D-Link DFL- 860 Log Reference Manual Download | Manualshive

Page: 226 / 476

background image

srcport
destip
destport

Context Parameters

Rule Name
Deep Inspection

2.17.3. intrusion_detected (ID: 01300003)

Default Severity

WARNING

Log Message

Intrusion detected: <description>, Signature ID=<signatureid>. ID
Rule: <idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port:
<srcport>. Destination IP: <destip>. Destination Port: <destport>.
Closing connection.

Explanation

An attack signature mapped to the "protect" action matched the traffic.

Gateway Action

close

Recommended Action

Research the advisory (searchable by the unique ID).

Revision

1

Parameters

description
signatureid
idrule
ipproto
srcip
srcport
destip
destport

Context Parameters

Rule Name
Deep Inspection

2.17.4. virus_detected (ID: 01300004)

Default Severity

WARNING

Log Message

Virus/worm detected: <description>, Signature ID=<signatureid>. ID
Rule: <idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port:
<srcport>. Destination IP: <destip>. Destination Port: <destport>.
Closing connection.

Explanation

A virus signature mapped to the "protect" action matched the traffic.

Gateway Action

close

Recommended Action

Research the advisory (searchable by the unique ID).

Revision

1

Parameters

description
signatureid
idrule
ipproto
srcip
srcport

2.17.3. intrusion_detected (ID:
01300003)

Chapter 2. Log Message Reference

226

«
...
224
225
226
227
228
...
»

Summary of Contents for DFL- 860

Page 1: ...Network Security Solution http www dlink com Security Security DFL 210 800 1600 2500 DFL 260 860 1660 2560 G Ver 2 27 01 Network Security Firewall Log Reference Guide ...

Page 2: ...uide DFL 210 260 800 860 1600 1660 2500 2560 2560G NetDefendOS Version 2 27 01 D Link Corporation No 289 Sinhu 3rd Rd Neihu District Taipei City 114 Taiwan R O C http www DLink com Published 2010 06 22 Copyright 2010 ...

Page 3: ...ss for a particular purpose D Link reserves the right to revise this publication and to make changes from time to time in the content hereof without any obligation to notify any person or parties of such revision or changes Limitations of Liability UNDER NO CIRCUMSTANCES SHALL D LINK OR ITS SUPPLIERS BE LIABLE FOR DAMAGES OF ANY CHARACTER E G DAMAGES FOR LOSS OF PROFIT SOFTWARE RESTORATION WORK ST...

Page 4: ...unreachable ID 00200119 45 2 1 22 wcf_srv_connection_error ID 00200120 46 2 1 23 wcf_server_unreachable ID 00200121 46 2 1 24 wcf_connecting ID 00200122 46 2 1 25 wcf_server_connected ID 00200123 47 2 1 26 wcf_primary_fallback ID 00200124 47 2 1 27 request_url ID 00200125 47 2 1 28 request_url ID 00200126 48 2 1 29 wcf_server_auth_failed ID 00200127 48 2 1 30 wcf_server_bad_reply ID 00200128 48 2 ...

Page 5: ...7 2 1 80 failed_to_create_connection1 ID 00200218 67 2 1 81 illegal_command ID 00200219 68 2 1 82 illegal_direction1 ID 00200220 68 2 1 83 illegal_direction2 ID 00200221 69 2 1 84 illegal_option ID 00200222 69 2 1 85 illegal_option ID 00200223 69 2 1 86 unknown_option ID 00200224 70 2 1 87 illegal_command ID 00200225 70 2 1 88 unknown_command ID 00200226 71 2 1 89 illegal_reply ID 00200228 71 2 1 ...

Page 6: ...365 91 2 1 143 invalid_packet_received ID 00200366 91 2 1 144 failed_create_connection ID 00200367 91 2 1 145 invalid_packet_received_reopen ID 00200368 92 2 1 146 packet_out_of_sequence ID 00200369 92 2 1 147 transfer_size_exceeded ID 00200370 92 2 1 148 options_removed ID 00200371 93 2 1 149 failed_strip_option ID 00200372 93 2 1 150 failed_create_connection ID 00200373 93 2 1 151 invalid_error_...

Page 7: ...tion ID 00200522 114 2 1 205 sipalg_transaction_deleted ID 00200523 115 2 1 206 sipalg_transaction_state_updated ID 00200524 115 2 1 207 no_route_found ID 00200526 115 2 1 208 failed_to_get_free_port ID 00200527 116 2 1 209 failed_to_find_role ID 00200528 116 2 1 210 failed_to_update_port ID 00200529 117 2 1 211 failed_to_update_contact ID 00200530 117 2 1 212 failed_to_modify_sdp_message ID 00200...

Page 8: ...ion_failed ID 05800004 139 2 3 5 decompression_failed ID 05800005 139 2 3 6 compression_ratio_violation ID 05800006 140 2 3 7 compression_ratio_violation ID 05800007 140 2 3 8 compression_ratio_violation ID 05800008 141 2 3 9 out_of_memory ID 05800009 141 2 3 10 out_of_memory ID 05800010 142 2 3 11 virus_scan_failure ID 05800011 142 2 3 12 virus_scan_failure ID 05800012 142 2 3 13 no_valid_license...

Page 9: ...no_new_conn_for_this_packet ID 00600013 163 2 8 10 no_return_route ID 00600014 164 2 8 11 reverse_connect_attempt ID 00600015 164 2 8 12 port_0_illegal ID 00600020 164 2 8 13 udp_src_port_0_illegal ID 00600021 165 2 8 14 udp_src_port_0_forwarded ID 00600022 165 2 8 15 conn_usage ID 00600023 165 2 8 16 active_data ID 00600100 166 2 8 17 passive_data ID 00600101 166 2 8 18 active_data ID 00600102 16...

Page 10: ... ID 00900005 185 2 11 6 request_for_ip_from_non_bound_client_without_state ID 00900006 185 2 11 7 request_for_ip_from_bound_client_without_state ID 00900007 185 2 11 8 request_for_ip_from_non_bound_client_without_state ID 00900008 186 2 11 9 all_ip_pools_depleted ID 00900010 186 2 11 10 request_with_bad_udp_checksum ID 00900011 186 2 11 11 lease_timeout ID 00900012 187 2 11 12 lease_timeout ID 009...

Page 11: ...m_error ID 02200004 207 2 14 5 gre_length_error ID 02200005 208 2 14 6 gre_send_routing_loop_detected ID 02200006 208 2 14 7 unmatched_session_key ID 02200007 208 2 14 8 gre_routing_flag_set ID 02200008 209 2 15 HA 210 2 15 1 peer_gone ID 01200001 210 2 15 2 peer_gone ID 01200002 210 2 15 3 conflict_both_peers_active ID 01200003 210 2 15 4 peer_has_higher_local_load ID 01200004 210 2 15 5 peer_has...

Page 12: ...ID 01300014 231 2 17 15 idp_failscan ID 01300015 231 2 17 16 idp_failscan ID 01300016 232 2 18 IDPPIPES 233 2 18 1 conn_idp_piped ID 06100001 233 2 18 2 host_idp_piped ID 06100002 233 2 18 3 out_of_memory ID 06100003 233 2 18 4 idp_piped_state_replaced ID 06100004 234 2 18 5 idp_piped_state_expire ID 06100005 234 2 18 6 conn_idp_unpiped ID 06100006 234 2 18 7 conn_idp_piped ID 06100007 235 2 19 ID...

Page 13: ...3 254 2 22 23 pm_create_failed ID 01800204 254 2 22 24 failed_to_start_ipsec ID 01800206 254 2 22 25 failed_create_audit_module ID 01800207 255 2 22 26 failed_to_configure_IPsec ID 01800210 255 2 22 27 reconfig_IPsec ID 01800211 255 2 22 28 IPsec_init_failed ID 01800213 255 2 22 29 ipsec_started_successfully ID 01800214 256 2 22 30 Failed_to_add_certificate ID 01800302 256 2 22 31 Default_IKE_DH_g...

Page 14: ...ime ID 01802046 272 2 22 85 ipsec_sa_lifetime ID 01802047 273 2 22 86 ipsec_sa_lifetime ID 01802048 273 2 22 87 ipsec_sa_informal ID 01802058 273 2 22 88 ipsec_invalid_protocol ID 01802059 274 2 22 89 ipsec_sa_negotiation_aborted ID 01802060 274 2 22 90 create_rules_failed ID 01802080 274 2 22 91 create_rules_failed ID 01802081 274 2 22 92 no_authentication_method_specified ID 01802100 275 2 22 93...

Page 15: ...ote_access_subnets ID 01802714 290 2 22 146 event_on_ike_sa ID 01802715 290 2 22 147 ipsec_sa_selection_failed ID 01802717 290 2 22 148 certificate_search_failed ID 01802718 291 2 22 149 ipsec_sa_event ID 01802730 291 2 22 150 ipsec_sa_event ID 01802731 291 2 22 151 ipsec_sa_destroyed ID 01802732 292 2 22 152 ID 01802735 292 2 22 153 ID 01802736 292 2 22 154 outofmem_create_engine ID 01802901 293 ...

Page 16: ...02 308 2 24 3 ip_rsv_flag_set ID 01600003 308 2 25 IP_OPT 310 2 25 1 source_route ID 01700001 310 2 25 2 timestamp ID 01700002 310 2 25 3 router_alert ID 01700003 310 2 25 4 ipopt_present ID 01700004 311 2 25 5 ipoptlen_too_small ID 01700010 311 2 25 6 ipoptlen_invalid ID 01700011 311 2 25 7 multiple_ip_option_routes ID 01700012 312 2 25 8 bad_length ID 01700013 312 2 25 9 bad_route_pointer ID 017...

Page 17: ...ius_accounting ID 02800017 331 2 27 16 l2tpclient_tunnel_up ID 02800018 332 2 27 17 malformed_packet ID 02800019 332 2 27 18 waiting_for_ip_to_listen_on ID 02800050 332 2 28 NATPOOL 333 2 28 1 uninitialized_ippool ID 05600001 333 2 28 2 removed_translation_address ID 05600002 333 2 28 3 reconf_state_violation ID 05600003 333 2 28 4 out_of_memory ID 05600005 334 2 28 5 dhcp_address_expired ID 05600...

Page 18: ...ea ID 02400300 353 2 29 48 internal_error_unable_to_map_identifier ID 02400301 354 2 29 49 lsa_size_too_big ID 02400302 354 2 29 50 memory_usage_exceeded_70_percent_of_max_allowed ID 02400303 354 2 29 51 memory_usage_exceeded_90_percent_of_max_allowed ID 02400304 355 2 29 52 as_disabled_due_to_mem_alloc_fail ID 02400305 355 2 29 53 internal_lsa_chksum_error ID 02400306 355 2 29 54 unable_to_find_i...

Page 19: ...2700012 371 2 32 13 pptp_session_up ID 02700013 372 2 32 14 tunnel_idle_timeout ID 02700014 372 2 32 15 session_idle_timeout ID 02700015 373 2 32 16 pptpclient_start ID 02700017 373 2 32 17 pptpclient_connected ID 02700018 373 2 32 18 pptp_tunnel_up ID 02700019 374 2 32 19 ctrlconn_refused ID 02700020 374 2 32 20 pptp_tunnel_up ID 02700021 374 2 32 21 pptp_tunnel_closed ID 02700022 375 2 32 22 ppt...

Page 20: ...gr_console_denied ID 04900007 393 2 36 8 sesmgr_session_maximum_reached ID 04900008 393 2 36 9 sesmgr_allocate_error ID 04900009 393 2 36 10 sesmgr_session_activate ID 04900010 394 2 36 11 sesmgr_session_disabled ID 04900011 394 2 36 12 sesmgr_console_denied_init ID 04900012 394 2 36 13 sesmgr_session_access_missing ID 04900015 395 2 36 14 sesmgr_session_old_removed ID 04900016 395 2 36 15 sesmgr_...

Page 21: ...D 03200400 413 2 41 14 log_messages_lost_due_to_log_buffer_exhaust ID 03200401 414 2 41 15 ssl_encryption_failed ID 03200450 414 2 41 16 bidir_fail ID 03200600 414 2 41 17 disk_cannot_remove_file ID 03200601 415 2 41 18 file_open_failed ID 03200602 415 2 41 19 disk_cannot_remove ID 03200603 415 2 41 20 disk_cannot_rename ID 03200604 416 2 41 21 cfg_switch_fail ID 03200605 416 2 41 22 core_switch_f...

Page 22: ...scale ID 03400018 437 2 43 17 mismatching_tcp_window_scale ID 03400019 437 2 44 THRESHOLD 439 2 44 1 conn_threshold_exceeded ID 05300100 439 2 44 2 reminder_conn_threshold ID 05300101 439 2 44 3 conn_threshold_exceeded ID 05300102 439 2 44 4 failed_to_keep_connection_count ID 05300200 440 2 44 5 failed_to_keep_connection_count ID 05300201 440 2 44 6 threshold_conns_from_srcip_exceeded ID 05300210 ...

Page 23: ...nges_not_supported ID 03700108 460 2 47 31 ldap_auth_error ID 03700109 460 2 47 32 user_logout ID 03700110 460 2 47 33 ldap_session_new_out_of_memory ID 03700401 461 2 47 34 cant_create_new_request ID 03700402 461 2 47 35 ldap_user_authentication_successful ID 03700403 461 2 47 36 ldap_user_authentication_failed ID 03700404 462 2 47 37 ldap_context_new_out_of_memory ID 03700405 462 2 47 38 user_re...

Page 24: ...g_to_create_rule ID 03800007 472 2 49 8 failed_writing_zonededense_state_to_media ID 03800008 473 2 49 9 failed_to_create_access_rule ID 03800009 473 2 49 10 no_response_trying_to_erase_profile ID 03800010 473 2 49 11 failed_to_erase_profile ID 03800011 474 2 49 12 failed_to_save_configuration ID 03800012 474 2 49 13 timeout_saving_configuration ID 03800013 474 2 49 14 zd_block ID 03800014 475 Log...

Page 25: ...List of Tables 1 Abbreviations 28 25 ...

Page 26: ...List of Examples 1 Log Message Parameters 27 2 Conditional Log Message Parameters 27 26 ...

Page 27: ...g the name of a conditional log message parameter Example 1 Log Message Parameters Log Message New configuration activated by user username and committed via authsystem Parameters authsystem username Both the authsystem and the username parameters will be included Example 2 Conditional Log Message Parameters Log Message Administrative user username logged in via authsystem Access level access_leve...

Page 28: ...rotocol Security L2TP Layer 2 Tunneling Protocol NAT Network Address Translation OSPF Open Shortest Path First PPP Point to Point Protocol PPPoE Point to Point Protocol over Ethernet RADIUS Remote Authentication Dial In User Service SAT Static Address Translation SMTP Simple Mail Transfer Protocol SNMP Simple Network Management Protocol SSL Secure Socket Layer TCP Transport Control Protocol TLS Tr...

Page 29: ...ifies the log message The first 3 digits identify the category to which the log message belongs Note In this guide the Name and the ID of the log message form the title of the section describing the log message Category Log messages are grouped into categories where each category maps to a specific subsystem in NetDefendOS For instance the IPSEC category includes some hundreds of log messages all ...

Page 30: ... featured in this reference guide and is never actually included in the log message Revision The current revision of the log message This is increased each time a log message is changed between two releases Additional Information Depending on the log message the following information may also be included Parameters The name of the parameters that are included in this log message If a parameter is ...

Page 31: ...od The name of the ALG sub module ALG Session ID Each ALG session has its own session ID which uniquely identifies an ALG session This is useful for example when matching the opening of an ALG session with the closure of the same ALG session algsesid The session ID of an ALG session Packet Buffer Information about the packet buffer which in turn contains a large number of additional objects Certai...

Page 32: ...tination unreachable or redirect Connection Additional information about a connection Certain parameters may or may not be included depending on the type and status of the connection For example the number of bytes sent by the originator and terminator is only included if the connection is closed conn The status of the connection Possible values open close closing and unknown connipproto The IP pr...

Page 33: ...AT source rule Valid if the rule action is SAT satdestrule The name of the SAT destination rule Valid if the rule action is SAT srcusername The name of the authenticated user in the source network object Valid if the source network object has user authentication information destusername The name of the authenticated user in the destination network object Valid if the destination network object has...

Page 34: ...SA Dynamic Route Additional information about events regarding a dynamic route event The dynamic routing event that occurred Possible values add remove modify export unexport and unknown from Originating router process to Destination router process Route Additional information about a route route Route network routeiface Route destination interface routegw Route gateway routemetric Route metric co...

Page 35: ...he unit 4 Warning Warning conditions which could affect the functionality of the unit 5 Notice Normal but significant conditions 6 Informational Informational conditions 7 Debug Debug level events Priority in Syslog Messages In Syslog messages the priority is indicated by the parameter prio nn Excluding Logged Messages NetDefendOS allows the exclusion from logging of entire catageories of log mess...

Page 36: ...1 3 Severity levels Chapter 1 Introduction 36 ...

Page 37: ...CP page 168 DHCPRELAY page 174 DHCPSERVER page 184 DYNROUTING page 193 FRAG page 196 GRE page 207 HA page 210 HWM page 220 IDP page 225 IDPPIPES page 233 IDPUPDATE page 236 IFACEMON page 239 IPPOOL page 241 IPSEC page 247 IP_ERROR page 306 IP_FLAG page 308 IP_OPT page 310 IP_PROTO page 317 L2TP page 327 NATPOOL page 333 OSPF page 338 PPP page 360 PPPOE page 367 37 ...

Page 38: ...EFENSE page 471 Sort Order All log messages are sorted by their category and then by their ID number 2 1 ALG These log messages refer to the ALG Events from Application Layer Gateways category 2 1 1 alg_session_open ID 00200001 Default Severity INFORMATIONAL Log Message ALG session opened Explanation A new ALG session has been opened Gateway Action None Recommended Action None Revision 1 Context P...

Page 39: ...close Recommended Action If the maximum line length is configued too low increase it Revision 1 Parameters len max Context Parameters ALG Module Name ALG Session ID 2 1 4 alg_session_allocation_failure ID 00200009 Default Severity CRITICAL Log Message Failed to allocate ALG session Explanation The system failed to allocate an ALG session The reason for this is either that the total number of concu...

Page 40: ...d URL The reason for this is problaby because the requested URL has an invalid format or it contains invalid UTF8 formatted characters Gateway Action close Recommended Action Make sure that the requested URL is formatted correctly Revision 1 Parameters reason algname Context Parameters ALG Module Name ALG Session ID 2 1 7 unknown_client_data_received ID 00200105 Default Severity WARNING Log Messag...

Page 41: ... the server is sending such large amounts of suspicious data Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 9 invalid_chunked_encoding ID 00200107 Default Severity WARNING Log Message HTTPALG The server sent invalid chunked encoding Closing connection ALG name algname Explanation The data received from the server was sent in chunked mode but it was not properly...

Page 42: ...erver ignored this and sent compressed data anyway As content processing will not work if the data is compressed the connection will be closed Gateway Action close Recommended Action Research the source of this and try to find out why the server is sending compressed data Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 12 max_http_sessions_reached ID 00200110 De...

Page 43: ...he HTTP Server Closing connection ALG name algname Explanation The unit failed to connect to the HTTP Server resulting in that the ALG session could not be successfully opened Gateway Action close Recommended Action Verify that there is a listening HTTP Server on the specified address Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 15 content_type_mismatch ID 00...

Page 44: ...Filtering has been disabled due to license restriction Gateway Action no_valid_license Recommended Action Extend valid time for Content Filtering Revision 2 Context Parameters ALG Module Name 2 1 18 max_download_size_reached ID 00200116 Default Severity WARNING Log Message HTTPALG The file filename with file size filesize kB exceeds the maximum allowed download size max_download_size kB Closing co...

Page 45: ...odule Name ALG Session ID 2 1 20 out_of_memory ID 00200118 Default Severity CRITICAL Log Message HTTPALG Failed to allocate memory Explanation The unit does not have enough available RAM WCF could not allocate memory for override functionality Gateway Action none Recommended Action Try to free up some RAM by changing configuration parameters Revision 1 Context Parameters ALG Module Name 2 1 21 wcf...

Page 46: ...gname Context Parameters ALG Module Name ALG Session ID 2 1 23 wcf_server_unreachable ID 00200121 Default Severity ERROR Log Message HTTPALG Failed to connect to web content server failedserver Explanation Web Content Filtering was unable to connect to the Web Content Filtering server The system will try to contact one of the backup servers Gateway Action switching_server Recommended Action None R...

Page 47: ...k ID 00200124 Default Severity INFORMATIONAL Log Message HTTPALG Falling back from secondary servers to primary server Explanation Web Content Filtering falls back to primary server after 60 minutes or when a better server has been detected Gateway Action none Recommended Action None Revision 1 Context Parameters ALG Module Name 2 1 27 request_url ID 00200125 Default Severity NOTICE Log Message HT...

Page 48: ...nded Action None Revision 2 Parameters categories audit override url algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2 1 29 wcf_server_auth_failed ID 00200127 Default Severity ERROR Log Message HTTPALG Failed to authenticate with WCF server Explanation The WCF service could not authenticate with the WCF server Gateway Action none Recommended Action None Revision 1 P...

Page 49: ... url Categories categories Audit audit Override override ALG name algname Explanation The URL has been requested Gateway Action allow_audit_mode Recommended Action None Revision 2 Parameters categories audit override url algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2 1 32 out_of_memory ID 00200130 Default Severity CRITICAL Log Message HTTPALG Failed to allocate m...

Page 50: ...bidden URL url eventhough Restricted Site Notice was applied ALG name algname Explanation The URL has been requested and the categories are forbidden Restricted Site Notice was applied Gateway Action allow Recommended Action Disable the RESTRICTED_SITE_NOTICE mode of parameter CATEGORIES for this ALG Revision 2 Parameters url algname Context Parameters Connection Connection ALG Module Name ALG Ses...

Page 51: ... algname Explanation The URL has been requested Gateway Action allow Recommended Action None Revision 1 Parameters categories audit override url user algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2 1 37 request_url ID 00200136 Default Severity NOTICE Log Message HTTPALG Requesting URL url Categories categories Audit audit Override override ALG name algname Explana...

