manualshive.com logo in svg

D-Link NetDefend DFL-260E, Log Reference Manual

The D-Link NetDefend DFL-260E is a powerful network security appliance designed to safeguard your data and network infrastructure. Ensure a seamless setup with the Quick Installation Manual, available for free download from manualshive.com. Discover comprehensive instructions and get the most out of your device hassle-free.

Share
Download
background image

2.59. THRESHOLD

These log messages refer to the THRESHOLD (Threshold rule events) category.

2.59.1. conn_threshold_exceeded (ID: 05300100)

Default Severity

WARNING

Log Message

Connection threshold <description> exceeded <threshold>. Source
IP: <srcip>. Closing connection

Explanation

The source ip is opening up new connections too fast.

Gateway Action

closing_connection

Recommended Action

Investigate worms and DoS attacks.

Revision

1

Parameters

description
threshold
srcip

Context Parameters

Rule Name

2.59.2. reminder_conn_threshold (ID: 05300101)

Default Severity

INFORMATIONAL

Log Message

Reminder:

Connection

threshold

<description>

exceeded

<threshold>. Source IP: <srcip>.

Explanation

The source ip is still opening up new connections too fast.

Gateway Action

None

Recommended Action

Look through logs to see if the source ip has misbehaved in the past.

Revision

1

Parameters

description
threshold
srcip

Context Parameters

Rule Name

2.59.3. conn_threshold_exceeded (ID: 05300102)

Default Severity

NOTICE

Log Message

Connection threshold <description> exceeded <threshold>. Source
IP: <srcip>

Explanation

The source ip is opening up new connections too fast.

Chapter 2: Log Message Reference

607

Summary of Contents for NetDefend DFL-260E

Page 1: ...Network Security Solution http www dlink com NetDefendOS Ver 11 04 01 Network Security Firewall Log Reference Guide Security Security...

Page 2: ...nce Guide DFL 260E 860E 870 1660 2560 2560G NetDefendOS Version 11 04 01 D Link Corporation No 289 Sinhu 3rd Rd Neihu District Taipei City 114 Taiwan R O C http www DLink com Published 2016 10 03 Copy...

Page 3: ...a particular purpose D Link reserves the right to revise this publication and to make changes from time to time in the content hereof without any obligation to notify any person or parties of such rev...

Page 4: ...54 2 1 20 max_download_size_reached ID 00200116 54 2 1 21 blocked_filetype ID 00200117 55 2 1 22 out_of_memory ID 00200118 55 2 1 23 wcf_servers_unreachable ID 00200119 55 2 1 24 wcf_srv_connection_e...

Page 5: ...0181 76 2 1 76 smtp_no_header ID 00200184 76 2 1 77 unsupported_extension ID 00200185 76 2 1 78 cmd_pipelined ID 00200186 77 2 1 79 smtp_state_violation ID 00200190 77 2 1 80 sender_email_dnsbl_spam_m...

Page 6: ...2 1 140 encode_failed ID 00200307 101 2 1 141 max_tcp_data_connections_exceeded ID 00200308 102 2 1 142 max_connections_per_call_exceeded ID 00200309 102 2 1 143 ignoring_channel ID 00200310 102 2 1...

Page 7: ...egotiation_attempted ID 00200457 124 2 1 201 tls_disallowed_key_exchange ID 00200458 124 2 1 202 tls_invalid_message ID 00200459 125 2 1 203 tls_bad_message_order ID 00200460 125 2 1 204 tls_no_shared...

Page 8: ...led_to_modify_response ID 00200559 149 2 1 261 sipalg_callleg_state_updated ID 00200560 149 2 1 262 failed_to_modify_sat_request ID 00200561 150 2 1 263 max_pptp_sessions_reached ID 00200601 150 2 1 2...

Page 9: ...6 compression_ratio_violation ID 05800006 173 2 3 7 compression_ratio_violation ID 05800007 173 2 3 8 compression_ratio_violation ID 05800008 174 2 3 9 out_of_memory ID 05800009 174 2 3 10 out_of_mem...

Page 10: ...06500003 196 2 6 4 authagent_rekeying_error ID 06500004 197 2 6 5 authagent_protocol_mistmatch ID 06500005 197 2 6 6 authagent_negotiation_error ID 06500006 197 2 6 7 authagent_decryption_error ID 065...

Page 11: ...id_netmask ID 00700009 219 2 12 9 invalid_broadcast ID 00700010 220 2 12 10 invalid_offered_ip ID 00700011 220 2 12 11 invalid_gateway ID 00700012 220 2 12 12 offered_broadcast_equals_gateway ID 00700...

Page 12: ...38 2 14 17 request_for_non_bound_ip ID 00900018 239 2 14 18 client_bound ID 00900019 239 2 14 19 client_renewed ID 00900020 240 2 14 20 got_inform_request ID 00900021 240 2 14 21 decline_for_ip_on_wro...

Page 13: ...2 19 7 disallowed_suspect ID 02000007 261 2 19 8 drop_frags_of_disallowed_packet ID 02000008 262 2 19 9 drop_frags_of_illegal_packet ID 02000009 262 2 19 10 drop_extraneous_frags_of_completed_packet I...

Page 14: ...nnection_established ID 01200200 280 2 22 22 hasync_connection_disconnected_lifetime_expired ID 01200201 281 2 22 23 hasync_connection_failed_timeout ID 01200202 281 2 22 24 resync_conns_to_peer_compl...

Page 15: ...4200001 307 2 28 2 querier_election_lost ID 04200002 307 2 28 3 invalid_dest_ip_address ID 04200003 307 2 28 4 invalid_destination_ethernet_address ID 04200004 308 2 28 5 failed_restarting_igmp_conn I...

Page 16: ...31 10 packet_corrupt ID 01800110 329 2 31 11 icv_failure ID 01800111 329 2 31 12 sequence_number_failure ID 01800112 330 2 31 13 sa_lookup_failure ID 01800113 330 2 31 14 ip_fragment ID 01800114 330 2...

Page 17: ...c_interface_disabled ID 01800506 348 2 31 70 no_route ID 01800507 348 2 31 71 no_userauth_specified_for_eap ID 01800600 348 2 31 72 no_radius_server_configured_for_eap ID 01800601 349 2 31 73 insuffic...

Page 18: ...ecified ID 01802100 368 2 31 133 invalid_authentication_algorithm_configured ID 01802101 369 2 31 134 no_key_method_configured_for tunnel ID 01802102 369 2 31 135 invalid_configuration_of_force_open I...

Page 19: ...31 190 could_not_lock_certificate ID 01802608 385 2 31 191 could_not_insert_cert_to_db ID 01802609 386 2 31 192 could_not_decode_crl ID 01802610 386 2 31 193 Certificate_contains_bad_IP_address ID 01...

Page 20: ...3 nd_multicast_target_address ID 06400048 405 2 32 24 invalid_nd_sender_ip_address ID 06400049 405 2 32 25 nd_access_allowed_expect ID 06400050 406 2 32 26 nd_na_send_failure ID 06400051 406 2 32 27 n...

Page 21: ...mp_pointer ID 01700018 429 2 35 14 bad_timestamp_pointer ID 01700019 429 2 35 15 timestamp_disallowed ID 01700020 430 2 35 16 router_alert_bad_len ID 01700021 430 2 35 17 router_alert_disallowed ID 01...

Page 22: ...2 36 15 oversize_ah ID 07000052 450 2 36 16 oversize_skip ID 07000053 450 2 36 17 oversize_ospf ID 07000054 451 2 36 18 oversize_ipip ID 07000055 451 2 36 19 oversize_ipcomp ID 07000056 451 2 36 20 o...

Page 23: ...471 2 39 8 max_states_reached ID 05600009 471 2 39 9 max_states_reached ID 05600010 471 2 39 10 registerip_failed ID 05600011 472 2 39 11 registerip_failed ID 05600012 472 2 39 12 dynamicip_failed ID...

Page 24: ...max_allowed ID 02400304 492 2 40 53 as_disabled_due_to_mem_alloc_fail ID 02400305 492 2 40 54 internal_lsa_chksum_error ID 02400306 493 2 40 55 unable_to_find_iface_to_stub_net ID 02400400 493 2 40 56...

Page 25: ...5 session_idle_timeout ID 02700015 512 2 43 16 pptpclient_start ID 02700017 512 2 43 17 pptpclient_connected ID 02700018 513 2 43 18 pptp_tunnel_up ID 02700019 513 2 43 19 ctrlconn_refused ID 02700020...

Page 26: ...block127net ID 06000012 534 2 48 8 block127net ID 06000013 534 2 48 9 broadcast_nat ID 06000014 534 2 48 10 allow_broadcast ID 06000016 535 2 48 11 block0net ID 06000020 535 2 48 12 block0net ID 0600...

Page 27: ...2 53 2 invalid_snmp_community ID 03100002 557 2 53 3 snmp3_received_unautherized_message ID 03100100 557 2 53 4 snmp3_local_password_too_short ID 03100101 558 2 53 5 snmp3_authentication_failed ID 031...

Page 28: ...s_lost_due_to_throttling ID 03200400 577 2 56 16 log_messages_lost_due_to_log_buffer_exhaust ID 03200401 577 2 56 17 ssl_encryption_failed ID 03200450 578 2 56 18 bidir_fail ID 03200600 578 2 56 19 fi...

Page 29: ...601 2 58 5 tcp_mss_above_log_level ID 03400005 601 2 58 6 tcp_option ID 03400006 602 2 58 7 tcp_option_strip ID 03400007 602 2 58 8 bad_tcpopt_length ID 03400010 602 2 58 9 bad_tcpopt_length ID 034000...

Page 30: ...2 15 user_timeout ID 03700020 624 2 62 16 group_list_too_long ID 03700030 624 2 62 17 accounting_alive ID 03700050 625 2 62 18 accounting_interim_failure ID 03700051 625 2 62 19 no_accounting_interim_...

Page 31: ...8002 642 2 63 10 secaas_lic_installation_failed ID 05208003 643 2 64 ZONEDEFENSE 644 2 64 1 unable_to_allocate_send_entries ID 03800001 644 2 64 2 unable_to_allocate_exclude_entry ID 03800002 644 2 64...

Page 32: ...List of Tables 1 Abbreviations 35 32...

Page 33: ...List of Examples 1 Log Message Parameters 34 2 Conditional Log Message Parameters 34 33...

Page 34: ...a log message parameter Square Brackets name Used for specifying the name of a conditional log message parameter Example 1 Log Message Parameters Log Message New configuration activated by user userna...

Page 35: ...on System IP Internet Protocol IPSec Internet Protocol Security L2TP Layer 2 Tunneling Protocol NAT Network Address Translation OSPF Open Shortest Path First PPP Point to Point Protocol PPPoE Point to...

Page 36: ...h specific log message Name The name of the log message which is a short string 1 6 words separated by _ Please note that the name cannot be used as a unique identification of the log message as sever...

Page 37: ...3 words separated by _ of what action NetDefendOS will take If the log message is purely informative this is set to None Recommended Action A detailed recommendation of what the administrator should...

Page 38: ...odule in order to quickly distinguish which type of ALG this is algmod The name of the ALG sub module ALG Session ID Each ALG session has its own session ID which uniquely identifies an ALG session Th...

Page 39: ...he ICMP redirect code Valid if the protocol is ICMP and sub protocol is redirect icmpcode The ICMP sub protocol code Valid if the protocol is ICMP and sub protocol is not echo destination unreachable...

Page 40: ...nformation Additional information about the rule that was used when this event was triggered Certain parameters may or may not be included depending on the type of rule For example the name of an auth...

Page 41: ...nge lsa spf route and unknown loglevel The log level value OSPF LSA Additional information about OSPF LSA lsatype The LSA type Possible values Router network IP summary ASBR summary and AS external ls...

Page 42: ...routemetric Route metric cost Chapter 1 Introduction 42...

Page 43: ...lity of the unit 4 Warning Warning conditions which could affect the functionality of the unit 5 Notice Normal but significant conditions 6 Informational Informational conditions 7 Debug Debug level e...

Page 44: ...Chapter 1 Introduction 44...

Page 45: ...189 AUTHAGENTS page 196 AVSE page 202 AVUPDATE page 203 BLACKLIST page 206 BUFFERS page 208 CONN page 209 DHCP page 217 DHCPRELAY page 223 DHCPSERVER page 234 DHCPV6CLIENT page 244 DHCPV6SERVER page 2...

Page 46: ...e 423 IP_OPT page 425 IP_PROTO page 445 L2TP page 457 LACP page 466 NATPOOL page 469 OSPF page 474 PPP page 498 PPPOE page 506 PPTP page 507 RADIUSRELAY page 517 REALTIMEMONITOR page 521 REASSEMBLY pa...

Page 47: ...from Application Layer Gateways category 2 1 1 alg_session_open ID 00200001 Default Severity INFORMATIONAL Log Message ALG session opened Explanation A new ALG session has been opened Gateway Action...

Page 48: ..._failure ID 00200009 Default Severity CRITICAL Log Message Failed to allocate ALG session Explanation The system failed to allocate an ALG session The reason for this is either that the total number o...

Page 49: ...invalid UTF8 formatted characters Gateway Action close Recommended Action Make sure that the requested URL is formatted correctly Revision 1 Parameters reason algname Context Parameters ALG Module Na...

Page 50: ...st header Closing connection ALG name algname Explanation Data was received after the client request header although the header specified that no such data should be sent Gateway Action closing_connec...

Page 51: ...losing_connecion Recommended Action Research the source of this and try to find out why the server is sending invalid formatted chunked data Revision 1 Parameters algname Context Parameters ALG Module...

Page 52: ...Module Name ALG Session ID 2 1 14 max_http_sessions_reached ID 00200110 Default Severity WARNING Log Message HTTPALG Maximum number of HTTP sessions max_sessions for service reached Closing connection...

Page 53: ...Recommended Action Verify that there is a listening HTTP Server on the specified address Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 17 content_type_mismatch I...

Page 54: ...Extend valid time for Content Filtering Revision 3 Context Parameters ALG Module Name 2 1 20 max_download_size_reached ID 00200116 Default Severity WARNING Log Message HTTPALG The file filename with f...

Page 55: ...ICAL Log Message HTTPALG Failed to allocate memory Explanation The unit does not have enough available RAM WCF could not allocate memory for override functionality Gateway Action none Recommended Acti...

Page 56: ...2 1 25 wcf_server_unreachable ID 00200121 Default Severity ERROR Log Message HTTPALG Failed to connect to web content server failedserver Explanation Web Content Filtering was unable to connect to the...

Page 57: ...0200124 Default Severity INFORMATIONAL Log Message HTTPALG Falling back from secondary servers to primary server Explanation Web Content Filtering falls back to primary server after 60 minutes or when...

Page 58: ...uested Gateway Action block Recommended Action None Revision 2 Parameters categories audit override url algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2 1 31 wcf_serve...

Page 59: ...2 1 33 request_url ID 00200129 Default Severity NOTICE Log Message HTTPALG Requesting URL url Categories categories Audit audit Override override ALG name algname Explanation The URL has been request...

Page 60: ..._orig url_req url_reply Context Parameters ALG Module Name 2 1 36 restricted_site_notice ID 00200132 Default Severity WARNING Log Message HTTPALG User requests the forbidden URL url even though Restri...

Page 61: ...ession ID 2 1 38 wcf_server_disconnected ID 00200134 Default Severity INFORMATIONAL Log Message HTTPALG Web content server server disconnected Explanation The Web Content server has closed the connect...

Page 62: ...L has been requested Gateway Action allow_audit_mode Recommended Action None Revision 3 Parameters categories audit override url user algname Context Parameters Connection Connection ALG Module Name A...

Page 63: ...allow Recommended Action Disable the RESTRICTED_SITE_NOTICE mode of parameter CATEGORIES for this ALG Revision 4 Parameters url user algname Context Parameters Connection Connection ALG Module Name AL...

Page 64: ...vision 1 Context Parameters ALG Module Name 2 1 45 out_of_memory ID 00200141 Default Severity CRITICAL Log Message HTTPALG Failed to allocate memory Explanation The system failed to allocate memory an...

Page 65: ...ection attempt is in progress Gateway Action reconnecting Recommended Action None Revision 1 Context Parameters ALG Module Name 2 1 48 invalid_http_syntax ID 00200144 Default Severity ERROR Log Messag...

Page 66: ...ua Explanation The HTTPALG blocked access for a browser with a disallowed user agent string Gateway Action close Recommended Action If this user agent string should be allowed add it to the list of al...

