <algname>. Explanation An invalid HTTP header was received from the server. Gateway Action closing_connecion Recommended Action...

  • Page 45: Failed_Create_New_Session (Id: 00200111)

    2.1.13. failed_create_new_session (ID: Chapter 2. Log Message Reference 00200111) for this service. No more sessions can be opened before old sessions have been released. Gateway Action close Recommended Action If the maximum number of HTTP sessions is too low, increase it. Revision Parameters max_sessions...

  • Page 46: Wcf_Override_Full (Id: 00200114)

    2.1.16. wcf_override_full (ID: Chapter 2. Log Message Reference 00200114) Log Message HTTPALG: Content type mismatch in file <filename>. Identified filetype <filetype> Explanation The filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded. Gateway Action block_data Recommended Action...

  • Page 47: Blocked_Filetype (Id: 00200117)

    2.1.19. blocked_filetype (ID: 00200117) Chapter 2. Log Message Reference Log Message HTTPALG: The file <filename> with file size <filesize>kB exceeds the maximum allowed download size <max_download_size>kB. Closing connection Explanation The data received from the server exceeds the maximun allowed download file size, the request is rejected and the connection is closed. Gateway Action close Recommended Action...

  • Page 48: Wcf_Servers_Unreachable (Id: 00200119)

    2.1.21. wcf_servers_unreachable (ID: Chapter 2. Log Message Reference 00200119) 2.1.21. wcf_servers_unreachable (ID: 00200119) Default Severity CRITICAL Log Message HTTPALG: Failed to connect to web content servers Explanation Web Content Filtering was unable to connect to the Web Content Filtering servers. Verify that the unit has been configured with Internet access.

  • Page 49: Wcf_Connecting (Id: 00200122)

    2.1.24. wcf_connecting (ID: 00200122) Chapter 2. Log Message Reference Context Parameters ALG Module Name 2.1.24. wcf_connecting (ID: 00200122) Default Severity INFORMATIONAL Log Message HTTPALG:Connecting to web content server <server> Explanation Connecting to Web Content Filtering server. Gateway Action connecting Recommended Action None.

  • Page 50: Request_Url (Id: 00200125)

    2.1.28. request_url (ID: 00200126) Chapter 2. Log Message Reference 2.1.27. request_url (ID: 00200125) Default Severity NOTICE Log Message HTTPALG: Requesting URL <url>. Categories: <categories>. Audit: <audit>. Override: <override>. ALG name: <algname>. Explanation The URL has been requested. Gateway Action allow Recommended Action None.

  • Page 51: Wcf_Server_Bad_Reply (Id: 00200128)

    2.1.30. wcf_server_bad_reply (ID: Chapter 2. Log Message Reference 00200128) Explanation The WCF service could not authenticate with the WCF server. Gateway Action none Recommended Action None. Revision Parameters failedserver Context Parameters ALG Module Name 2.1.30. wcf_server_bad_reply (ID: 00200128) Default Severity ERROR Log Message HTTPALG: Failed to parse WCF server response...

  • Page 52: Out_Of_Memory (Id: 00200130)

    2.1.33. wcf_bad_sync (ID: 00200131) Chapter 2. Log Message Reference 2.1.32. out_of_memory (ID: 00200130) Default Severity CRITICAL Log Message HTTPALG: Failed to allocate memory Explanation The unit does not have enough available RAM. Gateway Action none Recommended Action Try to free up some RAM by changing configuration parameters. Revision Context Parameters ALG Module Name...

  • Page 53: Url_Reclassification_Request (Id: 00200133)

    2.1.35. url_reclassification_request Chapter 2. Log Message Reference (ID: 00200133) Connection ALG Module Name ALG Session ID 2.1.35. url_reclassification_request (ID: 00200133) Default Severity WARNING Log Message HTTPALG: Reclassification request for URL <url>. New Category <newcat>. ALG name: <algname>. Explanation The user has requested a category reclassification for the URL. Gateway Action allow Recommended Action...

  • Page 54: Request_Url (Id: 00200136)

    2.1.38. request_url (ID: 00200136) Chapter 2. Log Message Reference Gateway Action allow Recommended Action None. Revision Parameters categories audit override user algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2.1.38. request_url (ID: 00200136) Default Severity NOTICE Log Message HTTPALG: Requesting URL <url>.

  • Page 55: Restricted_Site_Notice (Id: 00200138)

    2.1.40. restricted_site_notice (ID: Chapter 2. Log Message Reference 00200138) Revision Parameters categories audit override user algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2.1.40. restricted_site_notice (ID: 00200138) Default Severity WARNING Log Message HTTPALG: User requests the forbidden URL <url>, eventhough Restricted Site Notice was applied.

  • Page 56: Wcf_Mem_Optimized (Id: 00200140)

    2.1.42. wcf_mem_optimized (ID: Chapter 2. Log Message Reference 00200140) user algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2.1.42. wcf_mem_optimized (ID: 00200140) Default Severity DEBUG Log Message HTTPALG: Optimizing WCF memory usage Explanation The Web Content Filtering subsystem has optimized its memory usage and freed up some memory.

  • Page 57: Max_Smtp_Sessions_Reached (Id: 00200150)

    2.1.45. max_smtp_sessions_reached Chapter 2. Log Message Reference (ID: 00200150) Log Message HTTPALG: WCF request timeout Explanation The WCF server took too long time to reply. A new connection attempt is in progress. Gateway Action reconnecting Recommended Action None. Revision Context Parameters ALG Module Name 2.1.45.

  • Page 58: Failed_Connect_Smtp_Server (Id: 00200153)

    2.1.48. failed_connect_smtp_server Chapter 2. Log Message Reference (ID: 00200153) Default Severity CRITICAL Log Message SMTPALG: Failed to create new SMTPALG session (out of memory) Explanation An attempt to create a new SMTPALG session failed. The unit has run out of memory. Gateway Action close Recommended Action...

  • Page 59: Sender_Email_Id_Mismatched (Id: 00200157)

    2.1.51. sender_email_id_mismatched Chapter 2. Log Message Reference (ID: 00200157) Default Severity WARNING Log Message SMTPALG: Mismatching sender address Explanation The SMTP "MAIL FROM:" command does not match the "From:" header. The e-mail will be tagged as spam. Gateway Action spam tag Recommended Action Disable the Verify E-Mail Sender ID setting if you experience that valid e-mails are being wrongly tagged.

  • Page 60: Recipient_Email_Id_In_Blacklist (Id: 00200159)

    2.1.53. recipient_email_id_in_blacklist Chapter 2. Log Message Reference (ID: 00200159) Parameters sender_email_address Context Parameters ALG Module Name ALG Session ID 2.1.53. recipient_email_id_in_blacklist (ID: 00200159) Default Severity WARNING Log Message SMTPALG: Recipient e-mail address is in Black List Explanation Since "RCPT TO:" e-mail address is in Black List, SMTP ALG rejected the client request.

  • Page 61: Base64_Decode_Failed (Id: 00200165)

    2.1.56. base64_decode_failed (ID: Chapter 2. Log Message Reference 00200165) if the email sender sends incorrectly formatted data. The attachment has been blocked. Gateway Action block_allow Recommended Action Research how the sender is encoding the data. Revision Parameters filename filetype sender_email_address recipient_email_addresses Context Parameters ALG Module Name...

  • Page 62: Content_Type_Mismatch (Id: 00200167)

    2.1.58. content_type_mismatch (ID: Chapter 2. Log Message Reference 00200167) filetype sender_email_address recipient_email_addresses Context Parameters ALG Module Name ALG Session ID 2.1.58. content_type_mismatch (ID: 00200167) Default Severity WARNING Log Message SMTPALG: Content type mismatch in file <filename>. Identified filetype <filetype> Explanation The filetype of the file does not match the actual content type.

  • Page 63: All_Recipient_Email_Ids_Are_In_Blocklist (Id: 00200172)

    2.1.61. all_recipient_email_ids_are_in_blocklist Chapter 2. Log Message Reference (ID: 00200172) Default Severity NOTICE Log Message SMTPALG: Content type mismatch found for the file <filename>. It is identified as type <filetype> file Explanation Received type of data in the packet and its actual type do not match. As there is a mismatch and mime type check is disabled, the data will be allowed.

  • Page 64: Invalid_End_Of_Mail (Id: 00200176)

    2.1.63. invalid_end_of_mail (ID: Chapter 2. Log Message Reference 00200176) Revision Context Parameters ALG Module Name ALG Session ID 2.1.63. invalid_end_of_mail (ID: 00200176) Default Severity WARNING Log Message SMTPALG: Invalid end of mail "\\n.\\n" received. Explanation The client is sending invalid end of mail. Transaction will be terminated.

  • Page 65: Cmd_Empty (Id: 00200180)

    2.1.66. cmd_empty (ID: 00200180) Chapter 2. Log Message Reference Revision Context Parameters ALG Module Name ALG Session ID 2.1.66. cmd_empty (ID: 00200180) Default Severity DEBUG Log Message SMTPALG: Received empty command. Explanation The SMTP command line was empty. Ignoring command. Gateway Action ignore Recommended Action...

  • Page 66: Unsupported_Extension (Id: 00200185)

    2.1.69. unsupported_extension (ID: Chapter 2. Log Message Reference 00200185) 2.1.69. unsupported_extension (ID: 00200185) Default Severity INFORMATIONAL Log Message SMTPALG: Removed capability <capa> from EHLO response Explanation The SMTP ALG removed the [capa] capability from the EHLO response since the ALG does not support the specified extension. Gateway Action capability_removed Recommended Action...

  • Page 67: Sender_Email_Dnsbl_Spam_Mark_Removed_By_Whitelist (Id: 00200195)

    2.1.72. sender_email_dnsbl_spam_mark_removed_by_whitelist Chapter 2. Log Message Reference (ID: 00200195) ALG Module Name ALG Session ID 2.1.72. sender_email_dnsbl_spam_mark_removed_by_whitelist (ID: 00200195) Default Severity WARNING Log Message SMTPALG: Whitelist override DNSBL result for Email. Explanation Email was marked as SPAM by DNSBL. As Email Id was matched in whitelist, this mark is removed.

  • Page 68: Hybrid_Data (Id: 00200209)

    2.1.75. hybrid_data (ID: 00200209) Chapter 2. Log Message Reference Gateway Action None Recommended Action None. Revision Context Parameters ALG Module Name ALG Session ID Rule Information Connection 2.1.75. hybrid_data (ID: 00200209) Default Severity INFORMATIONAL Log Message FTPALG: Hybrid data channel closed Explanation A hybrid data channel was closed.

  • Page 69: Illegal_Command (Id: 00200212)

    2.1.78. illegal_command (ID: Chapter 2. Log Message Reference 00200212) Default Severity WARNING Log Message FTPALG: Unexpected telnet control chars in control channel from <peer>. Closing connection Explanation Unexpected telnet control characters were discovered in the control channel. This is not allowed according to the FTPALG configuration, and the connection will be closed.

  • Page 70: Port_Command_Disabled (Id: 00200214)

    2.1.80. port_command_disabled (ID: Chapter 2. Log Message Reference 00200214) Recommended Action If unknown commands should not be allowed, modify the FTPALG configuration. Revision Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2.1.80. port_command_disabled (ID: 00200214) Default Severity WARNING Log Message FTPALG: PORT command not allowed from <peer>.

  • Page 71: Illegal_Ip_Address (Id: 00200216)

    2.1.82. illegal_ip_address (ID: Chapter 2. Log Message Reference 00200216) 2.1.82. illegal_ip_address (ID: 00200216) Default Severity CRITICAL Log Message FTPALG: Illegal PORT command from <peer>, bad IP address <ip4addr>. String=<string>. Rejecting command Explanation An illegal "PORT" command was received from the client. It requests that the server should connect to another IP that it's own.

  • Page 72: Illegal_Command (Id: 00200219)

    2.1.85. illegal_command (ID: Chapter 2. Log Message Reference 00200219) Explanation An error occured when creating a data connection from the server to client. This could possibly be a result of lack of memory. Gateway Action None Recommended Action None. Revision Parameters peer connection...

  • Page 73: Illegal_Direction2 (Id: 00200221)

    2.1.87. illegal_direction2 (ID: Chapter 2. Log Message Reference 00200221) Context Parameters ALG Module Name ALG Session ID Connection 2.1.87. illegal_direction2 (ID: 00200221) Default Severity WARNING Log Message FTPALG: Illegal direction for command(2), peer=<peer>. Closing connection. Explanation A command was sent in an invalid direction, and the connection will be closed.

  • Page 74: Unknown_Option (Id: 00200224)

    2.1.90. unknown_option (ID: Chapter 2. Log Message Reference 00200224) Explanation A disallowed OPTS argument was received, and the command will be rejected. Gateway Action rejecting_command Recommended Action None. Revision Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2.1.90.

  • Page 75: Unknown_Command (Id: 00200226)

    2.1.92. unknown_command (ID: Chapter 2. Log Message Reference 00200226) Context Parameters ALG Module Name ALG Session ID Connection 2.1.92. unknown_command (ID: 00200226) Default Severity WARNING Log Message FTPALG: Unknown command from <peer>. String=<string>. Rejecting command. Explanation An unknown command was received, and the command will be rejected.

  • Page 76: Illegal_Reply (Id: 00200231)

    2.1.95. illegal_reply (ID: 00200231) Chapter 2. Log Message Reference Log Message FTPALG: Illegal multiline response (<reply>) from <peer>. String=<string>. Closing connection. Explanation An illegal multiline response was received from server, and the connection will be closed. Gateway Action close Recommended Action None.

  • Page 77: Bad_Port (Id: 00200233)

    2.1.97. bad_port (ID: 00200233) Chapter 2. Log Message Reference Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2.1.97. bad_port (ID: 00200233) Default Severity CRITICAL Log Message FTPALG: Bad port <port> from <peer>, should be within the range (<range>).

  • Page 78: Failed_To_Create_Connection2 (Id: 00200235)

    2.1.99. failed_to_create_connection2 Chapter 2. Log Message Reference (ID: 00200235) 2.1.99. failed_to_create_connection2 (ID: 00200235) Default Severity ERROR Log Message FTPALG: Failed create connection(2) Peer=<peer> Connection=<connection>. String=<string>. Explanation An error occured when creating a data connection from the client to server. This could possibly be a result of lack of memory. Gateway Action None Recommended Action...

  • Page 79: Failed_To_Register_Rawconn (Id: 00200238)

    2.1.102. failed_to_register_rawconn Chapter 2. Log Message Reference (ID: 00200238) Gateway Action None Recommended Action None. Revision Parameters peer Context Parameters ALG Module Name ALG Session ID Connection 2.1.102. failed_to_register_rawconn (ID: 00200238) Default Severity ERROR Log Message FTPALG: Internal Error - failed to register eventhandler. Closing connection Explanation An internal error occured when registering an eventhandler, and the...

  • Page 80: Failed_Create_New_Session (Id: 00200242)

    2.1.105. failed_create_new_session Chapter 2. Log Message Reference (ID: 00200242) have been released. Gateway Action close Recommended Action If the maximum number of FTP sessions is too low, increase it. Revision Parameters max_sessions Context Parameters ALG Module Name 2.1.105. failed_create_new_session (ID: 00200242) Default Severity ERROR Log Message...

  • Page 81: Failed_To_Send_Command (Id: 00200251)

    2.1.108. failed_to_send_command (ID: Chapter 2. Log Message Reference 00200251) is a content type mismatch, data is discarded. Gateway Action data_blocked_control_and_data_channel_closed Recommended Action None. Revision Parameters filename filetype Context Parameters ALG Module Name ALG Session ID 2.1.108. failed_to_send_command (ID: 00200251) Default Severity NOTICE Log Message FTPALG:Failed to send the command.

  • Page 82: Resumed_Compressed_File_Transfer (Id: 00200254)

    2.1.111. resumed_compressed_file_transfer Chapter 2. Log Message Reference (ID: 00200254) Default Severity NOTICE Log Message FTPALG: Requested file:<filename> is blocked as this file is identified as type <filetype>, which is in block list. Explanation The file is present in the block list. It will be blocked as per configuration.

  • Page 83: Illegal_Command (Id: 00200267)

    2.1.113. illegal_command (ID: Chapter 2. Log Message Reference 00200267) 2.1.113. illegal_command (ID: 00200267) Default Severity WARNING Log Message FTPALG: REST from <peer> not allowed, rejecting command Explanation The client tried to issue a "REST" command, which is not valid since the client is not allowed to do this.

  • Page 84: Decode_Failed (Id: 00200302)

    2.1.116. decode_failed (ID: 00200302) Chapter 2. Log Message Reference Revision Parameters peer message state Context Parameters ALG Module Name ALG Session ID Connection 2.1.116. decode_failed (ID: 00200302) Default Severity WARNING Log Message H323ALG: Decoding of message from peer failed. Closing session Explanation The H.225 parser failed to decode the H.225 message.

  • Page 85: Encode_Failed (Id: 00200305)

    2.1.119. encode_failed (ID: 00200305) Chapter 2. Log Message Reference Default Severity WARNING Log Message H323ALG: Failed before encoding message from peer. Closing session Explanation The ASN.1 encoder failed to allocate memory used for encoding of the message. The ALG session will be closed. Gateway Action close Recommended Action...

  • Page 86: Encode_Failed (Id: 00200307)

    2.1.121. encode_failed (ID: 00200307) Chapter 2. Log Message Reference Parameters peer Context Parameters ALG Module Name ALG Session ID Connection 2.1.121. encode_failed (ID: 00200307) Default Severity WARNING Log Message H323ALG: Failed after encoding H.245 message. Closing connection Explanation The H.245 encoder failed to encode the message. The ALG session will be closed.

  • Page 87: Ignoring_Channel (Id: 00200310)

    2.1.124. ignoring_channel (ID: Chapter 2. Log Message Reference 00200310) Log Message H323ALG: No more connections allowed for this call Explanation The maximum number of concurrent logical channels (calls) has been reached for this session. Gateway Action None Recommended Action If the maximum number of concurrent logical channels (calls) per session is too low, increase it.

  • Page 88: Max_H323_Session_Reached (Id: 00200312)

    2.1.126. max_h323_session_reached Chapter 2. Log Message Reference (ID: 00200312) Connection 2.1.126. max_h323_session_reached (ID: 00200312) Default Severity WARNING Log Message H323ALG: Maximum number of H.323 sessions (<max_sessions>) for service reached. Closing connection. Explanation The maximum number of concurrent H.323 sessions has been reached for this service.

  • Page 89: Failed_Create_New_Session (Id: 00200315)

    2.1.129. failed_create_new_session Chapter 2. Log Message Reference (ID: 00200315) Revision Parameters max_sessions Context Parameters ALG Module Name 2.1.129. failed_create_new_session (ID: 00200315) Default Severity WARNING Log Message H323ALG: Failed to create new gatekeeper session (out of memory) Explanation Could not create a new H.323 gatekeeper session due to lack of memory.

  • Page 90: Packet_Failed_Initial_Test (Id: 00200350)

    2.1.132. packet_failed_initial_test (ID: Chapter 2. Log Message Reference 00200350) Parameters peer Context Parameters ALG Module Name ALG Session ID Connection 2.1.132. packet_failed_initial_test (ID: 00200350) Default Severity WARNING Log Message TFTPALG: Packet failed initial test (Invalid TFTP packet). Packet length <packet_length> Explanation An invalid TFTP packet was received.

  • Page 91: Option_Value_Invalid (Id: 00200354)

    2.1.135. option_value_invalid (ID: Chapter 2. Log Message Reference 00200354) Gateway Action reject Recommended Action If command should be allowed modify the TFTP Alg configuration. Revision Parameters command Context Parameters ALG Module Name ALG Session ID Connection 2.1.135. option_value_invalid (ID: 00200354) Default Severity WARNING Log Message...

  • Page 92: Unknown_Option_Blocked (Id: 00200357)

    2.1.138. unknown_option_blocked (ID: Chapter 2. Log Message Reference 00200357) Log Message TFTPALG: Option tsize value <value> exceeding allowed max value <maxvalue> Explanation Option tsize value exceeding allowed value.Closing connection. Gateway Action reject Recommended Action If connection should be allowed modify the filetransfersize of the TFTP Alg configuration .

  • Page 93: Unknown_Option_Blocked (Id: 00200359)

    2.1.140. unknown_option_blocked (ID: Chapter 2. Log Message Reference 00200359) ALG Session ID Connection 2.1.140. unknown_option_blocked (ID: 00200359) Default Severity WARNING Log Message TFTPALG: Request contained unknown option <option> Explanation Request contained unknown option.Closing connection. Gateway Action close Recommended Action If connection should be allowed modify the TFTP Alg configuration . Revision Parameters option...

  • Page 94: Option_Value_Invalid (Id: 00200362)

    2.1.143. option_value_invalid (ID: Chapter 2. Log Message Reference 00200362) Revision Parameters option value Context Parameters ALG Module Name ALG Session ID Connection 2.1.143. option_value_invalid (ID: 00200362) Default Severity WARNING Log Message TFTPALG: Option <option> contained no readable value Explanation Option contained no readable value.Closing connection. Gateway Action close Recommended Action...

  • Page 95: Failed_Create_New_Session (Id: 00200365)

    2.1.146. failed_create_new_session Chapter 2. Log Message Reference (ID: 00200365) service reached. Closing connection Explanation The maximum number of concurrent TFTP sessions has been reached for this service. No more sessions can be opened before old sessions have been released. Gateway Action close Recommended Action If the maximum number of TFTP sessions is too low, increase it.

  • Page 96: Invalid_Packet_Received_Reopen (Id: 00200368)

    2.1.149. invalid_packet_received_reopen Chapter 2. Log Message Reference (ID: 00200368) Default Severity ERROR Log Message TFTPALG: Failed create listening connection,internal error(<error_code>). Closing session Explanation The unit failed to create listening connection, resulting in that the ALG session could not be successfully opened. Gateway Action close Recommended Action...

  • Page 97: Transfer_Size_Exceeded (Id: 00200370)

    2.1.151. transfer_size_exceeded (ID: Chapter 2. Log Message Reference 00200370) Parameters opcode packet_length Context Parameters ALG Module Name ALG Session ID Connection 2.1.151. transfer_size_exceeded (ID: 00200370) Default Severity WARNING Log Message TFTPALG: Received bytes <received> exceeding allowed max value <maxvalue> Explanation Transferred bytes exceeding allowed value.Closing connection.

  • Page 98: Failed_Create_Connection (Id: 00200373)

    2.1.154. failed_create_connection (ID: Chapter 2. Log Message Reference 00200373) Gateway Action close Recommended Action None. Revision Context Parameters ALG Module Name 2.1.154. failed_create_connection (ID: 00200373) Default Severity ERROR Log Message TFTPALG: Failed create listening connection,internal error(<error_code>). Closing session Explanation The unit failed to create listening connection, resulting in that the ALG session could not be successfully opened.

  • Page 99: Failed_Create_New_Session (Id: 00200381)

    2.1.157. failed_create_new_session Chapter 2. Log Message Reference (ID: 00200381) Explanation The maximum number of concurrent POP3 sessions has been reached for this service. No more sessions can be opened before old sessions have been released. Gateway Action close Recommended Action If the maximum number of POP3 sessions is too low, increase it.

  • Page 100: Blocked_Filetype (Id: 00200384)

    2.1.160. blocked_filetype (ID: Chapter 2. Log Message Reference 00200384) Explanation An attempt to allocate memory failed. Gateway Action close Recommended Action Try to free up unwanted memory. Revision Context Parameters ALG Module Name ALG Session ID 2.1.160. blocked_filetype (ID: 00200384) Default Severity NOTICE Log Message...

  • Page 101: Possible_Invalid_Mail_End (Id: 00200387)

    2.1.163. possible_invalid_mail_end Chapter 2. Log Message Reference (ID: 00200387) Default Severity ERROR Log Message POP3ALG: Base 64 decode failed. Attachment blocked Explanation The data sent to Base64 decoding failed. This can occur if the email sender sends incorrectly formatted data. The attachment has been blocked.

  • Page 102: Response_Blocked_Invalid_Len (Id: 00200389)

    2.1.165. response_blocked_invalid_len Chapter 2. Log Message Reference (ID: 00200389) linebegin" Context Parameters ALG Module Name ALG Session ID 2.1.165. response_blocked_invalid_len (ID: 00200389) Default Severity WARNING Log Message POP3ALG: Response blocked.Invalid response length <len> Explanation The server is sending response with invalid response length. The response will be blocked.

  • Page 103: Command_Blocked_Invalid_Argument (Id: 00200392)

    2.1.168. command_blocked_invalid_argument Chapter 2. Log Message Reference (ID: 00200392) Explanation Received type of data in the packet and its actual type do not match. As there is a mismatch and mime type check is disabled, the data will be allowed. Gateway Action allow Recommended Action...

  • Page 104: Unknown_Command_Blocked (Id: 00200394)

    2.1.170. unknown_command_blocked Chapter 2. Log Message Reference (ID: 00200394) 2.1.170. unknown_command_blocked (ID: 00200394) Default Severity WARNING Log Message POP3ALG: Unknown command blocked. Explanation The client is sending unknown command. The command will be blocked. Gateway Action block Recommended Action If the command are to be allowed change the Alg configuration. Revision Parameters command"...

  • Page 105: Top_Mail_End_Blocked (Id: 00200398)

    2.1.173. top_mail_end_blocked (ID: Chapter 2. Log Message Reference 00200398) ALG Session ID 2.1.173. top_mail_end_blocked (ID: 00200398) Default Severity WARNING Log Message POP3ALG: The last part of mail retreived with TOP command blocked. Explanation Only part of mail retrieved using TOP command was received. The last part was therefore blocked by the Security Gateway.