Page 52: ...rl user algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2 1 39 restricted_site_notice ID 00200138 Default Severity WARNING Log Message HTTPALG User requests the forbidden URL url eventhough Restricted Site Notice was applied ALG name algname Explanation The URL has been requested and the categories are forbidden Restricted Site Notice was applied Gateway Action allo...

Page 53: ...s Connection Connection ALG Module Name ALG Session ID 2 1 41 wcf_mem_optimized ID 00200140 Default Severity DEBUG Log Message HTTPALG Optimizing WCF memory usage Explanation The Web Content Filtering subsystem has optimized its memory usage and freed up some memory This is a normal condition and does not affect functionality nor performance Gateway Action optimizing Recommended Action None Revisi...

Page 54: ...gher than the configured value Gateway Action session_rejected Recommended Action This can be a possible DOS attack Revision 2 Parameters sender_email_address Context Parameters ALG Module Name ALG Session ID 2 1 44 failed_create_new_session ID 00200152 Default Severity CRITICAL Log Message SMTPALG Failed to create new SMTPALG session out of memory Explanation An attempt to create a new SMTPALG se...

Page 55: ... Gateway Action close Recommended Action If possible verify response codes sent from server Revision 3 Context Parameters Connection ALG Module Name ALG Session ID 2 1 47 sender_email_id_mismatched ID 00200157 Default Severity WARNING Log Message SMTPALG Mismatching sender address Explanation The SMTP MAIL FROM command does not match the From header The transaction will be denied Gateway Action re...

Page 56: ...RCPT TO e mail address is in Black List SMTP ALG rejected the client request Gateway Action reject Recommended Action None Revision 1 Parameters sender_email_address recipient_email_addresses Context Parameters ALG Module Name ALG Session ID 2 1 50 some_recipient_email_ids_are_in_blocklist ID 00200160 Default Severity WARNING Log Message SMTPALG Some recipients email id are in Black List Explanati...

Page 57: ...email_addresses Context Parameters ALG Module Name ALG Session ID 2 1 52 base64_decode_failed ID 00200165 Default Severity ERROR Log Message SMTPALG Base 64 decode failed Attachment is allowed Explanation The data sent to Base64 decoding failed This can occur if the email sender sends incorrectly formatted data Fail mode is set to allow so date will be forwared Gateway Action allow_block Recommend...

Page 58: ...ontent type mismatch in file filename Identified filetype filetype Explanation The filetype of the file does not match the actual content type As there is a content type mismatch data is discarded Gateway Action block_data Recommended Action None Revision 4 Parameters filename filetype sender_email_address recipient_email_addresses Context Parameters ALG Module Name ALG Session ID 2 1 55 max_email...

Page 59: ...ction Content type should be matched Revision 3 Parameters filename filetype sender_email_address recipient_email_addresses Context Parameters ALG Module Name ALG Session ID 2 1 57 all_recipient_email_ids_are_in_blocklist ID 00200172 Default Severity WARNING Log Message SMTPALG All recipients e mail addresses are in Black List Explanation Since RCPT TO email ids are in Black List SMTP ALG rejected...

Page 60: ...nsaction will be terminated Gateway Action block Recommended Action Research how the client is sending invalid end of mail Revision 1 Parameters sender_email_address recipient_email_addresses Context Parameters ALG Module Name ALG Session ID 2 1 60 dnsbl_init_error ID 00200177 Default Severity ERROR Log Message DNSbl internal error Explanation The email could not be checked for spam Email will be ...

Page 61: ...ateway Action ignore Recommended Action None Revision 1 Context Parameters ALG Module Name ALG Session ID 2 1 63 failed_send_reply_code ID 00200181 Default Severity ERROR Log Message SMTPALG Could not send error code to client Explanation The SMTP ALG failed to send an error response code to the client Gateway Action none Recommended Action None Revision 1 Context Parameters ALG Module Name ALG Se...

Page 62: ...D 2 1 66 cmd_pipelined ID 00200186 Default Severity ERROR Log Message SMTPALG Received pipelined request Explanation The SMTP ALG does not support pipelined requests The appearance of this log message indicates that the client used PIPELINING even though it was removed from capability list Gateway Action reject Recommended Action None Revision 1 Context Parameters ALG Module Name ALG Session ID 2 ...

Page 63: ...d Action None Revision 1 Parameters sender_email_address Context Parameters ALG Module Name ALG Session ID 2 1 69 illegal_data_direction ID 00200202 Default Severity ERROR Log Message FTPALG TCP data from peer not allowed in this direction Closing connection Explanation TCP Data was sent in an invalid direction and the connection will be closed Gateway Action close Recommended Action None Revision...

Page 64: ...ne Revision 1 Context Parameters ALG Module Name ALG Session ID Rule Information Connection 2 1 72 illegal_chars ID 00200210 Default Severity WARNING Log Message FTPALG 8 bit characters in control channel from peer not allowed Closing connection Explanation 8 bit characters were discovered in the control channel This is not allowed according to the FTPALG configuration and the connection will be c...

Page 65: ... ID Connection 2 1 74 illegal_command ID 00200212 Default Severity WARNING Log Message FTPALG Failed to parse command from peer as a FTP command String string Closing connection Explanation An invalid command was received on the control channel This is not allowed and the connection will be closed Gateway Action close Recommended Action If unknown commands should be allowed modify the FTPALG confi...

Page 66: ... a PORT command which is not valid since the client is not allowed to do active FTP The command will be rejected Gateway Action rejecting_command Recommended Action If the client should be allowed to do active FTP modify the FTPALG configuration Revision 1 Parameters peer Context Parameters ALG Module Name ALG Session ID Connection 2 1 77 illegal_command ID 00200215 Default Severity WARNING Log Me...

Page 67: ...dr string Context Parameters ALG Module Name ALG Session ID Connection 2 1 79 illegal_port_number ID 00200217 Default Severity CRITICAL Log Message FTPALG Illegal PORT command from peer port port not allowed String string Rejecting command Explanation An illegal PORT command was received from the client It requests that the server should connect to a port which is out of range This is not allowed ...

Page 68: ...planation The client tried to issue a SITE EXEC command which is not valid since the client is not allowed to do this The command will be rejected Gateway Action rejecting_command Recommended Action If the client should be allowed to do issue SITE EXEC commands modify the FTPALG configuration Revision 1 Parameters peer Context Parameters ALG Module Name ALG Session ID Connection 2 1 82 illegal_dir...

Page 69: ...ers ALG Module Name ALG Session ID Connection 2 1 84 illegal_option ID 00200222 Default Severity WARNING Log Message FTPALG Invalid OPTS argument from peer String string Rejecting command Explanation An invalid OPTS argument was received The argument does not start with an alphabetic letter and the command will be rejected Gateway Action rejecting_command Recommended Action None Revision 1 Paramet...

Page 70: ...Explanation An unknown OPTS argument was received and the command will be rejected Gateway Action rejecting_command Recommended Action If unknown commands should be allowed modify the FTPALG configuration Revision 1 Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2 1 87 illegal_command ID 00200225 Default Severity WARNING Log Message FTPALG Illegal command from ...

Page 71: ...ration Revision 1 Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2 1 89 illegal_reply ID 00200228 Default Severity WARNING Log Message FTPALG Illegal numerical reply reply from peer String string Closing connection Explanation An illegal numerical reply was received from server and the connection will be closed Gateway Action close Recommended Action None Revis...

Page 72: ...ssive mode response from peer String string Closing connection Explanation An illegal response was received from the server and the connection is closed Gateway Action close Recommended Action None Revision 1 Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2 1 92 illegal_reply ID 00200232 Default Severity WARNING Log Message FTPALG Reply 229 extended passive mod...

Page 73: ...romised and should not be trusted Revision 1 Parameters peer port range string Context Parameters ALG Module Name ALG Session ID Connection 2 1 94 bad_ip ID 00200234 Default Severity CRITICAL Log Message FTPALG Invalid IP ip4addr Server IP is ip4addr_server String string Closing connection Explanation The FTP Server requests that the client should connect to another IP that it s own This is not al...

Page 74: ...ed_to_create_server_data_connection ID 00200236 Default Severity ERROR Log Message FTPALG Failed to create server data connection Peer peer Connection connection Explanation An error occured when creating server data connection Gateway Action None Recommended Action None Revision 1 Parameters peer connection Context Parameters ALG Module Name ALG Session ID Connection 2 1 97 failed_to_send_port ID...

Page 75: ...OR Log Message FTPALG Internal Error failed to merge conns Closing connection Explanation An internal error occured when two connections were being merged into one and the connection will be closed Gateway Action close Recommended Action Contact the support Revision 1 Context Parameters ALG Module Name 2 1 100 max_ftp_sessions_reached ID 00200241 Default Severity WARNING Log Message FTPALG Maximum...

Page 76: ...OR Log Message FTPALG Failed to connect to the FTP Server Closing connection Explanation The unit failed to connect to the FTP Server resulting in that the ALG session could not be successfully opened Gateway Action close Recommended Action Verify that there is a listening FTP Server on the specified address Revision 1 Context Parameters ALG Module Name ALG Session ID 2 1 103 content_type_mismatch...

Page 77: ...nnot be sent to AVSE for scanning since file transfer begins from within the middle of the file The scanning process will fail for compressed files Gateway Action data_blocked_control_and_data_channel_closed Recommended Action Change fail mode setting to allow if resumed file transfers of compressed files should be allowed Revision 2 Parameters filename filetype Context Parameters ALG Module Name ...

Page 78: ...nce Fail Mode is Allow Gateway Action allow_data_without_scan Recommended Action Update Fail Mode parameter if the file should be blocked Revision 2 Parameters filename filetype Context Parameters ALG Module Name ALG Session ID 2 1 108 failed_to_send_response_code ID 00200255 Default Severity NOTICE Log Message FTPALG Failed to send the response code Explanation The FTP ALG could not send the corr...

Page 79: ...parser is in unknown state Explanation The H 225 parser failed to parse the H 225 message The ALG session will be closed Gateway Action None Recommended Action None Revision 1 Parameters peer state Context Parameters ALG Module Name ALG Session ID Connection 2 1 111 invalid_message ID 00200301 Default Severity WARNING Log Message H323ALG An invalid message was received from peer Explanation An inv...

Page 80: ...rity WARNING Log Message H323ALG Encoding of message from peer failed Closing session Explanation The ASN 1 encoder failed to encode the message The ALG session will be closed Gateway Action close Recommended Action None Revision 1 Parameters peer message_type Context Parameters ALG Module Name ALG Session ID Connection 2 1 114 encode_failed ID 00200304 Default Severity WARNING Log Message H323ALG...

Page 81: ...ended Action None Revision 1 Parameters peer message_type Context Parameters ALG Module Name ALG Session ID Connection 2 1 116 decode_failed ID 00200306 Default Severity WARNING Log Message H323ALG Failed before encoding H 245 message Closing connection Explanation The H 245 encoder failed to allocate memory used for encoding of the message The ALG session will be closed Gateway Action close Recom...

Page 82: ... channels has been reached for this session Gateway Action None Recommended Action If the maximum number of TCP data channels per session is too low increase it Revision 1 Parameters max_channels Context Parameters ALG Module Name ALG Session ID Connection 2 1 119 max_connections_per_call_exceeded ID 00200309 Default Severity WARNING Log Message H323ALG No more connections allowed for this call Ex...

Page 83: ...LG Session ID Connection 2 1 121 com_mode_response_message_not_translated ID 00200311 Default Severity WARNING Log Message H323ALG CommunicationModeResponse not translated Explanation The H 245 Communication Mode Response message is not translated Gateway Action None Recommended Action None Revision 2 Parameters peer Context Parameters ALG Module Name ALG Session ID Connection 2 1 122 max_h323_ses...

Page 84: ...unless the system increases the amount of free memory Gateway Action close Recommended Action None Revision 1 Context Parameters ALG Module Name 2 1 124 max_h323_gk_sessions_reached ID 00200314 Default Severity WARNING Log Message H323ALG Maximum number of H 323 gatekeeper sessions for service reached Explanation The maximum number of concurrent H 323 gatekeeper sessions has been reached for this ...

Page 85: ... resulting in that the ALG session could not open successfully Gateway Action close Recommended Action Verify that there is a listening H 323 Server on the specified address Revision 1 Context Parameters ALG Module Name ALG Session ID 2 1 127 com_mode_command_message_not_translated ID 00200317 Default Severity WARNING Log Message H323ALG CommunicationModeCommand not translated Explanation The H 24...

Page 86: ...invalid characters Closing connection Gateway Action reject Recommended Action If all characters in filenames should be allowed modify the TFTP Alg configuration Revision 1 Parameters filename Context Parameters ALG Module Name ALG Session ID Connection 2 1 130 command_not_allowed ID 00200353 Default Severity WARNING Log Message TFTPALG command command not allowed Explanation Command GET or PUT no...

Page 87: ...ue Explanation Option contained no readable value Closing connection Gateway Action reject Recommended Action None Revision 1 Parameters option Context Parameters ALG Module Name ALG Session ID Connection 2 1 133 option_tsize_invalid ID 00200356 Default Severity WARNING Log Message TFTPALG Option tsize value value exceeding allowed max value maxvalue Explanation Option tsize value exceeding allowe...

Page 88: ...d ID 00200358 Default Severity WARNING Log Message TFTPALG Option tsize value value exceeding allowed value maxvalue Explanation Option tsize value exceeding allowed value Closing connection Gateway Action close Recommended Action If connection should be allowed modify the filetransfersize of the TFTP Alg configuration Revision 1 Parameters value maxvalue Context Parameters ALG Module Name ALG Ses...

Page 89: ...ed Action None Revision 1 Parameters option Context Parameters ALG Module Name ALG Session ID Connection 2 1 138 option_value_invalid ID 00200361 Default Severity WARNING Log Message TFTPALG Option option contained invalid value value or option not sent Explanation Option contained invalid value or option not sent Closing connection Gateway Action close Recommended Action None Revision 1 Parameter...

Page 90: ...he value should be allowed modify the TFTP Alg configuration Revision 1 Parameters old_blksize new_blksize Context Parameters ALG Module Name ALG Session ID Connection 2 1 141 max_tftp_sessions_reached ID 00200364 Default Severity WARNING Log Message FTPALG Maximum number of TFTP sessions max_sessions for service reached Closing connection Explanation The maximum number of concurrent TFTP sessions...

Page 91: ...id packet Opcode opcode Packet length packet_length Explanation Received invalid packet Closing connection Gateway Action close Recommended Action None Revision 1 Parameters opcode packet_length Context Parameters ALG Module Name ALG Session ID Connection 2 1 144 failed_create_connection ID 00200367 Default Severity ERROR Log Message TFTPALG Failed to create listening connection internal error err...

Page 92: ...out_of_sequence ID 00200369 Default Severity WARNING Log Message TFTPALG Received packet out of sequence opcode opcode packet length packet_length Explanation Received packet out of sequence Closing connection Gateway Action close Recommended Action None Revision 1 Parameters opcode packet_length Context Parameters ALG Module Name ALG Session ID Connection 2 1 147 transfer_size_exceeded ID 0020037...

Page 93: ...g configuration Revision 1 Context Parameters ALG Module Name ALG Session ID Connection 2 1 149 failed_strip_option ID 00200372 Default Severity ERROR Log Message TFTPALG Failed to strip options internal error Explanation An attempt to send request packet without options failed because of an internal error Gateway Action close Recommended Action None Revision 1 Context Parameters ALG Module Name 2...

Page 94: ...ters ALG Module Name ALG Session ID Connection 2 1 152 max_pop3_sessions_reached ID 00200380 Default Severity WARNING Log Message POP3ALG Maximum number of POP3 sessions max_sessions for service reached Closing connection Explanation The maximum number of concurrent POP3 sessions has been reached for this service No more sessions can be opened before old sessions have been released Gateway Action ...

Page 95: ...e POP3 Server resulting in that the ALG session could not be successfully opened Gateway Action close Recommended Action Verify that there is a listening POP3 Server on the specified address Revision 1 Context Parameters ALG Module Name ALG Session ID 2 1 155 out_of_memory ID 00200383 Default Severity ERROR Log Message POP3ALG Failed to allocate memory out of memory Explanation An attempt to alloc...

Page 96: ...rver is sending unknown response The response will be blocked Gateway Action block Recommended Action None Revision 1 Parameters command response Context Parameters ALG Module Name ALG Session ID 2 1 158 base64_decode_failed ID 00200386 Default Severity ERROR Log Message POP3ALG Base 64 decode failed Attachment blocked Explanation The data sent to Base64 decoding failed This can occur if the email...

Page 97: ...everity WARNING Log Message POP3ALG Command line blocked line begins with linebegin Invalid line length len Explanation The client is sending command with invalid command length The command will be blocked Gateway Action block Recommended Action None Revision 1 Parameters len linebegin Context Parameters ALG Module Name ALG Session ID 2 1 161 response_blocked_invalid_len ID 00200389 Default Severi...

Page 98: ...text Parameters ALG Module Name 2 1 163 content_type_mismatch_mimecheck_disabled ID 00200391 Default Severity NOTICE Log Message POP3ALG Content type mismatch found for the file filename It is identified as type filetype file Explanation Received type of data in the packet and its actual type do not match As there is a mismatch and mime type check is disabled the data will be allowed Gateway Actio...

Page 99: ...owed The command will be blocked Gateway Action block Recommended Action If the command are to be allowed change the Alg configuration Note The STLS command is allways blocked Revision 1 Parameters command Context Parameters ALG Module Name ALG Session ID 2 1 166 unknown_command_blocked ID 00200394 Default Severity WARNING Log Message POP3ALG Unknown command blocked Explanation The client is sendi...

Page 100: ...y WARNING Log Message POP3ALG Mail contains invalid line endings Explanation Mail contains invalid line endings Gateway Action block Recommended Action Research why mail contains invalid line endings Revision 1 Context Parameters ALG Module Name ALG Session ID 2 1 169 top_mail_end_blocked ID 00200398 Default Severity WARNING Log Message POP3ALG The last part of mail retreived with TOP command bloc...

Page 101: ...1 failed_create_new_session ID 00200451 Default Severity WARNING Log Message TLSALG Failed to create new TLSALG session out of memory Explanation An attempt to create a new TLSALG session failed because the unit is out of memory Gateway Action close Recommended Action Decrease the maximum allowed TLSALG sessions or try to free some of the RAM used Revision 1 Context Parameters ALG Module Name 2 1 ...

Page 102: ...meters ALG Module Name ALG Session ID 2 1 174 tls_renegotiation_attempted ID 00200454 Default Severity WARNING Log Message TLSALG TLS renegotiation attempted but not supported Explanation The TLS peer initiated a renegotiation Renegotiation is however not supported so an alert was sent to let the peer know that there will be no renegotiation Gateway Action tls_alert_sent Recommended Action None Re...

Page 103: ...key to perform the key exchange The certificate can not be sent and the TLS ALG session will be closed Gateway Action close Recommended Action Change cipher suites and or certificate Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 177 ssl_renegotiation_attempted ID 00200457 Default Severity ERROR Log Message TLSALG SSL renegotiation attempted but not supported E...

Page 104: ...al traffic Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 179 tls_invalid_message ID 00200459 Default Severity ERROR Log Message TLSALG Invalid TLS message_type message received Explanation A badly formatted TLS message has been received The TLS ALG session will be closed Gateway Action close Recommended Action None Revision 1 Parameters message_type algname Co...

Page 105: ...eters ALG Module Name ALG Session ID 2 1 182 tls_out_of_memory ID 00200462 Default Severity ERROR Log Message TLSALG Out of memory Explanation The unit was unable to allocate the memory required to process the TLS connection of a TLS ALG session The TLS ALG session will be closed Gateway Action close Recommended Action None Revision 1 Parameters algname Context Parameters ALG Module Name ALG Sessi...

Page 106: ...be closed Gateway Action close Recommended Action None Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 185 sdp_message_parsing_failed ID 00200501 Default Severity ERROR Log Message SIPALG SDP message parsing failed Explanation SDP part of message failed parsing due to malformed message Reason reason Gateway Action drop Recommended Action Examine why client or se...

Page 107: ...efault Severity ERROR Log Message SIPALG SIP message parsing failed Explanation SIP part of message failed parsing due to malformed message Reason reason Gateway Action drop Recommended Action Examine why client or server is sending a malformed SIP message Revision 2 Parameters reason from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 188 sip_message_validation_fa...

Page 108: ...SIP URI has been reached Gateway Action close Recommended Action If the maximum number of SIPALG sessions per SIP URI is too low increase it Revision 2 Parameters max_ses_per_id from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 190 registration_hijack_detected ID 00200506 Default Severity ALERT Log Message Registration hijack attempt detected Explanation The numb...

Page 109: ...ameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 192 sip_request_response_timeout ID 00200508 Default Severity WARNING Log Message SIPALG SIP request response timeout Explanation SIP request response timeout for the session method The session will be deleted Gateway Action close Recommended Action If the configured SIP Request Response timeout val...

Page 110: ...stport Context Parameters ALG Module Name 2 1 194 unsuccessful_registration ID 00200510 Default Severity WARNING Log Message SIPALG Unsuccessful registration Explanation The user failed to register Reason reason Gateway Action drop Recommended Action None Revision 2 Parameters reason from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 195 unsuccessful_unregistratio...

Page 111: ...t be found in the register table Reason reason Gateway Action drop Recommended Action None Revision 2 Parameters reason from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 197 sipalg_session_created ID 00200513 Default Severity NOTICE Log Message SIPALG New SIP ALG session created Explanation New SIP ALG session for method request created Gateway Action allow Recom...

Page 112: ...e Revision 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 199 failed_to_find_session ID 00200515 Default Severity ERROR Log Message SIPALG Failed to find sipalg session Explanation Failed to find sipalg session Reason reason Gateway Action drop Recommended Action None Revision 2 Parameters reason from_uri to_uri srcip srcport destip destpor...

Page 113: ...Default Severity DEBUG Log Message SIPALG SIP ALG session state updated Explanation The SIP ALG session state updated to session_state state Gateway Action allow Recommended Action None Revision 2 Parameters session_state from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 202 sipalg_transaction_created ID 00200520 Default Severity NOTICE Log Message SIPALG Transac...