Page 67: ...t upgrade e g websocket The connection is no longer allowed Gateway Action close Recommended Action Modify the configuration is socket upgrades should be allowed Revision 1 Parameters type algname Con...

Page 68: ...ssions Context Parameters ALG Module Name 2 1 55 maximum_email_per_minute_reached ID 00200151 Default Severity WARNING Log Message SMTPALG Maximum number of emails per client and minute reached Explan...

Page 69: ...ction None Revision 3 Context Parameters ALG Module Name ALG Session ID 2 1 58 invalid_server_response ID 00200155 Default Severity ERROR Log Message SMTPALG Could not parse server response code Expla...

Page 70: ...be denied Gateway Action reject Recommended Action Disable the Verify E Mail Sender ID setting if you experience that valid e mails are being wrongly blocked Revision 3 Parameters sender_email_address...

Page 71: ...recipients email id are in Black List Explanation Since some RCPT TO Email ids are in Black List SMTP ALG has blocked mail to those recipients Gateway Action reject Recommended Action Emails can be fo...

Page 72: ...ion allow_block Recommended Action Research how the sender is encoding the data Revision 2 Parameters filename filetype sender_email_address recipient_email_addresses Context Parameters ALG Module Nam...

Page 73: ...ype sender_email_address recipient_email_addresses Context Parameters ALG Module Name ALG Session ID 2 1 68 max_email_size_reached ID 00200170 Default Severity WARNING Log Message SMTPALG Maximum emai...

Page 74: ...l_ids_are_in_blocklist ID 00200172 Default Severity WARNING Log Message SMTPALG All recipients e mail addresses are in Black List Explanation Since RCPT TO email ids are in Black List SMTP ALG rejecte...

Page 75: ...e Name ALG Session ID 2 1 73 dnsbl_init_error ID 00200177 Default Severity ERROR Log Message DNSbl internal error Explanation The email could not be checked for spam Email will be processed without sp...

Page 76: ...everity WARNING Log Message SMTPALG Email without SMTP headers received Explanation The SMTP ALG received an email without headers Gateway Action allow Recommended Action None Revision 1 Context Param...

Page 77: ...G Session ID 2 1 79 smtp_state_violation ID 00200190 Default Severity WARNING Log Message SMTPALG State violation violation Explanation The client sent an invalid sequence of commands The protocol vio...

Page 78: ...s sent in an invalid direction and the connection will be closed Gateway Action close Recommended Action None Revision 1 Parameters peer Context Parameters ALG Module Name ALG Session ID Rule Informat...

Page 79: ...in the control channel This is not allowed according to the FTPALG configuration and the connection will be closed Gateway Action close Recommended Action If 8 bit characters should be allowed modify...

Page 80: ...tion close Recommended Action If unknown commands should be allowed modify the FTPALG configuration Revision 1 Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2 1 8...

Page 81: ...hould be allowed to do active FTP modify the FTPALG configuration Revision 1 Parameters peer Context Parameters ALG Module Name ALG Session ID Connection 2 1 89 illegal_command ID 00200215 Default Sev...

Page 82: ...ty CRITICAL Log Message FTPALG Illegal PORT command from peer port port not allowed String string Rejecting command Explanation An illegal PORT command was received from the client It requests that th...

Page 83: ...t is not allowed to do this The command will be rejected Gateway Action rejecting_command Recommended Action If the client should be allowed to do issue SITE EXEC commands modify the FTPALG configurat...

Page 84: ...on ID Connection 2 1 96 illegal_option ID 00200222 Default Severity WARNING Log Message FTPALG Invalid OPTS argument from peer String string Rejecting command Explanation An invalid OPTS argument was...

Page 85: ...n An unknown OPTS argument was received and the command will be rejected Gateway Action rejecting_command Recommended Action If unknown commands should be allowed modify the FTPALG configuration Revis...

Page 86: ...ould be allowed modify the FTPALG configuration Revision 1 Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2 1 101 illegal_reply ID 00200228 Default Severity WARNIN...

Page 87: ...tion 2 1 103 illegal_reply ID 00200231 Default Severity WARNING Log Message FTPALG Unsolicted 227 passive mode response from peer String string Closing connection Explanation An illegal response was r...

Page 88: ...is out of range This is not allowed and the connection will be closed Gateway Action close Recommended Action The FTP server could be compromised and should not be trusted Revision 1 Parameters peer...

Page 89: ...ly be a result of lack of memory Gateway Action None Recommended Action None Revision 1 Parameters peer connection string Context Parameters ALG Module Name ALG Session ID Connection 2 1 108 failed_to...

Page 90: ...ernal Error failed to register eventhandler Closing connection Explanation An internal error occured when registering an eventhandler and the connection will be closed Gateway Action close Recommended...

Page 91: ...G Module Name 2 1 113 failed_create_new_session ID 00200242 Default Severity ERROR Log Message FTPALG Failed to create new FTPALG session out of memory Explanation An attempt to create a new FTPALG se...

Page 92: ...evision 1 Parameters filename filetype Context Parameters ALG Module Name ALG Session ID 2 1 116 failed_to_send_command ID 00200251 Default Severity NOTICE Log Message FTPALG Failed to send the comman...

Page 93: ...iguration Gateway Action data_blocked_control_and_data_channel_closed Recommended Action If this file should be allowed update the ALLOW BLOCK list Revision 2 Parameters filename filetype Context Para...

Page 94: ...owed rejecting command Explanation The client tried to issue a REST command which is not valid since the client is not allowed to do this The command will be rejected Gateway Action rejecting_command...

Page 95: ...Context Parameters ALG Module Name ALG Session ID Connection 2 1 124 clienthello_server_name ID 00200272 Default Severity INFORMATIONAL Log Message HTTPALG HTTPS c Found server DNS name hostname in Cl...

Page 96: ...Explanation Failed to parse ClientHello datagram Gateway Action None Recommended Action None Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID Connection 2 1 127 invalid...

Page 97: ...rtificate_server_name ID 00200277 Default Severity INFORMATIONAL Log Message HTTPALG HTTPS s Found server DNS name hostname in Certificate datagram Explanation Found server DNS name in Certificate dat...

Page 98: ...meters algname Context Parameters ALG Module Name ALG Session ID Connection 2 1 132 blacklisted_url_blocked ID 00200280 Default Severity NOTICE Log Message HTTPALG HTTPS c Blacklisted URL hostname blo...

Page 99: ...invalid message was received from peer Explanation An invalid message was received from the peer The ALG session will be closed Gateway Action closing_session Recommended Action None Revision 2 Param...

Page 100: ...vision 1 Parameters peer message_type Context Parameters ALG Module Name ALG Session ID Connection 2 1 137 encode_failed ID 00200304 Default Severity WARNING Log Message H323ALG Failed before encoding...

Page 101: ...Failed before encoding H 245 message Closing connection Explanation The H 245 encoder failed to allocate memory used for encoding of the message The ALG session will be closed Gateway Action close Rec...

Page 102: ...ters max_channels Context Parameters ALG Module Name ALG Session ID Connection 2 1 142 max_connections_per_call_exceeded ID 00200309 Default Severity WARNING Log Message H323ALG No more connections al...

Page 103: ...ation Mode Response message is not translated Gateway Action None Recommended Action None Revision 2 Parameters peer Context Parameters ALG Module Name ALG Session ID Connection 2 1 145 max_h323_sessi...

Page 104: ...umber of H 323 gatekeeper sessions for service reached Explanation The maximum number of concurrent H 323 gatekeeper sessions has been reached for this service Connection will be closed Gateway Action...

Page 105: ...pecified address Revision 1 Context Parameters ALG Module Name ALG Session ID 2 1 150 com_mode_command_message_not_translated ID 00200317 Default Severity WARNING Log Message H323ALG CommunicationMode...

Page 106: ...g connection Gateway Action reject Recommended Action If all characters in filenames should be allowed modify the TFTP Alg configuration Revision 1 Parameters filename Context Parameters ALG Module Na...

Page 107: ...option contained no readable value Explanation Option contained no readable value Closing connection Gateway Action reject Recommended Action None Revision 1 Parameters option Context Parameters ALG...

Page 108: ...1 Parameters option Context Parameters ALG Module Name ALG Session ID Connection 2 1 158 option_tsize_invalid ID 00200358 Default Severity WARNING Log Message TFTPALG Option tsize value value exceedin...

Page 109: ...Log Message TFTPALG The received option option was not sent Explanation The received option was not sent Closing connection Gateway Action close Recommended Action None Revision 1 Parameters option C...

Page 110: ...essage TFTPALG Option blksize value old_blksize exceeding allowed value Rewriting to new_blksize Explanation Option blksize value exceeding allowed value Rewriting value Gateway Action rewrite Recomme...

Page 111: ...ession failed because the unit is out of memory Gateway Action close Recommended Action Decrease the maximum allowed TFTPALG sessions or try to free some of the RAM used Revision 1 Context Parameters...

Page 112: ...RNING Log Message TFTPALG Received invalid packet Opcode opcode Packet length packet_length Explanation Received invalid packet Closing listening connection and opening new instead Gateway Action clos...

Page 113: ...nfiguration Revision 1 Parameters received maxvalue Context Parameters ALG Module Name ALG Session ID Connection 2 1 171 options_removed ID 00200371 Default Severity WARNING Log Message TFTPALG Option...

Page 114: ...that the ALG session could not be successfully opened Gateway Action close Recommended Action None Revision 1 Parameters error_code Context Parameters ALG Module Name 2 1 174 invalid_error_message_rec...

Page 115: ...3ALG session out of memory Explanation An attempt to create a new POP3ALG session failed because the unit is out of memory Gateway Action close Recommended Action Decrease the maximum allowed POP3ALG...

Page 116: ...type filetype which is in block list Explanation The file is present in the block list It will be blocked as per configuration Gateway Action block Recommended Action If this file should be allowed u...

Page 117: ...filetype sender_email_address Context Parameters ALG Module Name ALG Session ID 2 1 182 possible_invalid_mail_end ID 00200387 Default Severity WARNING Log Message POP3ALG Possible invalid end of mail...

Page 118: ...length The response will be blocked Gateway Action block Recommended Action None Revision 1 Parameters command len Context Parameters ALG Module Name ALG Session ID 2 1 185 content_type_mismatch ID 0...

Page 119: ...pe sender_email_address Context Parameters ALG Module Name 2 1 187 command_blocked_invalid_argument ID 00200392 Default Severity WARNING Log Message POP3ALG Command blocked Invalid argument argument g...

Page 120: ...k Recommended Action If the command are to be allowed change the Alg configuration Revision 1 Parameters command Context Parameters ALG Module Name ALG Session ID 2 1 190 unexpected_mail_end ID 002003...

Page 121: ...d The last part was therefore blocked by the firewall Gateway Action block Recommended Action None Revision 1 Parameters len retrigs Context Parameters ALG Module Name ALG Session ID 2 1 193 max_tls_s...

Page 122: ...rity ERROR Log Message TLSALG Failed to connect to the HTTP Server Closing connection ALG name algname Explanation The unit failed to connect to the HTTP Server resulting in that the ALG session could...

Page 123: ...ion tls_alert_sent Recommended Action None Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 198 tls_alert_sent ID 00200455 Default Severity ERROR Log Message TLSALG...

Page 124: ...gotiation is however not supported so the TLS ALG session will be closed Gateway Action close Recommended Action None Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2...

Page 125: ...ext Parameters ALG Module Name ALG Session ID 2 1 203 tls_bad_message_order ID 00200460 Default Severity ERROR Log Message TLSALG Bad TLS handshake message order Explanation A TLS handshake message of...

Page 126: ...connection of a TLS ALG session The TLS ALG session will be closed Gateway Action close Recommended Action None Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 206...

Page 127: ...ge SIPALG SDP message parsing failed Explanation SDP part of message failed parsing due to malformed message Reason reason Gateway Action drop Recommended Action Examine why client or server is sendin...

Page 128: ...reason Gateway Action drop Recommended Action Examine why client or server is sending a malformed SIP message Revision 2 Parameters reason from_uri to_uri srcip srcport destip destport Context Parame...

Page 129: ...e maximum number of SIPALG sessions per SIP URI is too low increase it Revision 2 Parameters max_ses_per_id from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 213 reg...

Page 130: ...thod from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 215 sip_request_response_timeout ID 00200508 Default Severity WARNING Log Message SIPALG SIP request response...

Page 131: ...arameters cfg_registration_time from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 217 unsuccessful_registration ID 00200510 Default Severity WARNING Log Message SIPA...

Page 132: ...Severity WARNING Log Message SIPALG Registration entry not found Explanation The specified user could not be found in the register table Reason reason Gateway Action drop Recommended Action None Revi...

Page 133: ...method request could not be created Gateway Action drop Recommended Action None Revision 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 222 fa...

Page 134: ...uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 224 sipalg_session_state_updated ID 00200517 Default Severity DEBUG Log Message SIPALG SIP ALG session state updated Exp...

Page 135: ...Default Severity ERROR Log Message SIPALG Failed to create transaction Explanation The SIP ALG failed to create transaction for method request Gateway Action drop Recommended Action None Revision 2 P...

Page 136: ...d Gateway Action close Recommended Action None Revision 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name ALG Session ID 2 1 229 sipalg_transaction_s...

Page 137: ...n from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 231 failed_to_get_free_port ID 00200527 Default Severity CRITICAL Log Message SIPALG Failed to get free NAT port...

Page 138: ...G Module Name 2 1 233 failed_to_update_port ID 00200529 Default Severity ERROR Log Message SIPALG Failed to update port information Explanation Failed to update port into session for method request Ga...

Page 139: ...y SDP message Explanation Failed to modify SDP part of message Reason reason Gateway Action drop Recommended Action None Revision 2 Parameters reason from_uri to_uri srcip srcport destip destport Cont...

Page 140: ...None Revision 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 238 failed_to_modify_request_uri ID 00200534 Default Severity ERROR Log Message...

Page 141: ...destip destport Context Parameters ALG Module Name 2 1 240 method_not_supported ID 00200536 Default Severity WARNING Log Message SIPALG Method not supported Explanation The method method is not suppo...

Page 142: ...SIP ALG has detected a SIP SDP message involving third party IP address Reason reason The request will be dropped Gateway Action drop Recommended Action None Revision 2 Parameters reason from_uri to_u...

Page 143: ...e 2 1 245 user_registered ID 00200541 Default Severity NOTICE Log Message SIPALG Successful Registration Explanation User user_name registered Gateway Action None Recommended Action None Revision 2 Pa...

Page 144: ...modify_contact ID 00200547 Default Severity ERROR Log Message SIPALG Failed to modify contact tag in message Explanation Failed to modify the contact tag in SIP message Reason reason Gateway Action dr...

Page 145: ...estport Context Parameters ALG Module Name 2 1 251 max_session_per_service_reached ID 00200550 Default Severity WARNING Log Message SIPALG Maximum number of transaction per session has been reached Ex...

Page 146: ...on 2 Parameters max_tsxn_per_session from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 253 invalid_transaction_state ID 00200552 Default Severity ERROR Log Message S...

Page 147: ...200554 Default Severity NOTICE Log Message SIPALG CallLeg created Explanation SIP ALG callleg created for method request Gateway Action allow Recommended Action None Revision 2 Parameters method from_...

Page 148: ...t Gateway Action drop Recommended Action None Revision 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 258 failed_to_update_callleg ID 00200557...

Page 149: ...srcport destip destport Context Parameters ALG Module Name ALG Session ID 2 1 260 failed_to_modify_response ID 00200559 Default Severity ERROR Log Message SIPALG Failed to modify the response Explana...

Page 150: ...ROR Log Message SIPALG Failed to modify the SAT request Explanation Failed to modify requst ip to SAT destination IP in the method request Gateway Action drop Recommended Action None Revision 1 Parame...

Page 151: ...out of memory Gateway Action close Recommended Action Decrease the maximum allowed PPTPALG sessions or try to free some of the RAM used Revision 1 Context Parameters ALG Module Name 2 1 265 failed_co...

Page 152: ...nnel has been removed between the PPTP client and the PPTP ALG Gateway Action None Recommended Action None Revision 1 Context Parameters ALG Session ID ALG Module Name 2 1 268 pptp_tunnel_removed_serv...

Page 153: ...Action None Revision 1 Context Parameters ALG Session ID ALG Module Name 2 1 271 pptp_malformed_packet ID 00200609 Default Severity WARNING Log Message Malformed packet received from remotegw on iface...

Page 154: ...ose Recommended Action If the maximum number of IMAP sessions is too low increase it Revision 1 Parameters max_sessions Context Parameters ALG Module Name 2 1 274 failed_create_new_session ID 00200651...