  • Page 106: Failure_Connect_Http_Server (Id: 00200452)

    2.1.176. failure_connect_http_server Chapter 2. Log Message Reference (ID: 00200452) Recommended Action Decrease the maximum allowed TLSALG sessions, or try to free some of the RAM used. Revision Context Parameters ALG Module Name 2.1.176. failure_connect_http_server (ID: 00200452) Default Severity ERROR Log Message TLSALG: Failed to connect to the HTTP Server.

  • Page 107: Tls_Alert_Sent (Id: 00200455)

    2.1.179. tls_alert_sent (ID: 00200455) Chapter 2. Log Message Reference supported so an alert was sent to let the peer know that there will be no renegotiation. Gateway Action tls_alert_sent Recommended Action None. Revision Parameters algname Context Parameters ALG Module Name ALG Session ID 2.1.179.

  • Page 108: Ssl_Renegotiation_Attempted (Id: 00200457)

    2.1.181. ssl_renegotiation_attempted Chapter 2. Log Message Reference (ID: 00200457) 2.1.181. ssl_renegotiation_attempted (ID: 00200457) Default Severity ERROR Log Message TLSALG: SSL renegotiation attempted but not supported. Explanation The SSL peer initiated a renegotiation. Renegotiation is however not supported so the TLS ALG session will be closed. Gateway Action close Recommended Action...

  • Page 109: Tls_Bad_Message_Order (Id: 00200460)

    2.1.184. tls_bad_message_order (ID: Chapter 2. Log Message Reference 00200460) Revision Parameters message_type algname Context Parameters ALG Module Name ALG Session ID 2.1.184. tls_bad_message_order (ID: 00200460) Default Severity ERROR Log Message TLSALG: Bad TLS handshake message order. Explanation A TLS handshake message of a type that is not expected in the current state of the handshake was received.

  • Page 110: Tls_Failed_To_Verify_Finished (Id: 00200463)

    2.1.187. tls_failed_to_verify_finished Chapter 2. Log Message Reference (ID: 00200463) TLS connection of a TLS ALG session. The TLS ALG session will be closed. Gateway Action close Recommended Action None. Revision Parameters algname Context Parameters ALG Module Name ALG Session ID 2.1.187.

  • Page 111: Sdp_Message_Validation_Failed (Id: 00200502)

    2.1.190. sdp_message_validation_failed Chapter 2. Log Message Reference (ID: 00200502) Default Severity ERROR Log Message SIPALG: SDP message parsing failed Explanation SDP part of message failed parsing due to malformed message. Reason: [reason]. Gateway Action drop Recommended Action Examine why client or server is sending a malformed SDP message. Revision Parameters reason...

  • Page 112: Sip_Message_Validation_Failed (Id: 00200504)

    2.1.192. sip_message_validation_failed Chapter 2. Log Message Reference (ID: 00200504) Gateway Action drop Recommended Action Examine why client or server is sending a malformed SIP message. Revision Parameters reason from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.192. sip_message_validation_failed (ID: 00200504) Default Severity ERROR Log Message...

  • Page 113: Registration_Hijack_Detected (Id: 00200506)

    2.1.194. registration_hijack_detected Chapter 2. Log Message Reference (ID: 00200506) from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.194. registration_hijack_detected (ID: 00200506) Default Severity ALERT Log Message Registration hijack attempt detected Explanation The number of registration attempts [reg_hijack_count] has been exceeded.

  • Page 114: Sip_Request_Response_Timeout (Id: 00200508)

    2.1.196. sip_request_response_timeout Chapter 2. Log Message Reference (ID: 00200508) 2.1.196. sip_request_response_timeout (ID: 00200508) Default Severity WARNING Log Message SIPALG: SIP request-response timeout Explanation SIP request-response timeout for the session [method]. The session will be deleted. Gateway Action close Recommended Action If the configured SIP Request-Response timeout value is too low, increase it.

  • Page 115: Unsuccessful_Unregistration (Id: 00200511)

    2.1.199. unsuccessful_unregistration Chapter 2. Log Message Reference (ID: 00200511) Log Message SIPALG: Unsuccessful registration Explanation The user failed to register. Reason: [reason]. Gateway Action drop Recommended Action None. Revision Parameters reason from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.199.

  • Page 116: Sipalg_Session_Created (Id: 00200513)

    2.1.201. sipalg_session_created (ID: Chapter 2. Log Message Reference 00200513) Revision Parameters reason from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.201. sipalg_session_created (ID: 00200513) Default Severity NOTICE Log Message SIPALG: New SIP-ALG session created Explanation New SIP-ALG session for [method] request created. Gateway Action allow Recommended Action...

  • Page 117: Failed_To_Find_Session (Id: 00200515)

    2.1.203. failed_to_find_session (ID: Chapter 2. Log Message Reference 00200515) Context Parameters ALG Module Name 2.1.203. failed_to_find_session (ID: 00200515) Default Severity ERROR Log Message SIPALG: Failed to find sipalg session Explanation Failed to find sipalg session. Reason: [reason]. Gateway Action drop Recommended Action None.

  • Page 118: Sipalg_Transaction_Created (Id: 00200520)

    2.1.206. sipalg_transaction_created Chapter 2. Log Message Reference (ID: 00200520) Explanation The SIP-ALG session state updated to [session_state] state. Gateway Action allow Recommended Action None. Revision Parameters session_state from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.206. sipalg_transaction_created (ID: 00200520) Default Severity NOTICE Log Message...

  • Page 119: Failed_To_Find_Transaction (Id: 00200522)

    2.1.208. failed_to_find_transaction Chapter 2. Log Message Reference (ID: 00200522) to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.208. failed_to_find_transaction (ID: 00200522) Default Severity WARNING Log Message SIPALG: Failed to find transaction Explanation Failed to find transaction for [method] request. Gateway Action drop Recommended Action...

  • Page 120: Sipalg_Transaction_State_Updated (Id: 00200524)

    2.1.211. no_route_found (ID: Chapter 2. Log Message Reference 00200526) 2.1.210. sipalg_transaction_state_updated (ID: 00200524) Default Severity DEBUG Log Message SIPALG: Transaction state updated Explanation A SIP-ALG transaction state has been updated to [transaction_state] state. Gateway Action allow Recommended Action None. Revision Parameters transaction_state from_uri...

  • Page 121: Failed_To_Find_Role (Id: 00200528)

    2.1.213. failed_to_find_role (ID: Chapter 2. Log Message Reference 00200528) Recommended Action The system is unstable and might require a reboot. Revision Parameters reason from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.213. failed_to_find_role (ID: 00200528) Default Severity ERROR Log Message SIPALG: Failed to find role...

  • Page 122: Failed_To_Update_Contact (Id: 00200530)

    2.1.215. failed_to_update_contact (ID: Chapter 2. Log Message Reference 00200530) destport Context Parameters ALG Module Name 2.1.215. failed_to_update_contact (ID: 00200530) Default Severity ERROR Log Message SIPALG: Failed to update contact Explanation Failed to update contact into session for [method] request. Gateway Action drop Recommended Action None.

  • Page 123: Failed_To_Modify_From (Id: 00200533)

    2.1.218. failed_to_modify_from (ID: Chapter 2. Log Message Reference 00200533) Log Message SIPALG: Failed to modify via in message Explanation Failed to modify the via header in message for [method] request. Gateway Action drop Recommended Action None. Revision Parameters method from_uri to_uri srcip srcport...

  • Page 124: Failed_To_Modify_Request (Id: 00200535)

    2.1.220. failed_to_modify_request (ID: Chapter 2. Log Message Reference 00200535) Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.220. failed_to_modify_request (ID: 00200535) Default Severity ERROR Log Message SIPALG: Failed to modify the request Explanation Failed to modify the topology info in the [method] request. Gateway Action drop Recommended Action...

  • Page 125: General_Error (Id: 00200537)

    2.1.222. general_error (ID: 00200537) Chapter 2. Log Message Reference 2.1.222. general_error (ID: 00200537) Default Severity WARNING Log Message SIPALG: General Error Explanation General error while processing message. Reason: [reason]. Gateway Action drop Recommended Action None. Revision Parameters reason from_uri to_uri srcip srcport destip...

  • Page 126: Null_Sip_Message_Received (Id: 00200540)

    2.1.225. null_sip_message_received Chapter 2. Log Message Reference (ID: 00200540) Gateway Action drop Recommended Action Change configuration to free up more RAM. Revision Parameters message 2.1.225. null_sip_message_received (ID: 00200540) Default Severity ERROR Log Message SIPALG: SIP packet reception error. Reason:<reason> Explanation Packet without data received.

  • Page 127: Dns_Resolution_Failed (Id: 00200545)

    2.1.228. dns_resolution_failed (ID: Chapter 2. Log Message Reference 00200545) Revision Parameters user_name contact Context Parameters ALG Module Name 2.1.228. dns_resolution_failed (ID: 00200545) Default Severity CRITICAL Log Message Failed to do dns resolve Explanation An attempt to resolve dns failed. Reason: [reason]. Gateway Action drop Recommended Action...

  • Page 128: Failed_To_Parse_Media (Id: 00200549)

    2.1.231. failed_to_parse_media (ID: Chapter 2. Log Message Reference 00200549) dropped. Gateway Action drop Recommended Action None. Revision Context Parameters ALG Module Name 2.1.231. failed_to_parse_media (ID: 00200549) Default Severity ERROR Log Message SIPALG: Failed to parse media Explanation Failed to parse media for the request [method]. Gateway Action drop Recommended Action...

  • Page 129: Max_Tsxn_Per_Session_Reached (Id: 00200551)

    2.1.233. max_tsxn_per_session_reached Chapter 2. Log Message Reference (ID: 00200551) Context Parameters ALG Module Name 2.1.233. max_tsxn_per_session_reached (ID: 00200551) Default Severity WARNING Log Message SIPALG: Maximum number of sessions per Service has been reached Explanation configured maximum number transaction [max_tsxn_per_session] per SIP SESSION has been reached. Gateway Action close Recommended Action...

  • Page 130: Sipalg_Callleg_Created (Id: 00200554)

    2.1.236. sipalg_callleg_created (ID: Chapter 2. Log Message Reference 00200554) Explanation Invalid session state found [session_invalid_state]. Gateway Action close Recommended Action None. Revision Parameters session_invalid_state from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.236. sipalg_callleg_created (ID: 00200554) Default Severity NOTICE Log Message SIPALG: CallLeg created...

  • Page 131: Failed_To_Find_Callleg (Id: 00200556)

    2.1.238. failed_to_find_callleg (ID: Chapter 2. Log Message Reference 00200556) to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.238. failed_to_find_callleg (ID: 00200556) Default Severity WARNING Log Message SIPALG: Failed to find callleg Explanation Failed to find callleg for [method] request. Gateway Action drop Recommended Action...

  • Page 132: Failed_To_Modify_Response (Id: 00200559)

    2.1.241. failed_to_modify_response Chapter 2. Log Message Reference (ID: 00200559) Default Severity NOTICE Log Message SIPALG: sipalg callleg deleted Explanation The callleg for [method] request is deleted. Gateway Action close Recommended Action None. Revision Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name...

  • Page 133: Failed_To_Modify_Sat_Request (Id: 00200561)

    2.1.243. failed_to_modify_sat_request Chapter 2. Log Message Reference (ID: 00200561) Recommended Action None. Revision Parameters callleg_state from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2.1.243. failed_to_modify_sat_request (ID: 00200561) Default Severity ERROR Log Message SIPALG: Failed to modify the SAT request Explanation Failed to modify requst ip to SAT destination IP in the [method] request.

  • Page 134: Failed_Create_New_Session (Id: 00200602)

    2.1.245. failed_create_new_session Chapter 2. Log Message Reference (ID: 00200602) Context Parameters ALG Module Name 2.1.245. failed_create_new_session (ID: 00200602) Default Severity CRITICAL Log Message PPTPALG: Failed to create new PPTPALG session (out of memory) Explanation An attempt to create a new PPTPALG session failed. The unit has run out of memory.

  • Page 135: Pptp_Tunnel_Removed_Client (Id: 00200605)

    2.1.248. pptp_tunnel_removed_client Chapter 2. Log Message Reference (ID: 00200605) 2.1.248. pptp_tunnel_removed_client (ID: 00200605) Default Severity NOTICE Log Message PPTPALG: PPTP tunnel between client and security gateway removed Explanation A PPTP tunnel has been removed between the PPTP client and the PPTP-ALG.

  • Page 136: Pptp_Malformed_Packet (Id: 00200609)

    2.1.252. pptp_malformed_packet (ID: Chapter 2. Log Message Reference 00200609) Default Severity NOTICE Log Message PPTPALG: PPTP session removed Explanation A PPTP session has been removed. Gateway Action None Recommended Action None. Revision Context Parameters ALG Session ID ALG Module Name 2.1.252.

  • Page 137: 2.2. Antispam

    2.2. ANTISPAM Chapter 2. Log Message Reference 2.2. ANTISPAM These log messages refer to the ANTISPAM (Anti-spam related events) category. 2.2.1. recipient_email_changed_to_drop_address (ID: 05900196) Default Severity NOTICE Log Message SMTPALG: Recipient e-mail address is changed to DNSBL Drop address Explanation "RCPT TO:"...

  • Page 138: Dnsbl_Ipcache_Remove (Id: 05900811)

    2.2.4. dnsbl_ipcache_remove (ID: Chapter 2. Log Message Reference 05900811) Revision Parameters type algname ipaddr 2.2.4. dnsbl_ipcache_remove (ID: 05900811) Default Severity NOTICE Log Message IP <ipaddr> removed from IP Cache for <algname> due to timeout Explanation An IP address was removed from the IP Cache due to timeout. Gateway Action none Recommended Action...

  • Page 139: Dnsbl_Ipcache_Add (Id: 05900814)

    2.2.7. dnsbl_ipcache_add (ID: Chapter 2. Log Message Reference 05900814) Parameters type algname ipaddr 2.2.7. dnsbl_ipcache_add (ID: 05900814) Default Severity NOTICE Log Message Session for IP <ipaddr> for <algname> is done with result <result> Explanation An IP address was added to the IP Cache. Gateway Action none Recommended Action...

  • Page 140: Dnsbl_Query_Add (Id: 05900817)

    2.2.10. dnsbl_query_add (ID: Chapter 2. Log Message Reference 05900817) algname 2.2.10. dnsbl_query_add (ID: 05900817) Default Severity NOTICE Log Message Query created for IP <ipaddr> to BlackList <blacklist> for <algname> Explanation A DNS Query was created. Gateway Action none Recommended Action None.

  • Page 141: Dnsbl_Record_Truncated (Id: 05900820)

    2.2.13. dnsbl_record_truncated (ID: Chapter 2. Log Message Reference 05900820) algname ipaddr 2.2.13. dnsbl_record_truncated (ID: 05900820) Default Severity WARNING Log Message DNSBL name not fit buffer for Session with IP <ipaddr> for <algname> Explanation DNSBL name will not fit the string buffer and will be truncated. Gateway Action none Recommended Action...

  • Page 142: 2.3. Antivirus

    2.3. ANTIVIRUS Chapter 2. Log Message Reference 2.3. ANTIVIRUS These log messages refer to the ANTIVIRUS (Anti-virus related events) category. 2.3.1. virus_found (ID: 05800001) Default Severity WARNING Log Message Virus found in file <filename>. Virus Name: <virusname>. Signature: <virussig>. Advisory ID: <advisoryid>. Explanation A virus has been detected in a data stream.

  • Page 143: Excluded_File (Id: 05800003)

    2.3.3. excluded_file (ID: 05800003) Chapter 2. Log Message Reference 2.3.3. excluded_file (ID: 05800003) Default Severity NOTICE Log Message File <filename> is excluded from scanning. Identified filetype: <filetype>. Explanation The named file will be excluded from anti-virus scanning. The filetype is present in the anti-virus scan exclusion list. Gateway Action allow_data_without_scan Recommended Action...

  • Page 144: Compression_Ratio_Violation (Id: 05800006)

    2.3.6. compression_ratio_violation Chapter 2. Log Message Reference (ID: 05800006) Explanation The file could not be scanned by the anti-virus module since the decompression of the compressed file failed. Since anti-virus is running in audit mode, the data transfer will be allowed to continue. Gateway Action allow_data Recommended Action...

  • Page 145: Compression_Ratio_Violation (Id: 05800008)

    2.3.8. compression_ratio_violation Chapter 2. Log Message Reference (ID: 05800008) resources. This can be a DOS attack. Revision Parameters filename comp_ratio [layer7_srcinfo] [layer7_dstinfo] Context Parameters ALG Module Name ALG Session ID Connection 2.3.8. compression_ratio_violation (ID: 05800008) Default Severity WARNING Log Message Compression ratio violation for file <filename>.

  • Page 146: Out_Of_Memory (Id: 05800010)

    2.3.10. out_of_memory (ID: 05800010) Chapter 2. Log Message Reference Context Parameters ALG Module Name ALG Session ID Connection 2.3.10. out_of_memory (ID: 05800010) Default Severity ERROR Log Message Out of memory Explanation Memory allocation failed. Since anti-virus is running in protect mode, the data transfer will be aborted in order to protect the receiver.

  • Page 147: No_Valid_License (Id: 05800015)

    2.3.13. no_valid_license (ID: Chapter 2. Log Message Reference 05800015) Log Message Anti-virus scan engine failed for the file: <filename> Explanation An error occured in the anti-virus scan engine. Since anti-virus is running in audit mode, the data transfer will be allowed to continue. Gateway Action allow_data Recommended Action...

  • Page 148: Out_Of_Memory (Id: 05800018)

    2.3.16. out_of_memory (ID: 05800018) Chapter 2. Log Message Reference Default Severity CRITICAL Log Message AVSE: Virus scanning aborted. General error occured during initialization. Explanation Anti-virus scanning is aborted since the scan engine returned a general error during initialization. Gateway Action av_scanning_aborted Recommended Action Try to restart the unit in order to solve this issue.

  • Page 149: Decompression_Failed_Encrypted_File (Id: 05800025)

    2.3.18. decompression_failed_encrypted_file Chapter 2. Log Message Reference (ID: 05800025) ALG Session ID Connection 2.3.18. decompression_failed_encrypted_file (ID: 05800025) Default Severity WARNING Log Message Decompression failed for file <filename>. The file is encrypted. Explanation The file could not be scanned by the anti-virus module since the compressed file is encrypted with password protection.

  • Page 150: Unknown_Encoding (Id: 05800184)

    2.3.21. unknown_encoding (ID: Chapter 2. Log Message Reference 05800184) Default Severity WARNING Log Message SMTPALG: Content transfer encoding is unknown or not present. Explanation Antivirus module cannot scan the attachment since the transfer encoding is missing or unknown. Fail Mode is allow so data is allowed without scanning.
  • Page 151 2.3.22. unknown_encoding (ID: Chapter 2. Log Message Reference 05800185) Revision Parameters filename unknown_content_transfer_encoding sender_email_address Context Parameters ALG Module Name ALG Session ID...

  • Page 152: 2.4. Arp

    2.4. ARP Chapter 2. Log Message Reference 2.4. ARP These log messages refer to the ARP (ARP events) category. 2.4.1. already_exists (ID: 00300001) Default Severity NOTICE Log Message An entry for this IP address already exists Explanation The entry was not added as a previous entry for this IP address already exists in the ARP table.

  • Page 153: Arp_Response_Broadcast (Id: 00300004)

    2.4.4. arp_response_broadcast (ID: Chapter 2. Log Message Reference 00300004) 2.4.4. arp_response_broadcast (ID: 00300004) Default Severity NOTICE Log Message ARP response is a broadcast address Explanation The ARP response has a sender address which is a broadcast address. Allowing. Gateway Action allow Recommended Action If this is not the desired behaviour, modify the configuration.

  • Page 154: Mismatching_Hwaddrs_Drop (Id: 00300007)

    2.4.8. hwaddr_change (ID: 00300008) Chapter 2. Log Message Reference 2.4.7. mismatching_hwaddrs_drop (ID: 00300007) Default Severity NOTICE Log Message ARP hw sender does not match Ethernet hw sender. Dropping Explanation The hardware sender address specified in the ARP data does not match the Ethernet hardware sender address.

  • Page 155: Arp_Resolution_Success (Id: 00300020)

    2.4.10. arp_resolution_success (ID: Chapter 2. Log Message Reference 00300020) 2.4.10. arp_resolution_success (ID: 00300020) Default Severity NOTICE Log Message ARP entry was added to the ARP cache. Explanation ARP entry was added to the ARP cache. Gateway Action added_entry Recommended Action None.

  • Page 156: Arp_Access_Allowed_Expect (Id: 00300050)

    2.4.14. impossible_hw_address (ID: Chapter 2. Log Message Reference 00300051) 2.4.13. arp_access_allowed_expect (ID: 00300050) Default Severity NOTICE Log Message Allowed by expect rule in access section Explanation The ARP sender IP address is verified by an expect rule in the access section.

  • Page 157: Arp_Collides_With_Static (Id: 00300054)

    2.4.17. arp_collides_with_static (ID: Chapter 2. Log Message Reference 00300054) Default Severity NOTICE Log Message ARP response is a multicast address. Dropping Explanation The ARP response has a sender address which is a multicast address. This might be the case if there are load balancing network equipment in the network.
  • Page 158 2.4.18. hwaddr_change_drop (ID: Chapter 2. Log Message Reference 00300055) knownhw newhw Context Parameters Rule Name Packet Buffer...

  • Page 159: 2.5. Avupdate

    2.5. AVUPDATE Chapter 2. Log Message Reference 2.5. AVUPDATE These log messages refer to the AVUPDATE (Antivirus Signature update) category. 2.5.1. av_db_update_failure (ID: 05000001) Default Severity ALERT Log Message Update of the Anti-virus database failed, because of <reason> Explanation The unit tried to update the anti-virus database, but failed. The reason for this is specified in the "reason"...

  • Page 160: Av_Detects_Invalid_System_Time (Id: 05000005)

    2.5.5. av_detects_invalid_system_time Chapter 2. Log Message Reference (ID: 05000005) Log Message Anti-virus database could not be updated, as no valid subscription exist Explanation The current license does not allow the anti-virus database to be updated. Gateway Action None Recommended Action Check the system's time and/or purchase a subscription.
  • Page 161 2.5.7. unsynced_databases (ID: Chapter 2. Log Message Reference 05000008) Gateway Action downloading_new_database Recommended Action None. Revision...

  • Page 162: 2.6. Blacklist

    2.6. BLACKLIST Chapter 2. Log Message Reference 2.6. BLACKLIST These log messages refer to the BLACKLIST (Blacklist events) category. 2.6.1. failed_to_write_list_of_blocked_hosts_to_media (ID: 04600001) Default Severity CRITICAL Log Message Failed to write list of blocked hosts to media Explanation Failed to write list of blocked hosts to media. The media might be corrupted.

  • Page 163: Host_Blacklisted (Id: 04600006)

    2.6.5. host_blacklisted (ID: 04600006) Chapter 2. Log Message Reference Default Severity NOTICE Log Message Blacklist entry removed. Protocol: <proto>, IP: <ip>, Port: <port>. Explanation A blacklist entry has been removed. Gateway Action None Recommended Action None. Revision Parameters proto port 2.6.5.

  • Page 164: 2.7. Buffers

    2.7. BUFFERS Chapter 2. Log Message Reference 2.7. BUFFERS These log messages refer to the BUFFERS (Events regarding buffer usage) category. 2.7.1. buffers_flooded (ID: 00500001) Default Severity WARNING Log Message The buffers were flooded for <duration> seconds. Current usage is <buf_usage>...

  • Page 165: 2.8. Conn

    2.8. CONN Chapter 2. Log Message Reference 2.8. CONN These log messages refer to the CONN (State engine events, e.g. open/close connections) category. 2.8.1. conn_open (ID: 00600001) Default Severity INFORMATIONAL Log Message Connection opened Explanation A connection has been opened. Gateway Action None Recommended Action...

  • Page 166: Conn_Open_Natsat (Id: 00600004)

    2.8.4. conn_open_natsat (ID: Chapter 2. Log Message Reference 00600004) Context Parameters Rule Name Connection 2.8.4. conn_open_natsat (ID: 00600004) Default Severity INFORMATIONAL Log Message Connection opened Explanation A connection has been opened. Gateway Action None Recommended Action None. Revision Context Parameters Rule Information Connection Packet Buffer...

  • Page 167: Out_Of_Connections (Id: 00600011)

    2.8.7. out_of_connections (ID: Chapter 2. Log Message Reference 00600011) 2.8.7. out_of_connections (ID: 00600011) Default Severity WARNING Log Message Out of connections. Dropping connection attempt Explanation The connection table is currently full, and this new connection attempt will be dropped. Gateway Action drop Recommended Action None.

  • Page 168: No_Return_Route (Id: 00600014)

    2.8.10. no_return_route (ID: 00600014) Chapter 2. Log Message Reference Parameters protocol Context Parameters Rule Name Packet Buffer 2.8.10. no_return_route (ID: 00600014) Default Severity WARNING Log Message Failed to open a new connection since a return route to the sender address cant be found. Dropping packet Explanation There was no return route found to the sender address of the packet.

  • Page 169: Port_0_Illegal (Id: 00600020)

    2.8.13. port_0_illegal (ID: 00600020) Chapter 2. Log Message Reference Gateway Action drop Recommended Action None. Revision Parameters protocol Context Parameters Rule Name Packet Buffer 2.8.13. port_0_illegal (ID: 00600020) Default Severity WARNING Log Message TCP/UDP destination port or TCP source port was set to 0. Dropping Explanation The TCP/UDP destination or TCP source port was set to 0, which is not allowed.

  • Page 170: Conn_Usage (Id: 00600023)

    2.8.16. conn_usage (ID: 00600023) Chapter 2. Log Message Reference Gateway Action none Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.8.16. conn_usage (ID: 00600023) Default Severity INFORMATIONAL Log Message Connection used to forward a packet. Explanation A packet has passed through the connection. Gateway Action None Recommended Action...