Page 114: ...eway Action drop Recommended Action None Revision 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 204 failed_to_find_transaction ID 00200522 Default Severity WARNING Log Message SIPALG Failed to find transaction Explanation Failed to find transaction for method request Gateway Action drop Recommended Action None Revision 2 Parameters method ...

Page 115: ...ers ALG Module Name ALG Session ID 2 1 206 sipalg_transaction_state_updated ID 00200524 Default Severity DEBUG Log Message SIPALG Transaction state updated Explanation A SIP ALG transaction state has been updated to transaction_state state Gateway Action allow Recommended Action None Revision 2 Parameters transaction_state from_uri to_uri srcip srcport destip destport Context Parameters ALG Module...

Page 116: ...ir for the given host Explanation Failed to get free port for the given host Reason reason Gateway Action drop Recommended Action The system is unstable and might require a reboot Revision 2 Parameters reason from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 209 failed_to_find_role ID 00200528 Default Severity ERROR Log Message SIPALG Failed to find role Explanat...

Page 117: ...on 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 211 failed_to_update_contact ID 00200530 Default Severity ERROR Log Message SIPALG Failed to update contact Explanation Failed to update contact into session for method request Gateway Action drop Recommended Action None Revision 2 Parameters method from_uri to_uri srcip srcport destip destp...

Page 118: ...t Severity ERROR Log Message SIPALG Failed to modify via in message Explanation Failed to modify the via header in message for method request Gateway Action drop Recommended Action None Revision 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 214 failed_to_modify_from ID 00200533 Default Severity ERROR Log Message SIPALG Failed to modify FRO...

Page 119: ...Gateway Action drop Recommended Action None Revision 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 216 failed_to_modify_request ID 00200535 Default Severity ERROR Log Message SIPALG Failed to modify the request Explanation Failed to modify the topology info in the method request Gateway Action drop Recommended Action None Revision 2 Parame...

Page 120: ...r ID 00200537 Default Severity WARNING Log Message SIPALG General Error Explanation General error while processing message Reason reason Gateway Action drop Recommended Action None Revision 2 Parameters reason from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 219 third_party_call_control ID 00200538 Default Severity WARNING Log Message SIPALG Block third party SI...

Page 121: ...rop Recommended Action Change configuration to free up more RAM Revision 1 Parameters message 2 1 221 null_sip_message_received ID 00200540 Default Severity ERROR Log Message SIPALG SIP packet reception error Reason reason Explanation Packet without data received Gateway Action drop Recommended Action Research how SIPALG received NULL SIP packet Revision 1 Parameters reason Context Parameters ALG ...

Page 122: ...t Parameters ALG Module Name 2 1 224 dns_resolution_failed ID 00200545 Default Severity CRITICAL Log Message Failed to do dns resolve Explanation An attempt to resolve dns failed Reason reason Gateway Action drop Recommended Action Check if the dns servers are configured Revision 1 Parameters reason Context Parameters ALG Module Name 2 1 225 failed_to_modify_contact ID 00200547 Default Severity ER...

Page 123: ... dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters ALG Module Name 2 1 227 failed_to_parse_media ID 00200549 Default Severity ERROR Log Message SIPALG Failed to parse media Explanation Failed to parse media for the request method Gateway Action drop Recommended Action None Revision 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ...

Page 124: ...xn_per_session_reached ID 00200551 Default Severity WARNING Log Message SIPALG Maximum number of sessions per Service has been reached Explanation The configured maximum number of transaction max_tsxn_per_session per SIP SESSION has been reached Gateway Action close Recommended Action None Revision 2 Parameters max_tsxn_per_session from_uri to_uri srcip srcport destip destport Context Parameters A...

Page 125: ...ion_invalid_state Gateway Action close Recommended Action None Revision 2 Parameters session_invalid_state from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 232 sipalg_callleg_created ID 00200554 Default Severity NOTICE Log Message SIPALG CallLeg created Explanation SIP ALG callleg created for method request Gateway Action allow Recommended Action None Revision 2...

Page 126: ...srcport destip destport Context Parameters ALG Module Name 2 1 234 failed_to_find_callleg ID 00200556 Default Severity WARNING Log Message SIPALG Failed to find callleg Explanation Failed to find callleg for method request Gateway Action drop Recommended Action None Revision 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 235 failed_to_updat...

Page 127: ...g deleted Explanation The callleg for method request is deleted Gateway Action close Recommended Action None Revision 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name ALG Session ID 2 1 237 failed_to_modify_response ID 00200559 Default Severity ERROR Log Message SIPALG Failed to modify the response Explanation Failed to modify the topology info i...

Page 128: ...rameters callleg_state from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 239 failed_to_modify_sat_request ID 00200561 Default Severity ERROR Log Message SIPALG Failed to modify the SAT request Explanation Failed to modify requst ip to SAT destination IP in the method request Gateway Action drop Recommended Action None Revision 1 Parameters method from_uri to_uri ...

Page 129: ...PPTPALG Failed to create new PPTPALG session out of memory Explanation An attempt to create a new PPTPALG session failed The unit has run out of memory Gateway Action close Recommended Action Decrease the maximum allowed PPTPALG sessions or try to free some of the RAM used Revision 1 Context Parameters ALG Module Name 2 1 242 failed_connect_pptp_server ID 00200603 Default Severity ERROR Log Messag...

Page 130: ...removed Explanation A PPTP tunnel has been removed between the PPTP client and the PPTP ALG Gateway Action None Recommended Action None Revision 1 Context Parameters ALG Session ID ALG Module Name 2 1 245 pptp_tunnel_removed_server ID 00200606 Default Severity NOTICE Log Message PPTPALG PPTP tunnel between server and security gateway removed Explanation A PPTP tunnel has been removed betweem the P...

Page 131: ...Revision 1 Context Parameters ALG Session ID ALG Module Name 2 1 248 pptp_malformed_packet ID 00200609 Default Severity WARNING Log Message Malformed packet received from remotegw on iface Explanation A malformed packet was received by the PPTP ALG Gateway Action drop Recommended Action None Revision 1 Parameters iface remotegw 2 1 249 pptp_tunnel_established_server ID 00200610 Default Severity NO...

Page 132: ...gateway Gateway Action None Recommended Action None Revision 1 Context Parameters ALG Session ID ALG Module Name 2 1 249 pptp_tunnel_established_server ID 00200610 Chapter 2 Log Message Reference 132 ...

Page 133: ...ision 1 Parameters sender_email_address drop_address Context Parameters ALG Module Name ALG Session ID 2 2 2 dnsbl_allocate_error ID 05900800 Default Severity EMERGENCY Log Message Could not allocate memory Explanation Could not allocate memory Gateway Action none Recommended Action Check memory Revision 1 Parameters type 2 2 3 dnsbl_ipcache_add ID 05900810 Default Severity NOTICE Log Message IP i...

Page 134: ... NOTICE Log Message Session created for IP ipaddr for algname Explanation Session created and awaiting processing Gateway Action none Recommended Action None Revision 1 Parameters type algname ipaddr 2 2 6 dnsbl_session_error ID 05900813 Default Severity ERROR Log Message Error creating Session for IP ipaddr for algname Explanation Error creating new Session Gateway Action dnsbl will not process m...

Page 135: ...isabled Explanation The DNSBL has been disabled due to few active BlackLists Gateway Action none Recommended Action Check configuration of DNSBL Revision 1 Parameters type algname 2 2 9 dnsbl_active ID 05900816 Default Severity NOTICE Log Message DNSBL for algname has been activated Explanation The DNSBL has changed status from disabled to active as contact with BlackLists have been restored Gatew...

Page 136: ... as it failed to respond to the query Gateway Action none Recommended Action Check configuration if keeps begin disabled Revision 1 Parameters type algname blacklist 2 2 12 dnsbl_txtrecord_truncated ID 05900819 Default Severity WARNING Log Message TXT records does not fit buffer for Session with IP ipaddr for algname Explanation TXT records will not fit the string buffer and will be truncated Gate...

Page 137: ...sion with IP ipaddr for algname Explanation DNSBL name will not fit the string buffer and will be truncated Gateway Action none Recommended Action None Revision 1 Parameters type algname ipaddr 2 2 13 dnsbl_record_truncated ID 05900820 Chapter 2 Log Message Reference 137 ...

Page 138: ...rs filename virusname virussig advisoryid layer7_srcinfo layer7_dstinfo Context Parameters ALG Module Name ALG Session ID Connection 2 3 2 virus_found ID 05800002 Default Severity WARNING Log Message Virus found in file filename Virus Name virusname Signature virussig Advisory ID advisoryid Explanation A virus has been detected in a data stream Since anti virus is running in audit mode the data tr...

Page 139: ... Message Decompression error for file filename Explanation The file could not be scanned by the anti virus module since the decompression of the compressed file failed Since anti virus is running in protect mode the data transfer will be aborted in order to protect the receiver Gateway Action block_data Recommended Action Change Fail Mode parameter to allow if files that fail decompression should ...

Page 140: ...ression ratio higher than the specified value Action is set to continue scan Gateway Action continue_scan Recommended Action Files with too high compression ratio can consume large amount of resources This can be a DOS attack Revision 1 Parameters filename comp_ratio layer7_srcinfo layer7_dstinfo Context Parameters ALG Module Name ALG Session ID Connection 2 3 7 compression_ratio_violation ID 0580...

Page 141: ...n ratio can consume large amount of resources This can be a DOS attack Revision 1 Parameters filename comp_ratio layer7_srcinfo layer7_dstinfo Context Parameters ALG Module Name ALG Session ID Connection 2 3 9 out_of_memory ID 05800009 Default Severity ERROR Log Message Out of memory Explanation Memory allocation failed Since anti virus is running in audit mode the data transfer will be allowed to...

Page 142: ...5800011 Default Severity ERROR Log Message Anti virus scan engine failed for the file filename Explanation An error occured in the anti virus scan engine Since anti virus is running in protect mode the data transfer will be aborted in order to protect the receiver Gateway Action block_data Recommended Action None Revision 1 Parameters filename layer7_srcinfo layer7_dstinfo Context Parameters ALG M...

Page 143: ...s Anti virus scanning can be turned off in order to avoid future postings of this log message Revision 2 Context Parameters ALG Session ID 2 3 14 no_signature_database ID 05800016 Default Severity CRITICAL Log Message AVSE Virus scanning aborted No virus signatures present Explanation Anti virus scanning is aborted since there is no local anti virus signature database Gateway Action av_scanning_de...

Page 144: ...rder to free up more RAM Revision 2 Context Parameters ALG Session ID 2 3 17 decompression_failed_encrypted_file ID 05800024 Default Severity WARNING Log Message Decompression failed for file filename The file is encrypted Explanation The file could not be scanned by the anti virus module since the compressed file is encrypted with password protection Since anti virus is running in protect mode th...

Page 145: ...ame ALG Session ID Connection 2 3 19 unknown_encoding ID 05800182 Default Severity WARNING Log Message SMTPALG Content transfer encoding is unknown or not present Explanation Antivirus module cannot scan the attachment since the transfer encoding is missing or unknown Fail Mode is deny so data is blocked Gateway Action block_data Recommended Action None Revision 1 Parameters filename unknown_conte...

Page 146: ...nknown Fail Mode is deny so data is blocked Gateway Action block_data Recommended Action None Revision 1 Parameters filename unknown_content_transfer_encoding sender_email_address Context Parameters ALG Module Name ALG Session ID 2 3 22 unknown_encoding ID 05800185 Default Severity WARNING Log Message POP3ALG Content transfer encoding is unknown or not present Explanation Antivirus module cannot s...

Page 147: ...Context Parameters ALG Module Name ALG Session ID 2 3 22 unknown_encoding ID 05800185 Chapter 2 Log Message Reference 147 ...

Page 148: ...ssage ARP query sender IP is 0 0 0 0 Explanation The source IP address of an ARP query is 0 0 0 0 Allowing Gateway Action allow Recommended Action If this is not the desired behaviour modify the configuration Revision 1 Context Parameters Rule Name Packet Buffer 2 4 3 no_sender_ip ID 00300003 Default Severity NOTICE Log Message ARP query sender IP is 0 0 0 0 Dropping Explanation The source IP addr...

Page 149: ...be the case if there are load balancing network equipment in the network Allowing Gateway Action allow Recommended Action If this is not the desired behaviour modify the configuration Revision 1 Context Parameters Rule Name Packet Buffer 2 4 6 mismatching_hwaddrs ID 00300006 Default Severity NOTICE Log Message ARP hw sender does not match Ethernet hw sender Explanation The hardware sender address ...

Page 150: ...er processing Explanation A known dynamic ARP entry has a different hardware address than the one in the ARP packet Allowing packet for further processing Gateway Action allow_processing Recommended Action If this is not the desired behaviour modify the configuration Revision 1 Parameters knownip knownhw newhw Context Parameters Rule Name Packet Buffer 2 4 9 arp_cache_size_limit_reached ID 0030003...

Page 151: ...t rule in access section Explanation The ARP sender IP address is verified by an expect rule in the access section Gateway Action access_allow Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 4 12 impossible_hw_address ID 00300051 Default Severity NOTICE Log Message Impossible hardware address 0000 0000 0000 in ARP response Dropping Explanation The ARP response has s...

Page 152: ...re load balancing network equipment in the network Dropping packet Gateway Action drop Recommended Action If this is not the desired behaviour modify the configuration Revision 1 Context Parameters Rule Name Packet Buffer 2 4 15 arp_collides_with_static ID 00300054 Default Severity WARNING Log Message Known entry is knowntype knownip knownhw Dropping Explanation The hardware sender address does no...

Page 153: ...xplanation A known dynamic ARP entry has a different hardware address than the one in the ARP packet Dropping packet Gateway Action drop Recommended Action If this is not the desired behaviour modify the configuration Revision 1 Parameters knownip knownhw newhw Context Parameters Rule Name Packet Buffer 2 4 16 hwaddr_change_drop ID 00300055 Chapter 2 Log Message Reference 153 ...

Page 154: ...abase_downloaded ID 05000002 Default Severity NOTICE Log Message New anti virus database downloaded Explanation An updated version of the anti virus database has been downloaded which will now be used Gateway Action using_new_database Recommended Action None Revision 2 2 5 3 av_db_already_up_to_date ID 05000003 Default Severity NOTICE Log Message Anti virus database is up to date Explanation The c...

Page 155: ... manual antivirus update has been performed Gateway Action antivirus_disabled Recommended Action Check and set the system time correct and perform a manual antivirus update Revision 1 Parameters date 2 5 6 downloading_new_database ID 05000007 Default Severity NOTICE Log Message Downloading new antivirus database Explanation A new antivirus database is availible The database is being downloaded Gat...

Page 156: ...Recommended Action None Revision 1 2 5 7 unsynced_databases ID 05000008 Chapter 2 Log Message Reference 156 ...

Page 157: ...Severity WARNING Log Message Unable to allocate static entry for host Explanation Unable to allocate static entry Unit is low on memory Gateway Action no_block Recommended Action Review the configuration in order to free more RAM Revision 1 Parameters host 2 6 3 unable_to_allocate_host_entry ID 04600003 Default Severity WARNING Log Message Unable to allocate dynamic entry for host Explanation Unab...

Page 158: ...ion Protocol proto IP ip Port port Explanation A blacklist entry was added which matched the IP address of this packet Thus it was dropped accordingly Gateway Action drop Recommended Action Investigate threshold or IntrusionDetection rules that could have triggered dynamic blacklisting Revision 1 Parameters blacklisted_host rule description ip proto port 2 6 6 packet_blacklisted ID 04600006 Defaul...

Page 159: ...triggered dynamic blacklisting Revision 1 Parameters rule description proto ip port 2 6 6 packet_blacklisted ID 04600006 Chapter 2 Log Message Reference 159 ...

Page 160: ...on If this is a reoccurring event try increasing the number of HighBuffers Revision 1 Parameters duration buf_usage 2 7 2 buffers_profile ID 00500002 Default Severity DEBUG Log Message Buffer requested by reason used at total of duration ticks and was touched numstop times Explanation A buffer associated with a profiling request has been identified This log message will only be generated by specia...

Page 161: ...og Message Connection closed Explanation A connection has been closed Gateway Action close Recommended Action None Revision 1 Context Parameters Rule Information Connection 2 8 3 connection_table_full ID 00600003 Default Severity WARNING Log Message Closing replacing this connection connection table full Explanation The connection table is currently full and the unit needs to open a new connection...

Page 162: ...ction closed Explanation A connection has been closed Gateway Action close Recommended Action None Revision 1 Context Parameters Rule Information Connection 2 8 6 out_of_connections ID 00600010 Default Severity WARNING Log Message Out of connections Rejecting connection attempt Explanation The connection table is currently full and this new connection attempt will be rejected Gateway Action reject...

Page 163: ...acket since the combination of TCP flags is wrong Only packets with the SYN TCP flag set as the only TCP flag are allowed to open a new TCP connection Gateway Action reject Recommended Action None Revision 1 Parameters protocol Context Parameters Rule Name Packet Buffer 2 8 9 no_new_conn_for_this_packet ID 00600013 Default Severity WARNING Log Message State inspector would not open a new connectio...

Page 164: ...15 Default Severity WARNING Log Message Disallowed reverse connect attempt from peer Dropping Explanation State inspector does not allow this packet in reverse direction on the already opened connection This type of packet is only allowed to be sent by the originator of a connection Dropping the packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Connection P...

Page 165: ...Packet Buffer 2 8 14 udp_src_port_0_forwarded ID 00600022 Default Severity WARNING Log Message UDP source port is set to 0 Forwards packet Explanation The UDP source port was set to 0 This can be used by UDP streams not expecting return traffic Forwarding packet Gateway Action none Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 8 15 conn_usage ID 00600023 Default S...

Page 166: ...ATIONAL Log Message FTPALG Incoming passive data channel Explanation A passive data channel connection has been established Gateway Action None Recommended Action None Revision 1 Context Parameters ALG Module Name ALG Session ID Rule Information Connection 2 8 18 active_data ID 00600102 Default Severity INFORMATIONAL Log Message FTPALG Active data channel closed Explanation An active data channel ...

Page 167: ...ge FTPALG Passive data channel closed Explanation A passive data channel was closed Gateway Action None Recommended Action None Revision 1 Context Parameters ALG Module Name ALG Session ID Rule Information Connection 2 8 19 passive_data ID 00600103 Chapter 2 Log Message Reference 167 ...

Page 168: ...9 2 lease_changed ID 00700002 Default Severity WARNING Log Message Some vital parameter s in the lease on interface iface have changed restarting DHCP process Explanation The DHCP server have updated some information considered vital This will result in the DHCP process being restarted Gateway Action restart Recommended Action None Revision 1 Parameters iface Context Parameters Packet Buffer 2 9 3...

Page 169: ... Severity NOTICE Log Message Interface iface lease expired Explanation A lease have expired and the ip data for this interface are no longer valid Gateway Action restart Recommended Action Check connection and DHCP server reachability Revision 1 Parameters iface 2 9 6 invalid_lease_time ID 00700007 Default Severity WARNING Log Message Interface iface received a lease with a leasetime lease_time wh...

Page 170: ...server configuration Revision 1 Parameters iface server_id Context Parameters Packet Buffer 2 9 8 invalid_netmask ID 00700009 Default Severity WARNING Log Message Interface iface received a lease with an invalid netmask netmask Explanation An interface received a lease with an invalid netmask Gateway Action drop Recommended Action Check DHCP server configuration Revision 1 Parameters iface netmask...

Page 171: ...ateway Action drop Recommended Action Check DHCP server configuration Revision 1 Parameters iface offered_ip Context Parameters Packet Buffer 2 9 11 invalid_gateway ID 00700012 Default Severity WARNING Log Message Interface iface received a lease with an invalid gateway gateway Explanation An interface received a lease with an invalid gateway address Gateway Action drop Recommended Action Check DH...

Page 172: ...ch if used will cause an IP collision with a configured route Gateway Action drop Recommended Action Check DHCP server configuration and the SG interface configuration Revision 1 Parameters iface dhcp_ip configured_route Context Parameters Packet Buffer 2 9 14 route_collision ID 00700015 Default Severity WARNING Log Message Interface iface received a lease which if used will cause a route collisio...

Page 173: ...Context Parameters Packet Buffer 2 9 14 route_collision ID 00700015 Chapter 2 Log Message Reference 173 ...

Page 174: ...t was successfully auto saved to disk Explanation The DHCP relay list was successfully written to disk Gateway Action None Recommended Action None Revision 1 2 10 3 dhcp_pkt_too_small ID 00800003 Default Severity NOTICE Log Message Received DHCP packet which is smaller then the minimum allowed 300 bytes Explanation Received a DHCP packet which is smaller then the minimum allowed 300 bytes Gateway ...

Page 175: ...commended Action Verify packets per minute limit Revision 1 Context Parameters Packet Buffer 2 10 6 relayer_resuming ID 00800006 Default Severity NOTICE Log Message The relayer is now resuming packets_dropped packets were dropped while the relayer was inactive Explanation The relayer is now resuming its duties since being temporary halted by the packets per minute limit Gateway Action None Recomme...

Page 176: ...on_state ID 00800009 Default Severity WARNING Log Message Got server reply without transaction state for client client_hw Dropping Explanation Received a server reply without a matching transaction state Gateway Action drop Recommended Action Check the network environment for errors Revision 1 Parameters client_hw Context Parameters Packet Buffer 2 10 10 maximum_dhcp_client_relay_routes_reached ID...

Page 177: ...12 Default Severity WARNING Log Message Request ignored according to the ruleset Explanation A DHCP relay request was ignored according to the rules Gateway Action ignore Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 10 13 no_message_type ID 00800013 Default Severity WARNING Log Message No message type Dropping Explanation Received DHCP packet without the required...

Page 178: ...ORM packet passed a relayer but the client ip isnt set Dropping Explanation Received relayed INFORM DHCP packet with illegally missing client IP Gateway Action drop Recommended Action Investigate what client implementation is being used Revision 1 Context Parameters Rule Name Packet Buffer 2 10 16 maximum_current_dhcp_relays_for_iface ID 00800016 Default Severity WARNING Log Message The maximum nu...

