manualshive.com logo in svg

D-Link NetDefend SOHO DFL-160, Reference Manual

The D-Link NetDefend SOHO DFL-160 is a robust and reliable firewall solution designed for small office and home networks. It offers advanced security features to safeguard your network. Ensure an easy setup with the included Quick Installation Manual, available for free download at manualshive.com.

Share
Download
background image

Explanation

Negotiation of IKE SA failed.

Gateway Action

no_ike_sa

Recommended Action

None.

Revision

2

Parameters

statusmsg
local_peer
remote_peer
initiator_spi

2.14.76. ike_sa_negotiation_completed (ID: 01802024)

Default Severity

INFORMATIONAL

Log Message

IKE SA <options> negotiation completed: <mode> using <auth>
(<encryption><keysize> - <hash>) Diffie-Hellman group <dhgroup>
(<bits>) Lifetime: <lifetime> seconds

Explanation

Negotiation of IKE SA completed.

Gateway Action

None

Recommended Action

None.

Revision

1

Parameters

options
mode
auth
encryption
keysize
hash
dhgroup
bits
lifetime

2.14.77. ike_sa_negotiation_failed (ID: 01802030)

Default Severity

INFORMATIONAL

Log Message

No IKE SA negotiations done. Reason: The authentication credentials
were not specified or private key was not available

Explanation

No IKE SA negotiations done because of authentication problems.

Gateway Action

no_ike_sa

Recommended Action

None.

Revision

1

2.14.78. ike_sa_negotiation_failed (ID: 01802031)

2.14.76. ike_sa_negotiation_completed
(ID: 01802024)

Chapter 2. Log Message Reference

203

Summary of Contents for NetDefend SOHO DFL-160

Page 1: ...Log Reference Guide DFL 160 Ver 2 27 00 Network Security Solution http www dlink com tw Security Security SOHO UTM Firewall ...

Page 2: ...Reference Guide D Link DFL 160 Firewall NetDefendOS Version 2 27 00 D Link Corporation No 289 Sinhu 3rd Rd Neihu District Taipei City 114 Taiwan R O C http www DLink com Published 2010 05 25 Copyright 2010 ...

Page 3: ...rticular purpose D Link reserves the right to revise this publication and to make changes from time to time in the content hereof without any obligation to notify any person or parties of such revision or changes Limitations of Liability UNDER NO CIRCUMSTANCES SHALL D LINK OR ITS SUPPLIERS BE LIABLE FOR DAMAGES OF ANY CHARACTER E G DAMAGES FOR LOSS OF PROFIT SOFTWARE RESTORATION WORK STOPPAGE LOSS...

Page 4: ...unreachable ID 00200119 40 2 1 22 wcf_srv_connection_error ID 00200120 40 2 1 23 wcf_server_unreachable ID 00200121 41 2 1 24 wcf_connecting ID 00200122 41 2 1 25 wcf_server_connected ID 00200123 41 2 1 26 wcf_primary_fallback ID 00200124 42 2 1 27 request_url ID 00200125 42 2 1 28 request_url ID 00200126 42 2 1 29 wcf_server_auth_failed ID 00200127 43 2 1 30 wcf_server_bad_reply ID 00200128 43 2 ...

Page 5: ...to_create_connection1 ID 00200218 62 2 1 81 illegal_command ID 00200219 62 2 1 82 illegal_direction1 ID 00200220 63 2 1 83 illegal_direction2 ID 00200221 63 2 1 84 illegal_option ID 00200222 64 2 1 85 illegal_option ID 00200223 64 2 1 86 unknown_option ID 00200224 64 2 1 87 illegal_command ID 00200225 65 2 1 88 unknown_command ID 00200226 65 2 1 89 illegal_reply ID 00200228 66 2 1 90 illegal_reply...

Page 6: ...e_blocked_invalid_len ID 00200389 85 2 1 144 content_type_mismatch ID 00200390 86 2 1 145 content_type_mismatch_mimecheck_disabled ID 00200391 86 2 1 146 command_blocked_invalid_argument ID 00200392 86 2 1 147 command_blocked ID 00200393 87 2 1 148 unknown_command_blocked ID 00200394 87 2 1 149 unexpected_mail_end ID 00200396 87 2 1 150 invalid_line_endings ID 00200397 88 2 1 151 top_mail_end_bloc...

Page 7: ...108 2 3 8 hwaddr_change ID 00300008 109 2 3 9 arp_cache_size_limit_reached ID 00300030 109 2 3 10 invalid_arp_sender_ip_address ID 00300049 110 2 3 11 arp_access_allowed_expect ID 00300050 110 2 3 12 impossible_hw_address ID 00300051 110 2 3 13 arp_response_broadcast_drop ID 00300052 110 2 3 14 arp_response_multicast_drop ID 00300053 111 2 3 15 arp_collides_with_static ID 00300054 111 2 3 16 hwadd...

Page 8: ...010 132 2 8 11 unable_to_add_relay_route_since_out_of_memory ID 00800011 133 2 8 12 ignored_relay_request ID 00800012 133 2 8 13 no_message_type ID 00800013 133 2 8 14 bad_inform_pkt_with_mismatching_source_ip_and_client_ip ID 00800014 134 2 8 15 received_relayed_inform_packet_without_client_ip ID 00800015 134 2 8 16 maximum_current_dhcp_relays_for_iface ID 00800016 134 2 8 17 dhcp_server_is_unrou...

Page 9: ...011 153 2 10 12 drop_duplicate_frag_suspect_packet ID 02000012 153 2 10 13 drop_duplicate_frag ID 02000013 153 2 10 14 frag_offset_plus_length_not_in_range ID 02000014 154 2 10 15 no_available_fragacts ID 02000015 154 2 10 16 bad_ipdatalen ID 02000016 155 2 10 17 bad_ipdatalen ID 02000017 155 2 10 18 overlapping_frag ID 02000018 155 2 10 19 bad_offs ID 02000019 156 2 10 20 duplicate_frag_with_diff...

Page 10: ... max_if_requests_per_second_reached ID 04200021 178 2 13 21 disallowed_igmp_version ID 04200022 178 2 13 22 received_unknown_igmp_type ID 04200023 178 2 13 23 older_querier_present ID 04200024 179 2 13 24 older_querier_gone ID 04200025 179 2 14 IPSEC 180 2 14 1 fatal_ipsec_event ID 01800100 180 2 14 2 warning_ipsec_event ID 01800101 180 2 14 3 audit_event ID 01800103 180 2 14 4 audit_flood ID 0180...

Page 11: ..._ip_freed ID 01800402 197 2 14 59 recieved_packet_to_disabled_IPsec ID 01800500 198 2 14 60 recieved_packet_to_disabled_IPsec ID 01800501 198 2 14 61 Recieved_plaintext_packet_for_disabled_IPsec_interface ID 01800502 198 2 14 62 no_remote_gateway ID 01800503 199 2 14 63 no_route ID 01800504 199 2 14 64 ping_keepalive_failed_in_tunnel ID 01800505 199 2 14 65 ipsec_interface_disabled ID 01800506 199...

Page 12: ...a_reached ID 01802400 216 2 14 121 max_phase1_negotiations_reached ID 01802402 216 2 14 122 max_active_quickmode_negotiation_reached ID 01802403 216 2 14 123 could_not_decode_certificate ID 01802600 216 2 14 124 could_not_convert_certificate ID 01802601 217 2 14 125 could_not_get_subject_nam_from_ca_cert ID 01802602 217 2 14 126 could_not_set_cert_to_non_CRL_issuer ID 01802603 217 2 14 127 could_n...

Page 13: ...81 config_mode_exchange_event ID 01803022 233 2 14 182 config_mode_exchange_event ID 01803023 233 2 14 183 xauth_exchange_done ID 01803024 234 2 14 184 config_mode_exchange_event ID 01803025 234 2 14 185 config_mode_exchange_event ID 01803026 234 2 14 186 rejecting_ipsec_sa_delete ID 01803027 234 2 14 187 rejecting_ipsec_sa_delete ID 01803028 235 2 14 188 ike_phase2_notification ID 01803029 235 2 ...

Page 14: ...versize_ipcomp ID 07000056 256 2 18 20 oversize_l2tp ID 07000057 256 2 18 21 oversize_ip ID 07000058 257 2 18 22 fragmented_icmp ID 07000070 257 2 18 23 invalid_icmp_data_too_small ID 07000071 257 2 18 24 invalid_icmp_data_ip_ver ID 07000072 258 2 18 25 invalid_icmp_data_too_small ID 07000073 258 2 18 26 invalid_icmp_data_invalid_ip_length ID 07000074 259 2 18 27 invalid_icmp_data_invalid_parampro...

Page 15: ... 23 4 unknown_pptp_auth_source ID 02700004 276 2 23 5 user_disconnected ID 02700005 276 2 23 6 only_routes_set_up_by_server_iface_allowed ID 02700006 276 2 23 7 mppe_required ID 02700007 277 2 23 8 pptp_session_closed ID 02700008 277 2 23 9 pptp_session_request ID 02700009 277 2 23 10 unsupported_message ID 02700010 278 2 23 11 failure_init_radius_accounting ID 02700011 278 2 23 12 pptp_session_up...

Page 16: ..._file_error ID 04900017 296 2 26 16 sesmgr_techsupport ID 04900018 297 2 27 SMTPLOG 298 2 27 1 unable_to_establish_connection ID 03000001 298 2 27 2 connect_timeout ID 03000002 298 2 27 3 send_failure ID 03000004 298 2 27 4 receive_timeout ID 03000005 299 2 27 5 rejected_connect ID 03000006 299 2 27 6 rejected_ehlo_helo ID 03000007 299 2 27 7 rejected_sender ID 03000008 299 2 27 8 rejected_recipie...

Page 17: ...gs ID 03300010 318 2 29 9 mismatched_syn_resent ID 03300011 318 2 29 10 mismatched_first_ack_seqno ID 03300012 319 2 29 11 mismatched_first_ack_seqno ID 03300013 319 2 29 12 rst_out_of_bounds ID 03300015 320 2 29 13 tcp_seqno_too_low ID 03300016 320 2 29 14 unacceptable_ack ID 03300017 320 2 29 15 rst_without_ack ID 03300018 321 2 29 16 tcp_seqno_too_high ID 03300019 321 2 29 17 tcp_recv_windows_d...

Page 18: ..._request ID 03700013 342 2 33 14 no_accounting_start_server_response ID 03700014 342 2 33 15 user_timeout ID 03700020 343 2 33 16 user_timeout_removed_delayed_user ID 03700021 343 2 33 17 group_list_too_long ID 03700030 343 2 33 18 accounting_alive ID 03700050 344 2 33 19 accounting_interim_failure ID 03700051 344 2 33 20 no_accounting_interim_server_response ID 03700052 344 2 33 21 invalid_accoun...

Page 19: ...D 03700506 353 2 33 49 bad_alert_msg ID 03700507 354 2 33 50 unknown_ssl_error ID 03700508 354 2 33 51 negotiated_cipher_does_not_permit_the_chosen_certificate_size ID 03700509 354 2 33 52 received_sslalert ID 03700510 354 2 33 53 sent_sslalert ID 03700511 355 Log Reference Guide 19 ...

Page 20: ...List of Tables 1 Abbreviations 23 20 ...

Page 21: ...List of Examples 1 Log Message Parameters 22 2 Conditional Log Message Parameters 22 21 ...

Page 22: ...g the name of a conditional log message parameter Example 1 Log Message Parameters Log Message New configuration activated by user username and committed via authsystem Parameters authsystem username Both the authsystem and the username parameters will be included Example 2 Conditional Log Message Parameters Log Message Administrative user username logged in via authsystem Access level access_leve...

Page 23: ...col IPSec Internet Protocol Security L2TP Layer 2 Tunneling Protocol NAT Network Address Translation PPP Point to Point Protocol PPPoE Point to Point Protocol over Ethernet RADIUS Remote Authentication Dial In User Service SAT Static Address Translation SMTP Simple Mail Transfer Protocol SNMP Simple Network Management Protocol SSL Secure Socket Layer TCP Transport Control Protocol TLS Transport La...

Page 24: ...ifies the log message The first 3 digits identify the category to which the log message belongs Note In this guide the Name and the ID of the log message form the title of the section describing the log message Category Log messages are grouped into categories where each category maps to a specific subsystem in NetDefendOS For instance the IPSEC category includes some hundreds of log messages all ...

Page 25: ... featured in this reference guide and is never actually included in the log message Revision The current revision of the log message This is increased each time a log message is changed between two releases Additional Information Depending on the log message the following information may also be included Parameters The name of the parameters that are included in this log message If a parameter is ...

Page 26: ...od The name of the ALG sub module ALG Session ID Each ALG session has its own session ID which uniquely identifies an ALG session This is useful for example when matching the opening of an ALG session with the closure of the same ALG session algsesid The session ID of an ALG session Packet Buffer Information about the packet buffer which in turn contains a large number of additional objects Certai...

Page 27: ...tination unreachable or redirect Connection Additional information about a connection Certain parameters may or may not be included depending on the type and status of the connection For example the number of bytes sent by the originator and terminator is only included if the connection is closed conn The status of the connection Possible values open close closing and unknown connipproto The IP pr...

Page 28: ...the rule action is SAT satdestrule The name of the SAT destination rule Valid if the rule action is SAT srcusername The name of the authenticated user in the source network object Valid if the source network object has user authentication information destusername The name of the authenticated user in the destination network object Valid if the destination network object has user authentication inf...

Page 29: ... process to Destination router process Route Additional information about a route route Route network routeiface Route destination interface routegw Route gateway routemetric Route metric cost Route Chapter 1 Introduction 29 ...

Page 30: ...n immediately 2 Critical Critical conditions which affected the functionality of the unit Action should be taken as soon as possible 3 Error Error conditions which probably affected the functionality of the unit 4 Warning Warning conditions which could affect the functionality of the unit 5 Notice Normal but significant conditions 6 Informational Informational conditions 7 Debug Debug level events...

Page 31: ...1 3 Severity levels Chapter 1 Introduction 31 ...

Page 32: ...R page 140 FRAG page 149 IDP page 160 IDPUPDATE page 168 IGMP page 171 IPSEC page 180 IP_ERROR page 239 IP_FLAG page 241 IP_OPT page 243 IP_PROTO page 250 L2TP page 260 LICUPDATE page 266 PPP page 267 PPPOE page 274 PPTP page 275 REASSEMBLY page 284 RULE page 287 SESMGR page 292 SMTPLOG page 298 SYSTEM page 302 TCP_FLAG page 316 TCP_OPT page 324 TIMESYNC page 331 32 ...

Page 33: ... Action None Revision 1 Context Parameters ALG Module Name ALG Session ID Connection 2 1 2 alg_session_closed ID 00200002 Default Severity INFORMATIONAL Log Message ALG session closed Explanation An ALG session has been closed Gateway Action None Recommended Action None Revision 1 Context Parameters ALG Module Name ALG Session ID 2 1 3 max_line_length_exceeded ID 00200003 Default Severity ERROR Lo...

Page 34: ...sessions on services configured with ALGs or try to free up some RAM depending on the situation Revision 1 2 1 5 invalid_client_http_header_received ID 00200100 Default Severity WARNING Log Message HTTPALG Invalid HTTP header was received from the client Closing Connection ALG name algname Explanation An invalid HTTP header was received from the client Gateway Action close Recommended Action Resea...

Page 35: ...hould be sent Gateway Action closing_connecion Recommended Action Research the source of this and try to find out why the client is sending an invalid request Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 8 suspicious_data_received ID 00200106 Default Severity WARNING Log Message HTTPALG Too much suspicious data has been received from the server Closing the co...

Page 36: ...valid HTTP header was received from the server Closing connection ALG name algname Explanation An invalid HTTP header was received from the server Gateway Action closing_connecion Recommended Action Research the source of this and try to find out why the server is sending an invalid header Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 11 compressed_data_receiv...

Page 37: ...e been released Gateway Action close Recommended Action If the maximum number of HTTP sessions is too low increase it Revision 1 Parameters max_sessions Context Parameters ALG Module Name 2 1 13 failed_create_new_session ID 00200111 Default Severity CRITICAL Log Message HTTPALG Failed to create new HTTPALG session out of memory Explanation An attempt to create a new HTTPALG session failed because ...

Page 38: ...filename Identified filetype filetype Explanation The filetype of the file does not match the actual content type As there is a content type mismatch data is discarded Gateway Action block_data Recommended Action None Revision 1 Parameters filename filetype contenttype Context Parameters ALG Module Name ALG Session ID 2 1 16 wcf_override_full ID 00200114 Default Severity ERROR Log Message HTTPALG ...

Page 39: ...size the request is rejected and the connection is closed Gateway Action close Recommended Action If the configurable maximum download size is too low increase it Revision 2 Parameters filename filesize max_download_size Context Parameters ALG Module Name ALG Session ID 2 1 19 blocked_filetype ID 00200117 Default Severity NOTICE Log Message HTTPALG Requested file filename is blocked as this file i...