  • Page 171: Active_Data (Id: 00600102)

    2.8.19. active_data (ID: 00600102) Chapter 2. Log Message Reference Revision Context Parameters ALG Module Name ALG Session ID Rule Information Connection 2.8.19. active_data (ID: 00600102) Default Severity INFORMATIONAL Log Message FTPALG: Active data channel closed Explanation An active data channel was closed. Gateway Action None Recommended Action...

  • Page 172: 2.9. Dhcp

    2.9. DHCP Chapter 2. Log Message Reference 2.9. DHCP These log messages refer to the DHCP (DHCP client events) category. 2.9.1. offered_ip_occupied (ID: 00700001) Default Severity NOTICE Log Message Interface <iface> received a lease with an offered IP that appear to be occupied (<ip4addr>) Explanation Received a DHCP lease which appears to be in use by someone else.

  • Page 173: Renewed_Lease (Id: 00700004)

    2.9.4. renewed_lease (ID: 00700004) Chapter 2. Log Message Reference Parameters iface netmask bcast Context Parameters Packet Buffer 2.9.4. renewed_lease (ID: 00700004) Default Severity NOTICE Log Message Interface <iface> have renewed its lease. The new lease is valid for <valid_seconds> seconds Explanation An interface have successfully renewed its lease.

  • Page 174: Invalid_Server_Id (Id: 00700008)

    2.9.7. invalid_server_id (ID: 00700008) Chapter 2. Log Message Reference Recommended Action Check the DHCP server configuration or adjust the minimum leasetime limit. Revision Parameters iface lease_time minimum_lease_time Context Parameters Packet Buffer 2.9.7. invalid_server_id (ID: 00700008) Default Severity WARNING Log Message Interface <iface>...

  • Page 175: Invalid_Offered_Ip (Id: 00700011)

    2.9.10. invalid_offered_ip (ID: Chapter 2. Log Message Reference 00700011) (<broadcast>) Explanation An interface received a lease with an invalid broadcast address. Gateway Action drop Recommended Action Check DHCP server configuration. Revision Parameters iface broadcast Context Parameters Packet Buffer 2.9.10. invalid_offered_ip (ID: 00700011) Default Severity WARNING Log Message...

  • Page 176: Ip_Collision (Id: 00700014)

    2.9.13. ip_collision (ID: 00700014) Chapter 2. Log Message Reference Default Severity WARNING Log Message Interface <iface> received a lease where the offered broadcast equals the offered gateway Explanation An interface received a lease where the offered broadcast address is equal with the offered gateway address. Gateway Action drop Recommended Action...
  • Page 177 2.9.14. route_collision (ID: 00700015) Chapter 2. Log Message Reference Parameters iface dhcp_route configured_route Context Parameters Packet Buffer...

  • Page 178: 2.10. Dhcprelay

    2.10. DHCPRELAY Chapter 2. Log Message Reference 2.10. DHCPRELAY These log messages refer to the DHCPRELAY (DHCP relayer events) category. 2.10.1. unable_to_save_dhcp_relay_list (ID: 00800001) Default Severity WARNING Log Message Unable to auto save the DHCP relay list to disk Explanation Unable to autosave the DHCP relay list to disk.

  • Page 179: Maximum_Ppm_For_Relayer_Reached (Id: 00800005)

    2.10.5. maximum_ppm_for_relayer_reached Chapter 2. Log Message Reference (ID: 00800005) Log Message Incorrect BOOTP/DHCP cookie. Dropping Explanation Received a packet with an incorrect BOOTP/DHCP cookie. Gateway Action drop Recommended Action Investigate what client implementation is being used. Revision Context Parameters Packet Buffer 2.10.5.

  • Page 180: Client_Release (Id: 00800008)

    2.10.8. client_release (ID: 00800008) Chapter 2. Log Message Reference Explanation The maxmimum hop limit for the DHCP packet have been reached. Gateway Action None Recommended Action Verify maximum-hop-limit setting. Revision Context Parameters Packet Buffer 2.10.8. client_release (ID: 00800008) Default Severity WARNING Log Message Client <client_ip>...

  • Page 181: Unable_To_Add_Relay_Route_Since_Out_Of_Memory (Id: 00800011)

    2.10.11. unable_to_add_relay_route_since_out_of_memory Chapter 2. Log Message Reference (ID: 00800011) Gateway Action drop Recommended Action Verify max-relay-routes-limit. Revision Context Parameters Rule Name 2.10.11. unable_to_add_relay_route_since_out_of_memory (ID: 00800011) Default Severity ERROR Log Message Internal Error: Out of memory: Can't add DHCP relay route. Dropping Explanation Unable to add DHCP relay route since out of memory.

  • Page 182: Bad_Inform_Pkt_With_Mismatching_Source_Ip_And_Client_Ip (Id: 00800014)

    2.10.14. bad_inform_pkt_with_mismatching_source_ip_and_client_ip Chapter 2. Log Message Reference (ID: 00800014) Context Parameters Rule Name Packet Buffer 2.10.14. bad_inform_pkt_with_mismatching_source_ip_and_client_ip (ID: 00800014) Default Severity WARNING Log Message INFORM packet did not pass through a relayer but the packet source ip and the client ip doesnt match. Dropping Explanation Received non relayed INFORM DHCP packet with illegally mismatching source and client IP.

  • Page 183: Dhcp_Server_Is_Unroutable (Id: 00800017)

    2.10.17. dhcp_server_is_unroutable Chapter 2. Log Message Reference (ID: 00800017) Recommended Action Verify max-relay-per-interface setting. Revision Parameters max_relays Context Parameters Rule Name Packet Buffer 2.10.17. dhcp_server_is_unroutable (ID: 00800017) Default Severity WARNING Log Message BOOTP/DHCP-server at <dest_ip> is unroutable. Dropping Explanation Unable to find route to specified DHCP server. Gateway Action drop Recommended Action...

  • Page 184: Relayed_Request (Id: 00800020)

    2.10.20. relayed_request (ID: Chapter 2. Log Message Reference 00800020) Gateway Action drop Recommended Action Investigate what client implementation is being used. Revision Parameters gateway_ip Context Parameters Rule Name Packet Buffer 2.10.20. relayed_request (ID: 00800020) Default Severity NOTICE Log Message Relayed DHCP-request <type> from client <client_hw> to <dest_ip> Explanation Relayed a DHCP request.

  • Page 185: Assigned_Ip_Not_Allowed (Id: 00800023)

    2.10.23. assigned_ip_not_allowed (ID: Chapter 2. Log Message Reference 00800023) Default Severity WARNING Log Message Received reply for client <client_hw> on a non security equivalent interface. Dropping Explanation Received a reply for a client on a non security equivalent interface. Gateway Action drop Recommended Action Verify security-equivalent-interface setting.

  • Page 186: Ambiguous_Host_Route (Id: 00800025)

    2.10.25. ambiguous_host_route (ID: Chapter 2. Log Message Reference 00800025) Context Parameters Rule Name Packet Buffer 2.10.25. ambiguous_host_route (ID: 00800025) Default Severity WARNING Log Message A host route for <dest_ip> already exists which points to another interface. Dropping Explanation An ambiguous host route indicating another interface was detected trying to setup a dynamic hostroute for a client.

  • Page 187: Relayed_Dhcp_Reply (Id: 00800028)

    2.10.28. relayed_dhcp_reply (ID: Chapter 2. Log Message Reference 00800028) Revision Parameters client_hw Context Parameters Rule Name Packet Buffer 2.10.28. relayed_dhcp_reply (ID: 00800028) Default Severity NOTICE Log Message Relayed DHCP-reply <type> to gateway <gateway_ip> Explanation Relayed DHCP reply to a gateway. Gateway Action None Recommended Action...

  • Page 188: 2.11. Dhcpserver

    2.11. DHCPSERVER Chapter 2. Log Message Reference 2.11. DHCPSERVER These log messages refer to the DHCPSERVER (DHCP server events) category. 2.11.1. unable_to_send_response (ID: 00900001) Default Severity WARNING Log Message Failed to get buffer for sending. Unable to reply Explanation Unable to get a buffer for sending. Gateway Action None Recommended Action...

  • Page 189: Dhcp_Packet_Too_Small (Id: 00900005)

    2.11.5. dhcp_packet_too_small (ID: Chapter 2. Log Message Reference 00900005) Explanation The lease database was successfully saved to disk. Gateway Action None Recommended Action None. Revision 2.11.5. dhcp_packet_too_small (ID: 00900005) Default Severity WARNING Log Message Received DHCP packet which is smaller then the minimum allowed 300 bytes.

  • Page 190: Request_For_Ip_From_Non_Bound_Client_Without_State (Id: 00900008)

    2.11.8. request_for_ip_from_non_bound_client_without_state Chapter 2. Log Message Reference (ID: 00900008) Explanation Received a request from a bound client without state. Gateway Action reject Recommended Action None. Revision Parameters client client_ip Context Parameters Packet Buffer 2.11.8. request_for_ip_from_non_bound_client_without_state (ID: 00900008) Default Severity WARNING Log Message Received a request from client(not in bound) <client>...

  • Page 191: Lease_Timeout (Id: 00900012)

    2.11.11. lease_timeout (ID: 00900012) Chapter 2. Log Message Reference Explanation Received request with bad UDP checksum. Gateway Action drop Recommended Action Check network equipment for errors. Revision Context Parameters Packet Buffer 2.11.11. lease_timeout (ID: 00900012) Default Severity NOTICE Log Message Lease for IP <client_ip>...

  • Page 192: Sending_Offer (Id: 00900015)

    2.11.14. sending_offer (ID: 00900015) Chapter 2. Log Message Reference Gateway Action None Recommended Action Extend the pools to support more clients. Revision Context Parameters Rule Name Packet Buffer 2.11.14. sending_offer (ID: 00900015) Default Severity NOTICE Log Message Received DISCOVER from client <client_hw>. Sending IP offer <offer_ip>...

  • Page 193: Request_For_Non_Bound_Ip (Id: 00900018)

    2.11.17. request_for_non_bound_ip Chapter 2. Log Message Reference (ID: 00900018) Recommended Action None. Revision Parameters client_hw client_wanted client_offered Context Parameters Rule Name Packet Buffer 2.11.17. request_for_non_bound_ip (ID: 00900018) Default Severity WARNING Log Message Client <client_hw> requested non bound IP. Rejecting Explanation Client requested a non bound IP.

  • Page 194: Got_Inform_Request (Id: 00900021)

    2.11.20. got_inform_request (ID: Chapter 2. Log Message Reference 00900021) Log Message Client <client_hw> renewed IP <client_ip> Explanation Client successfully renewed its lease. Gateway Action renew Recommended Action None. Revision Parameters client_hw client_ip Context Parameters Rule Name Packet Buffer 2.11.20. got_inform_request (ID: 00900021) Default Severity NOTICE Log Message...

  • Page 195: Decline_For_Non_Offered_Ip (Id: 00900023)

    2.11.22. decline_for_non_offered_ip Chapter 2. Log Message Reference (ID: 00900023) 2.11.22. decline_for_non_offered_ip (ID: 00900023) Default Severity NOTICE Log Message Client <client_hw> declined non offered IP. Decline is ignored Explanation Client rejected non a offered IP. Gateway Action None Recommended Action None. Revision Parameters client_hw...

  • Page 196: Release_For_Ip_On_Wrong_Iface (Id: 00900026)

    2.11.25. release_for_ip_on_wrong_iface Chapter 2. Log Message Reference (ID: 00900026) Parameters client client_ip Context Parameters Packet Buffer 2.11.25. release_for_ip_on_wrong_iface (ID: 00900026) Default Severity WARNING Log Message Got release for ip <client_ip> on wrong interface (recv: <recv_if>, lease: <client_if>). Decline is ignored Explanation Got release from a client on the wrong interface.

  • Page 197: 2.12. Dynrouting

    2.12. DYNROUTING Chapter 2. Log Message Reference 2.12. DYNROUTING These log messages refer to the DYNROUTING (Dynamic routing) category. 2.12.1. failed_to_export_route_to_ospf_process_failed_to_alloc (ID: 01100001) Default Severity CRITICAL Log Message Failed to export route to OSPF process (unable to alloc export node) Explanation Unable to export route to a OSPF process since out of memory.

  • Page 198: Failed_To_Add_Route_Unable_To_Alloc (Id: 01100004)

    2.12.4. failed_to_add_route_unable_to_alloc Chapter 2. Log Message Reference (ID: 01100004) Context Parameters Dynamic Route Rule Name Route 2.12.4. failed_to_add_route_unable_to_alloc (ID: 01100004) Default Severity CRITICAL Log Message Failed to add route (unable to alloc route) Explanation Failed to create a route since out of memory. Gateway Action alert Recommended Action...
  • Page 199 2.12.6. route_removed (ID: 01100006) Chapter 2. Log Message Reference Route...

  • Page 200: 2.13. Frag

    2.13. FRAG Chapter 2. Log Message Reference 2.13. FRAG These log messages refer to the FRAG (Fragmentation events) category. 2.13.1. individual_frag_timeout (ID: 02000001) Default Severity WARNING Log Message Individual fragment timed out. Explanation A fragment of an IP packet timed out, and is dropped. Gateway Action drop Recommended Action...

  • Page 201: Fail_Out_Of_Resources (Id: 02000004)

    2.13.4. fail_out_of_resources (ID: Chapter 2. Log Message Reference 02000004) Parameters srcip destip ipproto fragid fragact frags Context Parameters Dropped Fragments Rule Name 2.13.4. fail_out_of_resources (ID: 02000004) Default Severity CRITICAL Log Message Out of reassembly resources. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact> Explanation Out of fragmentation-reassembly resources when processing the IP packet.

  • Page 202: Fail_Timeout (Id: 02000006)

    2.13.6. fail_timeout (ID: 02000006) Chapter 2. Log Message Reference Context Parameters Dropped Fragments Rule Name 2.13.6. fail_timeout (ID: 02000006) Default Severity CRITICAL Log Message Time out reassembling. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact> Explanation Timed out when reassembling a fragmented IP packet. Dropping packet.

  • Page 203: Drop_Frags_Of_Illegal_Packet (Id: 02000009)

    2.13.9. drop_frags_of_illegal_packet Chapter 2. Log Message Reference (ID: 02000009) Default Severity WARNING Log Message Dropping stored fragments of disallowed packet. Frags: <frags>. <srcip>-<destip> <ipproto> FragID: <fragid>, State: <fragact> Explanation The fragments of a disallowed IP packet were dropped. Gateway Action drop Recommended Action None.

  • Page 204: Learn_State (Id: 02000011)

    2.13.11. learn_state (ID: 02000011) Chapter 2. Log Message Reference Explanation A completed reassembled IP packet contains extraneous fragments, which are dropped. Gateway Action drop Recommended Action None. Revision Parameters srcip destip ipproto fragid fragact frags Context Parameters Dropped Fragments Rule Name 2.13.11.

  • Page 205: Drop_Duplicate_Frag (Id: 02000013)

    2.13.14. frag_offset_plus_length_not_in_range Chapter 2. Log Message Reference (ID: 02000014) 2.13.13. drop_duplicate_frag (ID: 02000013) Default Severity WARNING Log Message Dropping duplicate fragment Explanation A duplicate fragment of an IP packet was received. Dropping the duplicate fragment. Gateway Action drop Recommended Action None.

  • Page 206: Bad_Ipdatalen (Id: 02000016)

    2.13.16. bad_ipdatalen (ID: 02000016) Chapter 2. Log Message Reference Packet Buffer 2.13.16. bad_ipdatalen (ID: 02000016) Default Severity ERROR Log Message Bad IPDataLen=<ipdatalen> Explanation The partly reassembled IP packet has an invalid IP data length. Dropping packet. Gateway Action drop Recommended Action None.

  • Page 207: Bad_Offs (Id: 02000019)

    2.13.19. bad_offs (ID: 02000019) Chapter 2. Log Message Reference Revision Context Parameters Rule Name Packet Buffer 2.13.19. bad_offs (ID: 02000019) Default Severity ERROR Log Message Bad fragment offset Explanation The fragment has an invalid offset. Dropping packet. Gateway Action drop Recommended Action None.

  • Page 208: Partial_Overlap (Id: 02000022)

    2.13.22. partial_overlap (ID: 02000022) Chapter 2. Log Message Reference Context Parameters Rule Name Packet Buffer 2.13.22. partial_overlap (ID: 02000022) Default Severity ERROR Log Message Fragments partially overlap Explanation Two fragments partially overlap. Dropping packet. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name...

  • Page 209: Already_Completed (Id: 02000025)

    2.13.25. already_completed (ID: Chapter 2. Log Message Reference 02000025) 2.13.25. already_completed (ID: 02000025) Default Severity ERROR Log Message Dropping extraneous fragment of completed packet Explanation A completed reassembled IP packet contains a extraneous fragment, which is dropped. Gateway Action drop Recommended Action None.

  • Page 210: Fragments_Available_Freeing (Id: 02000100)

    2.13.29. fragments_available_freeing Chapter 2. Log Message Reference (ID: 02000100) Default Severity WARNING Log Message Dropping fragment of illegal packet Explanation A fragment of an illegal IP packet is dropped. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.13.29.

  • Page 211: Bad_Offs (Id: 02000119)

    2.13.32. bad_offs (ID: 02000119) Chapter 2. Log Message Reference Log Message Illegal fragment, last fragment with zero offset. Dropping packet. Explanation A fragment with More Fragments flag cleared and an Offset of zero is not a legal fragment. Dropping packet. Gateway Action drop Recommended Action...

  • Page 212: 2.14. Gre

    2.14. GRE Chapter 2. Log Message Reference 2.14. GRE These log messages refer to the GRE (GRE events) category. 2.14.1. failed_to_setup_gre_tunnel (ID: 02200001) Default Severity WARNING Log Message Failed to setup open tunnel from <local_ip> to <remote_ip> Explanation Unable to setup GRE tunnel with endpoint. Gateway Action drop Recommended Action...

  • Page 213: Gre_Length_Error (Id: 02200005)

    2.14.5. gre_length_error (ID: Chapter 2. Log Message Reference 02200005) Default Severity WARNING Log Message GRE packet with checksum error. Packet dropped Explanation Received GRE packet with checksum errors. Gateway Action drop Recommended Action Check network equipment for errors. Revision Context Parameters Packet Buffer 2.14.5.

  • Page 214: Gre_Routing_Flag_Set (Id: 02200008)

    2.14.8. gre_routing_flag_set (ID: Chapter 2. Log Message Reference 02200008) Recommended Action Check GRE session key settings on the remote gateway. Revision Parameters session_key Context Parameters Packet Buffer 2.14.8. gre_routing_flag_set (ID: 02200008) Default Severity WARNING Log Message Received GRE packet with routing flag set. Packet dropped Explanation Received GRE packet with unsupported routing option enabled.

  • Page 215: Peer_Gone (Id: 01200001)

    2.15. HA Chapter 2. Log Message Reference 2.15. HA These log messages refer to the HA (High Availability events) category. 2.15.1. peer_gone (ID: 01200001) Default Severity NOTICE Log Message Peer firewall disappeared. Going active Explanation The peer gateway (which was active) is not available anymore. This gateway will now go active instead.

  • Page 216: Peer_Has_Lower_Local_Load (Id: 01200005)

    2.15.5. peer_has_lower_local_load Chapter 2. Log Message Reference (ID: 01200005) Explanation Both memebrs are active, but the peer has higher local load. This gateway will stay active. Gateway Action stay_active Recommended Action None. Revision 2.15.5. peer_has_lower_local_load (ID: 01200005) Default Severity NOTICE Log Message Both active, peer has lower local load;...

  • Page 217: Peer_Has_More_Connections (Id: 01200009)

    2.15.9. peer_has_more_connections Chapter 2. Log Message Reference (ID: 01200009) Default Severity NOTICE Log Message Conflict: Both peers are inactive! Resolving... Explanation A conflict occured as both peers are inactive at the same time. The conflict will automatically be resolved. Gateway Action None Recommended Action None.

  • Page 218: Heartbeat_From_Unknown (Id: 01200043)

    2.15.12. heartbeat_from_unknown (ID: Chapter 2. Log Message Reference 01200043) Revision 2.15.12. heartbeat_from_unknown (ID: 01200043) Default Severity WARNING Log Message Received HA heartbeat from unknown IP. Dropping Explanation The received HA heartbeat packet was originating from an unknown IP. The packet will be dropped. Gateway Action drop Recommended Action...

  • Page 219: Merge_Failed (Id: 01200051)

    2.15.16. ha_commit_error (ID: Chapter 2. Log Message Reference 01200052) 2.15.15. merge_failed (ID: 01200051) Default Severity WARNING Log Message Failed to merge configuration from HA partner Explanation The gateway failed to merge the configuration that was received from the peer. Gateway Action ha_merge_conf Recommended Action None.

  • Page 220: Linkmon_Triggered_Failover (Id: 01200055)

    2.15.19. linkmon_triggered_failover Chapter 2. Log Message Reference (ID: 01200055) Recommended Action None. Revision 2.15.19. linkmon_triggered_failover (ID: 01200055) Default Severity NOTICE Log Message HA node going inactive. <reason> Explanation Linkmon requested the node to go inactive. Gateway Action None Recommended Action None.

  • Page 221: Hasync_Connection_Disconnected_Lifetime_Expired (Id: 01200201)

    2.15.23. hasync_connection_failed_timeout Chapter 2. Log Message Reference (ID: 01200202) 2.15.22. hasync_connection_disconnected_lifetime_expired (ID: 01200201) Default Severity NOTICE Log Message HASync connection lifetime expired. Reconnecting... Explanation The HA syncronization connection lifetime has expired. A new connection will be establised by reconnecting to the peer. Gateway Action reconnect Recommended Action...

  • Page 222: Sync_Packet_On_Nonsync_Iface (Id: 01200410)

    2.15.26. sync_packet_on_nonsync_iface Chapter 2. Log Message Reference (ID: 01200410) Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.15.26. sync_packet_on_nonsync_iface (ID: 01200410) Default Severity WARNING Log Message Received state sync packet on non-sync iface. Dropping Explanation A HA state sync packet was recieved on a non-sync interface.

  • Page 223: Config_Sync_Failure (Id: 01200500)

    2.15.29. config_sync_failure (ID: Chapter 2. Log Message Reference 01200500) Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.15.29. config_sync_failure (ID: 01200500) Default Severity CRITICAL Log Message Tried to synchronize configuration to peer 3 times without success. Giving up. Explanation The gateway tried to synchronize the configuration to peer three times, but failed.

  • Page 224: Action=Going_Online (Id: 01200618)

    2.15.32. action=going_online (ID: Chapter 2. Log Message Reference 01200618) 2.15.32. action=going_online (ID: 01200618) Default Severity NOTICE Log Message Ha unit going online. Explanation Ha unit going online. Gateway Action None Recommended Action None. Revision Parameters previous_shutdown=...

  • Page 225: Hwm

    2.16. HWM Chapter 2. Log Message Reference 2.16. HWM These log messages refer to the HWM (Hardware monitor events) category. 2.16.1. temperature_alarm (ID: 04000011) Default Severity WARNING Log Message Temperature monitor <index> (<name>) is outside the specified limit. Current value is <current_temp> <unit>, lower limit is <min_limit>, upper limit is <max_limit>...

  • Page 226: Voltage_Normal (Id: 04000022)

    2.16.4. voltage_normal (ID: 04000022) Chapter 2. Log Message Reference Log Message Voltage monitor <index> (<name>) is outside the specified limit. Current value is <current_voltage> <unit>, lower limit is <min_limit>, upper limit is <max_limit> Explanation The powersupply of this unit may be failing. Gateway Action none Recommended Action...

  • Page 227: Fanrpm_Normal (Id: 04000032)

    2.16.6. fanrpm_normal (ID: 04000032) Chapter 2. Log Message Reference Parameters index name unit current_fanrpm min_limit max_limit 2.16.6. fanrpm_normal (ID: 04000032) Default Severity WARNING Log Message Fan RPM monitor <index> (<name>) is outside the specified limit. Current value is <current_fanrpm> <unit>, lower limit is <min_limit>, upper limit is <max_limit>...

  • Page 228: Free_Memory_Warning_Level (Id: 04000101)

    2.16.9. free_memory_warning_level Chapter 2. Log Message Reference (ID: 04000101) Default Severity WARNING Log Message Temperature monitor <index> (<name>) is outside the specified limit. Current value is <current_gpio> <unit>, lower limit is <min_limit>, upper limit is <max_limit> Explanation The sensor reports that the GPIO value is back inte the normal range. Gateway Action None Recommended Action...

  • Page 229: Free_Memory_Normal_Level (Id: 04000103)

    2.16.11. free_memory_normal_level Chapter 2. Log Message Reference (ID: 04000103) memory consumption. Revision Parameters limit_megabyte total_mem free_mem free_percentage severity 2.16.11. free_memory_normal_level (ID: 04000103) Default Severity NOTICE Log Message The amount of free memory is in the normal range, free <free_mem> MB of total <total_mem> MB, percentage free <free_percentage> Explanation The memory usage is in the normal range.

  • Page 230: 2.17. Idp

    2.17. IDP Chapter 2. Log Message Reference 2.17. IDP These log messages refer to the IDP (Intrusion Detection & Prevention events) category. 2.17.1. scan_detected (ID: 01300001) Default Severity NOTICE Log Message Scan detected: <description>, Signature ID=<signatureid>. ID Rule: <idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port: <srcport>.