Page 179: ...t Severity WARNING Log Message Unable to get free transaction state for client client_hw Dropping Explanation Unable to get a free transaction state to handle client request Gateway Action drop Recommended Action Verify max transaction count setting Revision 1 Parameters client_hw Context Parameters Rule Name Packet Buffer 2 10 19 invalid_gateway ID 00800019 Default Severity WARNING Log Message Re...

Page 180: ...cket Buffer 2 10 21 relayed_request ID 00800021 Default Severity NOTICE Log Message Relayed BOOTP request from client client_hw to dest_ip Explanation Relayed a BOOTP request Gateway Action None Recommended Action None Revision 1 Parameters client_hw dest_ip Context Parameters Rule Name Packet Buffer 2 10 22 got_reply_on_a_non_security_equivalent_interface ID 00800022 Default Severity WARNING Log ...

Page 181: ...e rules Gateway Action drop Recommended Action Verify allowed lease addresses setting Revision 1 Parameters iface server_ip ip Context Parameters Rule Name Packet Buffer 2 10 24 illegal_client_ip_assignment ID 00800024 Default Severity WARNING Log Message DHCP BOOTP Server server_ip tried to assign a client with an illegal IP ip Dropping Explanation Received a lease with an illegal client assignme...

Page 182: ...ed_dhcp_reply ID 00800026 Default Severity NOTICE Log Message Relayed DHCP reply type to client client_hw Explanation Relayed DHCP reply to client Gateway Action None Recommended Action None Revision 1 Parameters type client_hw Context Parameters Rule Name Packet Buffer 2 10 27 relayed_bootp_reply ID 00800027 Default Severity NOTICE Log Message Relayed BOOTP reply to client client_hw Explanation R...

Page 183: ...ameters type gateway_ip Context Parameters Rule Name Packet Buffer 2 10 29 relayed_bootp_reply ID 00800029 Default Severity NOTICE Log Message Relayed BOOTP reply to gateway gateway_ip Explanation Relayed BOOTP reply to a gateway Gateway Action None Recommended Action None Revision 1 Parameters gateway_ip Context Parameters Rule Name Packet Buffer 2 10 28 relayed_dhcp_reply ID 00800028 Chapter 2 L...

Page 184: ...Unable to send reply since the DHCP option section is too big Gateway Action drop Recommended Action Reduce the number of used DHCP options Revision 1 2 11 3 unable_to_save_lease_db ID 00900003 Default Severity WARNING Log Message Unable to auto save the lease database to disk Explanation Some sort of error occurred saving the lease database to disk Gateway Action None Recommended Action Make sure...

Page 185: ...ient_without_state ID 00900006 Default Severity WARNING Log Message Received a request from client not in bound client for IP client_ip without state Rejecting Explanation Received a request from a non bound client without state Gateway Action reject Recommended Action None Revision 1 Parameters client client_ip Context Parameters Packet Buffer 2 11 7 request_for_ip_from_bound_client_without_state...

Page 186: ...s client client_ip Context Parameters Packet Buffer 2 11 9 all_ip_pools_depleted ID 00900010 Default Severity WARNING Log Message All IP pools are depleted Unable to handle request Ignoring Explanation All IP pools have been depleted Gateway Action None Recommended Action Extend the pools to support more clients Revision 1 Context Parameters Packet Buffer 2 11 10 request_with_bad_udp_checksum ID 0...

Page 187: ... ID 00900013 Default Severity NOTICE Log Message Offer for IP client_ip timed out Was offered to client client_hw Explanation An offer to a client was never accepted and timed out Gateway Action lease_inactive Recommended Action None Revision 1 Parameters client_ip client_hw Context Parameters Rule Name 2 11 13 pool_depleted ID 00900014 Default Severity WARNING Log Message All IPs in the pool are ...

Page 188: ..._depleted ID 00900016 Default Severity NOTICE Log Message All IPs in the pool are now in use Explanation All IPs the the pool have been consumed Gateway Action None Recommended Action Extend the pool to support more clients Revision 1 Context Parameters Rule Name Packet Buffer 2 11 16 request_for_non_offered_ip ID 00900017 Default Severity WARNING Log Message Client client_hw requested non offered...

Page 189: ...Packet Buffer 2 11 18 client_bound ID 00900019 Default Severity NOTICE Log Message Client client_hw accepted IP client_ip Client is now bound Explanation Client accepted the IP address and are now bound Gateway Action new_lease Recommended Action None Revision 1 Parameters client_hw client_ip Context Parameters Rule Name Packet Buffer 2 11 19 client_renewed ID 00900020 Default Severity NOTICE Log ...

Page 190: ...ient_hw client_ip Context Parameters Rule Name Packet Buffer 2 11 21 decline_for_ip_on_wrong_iface ID 00900022 Default Severity NOTICE Log Message Got decline for ip client_ip on wrong interface recv recv_if lease client_if Decline is ignored Explanation Got decline from a client on the wrong interface Gateway Action None Recommended Action Check network for inconsistent routes Revision 1 Paramete...

Page 191: ...d IP Gateway Action blacklist Recommended Action Check network for statically configured hosts or incorrectly proxy ARPed routes Revision 1 Parameters client_hw client_ip Context Parameters Rule Name Packet Buffer 2 11 24 request_for_ip_from_bound_client_without_state ID 00900025 Default Severity WARNING Log Message Received a request from client bound client for IP client_ip without state Ignorin...

Page 192: ...onsistent routes Revision 1 Parameters client_hw client_ip recv_if client_if Context Parameters Rule Name Packet Buffer 2 11 26 released_by_client ID 00900027 Default Severity NOTICE Log Message Client client_hw released IP client_ip Explanation A client released prematuraly ended its lease Gateway Action lease_released Recommended Action None Revision 1 Parameters client_hw client_ip Context Para...

Page 193: ...text Parameters Dynamic Route Rule Name Route 2 12 2 route_exported_to_ospf_as ID 01100002 Default Severity NOTICE Log Message Route exported to OSPF AS Explanation A route was just exported to a OSPF AS Gateway Action None Recommended Action None Revision 1 Context Parameters Dynamic Route Rule Name Route 2 12 3 route_unexported_from_ospf_as ID 01100003 Default Severity NOTICE Log Message Route u...

Page 194: ... 2 12 5 route_added ID 01100005 Default Severity NOTICE Log Message Route added Explanation A route was just added Gateway Action None Recommended Action None Revision 1 Context Parameters Dynamic Route Rule Name Route 2 12 6 route_removed ID 01100006 Default Severity NOTICE Log Message Route removed Explanation A route was just removed Gateway Action None Recommended Action None Revision 1 Contex...

Page 195: ...2 12 6 route_removed ID 01100006 Chapter 2 Log Message Reference 195 ...

Page 196: ...ined fragments Dropping Explanation An Internal Error occured when freeing an active fragment Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Dropped Fragments Rule Name 2 13 3 fail_suspect_out_of_resources ID 02000003 Default Severity CRITICAL Log Message Out of reassembly resources for suspect Frags frags srcip destip ipproto FragID fragid State fragact ...

Page 197: ... Revision 1 Parameters srcip destip ipproto fragid fragact frags Context Parameters Dropped Fragments Rule Name 2 13 5 fail_suspect_timeout ID 02000005 Default Severity CRITICAL Log Message Time out reassembling suspect Frags frags srcip destip ipproto FragID fragid State fragact Explanation Timed out when reassembling a fragmented IP packet which may contain illegal fragments Dropping packet Gate...

Page 198: ...gments Rule Name 2 13 7 disallowed_suspect ID 02000007 Default Severity WARNING Log Message Dropping stored fragments of disallowed suspect packet Frags frags srcip destip ipproto FragID fragid State fragact Explanation The fragments of a disallowed IP packet which may contain illegal fragments were dropped Gateway Action drop Recommended Action None Revision 1 Parameters srcip destip ipproto frag...

Page 199: ...s of illegal packet Frags frags srcip destip ipproto FragID fragid State fragact Explanation The fragments of an illegal IP packet were dropped Gateway Action drop Recommended Action None Revision 1 Parameters srcip destip ipproto fragid fragact frags Context Parameters Dropped Fragments Rule Name 2 13 10 drop_extraneous_frags_of_completed_packet ID 02000010 Default Severity WARNING Log Message Dr...

Page 200: ...ecommended Action None Revision 1 Parameters state Context Parameters Dropped Fragments Rule Name 2 13 12 drop_duplicate_frag_suspect_packet ID 02000012 Default Severity WARNING Log Message Dropping duplicate fragment of suspect packet Explanation A duplicate fragment of an IP packet which may contain illegal fragments was received Dropping the duplicate fragment Gateway Action drop Recommended Ac...

Page 201: ...outside of the allowed IP size range Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters minipdatalen maxipdatalen Context Parameters Rule Name Packet Buffer 2 13 15 no_available_fragacts ID 02000015 Default Severity WARNING Log Message Internal Error No available resources out of memory Explanation An Internal Error occured Failed to create necessary fragmentation re...

Page 202: ...maximum maxipdatalen Explanation The fragment offset plus length would result in a greater length than the configured maximum length of an IP packet Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters maxipdatalen Context Parameters Rule Name Packet Buffer 2 13 18 overlapping_frag ID 02000018 Default Severity ERROR Log Message Overlapping fragment Explanation This fra...

Page 203: ... an already received fragment but the fragment lengths differ Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 13 21 duplicate_frag_with_different_data ID 02000021 Default Severity ERROR Log Message Duplicate fragment with different data received Explanation The fragment is a duplicate of an already received fragment but the fragme...

Page 204: ...lowed IP packet which may contain illegal fragments is dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 13 24 drop_frag_disallowed_packet ID 02000024 Default Severity WARNING Log Message Dropping fragment of disallowed packet Explanation A fragment of a disallowed IP packet is dropped Gateway Action drop Recommended Action None Revision 1 ...

Page 205: ...al fragments is dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 13 27 drop_frag_failed_packet ID 02000027 Default Severity WARNING Log Message Dropping fragment of failed packet Explanation A fragment of a failed IP packet is dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 13 28 ...

Page 206: ...erity CRITICAL Log Message Internal Error Contains fragments even when freeing Dropping Explanation An Internal Error occured when freeing an active fragment Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Dropped Fragments Rule Name 2 13 29 fragments_available_freeing ID 02000100 Chapter 2 Log Message Reference 206 ...

Page 207: ...everity WARNING Log Message GRE packet with bad flag s Packet dropped Explanation Received GRE packet with a bad flag combination Gateway Action drop Recommended Action Check GRE endpoint configuration Revision 1 Context Parameters Packet Buffer 2 14 3 gre_bad_version ID 02200003 Default Severity WARNING Log Message GRE packet with bad version not 0 Packet dropped Explanation Received GRE packet w...

Page 208: ...ision 1 Context Parameters Packet Buffer 2 14 6 gre_send_routing_loop_detected ID 02200006 Default Severity WARNING Log Message Routing loop detected GRE packet send failed Explanation Routing loop to the GRE endpoint detected Gateway Action drop Recommended Action Check local routing Revision 1 Context Parameters Packet Buffer 2 14 7 unmatched_session_key ID 02200007 Default Severity WARNING Log ...

Page 209: ...Message Received GRE packet with routing flag set Packet dropped Explanation Received GRE packet with unsupported routing option enabled Gateway Action drop Recommended Action Check GRE configuration on remote gateway Revision 1 Context Parameters Packet Buffer 2 14 8 gre_routing_flag_set ID 02200008 Chapter 2 Log Message Reference 209 ...

Page 210: ...lanation The peer gateway which was inactive is not available anymore This gateway will continue to stay active Gateway Action None Recommended Action None Revision 1 2 15 3 conflict_both_peers_active ID 01200003 Default Severity NOTICE Log Message Conflict Both peers are active Resolving Explanation A conflict occured as both peers are active at the same time The conflict will automatically be re...

Page 211: ...s ID 01200006 Default Severity NOTICE Log Message Both active peer has more connections deactivating Explanation Both members are active but the peer has more connections This gateway will de activate Gateway Action deactivate Recommended Action None Revision 1 2 15 7 peer_has_fewer_connections ID 01200007 Default Severity NOTICE Log Message Both active peer has fewer connections staying active Ex...

Page 212: ...ns This gateway will stay inactive Gateway Action stay_deactivated Recommended Action None Revision 1 2 15 10 peer_has_fewer_connections ID 01200010 Default Severity NOTICE Log Message Both inactive peer has fewer connections going active Explanation Both members are inactive but the peer has fewer connections This gateway will go active Gateway Action activate Recommended Action None Revision 1 2...

Page 213: ...d have arrived on the sync iface Dropping Explanation The HA packet did not arrive on the sync interface The packet will be dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 15 14 activate_failed ID 01200050 Default Severity WARNING Log Message Failed to activate the configuration merged from HA partner Explanation The gateway failed to act...

Page 214: ...hanges again Revision 1 2 15 17 ha_write_failed ID 01200053 Default Severity WARNING Log Message Could not write HA configuration to disk Explanation The HA configuration could not be written to the storate media Gateway Action ha_commitchanges Recommended Action Verify that the storage media is not write protected or damaged Revision 1 2 15 18 ha_commit_unknown_error ID 01200054 Default Severity ...

Page 215: ... peer as the peer has been restarted Initializing re synchronization process Gateway Action resync_conns_init Recommended Action None Revision 1 Parameters reason numconns 2 15 21 hasync_connection_established ID 01200200 Default Severity NOTICE Log Message HASync connection to peer firewall established Explanation HA syncronization connection to peer has been establihsed Supported events will now...

Page 216: ...Action None Revision 1 2 15 24 resync_conns_to_peer_complete ID 01200300 Default Severity NOTICE Log Message Connection resynchronization to peer complete Explanation The connection resynchronization process to peer is complete All connections has been synchronized Gateway Action None Recommended Action None Revision 1 2 15 25 disallowed_on_sync_iface ID 01200400 Default Severity WARNING Log Messa...

Page 217: ...ed HA heartbeat with too low TTL Dropping Explanation The received HA heartbeat packet had a TTL Time To Live field which is too low The packet will be dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 15 28 heartbeat_from_myself ID 01200412 Default Severity WARNING Log Message Received HA heartbeat from the gateway itself Dropping Explanat...

Page 218: ...200616 Default Severity NOTICE Log Message Both active deactivation in progress Explanation Both active deactivation in progress Gateway Action None Recommended Action None Revision 1 2 15 31 action activate reason requested ID 01200617 Default Severity NOTICE Log Message Both not active activation in progress Explanation Both not active activation in progress Gateway Action None Recommended Actio...

Page 219: ...Gateway Action None Recommended Action None Revision 1 Parameters previous_shutdown 2 15 32 action going_online ID 01200618 Chapter 2 Log Message Reference 219 ...

Page 220: ...n Shutdown the unit and determine the problem Revision 1 Parameters index name unit current_temp min_limit max_limit 2 16 2 temperature_normal ID 04000012 Default Severity WARNING Log Message Temperature monitor index name is outside the specified limit Current value is current_temp unit lower limit is min_limit upper limit is max_limit Explanation The sensor reports that the temperature value is ...

Page 221: ...in_limit upper limit is max_limit Explanation The sensor reports that the voltage value is back in the normal range Gateway Action None Recommended Action None Revision 1 Parameters index name unit current_voltage min_limit max_limit 2 16 5 fanrpm_alarm ID 04000031 Default Severity WARNING Log Message Fan RPM monitor index name is outside the specified limit Current value is current_fanrpm unit va...

Page 222: ...rrent_fanrpm min_limit max_limit 2 16 7 gpio_alarm ID 04000041 Default Severity WARNING Log Message GPIO monitor index name is outside the specified limit Current value is current_gpio unit value is current_gpio unit lower limit is min_limit upper limit is max_limit Explanation This varies depending on hardware model and what the GPIO is connected to Gateway Action none Recommended Action Depends ...

Page 223: ...ree_percentage Explanation The amount of free memory is getting low Gateway Action None Recommended Action Review the configuration and disable or lower settings to reduce memory consumption Revision 1 Parameters limit_percentage total_mem free_mem free_percentage severity 2 16 10 free_memory_warning_level ID 04000102 Default Severity WARNING Log Message Free memory has fallen below the specified ...

Page 224: ...The amount of free memory is in the normal range free free_mem MB of total total_mem MB percentage free free_percentage Explanation The memory usage is in the normal range Gateway Action None Recommended Action None Revision 1 Parameters total_mem free_mem free_percentage 2 16 11 free_memory_normal_level ID 04000103 Chapter 2 Log Message Reference 224 ...

Page 225: ...spect an attack Revision 1 Parameters description signatureid idrule ipproto srcip srcport destip destport Context Parameters Rule Name Deep Inspection 2 17 2 idp_notice ID 01300002 Default Severity WARNING Log Message IDP Notice description Signature ID signatureid ID Rule idrule Protocol ipproto Source IP srcip Source Port srcport Destination IP destip Destination Port destport Closing connectio...

Page 226: ...sion 1 Parameters description signatureid idrule ipproto srcip srcport destip destport Context Parameters Rule Name Deep Inspection 2 17 4 virus_detected ID 01300004 Default Severity WARNING Log Message Virus worm detected description Signature ID signatureid ID Rule idrule Protocol ipproto Source IP srcip Source Port srcport Destination IP destip Destination Port destport Closing connection Expla...

Page 227: ...gnatureid idrule ipproto srcip srcport destip destport Context Parameters Rule Name Deep Inspection 2 17 6 idp_notice ID 01300006 Default Severity NOTICE Log Message IDP Notice description Signature ID signatureid ID Rule idrule Protocol ipproto Source IP srcip Source Port srcport Destination IP destip Destination Port destport Explanation A notice signature matched the traffic Gateway Action None...

Page 228: ...drule ipproto srcip srcport destip destport Context Parameters Rule Name Deep Inspection 2 17 8 virus_detected ID 01300008 Default Severity NOTICE Log Message Virus Worm detected description Signature ID signatureid ID Rule idrule Protocol ipproto Source IP srcip Source Port srcport Destination IP destip Destination Port destport Explanation A virus signature matched the traffic Gateway Action Non...

Page 229: ...stport Context Parameters Rule Name 2 17 10 invalid_url_format ID 01300010 Default Severity WARNING Log Message Failed to parse the HTTP URL ID Rule idrule URL url Source IP srcip Source Port srcport Destination IP destip Destination Port destport Ignoring the URL Explanation The unit failed parsing an URL The reason for this is problaby because the URL has an invalid format or it contains invalid...

Page 230: ...rce IP srcip Source Port srcport Destination IP destip Destination Port destport Explanation The unit failed to reassemble data The reason for this is problaby due to an IDP engine evasion attack Gateway Action ignore Recommended Action None Revision 1 Parameters idrule srcip srcport destip destport Context Parameters Rule Name 2 17 13 idp_outofmem ID 01300013 Default Severity ERROR Log Message Fa...

Page 231: ...f memory Gateway Action ignore Recommended Action Review your configuration Revision 1 Parameters idrule srcip srcport destip destport Context Parameters Rule Name 2 17 15 idp_failscan ID 01300015 Default Severity ERROR Log Message Failed to scan data ID Rule idrule Source IP srcip Source Port srcport Destination IP destip Destination Port destport Reason reason Closing connection Explanation The ...

Page 232: ...IP srcip Source Port srcport Destination IP destip Destination Port destport Reason reason Explanation The unit failed to scan data Gateway Action ignore Recommended Action None Revision 1 Parameters idrule srcip srcport destip destport reason Context Parameters Rule Name 2 17 16 idp_failscan ID 01300016 Chapter 2 Log Message Reference 232 ...

Page 233: ...Dynamic pipe state added for host host Throughput limited to limit for all new connections for ttl seconds Explanation An IDP Pipe event triggered The host host will be dynamically piped with a total throughput of limit kbps All new connections to and from this host will be piped for ttl seconds Gateway Action host_idp_piped Recommended Action None Revision 1 Parameters host limit ttl Context Para...

Page 234: ...sage Removed IDP dynamic pipe state for host host due to TTL expire Explanation An old dynamic pipe entry was removed since its TTL expired Connections to and from this host are no longer piped Gateway Action state_removed Recommended Action None Revision 1 Parameters host 2 18 6 conn_idp_unpiped ID 06100006 Default Severity NOTICE Log Message IDP Pipe disabled Throughput no longer limited to limi...

Page 235: ... is piped to limit kbps since either the source or destination IP is dynamically throttled by IDP dynamic pipe state New connections to and from the IP will be throttled as long as an IDP Pipe state exist Gateway Action limit_throughput Recommended Action None Revision 1 Parameters limit Context Parameters Connection 2 18 7 conn_idp_piped ID 06100007 Chapter 2 Log Message Reference 235 ...

Page 236: ...database_downloaded ID 01400002 Default Severity NOTICE Log Message New Intrusion Detection Prevention database downloaded Explanation An updated version of the Intrusion Detection Prevention database has been downloaded which will now be used Gateway Action using_new_database Recommended Action None Revision 2 2 19 3 idp_db_already_up_to_date ID 01400003 Default Severity NOTICE Log Message Intrus...

Page 237: ... IDP features IDP features remains disabled until clock is correct and a manual IDP update has been performed Gateway Action idp_disabled Recommended Action Check and set the system time correct and perform a manual IDP update Revision 1 Parameters date 2 19 6 downloading_new_database ID 01400007 Default Severity NOTICE Log Message Downloading new IDP database Explanation A new IDP database is ava...

Page 238: ...update is automatically initiated Gateway Action downloading_new_database Recommended Action None Revision 1 2 19 7 unsynced_databases ID 01400009 Chapter 2 Log Message Reference 238 ...

Page 239: ...3 Default Severity WARNING Log Message IfaceMon reports interface problems on iface Resetting interface Link status linkspeed Mbps duplex duplex Explanation The Interface Monitor has discovered problems on an interface and will reset it Gateway Action nic_reset Recommended Action None Revision 1 Parameters iface linkspeed duplex 2 20 3 ifacemon_status_bad ID 03900004 Default Severity WARNING Log M...

Page 240: ...Revision 1 Parameters iface linkspeed duplex 2 20 3 ifacemon_status_bad ID 03900004 Chapter 2 Log Message Reference 240 ...

Page 241: ... valid DHCP offers were received Explanation No valid DHCP offers were received Gateway Action no_new_client_created Recommended Action Review DHCP server parameters and IP pool filters Revision 1 Context Parameters Rule Name 2 21 3 too_many_dhcp_offers_received ID 01900003 Default Severity WARNING Log Message Too many DHCP offers received This and subsequent offers will be ignored Explanation Too...