Page 155: ...Explanation An attempt to allocate memory failed Gateway Action close Recommended Action Try to free up unwanted memory Revision 1 Context Parameters ALG Module Name ALG Session ID 2 1 277 blocked_fil...

Page 156: ...on ID 2 1 279 command_blocked ID 00200659 Default Severity WARNING Log Message IMAPALG Command command blocked Explanation The client is sending command that are not allowed The command will be blocke...

Page 157: ...wed change the Alg configuration Revision 1 Parameters command Context Parameters ALG Module Name ALG Session ID 2 1 282 response_blocked_unknown ID 00200662 Default Severity WARNING Log Message IMAP_...

Page 158: ...eters ALG Module Name 2 1 284 plain_auth_blocked ID 00200664 Default Severity WARNING Log Message IMAPALG Plain text authentication attempt blocked Explanation The client is sending plain text authent...

Page 159: ...p from to profile tests link_categories Context Parameters Connection ALG Module Name ALG Session ID 2 2 2 spam_found ID 05900002 Default Severity INFORMATIONAL Log Message Email was classified as spa...

Page 160: ...ID 05900010 Default Severity ERROR Log Message Failed to allocate memory required for anti spam Explanation A memory allocation failure occurred The system will be unable to perform anti spam scannin...

Page 161: ...a DNS query could not be sent Gateway Action None Recommended Action Verify that DNS is configured correctly Revision 1 Parameters sourceip from to profile Context Parameters Connection ALG Module Nam...

Page 162: ...okups Revision 1 Parameters sourceip from to profile Context Parameters Connection ALG Module Name ALG Session ID 2 2 9 link_protection_wcf_error ID 05900032 Default Severity ERROR Log Message Link Pr...

Page 163: ...Name ALG Session ID 2 2 11 dnsbl_allocation_failure ID 05900040 Default Severity ERROR Log Message Failed to allocate memory for DNSBL lookup DNSBL dnsbl Explanation A memory allocation failure occur...

Page 164: ...nt DNSBL dnsbl Explanation DNSBL check failed because a DNS query could not be sent Gateway Action None Recommended Action Verify that DNS is configured correctly Revision 1 Parameters sourceip from t...

Page 165: ...ed Action Verify that the DCC servers are reachable Revision 1 Parameters sourceip from to profile Context Parameters Connection ALG Module Name ALG Session ID 2 2 16 dcc_query_error ID 05900052 Defau...

Page 166: ...Session ID 2 2 18 recipient_email_changed_to_drop_address ID 05900196 Default Severity NOTICE Log Message SMTPALG Recipient e mail address is changed to DNSBL Drop address Explanation RCPT TO e mail...

Page 167: ...ion 1 Parameters type algname ipaddr 2 2 21 dnsbl_ipcache_remove ID 05900811 Default Severity NOTICE Log Message IP ipaddr removed from IP Cache for algname due to timeout Explanation An IP address wa...

Page 168: ...tings Revision 1 Parameters type algname ipaddr 2 2 24 dnsbl_ipcache_add ID 05900814 Default Severity NOTICE Log Message Session for IP ipaddr for algname is done with result result Explanation An IP...

Page 169: ...Gateway Action none Recommended Action None Revision 1 Parameters type algname 2 2 27 dnsbl_query_add ID 05900817 Default Severity NOTICE Log Message Query created for IP ipaddr to BlackList blacklis...

Page 170: ...h IP ipaddr for algname Explanation TXT records will not fit the string buffer and will be truncated Gateway Action none Recommended Action None Revision 1 Parameters type algname ipaddr 2 2 30 dnsbl_...

Page 171: ...Revision 2 Parameters filename virusname virussig advisoryid layer7_srcinfo layer7_dstinfo Context Parameters ALG Module Name ALG Session ID Connection 2 3 2 virus_found ID 05800002 Default Severity W...

Page 172: ...3 4 decompression_failed ID 05800004 Default Severity ERROR Log Message Decompression error for file filename Explanation The file could not be scanned by the anti virus module since the decompressio...

Page 173: ...ion ID 05800006 Default Severity WARNING Log Message Compression ratio violation for file filename Compression ratio threshold comp_ratio Explanation Anti virus has scanned a compressed file with a co...

Page 174: ...e filename Compression ratio threshold comp_ratio Explanation Anti virus has scanned a compressed file with a compression ratio higher than the specified value Action is set to continue scan Gateway A...

Page 175: ...ion block_data Recommended Action Try to free some memory by changing configuration parameters Revision 1 Parameters filename filetype layer7_srcinfo layer7_dstinfo Context Parameters ALG Module Name...

Page 176: ...license ID 05800015 Default Severity CRITICAL Log Message AVSE Virus scanning aborted No valid license present Explanation Anti virus scanning is aborted since there is no valid license present Gatewa...

Page 177: ...order to solve this issue Revision 2 Context Parameters ALG Session ID 2 3 16 out_of_memory ID 05800018 Default Severity CRITICAL Log Message AVSE Virus scanning aborted Out of memory during initiali...

Page 178: ...on None Revision 1 Parameters url advisoryid layer7_srcinfo layer7_dstinfo Context Parameters ALG Module Name ALG Session ID Connection 2 3 19 decompression_failed_encrypted_file ID 05800024 Default S...

Page 179: ...e Gateway Action allow_data Recommended Action Change Fail Mode parameter to deny if files that fail decompression should be blocked Revision 1 Parameters filename layer7_srcinfo layer7_dstinfo Contex...

Page 180: ...eters ALG Module Name ALG Session ID Connection 2 3 23 max_archive_depth_exceeded ID 05800029 Default Severity WARNING Log Message The file filename has too many archive levels Maximum allowed is max_...

Page 181: ...planation Antivirus module cannot scan the attachment since the transfer encoding is missing or unknown Fail Mode is allow so data is allowed without scanning Gateway Action allow_data_without_scan Re...

Page 182: ...ommended Action Research the Content Transfer Encoding format Revision 1 Parameters filename unknown_content_transfer_encoding sender_email_address Context Parameters ALG Module Name ALG Session ID 2...

Page 183: ...ent since the transfer encoding is missing or unknown Fail Mode is allow so data is allowed without scanning Gateway Action allow_data_without_scan Recommended Action Research the Content Transfer Enc...

Page 184: ...le applicationruleset Context Parameters Connection Rule Information 2 4 2 application_identified ID 07200002 Default Severity INFORMATIONAL Log Message Application identified Application application...

Page 185: ..._control_disabled ID 07200005 Default Severity CRITICAL Log Message Application Control disabled Explanation Application Control has been disabled due fatal subsystem failure Traffic will be treated a...

Page 186: ...control subsystem cleaned up memory usage in order to free memory The AppCtl_FreeMemOptLevel setting can be used to tweak the limit when memory cleanup should be triggered Gateway Action none Recommen...

Page 187: ...pplication application Attribute attribute Value value Explanation The configured Application Content Control policy does not allow the identified attribute or its value The connection is closed Gatew...

Page 188: ...Explanation There is a maximum of 50 000 Application Content Control attributes to store until connections have been fully classified This limit has been reached Application Content Control is disabl...

Page 189: ...2 no_sender_ip ID 00300002 Default Severity NOTICE Log Message ARP query sender IP is 0 0 0 0 Explanation The source IP address of an ARP query is 0 0 0 0 Allowing Gateway Action allow Recommended Act...

Page 190: ...ation The ARP response has a sender address which is a multicast address This might be the case if there are load balancing network equipment in the network Allowing Gateway Action allow Recommended A...

Page 191: ...NOTICE Log Message knownip has a different address newhw compared to the known hardware address knownhw Allow packet for further processing Explanation A known dynamic ARP entry has a different hardwa...

Page 192: ...edARPReplies Revision 1 Context Parameters Rule Name Packet Buffer 2 5 11 arp_resolution_success ID 00300020 Default Severity NOTICE Log Message ARP entry was added to the ARP cache Explanation ARP en...

Page 193: ...dify the configuration Revision 1 Context Parameters Rule Name Packet Buffer 2 5 14 arp_access_allowed_expect ID 00300050 Default Severity NOTICE Log Message Allowed by expect rule in access section E...

Page 194: ...cast_drop ID 00300053 Default Severity NOTICE Log Message ARP response is a multicast address Dropping Explanation The ARP response has a sender address which is a multicast address This might be the...

Page 195: ...CE Log Message knownip has a different address newhw compared to the known hardware address knownhw Dropping packet Explanation A known dynamic ARP entry has a different hardware address than the one...

Page 196: ...6 2 authagent_disconnected ID 06500002 Default Severity INFORMATIONAL Log Message Disconnected from Authentication Agent at name ip4addr port Explanation A Authentication Agent connection was disconn...

Page 197: ...ty INFORMATIONAL Log Message SGW protocol sgwproto and Agent name ip4addr protocol agentproto do not match Explanation Protocol mistmatch Gateway Action protocol_mistmatch Recommended Action Update SG...

Page 198: ...erity INFORMATIONAL Log Message Challenge error with Agent name ip4addr Explanation Challenge error Gateway Action challenge_error Recommended Action Check PSK Revision 1 Parameters name ip4addr 2 6 9...

Page 199: ...MATIONAL Log Message Error fetching initial data Explanation Initial data error Gateway Action initial_error Recommended Action None Revision 1 2 6 12 authagent_removeuser_error ID 06500012 Default Se...

Page 200: ...access according to the group membership or user name information Gateway Action None Recommended Action None Revision 2 Parameters idle_timeout session_timeout groups Context Parameters User Authenti...

Page 201: ...y Action adduser_error Recommended Action None Revision 1 Parameters username iface ip 2 6 17 authagent_removeuser_error ID 06500042 Default Severity INFORMATIONAL Log Message Error removing user ifac...

Page 202: ...0001 Default Severity ALERT Log Message Could not start Anti virus engine because of reason Explanation The unit tried to read the anti virus database but failed The reason for this is specified in th...

Page 203: ...eason 2 8 2 av_database_downloaded ID 05000002 Default Severity NOTICE Log Message New anti virus database downloaded Explanation An updated version of the anti virus database has been downloaded whic...

Page 204: ...to date The system clock must be set correctly in order to use the antivirus features Antivirus features remains disabled until clock is correct and a manual antivirus update has been performed Gatewa...

Page 205: ...Action downloading_new_database Recommended Action None Revision 1 2 8 8 downloading_new_database ID 05000009 Default Severity NOTICE Log Message Downloading new antivirus database ss2db Explanation A...

Page 206: ...entry ID 04600002 Default Severity WARNING Log Message Unable to allocate static entry for host Explanation Unable to allocate static entry Unit is low on memory Gateway Action no_block Recommended Ac...

Page 207: ...None Revision 3 Parameters proto ip port 2 9 5 host_blacklisted ID 04600006 Default Severity NOTICE Log Message Blacklist entry added Protocol proto IP ip Port port Explanation A blacklist entry was...

Page 208: ...Action If this is a reoccurring event try increasing the number of HighBuffers Revision 1 Parameters duration buf_usage 2 10 2 buffers_profile ID 00500002 Default Severity DEBUG Log Message Buffer re...

Page 209: ...Severity INFORMATIONAL Log Message Connection closed Explanation A connection has been closed Gateway Action close Recommended Action None Revision 1 Context Parameters Rule Information Connection 2 1...

Page 210: ...D 00600005 Default Severity INFORMATIONAL Log Message Connection closed Explanation A connection has been closed Gateway Action close Recommended Action None Revision 1 Context Parameters Rule Informa...

Page 211: ...planation State inspector would not open a new connection for this TCP packet since the combination of TCP flags is wrong Only packets with the SYN TCP flag set as the only TCP flag are allowed to ope...

Page 212: ...ped Gateway Action reject Recommended Action None Revision 1 Context Parameters Rule Name Connection Packet Buffer 2 11 11 reverse_connect_attempt ID 00600015 Default Severity WARNING Log Message Disa...

Page 213: ...TCP UDP destination port or TCP source port was set to 0 Dropping Explanation The TCP UDP destination or TCP source port was set to 0 which is not allowed Dropping packet Gateway Action drop Recommen...

Page 214: ...0023 Default Severity INFORMATIONAL Log Message Connection used to forward a packet Explanation A packet has passed through the connection Gateway Action None Recommended Action None Revision 1 Contex...

Page 215: ...ult Severity INFORMATIONAL Log Message FTPALG Active data channel closed Explanation An active data channel was closed Gateway Action None Recommended Action None Revision 1 Context Parameters ALG Mod...

Page 216: ...Rule Information Connection Chapter 2 Log Message Reference 216...

Page 217: ...p4addr 2 12 2 lease_changed ID 00700002 Default Severity WARNING Log Message Some vital parameter s in the lease on interface iface have changed restarting DHCP process Explanation The DHCP server hav...

Page 218: ..._seconds Context Parameters Packet Buffer 2 12 5 lease_expired ID 00700005 Default Severity NOTICE Log Message Interface iface lease expired Explanation A lease have expired and the ip data for this i...

Page 219: ...alid server ID server_id Explanation An interface received a lease with an invalid server ID parameter Gateway Action drop Recommended Action Check DHCP server configuration Revision 1 Parameters ifac...

Page 220: ...Log Message Interface iface received a lease with an invalid offered IP offered_ip Explanation An interface received a lease with an invalid offered IP address Gateway Action drop Recommended Action C...

Page 221: ...er 2 12 13 ip_collision ID 00700014 Default Severity WARNING Log Message Interface iface received a lease which if used will cause an IP collision DHCP IP dhcp_ip collides with configured route config...

Page 222: ...eived a lease which if used will cause a route collision with a configured route Gateway Action drop Recommended Action Check DHCP server configuration and SG interface configuration Revision 1 Parame...

Page 223: ...sage DHCP relay list was successfully auto saved to disk Explanation The DHCP relay list was successfully written to disk Gateway Action None Recommended Action None Revision 1 2 13 3 dhcp_pkt_too_sma...

Page 224: ...anation The maximum DHCP packets per minute limit for the relayer have been reached Gateway Action None Recommended Action Verify packets per minute limit Revision 1 Context Parameters Packet Buffer 2...

Page 225: ...should be canceled Gateway Action relay_canceled Recommended Action None Revision 1 Parameters client_ip Context Parameters Packet Buffer 2 13 9 got_reply_without_transaction_state ID 00800009 Default...

Page 226: ...n t add DHCP relay route Dropping Explanation Unable to add DHCP relay route since out of memory Gateway Action drop Recommended Action Check firewall memory consumption Revision 1 Context Parameters...

Page 227: ...relayed INFORM DHCP packet with illegally mismatching source and client IP Gateway Action drop Recommended Action Investigate what client implementation is being used Revision 1 Context Parameters Ru...

Page 228: ...og Message BOOTP DHCP server at dest_ip is unroutable Dropping Explanation Unable to find route to specified DHCP server Gateway Action drop Recommended Action Update routing table with a route to the...

Page 229: ...eters Rule Name Packet Buffer 2 13 20 relayed_request ID 00800020 Default Severity NOTICE Log Message Relayed DHCP request type from client client_hw to dest_ip Explanation Relayed a DHCP request Gate...

Page 230: ...ecurity equivalent interface setting Revision 1 Parameters client_hw Context Parameters Rule Name Packet Buffer 2 13 23 assigned_ip_not_allowed ID 00800023 Default Severity WARNING Log Message DHCP BO...

Page 231: ...dest_ip already exists which points to another interface Dropping Explanation An ambiguous host route indicating another interface was detected trying to setup a dynamic hostroute for a client Gateway...

Page 232: ...8 relayed_dhcp_reply ID 00800028 Default Severity NOTICE Log Message Relayed DHCP reply type to gateway gateway_ip Explanation Relayed DHCP reply to a gateway Gateway Action None Recommended Action No...

Page 233: ...Revision 1 Parameters gateway_ip Context Parameters Rule Name Packet Buffer Chapter 2 Log Message Reference 233...

Page 234: ...ge The option section is too big unable to reply Dropping Explanation Unable to send reply since the DHCP option section is too big Gateway Action drop Recommended Action Reduce the number of used DHC...

Page 235: ...ion drop Recommended Action Investigate what client implementation is being used Revision 1 Context Parameters Packet Buffer 2 14 6 request_for_ip_from_non_bound_client_without_state ID 00900006 Defau...

Page 236: ...bound client for IP client_ip without state Ignoring Explanation Received a request from an unbound client without state Gateway Action None Recommended Action None Revision 1 Parameters client client...

Page 237: ...t_hw Explanation A client lease wasn t renewed and timed out Gateway Action lease_inactive Recommended Action None Revision 1 Parameters client_ip client_hw Context Parameters Rule Name 2 14 12 lease_...