  • Page 231: Intrusion_Detected (Id: 01300003)

    2.17.3. intrusion_detected (ID: Chapter 2. Log Message Reference 01300003) srcip srcport destip destport Context Parameters Rule Name Deep Inspection 2.17.3. intrusion_detected (ID: 01300003) Default Severity WARNING Log Message Intrusion detected: <description>, Signature ID=<signatureid>. ID Rule: <idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port: <srcport>.

  • Page 232: Scan_Detected (Id: 01300005)

    2.17.5. scan_detected (ID: 01300005) Chapter 2. Log Message Reference srcip srcport destip destport Context Parameters Rule Name Deep Inspection 2.17.5. scan_detected (ID: 01300005) Default Severity NOTICE Log Message Scan detected: <description>, Signature ID=<signatureid>. ID Rule: <idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port: <srcport>.

  • Page 233: Intrusion_Detected (Id: 01300007)

    2.17.7. intrusion_detected (ID: Chapter 2. Log Message Reference 01300007) srcport destip destport Context Parameters Rule Name Deep Inspection 2.17.7. intrusion_detected (ID: 01300007) Default Severity NOTICE Log Message Intrusion detected: <description>, Signature ID=<signatureid>. ID Rule: <idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port: <srcport>.

  • Page 234: Invalid_Url_Format (Id: 01300009)

    2.17.9. invalid_url_format (ID: Chapter 2. Log Message Reference 01300009) destport Context Parameters Rule Name Deep Inspection 2.17.9. invalid_url_format (ID: 01300009) Default Severity ERROR Log Message Failed to parse the HTTP URL. ID Rule: <idrule>. URL: <url>. Source IP: <srcip>. Source Port: <srcport>. Destination IP: <destip>. Destination Port: <destport>.

  • Page 235: Idp_Evasion (Id: 01300011)

    2.17.11. idp_evasion (ID: 01300011) Chapter 2. Log Message Reference 2.17.11. idp_evasion (ID: 01300011) Default Severity ERROR Log Message Failed to reassemble data. ID Rule: <idrule>. Source IP: <srcip>. Source Port: <srcport>. Destination IP: <destip>. Destination Port: <destport>. Closing connection. Explanation The unit failed to reassemble data.

  • Page 236: Idp_Outofmem (Id: 01300014)

    2.17.14. idp_outofmem (ID: 01300014) Chapter 2. Log Message Reference <destport>. Closing connection. Explanation The unit failed to scan data. The reason for this is due to low amount of memory. Gateway Action close Recommended Action Review your configuration. Revision Parameters idrule srcip srcport...

  • Page 237: Idp_Failscan (Id: 01300016)

    2.17.16. idp_failscan (ID: 01300016) Chapter 2. Log Message Reference Revision Parameters idrule srcip srcport destip destport reason Context Parameters Rule Name 2.17.16. idp_failscan (ID: 01300016) Default Severity ERROR Log Message Failed to scan data. ID Rule: <idrule>. Source IP: <srcip>. Source Port: <srcport>.

  • Page 238: 2.18. Idppipes

    2.18. IDPPIPES Chapter 2. Log Message Reference 2.18. IDPPIPES These log messages refer to the IDPPIPES (IDP Traffic Shaping events) category. 2.18.1. conn_idp_piped (ID: 06100001) Default Severity WARNING Log Message IDP Pipe event triggered. Throughput limited to <limit> Explanation An IDP rule with Pipe event triggered on the specified connection. The connection is piped to [limit] kbps.

  • Page 239: Idp_Piped_State_Replaced (Id: 06100004)

    2.18.4. idp_piped_state_replaced (ID: Chapter 2. Log Message Reference 06100004) Recommended Action Issue the "memory" CLI command and check for modules with abnormal memory consumption. Otherwise, revise configuration in order to free more RAM. Revision 2.18.4. idp_piped_state_replaced (ID: 06100004) Default Severity DEBUG Log Message Replaced IDP pipe host entry <replaced_host>...

  • Page 240: Conn_Idp_Piped (Id: 06100007)

    2.18.7. conn_idp_piped (ID: 06100007) Chapter 2. Log Message Reference Parameters limit Context Parameters Connection 2.18.7. conn_idp_piped (ID: 06100007) Default Severity WARNING Log Message IDP dynamic pipe state found. Throughput limited to <limit> Explanation A new connection is piped to [limit] kbps since either the source or destination IP is dynamically throttled by IDP dynamic pipe state.

  • Page 241: 2.19. Idpupdate

    2.19. IDPUPDATE Chapter 2. Log Message Reference 2.19. IDPUPDATE These log messages refer to the IDPUPDATE (Intrusion Detection & Prevention Database update) category. 2.19.1. idp_db_update_failure (ID: 01400001) Default Severity ALERT Log Message Update of the Intrusion Detection & Prevention database failed, because of <reason>...

  • Page 242: Idp_Detects_Invalid_System_Time (Id: 01400005)

    2.19.5. idp_detects_invalid_system_time Chapter 2. Log Message Reference (ID: 01400005) Default Severity NOTICE Log Message Intrusion Detection & Prevention database could not be updated, as no valid subscription exist Explanation The current license does not allow Intrusion Detection & Prevention database to be updated. Gateway Action None Recommended Action...
  • Page 243 2.19.7. unsynced_databases (ID: Chapter 2. Log Message Reference 01400009) Explanation The IDP hardware and software databases are not synchronized. A full update is automatically initiated. Gateway Action downloading_new_database Recommended Action None. Revision...

  • Page 244: 2.20. Ifacemon

    2.20. IFACEMON Chapter 2. Log Message Reference 2.20. IFACEMON These log messages refer to the IFACEMON (Interface monitor events) category. 2.20.1. ifacemon_status_bad_rereport (ID: 03900001) Default Severity NOTICE Log Message IfaceMon reset interface <iface> 10 seconds ago. Link status: <linkspeed> Mbps <duplex> duplex Explanation The Interface Monitor reset the interface 10 seconds ago.
  • Page 245 2.20.3. ifacemon_status_bad (ID: Chapter 2. Log Message Reference 03900004) Revision Parameters iface [linkspeed] [duplex]...

  • Page 246: 2.21. Ippool

    2.21. IPPOOL Chapter 2. Log Message Reference 2.21. IPPOOL These log messages refer to the IPPOOL (IPPool events) category. 2.21.1. no_offer_received (ID: 01900001) Default Severity ERROR Log Message No offers were received Explanation No DHCP offers where received by the IP pool general query. Gateway Action None Recommended Action...

  • Page 247: Lease_Disallowed_By_Lease_Filter (Id: 01900004)

    2.21.5. lease_disallowed_by_server_filter Chapter 2. Log Message Reference (ID: 01900005) 2.21.4. lease_disallowed_by_lease_filter (ID: 01900004) Default Severity WARNING Log Message The lease was rejected due to a lease filter Explanation A lease was rejected by a lease filter. Gateway Action lease_rejected Recommended Action Verify the lease filters.

  • Page 248: Lease_Have_Bad_Offered_Broadcast (Id: 01900008)

    2.21.8. lease_have_bad_offered_broadcast Chapter 2. Log Message Reference (ID: 01900008) Default Severity WARNING Log Message The lease was rejected due to a bad offered netmask address Explanation A lease was rejected due to a bad offered netmask address. Gateway Action lease_rejected Recommended Action Check DHCP server configuration.

  • Page 249: Lease_Ip_Is_Already_Occupied (Id: 01900011)

    2.21.11. lease_ip_is_already_occupied Chapter 2. Log Message Reference (ID: 01900011) Log Message The lease was rejected due to a bad offered gateway address Explanation A lease was rejected due to a bad offered gateway address. Gateway Action lease_rejected Recommended Action Check DHCP server configuration. Revision Parameters gateway_ip...

  • Page 250: Pool_Reached_Max_Dhcp_Clients (Id: 01900014)

    2.21.14. pool_reached_max_dhcp_clients Chapter 2. Log Message Reference (ID: 01900014) Explanation A lease was rejected since the offered IP already exists in the pool. Gateway Action lease_rejected Recommended Action Check IP pool configuration. Revision Parameters client_ip Context Parameters Rule Name 2.21.14. pool_reached_max_dhcp_clients (ID: 01900014) Default Severity ERROR Log Message...

  • Page 251: Ip_Returned_To_Pool (Id: 01900017)

    2.21.17. ip_returned_to_pool (ID: Chapter 2. Log Message Reference 01900017) Revision Parameters client_ip subsystem Context Parameters Rule Name 2.21.17. ip_returned_to_pool (ID: 01900017) Default Severity NOTICE Log Message Subsystem returned an IP to the pool Explanation A subsystem returned an IP to the pool. Gateway Action inform Recommended Action...

  • Page 252: 2.22. Ipsec

    2.22. IPSEC Chapter 2. Log Message Reference 2.22. IPSEC These log messages refer to the IPSEC (IPsec (VPN) events) category. 2.22.1. fatal_ipsec_event (ID: 01800100) Default Severity ALERT Log Message Fatal event occured, because of <reason> Explanation Fatal event occured in IPsec stack. Gateway Action None Recommended Action...

  • Page 253: Audit_Flood (Id: 01800104)

    2.22.4. audit_flood (ID: 01800104) Chapter 2. Log Message Reference reason 2.22.4. audit_flood (ID: 01800104) Default Severity NOTICE Log Message <reason>. Explanation The rate limit for audit messages was reached. Gateway Action None Recommended Action None. Revision Parameters reason 2.22.5. ike_delete_notification (ID: 01800105) Default Severity NOTICE Log Message...

  • Page 254: Ike_Invalid_Proposal (Id: 01800107)

    2.22.7. ike_invalid_proposal (ID: Chapter 2. Log Message Reference 01800107) reason 2.22.7. ike_invalid_proposal (ID: 01800107) Default Severity WARNING Log Message Local IP: <local_ip>, Remote IP: <remote_ip>, Cookies: <cookies>, Reason: <reason>. Explanation The proposal for the security association could not be accepted. Gateway Action None Recommended Action...

  • Page 255: Packet_Corrupt (Id: 01800110)

    2.22.10. packet_corrupt (ID: 01800110) Chapter 2. Log Message Reference Parameters local_ip remote_ip cookies reason 2.22.10. packet_corrupt (ID: 01800110) Default Severity NOTICE Log Message Source IP: <source_ip>, Destination IP: <dest_ip>, SPI: <spi>, Seq: <seq>, Protocol: <protocol>, Reason: <reason>. Explanation Received a corrupt packet. Gateway Action drop Recommended Action...

  • Page 256: Sa_Lookup_Failure (Id: 01800113)

    2.22.13. sa_lookup_failure (ID: Chapter 2. Log Message Reference 01800113) Explanation The received packet did not fall within the sliding window. Gateway Action drop Recommended Action None. Revision Parameters source_ip dest_ip protocol reason 2.22.13. sa_lookup_failure (ID: 01800113) Default Severity NOTICE Log Message Source IP: <source_ip>, Destination IP: <dest_ip>, SPI: <spi>, Seq: <seq>, Protocol: <protocol>, Reason: <reason>.

  • Page 257: Sequence_Number_Overflow (Id: 01800115)

    2.22.15. sequence_number_overflow Chapter 2. Log Message Reference (ID: 01800115) reason 2.22.15. sequence_number_overflow (ID: 01800115) Default Severity NOTICE Log Message Source IP: <source_ip>, Destination IP: <dest_ip>, SPI: <spi>, Seq: <seq>, Protocol: <protocol>, Reason: <reason>. Explanation An attempt to transmit a packet that would result in sequence number overflow.

  • Page 258: Hardware_Acceleration_Failure (Id: 01800118)

    2.22.18. hardware_acceleration_failure Chapter 2. Log Message Reference (ID: 01800118) Gateway Action drop Recommended Action None. Revision Parameters source_ip dest_ip protocol reason 2.22.18. hardware_acceleration_failure (ID: 01800118) Default Severity NOTICE Log Message Source IP: <source_ip>, Destination IP: <dest_ip>, SPI: <spi>, Seq: <seq>, Protocol: <protocol>, Reason: <reason>. Explanation Hardware acceleration failed due to resource shortage, a corrupt packet or other hardware related error.

  • Page 259: Ipsec_Successfully_Started (Id: 01800202)

    2.22.21. IPsec_successfully_started Chapter 2. Log Message Reference (ID: 01800202) Explanation Succeeded to commit IPsec configuration. Flows will be recalculated and reapplied. Gateway Action None Recommended Action None. Revision 2.22.21. IPsec_successfully_started (ID: 01800202) Default Severity INFORMATIONAL Log Message IPsec is up and running Explanation IPsec configured and started.

  • Page 260: Failed_Create_Audit_Module (Id: 01800207)

    2.22.25. failed_create_audit_module Chapter 2. Log Message Reference (ID: 01800207) Log Message Disable all IPsec tunnels Explanation Disable all IPsec tunnels due to memory limitations. Gateway Action disable_all_ipsec_interfaces Recommended Action None. Revision 2.22.25. failed_create_audit_module (ID: 01800207) Default Severity ERROR Log Message Failed to create audit module.

  • Page 261: Ipsec_Started_Successfully (Id: 01800214)

    2.22.29. ipsec_started_successfully Chapter 2. Log Message Reference (ID: 01800214) Default Severity CRITICAL Log Message Failed to initialize IPsec Explanation Failed to start IPsec. Gateway Action IPsec_configuration_disabled Recommended Action Restart. Revision 2.22.29. ipsec_started_successfully (ID: 01800214) Default Severity INFORMATIONAL Log Message IPsec started successfully Explanation Succeeded to create Policymanger and commit IPsec configuration.

  • Page 262: Failed_To_Set_Algorithm_Properties (Id: 01800304)

    2.22.32. failed_to_set_algorithm_properties Chapter 2. Log Message Reference (ID: 01800304) Recommended Action None. Revision Parameters tunnel 2.22.32. failed_to_set_algorithm_properties (ID: 01800304) Default Severity ERROR Log Message Failed to set properties IPsec alogorithm <alg>, for tunnel <tunnel> Explanation Failed to set specified properties (keysize, lifetimes) for IPsec algorithm.

  • Page 263: Dns_Resolve_Failed (Id: 01800308)

    2.22.35. dns_resolve_failed (ID: Chapter 2. Log Message Reference 01800308) Parameters certificate tunnel 2.22.35. dns_resolve_failed (ID: 01800308) Default Severity WARNING Log Message Failed to resolve remote gateway <gateway> for IPsec Tunnel <ipsectunnel>. Keeping old IP <old_ip> Explanation Failed to resolve remote gateway through DNS. Gateway Action keeping_old_ip Recommended Action...

  • Page 264: Failed_To_Add_Rules (Id: 01800313)

    2.22.38. failed_to_add_rules (ID: Chapter 2. Log Message Reference 01800313) Parameters gateway ipsectunnel 2.22.38. failed_to_add_rules (ID: 01800313) Default Severity ERROR Log Message Failed to add rules after remote gw: <gateway> have been resolved by DNS for IPsec tunnel: <ipsectunnel> Explanation Failed to add rules to tunnel after remote gateway have been resolved by DNS.

  • Page 265: No_Policymanager (Id: 01800316)

    2.22.41. no_policymanager (ID: Chapter 2. Log Message Reference 01800316) Parameters gateway ipsectunnel 2.22.41. no_policymanager (ID: 01800316) Default Severity CRITICAL Log Message No policymanager!! to free tunnel object from Explanation No policymanager to free tunnel from!!! IPsec does not work properly. Gateway Action ipsec_out_of_work Recommended Action...

  • Page 266: Failed_To_Add_Certificate (Id: 01800322)

    2.22.45. failed_to_add_certificate (ID: Chapter 2. Log Message Reference 01800322) Log Message Failed with error: <status_msg>, when adding external key provider for certificate handling Explanation Failed to add external key provider. All certificate authantication will be disabled. Gateway Action IPsec_disabled Recommended Action Restart.

  • Page 267: Failed_To_Set_Xauth (Id: 01800328)

    2.22.48. Failed_to_set_xauth (ID: Chapter 2. Log Message Reference 01800328) Explanation Failed to create local authorization object. configured remote access groups will not be posible to use. Gateway Action IPsec_disabled Recommended Action None. Revision 2.22.48. Failed_to_set_xauth (ID: 01800328) Default Severity ERROR Log Message Failed set XAuth for tunnel <tunnel>...

  • Page 268: Ipsec_Tunnel_Added_Bysgw (Id: 01800334)

    2.22.51. IPSec_tunnel_added_bySGW Chapter 2. Log Message Reference (ID: 01800334) 2.22.51. IPSec_tunnel_added_bySGW (ID: 01800334) Default Severity INFORMATIONAL Log Message IPsec tunnel added by the Security Gateway Explanation An IPsec tunnel has been added by the Security Gateway. Gateway Action reconfiguration_by_SGW Recommended Action None.

  • Page 269: Tunnel_Disabled (Id: 01800340)

    2.22.55. tunnel_disabled (ID: Chapter 2. Log Message Reference 01800340) Default Severity INFORMATIONAL Log Message IPsec tunnel removed from the configuration Explanation An IPsec tunnel has been disabled or removed from the configuration. Gateway Action reconfiguration Recommended Action None. Revision Parameters client_ip username IPsec_tunnel...

  • Page 270: Cfgmode_Ip_Freed (Id: 01800402)

    2.22.58. cfgmode_ip_freed (ID: Chapter 2. Log Message Reference 01800402) result, IPsec clients using config mode will not be able lease IP addresses. Gateway Action None Recommended Action Update your config mode configuration. Revision Parameters ippool 2.22.58. cfgmode_ip_freed (ID: 01800402) Default Severity NOTICE Log Message Returned a dynamic cfg mode IP <ip>...

  • Page 271: Recieved_Plaintext_Packet_For_Disabled_Ipsec_Interface (Id: 01800502)

    2.22.61. Recieved_plaintext_packet_for_disabled_IPsec_interface Chapter 2. Log Message Reference (ID: 01800502) 2.22.61. Recieved_plaintext_packet_for_disabled_IPsec_interface (ID: 01800502) Default Severity WARNING Log Message IPsec tunnel <ipsec_connection> is disabled. Packet will be dropped Explanation A packed was dropped due to the IPsec interface being disabled. Gateway Action packet_will_be_dropped Recommended Action This is usualy a consequence of low memory or a bad configuration.

  • Page 272: Ipsec_Interface_Disabled (Id: 01800506)

    2.22.65. ipsec_interface_disabled (ID: Chapter 2. Log Message Reference 01800506) Explanation IPsec ping monitor detects loss if ping replies of packets INSIDE the tunnel. Gateway Action tunnel_will_disabled_after_8_number_of_lost_packets Recommended Action None. Revision 2.22.65. ipsec_interface_disabled (ID: 01800506) Default Severity ERROR Log Message IPsec interface disabled Explanation IPsec interface disabled.

  • Page 273: Sa_Write_Congestion (Id: 01801337)

    2.22.68. sa_write_congestion (ID: Chapter 2. Log Message Reference 01801337) Parameters remotepeer 2.22.68. sa_write_congestion (ID: 01801337) Default Severity INFORMATIONAL Log Message Failed to write SA to Nitrox II due to congestion. <dir> SPI <spi> Explanation There was not enough free buffers to write the SA to Nitrox II. Every new packet on the SA will trigger a new try.

  • Page 274: Malformed_Packet (Id: 01802003)

    2.22.72. malformed_packet (ID: Chapter 2. Log Message Reference 01802003) Default Severity WARNING Log Message The rule is not in the active configuration. Dropping request for policy Explanation The rule is not in the active configuration, dropping request. Gateway Action dropping_request Recommended Action None.

  • Page 275: Ike_Sa_Failed (Id: 01802022)

    2.22.75. ike_sa_failed (ID: 01802022) Chapter 2. Log Message Reference Revision Parameters maxtunnels 2.22.75. ike_sa_failed (ID: 01802022) Default Severity WARNING Log Message Ike SA negotiation failed: <statusmsg> Local IKE peer: <local_peer> Remote IKE peer: <remote_peer> Initiator SPI: <initiator_spi>. Explanation Negotiation of IKE SA failed. Gateway Action no_ike_sa Recommended Action...

  • Page 276: Ike_Sa_Negotiation_Failed (Id: 01802031)

    2.22.78. ike_sa_negotiation_failed (ID: Chapter 2. Log Message Reference 01802031) Explanation No IKE SA negotiations done because of authentication problems. Gateway Action no_ike_sa Recommended Action None. Revision 2.22.78. ike_sa_negotiation_failed (ID: 01802031) Default Severity WARNING Log Message Type of the local ID <localid> is not KEY-ID for the mamros-pskeyext negotiation.

  • Page 277: Ipsec_Sa_Informal (Id: 01802043)

    2.22.81. ipsec_sa_informal (ID: Chapter 2. Log Message Reference 01802043) Gateway Action None Recommended Action None. Revision Parameters dhgroup bits 2.22.81. ipsec_sa_informal (ID: 01802043) Default Severity INFORMATIONAL Log Message Inbound SPI:<spiin> | Outbound SPI:<spiout> | Algorithm:<alg> <keysize> <mac> Explanation Log information about SPI-values and algorithms for Child SA. Gateway Action None Recommended Action...

  • Page 278: Ipsec_Sa_Lifetime (Id: 01802046)

    2.22.84. ipsec_sa_lifetime (ID: Chapter 2. Log Message Reference 01802046) Gateway Action None Recommended Action None. Revision Parameters 2.22.84. ipsec_sa_lifetime (ID: 01802046) Default Severity INFORMATIONAL Log Message Local lifetime child SA: <sec> seconds Explanation Inform about lifetime for child SA:. Gateway Action None Recommended Action None.

  • Page 279: Ipsec_Sa_Informal (Id: 01802058)

    2.22.88. ipsec_invalid_protocol (ID: Chapter 2. Log Message Reference 01802059) 2.22.87. ipsec_sa_informal (ID: 01802058) Default Severity INFORMATIONAL Log Message Local Proxy ID: <local_id>, Remote Proxy ID: <remote_id> Explanation Information about Proxy ID's for Child SA. Gateway Action None Recommended Action None. Revision Parameters local_id...

  • Page 280: Create_Rules_Failed (Id: 01802081)

    2.22.91. create_rules_failed (ID: Chapter 2. Log Message Reference 01802081) protocol. Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_IPsec. Revision 2.22.91. create_rules_failed (ID: 01802081) Default Severity ERROR Log Message Cannot insert this rule, the forced NAT protocol type does not match rule protocol Explanation Failed to insert rule since forced NAT protocol do not match rule protocol.

  • Page 281: Invalid_Configuration_Of_Force_Open (Id: 01802104)

    2.22.94. invalid_configuration_of_force_open Chapter 2. Log Message Reference (ID: 01802104) 2.22.94. invalid_configuration_of_force_open (ID: 01802104) Default Severity ERROR Log Message Auto-start rule does not specify single IP address or domain name for its remote peer Explanation Can not use Auto-start rule (force open) for roaming tunnels. Gateway Action VPN_tunnel_disabled Recommended Action...

  • Page 282: Invalid_Rule_Setting (Id: 01802108)

    2.22.98. invalid_rule_setting (ID: Chapter 2. Log Message Reference 01802108) Recommended Action None. Revision 2.22.98. invalid_rule_setting (ID: 01802108) Default Severity ERROR Log Message No from-tunnel specified for an AUTHENTICATION-ONLY rule Explanation From-tunnel must be specified for an AUTHENTICATION-ONLY rule. Gateway Action None Recommended Action None.

  • Page 283: No_Algorithms_Configured_For_Tunnel (Id: 01802200)

    2.22.102. no_algorithms_configured_for_tunnel Chapter 2. Log Message Reference (ID: 01802200) Log Message Detected suspicious outbound IPsec rule without any selectors Explanation Detected suspicious outbound IPsec rule without any selectors specified. Gateway Action the_rule_might_not_work Recommended Action Reconfigure_IPsec. Revision 2.22.102. no_algorithms_configured_for_tunnel (ID: 01802200) Default Severity ERROR Log Message...

  • Page 284: Ah_Not_Supported (Id: 01802204)

    2.22.105. AH_not_supported (ID: Chapter 2. Log Message Reference 01802204) Explanation AH tunnel is configured without spetication algorithm. Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel. Revision Parameters tunnel 2.22.105. AH_not_supported (ID: 01802204) Default Severity ERROR Log Message AH configured but not supported Explanation Tunnel [tunnel] configured for AH, but AH is not supported.

  • Page 285: Invalid_Tunnel_Configuration (Id: 01802210)

    2.22.108. invalid_tunnel_configuration Chapter 2. Log Message Reference (ID: 01802210) Parameters tunnel 2.22.108. invalid_tunnel_configuration (ID: 01802210) Default Severity ERROR Log Message Both `auto-start' and `dont-initiate' specified for tunnel <tunnel> Explanation Both `auto-start' and `dont-initiate' can not be specified for a tunnel. Gateway Action VPN_tunnel_disabled Recommended Action...

  • Page 286: Invalid_Key_Size (Id: 01802216)

    2.22.112. invalid_key_size (ID: Chapter 2. Log Message Reference 01802216) Explanation Algorithm key sizes specified for unknown algorithm. Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel. Revision 2.22.112. invalid_key_size (ID: 01802216) Default Severity ERROR Log Message Algorithm key sizes specified for unknown algorithm Explanation Algorithm key sizes specified for unknown algorithm.

  • Page 287: Invalid_Key_Size (Id: 01802219)

    2.22.116. invalid_cipher_keysize (ID: Chapter 2. Log Message Reference 01802220) 2.22.115. invalid_key_size (ID: 01802219) Default Severity ERROR Log Message Tunnel specified key size limits for mac <alg> with fixed key size Explanation Configuration specifies key size limits for cipher with fixed key size. Gateway Action VPN_tunnel_disabled Recommended Action...