Page 242: ...er filter Gateway Action lease_rejected Recommended Action Verify the server filters Revision 1 Parameters server_ip Context Parameters Rule Name 2 21 6 lease_have_bad_dhcp_server ID 01900006 Default Severity WARNING Log Message The lease was rejected due to a bad DHCP server address Explanation A lease was rejected due to a bad DHCP server address Gateway Action lease_rejected Recommended Action ...

Page 243: ...d Action Check DHCP server configuration Revision 1 Parameters broadcast Context Parameters Rule Name 2 21 9 lease_have_bad_offered_ip ID 01900009 Default Severity WARNING Log Message The lease was rejected due to a bad offered IP address Explanation A lease was rejected due to a bad offered IP address Gateway Action lease_rejected Recommended Action Check DHCP server configuration Revision 1 Para...

Page 244: ...me 2 21 12 lease_rejected_by_server ID 01900012 Default Severity WARNING Log Message The lease was rejected by server Explanation A lease was rejected by the DHCP server Gateway Action lease_rejected Recommended Action Check DHCP server configuration Revision 1 Parameters client_ip Context Parameters Rule Name 2 21 13 ip_offer_already_exist_in_the_pool ID 01900013 Default Severity WARNING Log Mess...

Page 245: ...Severity ERROR Log Message The range of MAC addresses for the DHCPClients have been depleted Explanation The configured range of MAC addresses for the DHCP clients have been depleted Gateway Action no_new_client_created Recommended Action Expand the MAC address range Revision 1 Context Parameters Rule Name 2 21 16 ip_fetched_pool ID 01900016 Default Severity NOTICE Log Message Subsystem fetched a ...

Page 246: ...ubsystem returned an IP to the pool Explanation A subsystem returned an IP to the pool Gateway Action inform Recommended Action None Revision 1 Parameters client_ip subsystem Context Parameters Rule Name 2 21 17 ip_returned_to_pool ID 01900017 Chapter 2 Log Message Reference 246 ...

Page 247: ... Severity WARNING Log Message Warning event occured because of reason Explanation Warning event from IPsec stack Gateway Action None Recommended Action None Revision 1 Parameters reason 2 22 3 audit_event ID 01800103 Default Severity NOTICE Log Message Source IP source_ip Destination IP dest_ip SPI spi Seq seq Protocol protocol Reason reason Explanation An audit event occured in the IPsec stack Ga...

Page 248: ...l_ip Remote IP remote_ip Cookies cookies Reason reason Explanation None Gateway Action None Recommended Action None Revision 1 Parameters local_ip remote_ip cookies reason 2 22 6 ike_invalid_payload ID 01800106 Default Severity WARNING Log Message Local IP local_ip Remote IP remote_ip Cookies cookies Reason reason Explanation None Gateway Action None Recommended Action None Revision 1 Parameters l...

Page 249: ...E Log Message Local IP local_ip Remote IP remote_ip Cookies cookies Reason reason Explanation The retry limit for transmitting ISAKMP messages was reached Gateway Action None Recommended Action None Revision 1 Parameters local_ip remote_ip cookies reason 2 22 9 ike_quickmode_failed ID 01800109 Default Severity WARNING Log Message Local IP local_ip Remote IP remote_ip Cookies cookies Reason reason ...

Page 250: ...P source_ip Destination IP dest_ip SPI spi Seq seq Protocol protocol Reason reason Explanation The computed and ICV of the received packet did not match Gateway Action drop Recommended Action None Revision 1 Parameters source_ip dest_ip spi seq protocol reason 2 22 12 sequence_number_failure ID 01800112 Default Severity NOTICE Log Message Source IP source_ip Destination IP dest_ip SPI spi Seq seq ...

Page 251: ...ommended Action None Revision 1 Parameters source_ip dest_ip spi seq protocol reason 2 22 14 ip_fragment ID 01800114 Default Severity NOTICE Log Message Source IP source_ip Destination IP dest_ip SPI spi Seq seq Protocol protocol Reason reason Explanation The packet offered to AH ESP processing appears to be an IP fragment Gateway Action None Recommended Action None Revision 1 Parameters source_ip...

Page 252: ...urce_ip Destination IP dest_ip SPI spi Seq seq Protocol protocol Reason reason Explanation The received packet has incorrect padding Gateway Action drop Recommended Action None Revision 1 Parameters source_ip dest_ip spi seq protocol reason 2 22 17 hardware_accelerator_congested ID 01800117 Default Severity NOTICE Log Message Source IP source_ip Destination IP dest_ip SPI spi Seq seq Protocol prot...

Page 253: ...i seq protocol reason 2 22 19 commit_failed ID 01800200 Default Severity CRITICAL Log Message Failed to commit IPsec configuration Explanation Failed to commit IPsec configuration Gateway Action IPsec_configuration_disabled Recommended Action Reconfigure_IPsec Revision 1 2 22 20 commit succeeded ID 01800201 Default Severity INFORMATIONAL Log Message Commit succeeded recalculating flows and reapply...

Page 254: ...ration_disabled Recommended Action None Revision 1 2 22 23 pm_create_failed ID 01800204 Default Severity ERROR Log Message Failed to create policymanager Explanation Failed to create policymanager Out of memory Gateway Action reduce_number_of_tunnels Recommended Action None Revision 1 2 22 24 failed_to_start_ipsec ID 01800206 Default Severity ERROR Log Message Disable all IPsec tunnels Explanation...

Page 255: ...uration Gateway Action IPsec_configuration_disabled Recommended Action Reconfigure_IPsec Revision 1 Parameters error_msg 2 22 27 reconfig_IPsec ID 01800211 Default Severity INFORMATIONAL Log Message Reconfiguration of IPsec started Explanation Reconfiguration of IPsec started Gateway Action ipsec_reconfigured Recommended Action None Revision 2 2 22 28 IPsec_init_failed ID 01800213 Default Severity...

Page 256: ...lanation Failed to add specified host certificate Gateway Action certificate_disabled Recommended Action Reconfigure_tunnnel Revision 1 Parameters certificate tunnel 2 22 31 Default_IKE_DH_groups_will_be_used ID 01800303 Default Severity INFORMATIONAL Log Message Default configuration for IKE DH groups 2 and 5 will be used for tunnel tunnel Explanation Inform that default DH groups settings will b...

Page 257: ...keysize lifetimes for IKE algorithm Gateway Action use_default_values_for_algorithm Recommended Action None Revision 1 Parameters alg tunnel 2 22 34 failed_to_add_root_certificate ID 01800306 Default Severity ERROR Log Message Failed add root certificate certificate for tunnel tunnel Explanation Failed to set specified certificate as root certificate Gateway Action disable_certificate Recommended ...

Page 258: ...d Recommended Action None Revision 1 Parameters gateway ipsectunnel 2 22 37 failed_to_add_peer ID 01800312 Default Severity ERROR Log Message Failed to add remote gateway gateway resolved by DNS for IPsec tunnel ipsectunnel Explanation Failed to add remote gateway that have been resolved by DNS to tunnel Gateway Action IPsec_tunnel_disabled Recommended Action None Revision 1 Parameters gateway ips...

Page 259: ...esolved by DNS Gateway Action IPsec_tunnel_disabled Recommended Action None Revision 1 Parameters gateway ipsectunnel 2 22 40 new_remote_gw_ip ID 01800315 Default Severity INFORMATIONAL Log Message Resolved remote gateway gateway to IP ip for IPsec tunnel ipsectunnel Explanation Tunnel have succesfully been reconfigured after remote gateway have been resolved Gateway Action None Recommended Action...

Page 260: ...0318 Default Severity ERROR Log Message Failed to set callback for Dead Peer Detection Explanation Failed to set callback for Dead Peer Detection User will not receive log message when a peer has been detected dead and the tunnel have been killed Gateway Action None Recommended Action None Revision 1 2 22 44 failed_to_add_key_provider ID 01800321 Default Severity CRITICAL Log Message Failed with e...

Page 261: ...in remote access idlist type for tunnel tunnel Explanation Invalid type for ID in remote access idlist have been specified in configuration Gateway Action vpntunnel_disabled Recommended Action Reconfigure_tunnel Revision 1 Parameters type tunnel 2 22 47 failed_to_create_authorization ID 01800327 Default Severity CRITICAL Log Message Failed to create local authorization object Explanation Failed to...

Page 262: ...on None Revision 1 2 22 50 IPSec_tunnel_added ID 01800333 Default Severity INFORMATIONAL Log Message IPsec tunnel added to the configuration Explanation An IPsec tunnel has been enabled or added to the configuration Gateway Action reconfiguration Recommended Action None Revision 1 Parameters username client_ip IPsec_tunnel 2 22 51 IPSec_tunnel_added_bySGW ID 01800334 Default Severity INFORMATIONAL...

Page 263: ...nnel_modified ID 01800336 Default Severity INFORMATIONAL Log Message IPsec tunnel configuration modified Explanation An IPsec tunnel has been modified Gateway Action reconfiguration Recommended Action None Revision 1 Parameters client_ip username IPsec_tunnel 2 22 54 IPSec_tunnel_removed ID 01800337 Default Severity INFORMATIONAL Log Message IPsec tunnel removed from the configuration Explanation ...

Page 264: ...n tunnel tunnel Explanation Critical configuration error on tunnel tunnel Gateway Action restart Recommended Action Restart Revision 1 Parameters tunnel 2 22 57 ippool_does_not_exist ID 01800400 Default Severity WARNING Log Message IP pool does not exist ippool Explanation The config mode pool refers to an IP pool that does not exist As a result IPsec clients using config mode will not be able lea...

Page 265: ...Action None Revision 2 2 22 60 recieved_packet_to_disabled_IPsec ID 01800501 Default Severity NOTICE Log Message Received plain text packet to IPsec while shutting down Packet will be dropped Explanation Received plain text packet to IPsec while shutting down Gateway Action packet_will_be_dropped Recommended Action None Revision 1 2 22 61 Recieved_plaintext_packet_for_disabled_IPsec_interface ID 0...

Page 266: ... Default Severity ERROR Log Message Failed to lookup route No route for packet Explanation No remote gateway for packet i e no route defined Gateway Action packet_will_be_dropped Recommended Action None Revision 1 2 22 64 ping_keepalive_failed_in_tunnel ID 01800505 Default Severity ERROR Log Message IPsec ping monitor detects loss if ping replies of packets INSIDE the tunnel Explanation IPsec ping...

Page 267: ... Revision 1 Parameters allowed_tunnels 2 22 67 SAs_not_killed_for_remote_peer ID 01800901 Default Severity CRITICAL Log Message Failed to kill associated SA s for remotepeer peer s Explanation This happens if there is no tunnel established with the given peer Gateway Action None Recommended Action None Revision 1 Parameters remotepeer 2 22 68 sa_write_congestion ID 01801337 Default Severity INFORM...

Page 268: ...lt Severity WARNING Log Message Trigger for non IP packet of protocol proto Dropping request for policy Explanation Trigger for non IP packet dropping request Gateway Action dropping_request Recommended Action None Revision 1 Parameters proto 2 22 71 rule_not_active ID 01802002 Default Severity WARNING Log Message The rule is not in the active configuration Dropping request for policy Explanation ...

Page 269: ...ations reached Gateway Action rekey_not_done Recommended Action None Revision 1 2 22 74 max_number_of_tunnels_reached ID 01802011 Default Severity WARNING Log Message Negotiation aborted due to license restrictions maxtunnels Explanation Reached max number of allowed active VPN tunnels according to license Gateway Action ike_negotiation_aborted Recommended Action Reconfigure_IPsec Revision 1 Param...

Page 270: ...KE SA completed Gateway Action None Recommended Action None Revision 1 Parameters options mode auth encryption keysize hash dhgroup bits lifetime 2 22 77 ike_sa_negotiation_failed ID 01802030 Default Severity INFORMATIONAL Log Message No IKE SA negotiations done Reason The authentication credentials were not specified or private key was not available Explanation No IKE SA negotiations done because...

Page 271: ... sa info negotiation completed Explanation Child SA negotiatiion successfully completed Gateway Action ipsec_sa_enabled Recommended Action None Revision 3 Parameters sa info local_peer remote_peer spi_in spi_out local_ts remote_ts 2 22 80 ipsec_sa_informal ID 01802041 Default Severity INFORMATIONAL Log Message PFS using Diffie Hellman group dhgroup bits Explanation Information about PFS and Diffie...

Page 272: ...nd SPI spiin Outbound SPI spiout Algoritm mac Explanation Log information about SPI values and algorithms fro Child SA Gateway Action None Recommended Action None Revision 2 Parameters spiin spiout mac 2 22 83 ipsec_sa_lifetime ID 01802045 Default Severity INFORMATIONAL Log Message Local lifetime child SA kb kilobytes sec seconds Explanation Inform about lifetime for child SA Gateway Action None R...

Page 273: ...e Recommended Action None Revision 1 Parameters kb 2 22 86 ipsec_sa_lifetime ID 01802048 Default Severity INFORMATIONAL Log Message Local lifetime child SA infinite Explanation Inform about lifetime for child SA Gateway Action None Recommended Action None Revision 1 2 22 87 ipsec_sa_informal ID 01802058 Default Severity INFORMATIONAL Log Message Local Proxy ID local_id Remote Proxy ID remote_id Ex...

Page 274: ...n not be initiated with NAT T Gateway Action ipsec_sa_negotiation_aborted Recommended Action None Revision 1 2 22 90 create_rules_failed ID 01802080 Default Severity ERROR Log Message Cannot insert this rule the forced NAT protocol type does not match rule protocol Explanation Failed to insert rule since forced NAT protocol do not match rule protocol Gateway Action VPN_tunnel_disabled Recommended ...

Page 275: ... 22 93 no_key_method_configured_for tunnel ID 01802102 Default Severity ERROR Log Message Tunnel does not specify any keying method IKE or manual Explanation No keying method IKE manual is configured for tunnel Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_IPsec Revision 1 2 22 94 invalid_configuration_of_force_open ID 01802104 Default Severity ERROR Log Message Auto start rule...

Page 276: ...ify AUTHENTICATION ONLY with PASS rules Gateway Action None Recommended Action None Revision 1 2 22 97 invalid_rule_setting ID 01802107 Default Severity ERROR Log Message To tunnel specified for a REJECT rule Explanation To tunnel can not be specified for REJECT rule Gateway Action None Recommended Action None Revision 1 2 22 98 invalid_rule_setting ID 01802108 Default Severity ERROR Log Message N...

Page 277: ...icy rules reached Explanation The maximum number of policy rules reached Gateway Action VPN_configuration_disabled Recommended Action Review the advanced setting IPsecMaxRules Revision 2 2 22 101 suspicious_outbound_rule ID 01802114 Default Severity ERROR Log Message Detected suspicious outbound IPsec rule without any selectors Explanation Detected suspicious outbound IPsec rule without any select...

Page 278: ... encryption is required Explanation ESP tunnel not configured with any encryption algorithm not even Null Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel Revision 1 Parameters tunnel 2 22 104 no_authentication_algorithm_specified ID 01802203 Default Severity ERROR Log Message No authentication algorithm configured for AH tunnel tunnel Explanation AH tunnel is configured wi...

Page 279: ... 22 107 invalid_tunnel_configuration ID 01802209 Default Severity ERROR Log Message Auto start tunnel tunnel configured for per port or per host SA Explanation per port or per host SA can not be specified for auto start tunnels tunnel Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel Revision 1 Parameters tunnel 2 22 108 invalid_tunnel_configuration ID 01802210 Default Sever...

Page 280: ...d key sizes specified for algorithms Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel Revision 2 2 22 111 invalid_key_size ID 01802215 Default Severity ERROR Log Message Algorithm key sizes specified for unknown algorithm Explanation Algorithm key sizes specified for unknown algorithm Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel Revision 2 2 22 1...

Page 281: ...ity ERROR Log Message Configured max cipher key size keysize is bigger than the built in maximum max Explanation Tunnel configured invalid key size for cipher Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel Revision 1 Parameters keysize max 2 22 115 invalid_key_size ID 01802219 Default Severity ERROR Log Message Tunnel specified key size limits for mac alg with fixed key s...

Page 282: ...d identity specified in configuration Gateway Action VPN_tunnel_invalid Recommended Action Reconfigure_remote_id Revision 1 Parameters id 2 22 118 malformed_psk_configured ID 01802229 Default Severity ERROR Log Message Malformed IKE secret PSK configured for tunnel Explanation Malformed IKE secret specified in configuration Gateway Action VPN_tunnel_invalid Recommended Action Reconfigure_PSK Revis...

Page 283: ...sage The maximum number of active Phase 1 negotiations reached Explanation Maximum number of active Phase 1 negotiations reached Gateway Action negotiation_aborted Recommended Action None Revision 2 2 22 122 max_active_quickmode_negotiation_reached ID 01802403 Default Severity NOTICE Log Message The maximum number of active Quick Mode negotiations reached Explanation Maximum number of active Quick...

Page 284: ...2 22 125 could_not_get_subject_nam_from_ca_cert ID 01802602 Default Severity WARNING Log Message Could not get subject name from a CA certificate This certificate is not usable as an IPsec authenticator and is not inserted into loal list of trusted CAs Explanation Could not get subject name from a CA certificate Gateway Action certificate_not_trusted Recommended Action None Revision 1 2 22 126 cou...

Page 285: ...rusted set for a CA certificate Explanation Could not set the trusted set for a CA certificate Gateway Action certificate_disabled Recommended Action None Revision 1 2 22 129 could_not_insert_cert_to_db ID 01802606 Default Severity ERROR Log Message Can not insert CA certificate into local database Explanation Can not insert CA certificate into local database Gateway Action certificate_disabled Re...

Page 286: ...Default Severity ERROR Log Message Could not insert certificate into local database Explanation Could not insert certificate into local database Gateway Action certificate_disabled Recommended Action None Revision 1 2 22 133 could_not_decode_crl ID 01802610 Default Severity WARNING Log Message Could not decode CRL The certificate may be corrupted or it was given in unrecognized format File format ...

Page 287: ...ssage IKE SA Local IKE peer local_peer Remote IKE peer remote_peer Internal severity level int_severity Explanation Ike SA sucessfully installed Gateway Action ike_sa_completed Recommended Action None Revision 1 Parameters local_peer remote_peer int_severity 2 22 136 Certificate_contains_bad_IP_address ID 01802705 Default Severity WARNING Log Message Certificate contains bad IP address length len ...

Page 288: ... format Explanation Could_not_decode_certificate Gateway Action certificate_invalid Recommended Action None Revision 1 2 22 139 ike_sa_destroyed ID 01802708 Default Severity INFORMATIONAL Log Message IKE SA destroyed ike_sa Explanation Ike SA is destroyed Gateway Action ike_sa_killed Recommended Action None Revision 1 Parameters ike_sa 2 22 140 cfgmode_exchange_event ID 01802709 Default Severity I...

Page 289: ...42 remote_access_dns ID 01802711 Default Severity INFORMATIONAL Log Message DNS for remote access attributes dns_server Explanation DNS for remote access attributes Gateway Action None Recommended Action None Revision 1 Parameters dns_server 2 22 143 remote_access_wins ID 01802712 Default Severity INFORMATIONAL Log Message WINS for remote access attributes win Explanation WINS for remote access at...

Page 290: ...ributes subnets Explanation Subnets remote access attributes Gateway Action None Recommended Action None Revision 1 Parameters subnets 2 22 146 event_on_ike_sa ID 01802715 Default Severity WARNING Log Message Event msg occured for IKE SA side Internal severity level int_severity Explanation Event occured at IKE SA Gateway Action None Recommended Action None Revision 1 Parameters side msg int_sever...

Page 291: ...te failed Gateway Action certificate_failure Recommended Action None Revision 1 Parameters reason int_severity 2 22 149 ipsec_sa_event ID 01802730 Default Severity WARNING Log Message IPsec SA negotiation event msg local_proxy remote_proxy Internal severity level int_severity Explanation Event occured for IPsec SA Gateway Action None Recommended Action None Revision 2 Parameters msg local_proxy re...

Page 292: ... Parameters spiin spiout 2 22 152 ID 01802735 Default Severity INFORMATIONAL Log Message L2TP side negotiation event msg local_peer remote_peer Internal severity level int_severity Explanation L2TP negotiation event Gateway Action l2tp_negotiation_event Recommended Action None Revision 1 Parameters side msg local_peer remote_peer int_severity 2 22 153 ID 01802736 Default Severity INFORMATIONAL Log...

Page 293: ...mmended Action None Revision 1 2 22 155 init_rulelooklup_failed ID 01802903 Default Severity CRITICAL Log Message Initialization of rule lookup failed Explanation Initialization of rule lookup failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 22 156 init_rule_looklup_failed ID 01802904 Default Severity CRITICAL Log Message Allocating default drop rule failed Explanation All...

Page 294: ...ed Recommended Action None Revision 1 2 22 159 init_interface_table_failed ID 01802907 Default Severity CRITICAL Log Message Initialization of interface table failed Explanation Initialization of interface table failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 22 160 init_flow_id_table_failed ID 01802908 Default Severity CRITICAL Log Message Allocation of flow id hash tabl...

Page 295: ... failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 22 163 init_transform_table_failed ID 01802911 Default Severity CRITICAL Log Message Allocation of transform table failed size size Explanation Allocation of transform table failed Gateway Action ipsec_disabled Recommended Action None Revision 1 Parameters size 2 22 164 init_peer_hash_failed ID 01802912 Default Severity CRI...

Page 296: ...e table failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 22 167 init_inbound_spi_hash_failed ID 01802915 Default Severity CRITICAL Log Message Allocation of inbound spi hash table failed Explanation Allocation of inbound spi hash table failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 22 168 init_transform_context_hash_failed ID 01802916 Default Sev...

Page 297: ...ssage Allocation of transform context table failed Explanation Allocation of transform context table failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 22 171 init_nat_table_failed ID 01802919 Default Severity CRITICAL Log Message Allocation of NAT tables failed Explanation Allocation of NAT tables failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 22 ...