Page 238: ...client_hw Sending IP offer offer_ip Explanation Received discover initial IP query from a client Gateway Action None Recommended Action None Revision 1 Parameters client_hw offer_ip Context Parameter...

Page 239: ...og Message Client client_hw requested non bound IP Rejecting Explanation Client requested a non bound IP Gateway Action reject Recommended Action None Revision 1 Parameters client_hw client_wanted bou...

Page 240: ...e Got INFORM request from client client_hw Acknowledging Explanation Got an inform client already got an IP and asks for configuration parameters request from a client Gateway Action acknowledging Rec...

Page 241: ...1 Parameters client_hw Context Parameters Rule Name Packet Buffer 2 14 23 declined_by_client ID 00900024 Default Severity WARNING Log Message Client client_hw declined IP client_ip IP blacklisted Expl...

Page 242: ...ient_ip on wrong interface recv recv_if lease client_if Decline is ignored Explanation Got release from a client on the wrong interface Gateway Action None Recommended Action Check network for inconsi...

Page 243: ...client_ip Context Parameters Rule Name Packet Buffer Chapter 2 Log Message Reference 243...

Page 244: ...hosts Revision 1 Parameters iface ip6addr 2 15 2 lease_acquired ID 07300003 Default Severity NOTICE Log Message Interface iface have successfully acquired a lease Explanation An interface have succes...

Page 245: ...vision 1 Parameters iface 2 15 5 adv_bad_status ID 07300006 Default Severity WARNING Log Message DHCPv6 server Advertisment unsuccessful status on iface Status code Explanation A DHCPv6 Advertisment w...

Page 246: ..._offered ID 07300009 Default Severity WARNING Log Message DHCPv6 server Reply offered a bad address address on iface Explanation A DHCPv6 Reply was received containing a bad ip address Gateway Action...

Page 247: ...vision 1 Parameters preferred valid iface 2 15 11 ip_collision ID 07300012 Default Severity WARNING Log Message Interface iface received an offer which if used will cause an IP collision DHCPv6 IP dhc...

Page 248: ...NG Log Message Server ID option missing in received message Explanation The received packet is missing vital information Gateway Action drop Recommended Action Investigate what client implementation i...

Page 249: ...Unable to get a buffer for sending Gateway Action None Recommended Action Check buffer consumption Revision 1 2 16 6 sending_reply ID 07400006 Default Severity NOTICE Log Message Received SOLICIT wit...

Page 250: ...s lease Gateway Action renew Recommended Action None Revision 1 Parameters client_hw iface client_ip 2 16 9 client_rebound ID 07400009 Default Severity NOTICE Log Message Client client_hw on iface ren...

Page 251: ...Extend the pool to support more IP addresses Revision 1 Context Parameters Rule Name 2 16 12 bad_udp_checksum ID 07400012 Default Severity WARNING Log Message Received DHCPv6 packet with bad UDP check...

Page 252: ...sed Revision 1 Context Parameters Packet Buffer 2 16 15 invalid_options_length ID 07400015 Default Severity WARNING Log Message Received DHCPv6 packet with faulty options size Dropping Explanation Rec...

Page 253: ...essage Unexpected message type Advertise in received packet Explanation Received DHCPv6 packet with unexpected message type Advertise Gateway Action drop Recommended Action None Revision 1 Context Par...

Page 254: ...ype Relay reply in received packet Explanation Received DHCPv6 packet with unexpected message type Relay reply Gateway Action drop Recommended Action None Revision 1 Context Parameters Packet Buffer 2...

Page 255: ...f IP addresses for the FQDN has been exceeded Gateway Action ignore Recommended Action None Revision 1 Parameters name 2 17 2 ipv4_max_addresses ID 08000002 Default Severity WARNING Log Message FQDN o...

Page 256: ...ry consumption Revision 1 Context Parameters Dynamic Route Rule Name Route 2 18 2 route_exported_to_ospf_as ID 01100002 Default Severity NOTICE Log Message Route exported to OSPF AS Explanation A rout...

Page 257: ...memory consumption Revision 1 Context Parameters Dynamic Route Rule Name Route 2 18 5 route_added ID 01100005 Default Severity NOTICE Log Message Route added Explanation A route was just added Gatewa...

Page 258: ...Revision 1 Context Parameters Dynamic Route Rule Name Route Chapter 2 Log Message Reference 258...

Page 259: ...ive fragment contained fragments Dropping Explanation An Internal Error occured when freeing an active fragment Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameter...

Page 260: ...t and freeing resources Gateway Action drop Recommended Action None Revision 1 Parameters srcip destip ipproto fragid fragact frags Context Parameters Dropped Fragments Rule Name 2 19 5 fail_suspect_t...

Page 261: ...None Revision 1 Parameters srcip destip ipproto fragid fragact frags Context Parameters Dropped Fragments Rule Name 2 19 7 disallowed_suspect ID 02000007 Default Severity WARNING Log Message Dropping...

Page 262: ...None Revision 1 Parameters srcip destip ipproto fragid fragact frags Context Parameters Dropped Fragments Rule Name 2 19 9 drop_frags_of_illegal_packet ID 02000009 Default Severity WARNING Log Message...

Page 263: ...gact frags Context Parameters Dropped Fragments Rule Name 2 19 11 learn_state ID 02000011 Default Severity ERROR Log Message Internal Error Invalid state state Explanation Internal Error the fragmente...

Page 264: ...ecommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 19 14 frag_offset_plus_length_not_in_range ID 02000014 Default Severity ERROR Log Message Fragment offset length not in r...

Page 265: ...reassembled IP packet has an invalid IP data length Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters ipdatalen Context Parameters Rule Name Packet Buffer 2 19 17 bad_i...

Page 266: ...Explanation The fragment has an invalid offset Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 19 20 duplicate_frag_with_different_l...

Page 267: ...Default Severity ERROR Log Message Fragments partially overlap Explanation Two fragments partially overlap Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Rul...

Page 268: ...agment of completed packet Explanation A completed reassembled IP packet contains a extraneous fragment which is dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule...

Page 269: ...llegal packet Explanation A fragment of an illegal IP packet is dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 19 29 fragments_available_fr...

Page 270: ...ment last fragment with zero offset Dropping packet Explanation A fragment with More Fragments flag cleared and an Offset of zero is not a legal fragment Dropping packet Gateway Action drop Recommende...

Page 271: ...load the IPv4 Geolocation database Gateway Action None Recommended Action None Revision 1 Parameters protocol reason 2 20 2 database_load_failed ID 08100002 Default Severity WARNING Log Message Unabl...

Page 272: ...s ID 02200002 Default Severity WARNING Log Message GRE packet with bad flag s Packet dropped Explanation Received GRE packet with a bad flag combination Gateway Action drop Recommended Action Check GR...

Page 273: ...th error Packet dropped Explanation Received GRE packet with length error Gateway Action drop Recommended Action Check GRE endpoint configuration Revision 1 Context Parameters Packet Buffer 2 21 6 gre...

Page 274: ...sion 1 Parameters session_key Context Parameters Packet Buffer 2 21 8 gre_routing_flag_set ID 02200008 Default Severity WARNING Log Message Received GRE packet with routing flag set Packet dropped Exp...

Page 275: ...NOTICE Log Message Peer firewall disappeared Explanation The peer gateway which was inactive is not available anymore This gateway will continue to stay active Gateway Action None Recommended Action N...

Page 276: ...ill de activate Gateway Action deactivate Recommended Action None Revision 1 2 22 6 peer_has_more_connections ID 01200006 Default Severity NOTICE Log Message Both active peer has more connections deac...

Page 277: ...Log Message Both inactive peer has more connections staying inactive Explanation Both members are inactive but the peer has more connections This gateway will stay inactive Gateway Action stay_deacti...

Page 278: ...ction drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 22 13 should_have_arrived_on_sync_iface ID 01200044 Default Severity WARNING Log Message This packet should h...

Page 279: ..._commit_error ID 01200052 Default Severity WARNING Log Message The merged HA configuration contains errors Explanation The merged HA configuration contains errors and can not be commited Gateway Actio...

Page 280: ...ve reason Explanation Linkmon requested the node to go inactive Gateway Action None Recommended Action None Revision 1 Parameters reason 2 22 20 resync_conns_to_peer ID 01200100 Default Severity WARNI...

Page 281: ...s expired A new connection will be establised by reconnecting to the peer Gateway Action reconnect Recommended Action None Revision 2 2 22 23 hasync_connection_failed_timeout ID 01200202 Default Sever...

Page 282: ...nc_iface ID 01200410 Default Severity WARNING Log Message Received state sync packet on non sync iface Dropping Explanation A HA state sync packet was recieved on a non sync interface This should neve...

Page 283: ...g_sync_failure ID 01200500 Default Severity CRITICAL Log Message Tried to synchronize configuration to peer 3 times without success Giving up Explanation The gateway tried to synchronize the configura...

Page 284: ...e activation in progress Gateway Action activate Recommended Action None Revision 2 2 22 32 going_online ID 01200618 Default Severity NOTICE Log Message Ha unit going online Explanation Ha unit going...

Page 285: ...ecommended Action Shutdown the unit and determine the problem Revision 1 Parameters index name unit current_temp min_limit max_limit 2 23 2 temperature_normal ID 04000012 Default Severity WARNING Log...

Page 286: ...outside the specified limit Current value is current_voltage unit lower limit is min_limit upper limit is max_limit Explanation The sensor reports that the voltage value is back in the normal range Ga...

Page 287: ...lue is back in the normal range Gateway Action None Recommended Action None Revision 1 Parameters index name unit current_fanrpm min_limit max_limit 2 23 7 gpio_alarm ID 04000041 Default Severity WARN...

Page 288: ...gpio min_limit max_limit 2 23 9 free_memory_warning_level ID 04000101 Default Severity WARNING Log Message Free memory has fallen below the specified limit of limit_percentage percent limit classified...

Page 289: ...and disable or lower settings to reduce memory consumption Revision 1 Parameters limit_megabyte total_mem free_mem free_percentage severity 2 23 11 free_memory_normal_level ID 04000103 Default Severit...

Page 290: ...e ID if you suspect an attack Revision 2 Parameters description signatureid idrule ipproto srcip srcport destip destport internalid Context Parameters Rule Name Deep Inspection 2 24 2 idp_notice ID 01...

Page 291: ...the traffic Gateway Action close Recommended Action Research the advisory searchable by the unique ID Revision 2 Parameters description signatureid idrule ipproto srcip srcport destip destport interna...

Page 292: ...p Destination Port destport Internal ID internalid Explanation A scan signature matched the traffic Gateway Action None Recommended Action Research the advisory searchable by the unique ID Revision 2...

Page 293: ...E Log Message Intrusion detected description Signature ID signatureid ID Rule idrule Protocol ipproto Source IP srcip Source Port srcport Destination IP destip Destination Port destport Internal ID in...

Page 294: ...p Inspection 2 24 9 invalid_url_format ID 01300009 Default Severity ERROR Log Message Failed to parse the HTTP URL ID Rule idrule URL url Source IP srcip Source Port srcport Destination IP destip Dest...

Page 295: ...Rule Name 2 24 11 idp_evasion ID 01300011 Default Severity ERROR Log Message Failed to reassemble data ID Rule idrule Source IP srcip Source Port srcport Destination IP destip Destination Port destpor...

Page 296: ...ng connection Explanation The unit failed to scan data The reason for this is due to low amount of memory Gateway Action close Recommended Action Review your configuration Revision 1 Parameters idrule...

Page 297: ...to scan data Gateway Action close Recommended Action None Revision 1 Parameters idrule srcip srcport destip destport reason Context Parameters Rule Name 2 24 16 idp_failscan ID 01300016 Default Severi...

Page 298: ...d since the signature file has been disabled or no signature file was found Gateway Action idp_scanning_aborted Recommended Action For IDP scanning a valid license with IDP enabled must be installed I...

Page 299: ...2 host_idp_piped ID 06100002 Default Severity NOTICE Log Message Dynamic pipe state added for host host Throughput limited to limit for all new connections for ttl seconds Explanation An IDP Pipe even...

Page 300: ...meters replaced_host old_host_ttl 2 25 5 idp_piped_state_expire ID 06100005 Default Severity DEBUG Log Message Removed IDP dynamic pipe state for host host due to TTL expire Explanation An old dynamic...

Page 301: ...ited to limit Explanation A new connection is piped to limit kbps since either the source or destination IP is dynamically throttled by IDP dynamic pipe state New connections to and from the IP will b...

Page 302: ...ameters reason 2 26 2 idp_database_downloaded ID 01400002 Default Severity NOTICE Log Message New Intrusion Detection Prevention database downloaded Explanation An updated version of the Intrusion Det...

Page 303: ...gnature file IDP disabled Explanation The system clock is not up to date The system clock must be set correctly in order to use the IDP features IDP features remains disabled until clock is correct an...

Page 304: ...ownloading_new_database Recommended Action None Revision 1 2 26 8 sigfile_parser_error ID 01400018 Default Severity WARNING Log Message Signature file is corrupted and will be removed Explanation An e...

Page 305: ...tus_bad ID 03900003 Default Severity WARNING Log Message IfaceMon reports interface problems on iface Resetting interface Link status linkspeed Mbps duplex duplex Explanation The Interface Monitor has...

Page 306: ...Recommended Action None Revision 1 Parameters iface linkspeed duplex Chapter 2 Log Message Reference 306...

Page 307: ...at interface iface Explanation I am no longer the IMGP Querier at the specified interface Gateway Action None Recommended Action None Revision 1 Parameters dest iface 2 28 3 invalid_dest_ip_address I...

Page 308: ...ers Packet Buffer 2 28 5 failed_restarting_igmp_conn ID 04200006 Default Severity EMERG Log Message Could not restart the IGMP listening conn Reason Out of memory Explanation Could not restart the IGM...

Page 309: ...s found inside group specific query This is most likely a faulty SAT config Gateway Action drop Recommended Action Check your IGMP ruleset to see if a muticast group somehow might be translated into a...

Page 310: ...Query at interface iface Explanation This is most likely a faulty IGMP configuration but may also indicate faulty software on the network Under special circumstances this could be an active attempt to...

Page 311: ...G Log Message IGMP Group record grp from interface recv_if contains auxilliary data Explanation This software support IGMPv1 IGMPv2 and IGMPv3 and none of them support the feature known as Auxilliary...

Page 312: ...p record request group grp which is not a multicast group Explanation This is most likely a faulty IGMP config Gateway Action drop Recommended Action Specifically check for inconsistent SAT NAT inform...

Page 313: ...RNING Log Message Rule name drops multicast sender src for group record grp in Member Report at interface iface Explanation IGMP Member Report contains an unwanted IP sender Gateway Action drop Recomm...

Page 314: ...ction drop Recommended Action Increase global IGMPMaxReqs per second limit if more requests are wanted Revision 1 Parameters ipsrc iface 2 28 20 max_if_requests_per_second_reached ID 04200021 Default...

Page 315: ...tion Invalid IGMP message type received Gateway Action drop Recommended Action None but keep an eye open for malfunctional software hardware on the network Revision 1 Parameters MSGType Context Parame...

Page 316: ...ty mode on interface iface has ended Entering IGMPv nigmpver mode Explanation The router has not heard any IGMPv igmpver general queries and will switch and use IGMPv nigmpver version when snooping pr...

Page 317: ...lt Severity NOTICE Log Message 6in4 tunnel iface resolved remotegwname to remotegw Explanation The 6in4 tunnel succesfully resolved the DNS name of remote endpoint Gateway Action None Recommended Acti...

Page 318: ...s senderip Context Parameters Packet Buffer 2 29 5 6in4_length_error ID 07800005 Default Severity WARNING Log Message 6in4 packet length error Packet dropped Explanation Received 6in4 packet with leng...

Page 319: ...valid IPv6 sender in 6in4 tunnel senderip Packet dropped Explanation Packet should be dropped according to RFC 4213 since the source IP address is invalid Gateway Action drop Recommended Action Check...

Page 320: ...t Severity ERROR Log Message No valid DHCP offers were received Explanation No valid DHCP offers were received Gateway Action no_new_client_created Recommended Action Review DHCP server parameters and...

Page 321: ...lease was rejected due to a server filter Explanation A lease was rejected by a server filter Gateway Action lease_rejected Recommended Action Verify the server filters Revision 1 Parameters server_i...

Page 322: ...was rejected due to a bad offered broadcast address Explanation A lease was rejected due to a bad offered broadcast address Gateway Action lease_rejected Recommended Action Check DHCP server configur...

Page 323: ...sage The lease was rejected since it seem to be occupied Explanation A lease was rejected since it seem to be occupied Gateway Action lease_rejected Recommended Action Check DHCP server configuration...

Page 324: ...of clients for this IP pool have been reached Explanation The maximum number of clients for this pool have been reached Gateway Action no_new_client_created Recommended Action Verify max clients limit...

Page 325: ...1 Parameters client_ip subsystem Context Parameters Rule Name 2 30 17 ip_returned_to_pool ID 01900017 Default Severity NOTICE Log Message Subsystem returned an IP to the pool Explanation A subsystem...

Page 326: ...1800101 Default Severity WARNING Log Message Warning event occured because of reason Explanation Warning event from IPsec stack Gateway Action None Recommended Action None Revision 1 Parameters reason...

Page 327: ...fault Severity NOTICE Log Message Local IP local_ip Remote IP remote_ip Cookies cookies Reason reason Explanation None Gateway Action None Recommended Action None Revision 1 Parameters local_ip remote...

Page 328: ...emote_ip cookies reason 2 31 8 ike_retry_limit_reached ID 01800108 Default Severity NOTICE Log Message Local IP local_ip Remote IP remote_ip Cookies cookies Reason reason Explanation The retry limit f...

Page 329: ...ket Gateway Action drop Recommended Action None Revision 1 Parameters source_ip dest_ip spi seq protocol reason 2 31 11 icv_failure ID 01800111 Default Severity NOTICE Log Message Source IP source_ip...

Page 330: ...3 Default Severity NOTICE Log Message Source IP source_ip Destination IP dest_ip SPI spi Seq seq Protocol protocol Reason reason Explanation The received packet could not be mapped to an appropriate S...

Page 331: ...to transmit a packet that would result in sequence number overflow Gateway Action None Recommended Action None Revision 1 Parameters source_ip dest_ip spi seq protocol reason 2 31 16 bad_padding ID 01...

Page 332: ...dest_ip spi seq protocol reason 2 31 18 hardware_acceleration_failure ID 01800118 Default Severity NOTICE Log Message Source IP source_ip Destination IP dest_ip SPI spi Seq seq Protocol protocol Reas...

Page 333: ...commit IPsec configuration Explanation Failed to commit IPsec configuration Gateway Action IPsec_configuration_disabled Recommended Action Reconfigure_IPsec Revision 1 2 31 21 commit_succeeded ID 018...

Page 334: ...4 failed_to_start_ipsec ID 01800205 Default Severity CRITICAL Log Message Failed to start IPsec Explanation Failed to start IPsec Policy Manager create did not complete Gateway Action ipsec_disabled R...

Page 335: ...ne Revision 1 2 31 28 failed_to_configure_IPsec ID 01800209 Default Severity CRITICAL Log Message Failed during configuration with error error_msg for tunnel tunnel Explanation Failed to set IPsec con...

Page 336: ...fault Severity ERROR Log Message Failed to reconfigure IPsec Explanation Failed to reconfigure IPsec No policymanager object Gateway Action new_ipsec_configuration_disabled Recommended Action None Rev...

Page 337: ...eters local_id tunnel 2 31 35 Failed_to_add_certificate ID 01800302 Default Severity ERROR Log Message Failed add host certificate certificate for tunnel tunnel Explanation Failed to add specified hos...

Page 338: ...operties ID 01800305 Default Severity ERROR Log Message Failed to set properties for IKE algorithm alg for tunnel tunnel Explanation Failed to set specified properties keysize lifetimes for IKE algori...

Page 339: ...9 Default Severity WARNING Log Message Failed to resolve remote endpoint endpoint for IPsec Tunnel ipsectunnel Disabling IPsec tunnel Explanation Failed to resolve remote endpoint through DNS Gateway...

Page 340: ...ed_to_add_rules ID 01800314 Default Severity ERROR Log Message Failed to commit rules after remote endpoint endpoint have been resolved by DNS for IPsec tunnel ipsectunnel Explanation Failed to add ru...

Page 341: ...INFORMATIONAL Log Message Peer peer has been detected dead Explanation A remote peer have been detected as dead This will cause all tunnels associated with the peer to be taken down Gateway Action IPs...

Page 342: ...20 Default Severity CRITICAL Log Message Try to read out external keyporvider object when no policymanager object avaliable Explanation Try to read out external keyporvider object when no policymanage...

Page 343: ...efault Severity ERROR Log Message Failed to configure Remote ID remote_id for tunnel tunnel Explanation Failed to configure tunnel with specified remote id Gateway Action RemoteID_disabled Recommended...

Page 344: ...es not exist ippool Explanation The config mode pool refers to an IP pool that does not exist As a result IPsec clients using config mode will not be able lease IP addresses Gateway Action None Recomm...

Page 345: ...ssage Freed IP ip from use in IKE config mode Explanation A dynamically allocated IP was freed from use with IKE config Gateway Action None Recommended Action None Revision 2 Parameters ip 2 31 60 cfg...

Page 346: ...None Recommended Action None Revision 1 Parameters ippool 2 31 63 cfgmode_failed_to_add_ip ID 01800407 Default Severity WARNING Log Message Failed to add IP to address table Explanation The IP address...

Page 347: ...Log Message IPsec tunnel ipsec_connection is disabled Packet will be dropped Explanation A packed was dropped due to the IPsec interface being disabled Gateway Action packet_will_be_dropped Recommende...

Page 348: ...IPsec interface disabled Gateway Action None Recommended Action None Revision 1 2 31 70 no_route ID 01800507 Default Severity WARNING Log Message Failed to lookup route No route for packet to remote...

Page 349: ...will_fail Recommended Action Reconfigure Revision 1 2 31 73 insufficient_resources_for_eap ID 01800602 Default Severity ERROR Log Message Insufficient resources for EAP protocol Explanation Insufficie...

Page 350: ...HROUGH is not set as authentication method Gateway Action None Recommended Action None Revision 1 2 31 77 eap_not_supported ID 01800606 Default Severity ERROR Log Message No support for EAP RADIUS no...

Page 351: ...tity ID 01800609 Default Severity ERROR Log Message Failed to get EAP identity for tunnel tunnelname Explanation Failed to get EAP identity Gateway Action eap_authentication_will_fail Recommended Acti...

Page 352: ...ommended Action None Revision 1 2 31 84 no_eap_identity ID 01800613 Default Severity ERROR Log Message No EAP identity established Explanation No EAP identity established Gateway Action eap_authentica...

Page 353: ...Timeout internal error received from RADIUS server Gateway Action radius_communication_disabled Recommended Action None Revision 1 2 31 88 radius_reject ID 01800634 Default Severity ERROR Log Message...

Page 354: ...AP packet detected Explanation Length less than 4 indicates that the EAP packet was invalid Gateway Action eap_packet_discarded Recommended Action None Revision 1 2 31 92 outofmem_forward_eap_packet I...

Page 355: ...erver Explanation Failed to send the EAP identity response to the RADIUS server Gateway Action eap_packet_dropped Recommended Action None Revision 1 2 31 95 no_imsi ID 01800641 Default Severity WARNIN...

Page 356: ...eer and IMSI Gateway Action None Recommended Action None Revision 1 Parameters peer imsi 2 31 98 ipsec_sa_peer_imsi ID 01800903 Default Severity INFORMATIONAL Log Message Child SA established with pee...

Page 357: ...2 31 100 ike_sa_rekeyed ID 01800905 Default Severity INFORMATIONAL Log Message IKE SA rekeyed Local IKE peer local_ip local_port local_id Remote IKE peer remote_iface remote_ip remote_port remote_id...

Page 358: ...t local_id remote_id local_ike_spi remote_ike_spi peer_dead 2 31 102 ipsec_sa_created ID 01800907 Default Severity INFORMATIONAL Log Message IPsec SA created Source IP local_ip Destination IP remote_i...

Page 359: ...n None Revision 3 Parameters ipsec_if local_ip remote_ip cfgmode_ip esp_spi_in esp_spi_out old_spi ike_spi_i ike_spi_r esp_cipher esp_cipher_keysize esp_mac esp_mac_keysize life_seconds life_kilobytes...

Page 360: ...ey_out mac_key_out 2 31 106 out_of_memory ID 01801100 Default Severity ALERT Log Message Out of memory while trying to report a connection to the UNC Explanation System ran out of memory while allocat...

Page 361: ...connection established with scip_server on port server_port Explanation A SCIP connection was established Gateway Action None Recommended Action None Revision 1 Parameters scip_server server_port 2 3...

Page 362: ...address ipaddress port Explanation SCIP packet dropped Out of sockets No new connection could be set up Gateway Action drop Recommended Action None Revision 1 Parameters ipaddress port 2 31 113 trigg...

Page 363: ...Revision 1 2 31 116 max_ipsec_sa_negotiations_reached ID 01802004 Default Severity WARNING Log Message The maximum number of active Quick Mode negotiations reached Rekey not done Explanation Maximum n...

Page 364: ...els 2 31 119 ike_sa_rekey_failed ID 01802020 Default Severity WARNING Log Message Rekey of IKE sa failed statusmsg status Local IKE peer local_peer Remote IKE peer remote_peer Initiator SPI spi_i Resp...

Page 365: ...spi_i Responder SPI spi_r Explanation Negotiation of IKE SA failed Gateway Action no_ike_sa Recommended Action None Revision 5 Parameters statusmsg reason local_peer remote_peer spi_i spi_r initiator...

Page 366: ...IKE peer local_peer Remote IKE peer remote_peer Initiator SPI ike_spi_i Responder SPI ike_spi_r Explanation IPsec SA negotiation failed Gateway Action ipsec_sa_disabled Recommended Action None Revisio...

Page 367: ...061 Default Severity ERROR Log Message Could not narrow traffic selectors SA from policy rule Explanation Failed to narrow configured traffic selectors Gateway Action ipsec_sa_negotiation_aborted Reco...

Page 368: ...Gateway Action VPN_tunnel_invalid Recommended Action Reconfigure_PSK Revision 1 2 31 131 nat_mapping_changed_ipsec ID 01802080 Default Severity INFORMATIONAL Log Message NAT mapping changed Local end...

Page 369: ...Psec Revision 1 2 31 134 no_key_method_configured_for tunnel ID 01802102 Default Severity ERROR Log Message Tunnel does not specify any keying method IKE or manual Explanation No keying method IKE man...

Page 370: ...ule_setting ID 01802105 Default Severity ERROR Log Message Both REJECT and PASS defined for a rule Explanation Can not specify both pass and reject for a rule Gateway Action None Recommended Action No...

Page 371: ...sec Revision 1 2 31 141 input_traffic_selector_corrupt ID 01802112 Default Severity ERROR Log Message Input traffic selector contains more than the built in maximum number of items Explanation Input t...

Page 372: ...ngine database Explanation Failed to add rule to engine database Gateway Action tunnel_will_not_work_as_expected Recommended Action None Revision 1 2 31 145 no_algorithms_configured_for_tunnel ID 0180...

Page 373: ...s forbidden by RFC 2406 Explanation Tunnel is configured with invalid algorithm ESP NULL NULL Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel Revision 1 Parameters tunnel 2 31...

Page 374: ...ded Action Reconfigure_tunnel Revision 1 Parameters keysize tunnel max 2 31 151 invalid_mac_keysize ID 01802206 Default Severity ERROR Log Message Configured max MAC key size keysize is bigger for tun...

Page 375: ...Revision 2 Parameters tunnel 2 31 154 invalid_tunnel_configuration ID 01802209 Default Severity ERROR Log Message Auto start tunnel tunnel configured for per port or per host SA Explanation per port o...

Page 376: ...Default Severity ERROR Log Message Out of memory Could not allocate memory tunnel tunnel endpoints Explanation Out of memory Could not allocate memory for tunnel endpoints Gateway Action VPN_tunnel_di...

Page 377: ...unknown algorithm Explanation Algorithm key sizes specified for unknown algorithm Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel Revision 2 2 31 161 invalid_key_size ID 0180...

Page 378: ...econfigure_tunnel Revision 1 Parameters keysize max 2 31 164 invalid_key_size ID 01802219 Default Severity ERROR Log Message Tunnel specified key size limits for mac alg with fixed key size Explanatio...

Page 379: ...ameters localaddr remoteaddr srcif 2 31 167 no_tunnel_id_specified ID 01802222 Default Severity ERROR Log Message No tunnel identity specified for tunnel Explanation No tunnel identity specified in co...

Page 380: ...ity specified in configuration Gateway Action VPN_tunnel_invalid Recommended Action Reconfigure_remote_id Revision 1 Parameters id 2 31 171 several_secrets_specified_for_tunnel ID 01802226 Default Sev...

Page 381: ...ched ID 01802401 Default Severity NOTICE Log Message The maximum number of active IKE rekeys reached Explanation Maximum number of active IKE rekeys reached Gateway Action rekey_aborted Recommended Ac...

Page 382: ...ated Recommended Action None Revision 1 2 31 178 warning_level_ike_sa_reached ID 01802405 Default Severity WARNING Log Message The number of active IKE SAs reached 90 of the maximum allowed Explanatio...

Page 383: ...ntext Gateway Action None Recommended Action None Revision 1 Parameters filename 2 31 182 could_not_decode_certificate ID 01802600 Default Severity WARNING Log Message Could not decode Certificate to...

Page 384: ...could_not_set_cert_to_non_CRL_issuer ID 01802603 Default Severity WARNING Log Message Could not set CA certificate to non CRL issuer This may cause authentication errors if valid CRLs are not availab...

Page 385: ...te into local database Gateway Action certificate_disabled Recommended Action None Revision 1 2 31 189 could_not_decode_certificate ID 01802607 Default Severity WARNING Log Message Could not decode Ce...

Page 386: ...ould not decode CRL The certificate may be corrupted or it was given in unrecognized format File format may be wrong Explanation Could_not_decode_CRL Gateway Action certificate_invalid Recommended Act...

Page 387: ...was given in unrecognized format Explanation Could_not_decode_certificate Gateway Action certificate_invalid Recommended Action None Revision 1 2 31 196 cfgmode_exchange_event ID 01802709 Default Sev...

Page 388: ...None Recommended Action None Revision 1 Parameters dns_server 2 31 199 remote_access_wins ID 01802712 Default Severity INFORMATIONAL Log Message WINS for remote access attributes win Explanation WINS...

Page 389: ...2715 Default Severity WARNING Log Message Event msg occured for IKE SA side Internal severity level int_severity Explanation Event occured at IKE SA Gateway Action None Recommended Action None Revisio...

Page 390: ...ers reason int_severity 2 31 205 outofmem_create_policy_manager ID 01802800 Default Severity CRITICAL Log Message Failed to create Policy Manger Explanation Could not allocate memory for policymanager...

Page 391: ...y for engine object Gateway Action ipsec_disabled Recommended Action None Revision 1 2 31 209 failed_init_fastpath ID 01802902 Default Severity CRITICAL Log Message Failed to initialize fastpath Expla...

Page 392: ...ay Action ipsec_disabled Recommended Action None Revision 1 2 31 213 maximum_nr_of_ipsec_sa_per_ike_sa_reached ID 01803000 Default Severity ERROR Log Message Maximum number max_ipsec of allowed IPsec...

Page 393: ...og Message Warning Host certificate certname has expired not_valid_after Explanation Host certificate has expired Gateway Action None Recommended Action None Revision 1 Parameters certname not_valid_a...

Page 394: ...destroyed Explanation Failed to link an imported IKE SA with an userauthentication object Gateway Action None Recommended Action None Revision 1 Parameters peer imsi 2 31 219 faild_to_find_userauthob...

Page 395: ...Log Message Hardware acceleration of RSA CRT calculation failed msg Explanation The failed calculation will be made in software instead Hardware acceleration can fail due to valid reasons like a full...

Page 396: ...pond on ICMP ping All IKE and IPsec SAs for the tunnel interface will be deleted and traffic routed into the tunnel will trigger a new IKE negotiation against the remote peer Gateway Action sas_delete...

Page 397: ...o attach RADIUS errorcode server in IKE negotiation for peer peer_ip peer_port Explanation Failed to attach RADIUS server communication IKE negotiation will fail Gateway Action fail_ike_negotiation Re...

Page 398: ...ity NOTICE Log Message ND entry was added to the ND cache Explanation ND entry was added to the ND cache Gateway Action added_entry Recommended Action None Revision 1 Parameters enetaddr ipaddr iface...

Page 399: ...eached ID 06400030 Default Severity NOTICE Log Message Neighbor Discovery cache size limit reached Explanation The Neighbor Discovery cache size limit has been reached Current license limit is limit G...

Page 400: ...8 nd_option_hw_address_mismatch ID 06400033 Default Severity NOTICE Log Message ND Link Layer option Enet sender mismatch Dropping packet Explanation The Neighbor Discovery packet Link Layer option d...

Page 401: ...k equipment exists Revision 1 Context Parameters Rule Name Packet Buffer 2 32 11 nd_illegal_lladdress_option_size ID 06400036 Default Severity WARNING Log Message Illegal option size Dropping Explanat...

Page 402: ...t Parameters Rule Name Packet Buffer 2 32 14 nd_illegal_redirect_option_size ID 06400039 Default Severity WARNING Log Message Illegal option size Dropping Explanation The Neighbor Discovery packet opt...

Page 403: ...ID 06400042 Default Severity WARNING Log Message Neighbor Discovery packet truncated at ND option Dropping Explanation The Neighbor Discovery packet is truncated at ND option Dropping packet Gateway A...

Page 404: ...rget IP targetip is my address but Ethernet address targetenet is not Dropping Explanation The Neighbor Advertisement packet target IP address matches that of the receiving interface but the target li...

Page 405: ...Action Verify that no faulty network equipment exists Revision 1 Parameters senderip Context Parameters Rule Name Packet Buffer 2 32 23 nd_multicast_target_address ID 06400048 Default Severity WARNING...

Page 406: ...erity NOTICE Log Message Allowed by expect rule in access section Explanation The Neighbor Discovery sender IP address is verified by an expect rule in the access section Gateway Action access_allow R...

Page 407: ...or Advertisement packet is missing the Target Link Layer option Dropping packet Gateway Action drop Recommended Action Verify that no faulty network equipment exists Revision 1 Parameters senderip Con...

Page 408: ...for static entry hw address cachedenet advertised as targetenet Dropping packet Explanation A Neighbor Advertisement for a configured static entry was received Dropping packet Gateway Action drop Rec...

Page 409: ...ded Action None Revision 1 Parameters ipaddress oldenet newenet Context Parameters Rule Name Packet Buffer 2 32 34 nd_update_entry_request ID 06400059 Default Severity NOTICE Log Message ND cache entr...

Page 410: ...Message Neighbor Discovery packet ethernet destination is broadcast Dropping Explanation The Neighbor Discovery packet ethernet destination is broadcast Dropping packet Gateway Action drop Recommende...

Page 411: ...work equipment exists Revision 1 Parameters destip Context Parameters Rule Name Packet Buffer 2 32 39 nd_rs_illegal_option ID 06400064 Default Severity WARNING Log Message Router Solicitation packet c...

Page 412: ...d an entry in the Neighbor Discovery cache Gateway Action allow Recommended Action None Revision 1 Parameters ipaddress oldenet newenet Context Parameters Rule Name Packet Buffer 2 32 42 nd_update_ent...

Page 413: ...069 Default Severity WARNING Log Message Neighbor Discovery destination address destip is multicast but the solicited flag is set Dropping Explanation The Neighbor Discovery destination IP address is...

Page 414: ...solve the address conflict by changing the ethernet address on the interface or on the conflicting host IPv6 disabled Gateway Action IPv6_Disabled Recommended Action Resolve the address conflict Revis...

Page 415: ...f options more than ICMP6MaxOptND optcount Explanation Received a packet with number of options more than ICMP6MaxOptND Gateway Action drop Recommended Action None Revision 1 Parameters optcount Conte...

Page 416: ...ra_prefix ID 06400077 Default Severity NOTICE Log Message Interface iface have successfully processed a Router Advertisement Prefix Information option Explanation An interface have successfully proce...

Page 417: ...ID 06400079 Default Severity NOTICE Log Message Unable to find router on interface iface Explanation The gateway has solicited the local network for a router but have not received a reply Gateway Act...

Page 418: ...p_ver ID 01500002 Default Severity WARNING Log Message Disallowed IP version ipver Explanation The received packet has a disallowed IP version and will be dropped Gateway Action drop Recommended Actio...

Page 419: ...packet Gateway Action drop Recommended Action None Revision 1 Parameters iptotlen recvlen Context Parameters Rule Name Packet Buffer 2 33 5 invalid_ip_checksum ID 01500005 Default Severity WARNING Log...

Page 420: ...flow label value Explanation The received packet with flow label other than zero Gateway Action drop Recommended Action None Revision 1 Parameters flow_label Context Parameters Rule Name Packet Buffe...

Page 421: ...traffic class value Explanation The received packet with traffic class other than zero Gateway Action drop Recommended Action None Revision 1 Parameters traffic_class Context Parameters Rule Name Pac...

Page 422: ...t Severity WARNING Log Message Packet is too small to contain IPv6 header Explanation The received packet is too small to contain an IPv6 header and will be dropped Gateway Action drop Recommended Act...

Page 423: ...rs ttl ttlmin Context Parameters Rule Name Packet Buffer 2 34 2 ip_rsv_flag_set ID 01600002 Default Severity NOTICE Log Message The IP Reserved Flag was set Ignoring Explanation The received packet ha...

Page 424: ...h too low HopLimit of hoplimit Min HopLimit is hoplimitmin Ignoring Explanation The received packet has a HopLimit field which is too low Ignoring and forwarding packet anyway Gateway Action ignore Re...

Page 425: ...stamp ID 01700002 Default Severity NOTICE Log Message Packet has a timestamp IP Option Explanation The packet contains a timestamp IP Option Ignoring Gateway Action ignore Recommended Action None Revi...

Page 426: ...byte available avail Dropping Explanation The IP Option type is multi byte which requires two bytes and there is less than two bytes available Dropping packet Gateway Action drop Recommended Action No...

Page 427: ...ction drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 35 8 bad_length ID 01700013 Default Severity WARNING Log Message IP Option Type ipopt Bad length optlen for r...

Page 428: ...ion disallowed Dropping Explanation The packet has a source route which is disallowed Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer...

Page 429: ...pt Bad Timestamp Pointer tsptr Dropping Explanation The packet contains an invalid Timestamp Pointer Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters ipopt tsptr Conte...

Page 430: ...ert_bad_len ID 01700021 Default Severity WARNING Log Message IP Option Type ipopt Bad length optlen Dropping Explanation Packet contains a router alert IP Option which has an invalid Length Dropping p...

Page 431: ...pt optname Context Parameters Rule Name Packet Buffer 2 35 19 invalid_ip6payload_for_jumbo ID 01700039 Default Severity WARNING Log Message Non zero ip6 payload length for jumbo option Explanation Rec...

Page 432: ...t Parameters Rule Name 2 35 22 invalid_ip6payload_for_jumbo ID 01700042 Default Severity WARNING Log Message Non zero ip6 payload length for jumbo option Explanation Received a non zero ip6 payload le...

Page 433: ...25 recvd_jumbo ID 01700045 Default Severity WARNING Log Message Received a jumbo option packet Explanation Received a jumbo option packet Gateway Action drop Recommended Action None Revision 1 Context...

Page 434: ...t Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name 2 35 29 rcvd_router_alert ID 01700049 Default Severity WARNING Log Message Received Router Alert option Packet Exp...

Page 435: ...ay Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 35 32 invalid_option ID 01700052 Default Severity WARNING Log Message Invalid IPv6 extension header optio...

Page 436: ...one Revision 1 Context Parameters Rule Name 2 35 35 rcvd_ha_Option ID 01700055 Default Severity WARNING Log Message Received Home address option Packet Explanation Received Home address option Packet...

Page 437: ...erity WARNING Log Message Option data containing non zero value Explanation Option data containing non zero value Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name 2...

Page 438: ...t destination mismatch Explanation IP and ethernet destination mismatch Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name 2 35 42 invalid_optlen ID 01700062 Default S...

Page 439: ...acket other than in destination header Gateway Action none Recommended Action None Revision 1 Context Parameters Rule Name 2 35 45 excessive_padding ID 01700066 Default Severity WARNING Log Message Mu...

Page 440: ...ule Name 2 35 48 more_optcount ID 01700069 Default Severity WARNING Log Message Number of options more than IP6MaxOPH optcount Explanation Received a packet with number of options more than IP6MaxOPH...

Page 441: ...1700072 Default Severity WARNING Log Message Routing header with type 2 packet Explanation Received Routing header type 2 packet Gateway Action none Recommended Action None Revision 1 Context Paramete...

Page 442: ...eader type 0 packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name 2 35 55 too_small_packet ID 01700076 Default Severity WARNING Log Message Packet is too small to...

Page 443: ...ed Action None Revision 1 Context Parameters Rule Name 2 35 58 invalid_ip6_exthdr ID 01700079 Default Severity WARNING Log Message Extension header length is greater than IP6ExtHdr Setting Explanation...

Page 444: ...Recommended Action None Revision 1 Context Parameters Rule Name Chapter 2 Log Message Reference 444...

Page 445: ...er not match it Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters ip_multicast_addr eth_multicast_addr Context Parameters Rule Name Packet Buffer 2 36 2 invalid_ip4_hea...

Page 446: ...min Dropping Explanation The received packet has a TTL Time To Live field which is too low Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters ttl ttlmin Context Paramete...

Page 447: ...TCP header IPDataLen ipdatalen TCPHdrLen tcphdrlen Dropping Explanation The TCP packet contains an invalid header Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters ipda...

Page 448: ...lt Severity WARNING Log Message Configured size limit for the ICMP protocol exceeded Dropping Explanation The configured size limit for the ICMP protocol was exceeded Dropping packet Gateway Action dr...

Page 449: ...ever not match it This is a known exploit though the gateway is currently configured to forward these packets Gateway Action ignore Recommended Action None Revision 1 Parameters ip_multicast_addr eth_...

Page 450: ...size limit for the AH protocol exceeded Dropping Explanation The configured size limit for the AH protocol was exceeded Dropping packet Gateway Action drop Recommended Action This can be changed under...

Page 451: ...36 18 oversize_ipip ID 07000055 Default Severity WARNING Log Message Configured size limit for the IPIP protocol exceeded Dropping Explanation The configured size limit for the IPIP protocol was excee...

Page 452: ...ended Action This can be changed under the Advanced Settings section Revision 1 Parameters proto Context Parameters Rule Name Packet Buffer 2 36 21 oversize_ip ID 07000058 Default Severity WARNING Log...

Page 453: ...The received packet has a HopLimit field which is too low Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters hoplimit hoplimitmin Context Parameters Rule Name Packet Bu...

Page 454: ...n ICMPIPVer icmpipver Dropping Explanation An invalid IP version is specified in the ICMP data Version 4 expected Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters icmp...

Page 455: ...mended Action None Revision 1 Parameters icmpdatalen icmpipdatalen icmpipdataminlen Context Parameters Rule Name Packet Buffer 2 36 29 invalid_icmp_data_invalid_paramprob ID 07000075 Default Severity...

Page 456: ...n is beyond the scope of the source address Dropping Explanation Link local source address and a global scope destination address Dropping packet Gateway Action drop Recommended Action Verify that no...

Page 457: ...Severity WARNING Log Message L2TP client iface failed to resolve remotegwname Explanation The L2TP client failed to resolve the DNS name of the remote gateway Gateway Action None Recommended Action M...

Page 458: ...5 unknown_l2tp_auth_source ID 02800005 Default Severity WARNING Log Message Unknown L2TP authentication source for rule Tunnel ID tunnelid Session ID sessionid Explanation The authentication source f...

Page 459: ...lanation The L2TP session with the specified session ID has been closed The session was set up using the specified tunnel Gateway Action None Recommended Action None Revision 1 Parameters iface sessio...

Page 460: ...equest sent Tunnel ID tunnelid Explanation An L2TP session request has been sent over the specified L2TP tunnel Gateway Action None Recommended Action None Revision 1 Parameters tunnelid 2 37 11 l2tp_...

Page 461: ...NOTICE Log Message L2TP session request received Tunnel ID tunnelid Explanation A new session request was received on the specified tunnel Gateway Action None Recommended Action None Revision 1 Param...

Page 462: ...on 1 2 37 16 l2tpclient_tunnel_up ID 02800018 Default Severity NOTICE Log Message L2TP tunnel to remotegw is up Tunnel ID tunnelid Explanation L2TP tunnel negotiated successfully Gateway Action None R...

Page 463: ...OTICE Log Message Closed L2TP session Session ID sessionid Tunnel ID ctrlconnid Explanation The L2TP session with the specified session ID has been closed The session was set up using the specified tu...

Page 464: ...CE Log Message L2TP session up Control Connection ID ctrlconnid Session ID sessionid Explanation The L2TP session negotiation has completed successfully Gateway Action None Recommended Action None Rev...

Page 465: ...re that the IP address is configured correctly on the L2TP server interface or that the DHCP server can hand out a proper IP address to the interface Revision 1 Parameters iface 2 37 25 no_session_fou...

Page 466: ...p_expired ID 07700002 Default Severity NOTICE Log Message The partner system on physiface has timed out due to no message being received in timeout seconds Explanation LACP has not received a periodic...

Page 467: ...link Recommended Action Verify that all configured Member interfaces are physically connected to the same properly configured system Revision 1 Parameters physiface laiface 2 38 5 lacp_link_speed_mism...

Page 468: ...disabled because it is operating at Half Duplex which is unsupported by the Link Aggregation feature Explanation The specified interface has been disabled because it is operating at Half Duplex which...

Page 469: ...ame 2 39 2 removed_translation_address ID 05600002 Default Severity WARNING Log Message Translation IP address address does no longer exist in NATPool poolname Explanation The translation IP has been...

Page 470: ...red ID 05600006 Default Severity WARNING Log Message NATPool DHCP address address lease expired Explanation The IP Address used by this NATPool have expired and may not be used any more The connection...

Page 471: ...been reached for NATPool poolname Replacing lingering state replacedip Explanation The maximum configured number of states for this NAT Pool have been reached NATPool subsystem will try to replace the...

Page 472: ...oolname Explanation Attempt to activate an already active Translation IP Gateway Action None Recommended Action None Revision 1 Parameters poolname ip 2 39 11 registerip_failed ID 05600012 Default Sev...

Page 473: ...nchronize Translation IP address to peer Gateway Action None Recommended Action Check status of peer and verify High Availability configuration Revision 1 2 39 14 registerip_failed ID 05600015 Default...

Page 474: ...0 2 internal_error ID 02400002 Default Severity WARNING Log Message Internal Error Iface iface got NEvent nevent in NState nstate Ignored Explanation Internal error in the OSPF interface neighbor stat...

Page 475: ...mended Action Check the configuration on the neighboring router Revision 1 Parameters ospflen iplen type Context Parameters Rule Name Packet Buffer 2 40 5 bad_ospf_version ID 02400005 Default Severity...

Page 476: ...g router not within the same area as the receive interface Gateway Action drop Recommended Action Make sure all locally attached OSPF routers are in the same area as the attaching interfaces Revision...

Page 477: ...evision 1 Parameters recv_interval my_interval Context Parameters Rule Name Packet Buffer 2 40 10 hello_rtr_dead_mismatch ID 02400010 Default Severity WARNING Log Message Hello router dead interval mi...

Page 478: ...smatch Received was recv_n_flag mine is my_n_flag Dropping Explanation Received OSPF data from a neighboring router with mismatching N flag NSSA details configuration Gateway Action drop Recommended A...

Page 479: ...et Buffer 2 40 15 auth_mismatch ID 02400050 Default Severity WARNING Log Message Authentication mismatch Received was recv_auth mine is my_auth Explanation Authentication mismatch with neighboring OSP...

Page 480: ...PF router share the same crypto key id Revision 1 Parameters recv_id my_id Context Parameters Rule Name 2 40 18 bad_auth_crypto_seq_number ID 02400053 Default Severity WARNING Log Message Authenticati...

Page 481: ...Action drop Recommended Action Check network equipment for problems Revision 1 Parameters recv_chksum my_chksum Context Parameters Rule Name 2 40 21 dd_mtu_exceeds_interface_mtu ID 02400100 Default S...

Page 482: ...isused the I flag Restarting exchange Explanation Neighbor misused the I flag Gateway Action restart Recommended Action None Revision 1 Parameters neighbor Context Parameters Rule Name 2 40 24 opt_cha...

Page 483: ...n exchange Restarting exchange Explanation Received a non dup database descriptor from a neighbor in a higher state then exchange Gateway Action restart Recommended Action None Revision 1 Parameters n...

Page 484: ...Default Severity WARNING Log Message Got LSA with bad sequence number seqnum Restarting exchange Explanation Received a LSA with a bad sequence number Gateway Action restart Recommended Action None R...

Page 485: ...00151 Default Severity WARNING Log Message Unknown LSA type lsa_type LSA is discarded Explanation Received LSA of unknown type Gateway Action discard Recommended Action Check originating router config...

Page 486: ...WARNING Log Message Received AS EXT LSA on stub LSA is discarded Explanation Received AS external LSA which is illegal on a stub area Gateway Action discard Recommended Action None Revision 1 Context...

Page 487: ...ers Rule Name 2 40 38 got_ack_mismatched_lsa ID 02400157 Default Severity WARNING Log Message Got ACK for mismatched LSA LSA lsa ID lsaid AdvRtr lsartr ACK ingored Explanation Received acknowledge for...

Page 488: ...1 ack_packet_lsa_size_mismatch ID 02400160 Default Severity WARNING Log Message ACK packet LSA size mismatch Parsing aborted Explanation Received OSPF ACK packet with a mismatching LSA size Gateway Ac...

Page 489: ...ity WARNING Log Message Received Router LSA which contains mismatched Link State ID lsaid and Advertising Router lsartr LSA is discarded Explanation Received LSA of incompatible Link State ID and Adve...

Page 490: ...number of OSPF routers on the network Revision 1 Parameters iface Context Parameters Rule Name 2 40 47 neighbor_died ID 02400202 Default Severity WARNING Log Message Neighbor neighbor on neighborifac...

Page 491: ...ter lsaadvrtr Explanation Unable to map an identifier for a LSA Gateway Action None Recommended Action None Revision 1 Parameters lsatype lsaid lsaadvrtr Context Parameters Rule Name 2 40 50 lsa_size_...

Page 492: ...ING Log Message Memory usage for OSPF process ospfproc have now exceeded 90 percent of the maximum allowed Explanation The memory usage for a OSPF process have exceeded 70 percent of the maximum allow...

Page 493: ...ce attached to stub network stub Explanation Unable to find local interface attached to stub network Gateway Action None Recommended Action Contact support with a scenario description Revision 1 Param...

Page 494: ...rs Rule Name 2 40 58 internal_error_unable_to_find_lnk_connecting_to_lsa ID 02400403 Default Severity WARNING Log Message Internal error Unable to find my link connecting to described LSA RtrVtxId rtr...

Page 495: ...ace attached back Gateway Action None Recommended Action Contact support with a scenario description Revision 1 Parameters rtrvtxid Context Parameters Rule Name 2 40 61 bad_iface_type_mapping_rtr_to_r...

Page 496: ...everity CRITICAL Log Message Internal Error Memory allocation failure OSPF process now considered inconsistent Explanation Memory allocation failure Gateway Action alert Recommended Action Check memor...

Page 497: ...route route OSPF process should now be considered inconsistent Explanation Unable to add route Gateway Action alert Recommended Action Check memory consumption Revision 1 Parameters route Context Para...

Page 498: ...eters tunnel_type 2 41 2 ip_address_required_but_not_received ID 02500002 Default Severity WARNING Log Message IP address required but not received PPP terminated Explanation Peer refuses to give out...

Page 499: ...Default Severity WARNING Log Message Primary NBNS address required but not received PPP terminated Explanation Peer refuses to give out a primary NBNS address Since reception of a primary NBNS address...

Page 500: ..._to_use_authentication ID 02500051 Default Severity ERROR Log Message Peer refuses to use authentication PPP terminated Explanation Peer refuses to use any authentication at all PPP is terminated sinc...

Page 501: ...ppp_terminated Recommended Action Upgrade your license to allow more simultaneous PPP tunnels Revision 1 Parameters tunnel_type limit 2 41 11 authentication_failed ID 02500101 Default Severity WARNING...

Page 502: ...Default Severity WARNING Log Message PPP MSCHAPv1 username was truncated because it was too long Explanation PPP MSCHAPv1 username was truncated because it was too long Gateway Action mschapv1_usernam...

Page 503: ...ed because it was too long Explanation PPP PAP password was truncated because it was too long Gateway Action pap_password_truncated Recommended Action Reconfigure the endpoints to use a shorter passwo...

Page 504: ...Explanation There was an error while authenticating using a local user database PPP Authentication terminated Gateway Action authentication_terminated Recommended Action None Revision 1 Parameters tu...

Page 505: ...is either means that the decryption failed or that the peer actually sent data using an unsupported protocol PPP is terminated Gateway Action ppp_terminated Recommended Action Reconnect the tunnel If...

Page 506: ...for the interface have been established Gateway Action None Recommended Action None Revision 1 Parameters iface pppoeserver auth ifaceip downtime 2 42 2 pppoe_tunnel_closed ID 02600002 Default Severi...

Page 507: ...nt iface failed to resolve remotegwname Explanation The PPTP client failed to resolve the DNS name of the remote gateway Gateway Action None Recommended Action Make sure you have configured the DNS na...

Page 508: ...down the PPTP connection Gateway Action pptp_connection_closed Recommended Action Make sure the userauth rules are configured correctly Revision 1 Parameters rule remotegw callid 2 43 5 user_disconne...

Page 509: ...equired ID 02700007 Default Severity WARNING Log Message MPPE failed but is required closing session callid to remotegw on iface Explanation MPPE is required by the configuration but the MPPE negotiat...

Page 510: ...specified interface remote gateway and call ID identify the specific session Gateway Action ignore Recommended Action None Revision 1 Parameters iface type callid remotegw 2 43 11 failure_init_radius...

Page 511: ...c session Gateway Action None Recommended Action None Revision 1 Parameters callid iface remotegw user auth mppe assigned_ip 2 43 13 pptp_session_up ID 02700013 Default Severity WARNING Log Message PP...

Page 512: ...ssage PPTP session callid to remotegw on iface has been idle for too long Closing it Explanation A PPTP session has been idle for too long Session will be closed Gateway Action close_session Recommend...

Page 513: ...w connected to iface Explanation A remote PPTP client has established a connection to this PPTP server Gateway Action None Recommended Action None Revision 1 Parameters iface remotegw 2 43 19 ctrlconn...

Page 514: ...TICE Log Message PPTP tunnel to remotegw on iface closed Explanation The PPTP tunnel to has been closed Gateway Action None Recommended Action None Revision 1 Parameters iface remotegw 2 43 22 pptp_co...

Page 515: ...D 02700026 Default Severity WARNING Log Message Did not find a matching userauth rule for the incoming PPTP connection Interface iface Remote gateway remotegw Explanation The PPTP server was unsuccess...

Page 516: ...to listen on Explanation The PPTP server cannot start until it has a proper IP address to listen on Gateway Action None Recommended Action Make sure that the IP address is configured correctly on the...

Page 517: ...username imsi mac iface 2 44 2 user_reauthenticated ID 07500002 Default Severity NOTICE Log Message User username was reauthenticated Explanation A user was re authenticated Gateway Action None Recom...

Page 518: ...on None Recommended Action None Revision 1 Parameters username imsi mac iface ip 2 44 5 user_authentication_rejected ID 07500005 Default Severity NOTICE Log Message User username authentication was re...

Page 519: ...e same MAC address as an already authenticated user The current user will be logged out Gateway Action logout_current_user Recommended Action None Revision 1 Parameters username imsi mac iface ip newu...

Page 520: ...MAC address logging out current user Explanation An already authenticated user is logging in from a new MAC address than before The current user instance will be logged out Gateway Action logout_curre...

Page 521: ...Firewall Monitoring Current uptime uptime The value of name is above the high threshold High threshold threshold Current mean of numbersamples currentvalue Explanation High threshold passed Gateway Ac...

Page 522: ...ed Action None Revision 1 Parameters uptime name threshold numbersamples currentvalue 2 45 4 value_above_low_threshold ID 054xxxxx Default Severity INFORMATIONAL Log Message Firewall Monitoring Curren...

Page 523: ...egment with invalid checksum Explanation A TCP segment with an invalid checksum was received The segment will be dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Conne...

Page 524: ...cket Explanation The gateway ran out of resources when trying to allocate resources to send a packet The packet that triggered the need to send a packet will be dropped Gateway Action drop Recommended...

Page 525: ...sage Maximum connections limit reached Explanation The reassembly subsystem has reached the maximum number of concurrent connections Gateway Action none Recommended Action Consider increasing the sett...

Page 526: ...ID 04100002 Default Severity WARNING Log Message Interface iface Table table Net net Unable to open conn for PING trying again later Explanation Unable to open a connection to verify the status of th...

Page 527: ...ailed to register PING Route Monitor Gateway Action route_not_monitored Recommended Action None Revision 1 Parameters iface table net gateway 2 47 5 unable_to_register_pingmon ID 04100005 Default Seve...

Page 528: ...ute disabled no ARP reply from Gateway gateway Explanation Route is not available and has been disabled Did not receive a ARP reply from the gateway Gateway Action route_disabled Recommended Action No...

Page 529: ...commended Action None Revision 1 Parameters iface table net gateway 2 47 10 no_link ID 04100010 Default Severity ERROR Log Message Interface iface has no link reason reason all associated routes disab...

Page 530: ...nitored Unable to register Interface Monitor Gateway Action no_monitoring Recommended Action None Revision 1 Parameters iface table net gateway 2 47 13 unable_to_register_interface_monitor ID 04100013...

Page 531: ...ommended Action None Revision 1 Parameters iface table net 2 47 15 hostmon_successful ID 04100015 Default Severity NOTICE Log Message Interface iface Table table Net net Route enabled host monitoring...

Page 532: ...Severity NOTICE Log Message IP address verfied according to ACCESS section Explanation The IP address was verified according to the ACCESS section Gateway Action access_allow Recommended Action None R...

Page 533: ...ty WARNING Log Message Destination address is the 0 net Dropping Explanation The destination address was the 0 net which is not allowed according to the configuration The packet is dropped Gateway Act...

Page 534: ...er 2 48 8 block127net ID 06000013 Default Severity WARNING Log Message Destination address is the 127 net Accepting Explanation The destination address was the 127 net which is allowed according to th...

Page 535: ...ity WARNING Log Message Destination address is the 0 8 net Dropping Explanation The destination address was the 0 8 net which is not allowed according to the configuration The packet is dropped Gatewa...

Page 536: ...ne Revision 1 Context Parameters Rule Name Packet Buffer 2 48 14 directed_broadcasts ID 06000031 Default Severity NOTICE Log Message Packet directed to the broadcast address of the destination network...

Page 537: ...ed behaviour modify the rule set Revision 1 Context Parameters Rule Information Packet Buffer 2 48 17 ruleset_drop_packet ID 06000051 Default Severity WARNING Log Message Packet dropped by rule set Dr...

Page 538: ...ss fqdn_name used in IPPolicy dir filter Explanation The IPPolicy address filter was updated by the DNS Cache Gateway Action policy_updated Recommended Action None Revision 1 Parameters fqdn_name dir...

Page 539: ...lt Severity INFORMATIONAL Log Message IP address ip removed from FQDN address fqdn_name used in IPPolicy dir filter Explanation The IPPolicy address filter was updated by the DNS Cache Gateway Action...

Page 540: ...ecommended Action Verify that the configured DNS server is reachable Revision 1 Parameters fqdn_name dir Context Parameters Rule Name 2 48 25 dns_error ID 06000076 Default Severity ERROR Log Message D...

Page 541: ...ay Context Parameters Connection 2 49 2 httpposter_failure ID 06600101 Default Severity WARNING Log Message Failed to update host using HTTP Poster retry in retry_delay seconds Explanation The HTTP Po...

Page 542: ...Gateway Action None Recommended Action None Revision 1 Parameters host retry_delay reason Chapter 2 Log Message Reference 542...

Page 543: ...50 2 sesmgr_session_denied ID 04900002 Default Severity WARNING Log Message New session denied for User user Database database IP ip Type type Explanation New session denied in Session Manager Gatewa...

Page 544: ...tion none Recommended Action None Revision 1 Parameters user access database ip type 2 50 5 sesmgr_session_timeout ID 04900005 Default Severity NOTICE Log Message Session has timed out for User user D...

Page 545: ...pe type Explanation Could not create new console new session will be removed Gateway Action remove_session Recommended Action Check maximum number of sessions and consoles Revision 1 Parameters user d...

Page 546: ...e Explanation Disabled session has been activated Gateway Action none Recommended Action None Revision 1 Parameters user database ip type 2 50 11 sesmgr_session_disabled ID 04900011 Default Severity N...

Page 547: ...access level set for User user Database database IP ip Type type Explanation No access level set for user new session denied Gateway Action deny_session Recommended Action Check user settings Revision...

Page 548: ...Gateway Action file_error Recommended Action Check available memory Revision 1 2 50 16 sesmgr_techsupport ID 04900018 Default Severity NOTICE Log Message Sending technical support file Explanation Te...

Page 549: ...nded Action None Revision 1 Parameters server_ip Context Parameters Rule Name 2 51 2 server_offline ID 02900002 Default Severity WARNING Log Message SLB Server server_ip is offline according to monito...

Page 550: ...t_timeout ID 03000002 Default Severity WARNING Log Message Timeout connecting to SMTP server smtp_server Send aborted Explanation The unit timed out while trying to establish a connection to the SMTP...

Page 551: ...xplanation The SMTP server reject the connection attempt No SMTP Log will be sent Gateway Action abort_sending Recommended Action Verify that a SMTP Server is configured to accept connections from the...

Page 552: ...ient recipient Explanation The SMTP server rejected the recipient No SMTP Log will be sent Gateway Action None Recommended Action Verify that the SMTP server is configured to accept this recipient Rev...

Page 553: ...tion The SMTP server rejected the message text No SMTP Log will be sent Gateway Action None Recommended Action Verify that the SMTP server is properly configured Revision 1 Parameters smtp_server 2 52...

Page 554: ...ation The DNS server reports that there is no record of the configured FQDN address Gateway Action None Recommended Action Verify that the FQDN address was entered correctly Revision 1 Parameters fqdn...

Page 555: ...ddress ip added to FQDN address fqdn_name used in SMTP logger logger Explanation The IP address for the SMTP server used by logger logger could not be updated Gateway Action smtplogger_fail Recommende...

Page 556: ...logger Chapter 2 Log Message Reference 556...

Page 557: ...t Parameters Connection 2 53 2 invalid_snmp_community ID 03100002 Default Severity NOTICE Log Message Disallowed SNMP from peer invalid community string Explanation The SNMP community string is invali...

Page 558: ...acters Revision 1 Parameters peer Context Parameters Connection 2 53 5 snmp3_authentication_failed ID 03100102 Default Severity NOTICE Log Message Disallowed SNMP from peer authentication failed Expla...

Page 559: ...op Recommended Action Find out what is sending these SNMP messages and take appropriate action to stop these messages Revision 1 Parameters peer Context Parameters Connection 2 53 8 snmp3_rebooted_214...

Page 560: ...0107 Default Severity NOTICE Log Message Disallowed SNMP from peer wrong SNMP version Explanation The SNMP request did not have the correct SNMP version Gateway Action drop Recommended Action Make sur...

Page 561: ...ers Connection 2 53 13 snmp3_message_not_in_time_window ID 03100110 Default Severity ERROR Log Message Disallowed SNMP from peer received message not in time window Explanation Received message did no...

Page 562: ...DH Key Exchange parse error when exchanging keys with client client Explanation A Diffie Hellman Key Exchange Failure occured when keys were exchanged with the client Connection will be closed Gatewa...

Page 563: ...n failure Explanation The MAC received from the client is invalid The connection will be closed Gateway Action close Recommended Action None Revision 1 2 54 6 invalid_service_request ID 04700015 Defau...

Page 564: ...e to toservice Client client Explanation User changed the service between two authentication phases which is not allowed Closing connection Gateway Action close Recommended Action None Revision 1 Para...

Page 565: ...been reached Closing connection Client client Explanation The connect client has been inactive for too long and is forcibly logged out Closing connection Gateway Action close Recommended Action Incre...

Page 566: ...t uses is not supported Closing connection Gateway Action close Recommended Action None Revision 1 Parameters keytype client 2 54 15 unsupported_pubkey_algo ID 04700057 Default Severity NOTICE Log Mes...

Page 567: ...according to the remotes section Explanation The client is not allowed access to the SSH server Closing connection Gateway Action close Recommended Action If this client should be granted SSH access...

Page 568: ...this ip ip Explanation SCP transfers can only be used if sessions has administrator access Closing connection Gateway Action close Recommended Action If there are other active administrator session t...

Page 569: ...s remoteip remoteport localip localport ssliface 2 55 2 sslvpn_session_closed ID 06300011 Default Severity INFORMATIONAL Log Message SSLVPN session closed remoteip remoteport localip localport at ssli...

Page 570: ...he specific session Gateway Action accounting_disabled Recommended Action Make sure the RADIUS accounting configuration is correct Revision 1 Parameters iface 2 55 5 sslvpn_connection_disallowed ID 06...

Page 571: ...ser is forcibly disconnected Remote gateway remotegw Explanation The connected client is forcibly disconnected by the userauth system Gateway Action None Recommended Action None Revision 2 Parameters...

Page 572: ...sion 1 Parameters rule iface remotegw 2 55 10 sslvpn_no_userauth_rule_found ID 06300226 Default Severity WARNING Log Message Did not find a matching userauth rule for the incoming SSL VPN connection I...

Page 573: ...2 demo_mode ID 03200021 Default Severity ALERT Log Message The unit is running in DEMO mode and will eventually expire Install a license in order to avoid this Explanation None Gateway Action shutdow...

Page 574: ...56 5 new_firmware_available ID 03200030 Default Severity NOTICE Log Message New firmware available Explanation A new firmware release is available for download Gateway Action None Recommended Action...

Page 575: ...rity ERROR Log Message Nitrox II watchdog triggered Explanation Nitrox II watchdog triggered Gateway Action Reboot Recommended Action None Revision 1 2 56 9 nitrox2_restarted ID 03200208 Default Sever...

Page 576: ...a dynamic port as it is out of memory Gateway Action None Recommended Action None Revision 1 Parameters reason localip destip 2 56 12 port_bind_failed ID 03200301 Default Severity WARNING Log Message...

Page 577: ...IP pair has changed to Low Load because of low traffic Gateway Action None Recommended Action None Revision 1 Parameters localip destip 2 56 15 log_messages_lost_due_to_throttling ID 03200400 Default...

Page 578: ...ption failed due to error Connection closed Gateway Action None Recommended Action None Revision 1 2 56 18 bidir_fail ID 03200600 Default Severity CRITICAL Log Message Failed to establish bi direction...

Page 579: ...ile Gateway Action None Recommended Action Verfiy that the disk media is intact and that the file is not write protected Revision 1 Parameters old_cfg 2 56 21 disk_cannot_rename ID 03200604 Default Se...

Page 580: ...e the present core executable Gateway Action None Recommended Action Consult the recommended action in the previous log message which contained a more detailed error description Revision 1 2 56 24 bid...

Page 581: ...Blocked since blockedsince Explanation Too many failed login attempt for the user Gateway Action None Recommended Action None Revision 1 Parameters database username blockedremaining blockedsince 2 5...

Page 582: ...ion requested by username from config_system client_ip Explanation Reconfiguration requested Gateway Action reconfiguration Recommended Action None Revision 1 Parameters username userdb client_ip conf...

Page 583: ...erity NOTICE Log Message Firewall starting echo delay seconds Core corever Build build Current uptime uptime Using configuration file cfgfile localcfgver localcfgver remotecfgver remotecfgver Previous...

Page 584: ...e Revision 2 Parameters authsystem username access_level interface usergroups authsource userdb server_ip server_port client_ip client_port 2 56 35 admin_logout ID 03203001 Default Severity NOTICE Log...

Page 585: ...t 2 56 37 admin_authorization_failed ID 03203003 Default Severity WARNING Log Message Administrative user username successfully logged in via authsystem but is not authorized to access the system Expl...

Page 586: ...nit failed to establish a connection back to peer using the new configuration The previous configuration will still be used Gateway Action using_prev_config Recommended Action Make sure that the new c...

Page 587: ...al Date and Time has been modified by user Time and Date before change pre_change_date_time Time and Date after change post_change_date_time Explanation The local Date and Time of the unit has been ch...

Page 588: ...eters authsystem username server_ip server_port client_ip client_port 2 56 45 admin_login_internal_error ID 03206002 Default Severity WARNING Log Message Internal error occured when administrative use...

Page 589: ...ing to authentication requests Revision 1 Parameters authsystem interface username authsource server_ip server_port client_ip client_port 2 56 47 valid_rest_api_call ID 03207000 Default Severity NOTIC...

Page 590: ...one Revision 1 Parameters URI Method Context Parameters User Authentication 2 56 50 method_not_allowed ID 03207012 Default Severity NOTICE Log Message Method not allowed Explanation REST API call fail...

Page 591: ...Gateway Action None Recommended Action None Revision 1 Parameters URI Method Context Parameters User Authentication Chapter 2 Log Message Reference 591...

Page 592: ...Settings sub system Revision 1 Parameters good_flag bad_flag Context Parameters Rule Name Packet Buffer 2 57 2 tcp_flags_set ID 03300002 Default Severity WARNING Log Message The TCP good_flag and bad...

Page 593: ...t Stripping Explanation A bad TCP flag is set Removing it Gateway Action strip_flag Recommended Action None Revision 1 Parameters bad_flag Context Parameters Rule Name Packet Buffer 2 57 5 tcp_null_fl...

Page 594: ...arameters Rule Name Packet Buffer 2 57 7 tcp_flag_set ID 03300009 Default Severity WARNING Log Message The TCP bad_flag flag is set Dropping Explanation The TCP flag is set Dropping packet Gateway Act...

Page 595: ...vision 1 Parameters seqno origseqno Context Parameters Rule Name Connection Packet Buffer 2 57 10 mismatched_first_ack_seqno ID 03300012 Default Severity WARNING Log Message ACK packet with seq seqno...

Page 596: ...end Dropping Explanation The RST flag sequence number is not within the receiver window Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters seqno winstart winend Context...

Page 597: ...ay Action drop Recommended Action None Revision 1 Parameters ack accstart accend Context Parameters Rule Name Connection Packet Buffer 2 57 15 rst_without_ack ID 03300018 Default Severity NOTICE Log M...

Page 598: ...stack could not accept incomming data since it has run out of large TCP receive windows This event was triggered num_events times during the last 10 seconds Gateway Action close Recommended Action If...

Page 599: ...ot get a free socket This event was triggered num_events times during the last 10 seconds Gateway Action None Recommended Action None Revision 1 2 57 20 tcp_seqno_too_low_with_syn ID 03300025 Default...

Page 600: ...t mss minmss Context Parameters Rule Name Packet Buffer 2 58 2 tcp_mss_too_low ID 03400002 Default Severity NOTICE Log Message TCP MSS mss too low TCPMSSMin minmss Adjusting Explanation The TCP MSS is...

Page 601: ...high Adjusting to use the configured maximum MSS Gateway Action adjust Recommended Action None Revision 1 Parameters tcpopt mss maxmss Context Parameters Rule Name Packet Buffer 2 58 5 tcp_mss_above_l...

Page 602: ...et has a type tcpopt TCP option Stripping it Explanation The packet has a TCP Option of the specified type Removing it Gateway Action strip Recommended Action None Revision 1 Parameters tcpopt Context...

Page 603: ...commended Action None Revision 1 Parameters tcpopt len avail Context Parameters Rule Name Packet Buffer 2 58 10 bad_tcpopt_length ID 03400012 Default Severity WARNING Log Message Type tcpopt bad lengt...

Page 604: ...PMSSMax maxmss Dropping Explanation The TCP MSS is too high Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters tcpopt mss maxmss Context Parameters Rule Name Packet Buff...

Page 605: ...CP segment Explanation Multiple TCP window scale options present in a single TCP segment Gateway Action strip Recommended Action None Revision 1 Context Parameters Connection Packet Buffer 2 58 16 too...

Page 606: ...Expected old got new will use effective Explanation TCP segment with a window scale option specifying a different shift count than previous segments was received The lower of the two values will be u...

Page 607: ...ule Name 2 59 2 reminder_conn_threshold ID 05300101 Default Severity INFORMATIONAL Log Message Reminder Connection threshold description exceeded threshold Source IP srcip Explanation The source ip is...

Page 608: ...ption Revision 1 Context Parameters Connection 2 59 5 failed_to_keep_connection_count ID 05300201 Default Severity ERROR Log Message Failed to keep connection count Reason Out of memory Explanation Th...

Page 609: ...tions matching the threshold rule and originating from a single host exceeds the configured threshold The configured protective measures will be triggered Note This log message is rate limited via an...

Page 610: ...e exceeds threshold The Offending host is srcip Explanation The number of connections matching the threshold rule exceeds the configured threshold The configured protective measures will be triggered...

Page 611: ...s failed Clock not updated Explanation The unit failed to establish a connection with the time sync server The clock has not been updated Gateway Action clock_not_synced Recommended Action Verify that...

Page 612: ...saving ID 03500011 Default Severity NOTICE Log Message Leaving standart time zone and switching to Daylight saving time Explanation Automatic DST is activated and time is adjusted by the system Gatewa...

Page 613: ...Parameters location Chapter 2 Log Message Reference 613...

Page 614: ...equipment Revision 1 Context Parameters Rule Name Packet Buffer 2 61 2 enet_hw_sender_broadcast ID 04400411 Default Severity NOTICE Log Message Ethernet hardware sender is a broadcast address Acceptin...

Page 615: ...ess If there are try to change the behaviour of that equipment Revision 1 Context Parameters Rule Name Packet Buffer 2 61 5 enet_hw_sender_multicast ID 04400414 Default Severity NOTICE Log Message Eth...

Page 616: ...ll be dropped Gateway Action drop Recommended Action Investigate if there are equipment sending packets using a multicast address as sender MAC address If there are try to change the behaviour of that...

Page 617: ...MSTP and PVST Gateway Action drop Recommended Action If the frame format is invalid locate the unit which is sending the malformed frame Revision 1 Parameters recvif reason 2 61 11 relay_mpls_frame I...

Page 618: ...2 61 13 invalid_mpls_packet ID 04400422 Default Severity WARNING Log Message Incoming MPLS packet on recvif dropped Reason reason Explanation An incoming MPLS packet has been dropped since it was malf...

Page 619: ...y WARNING Log Message Received a RADIUS Accounting START response with an Identifier mismatch Ignoring this packet Explanation The unit received a response with an invalid Identifier mismatch This can...

Page 620: ...commended Action Verify that the RADIUS Accounting server is properly configured Revision 2 Context Parameters User Authentication 2 62 5 no_accounting_start_server_response ID 03700005 Default Severi...

Page 621: ...will not be sent to Authentication Server Explanation The unit failed to send an Accounting Stop event to the Accounting Server Accounting information will not be sent to the Accounting Server Gateway...

Page 622: ...ounting_stop_server_response ID 03700010 Default Severity ALERT Log Message Did not receive a RADIUS Accounting STOP response User statistics might not have been updated on the Accounting Server Expla...

Page 623: ...ccounting Server Accounting features will be disabled Gateway Action accounting_disabled Recommended Action None Revision 2 Context Parameters User Authentication 2 62 13 invalid_accounting_start_requ...

Page 624: ...0 Default Severity NOTICE Log Message User timeout expired user is automatically logged out Explanation The user is automatically logged out as the configurated timeout expired Gateway Action user_rem...

Page 625: ...tesrecv packetssent packetsrecv gigawrapsent gigawraprecv sestime Context Parameters User Authentication 2 62 18 accounting_interim_failure ID 03700051 Default Severity ALERT Log Message Failed to sen...

Page 626: ...ccounting server User statistics might not have been updated on the Accounting Server Explanation The unit received an invalid response to an Accounting Interm event from the Accounting Server Account...

Page 627: ...3 already_logged_in ID 03700101 Default Severity WARNING Log Message This user is already logged in Explanation A user with the same username as an already authenticated user tried to logged in and wa...

Page 628: ...ssage Timeout during RADIUS user authentication contact with RADIUS server not established Explanation The unit did not receive a response from the RADIUS Authentication server and the authentication...

Page 629: ...Log Message Error during LDAP user authentication contact with LDAP server not established Explanation The unit did not receive a response from the LDAP Authentication server and the authentication pr...

Page 630: ...ult Severity ERROR Log Message Can t create new user request Authentication aborted Explanation Can t create new user request Gateway Action authentication_failed Recommended Action Check LDAP context...

Page 631: ...d Action None Revision 1 Parameters reason 2 62 36 user_req_new_out_of_memory ID 03700406 Default Severity ALERT Log Message Out of memory while trying to allocate new User Request Explanation The uni...

Page 632: ...efault Severity ALERT Log Message Cannot retrieve user password from LDAP database database Explanation Cannot retrive the user password from LDAP database making user authentication impossible Gatewa...

Page 633: ...t share atleast one cipher Revision 1 Parameters client_ip 2 62 43 disallow_clientkeyexchange ID 03700501 Default Severity ERROR Log Message SSL Handshake Disallow ClientKeyExchange Closing down SSL c...

Page 634: ...ge SSL Handshake Bad ClientHello message Closing down SSL connection Explanation The ClientHello message which is the first part of a SSL handshake is invalid and the SSL connection is closed Gateway...

Page 635: ...ty ERROR Log Message SSL Handshake Bad ClientFinished message Closing down SSL connection Explanation The ClientFinished message which is a part of a SSL handshake is invalid and the SSL connection is...

Page 636: ...ize Closing down SSL connection Explanation The negotiated cipher was an export cipher which does not allow the chosen certification size The certificate can not be sent and the SSL connection is clos...

Page 637: ...ID 03707000 Default Severity NOTICE Log Message User logged in Idle timeout idle_timeout Session timeout session_timeout Explanation A user logged in and has been granted access Auth Rule grants imme...

Page 638: ...rameters User Authentication 2 62 57 bad_user_credentials ID 03707003 Default Severity NOTICE Log Message Unknown user Explanation A user failed to log in The MAC address does not exist Gateway Action...

Page 639: ...Revision 2 Context Parameters User Authentication 2 62 59 bad_user_credentials ID 03707005 Default Severity NOTICE Log Message Unknown user Explanation A user failed to log in Gateway Action None Rec...

Page 640: ...meters filename description 2 63 2 odm_execute_action_reboot ID 05200002 Default Severity NOTICE Log Message Uploaded file filename was validated as description Rebooting system Explanation An uploade...

Page 641: ...sage Uploaded package file filename could not be executed correctly Explanation An uploaded file was validated but could not be executed correctly This could be because the unit is out of disk space o...

Page 642: ...Parameters filename 2 63 8 odm_license_warn ID 05200008 Default Severity NOTICE Log Message Uploaded file filename was validated as description Warned user to take action Explanation A license file w...

Page 643: ...aas_lic_installation_failed ID 05208003 Default Severity EMERGENCY Log Message License file could not be installed Explanation None Gateway Action None Recommended Action None Revision 1 Chapter 2 Log...

Page 644: ...clude_entry ID 03800002 Default Severity WARNING Log Message Unable to allocate exclude entry for host Explanation Unable to allocate exclude entry Unit is low on memory Gateway Action no_exclude Reco...

Page 645: ...essage Unable to accommodate block request since out of MAC profiles on switch Explanation There are no free MAC profiles left on the switch No more hosts can be be blocked excluded on this switch Gat...

Page 646: ...ate_to_media ID 03800008 Default Severity CRITICAL Log Message Failed to write ZoneDefense state to media Explanation Failed to write list of ZoneDefense state to media The media might be corrupt Gate...

Page 647: ...e ID 03800011 Default Severity CRITICAL Log Message Failed to erase type profile profile on switch Explanation The switch returned an error while erasing a profile Gateway Action None Recommended Acti...

Page 648: ...ation A configured action of type type has triggered ZoneDefense to block the host host at the configured ZoneDefense switches Gateway Action block Recommended Action Unblock the specified host using...

Page 649: ...ity WARNING Log Message ZoneDefense is disabled on switch The system will try to enable it Explanation The switch responded that it has the ZoneDefense feature disabled System will try once to enable...

Page 650: ...03800911 Default Severity INFORMATIONAL Log Message ZoneDefense unblocking unblock_type blocked host host Explanation A dynamically blocked host has been unblocked by ZoneDefense Gateway Action unbloc...

Page 651: ...Chapter 2 Log Message Reference 651...

Page 652: ...Chapter 2 Log Message Reference 652...

Reviews:

No comments

Related manuals for NetDefend DFL-260E

GajShield GS15nu Quick Start Manual preview
GS15nu
Brand: GajShield Pages: 12
Ruijie Networks RG-WALL1600-S3600 Hardware Installation And Reference Manual preview
RG-WALL1600-S3600
Brand: Ruijie Networks Pages: 28
PaloAlto Networks PA-2000 Series Hardware Reference Manual preview
PA-2000 Series
Brand: PaloAlto Networks Pages: 20
PaloAlto Networks PA-220R Quick Start Manual preview
PA-220R
Brand: PaloAlto Networks Pages: 2
Attila Security GoSilent User Manual preview
GoSilent
Brand: Attila Security Pages: 8

Brands by name

Popular brands

Load more brands