  • Page 288: Rule_Selection_Failed (Id: 01802300)

    2.22.119. rule_selection_failed (ID: Chapter 2. Log Message Reference 01802300) Explanation Malformed IKE secret specified in configuration. Gateway Action VPN_tunnel_invalid Recommended Action Reconfigure_PSK. Revision 2.22.119. rule_selection_failed (ID: 01802300) Default Severity NOTICE Log Message Rule selection failed: <info>. Internal severity level: <int_severity> Explanation Rule selection failed!.

  • Page 289: Max_Active_Quickmode_Negotiation_Reached (Id: 01802403)

    2.22.123. could_not_decode_certificate Chapter 2. Log Message Reference (ID: 01802600) 2.22.122. max_active_quickmode_negotiation_reached (ID: 01802403) Default Severity NOTICE Log Message The maximum number of active Quick-Mode negotiations reached Explanation Maximum number of active Quick-Mode negotiations reached. Gateway Action quick-mode_not_done Recommended Action None. Revision 2.22.123.

  • Page 290: Could_Not_Set_Cert_To_Non_Crl_Issuer (Id: 01802603)

    2.22.126. could_not_set_cert_to_non_CRL_issuer Chapter 2. Log Message Reference (ID: 01802603) Gateway Action certificate_not_trusted Recommended Action None. Revision 2.22.126. could_not_set_cert_to_non_CRL_issuer (ID: 01802603) Default Severity WARNING Log Message Could not set CA certificate to non-CRL issuer. This may cause authentication errors if valid CRLs are not available Explanation Could not set CA certificate to non-CRL issuer.

  • Page 291: Could_Not_Decode_Certificate (Id: 01802607)

    2.22.130. could_not_decode_certificate Chapter 2. Log Message Reference (ID: 01802607) Default Severity ERROR Log Message Can not insert CA certificate into local database Explanation Can not insert CA certificate into local database. Gateway Action certificate_disabled Recommended Action None. Revision 2.22.130. could_not_decode_certificate (ID: 01802607) Default Severity WARNING Log Message...

  • Page 292: Could_Not_Decode_Crl (Id: 01802610)

    2.22.134. ike_sa_negotiation_completed Chapter 2. Log Message Reference (ID: 01802703) 2.22.133. could_not_decode_crl (ID: 01802610) Default Severity WARNING Log Message Could not decode CRL. The certificate may be corrupted or it was given in unrecognized format. File format may be wrong Explanation Could_not_decode_CRL.

  • Page 293: Certificate_Contains_Bad_Ip_Address (Id: 01802705)

    2.22.137. dn_name_as_subject_alt_name Chapter 2. Log Message Reference (ID: 01802706) 2.22.136. Certificate_contains_bad_IP_address (ID: 01802705) Default Severity WARNING Log Message Certificate contains bad IP address: length=<len> Explanation Certificate contains bad IP address. Gateway Action try_next_certificate Recommended Action None. Revision Parameters 2.22.137. dn_name_as_subject_alt_name (ID: 01802706) Default Severity WARNING Log Message...

  • Page 294: Cfgmode_Exchange_Event (Id: 01802709)

    2.22.140. cfgmode_exchange_event Chapter 2. Log Message Reference (ID: 01802709) Explanation Ike SA is destroyed. Gateway Action ike_sa_killed Recommended Action None. Revision Parameters ike_sa 2.22.140. cfgmode_exchange_event (ID: 01802709) Default Severity INFORMATIONAL Log Message Event occured for config mode <cfgmode> exchange: <msg>. Internal severity level: <int_severity>...

  • Page 295: Remote_Access_Wins (Id: 01802712)

    2.22.143. remote_access_wins (ID: Chapter 2. Log Message Reference 01802712) Recommended Action None. Revision Parameters dns_server 2.22.143. remote_access_wins (ID: 01802712) Default Severity INFORMATIONAL Log Message WINS for remote access attributes: <win> Explanation WINS for remote access attributes. Gateway Action None Recommended Action None.

  • Page 296: Ipsec_Sa_Selection_Failed (Id: 01802717)

    2.22.147. ipsec_sa_selection_failed Chapter 2. Log Message Reference (ID: 01802717) Default Severity WARNING Log Message Event: <msg> occured for IKE SA: <side>. Internal severity level: <int_severity> Explanation Event occured at IKE SA. Gateway Action None Recommended Action None. Revision Parameters side int_severity 2.22.147.

  • Page 297: Ipsec_Sa_Event (Id: 01802731)

    2.22.150. ipsec_sa_event (ID: Chapter 2. Log Message Reference 01802731) Default Severity WARNING Log Message IPsec SA negotiation event: <msg>, <local_proxy>, <remote_proxy>. Internal severity level: <int_severity> Explanation Event occured for IPsec SA. Gateway Action None Recommended Action None. Revision Parameters local_proxy remote_proxy int_severity 2.22.150.

  • Page 298: Id: 01802736)

    2.22.153. (ID: 01802736) Chapter 2. Log Message Reference Log Message L2TP <side> negotiation event: <msg>. <local_peer>, <remote_peer>. Internal severity level: <int_severity> Explanation L2TP negotiation event. Gateway Action l2tp_negotiation_event Recommended Action None. Revision Parameters side local_peer remote_peer int_severity 2.22.153. (ID: 01802736) Default Severity INFORMATIONAL Log Message...

  • Page 299: Init_Rule_Looklup_Failed (Id: 01802904)

    2.22.156. init_rule_looklup_failed (ID: Chapter 2. Log Message Reference 01802904) Log Message Initialization of rule lookup failed Explanation Initialization of rule lookup failed. Gateway Action ipsec_disabled Recommended Action None. Revision 2.22.156. init_rule_looklup_failed (ID: 01802904) Default Severity CRITICAL Log Message Allocating default drop rule failed! Explanation Allocating default drop rule failed!.

  • Page 300: Init_Flow_Id_Table_Failed (Id: 01802908)

    2.22.160. init_flow_id_table_failed (ID: Chapter 2. Log Message Reference 01802908) Default Severity CRITICAL Log Message Initialization of interface table failed Explanation Initialization of interface table failed. Gateway Action ipsec_disabled Recommended Action None. Revision 2.22.160. init_flow_id_table_failed (ID: 01802908) Default Severity CRITICAL Log Message Allocation of flow id hash tables failed Explanation Allocation of flow id hash tables failed.

  • Page 301: Init_Transform_Table_Failed (Id: 01802911)

    2.22.164. init_peer_hash_failed (ID: Chapter 2. Log Message Reference 01802912) 2.22.163. init_transform_table_failed (ID: 01802911) Default Severity CRITICAL Log Message Allocation of transform table failed (size <size>) Explanation Allocation of transform table failed. Gateway Action ipsec_disabled Recommended Action None. Revision Parameters size 2.22.164.

  • Page 302: Init_Inbound_Spi_Hash_Failed (Id: 01802915)

    2.22.167. init_inbound_spi_hash_failed Chapter 2. Log Message Reference (ID: 01802915) Revision 2.22.167. init_inbound_spi_hash_failed (ID: 01802915) Default Severity CRITICAL Log Message Allocation of inbound spi hash table failed Explanation Allocation of inbound spi hash table failed. Gateway Action ipsec_disabled Recommended Action None. Revision 2.22.168.

  • Page 303: Init_Nat_Table_Failed (Id: 01802919)

    2.22.171. init_nat_table_failed (ID: Chapter 2. Log Message Reference 01802919) Explanation Allocation of transform context table failed. Gateway Action ipsec_disabled Recommended Action None. Revision 2.22.171. init_nat_table_failed (ID: 01802919) Default Severity CRITICAL Log Message Allocation of NAT tables failed Explanation Allocation of NAT tables failed. Gateway Action ipsec_disabled Recommended Action...

  • Page 304: Malformed_Ike_Sa_Proposal (Id: 01803000)

    2.22.175. malformed_ike_sa_proposal Chapter 2. Log Message Reference (ID: 01803000) Log Message Opening the interceptor failed Explanation Opening the interceptor failed. Gateway Action ipsec_disabled Recommended Action None. Revision 2.22.175. malformed_ike_sa_proposal (ID: 01803000) Default Severity WARNING Log Message Malformed IKE SA proposal: <reason> Explanation Received a malformed IKE SA proposal.

  • Page 305: Ipsec_Sa_Failed (Id: 01803020)

    2.22.179. ipsec_sa_failed (ID: Chapter 2. Log Message Reference 01803020) Default Severity WARNING Log Message <status> Phase-1 notification from <remote_peer> for protocol <proto>, SPI <spi>: <msg> (<type>) (<size> bytes) Explanation Received a IKE Phase-2 notification. Gateway Action None Recommended Action None. Revision Parameters status...

  • Page 306: Config_Mode_Exchange_Event (Id: 01803022)

    2.22.182. config_mode_exchange_event Chapter 2. Log Message Reference (ID: 01803023) 2.22.181. config_mode_exchange_event (ID: 01803022) Default Severity INFORMATIONAL Log Message Config Mode exchange event: <msg>. <reason>. Explanation A Config Mode exchange event occured. Gateway Action None Recommended Action None. Revision Parameters reason 2.22.182.

  • Page 307: Config_Mode_Exchange_Event (Id: 01803026)

    2.22.185. config_mode_exchange_event Chapter 2. Log Message Reference (ID: 01803026) Gateway Action None Recommended Action None. Revision Parameters reason 2.22.185. config_mode_exchange_event (ID: 01803026) Default Severity INFORMATIONAL Log Message Config Mode exchange event: <msg>. Explanation A Config Mode exchange event occured. Gateway Action None Recommended Action None.

  • Page 308: Ike_Phase2_Notification (Id: 01803029)

    2.22.188. ike_phase2_notification (ID: Chapter 2. Log Message Reference 01803029) Revision Parameters remote_peer spi_size 2.22.188. ike_phase2_notification (ID: 01803029) Default Severity WARNING Log Message <status> Phase-2 notification from <remote_peer> for protocol <proto>, SPI <spi>: <msg> (<type>) (<size> bytes) Explanation Received a IKE Phase-2 notification. Gateway Action None Recommended Action...

  • Page 309: Malformed_Ipsec_Sa_Proposal (Id: 01803050)

    2.22.191. malformed_ipsec_sa_proposal Chapter 2. Log Message Reference (ID: 01803050) Explanation Could not verify remote peer's identity. Gateway Action None Recommended Action None. Revision 2.22.191. malformed_ipsec_sa_proposal (ID: 01803050) Default Severity WARNING Log Message Malformed IPsec SA proposal: <reason> Explanation Received a malformed IPsec SA proposal. Gateway Action None Recommended Action...

  • Page 310: Failed_To_Select_Ipsec_Proposal (Id: 01803053)

    2.22.195. failed_to_select_ipsec_sa Chapter 2. Log Message Reference (ID: 01803054) 2.22.194. failed_to_select_ipsec_proposal (ID: 01803053) Default Severity WARNING Log Message Could not select proposal for IPsec SA <sa_index> Explanation Could not select proposal for IPsec SA. Gateway Action None Recommended Action None. Revision Parameters sa_index...

  • Page 311: Ipsec_Hwaccel_Failed (Id: 01803410)

    2.22.198. ipsec_hwaccel_failed (ID: Chapter 2. Log Message Reference 01803410) Gateway Action None Recommended Action None. Revision Parameters int_severity 2.22.198. ipsec_hwaccel_failed (ID: 01803410) Default Severity WARNING Log Message Failed to create a hardware acceleration context for IPsec SA (<dir> SPI <spi>). <error_msg> Packets will be processed in software. Explanation Hardware acceleration of the IPsec SA couldn't be done.

  • Page 312: 2.23. Ipv6_Nd

    2.23. IPV6_ND Chapter 2. Log Message Reference 2.23. IPV6_ND These log messages refer to the IPV6_ND (Neighbor Discovery events) category. 2.23.1. neighbor_discovery_resolution_failed (ID: 06400009) Default Severity WARNING Log Message Neighbor Discovery resolution failed Explanation Neighbor Discovery query was not resolved before the cache entry expired.

  • Page 313: Nd_Spoofed_Hw_Sender (Id: 06400029)

    2.23.4. nd_spoofed_hw_sender (ID: Chapter 2. Log Message Reference 06400029) Revision Context Parameters Rule Name Packet Buffer 2.23.4. nd_spoofed_hw_sender (ID: 06400029) Default Severity WARNING Log Message ND HW sender address matches our own address. Dropping packet. Explanation The Neighbor Discovery packet Ethernet sender address appears to be our own.

  • Page 314: Nd_Option_Hw_Address_Mismatch (Id: 06400032)

    2.23.7. nd_option_hw_address_mismatch Chapter 2. Log Message Reference (ID: 06400032) Revision Context Parameters Rule Name Packet Buffer 2.23.7. nd_option_hw_address_mismatch (ID: 06400032) Default Severity WARNING Log Message ND Link Layer option Enet sender mismatch. Dropping packet. Explanation The Neighbor Discovery packet Link Layer option does not match HW sender.

  • Page 315: Nd_Duplicated_Option (Id: 06400035)

    2.23.10. nd_duplicated_option (ID: Chapter 2. Log Message Reference 06400035) Context Parameters Rule Name Packet Buffer 2.23.10. nd_duplicated_option (ID: 06400035) Default Severity WARNING Log Message The same ND option appears more than once in the same packet. Dropping packet. Explanation The Neighbor Discovery packet Link Layer Address Target appears more than once in the same packet.

  • Page 316: Nd_Illegal_Prefix_Info_Option_Size (Id: 06400038)

    2.23.13. nd_illegal_prefix_info_option_size Chapter 2. Log Message Reference (ID: 06400038) 2.23.13. nd_illegal_prefix_info_option_size (ID: 06400038) Default Severity WARNING Log Message Illegal option size. Dropping Explanation The Neighbor Discovery packet option size is illegal. Dropping packet. Gateway Action drop Recommended Action Verify that no faulty network equipment exists. Revision Context Parameters Rule Name...

  • Page 317: Nd_Option_Truncated (Id: 06400042)

    2.23.17. nd_option_truncated (ID: Chapter 2. Log Message Reference 06400042) Log Message Illegal option size. Dropping Explanation The Neighbor Discovery packet option size is zero. Dropping packet. Gateway Action drop Recommended Action Verify that no faulty network equipment exists. Revision Context Parameters Rule Name Packet Buffer 2.23.17.

  • Page 318: Nd_Spoofed_Target (Id: 06400045)

    2.23.20. nd_spoofed_target (ID: Chapter 2. Log Message Reference 06400045) packet. Gateway Action drop Recommended Action Verify that no faulty network equipment exists. Revision Context Parameters Rule Name Packet Buffer 2.23.20. nd_spoofed_target (ID: 06400045) Default Severity WARNING Log Message Neighbor Advertisement Target IP <targetip> is my address, but Ethernet address <targetenet>...

  • Page 319: Nd_Multicast_Target_Address (Id: 06400048)

    2.23.23. nd_multicast_target_address Chapter 2. Log Message Reference (ID: 06400048) Default Severity WARNING Log Message Neighbor Discovery packet from <senderip> appears to have been routed. Dropping Explanation The Neighbor Discovery packet IP header contains a Hop Limit smaller than 255. Dropping packet. Gateway Action drop Recommended Action...

  • Page 320: Nd_Access_Allowed_Expect (Id: 06400050)

    2.23.26. nd_na_send_failure (ID: Chapter 2. Log Message Reference 06400051) 2.23.25. nd_access_allowed_expect (ID: 06400050) Default Severity NOTICE Log Message Allowed by expect rule in access section Explanation The Neighbor Discovery sender IP address is verified by an expect rule in the access section. Gateway Action access_allow Recommended Action...

  • Page 321: Nd_Spoofed_Dpd_Reply (Id: 06400054)

    2.23.29. nd_spoofed_dpd_reply (ID: Chapter 2. Log Message Reference 06400054) Default Severity WARNING Log Message Neighbor Advertisement from <senderip> without target link-layer option. Dropping packet. Explanation The Neighbor Advertisement packet is missing the Target Link-Layer option. Dropping packet. Gateway Action drop Recommended Action Verify that no faulty network equipment exists.

  • Page 322: Nd_Advert_For_Static_Entry (Id: 06400056)

    2.23.31. nd_advert_for_static_entry Chapter 2. Log Message Reference (ID: 06400056) 2.23.31. nd_advert_for_static_entry (ID: 06400056) Default Severity WARNING Log Message Neighbor Advertisement for static entry hw address <cachedenet>, advertised as <targetenet>. Dropping packet. Explanation A Neighbor Advertisement for a configured static entry was received. Dropping packet.

  • Page 323: Nd_Update_Entry_Request (Id: 06400059)

    2.23.34. nd_update_entry_request (ID: Chapter 2. Log Message Reference 06400059) Revision Parameters ipaddress oldenet newenet Context Parameters Rule Name Packet Buffer 2.23.34. nd_update_entry_request (ID: 06400059) Default Severity NOTICE Log Message ND cache entry <ipaddress> update from <oldenet> to <newenet> request. DPD old address. Explanation A Neighbor Advertisement requests updating an entry in the Neighbor Discovery cache.

  • Page 324: Nd_Dad_Probe_Unicast_Dest (Id: 06400062)

    2.23.37. nd_dad_probe_unicast_dest Chapter 2. Log Message Reference (ID: 06400062) Default Severity WARNING Log Message Neighbor Discovery packet ethernet destination is broadcast. Dropping Explanation The Neighbor Discovery packet ethernet destination is broadcast. Dropping packet. Gateway Action drop Recommended Action Verify that no faulty network equipment exists. Revision Context Parameters Rule Name...

  • Page 325: Nd_Rs_Illegal_Option (Id: 06400064)

    2.23.39. nd_rs_illegal_option (ID: Chapter 2. Log Message Reference 06400064) 2.23.39. nd_rs_illegal_option (ID: 06400064) Default Severity WARNING Log Message Router Solicitation packet contains an illegal option. Dropping Explanation The Router Solicitation packet contains a source link layer adderss option, this is illegal according to RFC4861. Dropping packet. Gateway Action drop Recommended Action...

  • Page 326: Nd_Update_Entry_Request (Id: 06400067)

    2.23.42. nd_update_entry_request (ID: Chapter 2. Log Message Reference 06400067) 2.23.42. nd_update_entry_request (ID: 06400067) Default Severity NOTICE Log Message ND cache entry <ipaddress> update from <oldenet> to <newenet> request. DPD old address. Explanation A Neighbor Solicitation requests updating an entry in the Neighbor Discovery cache.

  • Page 327: Nd_Dad_Probe_Faulty_Dest (Id: 06400070)

    2.23.45. nd_dad_probe_faulty_dest Chapter 2. Log Message Reference (ID: 06400070) Gateway Action drop Recommended Action Verify that no faulty network equipment exists. Revision Parameters destip Context Parameters Rule Name Packet Buffer 2.23.45. nd_dad_probe_faulty_dest (ID: 06400070) Default Severity WARNING Log Message Duplicate address probe with faulty destination address from <sendermac>.
  • Page 328 2.23.47. nd_dupe_addr_detected (ID: Chapter 2. Log Message Reference 06400072) Default Severity WARNING Log Message Duplicate address reply received on <iface>. IPv6 disabled. Explanation The link-local EUI64-generated [iface] address is already occupied by another host in the network. Resolve the address conflict by changing the ethernet address on the interface or on the conflicting host.

  • Page 329: 2.24. Ip_Error

    2.24. IP_ERROR Chapter 2. Log Message Reference 2.24. IP_ERROR These log messages refer to the IP_ERROR (Packet discarded due to IP header error(s)) category. 2.24.1. too_small_packet (ID: 01500001) Default Severity WARNING Log Message Packet is too small to contain IPv4 header Explanation The received packet is too small to contain an IPv4 header, and will be dropped.

  • Page 330: Invalid_Ip_Length (Id: 01500004)

    2.24.4. invalid_ip_length (ID: Chapter 2. Log Message Reference 01500004) Revision Parameters iptotlen iphdrlen Context Parameters Rule Name Packet Buffer 2.24.4. invalid_ip_length (ID: 01500004) Default Severity WARNING Log Message Invalid IP header length, IPTotLen=<iptotlen>, RecvLen=<recvlen> Explanation The received packet IP total length is larger than the received transport data.

  • Page 331: Invalid_Ip6_Flow (Id: 01500021)

    2.24.7. Invalid_ip6_flow (ID: 01500021) Chapter 2. Log Message Reference Explanation The received packet with flow label other than zero. Gateway Action none Recommended Action None. Revision Parameters flow_label Context Parameters Rule Name Packet Buffer 2.24.7. Invalid_ip6_flow (ID: 01500021) Default Severity WARNING Log Message Invalid flow label value...

  • Page 332: Invalid_Ip6_Tc (Id: 01500024)

    2.24.10. Invalid_ip6_tc (ID: 01500024) Chapter 2. Log Message Reference Explanation The received packet with traffic class other than zero. Gateway Action strip Recommended Action None. Revision Parameters traffic_class Context Parameters Rule Name Packet Buffer 2.24.10. Invalid_ip6_tc (ID: 01500024) Default Severity WARNING Log Message Invalid traffic class value...
  • Page 333 2.24.12. too_small_packet (ID: Chapter 2. Log Message Reference 01500026) Default Severity WARNING Log Message Packet is too small to contain IPv6 header Explanation The received packet is too small to contain an IPv6 header, and will be dropped. Gateway Action drop Recommended Action None.

  • Page 334: 2.25. Ip_Flag

    2.25. IP_FLAG Chapter 2. Log Message Reference 2.25. IP_FLAG These log messages refer to the IP_FLAG (Events concerning the IP header flags) category. 2.25.1. ttl_low (ID: 01600001) Default Severity WARNING Log Message Received packet with too low TTL of <ttl>. Min TTL is <ttlmin>. Ignoring Explanation The received packet has a TTL (Time-To-Live) field which is too low.

  • Page 335: Hop_Limit_Low (Id: 01600004)

    2.25.4. hop_limit_low (ID: 01600004) Chapter 2. Log Message Reference Context Parameters Rule Name Packet Buffer 2.25.4. hop_limit_low (ID: 01600004) Default Severity WARNING Log Message Received packet with too low HopLimit of <hoplimit>. Min HopLimit is <hoplimitmin>. Ignoring Explanation The received packet has a HopLimit field which is too low. Ignoring and forwarding packet anyway.

  • Page 336: 2.26. Ip_Opt

    2.26. IP_OPT Chapter 2. Log Message Reference 2.26. IP_OPT These log messages refer to the IP_OPT (Events concerning the IP header options) category. 2.26.1. source_route (ID: 01700001) Default Severity NOTICE Log Message Packet has a source route Explanation The packet has a source route. Ignoring. Gateway Action ignore Recommended Action...

  • Page 337: Ipopt_Present (Id: 01700004)

    2.26.5. ipoptlen_too_small (ID: Chapter 2. Log Message Reference 01700010) 2.26.4. ipopt_present (ID: 01700004) Default Severity NOTICE Log Message IP Option <ipopt>(<optname>) is present Explanation The packet contains an IP Option. Ignoring. Gateway Action ignore Recommended Action None. Revision Parameters ipopt optname Context Parameters Rule Name...

  • Page 338: Multiple_Ip_Option_Routes (Id: 01700012)

    2.26.7. multiple_ip_option_routes (ID: Chapter 2. Log Message Reference 01700012) avail Context Parameters Rule Name Packet Buffer 2.26.7. multiple_ip_option_routes (ID: 01700012) Default Severity WARNING Log Message Multiple source/return routes in IP options. Dropping Explanation There are multiple source/return routes specified among the IP Options.

  • Page 339: Source_Route_Disallowed (Id: 01700015)

    2.26.10. source_route_disallowed (ID: Chapter 2. Log Message Reference 01700015) Recommended Action None. Revision Parameters ipopt routeptr Context Parameters Rule Name Packet Buffer 2.26.10. source_route_disallowed (ID: 01700015) Default Severity WARNING Log Message Source route IP option disallowed. Dropping Explanation The packet has a source route, which is disallowed. Dropping packet. Gateway Action drop Recommended Action...

  • Page 340: Bad_Timestamp_Pointer (Id: 01700018)

    2.26.13. bad_timestamp_pointer (ID: Chapter 2. Log Message Reference 01700018) Recommended Action None. Revision Parameters ipopt optlen Context Parameters Rule Name Packet Buffer 2.26.13. bad_timestamp_pointer (ID: 01700018) Default Severity WARNING Log Message IP Option Type <ipopt>: Bad Timestamp Pointer <tsptr>. Dropping Explanation The packet contains an invalid Timestamp Pointer.

  • Page 341: Router_Alert_Bad_Len (Id: 01700021)

    2.26.16. router_alert_bad_len (ID: Chapter 2. Log Message Reference 01700021) Log Message Timestamp IP option disallowed. Dropping Explanation The packet contains a timestamp IP Option, which is disallowed. Dropping packet. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.26.16.

  • Page 342: Invalid_Ip6Payload_For_Jumbo (Id: 01700039)

    2.26.19. invalid_ip6payload_for_jumbo Chapter 2. Log Message Reference (ID: 01700039) Log Message IP Option <ipopt>(<optname>) is present. Dropping Explanation The packet contains an IP Option, which is disallowed. Dropping packet. Gateway Action drop Recommended Action None. Revision Parameters ipopt optname Context Parameters Rule Name Packet Buffer 2.26.19.

  • Page 343: Invalid_Ip6Payload_For_Jumbo (Id: 01700042)

    2.26.22. invalid_ip6payload_for_jumbo Chapter 2. Log Message Reference (ID: 01700042) Gateway Action reject Recommended Action None. Revision Context Parameters Rule Name 2.26.22. invalid_ip6payload_for_jumbo (ID: 01700042) Default Severity WARNING Log Message Non zero ip6 payload length for jumbo option Explanation Received a non zero ip6 payload length jumbo option packet. Gateway Action drop Recommended Action...