Page 298: ...01802922 Default Severity CRITICAL Log Message Opening the interceptor failed Explanation Opening the interceptor failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 22 175 malformed_ike_sa_proposal ID 01803000 Default Severity WARNING Log Message Malformed IKE SA proposal reason Explanation Received a malformed IKE SA proposal Gateway Action None Recommended Action None Revi...

Page 299: ...ike_phase1_notification ID 01803003 Default Severity WARNING Log Message status Phase 1 notification from remote_peer for protocol proto SPI spi msg type size bytes Explanation Received a IKE Phase 2 notification Gateway Action None Recommended Action None Revision 1 Parameters status remote_peer proto spi msg type size 2 22 179 ipsec_sa_failed ID 01803020 Default Severity WARNING Log Message IPse...

Page 300: ...hange_event ID 01803022 Default Severity INFORMATIONAL Log Message Config Mode exchange event msg reason Explanation A Config Mode exchange event occured Gateway Action None Recommended Action None Revision 1 Parameters msg reason 2 22 182 config_mode_exchange_event ID 01803023 Default Severity INFORMATIONAL Log Message Config Mode exchange event msg Explanation A Config Mode exchange event occure...

Page 301: ...A Config Mode exchange event occured Gateway Action None Recommended Action None Revision 1 Parameters msg reason 2 22 185 config_mode_exchange_event ID 01803026 Default Severity INFORMATIONAL Log Message Config Mode exchange event msg Explanation A Config Mode exchange event occured Gateway Action None Recommended Action None Revision 1 Parameters msg 2 22 186 rejecting_ipsec_sa_delete ID 0180302...

Page 302: ...use the SPI size did not match the expected value 4 Gateway Action None Recommended Action None Revision 1 Parameters remote_peer spi_size 2 22 188 ike_phase2_notification ID 01803029 Default Severity WARNING Log Message status Phase 2 notification from remote_peer for protocol proto SPI spi msg type size bytes Explanation Received a IKE Phase 2 notification Gateway Action None Recommended Action ...

Page 303: ...verify remote peer s identity Gateway Action None Recommended Action None Revision 1 2 22 191 malformed_ipsec_sa_proposal ID 01803050 Default Severity WARNING Log Message Malformed IPsec SA proposal reason Explanation Received a malformed IPsec SA proposal Gateway Action None Recommended Action None Revision 1 Parameters reason 2 22 192 malformed_ipsec_esp_proposal ID 01803051 Default Severity WAR...

Page 304: ...NING Log Message Could not select proposal for IPsec SA sa_index Explanation Could not select proposal for IPsec SA Gateway Action None Recommended Action None Revision 2 Parameters sa_index 2 22 195 failed_to_select_ipsec_sa ID 01803054 Default Severity INFORMATIONAL Log Message Could not select SA from IPsec SA proposal Explanation Could not select SA from IPsec SA proposal Gateway Action None R...

Page 305: ...way Action None Recommended Action None Revision 1 Parameters msg int_severity 2 22 198 ipsec_hwaccel_failed ID 01803410 Default Severity WARNING Log Message Failed to create a hardware acceleration context for IPsec SA dir SPI spi error_msg Packets will be processed in software Explanation Hardware acceleration of the IPsec SA couldn t be done All packets belonging to the specified SA will be pro...

Page 306: ...verity WARNING Log Message Disallowed IP version ipver Explanation The received packet has a disallowed IP version and will be dropped Gateway Action drop Recommended Action None Revision 1 Parameters ipver Context Parameters Rule Name Packet Buffer 2 23 3 invalid_ip_length ID 01500003 Default Severity WARNING Log Message Invalid IP header length IPTotLen iptotlen IPHdrLen iphdrlen Explanation The...

Page 307: ...drop Recommended Action None Revision 1 Parameters iptotlen recvlen Context Parameters Rule Name Packet Buffer 2 23 5 invalid_ip_checksum ID 01500005 Default Severity WARNING Log Message Invalid IP header checksum RecvChkSum recvchksum CompChkSum compchksum Explanation The received packet IP header checksum is invalid dropping packet Gateway Action drop Recommended Action None Revision 1 Parameter...

Page 308: ...in Context Parameters Rule Name Packet Buffer 2 24 2 ip_rsv_flag_set ID 01600002 Default Severity NOTICE Log Message The IP Reserved Flag was set Ignoring Explanation The received packet has the IP Reserved Flag set This is ignored Gateway Action ignore Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 24 3 ip_rsv_flag_set ID 01600003 Default Severity WARNING Log Mess...

Page 309: ...Context Parameters Rule Name Packet Buffer 2 24 3 ip_rsv_flag_set ID 01600003 Chapter 2 Log Message Reference 309 ...

Page 310: ... ID 01700002 Default Severity NOTICE Log Message Packet has a timestamp IP Option Explanation The packet contains a timestamp IP Option Ignoring Gateway Action ignore Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 25 3 router_alert ID 01700003 Default Severity NOTICE Log Message Packet has a router alert IP option Explanation The packet contains a router alert IP O...

Page 311: ...nation The IP Option type is multi byte which requires two bytes and there is less than two bytes available Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters ipopt minoptlen avail Context Parameters Rule Name Packet Buffer 2 25 6 ipoptlen_invalid ID 01700011 Default Severity WARNING Log Message Type ipopt claims len optlen available avail Dropping Explanation The IP...

Page 312: ...verity WARNING Log Message IP Option Type ipopt Bad length optlen for route Route Dropping Explanation An invalid length is specified for the IP Option type Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters ipopt optlen route Context Parameters Rule Name Packet Buffer 2 25 9 bad_route_pointer ID 01700014 Default Severity WARNING Log Message IP Option Type ipopt Bad ...

Page 313: ..._option_timestamps ID 01700016 Default Severity WARNING Log Message Multiple timestamps in IP options Dropping Explanation The packet contains mutliple timestamps in IP Options Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 25 12 bad_timestamp_len ID 01700017 Default Severity WARNING Log Message IP Option Type ipopt Bad length op...

Page 314: ...ule Name Packet Buffer 2 25 14 bad_timestamp_pointer ID 01700019 Default Severity WARNING Log Message IP Option Type ipopt Bad Timestamp Pointer tsptr with overflow oflo Dropping Explanation The packet contains an invalid Timestamp Pointer with Overflow Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters ipopt tsptr oflo Context Parameters Rule Name Packet Buffer 2 25...

Page 315: ...on drop Recommended Action None Revision 1 Parameters ipopt optlen Context Parameters Rule Name Packet Buffer 2 25 17 router_alert_disallowed ID 01700022 Default Severity WARNING Log Message Router Alert IP Option disallowed Dropping Explanation The packet contains a timestamp IP Option which is disallowed Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Ru...

Page 316: ...ion which is disallowed Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters ipopt optname Context Parameters Rule Name Packet Buffer 2 25 18 ipopt_present_disallowed ID 01700023 Chapter 2 Log Message Reference 316 ...

Page 317: ...n None Revision 1 Parameters ip_multicast_addr eth_multicast_addr Context Parameters Rule Name Packet Buffer 2 26 2 invalid_ip4_header_length ID 07000012 Default Severity WARNING Log Message Invalid IP4 Header length total length is totlen bytes Dropping Explanation The packet contains an invalid IP4 Header Length The total length is more than 64 Kb which is not allowed Dropping packet Gateway Act...

Page 318: ... Parameters ttl ttlmin Context Parameters Rule Name Packet Buffer 2 26 5 ip_rsv_flag_set ID 07000015 Default Severity WARNING Log Message The IP Reserved Flag was set Dropping Explanation The received packet has the IP Reserved Flag set Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 26 6 oversize_tcp ID 07000018 Default Severity ...

Page 319: ...ended Action None Revision 1 Parameters ipdatalen tcphdrlen Context Parameters Rule Name Packet Buffer 2 26 8 oversize_udp ID 07000021 Default Severity WARNING Log Message Configured size limit for the UDP protocol exceeded Dropping Explanation The configured size limit for the UDP protocol was exceeded Dropping packet Gateway Action drop Recommended Action This can be changed under the Advanced S...

Page 320: ...e limit for the ICMP protocol was exceeded Dropping packet Gateway Action drop Recommended Action This can be changed under the Advanced Settings section Revision 1 Parameters proto Context Parameters Rule Name Packet Buffer 2 26 11 invalid_icmp_header ID 07000024 Default Severity WARNING Log Message Invalid ICMP header IPDataLen ipdatalen ICMPMinLen icmpminlen Dropping Explanation The ICMP packet...

Page 321: ...meters Rule Name Packet Buffer 2 26 13 oversize_gre ID 07000050 Default Severity WARNING Log Message Configured size limit for the GRE protocol exceeded Dropping Explanation The configured size limit for the GRE protocol was exceeded Dropping packet Gateway Action drop Recommended Action This can be changed under the Advanced Settings section Revision 1 Parameters proto Context Parameters Rule Nam...

Page 322: ... ID 07000053 Default Severity WARNING Log Message Configured size limit for the SKIP protocol exceeded Dropping Explanation The configured size limit for the SKIP protocol was exceeded Dropping packet Gateway Action drop Recommended Action This can be changed under the Advanced Settings section Revision 1 Parameters proto Context Parameters Rule Name Packet Buffer 2 26 17 oversize_ospf ID 07000054...

Page 323: ... Rule Name Packet Buffer 2 26 19 oversize_ipcomp ID 07000056 Default Severity WARNING Log Message Configured size limit for the IPComp protocol exceeded Dropping Explanation The configured size limit for the IPComp protocol was exceeded Dropping packet Gateway Action drop Recommended Action This can be changed under the Advanced Settings section Revision 1 Parameters proto Context Parameters Rule ...

Page 324: ...ext Parameters Rule Name Packet Buffer 2 26 22 fragmented_icmp ID 07000070 Default Severity WARNING Log Message This ICMP type is not allowed to be fragmented Dropping Explanation The ICMP type is not allowed to be framented Only Echo and EchoReply are allowed to be fragmented Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 26 23 ...

Page 325: ...ion None Revision 1 Parameters icmpdatalen icmpipver Context Parameters Rule Name Packet Buffer 2 26 25 invalid_icmp_data_too_small ID 07000073 Default Severity WARNING Log Message Invalid ICMP data length ICMPDataLen icmpdatalen ICMPIPHdrLen icmphdrlen Dropping Explanation The ICMP data length is invalid It must be large enough for the actual header and the header must specify that it is atleast ...

Page 326: ...ipdataminlen Context Parameters Rule Name Packet Buffer 2 26 27 invalid_icmp_data_invalid_paramprob ID 07000075 Default Severity WARNING Log Message Invalid ICMP ProbPtr ICMPDataLen icmpdatalen ICMPIPDataLen icmpipdatalen ParamProbPtr paramprobptr Dropping Explanation Invalid ICMP Parameter Problem pointer Parameter Problem pointer is not within the allowed range Dropping packet Gateway Action dro...

Page 327: ...WARNING Log Message L2TP client iface failed to resolve remotegwname Explanation The L2TP client failed to resolve the DNS name of the remote gateway Gateway Action None Recommended Action Make sure you have configured the DNS name of the remote gateway and the DNS servers correctly Revision 1 Parameters iface remotegwname 2 27 3 l2tpclient_init ID 02800003 Default Severity NOTICE Log Message L2TP...

Page 328: ...rule Tunnel ID tunnelid Session ID sessionid Explanation The authentication source for the specified userauth rule is unknown to the L2TP server Gateway Action None Recommended Action Make sure the userauth rules are configured correctly Revision 1 Parameters rule tunnelid sessionid 2 27 6 only_routes_set_up_by_server_iface_allowed ID 02800006 Default Severity WARNING Log Message L2TP server iface...

Page 329: ...nel_closed ID 02800008 Default Severity NOTICE Log Message Closed L2TP tunnel Tunnel ID tunnelid Interface iface Explanation The L2TP tunnel with the specified tunnel ID has been closed Gateway Action None Recommended Action None Revision 1 Parameters iface tunnelid 2 27 9 session_closed ID 02800009 Default Severity WARNING Log Message MPPE failed but is required closing session sessionid to remot...

Page 330: ... sessionid Auth auth MPPE mppe Explanation The L2TP session negotiation has completed successfully Gateway Action None Recommended Action None Revision 1 Parameters tunnelid sessionid auth mppe 2 27 12 l2tp_no_userauth_rule_found ID 02800014 Default Severity WARNING Log Message Did not find a matching userauth rule for this L2TP server Tunnel ID tunnelid Session ID sessionid Explanation The L2TP s...

Page 331: ...d_ip Explanation The L2TP session negotiation has completed successfully Gateway Action None Recommended Action None Revision 1 Parameters tunnelid sessionid user auth mppe assigned_ip 2 27 15 failure_init_radius_accounting ID 02800017 Default Severity WARNING Log Message Failed to send Accounting Start to RADIUS Accounting Server Accounting will be disabled Explanation Failed to send START messag...

Page 332: ...e L2TP interface Gateway Action None Recommended Action None Revision 1 Parameters iface remotegw error_code 2 27 18 waiting_for_ip_to_listen_on ID 02800050 Default Severity NOTICE Log Message L2TP server iface cannot start until it has an IP address to listen on Explanation The L2TP server cannot start until the L2TP interface has a proper IP address to listen on Gateway Action None Recommended A...

Page 333: ..._translation_address ID 05600002 Default Severity WARNING Log Message Translation IP address address does no longer exist in NATPool poolname Explanation The translation IP has been removed by a configuration change The connection is no longer valid and will be closed Gateway Action close Recommended Action None Revision 1 Parameters address poolname 2 28 3 reconf_state_violation ID 05600003 Defau...

Page 334: ...Message NATPool DHCP address address lease expired Explanation The IP Address used by this NATPool have expired and may not be used any more The connection will be closed Gateway Action close Recommended Action None Revision 1 Parameters address poolname Context Parameters Connection 2 28 6 out_of_memory ID 05600007 Default Severity ERROR Log Message Out of memory while allocating NATPool IP entry...

Page 335: ...een reached NATPool subsystem will try to replace the oldest lingering state Gateway Action replace_lingering Recommended Action Increase the MAXSTATES variable for this NATPool if more concurrent states are wanted Revision 1 Parameters poolname num_states replacedip 2 28 9 max_states_reached ID 05600010 Default Severity WARNING Log Message Maximum amount of states num_states have been reached for...

Page 336: ...e Too many Translation IP addresses requested for poolname Explanation To many Translation IP addresses was requested for NAT Pool Dropping this address Gateway Action None Recommended Action None Revision 1 Parameters poolname ip 2 28 12 dynamicip_failed ID 05600013 Default Severity ERROR Log Message Failed to fetch new Translation IP address from IP Pool poolname Explanation Failed to fetch new ...

Page 337: ...High Availability configuration Revision 1 2 28 14 registerip_failed ID 05600015 Default Severity WARNING Log Message Invalid synchronized translated connection receivedRequest to activate already active Translation IP address ip in pool poolname Explanation Attempt to activate an already active Translation IP Gateway Action None Recommended Action None Revision 1 Parameters poolname ip 2 28 13 sy...

Page 338: ... ID 02400002 Default Severity WARNING Log Message Internal Error Iface iface got NEvent nevent in NState nstate Ignored Explanation Internal error in the OSPF interface neighbor state engine Gateway Action ignore Recommended Action Contact support Revision 1 Parameters iface nevent nstate Context Parameters Rule Name 2 29 3 unable_to_map_ptp_neighbor ID 02400003 Default Severity WARNING Log Messag...

Page 339: ...eters Rule Name Packet Buffer 2 29 5 bad_ospf_version ID 02400005 Default Severity WARNING Log Message Packet OSPF version is not 2 Explanation Received OSPF packet with other version then 2 Gateway Action drop Recommended Action Make sure that all routers are using version 2 Revision 1 Parameters ver Context Parameters Rule Name Packet Buffer 2 29 6 sender_not_in_iface_range ID 02400006 Default S...

Page 340: ...are in the same area as the attaching interfaces Revision 1 Parameters area Context Parameters Rule Name Packet Buffer 2 29 8 hello_netmask_mismatch ID 02400008 Default Severity WARNING Log Message Hello netmask mismatch Received was recv_netmask mine is my_netmask Dropping Explanation Received OSPF data from a neighboring router with different network netmask then the receive interface Gateway Ac...

Page 341: ...al mismatch Received was recv_rtrdead mine is my_rtrdead Dropping Explanation Received OSPF data from a neighboring router with a mismatching router dead interval Gateway Action drop Recommended Action Make sure all locally attached OSPF routers share the same router dead interval Revision 1 Parameters recv_rtrdead my_rtrdead Context Parameters Rule Name Packet Buffer 2 29 11 hello_e_flag_mismatch...

Page 342: ...d OSPF routers share the same N flag configuration Revision 1 Parameters recv_n_flag my_n_flag Context Parameters Rule Name Packet Buffer 2 29 13 both_np_and_e_flag_set ID 02400013 Default Severity WARNING Log Message Hello N flag and E flag set This is a illegal combination Dropping Explanation Received OSPF data from a neighboring router which illegally have both the N and E flag set Gateway Act...

Page 343: ... Verify that the neighboring OSPF router share the same authentication Revision 1 Parameters recv_auth my_auth Context Parameters Rule Name 2 29 16 bad_auth_password ID 02400051 Default Severity WARNING Log Message Authentication mismatch Bad password Explanation Authentication failed due to a bad password Gateway Action drop Recommended Action Verify that the neighboring OSPF router share the sam...

Page 344: ...p Recommended Action None Revision 1 Parameters recv_seq my_seq Context Parameters Rule Name 2 29 19 bad_auth_crypto_digest ID 02400054 Default Severity WARNING Log Message Authentication mismatch Bad crypto digest Explanation Authentication failed due to bad crypto digest Gateway Action drop Recommended Action Verify that the neighboring OSPF router share the same crypto digest Revision 1 Context...

Page 345: ...the MTU on the neighboring OSPF router Revision 1 Parameters neighbor dd_mtu iface_mtu Context Parameters Rule Name 2 29 22 m_ms_mismatch ID 02400101 Default Severity WARNING Log Message Neighbor neighbor M MS mismatch Restarting exchange Explanation Received indication that a neighbor got the M MS master slave role wrong Gateway Action restart Recommended Action None Revision 1 Parameters neighbo...

Page 346: ...vision 1 Parameters neighbor Context Parameters Rule Name 2 29 25 bad_seq_num ID 02400104 Default Severity WARNING Log Message Neighbor neighbor replied with a unexpected sequence number Restarting exchange Explanation Received neighbor reply with a unexpected sequence number Gateway Action restart Recommended Action None Revision 1 Parameters neighbor Context Parameters Rule Name 2 29 26 non_dup_...

Page 347: ...ck neighboring OSPF router configuration Revision 1 Parameters neighbor Context Parameters Rule Name 2 29 28 unknown_lsa ID 02400107 Default Severity WARNING Log Message Neighbor neighbor implied unknown LSA lsa_type Restarting exchange Explanation A neighbor described an unknown LSA type Gateway Action restart Recommended Action Check neighboring OSPF router configuration Revision 1 Parameters ne...

Page 348: ...guration Revision 1 Parameters maxage def_maxage Context Parameters Rule Name 2 29 31 lsa_checksum_mismatch ID 02400150 Default Severity WARNING Log Message LSA checksum mismatch LSA is discarded Explanation Received LSA with mismatching checksum Gateway Action discard Recommended Action Check network equipment for problems Revision 1 Context Parameters Rule Name 2 29 32 unknown_lsa_type ID 024001...

Page 349: ...e Name 2 29 34 bad_lsa_maxage ID 02400153 Default Severity WARNING Log Message Bad LSA maxage maxage LSA is discarded Explanation Received LSA with a bad max age Gateway Action discard Recommended Action None Revision 1 Parameters maxage Context Parameters Rule Name 2 29 35 received_as_ext_on_stub ID 02400154 Default Severity WARNING Log Message Received AS EXT LSA on stub LSA is discarded Explana...

Page 350: ...rity WARNING Log Message Received LSA LSA lsa ID lsaid AdvRtr lsartr is older then DB copy Discarding received LSA Explanation Received LSA which is older then the copy in the database Gateway Action discard Recommended Action None Revision 1 Parameters lsa lsaid lsartr Context Parameters Rule Name 2 29 38 got_ack_mismatched_lsa ID 02400157 Default Severity WARNING Log Message Got ACK for mismatch...

Page 351: ...a_size_mismatch ID 02400159 Default Severity WARNING Log Message REQ packet LSA size mismatch Parsing aborted Explanation Received OSPF REQ packet with a mismatching LSA size Gateway Action abort Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 29 41 ack_packet_lsa_size_mismatch ID 02400160 Default Severity WARNING Log Message ACK packet LSA size mismatch Parsing abo...

Page 352: ...ult Severity CRITICAL Log Message Unable to send ACK Explanation Unable to send acknowledgement Gateway Action alert Recommended Action Check memory consumption Revision 1 Context Parameters Rule Name 2 29 44 unknown_neighbor ID 02400200 Default Severity WARNING Log Message Unknown neighbor IP neighbor ID neighborid seen on iface Ignoring Explanation Unknown neighbor seen on PTP based interface Ga...

Page 353: ...verity WARNING Log Message Neighbor neighbor on neighboriface died Explanation Lost connectivity with neighbor router Gateway Action None Recommended Action Check neighbor status and connectivity Revision 1 Parameters neighbor neighboriface Context Parameters Rule Name 2 29 47 unable_to_find_transport_area ID 02400300 Default Severity WARNING Log Message Unable to find transport area area for VLIN...

Page 354: ...02 Default Severity WARNING Log Message Requested LSA size lsasize too big Unable to create LSA Explanation Unable to create LSA since the size is too big Gateway Action None Recommended Action None Revision 1 Parameters lsasize Context Parameters Rule Name 2 29 50 memory_usage_exceeded_70_percent_of_max_allowed ID 02400303 Default Severity WARNING Log Message Memory usage for OSPF process ospfpro...

Page 355: ...y consumption Revision 1 Parameters ospfproc Context Parameters Rule Name 2 29 52 as_disabled_due_to_mem_alloc_fail ID 02400305 Default Severity CRITICAL Log Message AS disabled due to memory allocation failure Explanation An OSPF AS have been disabled due to memory allocation failure Gateway Action alert Recommended Action Check memory consumption Revision 1 Context Parameters Rule Name 2 29 53 i...