Page 40: ... connect to the Web Content Filtering servers Verify that the unit has been configured with Internet access Gateway Action none Recommended Action Check_configuration Revision 2 Context Parameters ALG Module Name 2 1 22 wcf_srv_connection_error ID 00200120 Default Severity ERROR Log Message HTTPALG HTTP request not validated by Web Content Filter and allowed Explanation The Web Content Filtering s...

Page 41: ... Default Severity INFORMATIONAL Log Message HTTPALG Connecting to web content server server Explanation Connecting to Web Content Filtering server Gateway Action connecting Recommended Action None Revision 1 Parameters server Context Parameters ALG Module Name 2 1 25 wcf_server_connected ID 00200123 Default Severity INFORMATIONAL Log Message HTTPALG Web content server server connected Explanation ...

Page 42: ...LG Requesting URL url Categories categories Audit audit Override override ALG name algname Explanation The URL has been requested Gateway Action allow Recommended Action None Revision 2 Parameters categories audit override url algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2 1 28 request_url ID 00200126 Default Severity NOTICE Log Message HTTPALG Requesting URL url...

Page 43: ..._bad_reply ID 00200128 Default Severity ERROR Log Message HTTPALG Failed to parse WCF server response Explanation The WCF service could not parse the server response The WCF transmission queue is reset and a new server connection will be established Gateway Action restarting Recommended Action None Revision 1 Parameters failedserver Context Parameters ALG Module Name 2 1 31 request_url ID 00200129...

Page 44: ... up some RAM by changing configuration parameters Revision 1 Context Parameters ALG Module Name 2 1 33 wcf_bad_sync ID 00200131 Default Severity ERROR Log Message HTTPALG WCF request out of sync Explanation The WCF response received from the server did not match the expected value The requested URL is treaded as unknown category Gateway Action compensating Recommended Action None Revision 1 Parame...

Page 45: ...g Message HTTPALG Reclassification request for URL url New Category newcat ALG name algname Explanation The user has requested a category reclassification for the URL Gateway Action allow Recommended Action Disable the ALLOW_RECLASSIFICATION mode of parameter CATEGORIES for this ALG Revision 2 Parameters newcat url algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2 1...

Page 46: ...y Action allow_audit_mode Recommended Action None Revision 2 Parameters categories audit override url user algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2 1 38 request_url ID 00200137 Default Severity NOTICE Log Message HTTPALG Requesting URL url Categories categories Audit audit Override override ALG name algname Explanation The URL has been requested Gateway Act...

Page 47: ...r CATEGORIES for this ALG Revision 2 Parameters url user algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2 1 40 url_reclassification_request ID 00200139 Default Severity WARNING Log Message HTTPALG Reclassification request for URL url New Category newcat ALG name algname Explanation The user has requested a category reclassification for the URL Gateway Action allow ...

Page 48: ...hed Closing connection Explanation The maximum number of concurrent SMTP sessions has been reached for this service No more sessions can be opened before old sessions have been released Gateway Action close Recommended Action If the maximum number of SMTP sessions is too low increase it Revision 1 Parameters max_sessions Context Parameters ALG Module Name 2 1 43 maximum_email_per_minute_reached ID...

Page 49: ...0200153 Default Severity ERROR Log Message SMTPALG Failed to connect to the SMTP Server Closing the connection Explanation The SMTP ALG could not connect to the receiving SMTP server resulting in that the ALG session could not be successfully opened Gateway Action close Recommended Action None Revision 3 Context Parameters ALG Module Name ALG Session ID 2 1 46 invalid_server_response ID 00200155 D...

Page 50: ...rs ALG Module Name ALG Session ID 2 1 48 sender_email_id_is_in_blacklist ID 00200158 Default Severity WARNING Log Message SMTPALG Sender e mail address is in Black List Explanation Since MAIL FROM Email Id is in Black List SMTP ALG rejected the Client request Gateway Action reject Recommended Action None Revision 1 Parameters sender_email_address Context Parameters ALG Module Name ALG Session ID 2...

Page 51: ...ddress recipient_email_addresses Context Parameters ALG Module Name ALG Session ID 2 1 51 base64_decode_failed ID 00200164 Default Severity ERROR Log Message SMTPALG Base 64 decode failed Attachment blocked Explanation The base64 encoded attachment could not be decoded This can occur if the email sender sends incorrectly formatted data The attachment has been blocked Gateway Action block_allow Rec...

Page 52: ...ame is blocked as this file is identified as type filetype which is in block list Explanation The file is present in the block list It will be blocked as per configuration Gateway Action block Recommended Action If this file should be allowed update the ALLOW BLOCK list Revision 2 Parameters filename filetype sender_email_address recipient_email_addresses Context Parameters ALG Module Name ALG Ses...

Page 53: ...sses max_email_size Context Parameters ALG Module Name ALG Session ID 2 1 56 content_type_mismatch_mimecheck_disabled ID 00200171 Default Severity NOTICE Log Message SMTPALG Content type mismatch found for the file filename It is identified as type filetype file Explanation Received type of data in the packet and its actual type do not match As there is a mismatch and mime type check is disabled t...

Page 54: ...ault Severity ALERT Log Message SMTPALG Failed to allocate memory out of memory Explanation An attempt to allocate memory failed Gateway Action close Recommended Action Try to free up unwanted memory Revision 3 Context Parameters ALG Module Name ALG Session ID 2 1 59 invalid_end_of_mail ID 00200176 Default Severity WARNING Log Message SMTPALG Invalid end of mail n n received Explanation The client...

Page 55: ...g ID 00200179 Default Severity ERROR Log Message SMTPALG Command line too long Explanation The SMTP Command line exceeds the maximum command length of 712 characters RFC 2821 Ch 4 5 3 1 says 512 Gateway Action reject Recommended Action None Revision 2 Context Parameters ALG Module Name ALG Session ID 2 1 62 cmd_empty ID 00200180 Default Severity DEBUG Log Message SMTPALG Received empty command Exp...

Page 56: ...anation The SMTP ALG received an email without headers Gateway Action allow Recommended Action None Revision 1 Context Parameters ALG Module Name ALG Session ID 2 1 65 unsupported_extension ID 00200185 Default Severity INFORMATIONAL Log Message SMTPALG Removed capability capa from EHLO response Explanation The SMTP ALG removed the capa capability from the EHLO response since the ALG does not suppo...

Page 57: ...on violation Explanation The client sent an invalid sequence of commands The protocol violation is explained by the violation parameter Gateway Action reject Recommended Action None Revision 1 Parameters violation Context Parameters Connection ALG Module Name ALG Session ID 2 1 68 sender_email_dnsbl_spam_mark_removed_by_whitelist ID 00200195 Default Severity WARNING Log Message SMTPALG Whitelist o...

Page 58: ...ssion ID Rule Information Connection 2 1 70 hybrid_data ID 00200206 Default Severity INFORMATIONAL Log Message FTPALG Hybrid connection made Explanation A hybrid connection was successfully created Gateway Action None Recommended Action None Revision 1 Context Parameters ALG Module Name ALG Session ID Rule Information Connection 2 1 71 hybrid_data ID 00200209 Default Severity INFORMATIONAL Log Mes...

Page 59: ...ion 1 Parameters peer Context Parameters ALG Module Name ALG Session ID Connection 2 1 73 control_chars ID 00200211 Default Severity WARNING Log Message FTPALG Unexpected telnet control chars in control channel from peer Closing connection Explanation Unexpected telnet control characters were discovered in the control channel This is not allowed according to the FTPALG configuration and the connec...

Page 60: ... String string Rejecting command Explanation An invalid command was received on the control channel This is allowed but the command will be rejected as it is not understood Gateway Action rejecting_command Recommended Action If unknown commands should not be allowed modify the FTPALG configuration Revision 1 Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2 1 76...

Page 61: ...tring Context Parameters ALG Module Name ALG Session ID Connection 2 1 78 illegal_ip_address ID 00200216 Default Severity CRITICAL Log Message FTPALG Illegal PORT command from peer bad IP address ip4addr String string Rejecting command Explanation An illegal PORT command was received from the client It requests that the server should connect to another IP that it s own This is not allowed and the ...

Page 62: ...80 failed_to_create_connection1 ID 00200218 Default Severity ERROR Log Message FTPALG Failed to create connection 1 Connection connection String string Explanation An error occured when creating a data connection from the server to client This could possibly be a result of lack of memory Gateway Action None Recommended Action None Revision 1 Parameters peer connection string Context Parameters ALG...

Page 63: ...n invalid direction and the connection will be closed Gateway Action close Recommended Action None Revision 1 Parameters peer Context Parameters ALG Module Name ALG Session ID Connection 2 1 83 illegal_direction2 ID 00200221 Default Severity WARNING Log Message FTPALG Illegal direction for command 2 peer peer Closing connection Explanation A command was sent in an invalid direction and the connect...

Page 64: ...ult Severity WARNING Log Message FTPALG Disallowed OPTS argument from peer String string Rejecting command Explanation A disallowed OPTS argument was received and the command will be rejected Gateway Action rejecting_command Recommended Action None Revision 1 Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2 1 86 unknown_option ID 00200224 Default Severity WARNI...

Page 65: ...ommand Recommended Action None Revision 1 Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2 1 88 unknown_command ID 00200226 Default Severity WARNING Log Message FTPALG Unknown command from peer String string Rejecting command Explanation An unknown command was received and the command will be rejected Gateway Action rejecting_command Recommended Action If unkno...

Page 66: ...og Message FTPALG Illegal multiline response reply from peer String string Closing connection Explanation An illegal multiline response was received from server and the connection will be closed Gateway Action close Recommended Action None Revision 1 Parameters peer reply string Context Parameters ALG Module Name ALG Session ID Connection 2 1 91 illegal_reply ID 00200231 Default Severity WARNING L...

Page 67: ...ring Context Parameters ALG Module Name ALG Session ID Connection 2 1 93 bad_port ID 00200233 Default Severity CRITICAL Log Message FTPALG Bad port port from peer should be within the range range String string Closing connection Explanation An illegal PORT command was received from the server It requests that the client should connect to a port which is out of range This is not allowed and the con...

Page 68: ..._server string Context Parameters ALG Module Name ALG Session ID Connection 2 1 95 failed_to_create_connection2 ID 00200235 Default Severity ERROR Log Message FTPALG Failed to create connection 2 Peer peer Connection connection String string Explanation An error occured when creating a data connection from the client to server This could possibly be a result of lack of memory Gateway Action None R...

Page 69: ...ng to send the PORT command to the server Gateway Action None Recommended Action None Revision 1 Parameters peer Context Parameters ALG Module Name ALG Session ID Connection 2 1 98 failed_to_register_rawconn ID 00200238 Default Severity ERROR Log Message FTPALG Internal Error failed to register eventhandler Closing connection Explanation An internal error occured when registering an eventhandler a...

Page 70: ...is service No more sessions can be opened before old sessions have been released Gateway Action close Recommended Action If the maximum number of FTP sessions is too low increase it Revision 1 Parameters max_sessions Context Parameters ALG Module Name 2 1 101 failed_create_new_session ID 00200242 Default Severity ERROR Log Message FTPALG Failed to create new FTPALG session out of memory Explanatio...

Page 71: ...etype Explanation The filetype of the file does not match the actual content type As there is a content type mismatch data is discarded Gateway Action data_blocked_control_and_data_channel_closed Recommended Action None Revision 1 Parameters filename filetype Context Parameters ALG Module Name ALG Session ID 2 1 104 failed_to_send_command ID 00200251 Default Severity NOTICE Log Message FTPALG Fail...

Page 72: ...type filetype which is in block list Explanation The file is present in the block list It will be blocked as per configuration Gateway Action data_blocked_control_and_data_channel_closed Recommended Action If this file should be allowed update the ALLOW BLOCK list Revision 2 Parameters filename filetype Context Parameters ALG Module Name ALG Session ID 2 1 107 resumed_compressed_file_transfer ID 0...

Page 73: ...ried to issue a REST command which is not valid since the client is not allowed to do this The command will be rejected Gateway Action rejecting_command Recommended Action If the client should be allowed to do issue REST commands modify the FTPALG configuration Revision 1 Parameters filename peer Context Parameters ALG Module Name ALG Session ID Connection 2 1 110 packet_failed_initial_test ID 002...

Page 74: ...Parameters ALG Module Name ALG Session ID Connection 2 1 112 command_not_allowed ID 00200353 Default Severity WARNING Log Message TFTPALG command command not allowed Explanation Command GET or PUT not allowed Closing connection Gateway Action reject Recommended Action If command should be allowed modify the TFTP Alg configuration Revision 1 Parameters command Context Parameters ALG Module Name ALG...

Page 75: ...arameters ALG Module Name ALG Session ID Connection 2 1 115 option_tsize_invalid ID 00200356 Default Severity WARNING Log Message TFTPALG Option tsize value value exceeding allowed max value maxvalue Explanation Option tsize value exceeding allowed value Closing connection Gateway Action reject Recommended Action If connection should be allowed modify the filetransfersize of the TFTP Alg configura...

Page 76: ... value exceeding allowed value Closing connection Gateway Action close Recommended Action If connection should be allowed modify the filetransfersize of the TFTP Alg configuration Revision 1 Parameters value maxvalue Context Parameters ALG Module Name ALG Session ID Connection 2 1 118 unknown_option_blocked ID 00200359 Default Severity WARNING Log Message TFTPALG Request contained unknown option o...

Page 77: ...Log Message TFTPALG Option option contained invalid value value or option not sent Explanation Option contained invalid value or option not sent Closing connection Gateway Action close Recommended Action None Revision 1 Parameters option value Context Parameters ALG Module Name ALG Session ID Connection 2 1 121 option_value_invalid ID 00200362 Default Severity WARNING Log Message TFTPALG Option op...

Page 78: ...Connection 2 1 123 max_tftp_sessions_reached ID 00200364 Default Severity WARNING Log Message FTPALG Maximum number of TFTP sessions max_sessions for service reached Closing connection Explanation The maximum number of concurrent TFTP sessions has been reached for this service No more sessions can be opened before old sessions have been released Gateway Action close Recommended Action If the maxim...

Page 79: ...on close Recommended Action None Revision 1 Parameters opcode packet_length Context Parameters ALG Module Name ALG Session ID Connection 2 1 126 failed_create_connection ID 00200367 Default Severity ERROR Log Message TFTPALG Failed to create listening connection internal error error_code Closing session Explanation The unit failed to create listening connection resulting in that the ALG session co...

Page 80: ...acket length packet_length Explanation Received packet out of sequence Closing connection Gateway Action close Recommended Action None Revision 1 Parameters opcode packet_length Context Parameters ALG Module Name ALG Session ID Connection 2 1 129 transfer_size_exceeded ID 00200370 Default Severity WARNING Log Message TFTPALG Received bytes received exceeding allowed max value maxvalue Explanation ...

Page 81: ...0372 Default Severity ERROR Log Message TFTPALG Failed to strip options internal error Explanation An attempt to send request packet without options failed because of an internal error Gateway Action close Recommended Action None Revision 1 Context Parameters ALG Module Name 2 1 132 failed_create_connection ID 00200373 Default Severity ERROR Log Message TFTPALG Failed to create listening connectio...

Page 82: ... POP3 sessions max_sessions for service reached Closing connection Explanation The maximum number of concurrent POP3 sessions has been reached for this service No more sessions can be opened before old sessions have been released Gateway Action close Recommended Action If the maximum number of POP3 sessions is too low increase it Revision 1 Parameters max_sessions Context Parameters ALG Module Nam...

Page 83: ...dule Name ALG Session ID 2 1 137 out_of_memory ID 00200383 Default Severity ERROR Log Message POP3ALG Failed to allocate memory out of memory Explanation An attempt to allocate memory failed Gateway Action close Recommended Action Try to free up unwanted memory Revision 1 Context Parameters ALG Module Name ALG Session ID 2 1 138 blocked_filetype ID 00200384 Default Severity NOTICE Log Message POP3...

Page 84: ... ALG Session ID 2 1 140 base64_decode_failed ID 00200386 Default Severity ERROR Log Message POP3ALG Base 64 decode failed Attachment blocked Explanation The data sent to Base64 decoding failed This can occur if the email sender sends incorrectly formatted data The attachment has been blocked Gateway Action block_data Recommended Action Research how the sender is encoding the data Revision 1 Parame...

Page 85: ...len Explanation The client is sending command with invalid command length The command will be blocked Gateway Action block Recommended Action None Revision 1 Parameters len linebegin Context Parameters ALG Module Name ALG Session ID 2 1 143 response_blocked_invalid_len ID 00200389 Default Severity WARNING Log Message POP3ALG Response blocked Invalid response length len Explanation The server is se...

Page 86: ...atch found for the file filename It is identified as type filetype file Explanation Received type of data in the packet and its actual type do not match As there is a mismatch and mime type check is disabled the data will be allowed Gateway Action allow Recommended Action Content type should be matched Revision 2 Parameters filename filetype sender_email_address Context Parameters ALG Module Name ...

Page 87: ...n 1 Parameters command Context Parameters ALG Module Name ALG Session ID 2 1 148 unknown_command_blocked ID 00200394 Default Severity WARNING Log Message POP3ALG Unknown command blocked Explanation The client is sending unknown command The command will be blocked Gateway Action block Recommended Action If the command are to be allowed change the Alg configuration Revision 1 Parameters command Cont...

Page 88: ... Research why mail contains invalid line endings Revision 1 Context Parameters ALG Module Name ALG Session ID 2 1 151 top_mail_end_blocked ID 00200398 Default Severity WARNING Log Message POP3ALG The last part of mail retreived with TOP command blocked Explanation Only part of mail retrieved using TOP command was received The last part was therefore blocked by the Security Gateway Gateway Action b...

Page 89: ...SALG session failed because the unit is out of memory Gateway Action close Recommended Action Decrease the maximum allowed TLSALG sessions or try to free some of the RAM used Revision 1 Context Parameters ALG Module Name 2 1 154 failure_connect_http_server ID 00200452 Default Severity ERROR Log Message TLSALG Failed to connect to the HTTP Server Closing connection ALG name algname Explanation The ...

Page 90: ...d a renegotiation Renegotiation is however not supported so an alert was sent to let the peer know that there will be no renegotiation Gateway Action tls_alert_sent Recommended Action None Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 157 tls_alert_sent ID 00200455 Default Severity ERROR Log Message TLSALG Sent TLS alert alert to peer Explanation A TLS error h...

Page 91: ...ted ID 00200457 Default Severity ERROR Log Message TLSALG SSL renegotiation attempted but not supported Explanation The SSL peer initiated a renegotiation Renegotiation is however not supported so the TLS ALG session will be closed Gateway Action close Recommended Action None Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 160 tls_disallowed_key_exchange ID 0020...

Page 92: ...received The TLS ALG session will be closed Gateway Action close Recommended Action None Revision 1 Parameters message_type algname Context Parameters ALG Module Name ALG Session ID 2 1 162 tls_bad_message_order ID 00200460 Default Severity ERROR Log Message TLSALG Bad TLS handshake message order Explanation A TLS handshake message of a type that is not expected in the current state of the handsha...

Page 93: ...ired to process the TLS connection of a TLS ALG session The TLS ALG session will be closed Gateway Action close Recommended Action None Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 165 tls_failed_to_verify_finished ID 00200463 Default Severity ERROR Log Message TLSALG Failed to verify finished message Explanation The unit failed to verify the TLS finished mes...

Page 94: ...oncurrent PPTP sessions has been reached for this service No more sessions can be opened before old sessions have been released Gateway Action close Recommended Action If the maximum number of PPTP sessions is too low increase it Revision 1 Parameters max_sessions Context Parameters ALG Module Name 2 1 168 failed_create_new_session ID 00200602 Default Severity CRITICAL Log Message PPTPALG Failed t...

Page 95: ... 00200604 Default Severity NOTICE Log Message PPTPALG PPTP tunnel established from client Explanation A PPTP tunnel has been established between PPTP client and security gateway Gateway Action None Recommended Action None Revision 1 Context Parameters ALG Session ID ALG Module Name 2 1 171 pptp_tunnel_removed_client ID 00200605 Default Severity NOTICE Log Message PPTPALG PPTP tunnel between client...

Page 96: ...blished ID 00200607 Default Severity NOTICE Log Message PPTPALG PPTP session established Explanation A PPTP session has been established Gateway Action None Recommended Action None Revision 1 Context Parameters ALG Session ID ALG Module Name 2 1 174 pptp_session_removed ID 00200608 Default Severity NOTICE Log Message PPTPALG PPTP session removed Explanation A PPTP session has been removed Gateway ...

Page 97: ...on 1 Parameters iface remotegw 2 1 176 pptp_tunnel_established_server ID 00200610 Default Severity NOTICE Log Message PPTPALG PPTP tunnel established from server Explanation A PPTP tunnel has been established between PPTP server and security gateway Gateway Action None Recommended Action None Revision 1 Context Parameters ALG Session ID ALG Module Name 2 1 176 pptp_tunnel_established_server ID 002...

Page 98: ...ers filename virusname virussig advisoryid layer7_srcinfo layer7_dstinfo Context Parameters ALG Module Name ALG Session ID Connection 2 2 2 virus_found ID 05800002 Default Severity WARNING Log Message Virus found in file filename Virus Name virusname Signature virussig Advisory ID advisoryid Explanation A virus has been detected in a data stream Since anti virus is running in audit mode the data t...

Page 99: ... Message Decompression error for file filename Explanation The file could not be scanned by the anti virus module since the decompression of the compressed file failed Since anti virus is running in protect mode the data transfer will be aborted in order to protect the receiver Gateway Action block_data Recommended Action Change Fail Mode parameter to allow if files that fail decompression should ...

Page 100: ...ression ratio higher than the specified value Action is set to continue scan Gateway Action continue_scan Recommended Action Files with too high compression ratio can consume large amount of resources This can be a DOS attack Revision 1 Parameters filename comp_ratio layer7_srcinfo layer7_dstinfo Context Parameters ALG Module Name ALG Session ID Connection 2 2 7 compression_ratio_violation ID 0580...

Page 101: ...n ratio can consume large amount of resources This can be a DOS attack Revision 1 Parameters filename comp_ratio layer7_srcinfo layer7_dstinfo Context Parameters ALG Module Name ALG Session ID Connection 2 2 9 out_of_memory ID 05800009 Default Severity ERROR Log Message Out of memory Explanation Memory allocation failed Since anti virus is running in audit mode the data transfer will be allowed to...

Page 102: ...5800011 Default Severity ERROR Log Message Anti virus scan engine failed for the file filename Explanation An error occured in the anti virus scan engine Since anti virus is running in protect mode the data transfer will be aborted in order to protect the receiver Gateway Action block_data Recommended Action None Revision 1 Parameters filename layer7_srcinfo layer7_dstinfo Context Parameters ALG M...

Page 103: ...s Anti virus scanning can be turned off in order to avoid future postings of this log message Revision 2 Context Parameters ALG Session ID 2 2 14 no_signature_database ID 05800016 Default Severity CRITICAL Log Message AVSE Virus scanning aborted No virus signatures present Explanation Anti virus scanning is aborted since there is no local anti virus signature database Gateway Action av_scanning_de...

Page 104: ...g_denied Recommended Action Review your configuration in order to free up more RAM Revision 2 Context Parameters ALG Session ID 2 2 17 unknown_encoding ID 05800182 Default Severity WARNING Log Message SMTPALG Content transfer encoding is unknown or not present Explanation Antivirus module cannot scan the attachment since the transfer encoding is missing or unknown Fail Mode is deny so data is bloc...

Page 105: ...t Explanation Antivirus module cannot scan the attachment since the transfer encoding is missing or unknown Fail Mode is deny so data is blocked Gateway Action block_data Recommended Action None Revision 1 Parameters filename unknown_content_transfer_encoding sender_email_address Context Parameters ALG Module Name ALG Session ID 2 2 20 unknown_encoding ID 05800185 Default Severity WARNING Log Mess...

Page 106: ...unknown_content_transfer_encoding sender_email_address Context Parameters ALG Module Name ALG Session ID 2 2 20 unknown_encoding ID 05800185 Chapter 2 Log Message Reference 106 ...

Page 107: ...ssage ARP query sender IP is 0 0 0 0 Explanation The source IP address of an ARP query is 0 0 0 0 Allowing Gateway Action allow Recommended Action If this is not the desired behaviour modify the configuration Revision 1 Context Parameters Rule Name Packet Buffer 2 3 3 no_sender_ip ID 00300003 Default Severity NOTICE Log Message ARP query sender IP is 0 0 0 0 Dropping Explanation The source IP addr...

Page 108: ...be the case if there are load balancing network equipment in the network Allowing Gateway Action allow Recommended Action If this is not the desired behaviour modify the configuration Revision 1 Context Parameters Rule Name Packet Buffer 2 3 6 mismatching_hwaddrs ID 00300006 Default Severity NOTICE Log Message ARP hw sender does not match Ethernet hw sender Explanation The hardware sender address ...

Page 109: ...er processing Explanation A known dynamic ARP entry has a different hardware address than the one in the ARP packet Allowing packet for further processing Gateway Action allow_processing Recommended Action If this is not the desired behaviour modify the configuration Revision 1 Parameters knownip knownhw newhw Context Parameters Rule Name Packet Buffer 2 3 9 arp_cache_size_limit_reached ID 0030003...

Page 110: ...t rule in access section Explanation The ARP sender IP address is verified by an expect rule in the access section Gateway Action access_allow Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 3 12 impossible_hw_address ID 00300051 Default Severity NOTICE Log Message Impossible hardware address 0000 0000 0000 in ARP response Dropping Explanation The ARP response has s...

Page 111: ...re load balancing network equipment in the network Dropping packet Gateway Action drop Recommended Action If this is not the desired behaviour modify the configuration Revision 1 Context Parameters Rule Name Packet Buffer 2 3 15 arp_collides_with_static ID 00300054 Default Severity WARNING Log Message Known entry is knowntype knownip knownhw Dropping Explanation The hardware sender address does no...

Page 112: ...xplanation A known dynamic ARP entry has a different hardware address than the one in the ARP packet Dropping packet Gateway Action drop Recommended Action If this is not the desired behaviour modify the configuration Revision 1 Parameters knownip knownhw newhw Context Parameters Rule Name Packet Buffer 2 3 16 hwaddr_change_drop ID 00300055 Chapter 2 Log Message Reference 112 ...

Page 113: ...abase_downloaded ID 05000002 Default Severity NOTICE Log Message New anti virus database downloaded Explanation An updated version of the anti virus database has been downloaded which will now be used Gateway Action using_new_database Recommended Action None Revision 2 2 4 3 av_db_already_up_to_date ID 05000003 Default Severity NOTICE Log Message Anti virus database is up to date Explanation The c...

Page 114: ... manual antivirus update has been performed Gateway Action antivirus_disabled Recommended Action Check and set the system time correct and perform a manual antivirus update Revision 1 Parameters date 2 4 6 downloading_new_database ID 05000007 Default Severity NOTICE Log Message Downloading new antivirus database Explanation A new antivirus database is availible The database is being downloaded Gat...

Page 115: ...Recommended Action None Revision 1 2 4 7 unsynced_databases ID 05000008 Chapter 2 Log Message Reference 115 ...

Page 116: ...on If this is a reoccurring event try increasing the number of HighBuffers Revision 1 Parameters duration buf_usage 2 5 2 buffers_profile ID 00500002 Default Severity DEBUG Log Message Buffer requested by reason used at total of duration ticks and was touched numstop times Explanation A buffer associated with a profiling request has been identified This log message will only be generated by specia...

Page 117: ...og Message Connection closed Explanation A connection has been closed Gateway Action close Recommended Action None Revision 1 Context Parameters Rule Information Connection 2 6 3 connection_table_full ID 00600003 Default Severity WARNING Log Message Closing replacing this connection connection table full Explanation The connection table is currently full and the unit needs to open a new connection...

Page 118: ...ction closed Explanation A connection has been closed Gateway Action close Recommended Action None Revision 1 Context Parameters Rule Information Connection 2 6 6 out_of_connections ID 00600010 Default Severity WARNING Log Message Out of connections Rejecting connection attempt Explanation The connection table is currently full and this new connection attempt will be rejected Gateway Action reject...

Page 119: ...acket since the combination of TCP flags is wrong Only packets with the SYN TCP flag set as the only TCP flag are allowed to open a new TCP connection Gateway Action reject Recommended Action None Revision 1 Parameters protocol Context Parameters Rule Name Packet Buffer 2 6 9 no_new_conn_for_this_packet ID 00600013 Default Severity WARNING Log Message State inspector would not open a new connectio...

Page 120: ...15 Default Severity WARNING Log Message Disallowed reverse connect attempt from peer Dropping Explanation State inspector does not allow this packet in reverse direction on the already opened connection This type of packet is only allowed to be sent by the originator of a connection Dropping the packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Connection P...

Page 121: ...Packet Buffer 2 6 14 udp_src_port_0_forwarded ID 00600022 Default Severity WARNING Log Message UDP source port is set to 0 Forwards packet Explanation The UDP source port was set to 0 This can be used by UDP streams not expecting return traffic Forwarding packet Gateway Action none Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 6 15 conn_usage ID 00600023 Default S...

Page 122: ...ATIONAL Log Message FTPALG Incoming passive data channel Explanation A passive data channel connection has been established Gateway Action None Recommended Action None Revision 1 Context Parameters ALG Module Name ALG Session ID Rule Information Connection 2 6 18 active_data ID 00600102 Default Severity INFORMATIONAL Log Message FTPALG Active data channel closed Explanation An active data channel ...

Page 123: ...ge FTPALG Passive data channel closed Explanation A passive data channel was closed Gateway Action None Recommended Action None Revision 1 Context Parameters ALG Module Name ALG Session ID Rule Information Connection 2 6 19 passive_data ID 00600103 Chapter 2 Log Message Reference 123 ...

Page 124: ...7 2 lease_changed ID 00700002 Default Severity WARNING Log Message Some vital parameter s in the lease on interface iface have changed restarting DHCP process Explanation The DHCP server have updated some information considered vital This will result in the DHCP process being restarted Gateway Action restart Recommended Action None Revision 1 Parameters iface Context Parameters Packet Buffer 2 7 3...

Page 125: ... Severity NOTICE Log Message Interface iface lease expired Explanation A lease have expired and the ip data for this interface are no longer valid Gateway Action restart Recommended Action Check connection and DHCP server reachability Revision 1 Parameters iface 2 7 6 invalid_lease_time ID 00700007 Default Severity WARNING Log Message Interface iface received a lease with a leasetime lease_time wh...

Page 126: ...server configuration Revision 1 Parameters iface server_id Context Parameters Packet Buffer 2 7 8 invalid_netmask ID 00700009 Default Severity WARNING Log Message Interface iface received a lease with an invalid netmask netmask Explanation An interface received a lease with an invalid netmask Gateway Action drop Recommended Action Check DHCP server configuration Revision 1 Parameters iface netmask...

Page 127: ...ateway Action drop Recommended Action Check DHCP server configuration Revision 1 Parameters iface offered_ip Context Parameters Packet Buffer 2 7 11 invalid_gateway ID 00700012 Default Severity WARNING Log Message Interface iface received a lease with an invalid gateway gateway Explanation An interface received a lease with an invalid gateway address Gateway Action drop Recommended Action Check DH...

Page 128: ...ch if used will cause an IP collision with a configured route Gateway Action drop Recommended Action Check DHCP server configuration and the SG interface configuration Revision 1 Parameters iface dhcp_ip configured_route Context Parameters Packet Buffer 2 7 14 route_collision ID 00700015 Default Severity WARNING Log Message Interface iface received a lease which if used will cause a route collisio...

Page 129: ...Context Parameters Packet Buffer 2 7 14 route_collision ID 00700015 Chapter 2 Log Message Reference 129 ...

Page 130: ...t was successfully auto saved to disk Explanation The DHCP relay list was successfully written to disk Gateway Action None Recommended Action None Revision 1 2 8 3 dhcp_pkt_too_small ID 00800003 Default Severity NOTICE Log Message Received DHCP packet which is smaller then the minimum allowed 300 bytes Explanation Received a DHCP packet which is smaller then the minimum allowed 300 bytes Gateway A...

Page 131: ...ecommended Action Verify packets per minute limit Revision 1 Context Parameters Packet Buffer 2 8 6 relayer_resuming ID 00800006 Default Severity NOTICE Log Message The relayer is now resuming packets_dropped packets were dropped while the relayer was inactive Explanation The relayer is now resuming its duties since being temporary halted by the packets per minute limit Gateway Action None Recomme...

Page 132: ...on_state ID 00800009 Default Severity WARNING Log Message Got server reply without transaction state for client client_hw Dropping Explanation Received a server reply without a matching transaction state Gateway Action drop Recommended Action Check the network environment for errors Revision 1 Parameters client_hw Context Parameters Packet Buffer 2 8 10 maximum_dhcp_client_relay_routes_reached ID ...

Page 133: ...12 Default Severity WARNING Log Message Request ignored according to the ruleset Explanation A DHCP relay request was ignored according to the rules Gateway Action ignore Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 8 13 no_message_type ID 00800013 Default Severity WARNING Log Message No message type Dropping Explanation Received DHCP packet without the required ...

Page 134: ...ORM packet passed a relayer but the client ip isnt set Dropping Explanation Received relayed INFORM DHCP packet with illegally missing client IP Gateway Action drop Recommended Action Investigate what client implementation is being used Revision 1 Context Parameters Rule Name Packet Buffer 2 8 16 maximum_current_dhcp_relays_for_iface ID 00800016 Default Severity WARNING Log Message The maximum num...

Page 135: ...t Severity WARNING Log Message Unable to get free transaction state for client client_hw Dropping Explanation Unable to get a free transaction state to handle client request Gateway Action drop Recommended Action Verify max transaction count setting Revision 1 Parameters client_hw Context Parameters Rule Name Packet Buffer 2 8 19 invalid_gateway ID 00800019 Default Severity WARNING Log Message Rec...

Page 136: ...acket Buffer 2 8 21 relayed_request ID 00800021 Default Severity NOTICE Log Message Relayed BOOTP request from client client_hw to dest_ip Explanation Relayed a BOOTP request Gateway Action None Recommended Action None Revision 1 Parameters client_hw dest_ip Context Parameters Rule Name Packet Buffer 2 8 22 got_reply_on_a_non_security_equivalent_interface ID 00800022 Default Severity WARNING Log M...

Page 137: ...he rules Gateway Action drop Recommended Action Verify allowed lease addresses setting Revision 1 Parameters iface server_ip ip Context Parameters Rule Name Packet Buffer 2 8 24 illegal_client_ip_assignment ID 00800024 Default Severity WARNING Log Message DHCP BOOTP Server server_ip tried to assign a client with an illegal IP ip Dropping Explanation Received a lease with an illegal client assignme...

Page 138: ...yed_dhcp_reply ID 00800026 Default Severity NOTICE Log Message Relayed DHCP reply type to client client_hw Explanation Relayed DHCP reply to client Gateway Action None Recommended Action None Revision 1 Parameters type client_hw Context Parameters Rule Name Packet Buffer 2 8 27 relayed_bootp_reply ID 00800027 Default Severity NOTICE Log Message Relayed BOOTP reply to client client_hw Explanation R...

Page 139: ...rameters type gateway_ip Context Parameters Rule Name Packet Buffer 2 8 29 relayed_bootp_reply ID 00800029 Default Severity NOTICE Log Message Relayed BOOTP reply to gateway gateway_ip Explanation Relayed BOOTP reply to a gateway Gateway Action None Recommended Action None Revision 1 Parameters gateway_ip Context Parameters Rule Name Packet Buffer 2 8 28 relayed_dhcp_reply ID 00800028 Chapter 2 Lo...

Page 140: ...Unable to send reply since the DHCP option section is too big Gateway Action drop Recommended Action Reduce the number of used DHCP options Revision 1 2 9 3 unable_to_save_lease_db ID 00900003 Default Severity WARNING Log Message Unable to auto save the lease database to disk Explanation Some sort of error occurred saving the lease database to disk Gateway Action None Recommended Action Make sure ...

Page 141: ...ient_without_state ID 00900006 Default Severity WARNING Log Message Received a request from client not in bound client for IP client_ip without state Rejecting Explanation Received a request from a non bound client without state Gateway Action reject Recommended Action None Revision 1 Parameters client client_ip Context Parameters Packet Buffer 2 9 7 request_for_ip_from_bound_client_without_state ...

Page 142: ...rs client client_ip Context Parameters Packet Buffer 2 9 9 all_ip_pools_depleted ID 00900010 Default Severity WARNING Log Message All IP pools are depleted Unable to handle request Ignoring Explanation All IP pools have been depleted Gateway Action None Recommended Action Extend the pools to support more clients Revision 1 Context Parameters Packet Buffer 2 9 10 request_with_bad_udp_checksum ID 00...

Page 143: ... ID 00900013 Default Severity NOTICE Log Message Offer for IP client_ip timed out Was offered to client client_hw Explanation An offer to a client was never accepted and timed out Gateway Action lease_inactive Recommended Action None Revision 1 Parameters client_ip client_hw Context Parameters Rule Name 2 9 13 pool_depleted ID 00900014 Default Severity WARNING Log Message All IPs in the pool are i...

Page 144: ..._depleted ID 00900016 Default Severity NOTICE Log Message All IPs in the pool are now in use Explanation All IPs the the pool have been consumed Gateway Action None Recommended Action Extend the pool to support more clients Revision 1 Context Parameters Rule Name Packet Buffer 2 9 16 request_for_non_offered_ip ID 00900017 Default Severity WARNING Log Message Client client_hw requested non offered ...

Page 145: ... Packet Buffer 2 9 18 client_bound ID 00900019 Default Severity NOTICE Log Message Client client_hw accepted IP client_ip Client is now bound Explanation Client accepted the IP address and are now bound Gateway Action new_lease Recommended Action None Revision 1 Parameters client_hw client_ip Context Parameters Rule Name Packet Buffer 2 9 19 client_renewed ID 00900020 Default Severity NOTICE Log M...

Page 146: ...lient_hw client_ip Context Parameters Rule Name Packet Buffer 2 9 21 decline_for_ip_on_wrong_iface ID 00900022 Default Severity NOTICE Log Message Got decline for ip client_ip on wrong interface recv recv_if lease client_if Decline is ignored Explanation Got decline from a client on the wrong interface Gateway Action None Recommended Action Check network for inconsistent routes Revision 1 Paramete...

Page 147: ...d IP Gateway Action blacklist Recommended Action Check network for statically configured hosts or incorrectly proxy ARPed routes Revision 1 Parameters client_hw client_ip Context Parameters Rule Name Packet Buffer 2 9 24 request_for_ip_from_bound_client_without_state ID 00900025 Default Severity WARNING Log Message Received a request from client bound client for IP client_ip without state Ignoring...

Page 148: ...consistent routes Revision 1 Parameters client_hw client_ip recv_if client_if Context Parameters Rule Name Packet Buffer 2 9 26 released_by_client ID 00900027 Default Severity NOTICE Log Message Client client_hw released IP client_ip Explanation A client released prematuraly ended its lease Gateway Action lease_released Recommended Action None Revision 1 Parameters client_hw client_ip Context Para...

Page 149: ...ined fragments Dropping Explanation An Internal Error occured when freeing an active fragment Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Dropped Fragments Rule Name 2 10 3 fail_suspect_out_of_resources ID 02000003 Default Severity CRITICAL Log Message Out of reassembly resources for suspect Frags frags srcip destip ipproto FragID fragid State fragact ...

Page 150: ... Revision 1 Parameters srcip destip ipproto fragid fragact frags Context Parameters Dropped Fragments Rule Name 2 10 5 fail_suspect_timeout ID 02000005 Default Severity CRITICAL Log Message Time out reassembling suspect Frags frags srcip destip ipproto FragID fragid State fragact Explanation Timed out when reassembling a fragmented IP packet which may contain illegal fragments Dropping packet Gate...

Page 151: ...gments Rule Name 2 10 7 disallowed_suspect ID 02000007 Default Severity WARNING Log Message Dropping stored fragments of disallowed suspect packet Frags frags srcip destip ipproto FragID fragid State fragact Explanation The fragments of a disallowed IP packet which may contain illegal fragments were dropped Gateway Action drop Recommended Action None Revision 1 Parameters srcip destip ipproto frag...

Page 152: ...s of illegal packet Frags frags srcip destip ipproto FragID fragid State fragact Explanation The fragments of an illegal IP packet were dropped Gateway Action drop Recommended Action None Revision 1 Parameters srcip destip ipproto fragid fragact frags Context Parameters Dropped Fragments Rule Name 2 10 10 drop_extraneous_frags_of_completed_packet ID 02000010 Default Severity WARNING Log Message Dr...

Page 153: ...ecommended Action None Revision 1 Parameters state Context Parameters Dropped Fragments Rule Name 2 10 12 drop_duplicate_frag_suspect_packet ID 02000012 Default Severity WARNING Log Message Dropping duplicate fragment of suspect packet Explanation A duplicate fragment of an IP packet which may contain illegal fragments was received Dropping the duplicate fragment Gateway Action drop Recommended Ac...

Page 154: ...outside of the allowed IP size range Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters minipdatalen maxipdatalen Context Parameters Rule Name Packet Buffer 2 10 15 no_available_fragacts ID 02000015 Default Severity WARNING Log Message Internal Error No available resources out of memory Explanation An Internal Error occured Failed to create necessary fragmentation re...

Page 155: ...maximum maxipdatalen Explanation The fragment offset plus length would result in a greater length than the configured maximum length of an IP packet Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters maxipdatalen Context Parameters Rule Name Packet Buffer 2 10 18 overlapping_frag ID 02000018 Default Severity ERROR Log Message Overlapping fragment Explanation This fra...

Page 156: ... an already received fragment but the fragment lengths differ Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 10 21 duplicate_frag_with_different_data ID 02000021 Default Severity ERROR Log Message Duplicate fragment with different data received Explanation The fragment is a duplicate of an already received fragment but the fragme...

Page 157: ...lowed IP packet which may contain illegal fragments is dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 10 24 drop_frag_disallowed_packet ID 02000024 Default Severity WARNING Log Message Dropping fragment of disallowed packet Explanation A fragment of a disallowed IP packet is dropped Gateway Action drop Recommended Action None Revision 1 ...

Page 158: ...al fragments is dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 10 27 drop_frag_failed_packet ID 02000027 Default Severity WARNING Log Message Dropping fragment of failed packet Explanation A fragment of a failed IP packet is dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 10 28 ...

Page 159: ...erity CRITICAL Log Message Internal Error Contains fragments even when freeing Dropping Explanation An Internal Error occured when freeing an active fragment Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Dropped Fragments Rule Name 2 10 29 fragments_available_freeing ID 02000100 Chapter 2 Log Message Reference 159 ...

Page 160: ...spect an attack Revision 1 Parameters description signatureid idrule ipproto srcip srcport destip destport Context Parameters Rule Name Deep Inspection 2 11 2 idp_notice ID 01300002 Default Severity WARNING Log Message IDP Notice description Signature ID signatureid ID Rule idrule Protocol ipproto Source IP srcip Source Port srcport Destination IP destip Destination Port destport Closing connectio...

Page 161: ...sion 1 Parameters description signatureid idrule ipproto srcip srcport destip destport Context Parameters Rule Name Deep Inspection 2 11 4 virus_detected ID 01300004 Default Severity WARNING Log Message Virus worm detected description Signature ID signatureid ID Rule idrule Protocol ipproto Source IP srcip Source Port srcport Destination IP destip Destination Port destport Closing connection Expla...

Page 162: ...gnatureid idrule ipproto srcip srcport destip destport Context Parameters Rule Name Deep Inspection 2 11 6 idp_notice ID 01300006 Default Severity NOTICE Log Message IDP Notice description Signature ID signatureid ID Rule idrule Protocol ipproto Source IP srcip Source Port srcport Destination IP destip Destination Port destport Explanation A notice signature matched the traffic Gateway Action None...

Page 163: ...drule ipproto srcip srcport destip destport Context Parameters Rule Name Deep Inspection 2 11 8 virus_detected ID 01300008 Default Severity NOTICE Log Message Virus Worm detected description Signature ID signatureid ID Rule idrule Protocol ipproto Source IP srcip Source Port srcport Destination IP destip Destination Port destport Explanation A virus signature matched the traffic Gateway Action Non...

Page 164: ...stport Context Parameters Rule Name 2 11 10 invalid_url_format ID 01300010 Default Severity WARNING Log Message Failed to parse the HTTP URL ID Rule idrule URL url Source IP srcip Source Port srcport Destination IP destip Destination Port destport Ignoring the URL Explanation The unit failed parsing an URL The reason for this is problaby because the URL has an invalid format or it contains invalid...

Page 165: ...rce IP srcip Source Port srcport Destination IP destip Destination Port destport Explanation The unit failed to reassemble data The reason for this is problaby due to an IDP engine evasion attack Gateway Action ignore Recommended Action None Revision 1 Parameters idrule srcip srcport destip destport Context Parameters Rule Name 2 11 13 idp_outofmem ID 01300013 Default Severity ERROR Log Message Fa...

Page 166: ...f memory Gateway Action ignore Recommended Action Review your configuration Revision 1 Parameters idrule srcip srcport destip destport Context Parameters Rule Name 2 11 15 idp_failscan ID 01300015 Default Severity ERROR Log Message Failed to scan data ID Rule idrule Source IP srcip Source Port srcport Destination IP destip Destination Port destport Reason reason Closing connection Explanation The ...

Page 167: ...IP srcip Source Port srcport Destination IP destip Destination Port destport Reason reason Explanation The unit failed to scan data Gateway Action ignore Recommended Action None Revision 1 Parameters idrule srcip srcport destip destport reason Context Parameters Rule Name 2 11 16 idp_failscan ID 01300016 Chapter 2 Log Message Reference 167 ...

Page 168: ...database_downloaded ID 01400002 Default Severity NOTICE Log Message New Intrusion Detection Prevention database downloaded Explanation An updated version of the Intrusion Detection Prevention database has been downloaded which will now be used Gateway Action using_new_database Recommended Action None Revision 2 2 12 3 idp_db_already_up_to_date ID 01400003 Default Severity NOTICE Log Message Intrus...

Page 169: ... IDP features IDP features remains disabled until clock is correct and a manual IDP update has been performed Gateway Action idp_disabled Recommended Action Check and set the system time correct and perform a manual IDP update Revision 1 Parameters date 2 12 6 downloading_new_database ID 01400007 Default Severity NOTICE Log Message Downloading new IDP database Explanation A new IDP database is ava...

Page 170: ...update is automatically initiated Gateway Action downloading_new_database Recommended Action None Revision 1 2 12 7 unsynced_databases ID 01400009 Chapter 2 Log Message Reference 170 ...

Page 171: ...e Explanation I am no longer the IMGP Querier at the specified interface Gateway Action None Recommended Action None Revision 1 Parameters dest iface 2 13 3 invalid_dest_ip_address ID 04200003 Default Severity WARNING Log Message Rejected IGMP message directed to unicast IP ip_dest at interface recv_if Explanation Rejected IGMP message directed to a unicast IP Possible IGMP DoS attack Note that se...

Page 172: ...ld not restart the IGMP listening conn Reason Out of memory Explanation Could not restart the IGMP listening conn The IGMP system is no longer functional since it cannot handle IGMP requests Gateway Action None Recommended Action Reboot the system Revision 1 2 13 6 invalid_size_query_packet ID 04200007 Default Severity WARNING Log Message Broken IGMP Query at interface recv_if payload exceeds pack...

Page 173: ...e translated into a unicast address Revision 1 Parameters recv_if grp grp_sat Context Parameters Packet Buffer 2 13 8 igmp_query_dropped ID 04200009 Default Severity NOTICE Log Message Rule name dropped IGMP Query about group grp and source src at interface if from router rip Explanation Dropped IGMP Query Gateway Action drop Recommended Action None Revision 1 Parameters if rip igmpver grp src nam...

Page 174: ... Action drop Recommended Action Specifically check your IGMP ruleset for incorrect SAT information IGMP support requires at least one REPORT Member Report rule and one matching QUERY rule Make sure both multicast groups and source addresses map one to one between Member Reports and Queries Finally check the network for for other anomalies that could indicate broken equipment or installed spyware R...

Page 175: ...n to suspect an attack upgrading this software may solve the problem Revision 1 Parameters recv_if grp Context Parameters Packet Buffer 2 13 13 invalid_size_report_packet ID 04200014 Default Severity ERROR Log Message Broken IGMP Member Report at interface recv_if Group record grp makes payload larger than IGMP packet size Explanation Harmful condition that potentially could give an attacker full ...

Page 176: ...NING Log Message Bad IGMP Member Report received Group record grp of unknown type type Explanation This indicates faulty software hardware somewhere on the network Gateway Action drop Recommended Action None but keep an eye open for for broken hardware somewhere in the network Revision 1 Parameters grp type Context Parameters Packet Buffer 2 13 16 igmp_report_dropped ID 04200017 Default Severity N...

Page 177: ...G Log Message Rejected IGMP message from incorrect IP src at interface iface Explanation Rejected IGMP message because it claims to have been sent by me but I know I did not send any Possible IGMP DoS attack but more likely an IP conflict Gateway Action drop Recommended Action Assign a different IP to the offending application Revision 1 Parameters src iface Context Parameters Packet Buffer 2 13 1...

Page 178: ...attack Gateway Action drop Recommended Action Increase IGMPMaxReqsIf per second limit if more requets are wanted Revision 1 Parameters ipsrc iface 2 13 21 disallowed_igmp_version ID 04200022 Default Severity NOTICE Log Message Disallowed IGMP Version Explanation A system is using a too old IGMP version Gateway Action drop Recommended Action Upgrade the host router running the disallowed version or...

Page 179: ...ill use IGMPv igmpver when it is snooping proxying IGMP messages upstream Gateway Action None Recommended Action None Revision 1 Parameters iface rip igmpver 2 13 24 older_querier_gone ID 04200025 Default Severity NOTICE Log Message No IGMPv igmpver querier present Older Querier Present IGMPv igmpver compatibility mode on interface iface has ended Entering IGMPv nigmpver mode Explanation The route...

Page 180: ... Severity WARNING Log Message Warning event occured because of reason Explanation Warning event from IPsec stack Gateway Action None Recommended Action None Revision 1 Parameters reason 2 14 3 audit_event ID 01800103 Default Severity NOTICE Log Message Source IP source_ip Destination IP dest_ip SPI spi Seq seq Protocol protocol Reason reason Explanation An audit event occured in the IPsec stack Ga...

Page 181: ...l_ip Remote IP remote_ip Cookies cookies Reason reason Explanation None Gateway Action None Recommended Action None Revision 1 Parameters local_ip remote_ip cookies reason 2 14 6 ike_invalid_payload ID 01800106 Default Severity WARNING Log Message Local IP local_ip Remote IP remote_ip Cookies cookies Reason reason Explanation None Gateway Action None Recommended Action None Revision 1 Parameters l...

Page 182: ...E Log Message Local IP local_ip Remote IP remote_ip Cookies cookies Reason reason Explanation The retry limit for transmitting ISAKMP messages was reached Gateway Action None Recommended Action None Revision 1 Parameters local_ip remote_ip cookies reason 2 14 9 ike_quickmode_failed ID 01800109 Default Severity WARNING Log Message Local IP local_ip Remote IP remote_ip Cookies cookies Reason reason ...

Page 183: ...P source_ip Destination IP dest_ip SPI spi Seq seq Protocol protocol Reason reason Explanation The computed and ICV of the received packet did not match Gateway Action drop Recommended Action None Revision 1 Parameters source_ip dest_ip spi seq protocol reason 2 14 12 sequence_number_failure ID 01800112 Default Severity NOTICE Log Message Source IP source_ip Destination IP dest_ip SPI spi Seq seq ...

Page 184: ...ommended Action None Revision 1 Parameters source_ip dest_ip spi seq protocol reason 2 14 14 ip_fragment ID 01800114 Default Severity NOTICE Log Message Source IP source_ip Destination IP dest_ip SPI spi Seq seq Protocol protocol Reason reason Explanation The packet offered to AH ESP processing appears to be an IP fragment Gateway Action None Recommended Action None Revision 1 Parameters source_ip...

Page 185: ...urce_ip Destination IP dest_ip SPI spi Seq seq Protocol protocol Reason reason Explanation The received packet has incorrect padding Gateway Action drop Recommended Action None Revision 1 Parameters source_ip dest_ip spi seq protocol reason 2 14 17 hardware_accelerator_congested ID 01800117 Default Severity NOTICE Log Message Source IP source_ip Destination IP dest_ip SPI spi Seq seq Protocol prot...

Page 186: ...i seq protocol reason 2 14 19 commit_failed ID 01800200 Default Severity CRITICAL Log Message Failed to commit IPsec configuration Explanation Failed to commit IPsec configuration Gateway Action IPsec_configuration_disabled Recommended Action Reconfigure_IPsec Revision 1 2 14 20 commit succeeded ID 01800201 Default Severity INFORMATIONAL Log Message Commit succeeded recalculating flows and reapply...

Page 187: ...ration_disabled Recommended Action None Revision 1 2 14 23 pm_create_failed ID 01800204 Default Severity ERROR Log Message Failed to create policymanager Explanation Failed to create policymanager Out of memory Gateway Action reduce_number_of_tunnels Recommended Action None Revision 1 2 14 24 failed_to_start_ipsec ID 01800206 Default Severity ERROR Log Message Disable all IPsec tunnels Explanation...

Page 188: ...uration Gateway Action IPsec_configuration_disabled Recommended Action Reconfigure_IPsec Revision 1 Parameters error_msg 2 14 27 reconfig_IPsec ID 01800211 Default Severity INFORMATIONAL Log Message Reconfiguration of IPsec started Explanation Reconfiguration of IPsec started Gateway Action ipsec_reconfigured Recommended Action None Revision 2 2 14 28 IPsec_init_failed ID 01800213 Default Severity...

Page 189: ...lanation Failed to add specified host certificate Gateway Action certificate_disabled Recommended Action Reconfigure_tunnnel Revision 1 Parameters certificate tunnel 2 14 31 Default_IKE_DH_groups_will_be_used ID 01800303 Default Severity INFORMATIONAL Log Message Default configuration for IKE DH groups 2 and 5 will be used for tunnel tunnel Explanation Inform that default DH groups settings will b...

Page 190: ...keysize lifetimes for IKE algorithm Gateway Action use_default_values_for_algorithm Recommended Action None Revision 1 Parameters alg tunnel 2 14 34 failed_to_add_root_certificate ID 01800306 Default Severity ERROR Log Message Failed add root certificate certificate for tunnel tunnel Explanation Failed to set specified certificate as root certificate Gateway Action disable_certificate Recommended ...

Page 191: ...d Recommended Action None Revision 1 Parameters gateway ipsectunnel 2 14 37 failed_to_add_peer ID 01800312 Default Severity ERROR Log Message Failed to add remote gateway gateway resolved by DNS for IPsec tunnel ipsectunnel Explanation Failed to add remote gateway that have been resolved by DNS to tunnel Gateway Action IPsec_tunnel_disabled Recommended Action None Revision 1 Parameters gateway ips...

Page 192: ...esolved by DNS Gateway Action IPsec_tunnel_disabled Recommended Action None Revision 1 Parameters gateway ipsectunnel 2 14 40 new_remote_gw_ip ID 01800315 Default Severity INFORMATIONAL Log Message Resolved remote gateway gateway to IP ip for IPsec tunnel ipsectunnel Explanation Tunnel have succesfully been reconfigured after remote gateway have been resolved Gateway Action None Recommended Action...

Page 193: ...0318 Default Severity ERROR Log Message Failed to set callback for Dead Peer Detection Explanation Failed to set callback for Dead Peer Detection User will not receive log message when a peer has been detected dead and the tunnel have been killed Gateway Action None Recommended Action None Revision 1 2 14 44 failed_to_add_key_provider ID 01800321 Default Severity CRITICAL Log Message Failed with e...

Page 194: ...in remote access idlist type for tunnel tunnel Explanation Invalid type for ID in remote access idlist have been specified in configuration Gateway Action vpntunnel_disabled Recommended Action Reconfigure_tunnel Revision 1 Parameters type tunnel 2 14 47 failed_to_create_authorization ID 01800327 Default Severity CRITICAL Log Message Failed to create local authorization object Explanation Failed to...

Page 195: ...on None Revision 1 2 14 50 IPSec_tunnel_added ID 01800333 Default Severity INFORMATIONAL Log Message IPsec tunnel added to the configuration Explanation An IPsec tunnel has been enabled or added to the configuration Gateway Action reconfiguration Recommended Action None Revision 1 Parameters username client_ip IPsec_tunnel 2 14 51 IPSec_tunnel_added_bySGW ID 01800334 Default Severity INFORMATIONAL...

Page 196: ...nnel_modified ID 01800336 Default Severity INFORMATIONAL Log Message IPsec tunnel configuration modified Explanation An IPsec tunnel has been modified Gateway Action reconfiguration Recommended Action None Revision 1 Parameters client_ip username IPsec_tunnel 2 14 54 IPSec_tunnel_removed ID 01800337 Default Severity INFORMATIONAL Log Message IPsec tunnel removed from the configuration Explanation ...

Page 197: ...n tunnel tunnel Explanation Critical configuration error on tunnel tunnel Gateway Action restart Recommended Action Restart Revision 1 Parameters tunnel 2 14 57 ippool_does_not_exist ID 01800400 Default Severity WARNING Log Message IP pool does not exist ippool Explanation The config mode pool refers to an IP pool that does not exist As a result IPsec clients using config mode will not be able lea...

Page 198: ...Action None Revision 2 2 14 60 recieved_packet_to_disabled_IPsec ID 01800501 Default Severity NOTICE Log Message Received plain text packet to IPsec while shutting down Packet will be dropped Explanation Received plain text packet to IPsec while shutting down Gateway Action packet_will_be_dropped Recommended Action None Revision 1 2 14 61 Recieved_plaintext_packet_for_disabled_IPsec_interface ID 0...

Page 199: ... Default Severity ERROR Log Message Failed to lookup route No route for packet Explanation No remote gateway for packet i e no route defined Gateway Action packet_will_be_dropped Recommended Action None Revision 1 2 14 64 ping_keepalive_failed_in_tunnel ID 01800505 Default Severity ERROR Log Message IPsec ping monitor detects loss if ping replies of packets INSIDE the tunnel Explanation IPsec ping...

Page 200: ... Revision 1 Parameters allowed_tunnels 2 14 67 SAs_not_killed_for_remote_peer ID 01800901 Default Severity CRITICAL Log Message Failed to kill associated SA s for remotepeer peer s Explanation This happens if there is no tunnel established with the given peer Gateway Action None Recommended Action None Revision 1 Parameters remotepeer 2 14 68 sa_write_congestion ID 01801337 Default Severity INFORM...

Page 201: ...lt Severity WARNING Log Message Trigger for non IP packet of protocol proto Dropping request for policy Explanation Trigger for non IP packet dropping request Gateway Action dropping_request Recommended Action None Revision 1 Parameters proto 2 14 71 rule_not_active ID 01802002 Default Severity WARNING Log Message The rule is not in the active configuration Dropping request for policy Explanation ...

Page 202: ...ations reached Gateway Action rekey_not_done Recommended Action None Revision 1 2 14 74 max_number_of_tunnels_reached ID 01802011 Default Severity WARNING Log Message Negotiation aborted due to license restrictions maxtunnels Explanation Reached max number of allowed active VPN tunnels according to license Gateway Action ike_negotiation_aborted Recommended Action Reconfigure_IPsec Revision 1 Param...

Page 203: ...KE SA completed Gateway Action None Recommended Action None Revision 1 Parameters options mode auth encryption keysize hash dhgroup bits lifetime 2 14 77 ike_sa_negotiation_failed ID 01802030 Default Severity INFORMATIONAL Log Message No IKE SA negotiations done Reason The authentication credentials were not specified or private key was not available Explanation No IKE SA negotiations done because...

Page 204: ... sa info negotiation completed Explanation Child SA negotiatiion successfully completed Gateway Action ipsec_sa_enabled Recommended Action None Revision 3 Parameters sa info local_peer remote_peer spi_in spi_out local_ts remote_ts 2 14 80 ipsec_sa_informal ID 01802041 Default Severity INFORMATIONAL Log Message PFS using Diffie Hellman group dhgroup bits Explanation Information about PFS and Diffie...

Page 205: ...nd SPI spiin Outbound SPI spiout Algoritm mac Explanation Log information about SPI values and algorithms fro Child SA Gateway Action None Recommended Action None Revision 2 Parameters spiin spiout mac 2 14 83 ipsec_sa_lifetime ID 01802045 Default Severity INFORMATIONAL Log Message Local lifetime child SA kb kilobytes sec seconds Explanation Inform about lifetime for child SA Gateway Action None R...

Page 206: ...e Recommended Action None Revision 1 Parameters kb 2 14 86 ipsec_sa_lifetime ID 01802048 Default Severity INFORMATIONAL Log Message Local lifetime child SA infinite Explanation Inform about lifetime for child SA Gateway Action None Recommended Action None Revision 1 2 14 87 ipsec_sa_informal ID 01802058 Default Severity INFORMATIONAL Log Message Local Proxy ID local_id Remote Proxy ID remote_id Ex...

Page 207: ...n not be initiated with NAT T Gateway Action ipsec_sa_negotiation_aborted Recommended Action None Revision 1 2 14 90 create_rules_failed ID 01802080 Default Severity ERROR Log Message Cannot insert this rule the forced NAT protocol type does not match rule protocol Explanation Failed to insert rule since forced NAT protocol do not match rule protocol Gateway Action VPN_tunnel_disabled Recommended ...

Page 208: ... 14 93 no_key_method_configured_for tunnel ID 01802102 Default Severity ERROR Log Message Tunnel does not specify any keying method IKE or manual Explanation No keying method IKE manual is configured for tunnel Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_IPsec Revision 1 2 14 94 invalid_configuration_of_force_open ID 01802104 Default Severity ERROR Log Message Auto start rule...

Page 209: ...ify AUTHENTICATION ONLY with PASS rules Gateway Action None Recommended Action None Revision 1 2 14 97 invalid_rule_setting ID 01802107 Default Severity ERROR Log Message To tunnel specified for a REJECT rule Explanation To tunnel can not be specified for REJECT rule Gateway Action None Recommended Action None Revision 1 2 14 98 invalid_rule_setting ID 01802108 Default Severity ERROR Log Message N...

Page 210: ...icy rules reached Explanation The maximum number of policy rules reached Gateway Action VPN_configuration_disabled Recommended Action Review the advanced setting IPsecMaxRules Revision 2 2 14 101 suspicious_outbound_rule ID 01802114 Default Severity ERROR Log Message Detected suspicious outbound IPsec rule without any selectors Explanation Detected suspicious outbound IPsec rule without any select...

Page 211: ... encryption is required Explanation ESP tunnel not configured with any encryption algorithm not even Null Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel Revision 1 Parameters tunnel 2 14 104 no_authentication_algorithm_specified ID 01802203 Default Severity ERROR Log Message No authentication algorithm configured for AH tunnel tunnel Explanation AH tunnel is configured wi...

Page 212: ... 14 107 invalid_tunnel_configuration ID 01802209 Default Severity ERROR Log Message Auto start tunnel tunnel configured for per port or per host SA Explanation per port or per host SA can not be specified for auto start tunnels tunnel Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel Revision 1 Parameters tunnel 2 14 108 invalid_tunnel_configuration ID 01802210 Default Sever...

Page 213: ...d key sizes specified for algorithms Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel Revision 2 2 14 111 invalid_key_size ID 01802215 Default Severity ERROR Log Message Algorithm key sizes specified for unknown algorithm Explanation Algorithm key sizes specified for unknown algorithm Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel Revision 2 2 14 1...

Page 214: ...ity ERROR Log Message Configured max cipher key size keysize is bigger than the built in maximum max Explanation Tunnel configured invalid key size for cipher Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel Revision 1 Parameters keysize max 2 14 115 invalid_key_size ID 01802219 Default Severity ERROR Log Message Tunnel specified key size limits for mac alg with fixed key s...

Page 215: ...d identity specified in configuration Gateway Action VPN_tunnel_invalid Recommended Action Reconfigure_remote_id Revision 1 Parameters id 2 14 118 malformed_psk_configured ID 01802229 Default Severity ERROR Log Message Malformed IKE secret PSK configured for tunnel Explanation Malformed IKE secret specified in configuration Gateway Action VPN_tunnel_invalid Recommended Action Reconfigure_PSK Revis...

Page 216: ...sage The maximum number of active Phase 1 negotiations reached Explanation Maximum number of active Phase 1 negotiations reached Gateway Action negotiation_aborted Recommended Action None Revision 2 2 14 122 max_active_quickmode_negotiation_reached ID 01802403 Default Severity NOTICE Log Message The maximum number of active Quick Mode negotiations reached Explanation Maximum number of active Quick...

Page 217: ...2 14 125 could_not_get_subject_nam_from_ca_cert ID 01802602 Default Severity WARNING Log Message Could not get subject name from a CA certificate This certificate is not usable as an IPsec authenticator and is not inserted into loal list of trusted CAs Explanation Could not get subject name from a CA certificate Gateway Action certificate_not_trusted Recommended Action None Revision 1 2 14 126 cou...

Page 218: ...rusted set for a CA certificate Explanation Could not set the trusted set for a CA certificate Gateway Action certificate_disabled Recommended Action None Revision 1 2 14 129 could_not_insert_cert_to_db ID 01802606 Default Severity ERROR Log Message Can not insert CA certificate into local database Explanation Can not insert CA certificate into local database Gateway Action certificate_disabled Re...

Page 219: ...Default Severity ERROR Log Message Could not insert certificate into local database Explanation Could not insert certificate into local database Gateway Action certificate_disabled Recommended Action None Revision 1 2 14 133 could_not_decode_crl ID 01802610 Default Severity WARNING Log Message Could not decode CRL The certificate may be corrupted or it was given in unrecognized format File format ...

Page 220: ...ssage IKE SA Local IKE peer local_peer Remote IKE peer remote_peer Internal severity level int_severity Explanation Ike SA sucessfully installed Gateway Action ike_sa_completed Recommended Action None Revision 1 Parameters local_peer remote_peer int_severity 2 14 136 Certificate_contains_bad_IP_address ID 01802705 Default Severity WARNING Log Message Certificate contains bad IP address length len ...

Page 221: ... format Explanation Could_not_decode_certificate Gateway Action certificate_invalid Recommended Action None Revision 1 2 14 139 ike_sa_destroyed ID 01802708 Default Severity INFORMATIONAL Log Message IKE SA destroyed ike_sa Explanation Ike SA is destroyed Gateway Action ike_sa_killed Recommended Action None Revision 1 Parameters ike_sa 2 14 140 cfgmode_exchange_event ID 01802709 Default Severity I...

Page 222: ...42 remote_access_dns ID 01802711 Default Severity INFORMATIONAL Log Message DNS for remote access attributes dns_server Explanation DNS for remote access attributes Gateway Action None Recommended Action None Revision 1 Parameters dns_server 2 14 143 remote_access_wins ID 01802712 Default Severity INFORMATIONAL Log Message WINS for remote access attributes win Explanation WINS for remote access at...

Page 223: ...ributes subnets Explanation Subnets remote access attributes Gateway Action None Recommended Action None Revision 1 Parameters subnets 2 14 146 event_on_ike_sa ID 01802715 Default Severity WARNING Log Message Event msg occured for IKE SA side Internal severity level int_severity Explanation Event occured at IKE SA Gateway Action None Recommended Action None Revision 1 Parameters side msg int_sever...

Page 224: ...te failed Gateway Action certificate_failure Recommended Action None Revision 1 Parameters reason int_severity 2 14 149 ipsec_sa_event ID 01802730 Default Severity WARNING Log Message IPsec SA negotiation event msg local_proxy remote_proxy Internal severity level int_severity Explanation Event occured for IPsec SA Gateway Action None Recommended Action None Revision 2 Parameters msg local_proxy re...

Page 225: ... Parameters spiin spiout 2 14 152 ID 01802735 Default Severity INFORMATIONAL Log Message L2TP side negotiation event msg local_peer remote_peer Internal severity level int_severity Explanation L2TP negotiation event Gateway Action l2tp_negotiation_event Recommended Action None Revision 1 Parameters side msg local_peer remote_peer int_severity 2 14 153 ID 01802736 Default Severity INFORMATIONAL Log...

Page 226: ...mmended Action None Revision 1 2 14 155 init_rulelooklup_failed ID 01802903 Default Severity CRITICAL Log Message Initialization of rule lookup failed Explanation Initialization of rule lookup failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 14 156 init_rule_looklup_failed ID 01802904 Default Severity CRITICAL Log Message Allocating default drop rule failed Explanation All...

Page 227: ...ed Recommended Action None Revision 1 2 14 159 init_interface_table_failed ID 01802907 Default Severity CRITICAL Log Message Initialization of interface table failed Explanation Initialization of interface table failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 14 160 init_flow_id_table_failed ID 01802908 Default Severity CRITICAL Log Message Allocation of flow id hash tabl...

Page 228: ... failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 14 163 init_transform_table_failed ID 01802911 Default Severity CRITICAL Log Message Allocation of transform table failed size size Explanation Allocation of transform table failed Gateway Action ipsec_disabled Recommended Action None Revision 1 Parameters size 2 14 164 init_peer_hash_failed ID 01802912 Default Severity CRI...

Page 229: ...e table failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 14 167 init_inbound_spi_hash_failed ID 01802915 Default Severity CRITICAL Log Message Allocation of inbound spi hash table failed Explanation Allocation of inbound spi hash table failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 14 168 init_transform_context_hash_failed ID 01802916 Default Sev...

Page 230: ...ssage Allocation of transform context table failed Explanation Allocation of transform context table failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 14 171 init_nat_table_failed ID 01802919 Default Severity CRITICAL Log Message Allocation of NAT tables failed Explanation Allocation of NAT tables failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 14 ...

Page 231: ...01802922 Default Severity CRITICAL Log Message Opening the interceptor failed Explanation Opening the interceptor failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 14 175 malformed_ike_sa_proposal ID 01803000 Default Severity WARNING Log Message Malformed IKE SA proposal reason Explanation Received a malformed IKE SA proposal Gateway Action None Recommended Action None Revi...

Page 232: ...ike_phase1_notification ID 01803003 Default Severity WARNING Log Message status Phase 1 notification from remote_peer for protocol proto SPI spi msg type size bytes Explanation Received a IKE Phase 2 notification Gateway Action None Recommended Action None Revision 1 Parameters status remote_peer proto spi msg type size 2 14 179 ipsec_sa_failed ID 01803020 Default Severity WARNING Log Message IPse...

Page 233: ...hange_event ID 01803022 Default Severity INFORMATIONAL Log Message Config Mode exchange event msg reason Explanation A Config Mode exchange event occured Gateway Action None Recommended Action None Revision 1 Parameters msg reason 2 14 182 config_mode_exchange_event ID 01803023 Default Severity INFORMATIONAL Log Message Config Mode exchange event msg Explanation A Config Mode exchange event occure...

Page 234: ...A Config Mode exchange event occured Gateway Action None Recommended Action None Revision 1 Parameters msg reason 2 14 185 config_mode_exchange_event ID 01803026 Default Severity INFORMATIONAL Log Message Config Mode exchange event msg Explanation A Config Mode exchange event occured Gateway Action None Recommended Action None Revision 1 Parameters msg 2 14 186 rejecting_ipsec_sa_delete ID 0180302...

Page 235: ...use the SPI size did not match the expected value 4 Gateway Action None Recommended Action None Revision 1 Parameters remote_peer spi_size 2 14 188 ike_phase2_notification ID 01803029 Default Severity WARNING Log Message status Phase 2 notification from remote_peer for protocol proto SPI spi msg type size bytes Explanation Received a IKE Phase 2 notification Gateway Action None Recommended Action ...

Page 236: ...verify remote peer s identity Gateway Action None Recommended Action None Revision 1 2 14 191 malformed_ipsec_sa_proposal ID 01803050 Default Severity WARNING Log Message Malformed IPsec SA proposal reason Explanation Received a malformed IPsec SA proposal Gateway Action None Recommended Action None Revision 1 Parameters reason 2 14 192 malformed_ipsec_esp_proposal ID 01803051 Default Severity WAR...

Page 237: ...NING Log Message Could not select proposal for IPsec SA sa_index Explanation Could not select proposal for IPsec SA Gateway Action None Recommended Action None Revision 2 Parameters sa_index 2 14 195 failed_to_select_ipsec_sa ID 01803054 Default Severity INFORMATIONAL Log Message Could not select SA from IPsec SA proposal Explanation Could not select SA from IPsec SA proposal Gateway Action None R...

Page 238: ...way Action None Recommended Action None Revision 1 Parameters msg int_severity 2 14 198 ipsec_hwaccel_failed ID 01803410 Default Severity WARNING Log Message Failed to create a hardware acceleration context for IPsec SA dir SPI spi error_msg Packets will be processed in software Explanation Hardware acceleration of the IPsec SA couldn t be done All packets belonging to the specified SA will be pro...

Page 239: ...verity WARNING Log Message Disallowed IP version ipver Explanation The received packet has a disallowed IP version and will be dropped Gateway Action drop Recommended Action None Revision 1 Parameters ipver Context Parameters Rule Name Packet Buffer 2 15 3 invalid_ip_length ID 01500003 Default Severity WARNING Log Message Invalid IP header length IPTotLen iptotlen IPHdrLen iphdrlen Explanation The...

Page 240: ...drop Recommended Action None Revision 1 Parameters iptotlen recvlen Context Parameters Rule Name Packet Buffer 2 15 5 invalid_ip_checksum ID 01500005 Default Severity WARNING Log Message Invalid IP header checksum RecvChkSum recvchksum CompChkSum compchksum Explanation The received packet IP header checksum is invalid dropping packet Gateway Action drop Recommended Action None Revision 1 Parameter...

Page 241: ...in Context Parameters Rule Name Packet Buffer 2 16 2 ip_rsv_flag_set ID 01600002 Default Severity NOTICE Log Message The IP Reserved Flag was set Ignoring Explanation The received packet has the IP Reserved Flag set This is ignored Gateway Action ignore Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 16 3 ip_rsv_flag_set ID 01600003 Default Severity WARNING Log Mess...

Page 242: ...Context Parameters Rule Name Packet Buffer 2 16 3 ip_rsv_flag_set ID 01600003 Chapter 2 Log Message Reference 242 ...

Page 243: ... ID 01700002 Default Severity NOTICE Log Message Packet has a timestamp IP Option Explanation The packet contains a timestamp IP Option Ignoring Gateway Action ignore Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 17 3 router_alert ID 01700003 Default Severity NOTICE Log Message Packet has a router alert IP option Explanation The packet contains a router alert IP O...

Page 244: ...nation The IP Option type is multi byte which requires two bytes and there is less than two bytes available Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters ipopt minoptlen avail Context Parameters Rule Name Packet Buffer 2 17 6 ipoptlen_invalid ID 01700011 Default Severity WARNING Log Message Type ipopt claims len optlen available avail Dropping Explanation The IP...

Page 245: ...verity WARNING Log Message IP Option Type ipopt Bad length optlen for route Route Dropping Explanation An invalid length is specified for the IP Option type Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters ipopt optlen route Context Parameters Rule Name Packet Buffer 2 17 9 bad_route_pointer ID 01700014 Default Severity WARNING Log Message IP Option Type ipopt Bad ...

Page 246: ..._option_timestamps ID 01700016 Default Severity WARNING Log Message Multiple timestamps in IP options Dropping Explanation The packet contains mutliple timestamps in IP Options Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 17 12 bad_timestamp_len ID 01700017 Default Severity WARNING Log Message IP Option Type ipopt Bad length op...

Page 247: ...ule Name Packet Buffer 2 17 14 bad_timestamp_pointer ID 01700019 Default Severity WARNING Log Message IP Option Type ipopt Bad Timestamp Pointer tsptr with overflow oflo Dropping Explanation The packet contains an invalid Timestamp Pointer with Overflow Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters ipopt tsptr oflo Context Parameters Rule Name Packet Buffer 2 17...

Page 248: ...on drop Recommended Action None Revision 1 Parameters ipopt optlen Context Parameters Rule Name Packet Buffer 2 17 17 router_alert_disallowed ID 01700022 Default Severity WARNING Log Message Router Alert IP Option disallowed Dropping Explanation The packet contains a timestamp IP Option which is disallowed Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Ru...

Page 249: ...ion which is disallowed Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters ipopt optname Context Parameters Rule Name Packet Buffer 2 17 18 ipopt_present_disallowed ID 01700023 Chapter 2 Log Message Reference 249 ...

Page 250: ...n None Revision 1 Parameters ip_multicast_addr eth_multicast_addr Context Parameters Rule Name Packet Buffer 2 18 2 invalid_ip4_header_length ID 07000012 Default Severity WARNING Log Message Invalid IP4 Header length total length is totlen bytes Dropping Explanation The packet contains an invalid IP4 Header Length The total length is more than 64 Kb which is not allowed Dropping packet Gateway Act...

Page 251: ... Parameters ttl ttlmin Context Parameters Rule Name Packet Buffer 2 18 5 ip_rsv_flag_set ID 07000015 Default Severity WARNING Log Message The IP Reserved Flag was set Dropping Explanation The received packet has the IP Reserved Flag set Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 18 6 oversize_tcp ID 07000018 Default Severity ...

Page 252: ...ended Action None Revision 1 Parameters ipdatalen tcphdrlen Context Parameters Rule Name Packet Buffer 2 18 8 oversize_udp ID 07000021 Default Severity WARNING Log Message Configured size limit for the UDP protocol exceeded Dropping Explanation The configured size limit for the UDP protocol was exceeded Dropping packet Gateway Action drop Recommended Action This can be changed under the Advanced S...

Page 253: ...e limit for the ICMP protocol was exceeded Dropping packet Gateway Action drop Recommended Action This can be changed under the Advanced Settings section Revision 1 Parameters proto Context Parameters Rule Name Packet Buffer 2 18 11 invalid_icmp_header ID 07000024 Default Severity WARNING Log Message Invalid ICMP header IPDataLen ipdatalen ICMPMinLen icmpminlen Dropping Explanation The ICMP packet...

Page 254: ...meters Rule Name Packet Buffer 2 18 13 oversize_gre ID 07000050 Default Severity WARNING Log Message Configured size limit for the GRE protocol exceeded Dropping Explanation The configured size limit for the GRE protocol was exceeded Dropping packet Gateway Action drop Recommended Action This can be changed under the Advanced Settings section Revision 1 Parameters proto Context Parameters Rule Nam...

Page 255: ... ID 07000053 Default Severity WARNING Log Message Configured size limit for the SKIP protocol exceeded Dropping Explanation The configured size limit for the SKIP protocol was exceeded Dropping packet Gateway Action drop Recommended Action This can be changed under the Advanced Settings section Revision 1 Parameters proto Context Parameters Rule Name Packet Buffer 2 18 17 oversize_ospf ID 07000054...

Page 256: ... Rule Name Packet Buffer 2 18 19 oversize_ipcomp ID 07000056 Default Severity WARNING Log Message Configured size limit for the IPComp protocol exceeded Dropping Explanation The configured size limit for the IPComp protocol was exceeded Dropping packet Gateway Action drop Recommended Action This can be changed under the Advanced Settings section Revision 1 Parameters proto Context Parameters Rule ...

Page 257: ...ext Parameters Rule Name Packet Buffer 2 18 22 fragmented_icmp ID 07000070 Default Severity WARNING Log Message This ICMP type is not allowed to be fragmented Dropping Explanation The ICMP type is not allowed to be framented Only Echo and EchoReply are allowed to be fragmented Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 18 23 ...

Page 258: ...ion None Revision 1 Parameters icmpdatalen icmpipver Context Parameters Rule Name Packet Buffer 2 18 25 invalid_icmp_data_too_small ID 07000073 Default Severity WARNING Log Message Invalid ICMP data length ICMPDataLen icmpdatalen ICMPIPHdrLen icmphdrlen Dropping Explanation The ICMP data length is invalid It must be large enough for the actual header and the header must specify that it is atleast ...

Page 259: ...ipdataminlen Context Parameters Rule Name Packet Buffer 2 18 27 invalid_icmp_data_invalid_paramprob ID 07000075 Default Severity WARNING Log Message Invalid ICMP ProbPtr ICMPDataLen icmpdatalen ICMPIPDataLen icmpipdatalen ParamProbPtr paramprobptr Dropping Explanation Invalid ICMP Parameter Problem pointer Parameter Problem pointer is not within the allowed range Dropping packet Gateway Action dro...

Page 260: ...WARNING Log Message L2TP client iface failed to resolve remotegwname Explanation The L2TP client failed to resolve the DNS name of the remote gateway Gateway Action None Recommended Action Make sure you have configured the DNS name of the remote gateway and the DNS servers correctly Revision 1 Parameters iface remotegwname 2 19 3 l2tpclient_init ID 02800003 Default Severity NOTICE Log Message L2TP...

Page 261: ...rule Tunnel ID tunnelid Session ID sessionid Explanation The authentication source for the specified userauth rule is unknown to the L2TP server Gateway Action None Recommended Action Make sure the userauth rules are configured correctly Revision 1 Parameters rule tunnelid sessionid 2 19 6 only_routes_set_up_by_server_iface_allowed ID 02800006 Default Severity WARNING Log Message L2TP server iface...

Page 262: ...nel_closed ID 02800008 Default Severity NOTICE Log Message Closed L2TP tunnel Tunnel ID tunnelid Interface iface Explanation The L2TP tunnel with the specified tunnel ID has been closed Gateway Action None Recommended Action None Revision 1 Parameters iface tunnelid 2 19 9 session_closed ID 02800009 Default Severity WARNING Log Message MPPE failed but is required closing session sessionid to remot...

Page 263: ... sessionid Auth auth MPPE mppe Explanation The L2TP session negotiation has completed successfully Gateway Action None Recommended Action None Revision 1 Parameters tunnelid sessionid auth mppe 2 19 12 l2tp_no_userauth_rule_found ID 02800014 Default Severity WARNING Log Message Did not find a matching userauth rule for this L2TP server Tunnel ID tunnelid Session ID sessionid Explanation The L2TP s...

Page 264: ...d_ip Explanation The L2TP session negotiation has completed successfully Gateway Action None Recommended Action None Revision 1 Parameters tunnelid sessionid user auth mppe assigned_ip 2 19 15 failure_init_radius_accounting ID 02800017 Default Severity WARNING Log Message Failed to send Accounting Start to RADIUS Accounting Server Accounting will be disabled Explanation Failed to send START messag...

Page 265: ...e L2TP interface Gateway Action None Recommended Action None Revision 1 Parameters iface remotegw error_code 2 19 18 waiting_for_ip_to_listen_on ID 02800050 Default Severity NOTICE Log Message L2TP server iface cannot start until it has an IP address to listen on Explanation The L2TP server cannot start until the L2TP interface has a proper IP address to listen on Gateway Action None Recommended A...

Page 266: ...ne Revision 1 Parameters reason 2 20 2 license_downloaded ID 05500002 Default Severity NOTICE Log Message New license downloaded Explanation An updated license has been downloaded which will now be used Gateway Action using_new_license Recommended Action None Revision 1 2 20 3 license_already_up_to_date ID 05500003 Default Severity NOTICE Log Message License is up to date Explanation The current l...

Page 267: ...rs tunnel_type 2 21 2 ip_address_required_but_not_received ID 02500002 Default Severity WARNING Log Message IP address required but not received PPP terminated Explanation Peer refuses to give out an IP address Since an IP address lease is required PPP is terminated Gateway Action ppp_terminated Recommended Action None Revision 1 Parameters tunnel_type 2 21 3 primary_dns_address_required_but_not_r...

Page 268: ...address required but not received PPP terminated Explanation Peer refuses to give out a primary NBNS address Since reception of a primary NBNS address is required PPP is terminated Gateway Action ppp_terminated Recommended Action None Revision 1 Parameters tunnel_type 2 21 6 seconday_nbns_address_required_but_not_received ID 02500006 Default Severity WARNING Log Message Secondary NBNS address requ...

Page 269: ...ted Explanation Peer refuses to use any authentication at all PPP is terminated since we demand authentication Gateway Action ppp_terminated Recommended Action Review the allowed authentication types configured The client and server must be configured to have at least one authentication type in common Revision 1 Parameters tunnel_type 2 21 9 lcp_negotiation_stalled ID 02500052 Default Severity ERR...

Page 270: ...authentication_failed ID 02500101 Default Severity WARNING Log Message Authentication failed PPP terminated Explanation Authentication failed PPP terminated Gateway Action ppp_terminated Recommended Action Make sure that the right username and password is used Revision 1 Parameters tunnel_type user 2 21 12 response_value_too_long ID 02500150 Default Severity WARNING Log Message PPP CHAP response v...

Page 271: ...ion mschapv1_username_truncated Recommended Action Reconfigure the endpoints to use a shorter username Revision 1 Parameters tunnel_type 2 21 15 username_too_long ID 02500301 Default Severity WARNING Log Message PPP MSCHAPv2 username was truncated because it was too long Explanation PPP MSCHAPv2 username was truncated because it was too long Gateway Action mschapv2_username_truncated Recommended A...

Page 272: ...0 Default Severity ERROR Log Message Unsupported authentication server PPP Authentication terminated Explanation Unsupported authentication server PPP Authentication terminated Gateway Action authentication_terminated Recommended Action Review the authentication server configuration Revision 1 Parameters tunnel_type 2 21 19 radius_error ID 02500501 Default Severity ERROR Log Message Radius server ...

Page 273: ... Gateway Action authentication_terminated Recommended Action None Revision 1 Parameters tunnel_type 2 21 22 MPPE_decrypt_fail ID 02500600 Default Severity ERROR Log Message MPPE decryption resulted in the unsupported protocol protocol Terminating PPP Explanation MPPE decryption resulted in an unsupported protocol IP is the only protocol supported This either means that the decryption failed or tha...

Page 274: ...the interface have been established Gateway Action None Recommended Action None Revision 1 Parameters iface pppoeserver auth ifaceip downtime 2 22 2 pppoe_tunnel_closed ID 02600002 Default Severity NOTICE Log Message PPPoE tunnel on iface to pppoeserver closed Uptime uptime Explanation The PPPoE tunnel for the interface have been closed Gateway Action None Recommended Action None Revision 1 Parame...

Page 275: ...Explanation The PPTP client failed to resolve the DNS name of the remote gateway Gateway Action None Recommended Action Make sure you have configured the DNS name of the remote gateway and the DNS servers correctly Revision 1 Parameters iface remotegwname 2 23 3 pptp_connection_disallowed ID 02700003 Default Severity WARNING Log Message PPTP connection from remotegw disallowed according to rule ru...

Page 276: ..._disconnected ID 02700005 Default Severity WARNING Log Message User user is forcibly disconnected Call ID callid Remote gateway remotegw Explanation The connected client is forcibly disconnected by the userauth system Gateway Action None Recommended Action None Revision 2 Parameters user callid remotegw 2 23 6 only_routes_set_up_by_server_iface_allowed ID 02700006 Default Severity WARNING Log Mess...

Page 277: ...n will be closed Gateway Action close_session Recommended Action Make sure the peer is capable of MPPE encryption or disable the MPPE requirement Revision 1 Parameters iface remotegw callid 2 23 8 pptp_session_closed ID 02700008 Default Severity NOTICE Log Message PPTP session callid to remotegw on iface closed Explanation A PPTP session has been closed The specified interface remote gateway and c...

Page 278: ...meters iface type callid remotegw 2 23 11 failure_init_radius_accounting ID 02700011 Default Severity WARNING Log Message Failed to send Accounting Start to RADIUS Accounting Server Accouting will be disabled Interface iface Remote gateway remotegw Call ID callid Explanation Failed to send START message to RADIUS accounting server RADIUS accounting will be disabled for this session The specified i...

Page 279: ... completed for session callid on iface connected to remotegw Auth auth MPPE mppe Explanation The PPP negotiation has completed successfully for this session The specified interface remote gateway and call ID identify the specific session Gateway Action None Recommended Action None Revision 1 Parameters callid iface remotegw auth mppe 2 23 14 tunnel_idle_timeout ID 02700014 Default Severity WARNING...

Page 280: ...nt iface started connecting to server on remotegw Explanation A PPTP client has initiated the connection to its remote gateway Gateway Action None Recommended Action None Revision 1 Parameters iface remotegw 2 23 17 pptpclient_connected ID 02700018 Default Severity NOTICE Log Message PPTP client iface connected to remotegw requesting control connection Explanation A PPTP client has established a c...

Page 281: ...planation A remote PPTP server refused to establish PPTP control connection Gateway Action None Recommended Action Read the reason specified by the PPTP server This might give a clue why the PPTP server refused the PPTP control connection Revision 1 Parameters reason iface remotegw 2 23 20 pptp_tunnel_up ID 02700021 Default Severity NOTICE Log Message PPTP tunnel on iface is up Connected to server...

Page 282: ...cording to the specified userauth rule Gateway Action None Recommended Action Make sure the userauth rules are configured correctly Revision 1 Parameters rule iface remotegw 2 23 23 unknown_pptp_auth_source ID 02700025 Default Severity WARNING Log Message Unknown PPTP authentication source for rule Interface iface Remote gateway remotegw Explanation The authentication source for the specified user...

Page 283: ...r code error_code Explanation A malformed packet was received by the PPTP interface Gateway Action None Recommended Action None Revision 1 Parameters iface remotegw error_code 2 23 26 waiting_for_ip_to_listen_on ID 02700050 Default Severity WARNING Log Message PPTP server iface cannot start until it has an IP address to listen on Explanation The PPTP server cannot start until it has a proper IP ad...

Page 284: ...P segment with an invalid checksum was received The segment will be dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Connection 2 24 3 mismatching_data_in_overlapping_tcp_segment ID 04800004 Default Severity ERROR Log Message Overlapping TCP segment containing different data Explanation A TCP segment that partly overlaps segments that has been received earlier was ...

Page 285: ...ket The packet that triggered the need to send a packet will be dropped Gateway Action drop Recommended Action Check buffer consumption Revision 1 2 24 6 failed_to_send_ack ID 04800008 Default Severity ERROR Log Message Failed to send TCP ACK in response to a segment Explanation The gateway responds to some segments by sending an acknowledgement segment to the sender An example is when it receives...

Page 286: ...ly subsystem has reached the maximum number of concurrent connections Gateway Action none Recommended Action Consider increasing the setting Reassembly_MaxConnections Revision 1 Context Parameters Connection 2 24 9 state_memory_allocation_failed ID 04800011 Default Severity ERROR Log Message Failed to allocate the memory needed to activate reassembly on a connection Explanation The reassembly subs...

Page 287: ... IP address verfied according to ACCESS section Explanation The IP address was verified according to the ACCESS section Gateway Action access_allow Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 25 3 rule_match ID 06000006 Default Severity DEBUG Log Message GOTO action trigged Explanation A rule with a special GOTO action was trigged by an IP rule lookup This log m...

Page 288: ...ation The destination address was the 0 net which is not allowed according to the configuration The packet is dropped Gateway Action drop Recommended Action Investigate why this traffic had the 0 net as the destination Revision 1 Context Parameters Rule Name Packet Buffer 2 25 6 block0net ID 06000011 Default Severity WARNING Log Message Destination address is the 0 net Accepting Explanation The de...

Page 289: ... The destination address was the 127 net which is allowed according to the configuration The packet is accepted Gateway Action accept Recommended Action If this type of traffic should be dropped modify the Settings section in the configuration Revision 1 Context Parameters Rule Name Packet Buffer 2 25 9 directed_broadcasts ID 06000030 Default Severity NOTICE Log Message Packet directed to the broa...

Page 290: ...g vlanid Dropping Explanation The unit received a VLAN packet with an unknown tag and the packet is dropped Gateway Action drop Recommended Action None Revision 2 Parameters vlanid Context Parameters Rule Name Packet Buffer 2 25 12 ruleset_reject_packet ID 06000050 Default Severity WARNING Log Message Packet rejected by rule set Rejecting Explanation The rule set is configured to rejected this pac...

Page 291: ...5 14 unhandled_local ID 06000060 Default Severity NOTICE Log Message Allowed but unhandled packet to the firewall Dropping Explanation A packet directed to the unit itself was received The packet is allowed but there is no matching state information for this packet It is not part of any open connections and will be dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters R...

Page 292: ...ion_denied ID 04900002 Default Severity WARNING Log Message New session denied for User user Database database IP ip Type type Explanation New session denied in Session Manager Gateway Action remove_session Recommended Action Check settings for users Revision 1 Parameters user database ip type 2 26 3 sesmgr_session_removed ID 04900003 Default Severity NOTICE Log Message Session disconnected for Us...

Page 293: ...on_timeout ID 04900005 Default Severity NOTICE Log Message Session has timed out for User user Database database IP ip Type type Explanation Session has timed out and will be removed Gateway Action remove_session Recommended Action None Revision 1 Parameters user database ip type 2 26 6 sesmgr_upload_denied ID 04900006 Default Severity NOTICE Log Message File upload connection denied for User user...

Page 294: ...vision 1 Parameters user database ip type 2 26 8 sesmgr_session_maximum_reached ID 04900008 Default Severity WARNING Log Message Maximum number of sessions reached Explanation Maximum number of sessions reached Gateway Action deny_new_session Recommended Action Remove inactive sessions or increase maximum number of allowed sessions Revision 1 2 26 9 sesmgr_allocate_error ID 04900009 Default Severi...

Page 295: ... Database database IP ip Type type Explanation Session has been disabled Gateway Action none Recommended Action None Revision 1 Parameters user database ip type 2 26 12 sesmgr_console_denied_init ID 04900012 Default Severity ALERT Log Message Could not create new console at initialization of Security Gateway for User user Database database IP ip Type type Explanation Could not create new console a...

Page 296: ...ult Severity NOTICE Log Message Old session disconnected to be replaced for User user Database database IP ip Type type Explanation Old session disconnected and is being replaced by a new session for the user Gateway Action none Recommended Action None Revision 1 Parameters user database ip type 2 26 15 sesmgr_file_error ID 04900017 Default Severity ALERT Log Message Error accessing files Explanat...

Page 297: ...ty NOTICE Log Message Sending technical support file Explanation Technical support file created and is being sent to user Gateway Action techsupport_created Recommended Action None Revision 1 2 26 16 sesmgr_techsupport ID 04900018 Chapter 2 Log Message Reference 297 ...

Page 298: ...0002 Default Severity WARNING Log Message Timeout connecting to SMTP server smtp_server Send aborted Explanation The unit timed out while trying to establish a connection to the SMTP server No SMTP Log will be sent Gateway Action abort_sending Recommended Action Verify that a SMTP server is running at the address specified Revision 1 Parameters smtp_server 2 27 3 send_failure ID 03000004 Default S...

Page 299: ... SMTP Log will be sent Gateway Action abort_sending Recommended Action Verify that a SMTP Server is configured to accept connections from the unit Revision 1 Parameters smtp_server 2 27 6 rejected_ehlo_helo ID 03000007 Default Severity WARNING Log Message SMTP server smtp_server rejected both EHLO HELO Trying to continue anyway Explanation The SMTP server rejected the normal handshake process The ...

Page 300: ... SMTP server is configured to accept this recipient Revision 1 Parameters smtp_server recipient 2 27 9 rejected_all_recipients ID 03000010 Default Severity WARNING Log Message SMTP server smtp_server rejected all recipients Send aborted Explanation The SMTP server rejected all recipients No SMTP Log will be sent Gateway Action None Recommended Action Verify that the SMTP server is configured to ac...

Page 301: ...ty WARNING Log Message SMTP server smtp_server rejected message text Send aborted Explanation The SMTP server rejected the message text No SMTP Log will be sent Gateway Action None Recommended Action Verify that the SMTP server is properly configured Revision 1 Parameters smtp_server 2 27 11 rejected_message_text ID 03000012 Chapter 2 Log Message Reference 301 ...

Page 302: ...d Action Install a license Revision 1 Parameters shutdown 2 28 2 demo_mode ID 03200021 Default Severity ALERT Log Message This copy of D Link DFL 160 is in DEMO mode Firewall core will halt in time seconds Explanation The unit is running in DEMO mode and will eventually expire Install a license in order to avoid this Gateway Action shutdown_soon Recommended Action Install a license Revision 1 Para...

Page 303: ...Log Message Failed to verify IP address as per ACCESS section Dropping Explanation The IP address was not verified according to the ACCESS section Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 28 6 nitrox2_watchdog_triggered ID 03200207 Default Severity ERROR Log Message Nitrox II watchdog triggered Explanation Nitrox II watchdog triggered Gate...

Page 304: ...watchdog_chip watchdog_timeout 2 28 9 port_bind_failed ID 03200300 Default Severity ALERT Log Message Out of memory while tying to allocate dynamic port for local IP localip to destination IP destip Explanation The unit failed to allocate a dynamic port as it is out of memory Gateway Action None Recommended Action None Revision 1 Parameters reason localip destip 2 28 10 port_bind_failed ID 0320030...

Page 305: ...ded Action None Revision 1 Parameters localip destip 2 28 12 port_llm_conversion ID 03200303 Default Severity NOTICE Log Message Using Low Load Mode for Local IP localip Destination IP destip pair Explanation Mode for Local IP Destination IP pair has changed to Low Load because of low traffic Gateway Action None Recommended Action None Revision 1 Parameters localip destip 2 28 13 log_messages_lost...

Page 306: ...his is normal activity the LogSendPerSec setting might be set too low Revision 1 Parameters logcnt 2 28 15 ssl_encryption_failed ID 03200450 Default Severity ERROR Log Message Encryption failed Explanation Encryption failed due to error Connection closed Gateway Action None Recommended Action None Revision 1 2 28 16 bidir_fail ID 03200600 Default Severity CRITICAL Log Message Failed to establish b...

Page 307: ... Parameters file 2 28 18 file_open_failed ID 03200602 Default Severity ERROR Log Message Failed to open newly uploaded configuration file new_cfg Explanation The unit failed to open the uploaded configuration file Gateway Action None Recommended Action Verify that the disk media is intact Revision 1 Parameters new_cfg 2 28 19 disk_cannot_remove ID 03200603 Default Severity ERROR Log Message Failed...

Page 308: ...configuration and will continue to use the present configuration Gateway Action None Recommended Action Consult the recommended action in the previous log message which contained a more detailed error description Revision 1 2 28 22 core_switch_fail ID 03200606 Default Severity CRITICAL Log Message Failed to switch to new core Explanation For reasons specified in earlier log events the unit failed ...

Page 309: ...conds Reason reason Explanation The unit is shutting down Gateway Action shutdown Recommended Action None Revision 1 Parameters shutdown time reason 2 28 25 shutdown ID 03201010 Default Severity NOTICE Log Message Reconfiguration aborted Configuration files are missing Explanation The unit was issued a reconfigure command but no configuration file is seen The reconfiguration process is aborted Gat...

Page 310: ...n requested Gateway Action reconfiguration Recommended Action None Revision 1 Parameters username userdb client_ip config_system 2 28 28 reconfiguration ID 03201021 Default Severity NOTICE Log Message Reconfiguration will change change_count access control rule s Explanation Number of access control rules changed during the reconfiguration Gateway Action none Recommended Action None Revision 1 Par...

Page 311: ...nt uptime uptime Using configuration file cfgfile localcfgver localcfgver remotecfgver remotecfgver Previous shutdown previous_shutdown Explanation The Security Gateway is starting up echo Gateway Action None Recommended Action None Revision 2 Parameters delay corever build uptime cfgfile localcfgver remotecfgver previous_shutdown 2 28 31 shutdown ID 03202500 Default Severity NOTICE Log Message Sh...

Page 312: ...essage Administrative user username logged out via authsystem Access level access_level Explanation An adminsitrative user has logged out from the configuration system Gateway Action None Recommended Action None Revision 1 Parameters authsystem username access_level userdb client_ip 2 28 34 admin_login_failed ID 03203002 Default Severity WARNING Log Message Administrative user username failed to l...

Page 313: ...mmended Action Make sure that the new configuration allows the unit to establish a connection with the administration interface Revision 1 Parameters authsystem 2 28 36 accept_configuration ID 03204001 Default Severity NOTICE Log Message New configuration activated by user username from config_system client_ip Explanation The new configuration has been successfully activated Gateway Action using_n...

Page 314: ...cal Date and Time of the unit has been changed Gateway Action using_new_date_time Recommended Action None Revision 2 Parameters authsystem user pre_change_date_time post_change_date_time 2 28 39 admin_timeout ID 03206000 Default Severity NOTICE Log Message Administrative user username timed out from authsystem Explanation The administrative user has been inactive for too long and has been automati...

Page 315: ...rnal_error ID 03206002 Default Severity WARNING Log Message Internal error occured when administrative user username tried to login not allowed access via authsystem Explanation An internal error occured when the user tried to log in and as a result has not been given administration access Gateway Action disallow_admin_access Recommended Action Please contact the support and report this issue Revi...

Page 316: ...ntext Parameters Rule Name Packet Buffer 2 29 2 tcp_flags_set ID 03300002 Default Severity WARNING Log Message The TCP good_flag and bad_flag flags are set Stripping bad_flag flag Explanation The possible combinations for these flags are SYN URG SYN PSH SYN RST SYN FIN and FIN URG Removing the bad flag Gateway Action strip_bad_flag Recommended Action If any of these combinations should either be d...

Page 317: ...er 2 29 5 tcp_null_flags ID 03300005 Default Severity NOTICE Log Message Packet has no SYN ACK FIN or RST flag set Explanation The packet has no SYN ACK FIN or RST flag set Ignoring Gateway Action ignore Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 29 6 tcp_flags_set ID 03300008 Default Severity WARNING Log Message The TCP good_flag and bad_flag flags are set Dro...

Page 318: ...ket Gateway Action drop Recommended Action None Revision 1 Parameters bad_flag Context Parameters Rule Name Packet Buffer 2 29 8 unexpected_tcp_flags ID 03300010 Default Severity WARNING Log Message Unexpected tcp flags flags from endpoint during state state Dropping Explanation Received unexpected tcp flags during a specific state Dropping packet Gateway Action drop Recommended Action None Revisi...

Page 319: ...q seqno Expected expectseqno Dropping Explanation Mismatching sequence numbers Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters seqno expectseqno Context Parameters Rule Name Connection Packet Buffer 2 29 11 mismatched_first_ack_seqno ID 03300013 Default Severity WARNING Log Message SYNACK packet with seq seqno Expected expectseqno Dropping Explanation Mismatching ...

Page 320: ...t Parameters Rule Name Connection Packet Buffer 2 29 13 tcp_seqno_too_low ID 03300016 Default Severity DEBUG Log Message TCP sequence number seqno is not in the acceptable range accstart accend Dropping Explanation A TCP segment with an unacceptable sequence number was received The packet will be dropped Gateway Action drop Recommended Action None Revision 2 Parameters seqno accstart accend Contex...

Page 321: ...e SYN_SENT Dropping Explanation A TCP segment with the RST flag but not the ACK flag was received during state SYN_SENT The packet will be dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Connection Packet Buffer 2 29 16 tcp_seqno_too_high ID 03300019 Default Severity WARNING Log Message TCP sequence number seqno is not in the acceptable range accstart ac...

Page 322: ...ult Severity CRITICAL Log Message Out of large TCP send windows Maximum windows max_windows Triggered num_events times last 10 seconds Explanation The TCP stack could not send data since it has run out of large TCP send windows This event was triggered num_events times during the last 10 seconds Gateway Action close Recommended Action If the system is configured to use TCP based ALGs increase the ...

Page 323: ... the acceptable range accstart accend Dropping Explanation A TCP segment with an unacceptable sequence number was received The packet will be dropped Gateway Action drop Recommended Action None Revision 2 Parameters seqno accstart accend Context Parameters Rule Name Connection Packet Buffer 2 29 20 tcp_seqno_too_low_with_syn ID 03300025 Chapter 2 Log Message Reference 323 ...

Page 324: ...ame Packet Buffer 2 30 2 tcp_mss_too_low ID 03400002 Default Severity NOTICE Log Message TCP MSS mss too low TCPMSSMin minmss Adjusting Explanation The TCP MSS is too low Adjusting to use the configured minimum MSS Gateway Action adjust Recommended Action None Revision 1 Parameters tcpopt mss minmss Context Parameters Rule Name Packet Buffer 2 30 3 tcp_mss_too_high ID 03400003 Default Severity NOT...

Page 325: ...ecommended Action None Revision 1 Parameters tcpopt mss maxmss Context Parameters Rule Name Packet Buffer 2 30 5 tcp_mss_above_log_level ID 03400005 Default Severity NOTICE Log Message TCP MSS mss higher than log level TCPMSSLogLevel mssloglevel Explanation The TCP MSS is higher than the log level Gateway Action log Recommended Action None Revision 1 Parameters tcpopt mss mssloglevel Context Param...

Page 326: ... Option of the specified type Removing it Gateway Action strip Recommended Action None Revision 1 Parameters tcpopt Context Parameters Rule Name Packet Buffer 2 30 8 bad_tcpopt_length ID 03400010 Default Severity WARNING Log Message Type tcpopt is multibyte available avail Dropping Explanation The TCP Option type is multi byte which requires two bytes and there is less than two bytes available Dro...

Page 327: ...everity WARNING Log Message Type tcpopt bad length optlen Expected expectlen bytes Dropping Explanation The TCP Option type has an invalid length Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters tcpopt optlen expectlen Context Parameters Rule Name Packet Buffer 2 30 11 tcp_mss_too_low ID 03400013 Default Severity WARNING Log Message TCP MSS mss too low TCPMSSMin mi...

Page 328: ...lowed ID 03400015 Default Severity WARNING Log Message Packet has a tcpopt TCP option which is disallowed Dropping Explanation The packet has a TCP Option of the specified type Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters tcpopt Context Parameters Rule Name Packet Buffer 2 30 14 tcp_null_flags ID 03400016 Default Severity WARNING Log Message Packet has no SYN A...

Page 329: ... was received The shift count will be lowered to 14 Explanation A TCP segment with a window scale option specifying a shift count that is larger than 14 was received The shift count will be lowered to 14 Gateway Action adjust Recommended Action None Revision 1 Parameters shift_cnt Context Parameters Connection Packet Buffer 2 30 17 mismatching_tcp_window_scale ID 03400019 Default Severity WARNING ...

Page 330: ...y Action adjust Recommended Action None Revision 1 Parameters old new effective Context Parameters Connection Packet Buffer 2 30 17 mismatching_tcp_window_scale ID 03400019 Chapter 2 Log Message Reference 330 ...

Page 331: ...ed Clock not updated Explanation The unit failed to establish a connection with the time sync server The clock has not been updated Gateway Action clock_not_synced Recommended Action Verify that the time sync server is running Revision 1 2 31 3 clockdrift_too_high ID 03500003 Default Severity WARNING Log Message According to the timeserver the clock has drifted clockdrift seconds s which is NOT in...

Page 332: ...Revision 1 Parameters clockdrift timeserver interval 2 31 3 clockdrift_too_high ID 03500003 Chapter 2 Log Message Reference 332 ...

Page 333: ...ameters Rule Name Packet Buffer 2 32 2 enet_hw_sender_broadcast ID 04400411 Default Severity NOTICE Log Message Ethernet hardware sender is a broadcast address Accepting Explanation The Ethernet hardware sender address is a broadcast address The packet will be accepted Gateway Action accept Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 32 3 enet_hw_sender_broadcas...

Page 334: ...ID 04400414 Default Severity NOTICE Log Message Ethernet hardware sender is a multicast address Accepting Explanation The Ethernet hardware sender address is a multicast address The packet will be accepted Gateway Action accept Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 32 6 enet_hw_sender_multicast ID 04400415 Default Severity NOTICE Log Message Ethernet hardw...

Page 335: ... Revision 1 Context Parameters Rule Name Packet Buffer 2 32 8 relay_stp_frame ID 04400417 Default Severity INFORMATIONAL Log Message Relaying STP frame from recvif to switched interfaces Explanation An incomming STP frame has been relayed to all switched interfaces in the same switch route as recif Gateway Action allow Recommended Action None Revision 1 Parameters recvif 2 32 9 dropped_stp_frame I...

Page 336: ...erity INFORMATIONAL Log Message Forwarding MPLS packet from recvif Explanation An incomming MPLS packet has been forwarded through the gateway destif indicates if it was forwarded to an ultimate destination or if it was broadcasted to over all interfaces in the switch group Gateway Action allow Recommended Action None Revision 1 Parameters recvif destif 2 32 12 dropped_mpls_packet ID 04400421 Defa...

Page 337: ...n An incomming MPLS packet has been dropped since it was malformed Gateway Action drop Recommended Action If the packet format is invalid locate the unit which is sending the malformed packet Revision 1 Parameters recvif reason 2 32 13 invalid_mpls_packet ID 04400422 Chapter 2 Log Message Reference 337 ...

Page 338: ...eceived a RADIUS Accounting START response with an Identifier mismatch Ignoring this packet Explanation The unit received a response with an invalid Identifier mismatch This can be the result of a busy network causing accounting event re sends This will be ignored Gateway Action ignore_packet Recommended Action None Revision 1 Context Parameters User Authentication 2 33 3 no_accounting_start_serve...

Page 339: ...art_server_response ID 03700005 Default Severity WARNING Log Message Logging out the authenticated user as no RADIUS Accounting START response was received from RADIUS Accounting server Explanation The authenticated user is logged out as no response to the Accounting Start event was received from the Accounting Server Gateway Action logout_user Recommended Action Verify that the RADIUS Accounting ...

Page 340: ...Gateway Action None Recommended Action None Revision 1 Context Parameters User Authentication 2 33 8 accounting_stop ID 03700008 Default Severity NOTICE Log Message Successfully received RADIUS Accounting STOP response from RADIUS Accounting server Bytes sent bytessent Bytes recv bytesrecv Packets sent packetssent Packets recv packetsrecv Session time sestime Explanation The unit received a valid ...

Page 341: ...e Accounting Server Accounting information might not have been propery received by the Accounting Server Gateway Action None Recommended Action Verify that the RADIUS Accounting server daemon is running on the Accounting Server Revision 1 Context Parameters User Authentication 2 33 11 invalid_accounting_stop_server_response ID 03700011 Default Severity ALERT Log Message Received an invalid RADIUS ...

Page 342: ...e authenticated user is logged out as an Accounting Start request did not get sent to the Accounting Server This could be a result of missing a route from the unit to the Accounting Server Gateway Action logout_user Recommended Action Verify that a route exists from the unit to the RADIUS Accounting server and that it is properly configured Revision 1 Context Parameters User Authentication 2 33 14...

Page 343: ...fault Severity NOTICE Log Message Delayed user timeout expired user is removed Explanation User did not receive any Accounting Start Response from Radius Gateway Action delayed_user_removed Recommended Action None Revision 1 Context Parameters User Authentication 2 33 17 group_list_too_long ID 03700030 Default Severity WARNING Log Message User username belongs in too many groups keeping the 32 fir...

Page 344: ...srecv packetssent packetsrecv gigawrapsent gigawraprecv sestime Context Parameters User Authentication 2 33 19 accounting_interim_failure ID 03700051 Default Severity ALERT Log Message Failed to send Accounting Interim to Authentication Server Accounting information might not be properly updated on the Accounting Server Explanation The unit failed to send an Accounting Interim event to the Account...

Page 345: ...ht not have been updated on the Accounting Server Explanation The unit received an invalid response to an Accounting Interm event from the Accounting Server Accounting information might not have been propery received by the Accounting Server Gateway Action None Recommended Action Verify that the RADIUS Accounting server is properly configured Revision 1 Context Parameters User Authentication 2 33 ...

Page 346: ...WARNING Log Message This user is already logged in Explanation A user with the same username as an already authenticated user tried to logged in and was rejected Gateway Action disallowed_login Recommended Action None Revision 1 Context Parameters User Authentication 2 33 25 user_login ID 03700102 Default Severity NOTICE Log Message User logged in Idle timeout idle_timeout Session timeout session_...

Page 347: ... Explanation The unit did not receive a response from the RADIUS Authentication server and the authentication process failed Gateway Action None Recommended Action Verify that the RADIUS Authentication server daemon is running on the Authenication Server Revision 1 Context Parameters User Authentication 2 33 28 manual_logout ID 03700106 Default Severity NOTICE Log Message User manually logged out ...

Page 348: ...n Disable the challange and response feature and use password verification instead Revision 1 Context Parameters User Authentication 2 33 31 ldap_auth_error ID 03700109 Default Severity ALERT Log Message Error during LDAP user authentication contact with LDAP server not established Explanation The unit did not receive a response from the LDAP Authentication server and the authentication process fa...

Page 349: ...on 1 Parameters reason 2 33 34 cant_create_new_request ID 03700402 Default Severity ERROR Log Message Can t create new user request Authentication aborted Explanation Can t create new user request Gateway Action authentication_failed Recommended Action Check LDAP context to work Revision 1 2 33 35 ldap_user_authentication_successful ID 03700403 Default Severity NOTICE Log Message LDAP Authenticati...

Page 350: ... of memory Gateway Action None Recommended Action None Revision 1 Parameters reason 2 33 38 user_req_new_out_of_memory ID 03700406 Default Severity ALERT Log Message Out of memory while trying to allocate new User Request Explanation The unit failed to allocate a User Request as it is out of memory Gateway Action None Recommended Action None Revision 1 Parameters reason 2 33 39 failed_admin_bind I...

Page 351: ...password from LDAP database database Explanation Cannot retrive the user password from LDAP database making user authentication impossible Gateway Action user authentication failed Recommended Action Check configuration for password attribute Revision 1 Parameters database 2 33 42 no_shared_ciphers ID 03700500 Default Severity ERROR Log Message SSL Handshake No shared ciphers exists Closing down S...

Page 352: ...y to find out if it is a part of a possible attack or normal traffic Revision 2 Parameters client_ip 2 33 44 bad_packet_order ID 03700502 Default Severity ERROR Log Message Bad SSL Handshake packet order Closing down SSL connection Explanation Two or more SSL Handshake message were received in the wrong order and the SSL connection is closed Gateway Action ssl_close Recommended Action None Revisio...

Page 353: ...yExchange message Closing down SSL connection Explanation The ClientKeyExchange message which is a part of a SSL handshake is invalid and the SSL connection is closed Gateway Action ssl_close Recommended Action None Revision 1 Parameters client_ip 2 33 48 bad_clientfinished_msg ID 03700506 Default Severity ERROR Log Message SSL Handshake Bad ClientFinished message Closing down SSL connection Expla...

Page 354: ...nnection is closed Gateway Action ssl_close Recommended Action None Revision 1 Parameters client_ip 2 33 51 negotiated_cipher_does_not_permit_the_chosen_certificate_size ID 03700509 Default Severity ERROR Log Message The negotiated cipher does not permit the chosen certificate size Closing down SSL connection Explanation The negotiated cipher was an export cipher which does not allow the chosen ce...

Page 355: ...vel description 2 33 53 sent_sslalert ID 03700511 Default Severity ERROR Log Message Sent SSL Alert Closing down SSL connection Explanation The unit has sent a SSL Alert message to the client due to some abnormal event The connection will be closed down Gateway Action close Recommended Action Consult the description parameter which contains the reason for this Revision 1 Parameters client_ip level...

Page 356: ...2 33 53 sent_sslalert ID 03700511 Chapter 2 Log Message Reference 356 ...

Reviews:

No comments

Related manuals for NetDefend SOHO DFL-160

Keezel keezel Detailed Instructions preview
keezel
Brand: Keezel Pages: 27
PaloAlto Networks PA-5200 Series Hardware Reference Manual preview
PA-5200 Series
Brand: PaloAlto Networks Pages: 8
PaloAlto Networks VM-100 Deployment Manual preview
VM-100
Brand: PaloAlto Networks Pages: 72
GajShield UTM Series Quick Start Manual preview
UTM Series
Brand: GajShield Pages: 8
Barracuda Networks NG FIREWALL Release Notes preview
NG FIREWALL
Brand: Barracuda Networks Pages: 24
Freedom9 freeGuard 100 Command Line Interface Manual preview
freeGuard 100
Brand: Freedom9 Pages: 310
ei3 Amphion S14-H Green Box User Manual preview
Amphion S14-H Green Box
Brand: ei3 Pages: 26

Brands by name

Popular brands

Load more brands