  • Page 344: Recvd_Jumbo (Id: 01700045)

    2.26.26. recvd_jumbo (ID: 01700046) Chapter 2. Log Message Reference 2.26.25. recvd_jumbo (ID: 01700045) Default Severity WARNING Log Message Received a jumbo option packet Explanation Received a jumbo option packet. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name 2.26.26.

  • Page 345: Rcvd_Router_Alert (Id: 01700049)

    2.26.29. rcvd_router_alert (ID: Chapter 2. Log Message Reference 01700049) Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name 2.26.29. rcvd_router_alert (ID: 01700049) Default Severity WARNING Log Message Received Router Alert option Packet Explanation Received Router Alert option Packet. Gateway Action reject Recommended Action...

  • Page 346: Invalid_Option (Id: 01700052)

    2.26.32. invalid_option (ID: 01700052) Chapter 2. Log Message Reference Context Parameters Rule Name Packet Buffer 2.26.32. invalid_option (ID: 01700052) Default Severity WARNING Log Message Invalid IPv6 extension header option encountered. Explanation The packet contains an IPv6 extension header option of unknown type. Sending ICMPv6 Parameter Problem to the packet originator.

  • Page 347: Invalid_Padn_Data (Id: 01700056)

    2.26.36. invalid_padN_data (ID: Chapter 2. Log Message Reference 01700056) Default Severity WARNING Log Message Received Home address option Packet Explanation Received Home address option Packet. Gateway Action reject Recommended Action None. Revision Context Parameters Rule Name 2.26.36. invalid_padN_data (ID: 01700056) Default Severity WARNING Log Message...

  • Page 348: Invalid_Optlen (Id: 01700059)

    2.26.39. invalid_optLen (ID: 01700059) Chapter 2. Log Message Reference Recommended Action None. Revision Context Parameters Rule Name 2.26.39. invalid_optLen (ID: 01700059) Default Severity WARNING Log Message Option Length is more than the specified number of bytes 5 Explanation Option Length is more than the specified number of bytes 5. Gateway Action drop Recommended Action...

  • Page 349: Invalid_Optlen (Id: 01700062)

    2.26.43. invalid_order (ID: 01700064) Chapter 2. Log Message Reference 2.26.42. invalid_optlen (ID: 01700062) Default Severity WARNING Log Message Option Length is more than the size of extension header Explanation Option Length is more than the size of extension header. Gateway Action drop Recommended Action None.

  • Page 350: Repeated_Option (Id: 01700067)

    2.26.46. repeated_option (ID: Chapter 2. Log Message Reference 01700067) Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name 2.26.46. repeated_option (ID: 01700067) Default Severity WARNING Log Message Received a packet with a repetitive options Explanation Received a packet with a repetitive options. Gateway Action none Recommended Action...

  • Page 351: Ip6_Rhother (Id: 01700070)

    2.26.49. ip6_rhother (ID: 01700070) Chapter 2. Log Message Reference Parameters optcount Context Parameters Rule Name 2.26.49. ip6_rhother (ID: 01700070) Default Severity WARNING Log Message Routing packet with type other than 0 or 2 Explanation Received Routing packet other than 0 or 2. Gateway Action none Recommended Action...

  • Page 352: Ip6_Rh0 (Id: 01700074)

    2.26.53. ip6_rh0 (ID: 01700074) Chapter 2. Log Message Reference Default Severity WARNING Log Message Routing header with type 2 packet Explanation Received Routing header type 2 packet. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name 2.26.53. ip6_rh0 (ID: 01700074) Default Severity WARNING Log Message...

  • Page 353: Invalid_Extnhdr_Order (Id: 01700077)

    2.26.56. invalid_extnhdr_order (ID: Chapter 2. Log Message Reference 01700077) Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.26.56. invalid_extnhdr_order (ID: 01700077) Default Severity WARNING Log Message Invalid header order Explanation Received a packet with invalid header order. Gateway Action drop Recommended Action None.
  • Page 354 2.26.58. invalid_ip6_exthdr (ID: Chapter 2. Log Message Reference 01700079)

  • Page 355: 2.27. Ip_Proto

    2.27. IP_PROTO Chapter 2. Log Message Reference 2.27. IP_PROTO These log messages refer to the IP_PROTO (IP Protocol verification events) category. 2.27.1. multicast_ethernet_ip_address_missmatch (ID: 07000011) Default Severity WARNING Log Message Received packet with a destination IP address <ip_multicast_addr> that does match Ethernet multicast...

  • Page 356: Ttl_Low (Id: 07000014)

    2.27.4. ttl_low (ID: 07000014) Chapter 2. Log Message Reference Explanation A packet was received with a TTL (Time-To-Live) field set to zero, which is not allowed. Dropping packet. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.27.4.

  • Page 357: Invalid_Tcp_Header (Id: 07000019)

    2.27.7. invalid_tcp_header (ID: Chapter 2. Log Message Reference 07000019) Explanation The configured size limit for the TCP protocol was exceeded. Dropping packet. Gateway Action drop Recommended Action This can be changed under the Advanced Settings section. Revision Parameters proto Context Parameters Rule Name Packet Buffer 2.27.7.

  • Page 358: Oversize_Icmp (Id: 07000023)

    2.27.10. oversize_icmp (ID: 07000023) Chapter 2. Log Message Reference Default Severity WARNING Log Message Invalid header IPDataLen=<ipdatalen>, UDPTotLen=<udptotlen>. Dropping Explanation The UDP packet contains an invalid header. Dropping packet. Gateway Action drop Recommended Action None. Revision Parameters ipdatalen udptotlen Context Parameters Rule Name Packet Buffer 2.27.10.

  • Page 359: Multicast_Ethernet_Ip_Address_Missmatch (Id: 07000033)

    2.27.12. multicast_ethernet_ip_address_missmatch Chapter 2. Log Message Reference (ID: 07000033) Packet Buffer 2.27.12. multicast_ethernet_ip_address_missmatch (ID: 07000033) Default Severity WARNING Log Message Received packet with a destination IP address <ip_multicast_addr> that does match Ethernet multicast address <eth_multicast_addr> Explanation A packet was received with an IP multicast Ethernet address as destination address, but the IP address in the IP header does however not match it.

  • Page 360: Oversize_Ah (Id: 07000052)

    2.27.15. oversize_ah (ID: 07000052) Chapter 2. Log Message Reference Dropping packet. Gateway Action drop Recommended Action This can be changed under the Advanced Settings section. Revision Parameters proto Context Parameters Rule Name Packet Buffer 2.27.15. oversize_ah (ID: 07000052) Default Severity WARNING Log Message Configured size limit for the AH protocol exceeded.

  • Page 361: Oversize_Ipip (Id: 07000055)

    2.27.18. oversize_ipip (ID: 07000055) Chapter 2. Log Message Reference Log Message Configured size limit for the OSPF protocol exceeded. Dropping Explanation The configured size limit for the OSPF protocol was exceeded. Dropping packet. Gateway Action drop Recommended Action This can be changed under the Advanced Settings section. Revision Parameters proto...

  • Page 362: Oversize_Ip (Id: 07000058)

    2.27.21. oversize_ip (ID: 07000058) Chapter 2. Log Message Reference Default Severity WARNING Log Message Configured size limit for the L2TP protocol exceeded. Dropping Explanation The configured size limit for the L2TP protocol was exceeded. Dropping packet. Gateway Action drop Recommended Action This can be changed under the Advanced Settings section.

  • Page 363: Hop_Limit_Low (Id: 07000060)

    2.27.24. fragmented_icmp (ID: Chapter 2. Log Message Reference 07000070) 2.27.23. hop_limit_low (ID: 07000060) Default Severity WARNING Log Message Received packet with too low HopLimit of <hoplimit>. Min HopLimit is <hoplimitmin>. Dropping Explanation The received packet has a HopLimit field which is too low. Dropping packet.

  • Page 364: Invalid_Icmp_Data_Ip_Ver (Id: 07000072)

    2.27.26. invalid_icmp_data_ip_ver (ID: Chapter 2. Log Message Reference 07000072) Context Parameters Rule Name Packet Buffer 2.27.26. invalid_icmp_data_ip_ver (ID: 07000072) Default Severity WARNING Log Message Invalid ICMP data. ICMPDataLen=<icmpdatalen> ICMPIPVer=<icmpipver>. Dropping Explanation An invalid IP version is specified in the ICMP data. Version 4 expected.

  • Page 365: Invalid_Icmp_Data_Invalid_Paramprob (Id: 07000075)

    2.27.29. invalid_icmp_data_invalid_paramprob Chapter 2. Log Message Reference (ID: 07000075) ICMPIPDataMinLen=<icmpipdataminlen>. Dropping Explanation The ICMP data length is invalid. The contained IP data must be atleast 8 bytes long. Dropping packet. Gateway Action drop Recommended Action None. Revision Parameters icmpdatalen icmpipdatalen icmpipdataminlen Context Parameters Rule Name...

  • Page 366: Dest_Beyond_Scope (Id: 07000080)

    2.27.31. dest_beyond_scope (ID: Chapter 2. Log Message Reference 07000080) Packet Buffer 2.27.31. dest_beyond_scope (ID: 07000080) Default Severity WARNING Log Message Destination is beyond the scope of the source address. Dropping Explanation Link-local source address and a global-scope destination address. Dropping packet. Gateway Action drop Recommended Action...

  • Page 367: 2.28. L2Tp

    2.28. L2TP Chapter 2. Log Message Reference 2.28. L2TP These log messages refer to the L2TP (L2TP tunnel events) category. 2.28.1. l2tpclient_resolve_successful (ID: 02800001) Default Severity NOTICE Log Message L2TP client <iface> resolved <remotegwname> to <remotegw> Explanation The L2TP client successfully resolved the DNS name of the remote gateway.

  • Page 368: L2Tp_Connection_Disallowed (Id: 02800004)

    2.28.4. l2tp_connection_disallowed Chapter 2. Log Message Reference (ID: 02800004) Parameters iface remotegw 2.28.4. l2tp_connection_disallowed (ID: 02800004) Default Severity NOTICE Log Message L2TP connection disallowed according to rule <rule>! Tunnel ID: <tunnelid>, Session ID: <sessionid> Explanation The L2TP connection is disallowed according to the specified userauth rule.

  • Page 369: L2Tp_Session_Closed (Id: 02800007)

    2.28.7. l2tp_session_closed (ID: Chapter 2. Log Message Reference 02800007) Gateway Action drop Recommended Action Make sure no manually configured routes to the L2TP server interface exists in the configuration. Revision Parameters iface 2.28.7. l2tp_session_closed (ID: 02800007) Default Severity NOTICE Log Message Closed L2TP session.

  • Page 370: L2Tp_Session_Request (Id: 02800010)

    2.28.10. l2tp_session_request (ID: Chapter 2. Log Message Reference 02800010) Recommended Action Make sure the peer is capable of MPPE encryption, or disable the MPPE requirement. Revision Parameters iface sessionid remotegw 2.28.10. l2tp_session_request (ID: 02800010) Default Severity NOTICE Log Message L2TP session request sent. Tunnel ID: <tunnelid> Explanation An L2TP session request has been sent over the specified L2TP tunnel.

  • Page 371: L2Tp_Session_Request (Id: 02800015)

    2.28.13. l2tp_session_request (ID: Chapter 2. Log Message Reference 02800015) Recommended Action Make sure the userauth rules are configured correctly. Revision Parameters tunnelid sessionid 2.28.13. l2tp_session_request (ID: 02800015) Default Severity NOTICE Log Message L2TP session request received. Tunnel ID: <tunnelid> Explanation A new session request was received on the specified tunnel.

  • Page 372: L2Tpclient_Tunnel_Up (Id: 02800018)

    2.28.16. l2tpclient_tunnel_up (ID: Chapter 2. Log Message Reference 02800018) Gateway Action accounting_disabled Recommended Action Make sure the RADIUS accounting configuration is correct. Revision 2.28.16. l2tpclient_tunnel_up (ID: 02800018) Default Severity NOTICE Log Message L2TP tunnel to <remotegw> is up. Tunnel ID: <tunnelid> Explanation L2TP tunnel negotiated successfully.
  • Page 373 2.28.18. waiting_for_ip_to_listen_on Chapter 2. Log Message Reference (ID: 02800050) address to the interface. Revision Parameters iface...

  • Page 374: 2.29. Natpool

    2.29. NATPOOL Chapter 2. Log Message Reference 2.29. NATPOOL These log messages refer to the NATPOOL (Events related to NAT Pools) category. 2.29.1. uninitialized_ippool (ID: 05600001) Default Severity ERROR Log Message NATPool <poolname> has not been initialized Explanation The NATPool is not initialized. This can happen if the NATPool contains no valid IP addresses.

  • Page 375: Out_Of_Memory (Id: 05600005)

    2.29.4. out_of_memory (ID: 05600005) Chapter 2. Log Message Reference Revision Parameters address poolname Context Parameters Connection 2.29.4. out_of_memory (ID: 05600005) Default Severity ERROR Log Message Out of memory while allocating NATPool state for <poolname> Explanation A state could not be allocated since the unit is out of memory. Gateway Action drop Recommended Action...

  • Page 376: Proxyarp_Failed (Id: 05600008)

    2.29.7. proxyarp_failed (ID: 05600008) Chapter 2. Log Message Reference Parameters poolname 2.29.7. proxyarp_failed (ID: 05600008) Default Severity ERROR Log Message Could not add dynamic ProxyARP route. NATPool <poolname> Explanation It was not possible to dynamically add a core route for the given IP address.

  • Page 377: Registerip_Failed (Id: 05600011)

    2.29.10. registerip_failed (ID: Chapter 2. Log Message Reference 05600011) concurrent states are wanted. Revision Parameters poolname num_states replacedip 2.29.10. registerip_failed (ID: 05600011) Default Severity WARNING Log Message Request to activate already active Translation IP address <ip> in pool <poolname> Explanation Attempt to activate an already active Translation IP.

  • Page 378: Synchronization_Failed (Id: 05600014)

    2.29.13. synchronization_failed (ID: Chapter 2. Log Message Reference 05600014) Revision Parameters poolname 2.29.13. synchronization_failed (ID: 05600014) Default Severity ERROR Log Message Failed to synchronize Translation IP address to peer Explanation Failed to synchronize Translation IP address to peer. Gateway Action None Recommended Action Check status of peer and verify High Availability configuration.

  • Page 379: 2.30. Ospf

    2.30. OSPF Chapter 2. Log Message Reference 2.30. OSPF These log messages refer to the OSPF (OSPF events) category. 2.30.1. internal_error (ID: 02400001) Default Severity WARNING Log Message Internal Error. Iface <iface> got IEvent <ievent> in IState <istate>. Ignored Explanation Internal error in the OSPF interface state engine.

  • Page 380: Bad_Packet_Len (Id: 02400004)

    2.30.4. bad_packet_len (ID: 02400004) Chapter 2. Log Message Reference Gateway Action None Recommended Action Check OSPF interface configuration. Revision Parameters iface neighborid myifaceip Context Parameters Rule Name 2.30.4. bad_packet_len (ID: 02400004) Default Severity WARNING Log Message Received OSPF packet with bad length Explanation Received OSPF packet with a bad length.

  • Page 381: Area_Mismatch (Id: 02400007)

    2.30.7. area_mismatch (ID: 02400007) Chapter 2. Log Message Reference Log Message Sender source <srcip> not within interface range (<ifacerange>) Explanation Received OSPF data from a neighboring router not within the receive interface range. Gateway Action drop Recommended Action Make sure all locally attached OSPF routes are on the same network. Revision Parameters srcip...

  • Page 382: Hello_Interval_Mismatch (Id: 02400009)

    2.30.9. hello_interval_mismatch (ID: Chapter 2. Log Message Reference 02400009) Packet Buffer 2.30.9. hello_interval_mismatch (ID: 02400009) Default Severity WARNING Log Message Hello interval mismatch. Received was <recv_interval>, mine is <my_interval>. Dropping Explanation Received OSPF data from a neighboring router with a mismatching hello interval.

  • Page 383: Hello_N_Flag_Mismatch (Id: 02400012)

    2.30.12. hello_n_flag_mismatch (ID: Chapter 2. Log Message Reference 02400012) E-flag (describes how AS-external-LSAs are flooded) configuration. Gateway Action drop Recommended Action Make sure all locally attached OSPF routers share the same E-flag configuration. Revision Parameters recv_e_flag my_e_flag Context Parameters Rule Name Packet Buffer 2.30.12.

  • Page 384: Auth_Mismatch (Id: 02400050)

    2.30.15. auth_mismatch (ID: 02400050) Chapter 2. Log Message Reference Default Severity WARNING Log Message Unknown LSA type <lsatype>. Dropping Explanation Received OSPF data from a neighbor which contained a unknown LSA. Gateway Action drop Recommended Action Check the configuration on the neighboring router. Revision Parameters lsatype...

  • Page 385: Bad_Auth_Crypto_Seq_Number (Id: 02400053)

    2.30.18. bad_auth_crypto_seq_number Chapter 2. Log Message Reference (ID: 02400053) Default Severity WARNING Log Message Authentication mismatch. Bad crypto key id. Received was <recv_id>, mine is <my_id> Explanation Authentication failed due to a bad crypto key id. Gateway Action drop Recommended Action Verify that the neighboring OSPF router share the same crypto key id.

  • Page 386: Dd_Mtu_Exceeds_Interface_Mtu (Id: 02400100)

    2.30.21. dd_mtu_exceeds_interface_mtu Chapter 2. Log Message Reference (ID: 02400100) Default Severity WARNING Log Message Checksum mismatch. Received was <recv_chksum>, mine is <my_chksum> Explanation Received OSPF data from neighbor with mismatching checksum. Gateway Action drop Recommended Action Check network equipment for problems. Revision Parameters recv_chksum...

  • Page 387: I_Flag_Misuse (Id: 02400102)

    2.30.23. i_flag_misuse (ID: 02400102) Chapter 2. Log Message Reference 2.30.23. i_flag_misuse (ID: 02400102) Default Severity WARNING Log Message Neighbor <neighbor> misused the I-flag. Restarting exchange Explanation Neighbor misused the I-flag. Gateway Action restart Recommended Action None. Revision Parameters neighbor Context Parameters Rule Name 2.30.24.

  • Page 388: Non_Dup_Dd (Id: 02400105)

    2.30.27. as_ext_on_stub (ID: Chapter 2. Log Message Reference 02400106) 2.30.26. non_dup_dd (ID: 02400105) Default Severity WARNING Log Message Neighbor <neighbor> sent a non dup DD from a higher state then exchange. Restarting exchange Explanation Received a non dup database descriptor from a neighbor in a higher state then exchange.

  • Page 389: Bad_Lsa_Sequencenumber (Id: 02400108)

    2.30.29. bad_lsa_sequencenumber Chapter 2. Log Message Reference (ID: 02400108) 2.30.29. bad_lsa_sequencenumber (ID: 02400108) Default Severity WARNING Log Message Got LSA with bad sequence number <seqnum>. Restarting exchange Explanation Received a LSA with a bad sequence number. Gateway Action restart Recommended Action None.

  • Page 390: Bad_Lsa_Sequencenumber (Id: 02400152)

    2.30.33. bad_lsa_sequencenumber Chapter 2. Log Message Reference (ID: 02400152) Default Severity WARNING Log Message Unknown LSA type (<lsa_type>). LSA is discarded Explanation Received LSA of unknown type. Gateway Action discard Recommended Action Check originating router configuration. Revision Parameters lsa_type Context Parameters Rule Name 2.30.33.

  • Page 391: Received_Selforg_For_Unknown_Lsa_Type (Id: 02400155)

    2.30.36. received_selforg_for_unknown_lsa_type Chapter 2. Log Message Reference (ID: 02400155) Log Message Received AS-EXT LSA on stub. LSA is discarded Explanation Received AS external LSA which is illegal on a stub area. Gateway Action discard Recommended Action None. Revision Context Parameters Rule Name 2.30.36.

  • Page 392: Upd_Packet_Lsa_Size_Mismatch (Id: 02400158)

    2.30.39. upd_packet_lsa_size_mismatch Chapter 2. Log Message Reference (ID: 02400158) Default Severity WARNING Log Message mismatched (LSA-<lsa> ID:<lsaid> AdvRtr:<lsartr>). ACK ingored Explanation Received acknowledge for mismatched LSA. Gateway Action None Recommended Action None. Revision Parameters lsaid lsartr Context Parameters Rule Name 2.30.39.

  • Page 393: Failed_To_Create_Replacement_Lsa (Id: 02400161)

    2.30.42. failed_to_create_replacement_lsa Chapter 2. Log Message Reference (ID: 02400161) Default Severity WARNING Log Message ACK packet LSA size mismatch. Parsing aborted Explanation Received OSPF ACK packet with a mismatching LSA size. Gateway Action abort Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.30.42.

  • Page 394: Too_Many_Neighbors (Id: 02400201)

    2.30.45. too_many_neighbors (ID: Chapter 2. Log Message Reference 02400201) Log Message Unknown neighbor(IP:<neighbor> ID:<neighborid>) seen on <iface>. Ignoring Explanation Unknown neighbor seen on PTP based interface. Gateway Action None Recommended Action Check for incorrectly configured neighbors. Revision Parameters neighbor neighborid iface Context Parameters Rule Name...

  • Page 395: Internal_Error_Unable_To_Map_Identifier (Id: 02400301)

    2.30.48. internal_error_unable_to_map_identifier Chapter 2. Log Message Reference (ID: 02400301) Default Severity WARNING Log Message Unable to find transport area <area> for VLINK <vlink> when building router LSA. Iface skipped Explanation Unable to find transport area for a vlink. Gateway Action skip_iface Recommended Action Check OSPF area configuration.

  • Page 396: Memory_Usage_Exceeded_70_Percent_Of_Max_Allowed (Id: 02400303)

    2.30.50. memory_usage_exceeded_70_percent_of_max_allowed Chapter 2. Log Message Reference (ID: 02400303) 2.30.50. memory_usage_exceeded_70_percent_of_max_allowed (ID: 02400303) Default Severity WARNING Log Message Memory usage for OSPF process <ospfproc> have now exceeded 70 percent of the maximum allowed Explanation The memory usage for a OSPF process have exceeded 70 percent of the maximum allowed.

  • Page 397: Internal_Lsa_Chksum_Error (Id: 02400306)

    2.30.53. internal_lsa_chksum_error Chapter 2. Log Message Reference (ID: 02400306) Context Parameters Rule Name 2.30.53. internal_lsa_chksum_error (ID: 02400306) Default Severity CRITICAL Log Message LSA internal checksum error Explanation Internal LSA checksum error. Gateway Action alert Recommended Action Check hardware for defects. Revision Context Parameters Rule Name...

  • Page 398: Internal_Error_Unable_To_Find_Iface_Connecting_To_Lsa (Id: 02400402)

    2.30.56. internal_error_unable_to_find_iface_connecting_to_lsa Chapter 2. Log Message Reference (ID: 02400402) 2.30.56. internal_error_unable_to_find_iface_connecting_to_lsa (ID: 02400402) Default Severity WARNING Log Message Internal error: Unable to find my interface connecting to described LSA (NetVtxId: <netvtxid>) Explanation Unable to find local interface connecting to described LSA. Gateway Action None Recommended Action...

  • Page 399: Internal_Error_Unable_Neighbor_Iface_Attached_Back_To_Me (Id: 02400405)

    2.30.59. internal_error_unable_neighbor_iface_attached_back_to_me Chapter 2. Log Message Reference (ID: 02400405) Parameters rtrvtxid Context Parameters Rule Name 2.30.59. internal_error_unable_neighbor_iface_attached_back_to_me (ID: 02400405) Default Severity WARNING Log Message Internal error: Unable to find neighbor (RtrVtxId: <rtrvtxid>) interface attached back to me Explanation Unable to find neighbor interface attached back. Gateway Action None Recommended Action...

  • Page 400: Memory_Allocation_Failure (Id: 02400500)

    2.30.62. memory_allocation_failure Chapter 2. Log Message Reference (ID: 02400500) Gateway Action None Recommended Action Contact support with a scenario description. Revision Parameters netvtxid Context Parameters Rule Name 2.30.62. memory_allocation_failure (ID: 02400500) Default Severity CRITICAL Log Message Internal Error: Memory allocation failure! OSPF process now considered inconsistent Explanation Memory allocation failure.
  • Page 401 2.30.64. failed_to_add_route (ID: Chapter 2. Log Message Reference 02400502) Revision Parameters route Context Parameters Rule Name...

  • Page 402: 2.31. Ppp

    2.31. PPP Chapter 2. Log Message Reference 2.31. PPP These log messages refer to the PPP (PPP tunnel events) category. 2.31.1. ip_pool_empty (ID: 02500001) Default Severity WARNING Log Message IPCP can not assign IP address to peer because the IP address pool is empty Explanation IPCP can not assign an IP address to the peer because there are no free...

  • Page 403: Seconday_Dns_Address_Required_But_Not_Received (Id: 02500004)

    2.31.4. seconday_dns_address_required_but_not_received Chapter 2. Log Message Reference (ID: 02500004) Revision Parameters tunnel_type 2.31.4. seconday_dns_address_required_but_not_received (ID: 02500004) Default Severity WARNING Log Message Secondary DNS address required but not received. PPP terminated Explanation Peer refuses to give out a secondary DNS address. Since reception of a secondary DNS address is required, PPP is terminated.

  • Page 404: Failed_To_Agree_On_Authentication_Protocol (Id: 02500050)

    2.31.7. failed_to_agree_on_authentication_protocol Chapter 2. Log Message Reference (ID: 02500050) Revision Parameters tunnel_type 2.31.7. failed_to_agree_on_authentication_protocol (ID: 02500050) Default Severity ERROR Log Message Failed to agree on authentication protocol. PPP terminated Explanation Failed to agree on PPP authentication protocol. PPP is terminated. Gateway Action ppp_terminated Recommended Action...

  • Page 405: Ppp_Tunnel_Limit_Exceeded (Id: 02500100)

    2.31.10. ppp_tunnel_limit_exceeded Chapter 2. Log Message Reference (ID: 02500100) Revision Parameters tunnel_type unsupported_lcp_option 2.31.10. ppp_tunnel_limit_exceeded (ID: 02500100) Default Severity ALERT Log Message PPP Tunnel license limit exceeded. PPP terminated Explanation PPP is terminated because the license restrictions do not allow any more PPP tunnels.

  • Page 406: Username_Too_Long (Id: 02500151)

    2.31.13. username_too_long (ID: Chapter 2. Log Message Reference 02500151) 2.31.13. username_too_long (ID: 02500151) Default Severity WARNING Log Message PPP CHAP username was truncated because it was too long Explanation PPP CHAP username was truncated because it was too long. Gateway Action chap_username_truncated Recommended Action Reconfigure the endpoints to use a shorter username.

  • Page 407: Password_Too_Long (Id: 02500351)

    2.31.17. password_too_long (ID: Chapter 2. Log Message Reference 02500351) Gateway Action pap_username_truncated Recommended Action Reconfigure the endpoints to use a shorter username. Revision Parameters tunnel_type 2.31.17. password_too_long (ID: 02500351) Default Severity WARNING Log Message PPP PAP password was truncated because it was too long Explanation PPP PAP password was truncated because it was too long.

  • Page 408: Authdb_Error (Id: 02500502)

    2.31.20. authdb_error (ID: 02500502) Chapter 2. Log Message Reference 2.31.20. authdb_error (ID: 02500502) Default Severity ERROR Log Message Local database authentication error. PPP Authentication terminated Explanation There was an error while authenticating using a local user database. PPP Authentication terminated. Gateway Action authentication_terminated Recommended Action...

  • Page 409: 2.32. Pppoe

    2.32. PPPOE Chapter 2. Log Message Reference 2.32. PPPOE These log messages refer to the PPPOE (PPPoE tunnel events) category. 2.32.1. pppoe_tunnel_up (ID: 02600001) Default Severity NOTICE Log Message PPPoE tunnel on <iface> established to <pppoeserver>. Auth: <auth>, IfaceIP: <ifaceip>, Downtime: <downtime> Explanation The PPPoE tunnel for the interface have been established.

  • Page 410: 2.33. Pptp

    2.33. PPTP Chapter 2. Log Message Reference 2.33. PPTP These log messages refer to the PPTP (PPTP tunnel events) category. 2.33.1. pptpclient_resolve_successful (ID: 02700001) Default Severity NOTICE Log Message PPTP client <iface> resolved <remotegwname> to <remotegw> Explanation The PPTP client succesfully resolved the DNS name of remote gateway.

  • Page 411: Unknown_Pptp_Auth_Source (Id: 02700004)

    2.33.4. unknown_pptp_auth_source Chapter 2. Log Message Reference (ID: 02700004) Revision Parameters rule remotegw callid 2.33.4. unknown_pptp_auth_source (ID: 02700004) Default Severity WARNING Log Message Unknown PPTP authentication source for <rule>! Remote gateway: <remotegw>, Call ID: <callid> Explanation The authentication source for the specified userauth rule found in the new configuration is unknown to the PPTP server.

  • Page 412: Mppe_Required (Id: 02700007)

    2.33.7. mppe_required (ID: 02700007) Chapter 2. Log Message Reference interface by a route that was either manually configured or set up by another subsystem. Traffic can only be sent out on the PPTP server using the dynamic routes set up by the interface itself. Gateway Action drop Recommended Action...

  • Page 413: Unsupported_Message (Id: 02700010)

    2.33.10. unsupported_message (ID: Chapter 2. Log Message Reference 02700010) Log Message PPTP session request sent on control connection to <remotegw> Explanation An PPTP session request has been sent on the control connection to the specified remote gateway. Gateway Action None Recommended Action None.

  • Page 414: Pptp_Session_Up (Id: 02700013)

    2.33.13. pptp_session_up (ID: Chapter 2. Log Message Reference 02700013) Default Severity WARNING Log Message PPP negotiation completed for session <callid> to <remotegw> on <iface>. User: <user>, Auth: <auth>, MPPE: <mppe>, Assigned IP: <assigned_ip> Explanation The PPP negotiation has completed successfully for this session. The specified interface, remote gateway and call ID identify the specific session.

  • Page 415: Session_Idle_Timeout (Id: 02700015)

    2.33.15. session_idle_timeout (ID: Chapter 2. Log Message Reference 02700015) Recommended Action None. Revision Parameters iface remotegw 2.33.15. session_idle_timeout (ID: 02700015) Default Severity WARNING Log Message PPTP session <callid> to <remotegw> on <iface> has been idle for too long. Closing it. Explanation A PPTP session has been idle for too long.

  • Page 416: Pptp_Tunnel_Up (Id: 02700019)

    2.33.18. pptp_tunnel_up (ID: Chapter 2. Log Message Reference 02700019) Revision Parameters iface remotegw 2.33.18. pptp_tunnel_up (ID: 02700019) Default Severity NOTICE Log Message PPTP tunnel up, client <remotegw> connected to <iface> Explanation A remote PPTP client has established a connection to this PPTP server.

  • Page 417: Pptp_Tunnel_Closed (Id: 02700022)

    2.33.21. pptp_tunnel_closed (ID: Chapter 2. Log Message Reference 02700022) Revision Parameters iface remotegw 2.33.21. pptp_tunnel_closed (ID: 02700022) Default Severity NOTICE Log Message PPTP tunnel to <remotegw> on <iface> closed. Explanation The PPTP tunnel to has been closed. Gateway Action None Recommended Action None.

  • Page 418: Pptp_No_Userauth_Rule_Found (Id: 02700026)

    2.33.24. pptp_no_userauth_rule_found Chapter 2. Log Message Reference (ID: 02700026) Revision Parameters rule iface remotegw 2.33.24. pptp_no_userauth_rule_found (ID: 02700026) Default Severity WARNING Log Message Did not find a matching userauth rule for the incoming PPTP connection. Interface: <iface>, Remote gateway: <remotegw>. Explanation The PPTP server was unsuccessful trying to find a userauth rule matching the incoming PPTP connection.
  • Page 419 2.33.26. waiting_for_ip_to_listen_on Chapter 2. Log Message Reference (ID: 02700050) server interface. If the PPTP server is supposed to listen on an IP assigned by a DHCP server, make sure that the DHCP server is working properly. Revision Parameters iface...

  • Page 420: 2.34. Reassembly

    2.34. REASSEMBLY Chapter 2. Log Message Reference 2.34. REASSEMBLY These log messages refer to the REASSEMBLY (Events concerning data reassembly) category. 2.34.1. ack_of_not_transmitted_data (ID: 04800002) Default Severity INFORMATIONAL Log Message TCP segment acknowledges data not yet transmitted Explanation A TCP segment that acknowledges data not yet transmitted was received.

  • Page 421: Memory_Allocation_Failure (Id: 04800005)

    2.34.4. memory_allocation_failure (ID: Chapter 2. Log Message Reference 04800005) Revision Context Parameters Connection 2.34.4. memory_allocation_failure (ID: 04800005) Default Severity ERROR Log Message Can't allocate memory to keep track of a packet Explanation The gateway is unable to allocate memory to keep track of packet that was received.

  • Page 422: Maximum_Connections_Limit_Reached (Id: 04800010)

    2.34.8. maximum_connections_limit_reached Chapter 2. Log Message Reference (ID: 04800010) Default Severity NOTICE Log Message Maximum processing memory limit reached Explanation The reassembly subsystem has reached the maximum limit set on its processing memory. This will decrease the performance of connections that are processed by the reassembly subsystem.

  • Page 423: 2.35. Rfo

    2.35. RFO Chapter 2. Log Message Reference 2.35. RFO These log messages refer to the RFO (Route fail over events) category. 2.35.1. has_ping (ID: 04100001) Default Severity NOTICE Log Message Interface <iface>, Table <table>, Net <net>: Route enabled, got PING reply from GW <gateway>...

  • Page 424: Unable_To_Register_Pingmon (Id: 04100004)

    2.35.4. unable_to_register_pingmon Chapter 2. Log Message Reference (ID: 04100004) Recommended Action None. Revision Parameters iface table gateway 2.35.4. unable_to_register_pingmon (ID: 04100004) Default Severity WARNING Log Message Interface <iface>, Table <table>, Net <net>: Route no longer monitored, unable to register PING monitor Explanation Internal Error: The route is no longer monitored.

  • Page 425: No_Arp (Id: 04100007)

    2.35.7. no_arp (ID: 04100007) Chapter 2. Log Message Reference reply from Gateway <gateway> Explanation Route is available. Received ARP reply from the gateway. Gateway Action route_enabled Recommended Action None. Revision Parameters iface table gateway 2.35.7. no_arp (ID: 04100007) Default Severity ERROR Log Message Interface <iface>, Table <table>, Net <net>: Route disabled, no ARP...

  • Page 426: Unable_To_Register_Arp_Monitor (Id: 04100009)

    2.35.10. no_link (ID: 04100010) Chapter 2. Log Message Reference 2.35.9. unable_to_register_arp_monitor (ID: 04100009) Default Severity WARNING Log Message Interface <iface>, Table <table>, Net <net>: Route no longer monitored via ARP, unable to register ARP monitor Explanation Internal Error: The route is no longer monitored. Failed to register ARP Route Monitor.

  • Page 427: Unable_To_Register_Interface_Monitor (Id: 04100012)

    2.35.13. unable_to_register_interface_monitor Chapter 2. Log Message Reference (ID: 04100013) 2.35.12. unable_to_register_interface_monitor (ID: 04100012) Default Severity ERROR Log Message Interface <iface>, Table <table>, Net <net>: Route no longer monitored, unable to register interface monitor Explanation Internal Error: Route is no longer monitored. Unable to register Interface Monitor.

  • Page 428: Hostmon_Successful (Id: 04100015)

    2.35.15. hostmon_successful (ID: Chapter 2. Log Message Reference 04100015) Revision Parameters iface table 2.35.15. hostmon_successful (ID: 04100015) Default Severity NOTICE Log Message Interface <iface>, Table <table>, Net <net>: Route enabled, host monitoring successful Explanation Route is available. Host monitoring successful. Gateway Action route_enabled Recommended Action...

  • Page 429: 2.36. Rule

    2.36. RULE Chapter 2. Log Message Reference 2.36. RULE These log messages refer to the RULE (Events triggered by rules) category. 2.36.1. ruleset_fwdfast (ID: 06000003) Default Severity NOTICE Log Message Packet statelessly forwarded (fwdfast) Explanation The packet matches a rule with a "fwdfast" action, and is statelessly forwarded.

  • Page 430: Rule_Match (Id: 06000007)

    2.36.4. rule_match (ID: 06000007) Chapter 2. Log Message Reference Rule Information Packet Buffer 2.36.4. rule_match (ID: 06000007) Default Severity DEBUG Log Message RETURN action trigged Explanation A rule with a special RETURN action was trigged by an IP-rule lookup. This log message only appears if you explicitly requested it for the rule in question, and it is considered of DEBUG severity.

  • Page 431: Block127Net (Id: 06000012)

    2.36.7. block127net (ID: 06000012) Chapter 2. Log Message Reference Context Parameters Rule Name Packet Buffer 2.36.7. block127net (ID: 06000012) Default Severity WARNING Log Message Destination address is the 127.* net. Dropping Explanation The destination address was the 127.* net, which is not allowed according to the configuration.

  • Page 432: Block0Net (Id: 06000021)

    2.36.10. block0net (ID: 06000021) Chapter 2. Log Message Reference Packet Buffer 2.36.10. block0net (ID: 06000021) Default Severity WARNING Log Message Destination address is the 0::/8 net. Accepting Explanation The destination address was the 0::/8 net, which is allowed according to the configuration. The packet is accepted. Gateway Action accept Recommended Action...

  • Page 433: Unknown_Vlanid (Id: 06000040)

    2.36.13. unknown_vlanid (ID: Chapter 2. Log Message Reference 06000040) 2.36.13. unknown_vlanid (ID: 06000040) Default Severity WARNING Log Message Received VLAN packet with unknown tag <vlanid>. Dropping Explanation The unit received a VLAN packet with an unknown tag, and the packet is dropped.
  • Page 434 2.36.16. unhandled_local (ID: Chapter 2. Log Message Reference 06000060) Default Severity NOTICE Log Message Allowed but unhandled packet to the firewall. Dropping Explanation A packet directed to the unit itself was received. The packet is allowed, but there is no matching state information for this packet. It is not part of any open connections, and will be dropped.

  • Page 435: 2.37. Sesmgr

    2.37. SESMGR Chapter 2. Log Message Reference 2.37. SESMGR These log messages refer to the SESMGR (Session Manager events) category. 2.37.1. sesmgr_session_created (ID: 04900001) Default Severity NOTICE Log Message Session connected for User: <user>. Database: <database>. IP: <ip>. Type: <type>. Explanation New session created in Session Manager.

  • Page 436: Sesmgr_Access_Set (Id: 04900004)

    2.37.4. sesmgr_access_set (ID: Chapter 2. Log Message Reference 04900004) Revision Parameters user database type 2.37.4. sesmgr_access_set (ID: 04900004) Default Severity NOTICE Log Message Access level changed to <access> for User: <user>. Database: <database>. IP: <ip>. Type: <type>. Explanation Access level has been changed for session. Gateway Action none Recommended Action...

  • Page 437: Sesmgr_Console_Denied (Id: 04900007)

    2.37.7. sesmgr_console_denied (ID: Chapter 2. Log Message Reference 04900007) Gateway Action deny_upload Recommended Action Terminate administrator session and try again. Revision Parameters user type 2.37.7. sesmgr_console_denied (ID: 04900007) Default Severity WARNING Log Message Could not create new console for User: <user>. Database: <database>. IP: <ip>.

  • Page 438: Sesmgr_Session_Activate (Id: 04900010)

    2.37.10. sesmgr_session_activate (ID: Chapter 2. Log Message Reference 04900010) Revision 2.37.10. sesmgr_session_activate (ID: 04900010) Default Severity NOTICE Log Message Session has been activated for User: <user>. Database: <database>. IP: <ip>. Type: <type>. Explanation Disabled session has been activated. Gateway Action none Recommended Action None.

  • Page 439: Sesmgr_Session_Access_Missing (Id: 04900015)

    2.37.13. sesmgr_session_access_missing Chapter 2. Log Message Reference (ID: 04900015) Parameters user database type 2.37.13. sesmgr_session_access_missing (ID: 04900015) Default Severity WARNING Log Message No access level set for User: <user>. Database: <database>. IP: <ip>. Type: <type>. Explanation No access level set for user, new session denied. Gateway Action deny_session Recommended Action...

  • Page 440: Sesmgr_Techsupport (Id: 04900018)

    2.37.16. sesmgr_techsupport (ID: Chapter 2. Log Message Reference 04900018) Recommended Action Check available memory. Revision 2.37.16. sesmgr_techsupport (ID: 04900018) Default Severity NOTICE Log Message Sending technical support file. Explanation Technical support file created and is being sent to user. Gateway Action techsupport_created Recommended Action None.

  • Page 441: 2.38. Slb

    2.38. SLB Chapter 2. Log Message Reference 2.38. SLB These log messages refer to the SLB (SLB events) category. 2.38.1. server_online (ID: 02900001) Default Severity NOTICE Log Message SLB Server <server_ip> is online according to monitor Explanation A disabled server has been determined to be alive again. Gateway Action Adding this server to the active servers list.

  • Page 442: 2.39. Smtplog

    2.39. SMTPLOG Chapter 2. Log Message Reference 2.39. SMTPLOG These log messages refer to the SMTPLOG (SMTPLOG events) category. 2.39.1. unable_to_establish_connection (ID: 03000001) Default Severity WARNING Log Message Unable to establish connection to SMTP server <smtp_server>. Send aborted Explanation The unit failed to establish a connection to the SMTP server. No SMTP Log will be sent.

  • Page 443: Receive_Timeout (Id: 03000005)

    2.39.4. receive_timeout (ID: 03000005) Chapter 2. Log Message Reference 2.39.4. receive_timeout (ID: 03000005) Default Severity WARNING Log Message Receive timeout from SMTP server <smtp_server>. Send aborted Explanation The unit timed out while receiving data from the SMTP server. No SMTP Log will be sent. Gateway Action abort_sending Recommended Action...

  • Page 444: Rejected_Recipient (Id: 03000009)

    2.39.8. rejected_recipient (ID: Chapter 2. Log Message Reference 03000009) Default Severity WARNING Log Message SMTP server <smtp_server> rejected sender <sender>. Send aborted Explanation The SMTP server rejected the sender. No SMTP Log will be sent. Gateway Action abort_sending Recommended Action Verify that the SMTP server is configured to accept this sender.

  • Page 445: Rejected_Message_Text (Id: 03000012)

    2.39.11. rejected_message_text (ID: Chapter 2. Log Message Reference 03000012) Gateway Action None Recommended Action Verify that the SMTP server is properly configured. Revision Parameters smtp_server 2.39.11. rejected_message_text (ID: 03000012) Default Severity WARNING Log Message SMTP server <smtp_server> rejected message text. Send aborted Explanation The SMTP server rejected the message text.

  • Page 446: 2.40. Snmp

    2.40. SNMP Chapter 2. Log Message Reference 2.40. SNMP These log messages refer to the SNMP (Allowed and disallowed SNMP accesses) category. 2.40.1. disallowed_sender (ID: 03100001) Default Severity NOTICE Log Message Disallowed SNMP from <peer>, disallowed sender IP Explanation The sender IP address is not allowed to send SNMP data to the unit. Dropping packet.

  • Page 447: 2.41. Sshd

    2.41. SSHD Chapter 2. Log Message Reference 2.41. SSHD These log messages refer to the SSHD (SSH Server events) category. 2.41.1. out_of_mem (ID: 04700001) Default Severity ERROR Log Message Out of memory Explanation Memory Allocation Failure. System is running low on RAM memory. Gateway Action close Recommended Action...

  • Page 448: Invalid_Mac (Id: 04700007)

    2.41.5. invalid_mac (ID: 04700007) Chapter 2. Log Message Reference Default Severity ERROR Log Message <error> occurred with the connection from client <client>. Explanation An error occurred, and the connection will be closed. Gateway Action close Recommended Action None. Revision Parameters error client 2.41.5.

  • Page 449: Invalid_Username_Change (Id: 04700025)

    2.41.8. invalid_username_change (ID: Chapter 2. Log Message Reference 04700025) Gateway Action close Recommended Action None. Revision Parameters fromname toname client 2.41.8. invalid_username_change (ID: 04700025) Default Severity WARNING Log Message Service change is not allowed. From serivce <fromservice> to <toservice>. Client: <client> Explanation User changed the service between two authentication phases, which is not allowed.

  • Page 450: Ssh_Inactive_Timeout_Expired (Id: 04700036)

    2.41.11. ssh_inactive_timeout_expired Chapter 2. Log Message Reference (ID: 04700036) Gateway Action close Recommended Action Increase the grace timeout value if it is set too low. Revision Parameters gracetime client 2.41.11. ssh_inactive_timeout_expired (ID: 04700036) Default Severity WARNING Log Message SSH session inactivity limit (<inactivetime>) has been reached. Closing connection.

  • Page 451: Key_Algo_Not_Supported. (Id: 04700055)

    2.41.14. key_algo_not_supported. (ID: Chapter 2. Log Message Reference 04700055) Revision Parameters client 2.41.14. key_algo_not_supported. (ID: 04700055) Default Severity ERROR Log Message The authentication algorithm type <keytype> is not supported. Client <client> Explanation The authentication algorithm that the client uses is not supported. Closing connection.

  • Page 452: Client_Disallowed (Id: 04700061)

    2.41.17. client_disallowed (ID: Chapter 2. Log Message Reference 04700061) Recommended Action None. Revision Parameters maxclients client 2.41.17. client_disallowed (ID: 04700061) Default Severity WARNING Log Message Client <client> not allowed access according to the "remotes" section. Explanation The client is not allowed access to the SSH server. Closing connection. Gateway Action close Recommended Action...
  • Page 453 2.41.19. scp_failed_not_admin (ID: Chapter 2. Log Message Reference 04704000) Revision Parameters...

  • Page 454: 2.42. Sslvpn

    2.42. SSLVPN Chapter 2. Log Message Reference 2.42. SSLVPN These log messages refer to the SSLVPN (SSLVPN events.) category. 2.42.1. sslvpn_session_created (ID: 06300010) Default Severity INFORMATIONAL Log Message SSL VPN Session created <remoteip>:<remoteport>. Explanation SSL VPN Session created [remoteip]:[remoteport]. Gateway Action None Recommended Action None.

  • Page 455: Sslvpn_Connection_Disallowed (Id: 06300203)

    2.42.5. sslvpn_connection_disallowed Chapter 2. Log Message Reference (ID: 06300203) Default Severity WARNING Log Message Failed to send Accounting Start to RADIUS Accounting Server. Accouting will be disabled. Interface: <iface> Explanation Failed to send START message to RADIUS accounting server. RADIUS accounting will be disabled for this session. The specified interface, remote gateway and call ID identify the specific session.

  • Page 456: User_Disconnected (Id: 06300205)

    2.42.8. sslvpn_connection_disallowed Chapter 2. Log Message Reference (ID: 06300224) 2.42.7. user_disconnected (ID: 06300205) Default Severity INFORMATIONAL Log Message User <user> is forcibly disconnected. Remote gateway: <remotegw> Explanation The connected client is forcibly disconnected by the userauth system. Gateway Action None Recommended Action None.

  • Page 457: Sslvpn_No_Userauth_Rule_Found (Id: 06300226)

    2.42.10. sslvpn_no_userauth_rule_found Chapter 2. Log Message Reference (ID: 06300226) 2.42.10. sslvpn_no_userauth_rule_found (ID: 06300226) Default Severity WARNING Log Message Did not find a matching userauth rule for the incoming SSL VPN connection. Interface: <iface>, Remote gateway: <remotegw>. Explanation The SSL VPN server was unsuccessful trying to find a userauth rule matching the incoming SSL VPN connection.

  • Page 458: 2.43. System

    2.43.2. demo_mode (ID: 03200021) Default Severity ALERT Log Message This copy of D-Link Firewall is in DEMO mode. Firewall core will halt in <time> seconds Explanation The unit is running in DEMO mode, and will eventually expire. Install a license in order to avoid this.

  • Page 459: Reset_Clock (Id: 03200101)

    2.43.4. reset_clock (ID: 03200101) Chapter 2. Log Message Reference Parameters oldtime newtime user 2.43.4. reset_clock (ID: 03200101) Default Severity NOTICE Log Message The clock at <oldtime> was manually reset to <newtime> Explanation The clock has manually been reset. Gateway Action None Recommended Action None.

  • Page 460: Hardware_Watchdog_Initialized (Id: 03200260)

    2.43.8. hardware_watchdog_initialized Chapter 2. Log Message Reference (ID: 03200260) Default Severity ERROR Log Message NITROX II interfaces restarted. Explanation NITROX II interfaces restarted. Gateway Action None Recommended Action None. Revision 2.43.8. hardware_watchdog_initialized (ID: 03200260) Default Severity NOTICE Log Message Hardware Watchdog <hardware_watchdog_chip>...

  • Page 461: Port_Hlm_Conversion (Id: 03200302)

    2.43.11. port_hlm_conversion (ID: Chapter 2. Log Message Reference 03200302) Explanation Failed to allocate a dynamic port, as all ports are in use. Gateway Action None Recommended Action None. Revision Parameters reason localip destip port_base port_end 2.43.11. port_hlm_conversion (ID: 03200302) Default Severity NOTICE Log Message Using High Load Mode for Local IP <localip>...

  • Page 462: Log_Messages_Lost_Due_To_Log_Buffer_Exhaust (Id: 03200401)

    2.43.14. log_messages_lost_due_to_log_buffer_exhaust Chapter 2. Log Message Reference (ID: 03200401) Default Severity WARNING Log Message <logcnt> messages lost due to throttling Explanation Due to extensive logging, a number of log messages was not sent. Gateway Action None Recommended Action Examine why the unit sent such a large amount of log messages. If this is normal activity, the "LogSendPerSec"...

  • Page 463: Disk_Cannot_Remove_File (Id: 03200601)

    2.43.17. disk_cannot_remove_file (ID: Chapter 2. Log Message Reference 03200601) Gateway Action None Recommended Action Verify that the new configuration file does not contain errors that would cause bi-directional communication failure. Revision Parameters localcfgver remotecfgver timeout 2.43.17. disk_cannot_remove_file (ID: 03200601) Default Severity CRITICAL Log Message Failed to remove <file>, bi-directional communication will now...

  • Page 464: Disk_Cannot_Rename (Id: 03200604)

    2.43.20. disk_cannot_rename (ID: Chapter 2. Log Message Reference 03200604) protected. Revision Parameters old_cfg 2.43.20. disk_cannot_rename (ID: 03200604) Default Severity ERROR Log Message Failed to rename <cfg_new> to <cfg_real> Explanation The unit failed to rename the new configuration file to the real configuration file name.

  • Page 465: Bidir_Ok (Id: 03200607)

    2.43.23. bidir_ok (ID: 03200607) Chapter 2. Log Message Reference Revision 2.43.23. bidir_ok (ID: 03200607) Default Severity NOTICE Log Message Configuration <localcfgver><remotecfgver> verified for bi-directional communication Explanation The new configuration has been verified for communication back to peer, and will now be used as the active configuration. Gateway Action None Recommended Action...

  • Page 466: Shutdown (Id: 03201011)

    2.43.26. shutdown (ID: 03201011) Chapter 2. Log Message Reference 2.43.26. shutdown (ID: 03201011) Default Severity NOTICE Log Message Shutdown aborted. Core file <core> missing Explanation The unit was issued a shutdown command, but no core executable file is seen. The shutdown process is aborted. Gateway Action shutdown_gateway_aborted Recommended Action...

  • Page 467: Startup_Normal (Id: 03202000)

    2.43.30. startup_echo (ID: 03202001) Chapter 2. Log Message Reference 2.43.29. startup_normal (ID: 03202000) Default Severity NOTICE Log Message Security gateway starting. Core: <corever>. Build: <build>. Current uptime: <uptime>. Using configuration file <cfgfile>, version <localcfgver> <remotecfgver>. Previous shutdown: <previous_shutdown> Explanation The Security Gateway is starting up. Gateway Action None Recommended Action...

  • Page 468: Admin_Login (Id: 03203000)

    2.43.32. admin_login (ID: 03203000) Chapter 2. Log Message Reference Explanation The Security Gateway is shutting down. Gateway Action shutdown Recommended Action None. Revision Parameters shutdown 2.43.32. admin_login (ID: 03203000) Default Severity NOTICE Log Message Administrative user <username> logged in via <authsystem>. Access level: <access_level>...

  • Page 469: Sslvpnuser_Login (Id: 03203004)

    2.43.35. sslvpnuser_login (ID: Chapter 2. Log Message Reference 03203004) Default Severity WARNING Log Message Administrative user <username> failed to log in via <authsystem>, because of bad credentials Explanation An adminsitrative user failed to log in to configuration system. This is most likely due to an invalid entered username or password.

  • Page 470: Accept_Configuration (Id: 03204001)

    2.43.37. accept_configuration (ID: Chapter 2. Log Message Reference 03204001) Revision Parameters authsystem 2.43.37. accept_configuration (ID: 03204001) Default Severity NOTICE Log Message configuration activated user <username> from <config_system> <client_ip>. Explanation The new configuration has been successfully activated. Gateway Action using_new_config Recommended Action None.

  • Page 471: Admin_Timeout (Id: 03206000)

    2.43.40. admin_timeout (ID: 03206000) Chapter 2. Log Message Reference Recommended Action None. Revision Parameters authsystem user pre_change_date_time post_change_date_time 2.43.40. admin_timeout (ID: 03206000) Default Severity NOTICE Log Message Administrative user <username> timed out from <authsystem> Explanation The administrative user has been inactive for too long, and has been automatically logged out.
  • Page 472 2.43.42. admin_login_internal_error Chapter 2. Log Message Reference (ID: 03206002) Log Message Internal error occured when administrative user <username> tried to login, not allowed access via <authsystem> Explanation An internal error occured when the user tried to log in, and as a result has not been given administration access.

  • Page 473: 2.44. Tcp_Flag

    2.44. TCP_FLAG Chapter 2. Log Message Reference 2.44. TCP_FLAG These log messages refer to the TCP_FLAG (Events concerning the TCP header flags) category. 2.44.1. tcp_flags_set (ID: 03300001) Default Severity NOTICE Log Message The TCP <good_flag> and <bad_flag> flags are set. Allowing Explanation The possible combinations for these flags are: SYN URG, SYN PSH, SYN RST, SYN FIN and FIN URG.

  • Page 474: Tcp_Flag_Set (Id: 03300004)

    2.44.4. tcp_flag_set (ID: 03300004) Chapter 2. Log Message Reference Explanation The TCP flag is set. Ignoring. Gateway Action ignore Recommended Action None. Revision Parameters bad_flag Context Parameters Rule Name Packet Buffer 2.44.4. tcp_flag_set (ID: 03300004) Default Severity NOTICE Log Message The TCP <bad_flag>...

  • Page 475: Tcp_Flag_Set (Id: 03300009)

    2.44.7. tcp_flag_set (ID: 03300009) Chapter 2. Log Message Reference SYN RST, SYN FIN and FIN URG. Gateway Action drop Recommended Action If any of these combinations should either be ignored or having the bad flag stripped, specify this in configuration, in the "Settings" sub system.

  • Page 476: Mismatched_Syn_Resent (Id: 03300011)

    2.44.9. mismatched_syn_resent (ID: Chapter 2. Log Message Reference 03300011) 2.44.9. mismatched_syn_resent (ID: 03300011) Default Severity WARNING Log Message Mismatched syn "resent" with seq <seqno>, expected <origseqno>. Dropping Explanation Mismatching sequence numbers. Dropping packet. Gateway Action drop Recommended Action None. Revision Parameters seqno origseqno...

  • Page 477: Rst_Out_Of_Bounds (Id: 03300015)

    2.44.12. rst_out_of_bounds (ID: Chapter 2. Log Message Reference 03300015) Parameters seqno expectseqno Context Parameters Rule Name Connection Packet Buffer 2.44.12. rst_out_of_bounds (ID: 03300015) Default Severity WARNING Log Message Originator RST seq <seqno> is not in window <winstart>...<winend>. Dropping Explanation The RST flag sequence number is not within the receiver window. Dropping packet.

  • Page 478: Rst_Without_Ack (Id: 03300018)

    2.44.15. rst_without_ack (ID: Chapter 2. Log Message Reference 03300018) Default Severity NOTICE Log Message TCP acknowledgement <ack> is not in the acceptable range <accstart>-<accend>. Dropping Explanation A TCP segment with an unacceptable acknowledgement number was received during state SYN_SENT. The packet will be dropped. Gateway Action drop Recommended Action...

  • Page 479: Tcp_Recv_Windows_Drained (Id: 03300022)

    2.44.17. tcp_recv_windows_drained Chapter 2. Log Message Reference (ID: 03300022) Parameters seqno accstart accend Context Parameters Rule Name Connection Packet Buffer 2.44.17. tcp_recv_windows_drained (ID: 03300022) Default Severity CRITICAL Log Message large receive windows. Maximum windows: <max_windows>. Triggered <num_events> times last 10 seconds. Explanation The TCP stack could not accept incomming data since it has run out of large TCP receive windows.

  • Page 480: Tcp_Seqno_Too_Low_With_Syn (Id: 03300025)

    2.44.20. tcp_seqno_too_low_with_syn Chapter 2. Log Message Reference (ID: 03300025) Explanation The TCP stack could not get a free socket. This event was triggered [num_events] times during the last 10 seconds. Gateway Action None Recommended Action None. Revision 2.44.20. tcp_seqno_too_low_with_syn (ID: 03300025) Default Severity DEBUG Log Message...

  • Page 481: 2.45. Tcp_Opt

    2.45. TCP_OPT Chapter 2. Log Message Reference 2.45. TCP_OPT These log messages refer to the TCP_OPT (Events concerning the TCP header options) category. 2.45.1. tcp_mss_too_low (ID: 03400001) Default Severity NOTICE Log Message TCP MSS <mss> too low. TCPMSSMin=<minmss> Explanation The TCP MSS is too low. Ignoring. Gateway Action ignore Recommended Action...

  • Page 482: Tcp_Mss_Too_High (Id: 03400004)

    2.45.4. tcp_mss_too_high (ID: Chapter 2. Log Message Reference 03400004) Gateway Action None Recommended Action None. Revision Parameters tcpopt maxmss Context Parameters Rule Name Packet Buffer 2.45.4. tcp_mss_too_high (ID: 03400004) Default Severity NOTICE Log Message TCP MSS <mss> too high. TCPMSSMax=<maxmss>. Adjusting Explanation The TCP MSS is too high.

  • Page 483: Tcp_Option (Id: 03400006)

    2.45.7. tcp_option_strip (ID: 03400007) Chapter 2. Log Message Reference 2.45.6. tcp_option (ID: 03400006) Default Severity NOTICE Log Message Packet has a type <tcpopt> TCP option Explanation The packet has a TCP Option of the specified type. Ignoring. Gateway Action ignore Recommended Action None.

  • Page 484: Bad_Tcpopt_Length (Id: 03400011)

    2.45.9. bad_tcpopt_length (ID: Chapter 2. Log Message Reference 03400011) Packet Buffer 2.45.9. bad_tcpopt_length (ID: 03400011) Default Severity WARNING Log Message Type <tcpopt> claims length=<len> bytes, avail=<avail> bytes. Dropping Explanation The TCP Option type does not fit in the option space. Dropping packet.

  • Page 485: Tcp_Mss_Too_High (Id: 03400014)

    2.45.12. tcp_mss_too_high (ID: Chapter 2. Log Message Reference 03400014) Recommended Action None. Revision Parameters tcpopt minmss Context Parameters Rule Name Packet Buffer 2.45.12. tcp_mss_too_high (ID: 03400014) Default Severity WARNING Log Message TCP MSS <mss> too high. TCPMSSMax=<maxmss>. Dropping Explanation The TCP MSS is too high. Dropping packet. Gateway Action drop Recommended Action...

  • Page 486: Multiple_Tcp_Ws_Options (Id: 03400017)

    2.45.15. multiple_tcp_ws_options (ID: Chapter 2. Log Message Reference 03400017) Explanation The packet has no SYN, ACK, FIN or RST flag set. Dropping packet. Gateway Action drop Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.45.15. multiple_tcp_ws_options (ID: 03400017) Default Severity WARNING Log Message...
  • Page 487 2.45.17. mismatching_tcp_window_scale Chapter 2. Log Message Reference (ID: 03400019) Explanation TCP segment with a window scale option specifying a different shift count than previous segments was received. The lower of the two values will be used. Gateway Action adjust Recommended Action None.

  • Page 488: 2.46. Threshold

    2.46. THRESHOLD Chapter 2. Log Message Reference 2.46. THRESHOLD These log messages refer to the THRESHOLD (Threshold rule events) category. 2.46.1. conn_threshold_exceeded (ID: 05300100) Default Severity WARNING Log Message Connection threshold <description> exceeded <threshold>. Source IP: <srcip>. Closing connection Explanation The source ip is opening up new connections too fast.

  • Page 489: Failed_To_Keep_Connection_Count (Id: 05300200)

    2.46.4. failed_to_keep_connection_count Chapter 2. Log Message Reference (ID: 05300200) Recommended Action Investigate worms and DoS attacks. Revision Parameters description threshold srcip Context Parameters Rule Name 2.46.4. failed_to_keep_connection_count (ID: 05300200) Default Severity ERROR Log Message Failed to keep connection count. Reason: Out of memory Explanation The device was unable to allocate resources needed to include the connection in the connection count kept by threshold rules.

  • Page 490: Threshold_Conns_From_Srcip_Exceeded (Id: 05300211)

    2.46.7. threshold_conns_from_srcip_exceeded Chapter 2. Log Message Reference (ID: 05300211) Explanation The number of connections matching the threshold rule and originating from a single host exceeds the configured threshold. Note: This log message is rate limited via an exponential back-off procedure. Gateway Action none Recommended Action...

  • Page 491: Threshold_Conns_From_Filter_Exceeded (Id: 05300213)

    2.46.9. threshold_conns_from_filter_exceeded Chapter 2. Log Message Reference (ID: 05300213) Revision Parameters threshold srcip [username] Context Parameters Rule Name 2.46.9. threshold_conns_from_filter_exceeded (ID: 05300213) Default Severity NOTICE Log Message The number of connections matching the rule exceeds <threshold>. The Offending host is <srcip>. Explanation The number of connections matching the threshold rule exceeds the configured threshold.

  • Page 492: 2.47. Timesync

    2.47. TIMESYNC Chapter 2. Log Message Reference 2.47. TIMESYNC These log messages refer to the TIMESYNC (Firewall time synchronization events) category. 2.47.1. synced_clock (ID: 03500001) Default Severity NOTICE Log Message The clock at <oldtime>, was off by <clockdrift> second(s) and synchronized with <timeserver>...
  • Page 493 2.47.3. clockdrift_too_high (ID: Chapter 2. Log Message Reference 03500003) Revision Parameters clockdrift timeserver interval...

  • Page 494: 2.48. Transparency

    2.48. TRANSPARENCY Chapter 2. Log Message Reference 2.48. TRANSPARENCY These log messages refer to the TRANSPARENCY (Events concerning the Transparent Mode feature) category. 2.48.1. impossible_hw_sender_address (ID: 04400410) Default Severity WARNING Log Message Impossible hardware sender address 0000:0000:0000. Dropping. Explanation Some equipment on the network is sending packets with a source MAC address of 0000:0000:0000.

  • Page 495: Enet_Hw_Sender_Broadcast (Id: 04400413)

    2.48.4. enet_hw_sender_broadcast Chapter 2. Log Message Reference (ID: 04400413) Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.48.4. enet_hw_sender_broadcast (ID: 04400413) Default Severity WARNING Log Message Ethernet hardware sender is a broadcast address. Dropping. Explanation The Ethernet hardware sender address is a broadcast address. The packet will be dropped.

  • Page 496: Enet_Hw_Sender_Multicast (Id: 04400416)

    2.48.7. enet_hw_sender_multicast (ID: Chapter 2. Log Message Reference 04400416) Gateway Action rewrite Recommended Action None. Revision Context Parameters Rule Name Packet Buffer 2.48.7. enet_hw_sender_multicast (ID: 04400416) Default Severity WARNING Log Message Ethernet hardware sender is a multicast address. Dropping. Explanation The Ethernet hardware sender address is a multicast address.

  • Page 497: Invalid_Stp_Frame (Id: 04400419)

    2.48.10. invalid_stp_frame (ID: Chapter 2. Log Message Reference 04400419) Recommended Action None. Revision Parameters recvif 2.48.10. invalid_stp_frame (ID: 04400419) Default Severity WARNING Log Message Incoming STP frame from <recvif> dropped. Reason: <reason> Explanation An incoming Spanning-Tree frame has been dropped since it is either malformed or its type is unknown.

  • Page 498: Invalid_Mpls_Packet (Id: 04400422)

    2.48.13. invalid_mpls_packet (ID: Chapter 2. Log Message Reference 04400422) Revision Parameters recvif 2.48.13. invalid_mpls_packet (ID: 04400422) Default Severity WARNING Log Message Incoming MPLS packet on <recvif> dropped. Reason: <reason> Explanation An incoming MPLS packet has been dropped since it was malformed. Gateway Action drop Recommended Action...

  • Page 499: 2.49. Userauth

    2.49. USERAUTH Chapter 2. Log Message Reference 2.49. USERAUTH These log messages refer to the USERAUTH (User authentication (e.g. RADIUS) events) category. 2.49.1. accounting_start (ID: 03700001) Default Severity INFORMATIONAL Log Message Successfully received RADIUS Accounting START response from RADIUS Accounting server Explanation The unit received a valid response to an Accounting-Start event from the Accounting Server.

  • Page 500: Invalid_Accounting_Start_Server_Response (Id: 03700004)

    2.49.4. invalid_accounting_start_server_response Chapter 2. Log Message Reference (ID: 03700004) Recommended Action Verify that the RADIUS Accounting server daemon is running on the Accounting Server. Revision Context Parameters User Authentication 2.49.4. invalid_accounting_start_server_response (ID: 03700004) Default Severity ALERT Log Message Received an invalid RADIUS Accounting START response from RADIUS Accounting server.

  • Page 501: Failed_To_Send_Accounting_Stop (Id: 03700007)

    2.49.7. failed_to_send_accounting_stop Chapter 2. Log Message Reference (ID: 03700007) Explanation The authenticated user is logged out as an invalid response to the Accounting-Start event was received from the Accounting Server. Gateway Action logout_user Recommended Action Verify that the RADIUS Accounting server is properly configured. Revision Context Parameters User Authentication...

  • Page 502: Invalid_Accounting_Stop_Server_Response (Id: 03700009)

    2.49.10. no_accounting_stop_server_response Chapter 2. Log Message Reference (ID: 03700010) 2.49.9. invalid_accounting_stop_server_response (ID: 03700009) Default Severity WARNING Log Message Received a RADIUS Accounting STOP response with an Identifier mismatch. Ignoring this packet Explanation The unit received a response with an invalid Identifier mismatch. This can be the result of a busy network, causing accounting event re-sends.

  • Page 503: Failure_Init_Radius_Accounting (Id: 03700012)

    2.49.12. failure_init_radius_accounting Chapter 2. Log Message Reference (ID: 03700012) Recommended Action Verify that the RADIUS Accounting server is properly configured. Revision Context Parameters User Authentication 2.49.12. failure_init_radius_accounting (ID: 03700012) Default Severity ALERT Log Message Failed to send Accounting Start to RADIUS Accounting Server. Accounting will be disabled Explanation The unit failed to send an Accounting-Start event to the Accounting...

  • Page 504: User_Timeout (Id: 03700020)

    2.49.15. user_timeout (ID: 03700020) Chapter 2. Log Message Reference Gateway Action accounting_disabled Recommended Action Verify that a route exists from the unit to the RADIUS Accounting server, and that it is properly configured. Revision Context Parameters User Authentication 2.49.15. user_timeout (ID: 03700020) Default Severity NOTICE Log Message...

  • Page 505: Accounting_Alive (Id: 03700050)

    2.49.18. accounting_alive (ID: Chapter 2. Log Message Reference 03700050) Recommended Action Lower the number of groups that this user belongs to. Revision Parameters username 2.49.18. accounting_alive (ID: 03700050) Default Severity NOTICE Log Message Successfully received RADIUS Accounting Interim response from RADIUS Accounting server.

  • Page 506: No_Accounting_Interim_Server_Response (Id: 03700052)

    2.49.21. invalid_accounting_interim_server_response Chapter 2. Log Message Reference (ID: 03700053) 2.49.20. no_accounting_interim_server_response (ID: 03700052) Default Severity ALERT Log Message Did not receive a RADIUS Accounting Interim response. User statistics might not have been updated on the Accounting Server Explanation The unit did not receive a response to an Accounting-Interim event from the Accounting Server.

  • Page 507: Relogin_From_New_Srcip (Id: 03700100)

    2.49.23. relogin_from_new_srcip (ID: Chapter 2. Log Message Reference 03700100) Recommended Action None. Revision Context Parameters User Authentication 2.49.23. relogin_from_new_srcip (ID: 03700100) Default Severity WARNING Log Message User with the same username is logging in from another IP address, logging out current instance Explanation A user with the same username as an already authenticated user is logging in.

  • Page 508: Bad_User_Credentials (Id: 03700104)

    2.49.26. bad_user_credentials (ID: Chapter 2. Log Message Reference 03700104) Parameters idle_timeout session_timeout [groups] Context Parameters User Authentication 2.49.26. bad_user_credentials (ID: 03700104) Default Severity NOTICE Log Message Unknown user or invalid password Explanation A user failed to log in. The entered username or password was invalid. Gateway Action None Recommended Action...

  • Page 509: Userauthrules_Disallowed (Id: 03700107)

    2.49.29. userauthrules_disallowed (ID: Chapter 2. Log Message Reference 03700107) 2.49.29. userauthrules_disallowed (ID: 03700107) Default Severity WARNING Log Message Denied access according to UserAuthRules rule-set Explanation The user is not allowed to authenticate according to the UserAuthRules rule-set. Gateway Action None Recommended Action None.

  • Page 510: Ldap_Session_New_Out_Of_Memory (Id: 03700401)

    2.49.33. ldap_session_new_out_of_memory Chapter 2. Log Message Reference (ID: 03700401) Default Severity NOTICE Log Message User logged out Explanation A user logged out, and is no longer authenticated. Gateway Action None Recommended Action None. Revision Context Parameters User Authentication 2.49.33. ldap_session_new_out_of_memory (ID: 03700401) Default Severity ALERT Log Message...

  • Page 511: Ldap_User_Authentication_Failed (Id: 03700404)

    2.49.36. ldap_user_authentication_failed Chapter 2. Log Message Reference (ID: 03700404) Recommended Action None. Revision Parameters user 2.49.36. ldap_user_authentication_failed (ID: 03700404) Default Severity NOTICE Log Message LDAP Authentication failed for <user> Explanation Authentication attempt failed. Gateway Action None Recommended Action None. Revision Parameters user 2.49.37.

  • Page 512: Invalid_Username_Or_Password (Id: 03700408)

    2.49.40. invalid_username_or_password Chapter 2. Log Message Reference (ID: 03700408) Default Severity ALERT Log Message Cannot bind to LDAP database <database> Explanation Cannot bind the the LDAP database using the configured username and password. Gateway Action database connection disabled Recommended Action Check configuration.

  • Page 513: Ldap_No_Working_Server_Found (Id: 03700424)

    2.49.43. ldap_no_working_server_found Chapter 2. Log Message Reference (ID: 03700424) Recommended Action None. Revision Parameters SessionID user ldap_server_ip 2.49.43. ldap_no_working_server_found (ID: 03700424) Default Severity NOTICE Log Message LDAP no working server found Explanation LDAP no working server found. Gateway Action None Recommended Action None.

  • Page 514: Bad_Packet_Order (Id: 03700502)

    2.49.46. bad_packet_order (ID: Chapter 2. Log Message Reference 03700502) Gateway Action ssl_close Recommended Action Investigate the source of this, and try to find out if it is a part of a possible attack, or normal traffic. Revision Parameters client_ip 2.49.46. bad_packet_order (ID: 03700502) Default Severity ERROR Log Message...

  • Page 515: Bad_Clientkeyexchange_Msg (Id: 03700505)

    2.49.49. bad_clientkeyexchange_msg Chapter 2. Log Message Reference (ID: 03700505) Recommended Action None. Revision Parameters client_ip 2.49.49. bad_clientkeyexchange_msg (ID: 03700505) Default Severity ERROR Log Message SSL Handshake: Bad ClientKeyExchange message. Closing down SSL connection Explanation The ClientKeyExchange message (which is a part of a SSL handshake) is invalid, and the SSL connection is closed.

  • Page 516: Unknown_Ssl_Error (Id: 03700508)

    2.49.52. unknown_ssl_error (ID: Chapter 2. Log Message Reference 03700508) Parameters client_ip 2.49.52. unknown_ssl_error (ID: 03700508) Default Severity ERROR Log Message Unknown SSL error. Closing down SSL connection Explanation An unknown error occured in the SSL connection, and the SSL connection is closed. Gateway Action ssl_close Recommended Action...

  • Page 517: Sent_Sslalert (Id: 03700511)

    2.49.55. sent_sslalert (ID: 03700511) Chapter 2. Log Message Reference level description 2.49.55. sent_sslalert (ID: 03700511) Default Severity ERROR Log Message Sent SSL Alert. Closing down SSL connection Explanation The unit has sent a SSL Alert message to the client, due to some abnormal event.

  • Page 518: 2.50. Vfs

    2.50. VFS Chapter 2. Log Message Reference 2.50. VFS These log messages refer to the VFS (VFS file handling events) category. 2.50.1. odm_execute_failed (ID: 05200001) Default Severity NOTICE Log Message Usage of file "<filename>" failed. File validated as "<description>". Explanation An uploaded file ([filename]) was validated as "[description]".

  • Page 519: Odm_Execute_Action_None (Id: 05200004)

    2.50.4. odm_execute_action_none (ID: Chapter 2. Log Message Reference 05200004) Revision Parameters filename description 2.50.4. odm_execute_action_none (ID: 05200004) Default Severity NOTICE Log Message Uploaded file (<filename>) could not be recognized as a known type. Explanation An uploaded file could not be recognized as a known type. Gateway Action None Recommended Action...

  • Page 520: Upload_Certificate_Fail (Id: 05200007)

    2.50.7. upload_certificate_fail (ID: Chapter 2. Log Message Reference 05200007) 2.50.7. upload_certificate_fail (ID: 05200007) Default Severity NOTICE Log Message Certificate data in file <filename>, could not be added to the configuration Explanation Certificate data could not be added to the configuration. Gateway Action None Recommended Action...

  • Page 521: 2.51. Zonedefense

    2.51. ZONEDEFENSE Chapter 2. Log Message Reference 2.51. ZONEDEFENSE These log messages refer to the ZONEDEFENSE (ZoneDefense events) category. 2.51.1. unable_to_allocate_send_entries (ID: 03800001) Default Severity WARNING Log Message Unable to allocate send entry. Sending of request to <switch> abandoned Explanation Unable to allocate send entry.

  • Page 522: Out_Of_Mac_Profiles (Id: 03800005)

    2.51.5. out_of_mac_profiles (ID: Chapter 2. Log Message Reference 03800005) Default Severity WARNING Log Message Unable to accommodate block request since out of IP profiles on <switch> Explanation There are no free IP profiles left on the switch. No more hosts can be be blocked/excluded on this switch.

  • Page 523: Failed_Writing_Zonededense_State_To_Media (Id: 03800008)

    2.51.8. failed_writing_zonededense_state_to_media Chapter 2. Log Message Reference (ID: 03800008) Log Message No response from switch <switch> while trying to create <type> rule in profile <profile> Explanation Several attempts to create a rule in the switch has timed out. No more attempts will be made.

  • Page 524: Failed_To_Erase_Profile (Id: 03800011)

    2.51.11. failed_to_erase_profile (ID: Chapter 2. Log Message Reference 03800011) Log Message No response from switch <switch> while trying to erase <type> profile <profile> Explanation Several attempts to erase a profile in the switch has timed out. No more attempts will be made. Gateway Action task_ignored Recommended Action...

  • Page 525: Zd_Block (Id: 03800014)

    2.51.14. zd_block (ID: 03800014) Chapter 2. Log Message Reference Explanation Several attempts to save the configuration in the switch has timed out. No more attempts will be made. Gateway Action task_ignored Recommended Action Verify that the firewall is able to communicate with the switch. Revision Parameters switch...
  • Page 526 2.51.14. zd_block (ID: 03800014) Chapter 2. Log Message Reference...

This manual is also suitable for:

Dfl-860eDfl-2560gDfl-1660Dfl-2560

Table of Contents