Page 356: ...lsa ID 02400401 Default Severity WARNING Log Message Internal error Unable to find my link connecting to described LSA NetVtxId netvtxid Explanation Unable to find local link to described LSA Gateway Action None Recommended Action Contact support with a scenario description Revision 1 Parameters netvtxid Context Parameters Rule Name 2 29 56 internal_error_unable_to_find_iface_connecting_to_lsa ID ...

Page 357: ...me 2 29 58 internal_error_unable_to_find_iface_connecting_to_lsa ID 02400404 Default Severity WARNING Log Message Internal error Unable to find my interface connecting to described LSA RtrVtxId rtrvtxid Explanation Unable to find local interface connecting to descried LSA Gateway Action None Recommended Action Contact support with a scenario description Revision 1 Parameters rtrvtxid Context Param...

Page 358: ...ended Action Check OSPF interface configuration Revision 1 Parameters ifacetype rtrvtxid Context Parameters Rule Name 2 29 61 internal_error_unable_to_find_lnk_connecting_to_lsa ID 02400407 Default Severity WARNING Log Message Internal error Unable to find my link connecting to described LSA NetVtxId netvtxid Explanation Unable to find local link connected to described LSA Gateway Action None Reco...

Page 359: ...o sendbuffer Explanation Unable to get buffer for sending Gateway Action alert Recommended Action Check buffer consumption Revision 1 Context Parameters Rule Name 2 29 64 failed_to_add_route ID 02400502 Default Severity CRITICAL Log Message Failed to add route route OSPF process should now be considered inconsistent Explanation Unable to add route Gateway Action alert Recommended Action Check memo...

Page 360: ...rs tunnel_type 2 30 2 ip_address_required_but_not_received ID 02500002 Default Severity WARNING Log Message IP address required but not received PPP terminated Explanation Peer refuses to give out an IP address Since an IP address lease is required PPP is terminated Gateway Action ppp_terminated Recommended Action None Revision 1 Parameters tunnel_type 2 30 3 primary_dns_address_required_but_not_r...

Page 361: ...address required but not received PPP terminated Explanation Peer refuses to give out a primary NBNS address Since reception of a primary NBNS address is required PPP is terminated Gateway Action ppp_terminated Recommended Action None Revision 1 Parameters tunnel_type 2 30 6 seconday_nbns_address_required_but_not_received ID 02500006 Default Severity WARNING Log Message Secondary NBNS address requ...

Page 362: ...ted Explanation Peer refuses to use any authentication at all PPP is terminated since we demand authentication Gateway Action ppp_terminated Recommended Action Review the allowed authentication types configured The client and server must be configured to have at least one authentication type in common Revision 1 Parameters tunnel_type 2 30 9 lcp_negotiation_stalled ID 02500052 Default Severity ERR...

Page 363: ...authentication_failed ID 02500101 Default Severity WARNING Log Message Authentication failed PPP terminated Explanation Authentication failed PPP terminated Gateway Action ppp_terminated Recommended Action Make sure that the right username and password is used Revision 1 Parameters tunnel_type user 2 30 12 response_value_too_long ID 02500150 Default Severity WARNING Log Message PPP CHAP response v...

Page 364: ...ion mschapv1_username_truncated Recommended Action Reconfigure the endpoints to use a shorter username Revision 1 Parameters tunnel_type 2 30 15 username_too_long ID 02500301 Default Severity WARNING Log Message PPP MSCHAPv2 username was truncated because it was too long Explanation PPP MSCHAPv2 username was truncated because it was too long Gateway Action mschapv2_username_truncated Recommended A...

Page 365: ...0 Default Severity ERROR Log Message Unsupported authentication server PPP Authentication terminated Explanation Unsupported authentication server PPP Authentication terminated Gateway Action authentication_terminated Recommended Action Review the authentication server configuration Revision 1 Parameters tunnel_type 2 30 19 radius_error ID 02500501 Default Severity ERROR Log Message Radius server ...

Page 366: ... Gateway Action authentication_terminated Recommended Action None Revision 1 Parameters tunnel_type 2 30 22 MPPE_decrypt_fail ID 02500600 Default Severity ERROR Log Message MPPE decryption resulted in the unsupported protocol protocol Terminating PPP Explanation MPPE decryption resulted in an unsupported protocol IP is the only protocol supported This either means that the decryption failed or tha...

Page 367: ...the interface have been established Gateway Action None Recommended Action None Revision 1 Parameters iface pppoeserver auth ifaceip downtime 2 31 2 pppoe_tunnel_closed ID 02600002 Default Severity NOTICE Log Message PPPoE tunnel on iface to pppoeserver closed Uptime uptime Explanation The PPPoE tunnel for the interface have been closed Gateway Action None Recommended Action None Revision 1 Parame...

Page 368: ...Explanation The PPTP client failed to resolve the DNS name of the remote gateway Gateway Action None Recommended Action Make sure you have configured the DNS name of the remote gateway and the DNS servers correctly Revision 1 Parameters iface remotegwname 2 32 3 pptp_connection_disallowed ID 02700003 Default Severity WARNING Log Message PPTP connection from remotegw disallowed according to rule ru...

Page 369: ..._disconnected ID 02700005 Default Severity WARNING Log Message User user is forcibly disconnected Call ID callid Remote gateway remotegw Explanation The connected client is forcibly disconnected by the userauth system Gateway Action None Recommended Action None Revision 2 Parameters user callid remotegw 2 32 6 only_routes_set_up_by_server_iface_allowed ID 02700006 Default Severity WARNING Log Mess...

Page 370: ...n will be closed Gateway Action close_session Recommended Action Make sure the peer is capable of MPPE encryption or disable the MPPE requirement Revision 1 Parameters iface remotegw callid 2 32 8 pptp_session_closed ID 02700008 Default Severity NOTICE Log Message PPTP session callid to remotegw on iface closed Explanation A PPTP session has been closed The specified interface remote gateway and c...

Page 371: ...meters iface type callid remotegw 2 32 11 failure_init_radius_accounting ID 02700011 Default Severity WARNING Log Message Failed to send Accounting Start to RADIUS Accounting Server Accouting will be disabled Interface iface Remote gateway remotegw Call ID callid Explanation Failed to send START message to RADIUS accounting server RADIUS accounting will be disabled for this session The specified i...

Page 372: ... completed for session callid on iface connected to remotegw Auth auth MPPE mppe Explanation The PPP negotiation has completed successfully for this session The specified interface remote gateway and call ID identify the specific session Gateway Action None Recommended Action None Revision 1 Parameters callid iface remotegw auth mppe 2 32 14 tunnel_idle_timeout ID 02700014 Default Severity WARNING...

Page 373: ...nt iface started connecting to server on remotegw Explanation A PPTP client has initiated the connection to its remote gateway Gateway Action None Recommended Action None Revision 1 Parameters iface remotegw 2 32 17 pptpclient_connected ID 02700018 Default Severity NOTICE Log Message PPTP client iface connected to remotegw requesting control connection Explanation A PPTP client has established a c...

Page 374: ...planation A remote PPTP server refused to establish PPTP control connection Gateway Action None Recommended Action Read the reason specified by the PPTP server This might give a clue why the PPTP server refused the PPTP control connection Revision 1 Parameters reason iface remotegw 2 32 20 pptp_tunnel_up ID 02700021 Default Severity NOTICE Log Message PPTP tunnel on iface is up Connected to server...

Page 375: ...cording to the specified userauth rule Gateway Action None Recommended Action Make sure the userauth rules are configured correctly Revision 1 Parameters rule iface remotegw 2 32 23 unknown_pptp_auth_source ID 02700025 Default Severity WARNING Log Message Unknown PPTP authentication source for rule Interface iface Remote gateway remotegw Explanation The authentication source for the specified user...

Page 376: ...r code error_code Explanation A malformed packet was received by the PPTP interface Gateway Action None Recommended Action None Revision 1 Parameters iface remotegw error_code 2 32 26 waiting_for_ip_to_listen_on ID 02700050 Default Severity WARNING Log Message PPTP server iface cannot start until it has an IP address to listen on Explanation The PPTP server cannot start until it has a proper IP ad...

Page 377: ...P segment with an invalid checksum was received The segment will be dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Connection 2 33 3 mismatching_data_in_overlapping_tcp_segment ID 04800004 Default Severity ERROR Log Message Overlapping TCP segment containing different data Explanation A TCP segment that partly overlaps segments that has been received earlier was ...

Page 378: ...ket The packet that triggered the need to send a packet will be dropped Gateway Action drop Recommended Action Check buffer consumption Revision 1 2 33 6 failed_to_send_ack ID 04800008 Default Severity ERROR Log Message Failed to send TCP ACK in response to a segment Explanation The gateway responds to some segments by sending an acknowledgement segment to the sender An example is when it receives...

Page 379: ...ly subsystem has reached the maximum number of concurrent connections Gateway Action none Recommended Action Consider increasing the setting Reassembly_MaxConnections Revision 1 Context Parameters Connection 2 33 9 state_memory_allocation_failed ID 04800011 Default Severity ERROR Log Message Failed to allocate the memory needed to activate reassembly on a connection Explanation The reassembly subs...

Page 380: ...WARNING Log Message Interface iface Table table Net net Unable to open conn for PING trying again later Explanation Unable to open a connection to verify the status of the route Will try again later Gateway Action try_again_later Recommended Action None Revision 1 Parameters iface table net gateway 2 34 3 no_ping ID 04100003 Default Severity ERROR Log Message Interface iface Table table Net net Ro...

Page 381: ...rameters iface table net gateway 2 34 5 unable_to_register_pingmon ID 04100005 Default Severity ERROR Log Message Interface iface Table table Net net Route no longer monitored via PING unable to register PING monitor Explanation Internal Error The route is no longer monitored Failed to register PING Route Monitor Gateway Action disabled_monitor Recommended Action None Revision 1 Parameters iface t...

Page 382: ...a ARP reply from the gateway Gateway Action route_enabled Recommended Action None Revision 1 Parameters iface table net gateway 2 34 8 unable_to_register_arp_monitor ID 04100008 Default Severity ERROR Log Message Interface iface Table table Net net Route no longer monitored unable to register ARP monitor Explanation Internal Error The route is no longer monitored Failed to register ARP Route Monit...

Page 383: ...reason all associated routes disabled Explanation The interface has no link and all associated routes has been disabled Gateway Action associated_routes_disabled Recommended Action None Revision 2 Parameters iface reason 2 34 11 has_link ID 04100011 Default Severity NOTICE Log Message Interface iface has link Some associated routes may require ARP to be enabled Explanation The interface has a link...

Page 384: ...iface Table table Net net Route no longer monitored unable to register interface monitor Explanation Internal Error Route is no longer monitored Unable to register Interface Monitor Gateway Action disabled_monitor Recommended Action None Revision 1 Parameters iface table net gateway 2 34 14 hostmon_failed ID 04100014 Default Severity NOTICE Log Message Interface iface Table table Net net Route dis...

Page 385: ...e Interface iface Table table Net net Route enabled host monitoring successful Explanation Route is available Host monitoring successful Gateway Action route_enabled Recommended Action None Revision 1 Parameters iface table net 2 34 15 hostmon_successful ID 04100015 Chapter 2 Log Message Reference 385 ...

Page 386: ... IP address verfied according to ACCESS section Explanation The IP address was verified according to the ACCESS section Gateway Action access_allow Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 35 3 rule_match ID 06000006 Default Severity DEBUG Log Message GOTO action trigged Explanation A rule with a special GOTO action was trigged by an IP rule lookup This log m...

Page 387: ...ation The destination address was the 0 net which is not allowed according to the configuration The packet is dropped Gateway Action drop Recommended Action Investigate why this traffic had the 0 net as the destination Revision 1 Context Parameters Rule Name Packet Buffer 2 35 6 block0net ID 06000011 Default Severity WARNING Log Message Destination address is the 0 net Accepting Explanation The de...

Page 388: ... The destination address was the 127 net which is allowed according to the configuration The packet is accepted Gateway Action accept Recommended Action If this type of traffic should be dropped modify the Settings section in the configuration Revision 1 Context Parameters Rule Name Packet Buffer 2 35 9 directed_broadcasts ID 06000030 Default Severity NOTICE Log Message Packet directed to the broa...

Page 389: ...g vlanid Dropping Explanation The unit received a VLAN packet with an unknown tag and the packet is dropped Gateway Action drop Recommended Action None Revision 2 Parameters vlanid Context Parameters Rule Name Packet Buffer 2 35 12 ruleset_reject_packet ID 06000050 Default Severity WARNING Log Message Packet rejected by rule set Rejecting Explanation The rule set is configured to rejected this pac...

Page 390: ...5 14 unhandled_local ID 06000060 Default Severity NOTICE Log Message Allowed but unhandled packet to the firewall Dropping Explanation A packet directed to the unit itself was received The packet is allowed but there is no matching state information for this packet It is not part of any open connections and will be dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters R...

Page 391: ...ion_denied ID 04900002 Default Severity WARNING Log Message New session denied for User user Database database IP ip Type type Explanation New session denied in Session Manager Gateway Action remove_session Recommended Action Check settings for users Revision 1 Parameters user database ip type 2 36 3 sesmgr_session_removed ID 04900003 Default Severity NOTICE Log Message Session disconnected for Us...

Page 392: ...on_timeout ID 04900005 Default Severity NOTICE Log Message Session has timed out for User user Database database IP ip Type type Explanation Session has timed out and will be removed Gateway Action remove_session Recommended Action None Revision 1 Parameters user database ip type 2 36 6 sesmgr_upload_denied ID 04900006 Default Severity NOTICE Log Message File upload connection denied for User user...

Page 393: ...vision 1 Parameters user database ip type 2 36 8 sesmgr_session_maximum_reached ID 04900008 Default Severity WARNING Log Message Maximum number of sessions reached Explanation Maximum number of sessions reached Gateway Action deny_new_session Recommended Action Remove inactive sessions or increase maximum number of allowed sessions Revision 1 2 36 9 sesmgr_allocate_error ID 04900009 Default Severi...

Page 394: ... Database database IP ip Type type Explanation Session has been disabled Gateway Action none Recommended Action None Revision 1 Parameters user database ip type 2 36 12 sesmgr_console_denied_init ID 04900012 Default Severity ALERT Log Message Could not create new console at initialization of Security Gateway for User user Database database IP ip Type type Explanation Could not create new console a...

Page 395: ...ult Severity NOTICE Log Message Old session disconnected to be replaced for User user Database database IP ip Type type Explanation Old session disconnected and is being replaced by a new session for the user Gateway Action none Recommended Action None Revision 1 Parameters user database ip type 2 36 15 sesmgr_file_error ID 04900017 Default Severity ALERT Log Message Error accessing files Explanat...

Page 396: ...ty NOTICE Log Message Sending technical support file Explanation Technical support file created and is being sent to user Gateway Action techsupport_created Recommended Action None Revision 1 2 36 16 sesmgr_techsupport ID 04900018 Chapter 2 Log Message Reference 396 ...

Page 397: ... Action None Revision 1 Parameters server_ip Context Parameters Rule Name 2 37 2 server_offline ID 02900002 Default Severity WARNING Log Message SLB Server server_ip is offline according to monitor Explanation The server is determined to be offline according to monitor Gateway Action Removing this server from the active servers list Recommended Action Determine why the server is not responding Rev...

Page 398: ...0002 Default Severity WARNING Log Message Timeout connecting to SMTP server smtp_server Send aborted Explanation The unit timed out while trying to establish a connection to the SMTP server No SMTP Log will be sent Gateway Action abort_sending Recommended Action Verify that a SMTP server is running at the address specified Revision 1 Parameters smtp_server 2 38 3 send_failure ID 03000004 Default S...

Page 399: ... SMTP Log will be sent Gateway Action abort_sending Recommended Action Verify that a SMTP Server is configured to accept connections from the unit Revision 1 Parameters smtp_server 2 38 6 rejected_ehlo_helo ID 03000007 Default Severity WARNING Log Message SMTP server smtp_server rejected both EHLO HELO Trying to continue anyway Explanation The SMTP server rejected the normal handshake process The ...

Page 400: ... SMTP server is configured to accept this recipient Revision 1 Parameters smtp_server recipient 2 38 9 rejected_all_recipients ID 03000010 Default Severity WARNING Log Message SMTP server smtp_server rejected all recipients Send aborted Explanation The SMTP server rejected all recipients No SMTP Log will be sent Gateway Action None Recommended Action Verify that the SMTP server is configured to ac...

Page 401: ...ty WARNING Log Message SMTP server smtp_server rejected message text Send aborted Explanation The SMTP server rejected the message text No SMTP Log will be sent Gateway Action None Recommended Action Verify that the SMTP server is properly configured Revision 1 Parameters smtp_server 2 38 11 rejected_message_text ID 03000012 Chapter 2 Log Message Reference 401 ...

Page 402: ...ion If this sender IP address should have SNMP access to the unit this should be configured in the ACCESS section Revision 1 Parameters peer Context Parameters Connection 2 39 2 invalid_snmp_community ID 03100002 Default Severity NOTICE Log Message Disallowed SNMP from peer invalid community string Explanation The SNMP community string is invalid Gateway Action drop Recommended Action Make sure th...

Page 403: ...e error when exchanging keys with client client Explanation A Diffie Hellman Key Exchange Failure occured when keys were exchanged with the client Connection will be closed Gateway Action close Recommended Action None Revision 1 Parameters client 2 40 3 illegal_version_string ID 04700004 Default Severity ERROR Log Message Version string is invalid Explanation An invalid version string was received...

Page 404: ...n None Revision 1 2 40 6 invalid_service_request ID 04700015 Default Severity WARNING Log Message Error processing service request from client client Explanation Failed to process service request sent from the client closing connection Gateway Action close Recommended Action None Revision 1 Parameters client 2 40 7 invalid_username_change ID 04700020 Default Severity WARNING Log Message Username c...

Page 405: ...client 2 40 9 max_auth_tries_reached ID 04700030 Default Severity ERROR Log Message Maximum authentication re tries reached for client client Explanation User failed to authenticate within the maximum allowed number of tries Closing connection Gateway Action close Recommended Action None Revision 1 Parameters client 2 40 10 ssh_login_timeout_expired ID 04700035 Default Severity WARNING Log Message...

Page 406: ...f it is set too low Revision 1 Parameters inactivetime client 2 40 12 rsa_sign_verification_failed ID 04700050 Default Severity ERROR Log Message RSA signature verification for client client failed Explanation The client RSA signuature could not be verified Closing connection Gateway Action close Recommended Action None Revision 1 Parameters client 2 40 13 dsa_sign_verification_failed ID 04700051 ...

Page 407: ... The client is trying to authenticate using a Public Key Algorithm which is either not supported or not enabled Gateway Action close Recommended Action If the algorithm is supported by unit configure the unit to make use of it Revision 1 Parameters authalgo client 2 40 16 max_ssh_clients_reached ID 04700060 Default Severity WARNING Log Message Maximum number of connected SSH clients maxclients has...

Page 408: ...tion Explanation The SSH connection is no longer valid The might be a result of a remotes object being changed to no longer allow the SSH connection Closing connection Gateway Action close Recommended Action None Revision 1 Parameters client 2 40 19 scp_failed_not_admin ID 04704000 Default Severity NOTICE Log Message Administrator access could not set for session from this ip ip Explanation SCP tr...

Page 409: ...2 40 19 scp_failed_not_admin ID 04704000 Chapter 2 Log Message Reference 409 ...

Page 410: ...d Action Install a license Revision 1 Parameters shutdown 2 41 2 demo_mode ID 03200021 Default Severity ALERT Log Message This copy of D Link Firewall is in DEMO mode Firewall core will halt in time seconds Explanation The unit is running in DEMO mode and will eventually expire Install a license in order to avoid this Gateway Action shutdown_soon Recommended Action Install a license Revision 1 Par...

Page 411: ...Log Message Failed to verify IP address as per ACCESS section Dropping Explanation The IP address was not verified according to the ACCESS section Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 41 6 nitrox2_watchdog_triggered ID 03200207 Default Severity ERROR Log Message Nitrox II watchdog triggered Explanation Nitrox II watchdog triggered Gate...

Page 412: ...watchdog_chip watchdog_timeout 2 41 9 port_bind_failed ID 03200300 Default Severity ALERT Log Message Out of memory while tying to allocate dynamic port for local IP localip to destination IP destip Explanation The unit failed to allocate a dynamic port as it is out of memory Gateway Action None Recommended Action None Revision 1 Parameters reason localip destip 2 41 10 port_bind_failed ID 0320030...

Page 413: ...ded Action None Revision 1 Parameters localip destip 2 41 12 port_llm_conversion ID 03200303 Default Severity NOTICE Log Message Using Low Load Mode for Local IP localip Destination IP destip pair Explanation Mode for Local IP Destination IP pair has changed to Low Load because of low traffic Gateway Action None Recommended Action None Revision 1 Parameters localip destip 2 41 13 log_messages_lost...

Page 414: ...his is normal activity the LogSendPerSec setting might be set too low Revision 1 Parameters logcnt 2 41 15 ssl_encryption_failed ID 03200450 Default Severity ERROR Log Message Encryption failed Explanation Encryption failed due to error Connection closed Gateway Action None Recommended Action None Revision 1 2 41 16 bidir_fail ID 03200600 Default Severity CRITICAL Log Message Failed to establish b...

Page 415: ... Parameters file 2 41 18 file_open_failed ID 03200602 Default Severity ERROR Log Message Failed to open newly uploaded configuration file new_cfg Explanation The unit failed to open the uploaded configuration file Gateway Action None Recommended Action Verify that the disk media is intact Revision 1 Parameters new_cfg 2 41 19 disk_cannot_remove ID 03200603 Default Severity ERROR Log Message Failed...

Page 416: ...configuration and will continue to use the present configuration Gateway Action None Recommended Action Consult the recommended action in the previous log message which contained a more detailed error description Revision 1 2 41 22 core_switch_fail ID 03200606 Default Severity CRITICAL Log Message Failed to switch to new core Explanation For reasons specified in earlier log events the unit failed ...

Page 417: ...conds Reason reason Explanation The unit is shutting down Gateway Action shutdown Recommended Action None Revision 1 Parameters shutdown time reason 2 41 25 shutdown ID 03201010 Default Severity NOTICE Log Message Reconfiguration aborted Configuration files are missing Explanation The unit was issued a reconfigure command but no configuration file is seen The reconfiguration process is aborted Gat...

Page 418: ...n requested Gateway Action reconfiguration Recommended Action None Revision 1 Parameters username userdb client_ip config_system 2 41 28 reconfiguration ID 03201021 Default Severity NOTICE Log Message Reconfiguration will change change_count access control rule s Explanation Number of access control rules changed during the reconfiguration Gateway Action none Recommended Action None Revision 1 Par...

Page 419: ...nt uptime uptime Using configuration file cfgfile localcfgver localcfgver remotecfgver remotecfgver Previous shutdown previous_shutdown Explanation The Security Gateway is starting up echo Gateway Action None Recommended Action None Revision 2 Parameters delay corever build uptime cfgfile localcfgver remotecfgver previous_shutdown 2 41 31 shutdown ID 03202500 Default Severity NOTICE Log Message Sh...

Page 420: ...essage Administrative user username logged out via authsystem Access level access_level Explanation An adminsitrative user has logged out from the configuration system Gateway Action None Recommended Action None Revision 1 Parameters authsystem username access_level userdb client_ip 2 41 34 admin_login_failed ID 03203002 Default Severity WARNING Log Message Administrative user username failed to l...

Page 421: ...mmended Action Make sure that the new configuration allows the unit to establish a connection with the administration interface Revision 1 Parameters authsystem 2 41 36 accept_configuration ID 03204001 Default Severity NOTICE Log Message New configuration activated by user username from config_system client_ip Explanation The new configuration has been successfully activated Gateway Action using_n...

Page 422: ...cal Date and Time of the unit has been changed Gateway Action using_new_date_time Recommended Action None Revision 2 Parameters authsystem user pre_change_date_time post_change_date_time 2 41 39 admin_timeout ID 03206000 Default Severity NOTICE Log Message Administrative user username timed out from authsystem Explanation The administrative user has been inactive for too long and has been automati...

Page 423: ...rnal_error ID 03206002 Default Severity WARNING Log Message Internal error occured when administrative user username tried to login not allowed access via authsystem Explanation An internal error occured when the user tried to log in and as a result has not been given administration access Gateway Action disallow_admin_access Recommended Action Please contact the support and report this issue Revi...

Page 424: ...ntext Parameters Rule Name Packet Buffer 2 42 2 tcp_flags_set ID 03300002 Default Severity WARNING Log Message The TCP good_flag and bad_flag flags are set Stripping bad_flag flag Explanation The possible combinations for these flags are SYN URG SYN PSH SYN RST SYN FIN and FIN URG Removing the bad flag Gateway Action strip_bad_flag Recommended Action If any of these combinations should either be d...

Page 425: ...er 2 42 5 tcp_null_flags ID 03300005 Default Severity NOTICE Log Message Packet has no SYN ACK FIN or RST flag set Explanation The packet has no SYN ACK FIN or RST flag set Ignoring Gateway Action ignore Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 42 6 tcp_flags_set ID 03300008 Default Severity WARNING Log Message The TCP good_flag and bad_flag flags are set Dro...

Page 426: ...ket Gateway Action drop Recommended Action None Revision 1 Parameters bad_flag Context Parameters Rule Name Packet Buffer 2 42 8 unexpected_tcp_flags ID 03300010 Default Severity WARNING Log Message Unexpected tcp flags flags from endpoint during state state Dropping Explanation Received unexpected tcp flags during a specific state Dropping packet Gateway Action drop Recommended Action None Revisi...

Page 427: ...q seqno Expected expectseqno Dropping Explanation Mismatching sequence numbers Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters seqno expectseqno Context Parameters Rule Name Connection Packet Buffer 2 42 11 mismatched_first_ack_seqno ID 03300013 Default Severity WARNING Log Message SYNACK packet with seq seqno Expected expectseqno Dropping Explanation Mismatching ...

Page 428: ...t Parameters Rule Name Connection Packet Buffer 2 42 13 tcp_seqno_too_low ID 03300016 Default Severity DEBUG Log Message TCP sequence number seqno is not in the acceptable range accstart accend Dropping Explanation A TCP segment with an unacceptable sequence number was received The packet will be dropped Gateway Action drop Recommended Action None Revision 2 Parameters seqno accstart accend Contex...

Page 429: ...e SYN_SENT Dropping Explanation A TCP segment with the RST flag but not the ACK flag was received during state SYN_SENT The packet will be dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Connection Packet Buffer 2 42 16 tcp_seqno_too_high ID 03300019 Default Severity WARNING Log Message TCP sequence number seqno is not in the acceptable range accstart ac...

Page 430: ...ult Severity CRITICAL Log Message Out of large TCP send windows Maximum windows max_windows Triggered num_events times last 10 seconds Explanation The TCP stack could not send data since it has run out of large TCP send windows This event was triggered num_events times during the last 10 seconds Gateway Action close Recommended Action If the system is configured to use TCP based ALGs increase the ...

Page 431: ... the acceptable range accstart accend Dropping Explanation A TCP segment with an unacceptable sequence number was received The packet will be dropped Gateway Action drop Recommended Action None Revision 2 Parameters seqno accstart accend Context Parameters Rule Name Connection Packet Buffer 2 42 20 tcp_seqno_too_low_with_syn ID 03300025 Chapter 2 Log Message Reference 431 ...

Page 432: ...ame Packet Buffer 2 43 2 tcp_mss_too_low ID 03400002 Default Severity NOTICE Log Message TCP MSS mss too low TCPMSSMin minmss Adjusting Explanation The TCP MSS is too low Adjusting to use the configured minimum MSS Gateway Action adjust Recommended Action None Revision 1 Parameters tcpopt mss minmss Context Parameters Rule Name Packet Buffer 2 43 3 tcp_mss_too_high ID 03400003 Default Severity NOT...

Page 433: ...ecommended Action None Revision 1 Parameters tcpopt mss maxmss Context Parameters Rule Name Packet Buffer 2 43 5 tcp_mss_above_log_level ID 03400005 Default Severity NOTICE Log Message TCP MSS mss higher than log level TCPMSSLogLevel mssloglevel Explanation The TCP MSS is higher than the log level Gateway Action log Recommended Action None Revision 1 Parameters tcpopt mss mssloglevel Context Param...

Page 434: ... Option of the specified type Removing it Gateway Action strip Recommended Action None Revision 1 Parameters tcpopt Context Parameters Rule Name Packet Buffer 2 43 8 bad_tcpopt_length ID 03400010 Default Severity WARNING Log Message Type tcpopt is multibyte available avail Dropping Explanation The TCP Option type is multi byte which requires two bytes and there is less than two bytes available Dro...

Page 435: ...everity WARNING Log Message Type tcpopt bad length optlen Expected expectlen bytes Dropping Explanation The TCP Option type has an invalid length Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters tcpopt optlen expectlen Context Parameters Rule Name Packet Buffer 2 43 11 tcp_mss_too_low ID 03400013 Default Severity WARNING Log Message TCP MSS mss too low TCPMSSMin mi...

Page 436: ...lowed ID 03400015 Default Severity WARNING Log Message Packet has a tcpopt TCP option which is disallowed Dropping Explanation The packet has a TCP Option of the specified type Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters tcpopt Context Parameters Rule Name Packet Buffer 2 43 14 tcp_null_flags ID 03400016 Default Severity WARNING Log Message Packet has no SYN A...

Page 437: ... was received The shift count will be lowered to 14 Explanation A TCP segment with a window scale option specifying a shift count that is larger than 14 was received The shift count will be lowered to 14 Gateway Action adjust Recommended Action None Revision 1 Parameters shift_cnt Context Parameters Connection Packet Buffer 2 43 17 mismatching_tcp_window_scale ID 03400019 Default Severity WARNING ...

Page 438: ...y Action adjust Recommended Action None Revision 1 Parameters old new effective Context Parameters Connection Packet Buffer 2 43 17 mismatching_tcp_window_scale ID 03400019 Chapter 2 Log Message Reference 438 ...

Page 439: ...eminder_conn_threshold ID 05300101 Default Severity INFORMATIONAL Log Message Reminder Connection threshold description exceeded threshold Source IP srcip Explanation The source ip is still opening up new connections too fast Gateway Action None Recommended Action Look through logs to see if the source ip has misbehaved in the past Revision 1 Parameters description threshold srcip Context Paramete...

Page 440: ... 05300201 Default Severity ERROR Log Message Failed to keep connection count Reason Out of memory Explanation The device was unable to allocate resources needed to include the connection in the connection count kept by threshold rules Since there exist protect actions that are triggered by thresholds on the number of connections the connection will be closed Gateway Action close Recommended Action...

Page 441: ...hold The configured protective measures will be triggered Note This log message is rate limited via an exponential back off procedure Gateway Action protect Recommended Action None Revision 1 Parameters threshold srcip username Context Parameters Rule Name 2 44 8 threshold_conns_from_filter_exceeded ID 05300212 Default Severity NOTICE Log Message The number of connections matching the rule exceeds...

Page 442: ...ip Explanation The number of connections matching the threshold rule exceeds the configured threshold The configured protective measures will be triggered Note This log message is rate limited via an exponential back off procedure Gateway Action protect Recommended Action None Revision 1 Parameters threshold srcip username Context Parameters Rule Name 2 44 9 threshold_conns_from_filter_exceeded ID...

Page 443: ...ed Clock not updated Explanation The unit failed to establish a connection with the time sync server The clock has not been updated Gateway Action clock_not_synced Recommended Action Verify that the time sync server is running Revision 1 2 45 3 clockdrift_too_high ID 03500003 Default Severity WARNING Log Message According to the timeserver the clock has drifted clockdrift seconds s which is NOT in...

Page 444: ...Revision 1 Parameters clockdrift timeserver interval 2 45 3 clockdrift_too_high ID 03500003 Chapter 2 Log Message Reference 444 ...

Page 445: ...ameters Rule Name Packet Buffer 2 46 2 enet_hw_sender_broadcast ID 04400411 Default Severity NOTICE Log Message Ethernet hardware sender is a broadcast address Accepting Explanation The Ethernet hardware sender address is a broadcast address The packet will be accepted Gateway Action accept Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 46 3 enet_hw_sender_broadcas...

Page 446: ...ID 04400414 Default Severity NOTICE Log Message Ethernet hardware sender is a multicast address Accepting Explanation The Ethernet hardware sender address is a multicast address The packet will be accepted Gateway Action accept Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 46 6 enet_hw_sender_multicast ID 04400415 Default Severity NOTICE Log Message Ethernet hardw...

Page 447: ... Revision 1 Context Parameters Rule Name Packet Buffer 2 46 8 relay_stp_frame ID 04400417 Default Severity INFORMATIONAL Log Message Relaying STP frame from recvif to switched interfaces Explanation An incomming STP frame has been relayed to all switched interfaces in the same switch route as recif Gateway Action allow Recommended Action None Revision 1 Parameters recvif 2 46 9 dropped_stp_frame I...

Page 448: ...erity INFORMATIONAL Log Message Forwarding MPLS packet from recvif Explanation An incomming MPLS packet has been forwarded through the gateway destif indicates if it was forwarded to an ultimate destination or if it was broadcasted to over all interfaces in the switch group Gateway Action allow Recommended Action None Revision 1 Parameters recvif destif 2 46 12 dropped_mpls_packet ID 04400421 Defa...

Page 449: ...n An incomming MPLS packet has been dropped since it was malformed Gateway Action drop Recommended Action If the packet format is invalid locate the unit which is sending the malformed packet Revision 1 Parameters recvif reason 2 46 13 invalid_mpls_packet ID 04400422 Chapter 2 Log Message Reference 449 ...

Page 450: ...eceived a RADIUS Accounting START response with an Identifier mismatch Ignoring this packet Explanation The unit received a response with an invalid Identifier mismatch This can be the result of a busy network causing accounting event re sends This will be ignored Gateway Action ignore_packet Recommended Action None Revision 1 Context Parameters User Authentication 2 47 3 no_accounting_start_serve...

Page 451: ...art_server_response ID 03700005 Default Severity WARNING Log Message Logging out the authenticated user as no RADIUS Accounting START response was received from RADIUS Accounting server Explanation The authenticated user is logged out as no response to the Accounting Start event was received from the Accounting Server Gateway Action logout_user Recommended Action Verify that the RADIUS Accounting ...

Page 452: ...Gateway Action None Recommended Action None Revision 1 Context Parameters User Authentication 2 47 8 accounting_stop ID 03700008 Default Severity NOTICE Log Message Successfully received RADIUS Accounting STOP response from RADIUS Accounting server Bytes sent bytessent Bytes recv bytesrecv Packets sent packetssent Packets recv packetsrecv Session time sestime Explanation The unit received a valid ...

Page 453: ...e Accounting Server Accounting information might not have been propery received by the Accounting Server Gateway Action None Recommended Action Verify that the RADIUS Accounting server daemon is running on the Accounting Server Revision 1 Context Parameters User Authentication 2 47 11 invalid_accounting_stop_server_response ID 03700011 Default Severity ALERT Log Message Received an invalid RADIUS ...

Page 454: ...e authenticated user is logged out as an Accounting Start request did not get sent to the Accounting Server This could be a result of missing a route from the unit to the Accounting Server Gateway Action logout_user Recommended Action Verify that a route exists from the unit to the RADIUS Accounting server and that it is properly configured Revision 1 Context Parameters User Authentication 2 47 14...

Page 455: ...fault Severity NOTICE Log Message Delayed user timeout expired user is removed Explanation User did not receive any Accounting Start Response from Radius Gateway Action delayed_user_removed Recommended Action None Revision 1 Context Parameters User Authentication 2 47 17 group_list_too_long ID 03700030 Default Severity WARNING Log Message User username belongs in too many groups keeping the 32 fir...

Page 456: ...srecv packetssent packetsrecv gigawrapsent gigawraprecv sestime Context Parameters User Authentication 2 47 19 accounting_interim_failure ID 03700051 Default Severity ALERT Log Message Failed to send Accounting Interim to Authentication Server Accounting information might not be properly updated on the Accounting Server Explanation The unit failed to send an Accounting Interim event to the Account...

Page 457: ...ht not have been updated on the Accounting Server Explanation The unit received an invalid response to an Accounting Interm event from the Accounting Server Accounting information might not have been propery received by the Accounting Server Gateway Action None Recommended Action Verify that the RADIUS Accounting server is properly configured Revision 1 Context Parameters User Authentication 2 47 ...

Page 458: ...WARNING Log Message This user is already logged in Explanation A user with the same username as an already authenticated user tried to logged in and was rejected Gateway Action disallowed_login Recommended Action None Revision 1 Context Parameters User Authentication 2 47 25 user_login ID 03700102 Default Severity NOTICE Log Message User logged in Idle timeout idle_timeout Session timeout session_...

Page 459: ... Explanation The unit did not receive a response from the RADIUS Authentication server and the authentication process failed Gateway Action None Recommended Action Verify that the RADIUS Authentication server daemon is running on the Authenication Server Revision 1 Context Parameters User Authentication 2 47 28 manual_logout ID 03700106 Default Severity NOTICE Log Message User manually logged out ...

Page 460: ...n Disable the challange and response feature and use password verification instead Revision 1 Context Parameters User Authentication 2 47 31 ldap_auth_error ID 03700109 Default Severity ALERT Log Message Error during LDAP user authentication contact with LDAP server not established Explanation The unit did not receive a response from the LDAP Authentication server and the authentication process fa...

Page 461: ...on 1 Parameters reason 2 47 34 cant_create_new_request ID 03700402 Default Severity ERROR Log Message Can t create new user request Authentication aborted Explanation Can t create new user request Gateway Action authentication_failed Recommended Action Check LDAP context to work Revision 1 2 47 35 ldap_user_authentication_successful ID 03700403 Default Severity NOTICE Log Message LDAP Authenticati...

Page 462: ... of memory Gateway Action None Recommended Action None Revision 1 Parameters reason 2 47 38 user_req_new_out_of_memory ID 03700406 Default Severity ALERT Log Message Out of memory while trying to allocate new User Request Explanation The unit failed to allocate a User Request as it is out of memory Gateway Action None Recommended Action None Revision 1 Parameters reason 2 47 39 failed_admin_bind I...

Page 463: ...password from LDAP database database Explanation Cannot retrive the user password from LDAP database making user authentication impossible Gateway Action user authentication failed Recommended Action Check configuration for password attribute Revision 1 Parameters database 2 47 42 no_shared_ciphers ID 03700500 Default Severity ERROR Log Message SSL Handshake No shared ciphers exists Closing down S...

Page 464: ...y to find out if it is a part of a possible attack or normal traffic Revision 2 Parameters client_ip 2 47 44 bad_packet_order ID 03700502 Default Severity ERROR Log Message Bad SSL Handshake packet order Closing down SSL connection Explanation Two or more SSL Handshake message were received in the wrong order and the SSL connection is closed Gateway Action ssl_close Recommended Action None Revisio...

Page 465: ...yExchange message Closing down SSL connection Explanation The ClientKeyExchange message which is a part of a SSL handshake is invalid and the SSL connection is closed Gateway Action ssl_close Recommended Action None Revision 1 Parameters client_ip 2 47 48 bad_clientfinished_msg ID 03700506 Default Severity ERROR Log Message SSL Handshake Bad ClientFinished message Closing down SSL connection Expla...

Page 466: ...nnection is closed Gateway Action ssl_close Recommended Action None Revision 1 Parameters client_ip 2 47 51 negotiated_cipher_does_not_permit_the_chosen_certificate_size ID 03700509 Default Severity ERROR Log Message The negotiated cipher does not permit the chosen certificate size Closing down SSL connection Explanation The negotiated cipher was an export cipher which does not allow the chosen ce...

Page 467: ...vel description 2 47 53 sent_sslalert ID 03700511 Default Severity ERROR Log Message Sent SSL Alert Closing down SSL connection Explanation The unit has sent a SSL Alert message to the client due to some abnormal event The connection will be closed down Gateway Action close Recommended Action Consult the description parameter which contains the reason for this Revision 1 Parameters client_ip level...

Page 468: ...ription 2 48 2 odm_execute_action_reboot ID 05200002 Default Severity NOTICE Log Message Uploaded file filename was validated as description Rebooting system Explanation An uploaded file was validated and executed The system will now reboot Gateway Action None Recommended Action None Revision 1 Parameters filename description 2 48 3 odm_execute_action_reconfigure ID 05200003 Default Severity NOTIC...

Page 469: ...le was validated but could not be executed correctly This could be because the unit is out of disk space or that the disk is corrupt Gateway Action None Recommended Action Check that the disk is intact and that it has enough space Revision 1 Parameters filename 2 48 6 upload_certificate_fail ID 05200006 Default Severity NOTICE Log Message Certificate data in file filename could not be added to the...

Page 470: ...uld not be added to the configuration Explanation Certificate data could not be added to the configuration Gateway Action None Recommended Action Make sure that the certificate data is of the correct format Revision 1 Parameters filename 2 48 7 upload_certificate_fail ID 05200007 Chapter 2 Log Message Reference 470 ...

Page 471: ...t Severity WARNING Log Message Unable to allocate exclude entry for host Explanation Unable to allocate exclude entry Unit is low on memory Gateway Action no_exclude Recommended Action Review the configuration in order to free more RAM Revision 1 Parameters host 2 49 3 unable_to_allocate_block_entry ID 03800003 Default Severity WARNING Log Message Unable to allocate block entry Host host remains u...

Page 472: ...es left on the switch No more hosts can be be blocked excluded on this switch Gateway Action no_block Recommended Action None Revision 1 Parameters switch 2 49 6 failed_to_create_profile ID 03800006 Default Severity CRITICAL Log Message Failed to create type profile profile on switch Explanation The switch returned an error while creating a profile on the switch Gateway Action no_profile Recommend...

Page 473: ...corrupted Gateway Action none Recommended Action Verify that the media is intact Revision 1 2 49 9 failed_to_create_access_rule ID 03800009 Default Severity CRITICAL Log Message Failed to create ruletype access rule to add network on switch Explanation The switch returned an error while creating a rule Gateway Action None Recommended Action Verify that the configured switch model is correct Revisi...

Page 474: ...he configured switch model is correct Revision 1 Parameters type profile switch 2 49 12 failed_to_save_configuration ID 03800012 Default Severity CRITICAL Log Message Failed to save configuration on switch Explanation The switch returned an error while saving the configuration Gateway Action None Recommended Action Verify that the configured switch model is correct Revision 1 Parameters switch 2 4...

Page 475: ...e blocking host host Alert Type type Explanation A configured action of type type has triggered ZoneDefense to block the host host at the configured ZoneDefense switches Gateway Action block Recommended Action Unblock the specified host using the ZoneDefense status page to allow the host to regain access to the network Revision 1 Parameters type host 2 49 14 zd_block ID 03800014 Chapter 2 Log Mess...

Page 476: ...2 49 14 zd_block ID 03800014 Chapter 2 Log Message Reference 476 ...

Reviews:

No comments

Related manuals for DFL- 860

3C16792 - OfficeConnect Dual Speed Switch 16

Brand: 3Com Pages: 2

3C16772 - OfficeConnect Web Site Filter

Brand: 3Com Pages: 4

FortiGate FortiGate-500

Brand: Fortinet Pages: 2

FortiGate 50B-LENC

Brand: Fortinet Pages: 2

FortiGate Voice Series

Brand: Fortinet Pages: 14

FortiAnalyzer-2000

Brand: Fortinet Pages: 2

FortiGate FortiGate-3810A

Brand: Fortinet Pages: 62

FortiSwitch-5003

Brand: Fortinet Pages: 128

Brand: 3Com Pages: 64

FortiBridge-1000

Brand: Fortinet Pages: 2

Proventia Management SiteProtector SP2001

Brand: IBM Pages: 57

Brand: Yamaha Pages: 52

Brand: Sophos Pages: 14

Brand: Cisco Pages: 52

Brand: Cisco Pages: 36

881W - Integrated Services Router Wireless

Brand: Cisco Pages: 4

Brand: Cisco Pages: 42

Brand: Cisco Pages: 12

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands