D-Link DFL-210 - NetDefend - Security Appliance, Log Reference Manual

Page 1: ...Network Security Solution http www dlink com Security Security DFL 210 800 1600 2500 DFL 260 860 1660 2560 G Ver 2 27 01 Network Security Firewall Log Reference Guide...

Page 2: ...ide DFL 210 260 800 860 1600 1660 2500 2560 2560G NetDefendOS Version 2 27 01 D Link Corporation No 289 Sinhu 3rd Rd Neihu District Taipei City 114 Taiwan R O C http www DLink com Published 2010 06 22...

Page 3: ...s for a particular purpose D Link reserves the right to revise this publication and to make changes from time to time in the content hereof without any obligation to notify any person or parties of su...

Page 4: ...nreachable ID 00200119 45 2 1 22 wcf_srv_connection_error ID 00200120 46 2 1 23 wcf_server_unreachable ID 00200121 46 2 1 24 wcf_connecting ID 00200122 46 2 1 25 wcf_server_connected ID 00200123 47 2...

Page 5: ...2 1 80 failed_to_create_connection1 ID 00200218 67 2 1 81 illegal_command ID 00200219 68 2 1 82 illegal_direction1 ID 00200220 68 2 1 83 illegal_direction2 ID 00200221 69 2 1 84 illegal_option ID 002...

Page 6: ...65 91 2 1 143 invalid_packet_received ID 00200366 91 2 1 144 failed_create_connection ID 00200367 91 2 1 145 invalid_packet_received_reopen ID 00200368 92 2 1 146 packet_out_of_sequence ID 00200369 92...

Page 7: ...ion ID 00200522 114 2 1 205 sipalg_transaction_deleted ID 00200523 115 2 1 206 sipalg_transaction_state_updated ID 00200524 115 2 1 207 no_route_found ID 00200526 115 2 1 208 failed_to_get_free_port I...

Page 8: ...on_failed ID 05800004 139 2 3 5 decompression_failed ID 05800005 139 2 3 6 compression_ratio_violation ID 05800006 140 2 3 7 compression_ratio_violation ID 05800007 140 2 3 8 compression_ratio_violati...

Page 9: ...o_new_conn_for_this_packet ID 00600013 163 2 8 10 no_return_route ID 00600014 164 2 8 11 reverse_connect_attempt ID 00600015 164 2 8 12 port_0_illegal ID 00600020 164 2 8 13 udp_src_port_0_illegal ID...

Page 10: ...ID 00900005 185 2 11 6 request_for_ip_from_non_bound_client_without_state ID 00900006 185 2 11 7 request_for_ip_from_bound_client_without_state ID 00900007 185 2 11 8 request_for_ip_from_non_bound_cli...

Page 11: ..._error ID 02200004 207 2 14 5 gre_length_error ID 02200005 208 2 14 6 gre_send_routing_loop_detected ID 02200006 208 2 14 7 unmatched_session_key ID 02200007 208 2 14 8 gre_routing_flag_set ID 0220000...

Page 12: ...D 01300014 231 2 17 15 idp_failscan ID 01300015 231 2 17 16 idp_failscan ID 01300016 232 2 18 IDPPIPES 233 2 18 1 conn_idp_piped ID 06100001 233 2 18 2 host_idp_piped ID 06100002 233 2 18 3 out_of_mem...

Page 13: ...254 2 22 23 pm_create_failed ID 01800204 254 2 22 24 failed_to_start_ipsec ID 01800206 254 2 22 25 failed_create_audit_module ID 01800207 255 2 22 26 failed_to_configure_IPsec ID 01800210 255 2 22 27...

Page 14: ...me ID 01802046 272 2 22 85 ipsec_sa_lifetime ID 01802047 273 2 22 86 ipsec_sa_lifetime ID 01802048 273 2 22 87 ipsec_sa_informal ID 01802058 273 2 22 88 ipsec_invalid_protocol ID 01802059 274 2 22 89...

Page 15: ...te_access_subnets ID 01802714 290 2 22 146 event_on_ike_sa ID 01802715 290 2 22 147 ipsec_sa_selection_failed ID 01802717 290 2 22 148 certificate_search_failed ID 01802718 291 2 22 149 ipsec_sa_event...

Page 16: ...2 308 2 24 3 ip_rsv_flag_set ID 01600003 308 2 25 IP_OPT 310 2 25 1 source_route ID 01700001 310 2 25 2 timestamp ID 01700002 310 2 25 3 router_alert ID 01700003 310 2 25 4 ipopt_present ID 01700004 3...

Page 17: ...us_accounting ID 02800017 331 2 27 16 l2tpclient_tunnel_up ID 02800018 332 2 27 17 malformed_packet ID 02800019 332 2 27 18 waiting_for_ip_to_listen_on ID 02800050 332 2 28 NATPOOL 333 2 28 1 uninitia...

Page 18: ...a ID 02400300 353 2 29 48 internal_error_unable_to_map_identifier ID 02400301 354 2 29 49 lsa_size_too_big ID 02400302 354 2 29 50 memory_usage_exceeded_70_percent_of_max_allowed ID 02400303 354 2 29...

Page 19: ...700012 371 2 32 13 pptp_session_up ID 02700013 372 2 32 14 tunnel_idle_timeout ID 02700014 372 2 32 15 session_idle_timeout ID 02700015 373 2 32 16 pptpclient_start ID 02700017 373 2 32 17 pptpclient_...

Page 20: ...r_console_denied ID 04900007 393 2 36 8 sesmgr_session_maximum_reached ID 04900008 393 2 36 9 sesmgr_allocate_error ID 04900009 393 2 36 10 sesmgr_session_activate ID 04900010 394 2 36 11 sesmgr_sessi...

Page 21: ...03200400 413 2 41 14 log_messages_lost_due_to_log_buffer_exhaust ID 03200401 414 2 41 15 ssl_encryption_failed ID 03200450 414 2 41 16 bidir_fail ID 03200600 414 2 41 17 disk_cannot_remove_file ID 03...

Page 22: ...cale ID 03400018 437 2 43 17 mismatching_tcp_window_scale ID 03400019 437 2 44 THRESHOLD 439 2 44 1 conn_threshold_exceeded ID 05300100 439 2 44 2 reminder_conn_threshold ID 05300101 439 2 44 3 conn_t...

Page 23: ...ges_not_supported ID 03700108 460 2 47 31 ldap_auth_error ID 03700109 460 2 47 32 user_logout ID 03700110 460 2 47 33 ldap_session_new_out_of_memory ID 03700401 461 2 47 34 cant_create_new_request ID...

Page 24: ..._to_create_rule ID 03800007 472 2 49 8 failed_writing_zonededense_state_to_media ID 03800008 473 2 49 9 failed_to_create_access_rule ID 03800009 473 2 49 10 no_response_trying_to_erase_profile ID 0380...

Page 25: ...List of Tables 1 Abbreviations 28 25...

Page 26: ...List of Examples 1 Log Message Parameters 27 2 Conditional Log Message Parameters 27 26...

Page 27: ...the name of a conditional log message parameter Example 1 Log Message Parameters Log Message New configuration activated by user username and committed via authsystem Parameters authsystem username B...

Page 28: ...otocol Security L2TP Layer 2 Tunneling Protocol NAT Network Address Translation OSPF Open Shortest Path First PPP Point to Point Protocol PPPoE Point to Point Protocol over Ethernet RADIUS Remote Auth...

Page 29: ...fies the log message The first 3 digits identify the category to which the log message belongs Note In this guide the Name and the ID of the log message form the title of the section describing the lo...

Page 30: ...featured in this reference guide and is never actually included in the log message Revision The current revision of the log message This is increased each time a log message is changed between two rel...

Page 31: ...d The name of the ALG sub module ALG Session ID Each ALG session has its own session ID which uniquely identifies an ALG session This is useful for example when matching the opening of an ALG session...

Page 32: ...ination unreachable or redirect Connection Additional information about a connection Certain parameters may or may not be included depending on the type and status of the connection For example the nu...

Page 33: ...T source rule Valid if the rule action is SAT satdestrule The name of the SAT destination rule Valid if the rule action is SAT srcusername The name of the authenticated user in the source network obje...

Page 34: ...A Dynamic Route Additional information about events regarding a dynamic route event The dynamic routing event that occurred Possible values add remove modify export unexport and unknown from Originati...

Page 35: ...e unit 4 Warning Warning conditions which could affect the functionality of the unit 5 Notice Normal but significant conditions 6 Informational Informational conditions 7 Debug Debug level events Prio...

Page 36: ...1 3 Severity levels Chapter 1 Introduction 36...

Page 37: ...P page 168 DHCPRELAY page 174 DHCPSERVER page 184 DYNROUTING page 193 FRAG page 196 GRE page 207 HA page 210 HWM page 220 IDP page 225 IDPPIPES page 233 IDPUPDATE page 236 IFACEMON page 239 IPPOOL pag...

Page 38: ...FENSE page 471 Sort Order All log messages are sorted by their category and then by their ID number 2 1 ALG These log messages refer to the ALG Events from Application Layer Gateways category 2 1 1 al...

Page 39: ...lose Recommended Action If the maximum line length is configued too low increase it Revision 1 Parameters len max Context Parameters ALG Module Name ALG Session ID 2 1 4 alg_session_allocation_failure...

Page 40: ...URL The reason for this is problaby because the requested URL has an invalid format or it contains invalid UTF8 formatted characters Gateway Action close Recommended Action Make sure that the request...

Page 41: ...the server is sending such large amounts of suspicious data Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 9 invalid_chunked_encoding ID 00200107 Default Severity...

Page 42: ...rver ignored this and sent compressed data anyway As content processing will not work if the data is compressed the connection will be closed Gateway Action close Recommended Action Research the sourc...

Page 43: ...e HTTP Server Closing connection ALG name algname Explanation The unit failed to connect to the HTTP Server resulting in that the ALG session could not be successfully opened Gateway Action close Reco...

Page 44: ...iltering has been disabled due to license restriction Gateway Action no_valid_license Recommended Action Extend valid time for Content Filtering Revision 2 Context Parameters ALG Module Name 2 1 18 ma...

Page 45: ...dule Name ALG Session ID 2 1 20 out_of_memory ID 00200118 Default Severity CRITICAL Log Message HTTPALG Failed to allocate memory Explanation The unit does not have enough available RAM WCF could not...

Page 46: ...name Context Parameters ALG Module Name ALG Session ID 2 1 23 wcf_server_unreachable ID 00200121 Default Severity ERROR Log Message HTTPALG Failed to connect to web content server failedserver Explana...

Page 47: ...ID 00200124 Default Severity INFORMATIONAL Log Message HTTPALG Falling back from secondary servers to primary server Explanation Web Content Filtering falls back to primary server after 60 minutes or...

Page 48: ...ded Action None Revision 2 Parameters categories audit override url algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2 1 29 wcf_server_auth_failed ID 00200127 Default Se...

Page 49: ...url Categories categories Audit audit Override override ALG name algname Explanation The URL has been requested Gateway Action allow_audit_mode Recommended Action None Revision 2 Parameters categories...

Page 50: ...idden URL url eventhough Restricted Site Notice was applied ALG name algname Explanation The URL has been requested and the categories are forbidden Restricted Site Notice was applied Gateway Action a...

Page 51: ...algname Explanation The URL has been requested Gateway Action allow Recommended Action None Revision 1 Parameters categories audit override url user algname Context Parameters Connection Connection AL...

Page 52: ...l user algname Context Parameters Connection Connection ALG Module Name ALG Session ID 2 1 39 restricted_site_notice ID 00200138 Default Severity WARNING Log Message HTTPALG User requests the forbidde...

Page 53: ...Connection Connection ALG Module Name ALG Session ID 2 1 41 wcf_mem_optimized ID 00200140 Default Severity DEBUG Log Message HTTPALG Optimizing WCF memory usage Explanation The Web Content Filtering...

Page 54: ...her than the configured value Gateway Action session_rejected Recommended Action This can be a possible DOS attack Revision 2 Parameters sender_email_address Context Parameters ALG Module Name ALG Ses...

Page 55: ...Gateway Action close Recommended Action If possible verify response codes sent from server Revision 3 Context Parameters Connection ALG Module Name ALG Session ID 2 1 47 sender_email_id_mismatched ID...

Page 56: ...CPT TO e mail address is in Black List SMTP ALG rejected the client request Gateway Action reject Recommended Action None Revision 1 Parameters sender_email_address recipient_email_addresses Context P...

Page 57: ...mail_addresses Context Parameters ALG Module Name ALG Session ID 2 1 52 base64_decode_failed ID 00200165 Default Severity ERROR Log Message SMTPALG Base 64 decode failed Attachment is allowed Explanat...

Page 58: ...ntent type mismatch in file filename Identified filetype filetype Explanation The filetype of the file does not match the actual content type As there is a content type mismatch data is discarded Gate...

Page 59: ...tion Content type should be matched Revision 3 Parameters filename filetype sender_email_address recipient_email_addresses Context Parameters ALG Module Name ALG Session ID 2 1 57 all_recipient_email_...

Page 60: ...saction will be terminated Gateway Action block Recommended Action Research how the client is sending invalid end of mail Revision 1 Parameters sender_email_address recipient_email_addresses Context P...

Page 61: ...teway Action ignore Recommended Action None Revision 1 Context Parameters ALG Module Name ALG Session ID 2 1 63 failed_send_reply_code ID 00200181 Default Severity ERROR Log Message SMTPALG Could not...

Page 62: ...2 1 66 cmd_pipelined ID 00200186 Default Severity ERROR Log Message SMTPALG Received pipelined request Explanation The SMTP ALG does not support pipelined requests The appearance of this log message...

Page 63: ...Action None Revision 1 Parameters sender_email_address Context Parameters ALG Module Name ALG Session ID 2 1 69 illegal_data_direction ID 00200202 Default Severity ERROR Log Message FTPALG TCP data f...

Page 64: ...e Revision 1 Context Parameters ALG Module Name ALG Session ID Rule Information Connection 2 1 72 illegal_chars ID 00200210 Default Severity WARNING Log Message FTPALG 8 bit characters in control chan...

Page 65: ...ID Connection 2 1 74 illegal_command ID 00200212 Default Severity WARNING Log Message FTPALG Failed to parse command from peer as a FTP command String string Closing connection Explanation An invalid...

Page 66: ...a PORT command which is not valid since the client is not allowed to do active FTP The command will be rejected Gateway Action rejecting_command Recommended Action If the client should be allowed to d...

Page 67: ...r string Context Parameters ALG Module Name ALG Session ID Connection 2 1 79 illegal_port_number ID 00200217 Default Severity CRITICAL Log Message FTPALG Illegal PORT command from peer port port not a...

Page 68: ...lanation The client tried to issue a SITE EXEC command which is not valid since the client is not allowed to do this The command will be rejected Gateway Action rejecting_command Recommended Action If...

Page 69: ...rs ALG Module Name ALG Session ID Connection 2 1 84 illegal_option ID 00200222 Default Severity WARNING Log Message FTPALG Invalid OPTS argument from peer String string Rejecting command Explanation A...

Page 70: ...xplanation An unknown OPTS argument was received and the command will be rejected Gateway Action rejecting_command Recommended Action If unknown commands should be allowed modify the FTPALG configurat...

Page 71: ...ation Revision 1 Parameters peer string Context Parameters ALG Module Name ALG Session ID Connection 2 1 89 illegal_reply ID 00200228 Default Severity WARNING Log Message FTPALG Illegal numerical repl...

Page 72: ...sive mode response from peer String string Closing connection Explanation An illegal response was received from the server and the connection is closed Gateway Action close Recommended Action None Rev...

Page 73: ...omised and should not be trusted Revision 1 Parameters peer port range string Context Parameters ALG Module Name ALG Session ID Connection 2 1 94 bad_ip ID 00200234 Default Severity CRITICAL Log Messa...

Page 74: ...d_to_create_server_data_connection ID 00200236 Default Severity ERROR Log Message FTPALG Failed to create server data connection Peer peer Connection connection Explanation An error occured when creat...

Page 75: ...R Log Message FTPALG Internal Error failed to merge conns Closing connection Explanation An internal error occured when two connections were being merged into one and the connection will be closed Gat...

Page 76: ...R Log Message FTPALG Failed to connect to the FTP Server Closing connection Explanation The unit failed to connect to the FTP Server resulting in that the ALG session could not be successfully opened...

Page 77: ...not be sent to AVSE for scanning since file transfer begins from within the middle of the file The scanning process will fail for compressed files Gateway Action data_blocked_control_and_data_channel_...

Page 78: ...ce Fail Mode is Allow Gateway Action allow_data_without_scan Recommended Action Update Fail Mode parameter if the file should be blocked Revision 2 Parameters filename filetype Context Parameters ALG...

Page 79: ...arser is in unknown state Explanation The H 225 parser failed to parse the H 225 message The ALG session will be closed Gateway Action None Recommended Action None Revision 1 Parameters peer state Con...

Page 80: ...ity WARNING Log Message H323ALG Encoding of message from peer failed Closing session Explanation The ASN 1 encoder failed to encode the message The ALG session will be closed Gateway Action close Reco...

Page 81: ...nded Action None Revision 1 Parameters peer message_type Context Parameters ALG Module Name ALG Session ID Connection 2 1 116 decode_failed ID 00200306 Default Severity WARNING Log Message H323ALG Fai...

Page 82: ...channels has been reached for this session Gateway Action None Recommended Action If the maximum number of TCP data channels per session is too low increase it Revision 1 Parameters max_channels Conte...

Page 83: ...G Session ID Connection 2 1 121 com_mode_response_message_not_translated ID 00200311 Default Severity WARNING Log Message H323ALG CommunicationModeResponse not translated Explanation The H 245 Communi...

Page 84: ...nless the system increases the amount of free memory Gateway Action close Recommended Action None Revision 1 Context Parameters ALG Module Name 2 1 124 max_h323_gk_sessions_reached ID 00200314 Default...

Page 85: ...resulting in that the ALG session could not open successfully Gateway Action close Recommended Action Verify that there is a listening H 323 Server on the specified address Revision 1 Context Paramete...

Page 86: ...nvalid characters Closing connection Gateway Action reject Recommended Action If all characters in filenames should be allowed modify the TFTP Alg configuration Revision 1 Parameters filename Context...

Page 87: ...e Explanation Option contained no readable value Closing connection Gateway Action reject Recommended Action None Revision 1 Parameters option Context Parameters ALG Module Name ALG Session ID Connect...

Page 88: ...ID 00200358 Default Severity WARNING Log Message TFTPALG Option tsize value value exceeding allowed value maxvalue Explanation Option tsize value exceeding allowed value Closing connection Gateway Ac...

Page 89: ...d Action None Revision 1 Parameters option Context Parameters ALG Module Name ALG Session ID Connection 2 1 138 option_value_invalid ID 00200361 Default Severity WARNING Log Message TFTPALG Option opt...

Page 90: ...e value should be allowed modify the TFTP Alg configuration Revision 1 Parameters old_blksize new_blksize Context Parameters ALG Module Name ALG Session ID Connection 2 1 141 max_tftp_sessions_reached...

Page 91: ...d packet Opcode opcode Packet length packet_length Explanation Received invalid packet Closing connection Gateway Action close Recommended Action None Revision 1 Parameters opcode packet_length Contex...

Page 92: ...ut_of_sequence ID 00200369 Default Severity WARNING Log Message TFTPALG Received packet out of sequence opcode opcode packet length packet_length Explanation Received packet out of sequence Closing co...

Page 93: ...configuration Revision 1 Context Parameters ALG Module Name ALG Session ID Connection 2 1 149 failed_strip_option ID 00200372 Default Severity ERROR Log Message TFTPALG Failed to strip options intern...

Page 94: ...ers ALG Module Name ALG Session ID Connection 2 1 152 max_pop3_sessions_reached ID 00200380 Default Severity WARNING Log Message POP3ALG Maximum number of POP3 sessions max_sessions for service reache...

Page 95: ...POP3 Server resulting in that the ALG session could not be successfully opened Gateway Action close Recommended Action Verify that there is a listening POP3 Server on the specified address Revision 1...

Page 96: ...ver is sending unknown response The response will be blocked Gateway Action block Recommended Action None Revision 1 Parameters command response Context Parameters ALG Module Name ALG Session ID 2 1 1...

Page 97: ...verity WARNING Log Message POP3ALG Command line blocked line begins with linebegin Invalid line length len Explanation The client is sending command with invalid command length The command will be blo...

Page 98: ...ext Parameters ALG Module Name 2 1 163 content_type_mismatch_mimecheck_disabled ID 00200391 Default Severity NOTICE Log Message POP3ALG Content type mismatch found for the file filename It is identifi...

Page 99: ...wed The command will be blocked Gateway Action block Recommended Action If the command are to be allowed change the Alg configuration Note The STLS command is allways blocked Revision 1 Parameters com...

Page 100: ...WARNING Log Message POP3ALG Mail contains invalid line endings Explanation Mail contains invalid line endings Gateway Action block Recommended Action Research why mail contains invalid line endings R...

Page 101: ...failed_create_new_session ID 00200451 Default Severity WARNING Log Message TLSALG Failed to create new TLSALG session out of memory Explanation An attempt to create a new TLSALG session failed becaus...

Page 102: ...eters ALG Module Name ALG Session ID 2 1 174 tls_renegotiation_attempted ID 00200454 Default Severity WARNING Log Message TLSALG TLS renegotiation attempted but not supported Explanation The TLS peer...

Page 103: ...ey to perform the key exchange The certificate can not be sent and the TLS ALG session will be closed Gateway Action close Recommended Action Change cipher suites and or certificate Revision 1 Paramet...

Page 104: ...l traffic Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 179 tls_invalid_message ID 00200459 Default Severity ERROR Log Message TLSALG Invalid TLS message_type mes...

Page 105: ...ters ALG Module Name ALG Session ID 2 1 182 tls_out_of_memory ID 00200462 Default Severity ERROR Log Message TLSALG Out of memory Explanation The unit was unable to allocate the memory required to pro...

Page 106: ...e closed Gateway Action close Recommended Action None Revision 1 Parameters algname Context Parameters ALG Module Name ALG Session ID 2 1 185 sdp_message_parsing_failed ID 00200501 Default Severity ER...

Page 107: ...fault Severity ERROR Log Message SIPALG SIP message parsing failed Explanation SIP part of message failed parsing due to malformed message Reason reason Gateway Action drop Recommended Action Examine...

Page 108: ...IP URI has been reached Gateway Action close Recommended Action If the maximum number of SIPALG sessions per SIP URI is too low increase it Revision 2 Parameters max_ses_per_id from_uri to_uri srcip s...

Page 109: ...meters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 192 sip_request_response_timeout ID 00200508 Default Severity WARNING Log Message SIPALG SIP request...

Page 110: ...tport Context Parameters ALG Module Name 2 1 194 unsuccessful_registration ID 00200510 Default Severity WARNING Log Message SIPALG Unsuccessful registration Explanation The user failed to register Rea...

Page 111: ...be found in the register table Reason reason Gateway Action drop Recommended Action None Revision 2 Parameters reason from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name...

Page 112: ...Revision 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 199 failed_to_find_session ID 00200515 Default Severity ERROR Log Message SIPALG Fail...

Page 113: ...efault Severity DEBUG Log Message SIPALG SIP ALG session state updated Explanation The SIP ALG session state updated to session_state state Gateway Action allow Recommended Action None Revision 2 Para...

Page 114: ...way Action drop Recommended Action None Revision 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 204 failed_to_find_transaction ID 00200522 Def...

Page 115: ...rs ALG Module Name ALG Session ID 2 1 206 sipalg_transaction_state_updated ID 00200524 Default Severity DEBUG Log Message SIPALG Transaction state updated Explanation A SIP ALG transaction state has b...

Page 116: ...r for the given host Explanation Failed to get free port for the given host Reason reason Gateway Action drop Recommended Action The system is unstable and might require a reboot Revision 2 Parameters...

Page 117: ...n 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 211 failed_to_update_contact ID 00200530 Default Severity ERROR Log Message SIPALG Failed to...

Page 118: ...Severity ERROR Log Message SIPALG Failed to modify via in message Explanation Failed to modify the via header in message for method request Gateway Action drop Recommended Action None Revision 2 Para...

Page 119: ...ateway Action drop Recommended Action None Revision 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 216 failed_to_modify_request ID 00200535 De...

Page 120: ...ID 00200537 Default Severity WARNING Log Message SIPALG General Error Explanation General error while processing message Reason reason Gateway Action drop Recommended Action None Revision 2 Parameter...

Page 121: ...op Recommended Action Change configuration to free up more RAM Revision 1 Parameters message 2 1 221 null_sip_message_received ID 00200540 Default Severity ERROR Log Message SIPALG SIP packet receptio...

Page 122: ...Parameters ALG Module Name 2 1 224 dns_resolution_failed ID 00200545 Default Severity CRITICAL Log Message Failed to do dns resolve Explanation An attempt to resolve dns failed Reason reason Gateway...

Page 123: ...dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters ALG Module Name 2 1 227 failed_to_parse_media ID 00200549 Default Severity ERROR Log Message SIPALG Failed to parse me...

Page 124: ...n_per_session_reached ID 00200551 Default Severity WARNING Log Message SIPALG Maximum number of sessions per Service has been reached Explanation The configured maximum number of transaction max_tsxn_...

Page 125: ...on_invalid_state Gateway Action close Recommended Action None Revision 2 Parameters session_invalid_state from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 232 sipal...

Page 126: ...rcport destip destport Context Parameters ALG Module Name 2 1 234 failed_to_find_callleg ID 00200556 Default Severity WARNING Log Message SIPALG Failed to find callleg Explanation Failed to find calll...

Page 127: ...deleted Explanation The callleg for method request is deleted Gateway Action close Recommended Action None Revision 2 Parameters method from_uri to_uri srcip srcport destip destport Context Parameter...

Page 128: ...ameters callleg_state from_uri to_uri srcip srcport destip destport Context Parameters ALG Module Name 2 1 239 failed_to_modify_sat_request ID 00200561 Default Severity ERROR Log Message SIPALG Failed...

Page 129: ...PTPALG Failed to create new PPTPALG session out of memory Explanation An attempt to create a new PPTPALG session failed The unit has run out of memory Gateway Action close Recommended Action Decrease...

Page 130: ...emoved Explanation A PPTP tunnel has been removed between the PPTP client and the PPTP ALG Gateway Action None Recommended Action None Revision 1 Context Parameters ALG Session ID ALG Module Name 2 1...

Page 131: ...evision 1 Context Parameters ALG Session ID ALG Module Name 2 1 248 pptp_malformed_packet ID 00200609 Default Severity WARNING Log Message Malformed packet received from remotegw on iface Explanation...

Page 132: ...gateway Gateway Action None Recommended Action None Revision 1 Context Parameters ALG Session ID ALG Module Name 2 1 249 pptp_tunnel_established_server ID 00200610 Chapter 2 Log Message Reference 132...

Page 133: ...sion 1 Parameters sender_email_address drop_address Context Parameters ALG Module Name ALG Session ID 2 2 2 dnsbl_allocate_error ID 05900800 Default Severity EMERGENCY Log Message Could not allocate m...

Page 134: ...NOTICE Log Message Session created for IP ipaddr for algname Explanation Session created and awaiting processing Gateway Action none Recommended Action None Revision 1 Parameters type algname ipaddr 2...

Page 135: ...sabled Explanation The DNSBL has been disabled due to few active BlackLists Gateway Action none Recommended Action Check configuration of DNSBL Revision 1 Parameters type algname 2 2 9 dnsbl_active ID...

Page 136: ...as it failed to respond to the query Gateway Action none Recommended Action Check configuration if keeps begin disabled Revision 1 Parameters type algname blacklist 2 2 12 dnsbl_txtrecord_truncated ID...

Page 137: ...ion with IP ipaddr for algname Explanation DNSBL name will not fit the string buffer and will be truncated Gateway Action none Recommended Action None Revision 1 Parameters type algname ipaddr 2 2 13...

Page 138: ...s filename virusname virussig advisoryid layer7_srcinfo layer7_dstinfo Context Parameters ALG Module Name ALG Session ID Connection 2 3 2 virus_found ID 05800002 Default Severity WARNING Log Message V...

Page 139: ...Message Decompression error for file filename Explanation The file could not be scanned by the anti virus module since the decompression of the compressed file failed Since anti virus is running in pr...

Page 140: ...ession ratio higher than the specified value Action is set to continue scan Gateway Action continue_scan Recommended Action Files with too high compression ratio can consume large amount of resources...

Page 141: ...ratio can consume large amount of resources This can be a DOS attack Revision 1 Parameters filename comp_ratio layer7_srcinfo layer7_dstinfo Context Parameters ALG Module Name ALG Session ID Connecti...

Page 142: ...800011 Default Severity ERROR Log Message Anti virus scan engine failed for the file filename Explanation An error occured in the anti virus scan engine Since anti virus is running in protect mode the...

Page 143: ...Anti virus scanning can be turned off in order to avoid future postings of this log message Revision 2 Context Parameters ALG Session ID 2 3 14 no_signature_database ID 05800016 Default Severity CRIT...

Page 144: ...der to free up more RAM Revision 2 Context Parameters ALG Session ID 2 3 17 decompression_failed_encrypted_file ID 05800024 Default Severity WARNING Log Message Decompression failed for file filename...

Page 145: ...me ALG Session ID Connection 2 3 19 unknown_encoding ID 05800182 Default Severity WARNING Log Message SMTPALG Content transfer encoding is unknown or not present Explanation Antivirus module cannot sc...

Page 146: ...known Fail Mode is deny so data is blocked Gateway Action block_data Recommended Action None Revision 1 Parameters filename unknown_content_transfer_encoding sender_email_address Context Parameters AL...

Page 147: ...Context Parameters ALG Module Name ALG Session ID 2 3 22 unknown_encoding ID 05800185 Chapter 2 Log Message Reference 147...

Page 148: ...sage ARP query sender IP is 0 0 0 0 Explanation The source IP address of an ARP query is 0 0 0 0 Allowing Gateway Action allow Recommended Action If this is not the desired behaviour modify the config...

Page 149: ...e the case if there are load balancing network equipment in the network Allowing Gateway Action allow Recommended Action If this is not the desired behaviour modify the configuration Revision 1 Contex...

Page 150: ...r processing Explanation A known dynamic ARP entry has a different hardware address than the one in the ARP packet Allowing packet for further processing Gateway Action allow_processing Recommended Ac...

Page 151: ...rule in access section Explanation The ARP sender IP address is verified by an expect rule in the access section Gateway Action access_allow Recommended Action None Revision 1 Context Parameters Rule...

Page 152: ...e load balancing network equipment in the network Dropping packet Gateway Action drop Recommended Action If this is not the desired behaviour modify the configuration Revision 1 Context Parameters Rul...

Page 153: ...planation A known dynamic ARP entry has a different hardware address than the one in the ARP packet Dropping packet Gateway Action drop Recommended Action If this is not the desired behaviour modify t...

Page 154: ...base_downloaded ID 05000002 Default Severity NOTICE Log Message New anti virus database downloaded Explanation An updated version of the anti virus database has been downloaded which will now be used...

Page 155: ...manual antivirus update has been performed Gateway Action antivirus_disabled Recommended Action Check and set the system time correct and perform a manual antivirus update Revision 1 Parameters date 2...

Page 156: ...Recommended Action None Revision 1 2 5 7 unsynced_databases ID 05000008 Chapter 2 Log Message Reference 156...

Page 157: ...everity WARNING Log Message Unable to allocate static entry for host Explanation Unable to allocate static entry Unit is low on memory Gateway Action no_block Recommended Action Review the configurati...

Page 158: ...on Protocol proto IP ip Port port Explanation A blacklist entry was added which matched the IP address of this packet Thus it was dropped accordingly Gateway Action drop Recommended Action Investigate...

Page 159: ...triggered dynamic blacklisting Revision 1 Parameters rule description proto ip port 2 6 6 packet_blacklisted ID 04600006 Chapter 2 Log Message Reference 159...

Page 160: ...n If this is a reoccurring event try increasing the number of HighBuffers Revision 1 Parameters duration buf_usage 2 7 2 buffers_profile ID 00500002 Default Severity DEBUG Log Message Buffer requested...

Page 161: ...g Message Connection closed Explanation A connection has been closed Gateway Action close Recommended Action None Revision 1 Context Parameters Rule Information Connection 2 8 3 connection_table_full...

Page 162: ...tion closed Explanation A connection has been closed Gateway Action close Recommended Action None Revision 1 Context Parameters Rule Information Connection 2 8 6 out_of_connections ID 00600010 Default...

Page 163: ...cket since the combination of TCP flags is wrong Only packets with the SYN TCP flag set as the only TCP flag are allowed to open a new TCP connection Gateway Action reject Recommended Action None Revi...

Page 164: ...5 Default Severity WARNING Log Message Disallowed reverse connect attempt from peer Dropping Explanation State inspector does not allow this packet in reverse direction on the already opened connectio...

Page 165: ...acket Buffer 2 8 14 udp_src_port_0_forwarded ID 00600022 Default Severity WARNING Log Message UDP source port is set to 0 Forwards packet Explanation The UDP source port was set to 0 This can be used...

Page 166: ...TIONAL Log Message FTPALG Incoming passive data channel Explanation A passive data channel connection has been established Gateway Action None Recommended Action None Revision 1 Context Parameters ALG...

Page 167: ...e FTPALG Passive data channel closed Explanation A passive data channel was closed Gateway Action None Recommended Action None Revision 1 Context Parameters ALG Module Name ALG Session ID Rule Informa...

Page 168: ...2 lease_changed ID 00700002 Default Severity WARNING Log Message Some vital parameter s in the lease on interface iface have changed restarting DHCP process Explanation The DHCP server have updated s...

Page 169: ...Severity NOTICE Log Message Interface iface lease expired Explanation A lease have expired and the ip data for this interface are no longer valid Gateway Action restart Recommended Action Check connec...

Page 170: ...erver configuration Revision 1 Parameters iface server_id Context Parameters Packet Buffer 2 9 8 invalid_netmask ID 00700009 Default Severity WARNING Log Message Interface iface received a lease with...

Page 171: ...teway Action drop Recommended Action Check DHCP server configuration Revision 1 Parameters iface offered_ip Context Parameters Packet Buffer 2 9 11 invalid_gateway ID 00700012 Default Severity WARNING...

Page 172: ...h if used will cause an IP collision with a configured route Gateway Action drop Recommended Action Check DHCP server configuration and the SG interface configuration Revision 1 Parameters iface dhcp_...

Page 173: ...Context Parameters Packet Buffer 2 9 14 route_collision ID 00700015 Chapter 2 Log Message Reference 173...

Page 174: ...was successfully auto saved to disk Explanation The DHCP relay list was successfully written to disk Gateway Action None Recommended Action None Revision 1 2 10 3 dhcp_pkt_too_small ID 00800003 Defau...

Page 175: ...ommended Action Verify packets per minute limit Revision 1 Context Parameters Packet Buffer 2 10 6 relayer_resuming ID 00800006 Default Severity NOTICE Log Message The relayer is now resuming packets_...

Page 176: ...n_state ID 00800009 Default Severity WARNING Log Message Got server reply without transaction state for client client_hw Dropping Explanation Received a server reply without a matching transaction sta...

Page 177: ...2 Default Severity WARNING Log Message Request ignored according to the ruleset Explanation A DHCP relay request was ignored according to the rules Gateway Action ignore Recommended Action None Revisi...

Page 178: ...RM packet passed a relayer but the client ip isnt set Dropping Explanation Received relayed INFORM DHCP packet with illegally missing client IP Gateway Action drop Recommended Action Investigate what...

Page 179: ...Severity WARNING Log Message Unable to get free transaction state for client client_hw Dropping Explanation Unable to get a free transaction state to handle client request Gateway Action drop Recomme...

Page 180: ...ket Buffer 2 10 21 relayed_request ID 00800021 Default Severity NOTICE Log Message Relayed BOOTP request from client client_hw to dest_ip Explanation Relayed a BOOTP request Gateway Action None Recomm...

Page 181: ...rules Gateway Action drop Recommended Action Verify allowed lease addresses setting Revision 1 Parameters iface server_ip ip Context Parameters Rule Name Packet Buffer 2 10 24 illegal_client_ip_assig...

Page 182: ...d_dhcp_reply ID 00800026 Default Severity NOTICE Log Message Relayed DHCP reply type to client client_hw Explanation Relayed DHCP reply to client Gateway Action None Recommended Action None Revision 1...

Page 183: ...meters type gateway_ip Context Parameters Rule Name Packet Buffer 2 10 29 relayed_bootp_reply ID 00800029 Default Severity NOTICE Log Message Relayed BOOTP reply to gateway gateway_ip Explanation Rela...

Page 184: ...nable to send reply since the DHCP option section is too big Gateway Action drop Recommended Action Reduce the number of used DHCP options Revision 1 2 11 3 unable_to_save_lease_db ID 00900003 Default...

Page 185: ...ent_without_state ID 00900006 Default Severity WARNING Log Message Received a request from client not in bound client for IP client_ip without state Rejecting Explanation Received a request from a non...

Page 186: ...client client_ip Context Parameters Packet Buffer 2 11 9 all_ip_pools_depleted ID 00900010 Default Severity WARNING Log Message All IP pools are depleted Unable to handle request Ignoring Explanation...

Page 187: ...ID 00900013 Default Severity NOTICE Log Message Offer for IP client_ip timed out Was offered to client client_hw Explanation An offer to a client was never accepted and timed out Gateway Action lease_...

Page 188: ...depleted ID 00900016 Default Severity NOTICE Log Message All IPs in the pool are now in use Explanation All IPs the the pool have been consumed Gateway Action None Recommended Action Extend the pool t...

Page 189: ...acket Buffer 2 11 18 client_bound ID 00900019 Default Severity NOTICE Log Message Client client_hw accepted IP client_ip Client is now bound Explanation Client accepted the IP address and are now boun...

Page 190: ...ent_hw client_ip Context Parameters Rule Name Packet Buffer 2 11 21 decline_for_ip_on_wrong_iface ID 00900022 Default Severity NOTICE Log Message Got decline for ip client_ip on wrong interface recv r...

Page 191: ...IP Gateway Action blacklist Recommended Action Check network for statically configured hosts or incorrectly proxy ARPed routes Revision 1 Parameters client_hw client_ip Context Parameters Rule Name P...

Page 192: ...nsistent routes Revision 1 Parameters client_hw client_ip recv_if client_if Context Parameters Rule Name Packet Buffer 2 11 26 released_by_client ID 00900027 Default Severity NOTICE Log Message Client...

Page 193: ...ext Parameters Dynamic Route Rule Name Route 2 12 2 route_exported_to_ospf_as ID 01100002 Default Severity NOTICE Log Message Route exported to OSPF AS Explanation A route was just exported to a OSPF...

Page 194: ...2 12 5 route_added ID 01100005 Default Severity NOTICE Log Message Route added Explanation A route was just added Gateway Action None Recommended Action None Revision 1 Context Parameters Dynamic Rout...

Page 195: ...2 12 6 route_removed ID 01100006 Chapter 2 Log Message Reference 195...

Page 196: ...ned fragments Dropping Explanation An Internal Error occured when freeing an active fragment Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Dropped Fragments...

Page 197: ...Revision 1 Parameters srcip destip ipproto fragid fragact frags Context Parameters Dropped Fragments Rule Name 2 13 5 fail_suspect_timeout ID 02000005 Default Severity CRITICAL Log Message Time out re...

Page 198: ...ments Rule Name 2 13 7 disallowed_suspect ID 02000007 Default Severity WARNING Log Message Dropping stored fragments of disallowed suspect packet Frags frags srcip destip ipproto FragID fragid State f...

Page 199: ...of illegal packet Frags frags srcip destip ipproto FragID fragid State fragact Explanation The fragments of an illegal IP packet were dropped Gateway Action drop Recommended Action None Revision 1 Pa...

Page 200: ...commended Action None Revision 1 Parameters state Context Parameters Dropped Fragments Rule Name 2 13 12 drop_duplicate_frag_suspect_packet ID 02000012 Default Severity WARNING Log Message Dropping du...

Page 201: ...utside of the allowed IP size range Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters minipdatalen maxipdatalen Context Parameters Rule Name Packet Buffer 2 13 15 no_av...

Page 202: ...aximum maxipdatalen Explanation The fragment offset plus length would result in a greater length than the configured maximum length of an IP packet Dropping packet Gateway Action drop Recommended Acti...

Page 203: ...an already received fragment but the fragment lengths differ Dropping packet Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 13 21 duplicate_frag_wi...

Page 204: ...owed IP packet which may contain illegal fragments is dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 13 24 drop_frag_disallowed_packet ID 0...

Page 205: ...l fragments is dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Rule Name Packet Buffer 2 13 27 drop_frag_failed_packet ID 02000027 Default Severity WARNING Log Messag...

Page 206: ...rity CRITICAL Log Message Internal Error Contains fragments even when freeing Dropping Explanation An Internal Error occured when freeing an active fragment Dropping packet Gateway Action drop Recomme...

Page 207: ...verity WARNING Log Message GRE packet with bad flag s Packet dropped Explanation Received GRE packet with a bad flag combination Gateway Action drop Recommended Action Check GRE endpoint configuration...

Page 208: ...sion 1 Context Parameters Packet Buffer 2 14 6 gre_send_routing_loop_detected ID 02200006 Default Severity WARNING Log Message Routing loop detected GRE packet send failed Explanation Routing loop to...

Page 209: ...essage Received GRE packet with routing flag set Packet dropped Explanation Received GRE packet with unsupported routing option enabled Gateway Action drop Recommended Action Check GRE configuration o...

Page 210: ...anation The peer gateway which was inactive is not available anymore This gateway will continue to stay active Gateway Action None Recommended Action None Revision 1 2 15 3 conflict_both_peers_active...

Page 211: ...ID 01200006 Default Severity NOTICE Log Message Both active peer has more connections deactivating Explanation Both members are active but the peer has more connections This gateway will de activate...

Page 212: ...s This gateway will stay inactive Gateway Action stay_deactivated Recommended Action None Revision 1 2 15 10 peer_has_fewer_connections ID 01200010 Default Severity NOTICE Log Message Both inactive pe...

Page 213: ...have arrived on the sync iface Dropping Explanation The HA packet did not arrive on the sync interface The packet will be dropped Gateway Action drop Recommended Action None Revision 1 Context Parame...

Page 214: ...anges again Revision 1 2 15 17 ha_write_failed ID 01200053 Default Severity WARNING Log Message Could not write HA configuration to disk Explanation The HA configuration could not be written to the st...

Page 215: ...peer as the peer has been restarted Initializing re synchronization process Gateway Action resync_conns_init Recommended Action None Revision 1 Parameters reason numconns 2 15 21 hasync_connection_est...

Page 216: ...ction None Revision 1 2 15 24 resync_conns_to_peer_complete ID 01200300 Default Severity NOTICE Log Message Connection resynchronization to peer complete Explanation The connection resynchronization p...

Page 217: ...d HA heartbeat with too low TTL Dropping Explanation The received HA heartbeat packet had a TTL Time To Live field which is too low The packet will be dropped Gateway Action drop Recommended Action No...

Page 218: ...00616 Default Severity NOTICE Log Message Both active deactivation in progress Explanation Both active deactivation in progress Gateway Action None Recommended Action None Revision 1 2 15 31 action ac...

Page 219: ...Gateway Action None Recommended Action None Revision 1 Parameters previous_shutdown 2 15 32 action going_online ID 01200618 Chapter 2 Log Message Reference 219...

Page 220: ...Shutdown the unit and determine the problem Revision 1 Parameters index name unit current_temp min_limit max_limit 2 16 2 temperature_normal ID 04000012 Default Severity WARNING Log Message Temperatu...

Page 221: ...n_limit upper limit is max_limit Explanation The sensor reports that the voltage value is back in the normal range Gateway Action None Recommended Action None Revision 1 Parameters index name unit cur...

Page 222: ...rent_fanrpm min_limit max_limit 2 16 7 gpio_alarm ID 04000041 Default Severity WARNING Log Message GPIO monitor index name is outside the specified limit Current value is current_gpio unit value is cu...

Page 223: ...ee_percentage Explanation The amount of free memory is getting low Gateway Action None Recommended Action Review the configuration and disable or lower settings to reduce memory consumption Revision 1...

Page 224: ...he amount of free memory is in the normal range free free_mem MB of total total_mem MB percentage free free_percentage Explanation The memory usage is in the normal range Gateway Action None Recommend...

Page 225: ...pect an attack Revision 1 Parameters description signatureid idrule ipproto srcip srcport destip destport Context Parameters Rule Name Deep Inspection 2 17 2 idp_notice ID 01300002 Default Severity WA...

Page 226: ...ion 1 Parameters description signatureid idrule ipproto srcip srcport destip destport Context Parameters Rule Name Deep Inspection 2 17 4 virus_detected ID 01300004 Default Severity WARNING Log Messag...

Page 227: ...natureid idrule ipproto srcip srcport destip destport Context Parameters Rule Name Deep Inspection 2 17 6 idp_notice ID 01300006 Default Severity NOTICE Log Message IDP Notice description Signature ID...

Page 228: ...rule ipproto srcip srcport destip destport Context Parameters Rule Name Deep Inspection 2 17 8 virus_detected ID 01300008 Default Severity NOTICE Log Message Virus Worm detected description Signature...

Page 229: ...tport Context Parameters Rule Name 2 17 10 invalid_url_format ID 01300010 Default Severity WARNING Log Message Failed to parse the HTTP URL ID Rule idrule URL url Source IP srcip Source Port srcport D...

Page 230: ...ce IP srcip Source Port srcport Destination IP destip Destination Port destport Explanation The unit failed to reassemble data The reason for this is problaby due to an IDP engine evasion attack Gatew...

Page 231: ...memory Gateway Action ignore Recommended Action Review your configuration Revision 1 Parameters idrule srcip srcport destip destport Context Parameters Rule Name 2 17 15 idp_failscan ID 01300015 Defa...

Page 232: ...P srcip Source Port srcport Destination IP destip Destination Port destport Reason reason Explanation The unit failed to scan data Gateway Action ignore Recommended Action None Revision 1 Parameters i...

Page 233: ...ynamic pipe state added for host host Throughput limited to limit for all new connections for ttl seconds Explanation An IDP Pipe event triggered The host host will be dynamically piped with a total t...

Page 234: ...age Removed IDP dynamic pipe state for host host due to TTL expire Explanation An old dynamic pipe entry was removed since its TTL expired Connections to and from this host are no longer piped Gateway...

Page 235: ...is piped to limit kbps since either the source or destination IP is dynamically throttled by IDP dynamic pipe state New connections to and from the IP will be throttled as long as an IDP Pipe state ex...

Page 236: ...atabase_downloaded ID 01400002 Default Severity NOTICE Log Message New Intrusion Detection Prevention database downloaded Explanation An updated version of the Intrusion Detection Prevention database...

Page 237: ...IDP features IDP features remains disabled until clock is correct and a manual IDP update has been performed Gateway Action idp_disabled Recommended Action Check and set the system time correct and pe...

Page 238: ...update is automatically initiated Gateway Action downloading_new_database Recommended Action None Revision 1 2 19 7 unsynced_databases ID 01400009 Chapter 2 Log Message Reference 238...

Page 239: ...Default Severity WARNING Log Message IfaceMon reports interface problems on iface Resetting interface Link status linkspeed Mbps duplex duplex Explanation The Interface Monitor has discovered problem...

Page 240: ...Revision 1 Parameters iface linkspeed duplex 2 20 3 ifacemon_status_bad ID 03900004 Chapter 2 Log Message Reference 240...

Page 241: ...valid DHCP offers were received Explanation No valid DHCP offers were received Gateway Action no_new_client_created Recommended Action Review DHCP server parameters and IP pool filters Revision 1 Cont...

Page 242: ...r filter Gateway Action lease_rejected Recommended Action Verify the server filters Revision 1 Parameters server_ip Context Parameters Rule Name 2 21 6 lease_have_bad_dhcp_server ID 01900006 Default S...

Page 243: ...Action Check DHCP server configuration Revision 1 Parameters broadcast Context Parameters Rule Name 2 21 9 lease_have_bad_offered_ip ID 01900009 Default Severity WARNING Log Message The lease was rej...

Page 244: ...e 2 21 12 lease_rejected_by_server ID 01900012 Default Severity WARNING Log Message The lease was rejected by server Explanation A lease was rejected by the DHCP server Gateway Action lease_rejected R...

Page 245: ...everity ERROR Log Message The range of MAC addresses for the DHCPClients have been depleted Explanation The configured range of MAC addresses for the DHCP clients have been depleted Gateway Action no_...

Page 246: ...bsystem returned an IP to the pool Explanation A subsystem returned an IP to the pool Gateway Action inform Recommended Action None Revision 1 Parameters client_ip subsystem Context Parameters Rule Na...

Page 247: ...Severity WARNING Log Message Warning event occured because of reason Explanation Warning event from IPsec stack Gateway Action None Recommended Action None Revision 1 Parameters reason 2 22 3 audit_ev...

Page 248: ..._ip Remote IP remote_ip Cookies cookies Reason reason Explanation None Gateway Action None Recommended Action None Revision 1 Parameters local_ip remote_ip cookies reason 2 22 6 ike_invalid_payload ID...

Page 249: ...Log Message Local IP local_ip Remote IP remote_ip Cookies cookies Reason reason Explanation The retry limit for transmitting ISAKMP messages was reached Gateway Action None Recommended Action None Re...

Page 250: ...source_ip Destination IP dest_ip SPI spi Seq seq Protocol protocol Reason reason Explanation The computed and ICV of the received packet did not match Gateway Action drop Recommended Action None Revi...

Page 251: ...mmended Action None Revision 1 Parameters source_ip dest_ip spi seq protocol reason 2 22 14 ip_fragment ID 01800114 Default Severity NOTICE Log Message Source IP source_ip Destination IP dest_ip SPI s...

Page 252: ...rce_ip Destination IP dest_ip SPI spi Seq seq Protocol protocol Reason reason Explanation The received packet has incorrect padding Gateway Action drop Recommended Action None Revision 1 Parameters so...

Page 253: ...seq protocol reason 2 22 19 commit_failed ID 01800200 Default Severity CRITICAL Log Message Failed to commit IPsec configuration Explanation Failed to commit IPsec configuration Gateway Action IPsec_...

Page 254: ...ation_disabled Recommended Action None Revision 1 2 22 23 pm_create_failed ID 01800204 Default Severity ERROR Log Message Failed to create policymanager Explanation Failed to create policymanager Out...

Page 255: ...ration Gateway Action IPsec_configuration_disabled Recommended Action Reconfigure_IPsec Revision 1 Parameters error_msg 2 22 27 reconfig_IPsec ID 01800211 Default Severity INFORMATIONAL Log Message Re...

Page 256: ...anation Failed to add specified host certificate Gateway Action certificate_disabled Recommended Action Reconfigure_tunnnel Revision 1 Parameters certificate tunnel 2 22 31 Default_IKE_DH_groups_will_...

Page 257: ...eysize lifetimes for IKE algorithm Gateway Action use_default_values_for_algorithm Recommended Action None Revision 1 Parameters alg tunnel 2 22 34 failed_to_add_root_certificate ID 01800306 Default S...

Page 258: ...Recommended Action None Revision 1 Parameters gateway ipsectunnel 2 22 37 failed_to_add_peer ID 01800312 Default Severity ERROR Log Message Failed to add remote gateway gateway resolved by DNS for IP...

Page 259: ...solved by DNS Gateway Action IPsec_tunnel_disabled Recommended Action None Revision 1 Parameters gateway ipsectunnel 2 22 40 new_remote_gw_ip ID 01800315 Default Severity INFORMATIONAL Log Message Res...

Page 260: ...318 Default Severity ERROR Log Message Failed to set callback for Dead Peer Detection Explanation Failed to set callback for Dead Peer Detection User will not receive log message when a peer has been...

Page 261: ...n remote access idlist type for tunnel tunnel Explanation Invalid type for ID in remote access idlist have been specified in configuration Gateway Action vpntunnel_disabled Recommended Action Reconfig...

Page 262: ...n None Revision 1 2 22 50 IPSec_tunnel_added ID 01800333 Default Severity INFORMATIONAL Log Message IPsec tunnel added to the configuration Explanation An IPsec tunnel has been enabled or added to the...

Page 263: ...nel_modified ID 01800336 Default Severity INFORMATIONAL Log Message IPsec tunnel configuration modified Explanation An IPsec tunnel has been modified Gateway Action reconfiguration Recommended Action...

Page 264: ...tunnel tunnel Explanation Critical configuration error on tunnel tunnel Gateway Action restart Recommended Action Restart Revision 1 Parameters tunnel 2 22 57 ippool_does_not_exist ID 01800400 Defaul...

Page 265: ...ction None Revision 2 2 22 60 recieved_packet_to_disabled_IPsec ID 01800501 Default Severity NOTICE Log Message Received plain text packet to IPsec while shutting down Packet will be dropped Explanati...

Page 266: ...Default Severity ERROR Log Message Failed to lookup route No route for packet Explanation No remote gateway for packet i e no route defined Gateway Action packet_will_be_dropped Recommended Action Non...

Page 267: ...Revision 1 Parameters allowed_tunnels 2 22 67 SAs_not_killed_for_remote_peer ID 01800901 Default Severity CRITICAL Log Message Failed to kill associated SA s for remotepeer peer s Explanation This hap...

Page 268: ...t Severity WARNING Log Message Trigger for non IP packet of protocol proto Dropping request for policy Explanation Trigger for non IP packet dropping request Gateway Action dropping_request Recommende...

Page 269: ...tions reached Gateway Action rekey_not_done Recommended Action None Revision 1 2 22 74 max_number_of_tunnels_reached ID 01802011 Default Severity WARNING Log Message Negotiation aborted due to license...

Page 270: ...E SA completed Gateway Action None Recommended Action None Revision 1 Parameters options mode auth encryption keysize hash dhgroup bits lifetime 2 22 77 ike_sa_negotiation_failed ID 01802030 Default S...

Page 271: ...sa info negotiation completed Explanation Child SA negotiatiion successfully completed Gateway Action ipsec_sa_enabled Recommended Action None Revision 3 Parameters sa info local_peer remote_peer spi_...

Page 272: ...d SPI spiin Outbound SPI spiout Algoritm mac Explanation Log information about SPI values and algorithms fro Child SA Gateway Action None Recommended Action None Revision 2 Parameters spiin spiout mac...

Page 273: ...Recommended Action None Revision 1 Parameters kb 2 22 86 ipsec_sa_lifetime ID 01802048 Default Severity INFORMATIONAL Log Message Local lifetime child SA infinite Explanation Inform about lifetime fo...

Page 274: ...not be initiated with NAT T Gateway Action ipsec_sa_negotiation_aborted Recommended Action None Revision 1 2 22 90 create_rules_failed ID 01802080 Default Severity ERROR Log Message Cannot insert thi...

Page 275: ...22 93 no_key_method_configured_for tunnel ID 01802102 Default Severity ERROR Log Message Tunnel does not specify any keying method IKE or manual Explanation No keying method IKE manual is configured f...

Page 276: ...fy AUTHENTICATION ONLY with PASS rules Gateway Action None Recommended Action None Revision 1 2 22 97 invalid_rule_setting ID 01802107 Default Severity ERROR Log Message To tunnel specified for a REJE...

Page 277: ...cy rules reached Explanation The maximum number of policy rules reached Gateway Action VPN_configuration_disabled Recommended Action Review the advanced setting IPsecMaxRules Revision 2 2 22 101 suspi...

Page 278: ...encryption is required Explanation ESP tunnel not configured with any encryption algorithm not even Null Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel Revision 1 Parameters...

Page 279: ...22 107 invalid_tunnel_configuration ID 01802209 Default Severity ERROR Log Message Auto start tunnel tunnel configured for per port or per host SA Explanation per port or per host SA can not be specif...

Page 280: ...key sizes specified for algorithms Gateway Action VPN_tunnel_disabled Recommended Action Reconfigure_tunnel Revision 2 2 22 111 invalid_key_size ID 01802215 Default Severity ERROR Log Message Algorit...

Page 281: ...ty ERROR Log Message Configured max cipher key size keysize is bigger than the built in maximum max Explanation Tunnel configured invalid key size for cipher Gateway Action VPN_tunnel_disabled Recomme...

Page 282: ...identity specified in configuration Gateway Action VPN_tunnel_invalid Recommended Action Reconfigure_remote_id Revision 1 Parameters id 2 22 118 malformed_psk_configured ID 01802229 Default Severity...

Page 283: ...age The maximum number of active Phase 1 negotiations reached Explanation Maximum number of active Phase 1 negotiations reached Gateway Action negotiation_aborted Recommended Action None Revision 2 2...

Page 284: ...22 125 could_not_get_subject_nam_from_ca_cert ID 01802602 Default Severity WARNING Log Message Could not get subject name from a CA certificate This certificate is not usable as an IPsec authenticato...

Page 285: ...usted set for a CA certificate Explanation Could not set the trusted set for a CA certificate Gateway Action certificate_disabled Recommended Action None Revision 1 2 22 129 could_not_insert_cert_to_d...

Page 286: ...efault Severity ERROR Log Message Could not insert certificate into local database Explanation Could not insert certificate into local database Gateway Action certificate_disabled Recommended Action N...

Page 287: ...sage IKE SA Local IKE peer local_peer Remote IKE peer remote_peer Internal severity level int_severity Explanation Ike SA sucessfully installed Gateway Action ike_sa_completed Recommended Action None...

Page 288: ...format Explanation Could_not_decode_certificate Gateway Action certificate_invalid Recommended Action None Revision 1 2 22 139 ike_sa_destroyed ID 01802708 Default Severity INFORMATIONAL Log Message I...

Page 289: ...2 remote_access_dns ID 01802711 Default Severity INFORMATIONAL Log Message DNS for remote access attributes dns_server Explanation DNS for remote access attributes Gateway Action None Recommended Acti...

Page 290: ...ibutes subnets Explanation Subnets remote access attributes Gateway Action None Recommended Action None Revision 1 Parameters subnets 2 22 146 event_on_ike_sa ID 01802715 Default Severity WARNING Log...

Page 291: ...e failed Gateway Action certificate_failure Recommended Action None Revision 1 Parameters reason int_severity 2 22 149 ipsec_sa_event ID 01802730 Default Severity WARNING Log Message IPsec SA negotiat...

Page 292: ...Parameters spiin spiout 2 22 152 ID 01802735 Default Severity INFORMATIONAL Log Message L2TP side negotiation event msg local_peer remote_peer Internal severity level int_severity Explanation L2TP neg...

Page 293: ...mended Action None Revision 1 2 22 155 init_rulelooklup_failed ID 01802903 Default Severity CRITICAL Log Message Initialization of rule lookup failed Explanation Initialization of rule lookup failed G...

Page 294: ...d Recommended Action None Revision 1 2 22 159 init_interface_table_failed ID 01802907 Default Severity CRITICAL Log Message Initialization of interface table failed Explanation Initialization of inter...

Page 295: ...failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 22 163 init_transform_table_failed ID 01802911 Default Severity CRITICAL Log Message Allocation of transform table failed size...

Page 296: ...table failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 22 167 init_inbound_spi_hash_failed ID 01802915 Default Severity CRITICAL Log Message Allocation of inbound spi hash ta...

Page 297: ...sage Allocation of transform context table failed Explanation Allocation of transform context table failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 22 171 init_nat_table_fail...

Page 298: ...1802922 Default Severity CRITICAL Log Message Opening the interceptor failed Explanation Opening the interceptor failed Gateway Action ipsec_disabled Recommended Action None Revision 1 2 22 175 malfor...

Page 299: ...ke_phase1_notification ID 01803003 Default Severity WARNING Log Message status Phase 1 notification from remote_peer for protocol proto SPI spi msg type size bytes Explanation Received a IKE Phase 2 n...

Page 300: ...ange_event ID 01803022 Default Severity INFORMATIONAL Log Message Config Mode exchange event msg reason Explanation A Config Mode exchange event occured Gateway Action None Recommended Action None Rev...

Page 301: ...Config Mode exchange event occured Gateway Action None Recommended Action None Revision 1 Parameters msg reason 2 22 185 config_mode_exchange_event ID 01803026 Default Severity INFORMATIONAL Log Mess...

Page 302: ...se the SPI size did not match the expected value 4 Gateway Action None Recommended Action None Revision 1 Parameters remote_peer spi_size 2 22 188 ike_phase2_notification ID 01803029 Default Severity...

Page 303: ...erify remote peer s identity Gateway Action None Recommended Action None Revision 1 2 22 191 malformed_ipsec_sa_proposal ID 01803050 Default Severity WARNING Log Message Malformed IPsec SA proposal re...

Page 304: ...ING Log Message Could not select proposal for IPsec SA sa_index Explanation Could not select proposal for IPsec SA Gateway Action None Recommended Action None Revision 2 Parameters sa_index 2 22 195 f...

Page 305: ...ay Action None Recommended Action None Revision 1 Parameters msg int_severity 2 22 198 ipsec_hwaccel_failed ID 01803410 Default Severity WARNING Log Message Failed to create a hardware acceleration co...

Page 306: ...erity WARNING Log Message Disallowed IP version ipver Explanation The received packet has a disallowed IP version and will be dropped Gateway Action drop Recommended Action None Revision 1 Parameters...

Page 307: ...rop Recommended Action None Revision 1 Parameters iptotlen recvlen Context Parameters Rule Name Packet Buffer 2 23 5 invalid_ip_checksum ID 01500005 Default Severity WARNING Log Message Invalid IP hea...

Page 308: ...n Context Parameters Rule Name Packet Buffer 2 24 2 ip_rsv_flag_set ID 01600002 Default Severity NOTICE Log Message The IP Reserved Flag was set Ignoring Explanation The received packet has the IP Res...

Page 309: ...Context Parameters Rule Name Packet Buffer 2 24 3 ip_rsv_flag_set ID 01600003 Chapter 2 Log Message Reference 309...

Page 310: ...ID 01700002 Default Severity NOTICE Log Message Packet has a timestamp IP Option Explanation The packet contains a timestamp IP Option Ignoring Gateway Action ignore Recommended Action None Revision 1...

Page 311: ...ation The IP Option type is multi byte which requires two bytes and there is less than two bytes available Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters ipopt minop...

Page 312: ...erity WARNING Log Message IP Option Type ipopt Bad length optlen for route Route Dropping Explanation An invalid length is specified for the IP Option type Dropping packet Gateway Action drop Recommen...

Page 313: ...option_timestamps ID 01700016 Default Severity WARNING Log Message Multiple timestamps in IP options Dropping Explanation The packet contains mutliple timestamps in IP Options Dropping packet Gateway...

Page 314: ...le Name Packet Buffer 2 25 14 bad_timestamp_pointer ID 01700019 Default Severity WARNING Log Message IP Option Type ipopt Bad Timestamp Pointer tsptr with overflow oflo Dropping Explanation The packet...

Page 315: ...n drop Recommended Action None Revision 1 Parameters ipopt optlen Context Parameters Rule Name Packet Buffer 2 25 17 router_alert_disallowed ID 01700022 Default Severity WARNING Log Message Router Ale...

Page 316: ...on which is disallowed Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters ipopt optname Context Parameters Rule Name Packet Buffer 2 25 18 ipopt_present_disallowed ID 01...

Page 317: ...None Revision 1 Parameters ip_multicast_addr eth_multicast_addr Context Parameters Rule Name Packet Buffer 2 26 2 invalid_ip4_header_length ID 07000012 Default Severity WARNING Log Message Invalid IP...

Page 318: ...Parameters ttl ttlmin Context Parameters Rule Name Packet Buffer 2 26 5 ip_rsv_flag_set ID 07000015 Default Severity WARNING Log Message The IP Reserved Flag was set Dropping Explanation The received...

Page 319: ...nded Action None Revision 1 Parameters ipdatalen tcphdrlen Context Parameters Rule Name Packet Buffer 2 26 8 oversize_udp ID 07000021 Default Severity WARNING Log Message Configured size limit for the...

Page 320: ...limit for the ICMP protocol was exceeded Dropping packet Gateway Action drop Recommended Action This can be changed under the Advanced Settings section Revision 1 Parameters proto Context Parameters...

Page 321: ...eters Rule Name Packet Buffer 2 26 13 oversize_gre ID 07000050 Default Severity WARNING Log Message Configured size limit for the GRE protocol exceeded Dropping Explanation The configured size limit f...

Page 322: ...ID 07000053 Default Severity WARNING Log Message Configured size limit for the SKIP protocol exceeded Dropping Explanation The configured size limit for the SKIP protocol was exceeded Dropping packet...

Page 323: ...Rule Name Packet Buffer 2 26 19 oversize_ipcomp ID 07000056 Default Severity WARNING Log Message Configured size limit for the IPComp protocol exceeded Dropping Explanation The configured size limit f...

Page 324: ...xt Parameters Rule Name Packet Buffer 2 26 22 fragmented_icmp ID 07000070 Default Severity WARNING Log Message This ICMP type is not allowed to be fragmented Dropping Explanation The ICMP type is not...

Page 325: ...on None Revision 1 Parameters icmpdatalen icmpipver Context Parameters Rule Name Packet Buffer 2 26 25 invalid_icmp_data_too_small ID 07000073 Default Severity WARNING Log Message Invalid ICMP data le...

Page 326: ...pdataminlen Context Parameters Rule Name Packet Buffer 2 26 27 invalid_icmp_data_invalid_paramprob ID 07000075 Default Severity WARNING Log Message Invalid ICMP ProbPtr ICMPDataLen icmpdatalen ICMPIPD...

Page 327: ...ARNING Log Message L2TP client iface failed to resolve remotegwname Explanation The L2TP client failed to resolve the DNS name of the remote gateway Gateway Action None Recommended Action Make sure yo...

Page 328: ...ule Tunnel ID tunnelid Session ID sessionid Explanation The authentication source for the specified userauth rule is unknown to the L2TP server Gateway Action None Recommended Action Make sure the use...

Page 329: ...el_closed ID 02800008 Default Severity NOTICE Log Message Closed L2TP tunnel Tunnel ID tunnelid Interface iface Explanation The L2TP tunnel with the specified tunnel ID has been closed Gateway Action...

Page 330: ...sessionid Auth auth MPPE mppe Explanation The L2TP session negotiation has completed successfully Gateway Action None Recommended Action None Revision 1 Parameters tunnelid sessionid auth mppe 2 27 12...

Page 331: ..._ip Explanation The L2TP session negotiation has completed successfully Gateway Action None Recommended Action None Revision 1 Parameters tunnelid sessionid user auth mppe assigned_ip 2 27 15 failure_...

Page 332: ...L2TP interface Gateway Action None Recommended Action None Revision 1 Parameters iface remotegw error_code 2 27 18 waiting_for_ip_to_listen_on ID 02800050 Default Severity NOTICE Log Message L2TP ser...

Page 333: ...translation_address ID 05600002 Default Severity WARNING Log Message Translation IP address address does no longer exist in NATPool poolname Explanation The translation IP has been removed by a config...

Page 334: ...essage NATPool DHCP address address lease expired Explanation The IP Address used by this NATPool have expired and may not be used any more The connection will be closed Gateway Action close Recommend...

Page 335: ...en reached NATPool subsystem will try to replace the oldest lingering state Gateway Action replace_lingering Recommended Action Increase the MAXSTATES variable for this NATPool if more concurrent stat...

Page 336: ...Too many Translation IP addresses requested for poolname Explanation To many Translation IP addresses was requested for NAT Pool Dropping this address Gateway Action None Recommended Action None Revi...

Page 337: ...igh Availability configuration Revision 1 2 28 14 registerip_failed ID 05600015 Default Severity WARNING Log Message Invalid synchronized translated connection receivedRequest to activate already acti...

Page 338: ...ID 02400002 Default Severity WARNING Log Message Internal Error Iface iface got NEvent nevent in NState nstate Ignored Explanation Internal error in the OSPF interface neighbor state engine Gateway Ac...

Page 339: ...ters Rule Name Packet Buffer 2 29 5 bad_ospf_version ID 02400005 Default Severity WARNING Log Message Packet OSPF version is not 2 Explanation Received OSPF packet with other version then 2 Gateway Ac...

Page 340: ...re in the same area as the attaching interfaces Revision 1 Parameters area Context Parameters Rule Name Packet Buffer 2 29 8 hello_netmask_mismatch ID 02400008 Default Severity WARNING Log Message Hel...

Page 341: ...l mismatch Received was recv_rtrdead mine is my_rtrdead Dropping Explanation Received OSPF data from a neighboring router with a mismatching router dead interval Gateway Action drop Recommended Action...

Page 342: ...OSPF routers share the same N flag configuration Revision 1 Parameters recv_n_flag my_n_flag Context Parameters Rule Name Packet Buffer 2 29 13 both_np_and_e_flag_set ID 02400013 Default Severity WAR...

Page 343: ...Verify that the neighboring OSPF router share the same authentication Revision 1 Parameters recv_auth my_auth Context Parameters Rule Name 2 29 16 bad_auth_password ID 02400051 Default Severity WARNIN...

Page 344: ...Recommended Action None Revision 1 Parameters recv_seq my_seq Context Parameters Rule Name 2 29 19 bad_auth_crypto_digest ID 02400054 Default Severity WARNING Log Message Authentication mismatch Bad...

Page 345: ...he MTU on the neighboring OSPF router Revision 1 Parameters neighbor dd_mtu iface_mtu Context Parameters Rule Name 2 29 22 m_ms_mismatch ID 02400101 Default Severity WARNING Log Message Neighbor neigh...

Page 346: ...ision 1 Parameters neighbor Context Parameters Rule Name 2 29 25 bad_seq_num ID 02400104 Default Severity WARNING Log Message Neighbor neighbor replied with a unexpected sequence number Restarting exc...

Page 347: ...k neighboring OSPF router configuration Revision 1 Parameters neighbor Context Parameters Rule Name 2 29 28 unknown_lsa ID 02400107 Default Severity WARNING Log Message Neighbor neighbor implied unkno...

Page 348: ...uration Revision 1 Parameters maxage def_maxage Context Parameters Rule Name 2 29 31 lsa_checksum_mismatch ID 02400150 Default Severity WARNING Log Message LSA checksum mismatch LSA is discarded Expla...

Page 349: ...Name 2 29 34 bad_lsa_maxage ID 02400153 Default Severity WARNING Log Message Bad LSA maxage maxage LSA is discarded Explanation Received LSA with a bad max age Gateway Action discard Recommended Acti...

Page 350: ...ity WARNING Log Message Received LSA LSA lsa ID lsaid AdvRtr lsartr is older then DB copy Discarding received LSA Explanation Received LSA which is older then the copy in the database Gateway Action d...

Page 351: ..._size_mismatch ID 02400159 Default Severity WARNING Log Message REQ packet LSA size mismatch Parsing aborted Explanation Received OSPF REQ packet with a mismatching LSA size Gateway Action abort Recom...

Page 352: ...lt Severity CRITICAL Log Message Unable to send ACK Explanation Unable to send acknowledgement Gateway Action alert Recommended Action Check memory consumption Revision 1 Context Parameters Rule Name...

Page 353: ...erity WARNING Log Message Neighbor neighbor on neighboriface died Explanation Lost connectivity with neighbor router Gateway Action None Recommended Action Check neighbor status and connectivity Revis...

Page 354: ...2 Default Severity WARNING Log Message Requested LSA size lsasize too big Unable to create LSA Explanation Unable to create LSA since the size is too big Gateway Action None Recommended Action None Re...

Page 355: ...consumption Revision 1 Parameters ospfproc Context Parameters Rule Name 2 29 52 as_disabled_due_to_mem_alloc_fail ID 02400305 Default Severity CRITICAL Log Message AS disabled due to memory allocatio...

Page 356: ...sa ID 02400401 Default Severity WARNING Log Message Internal error Unable to find my link connecting to described LSA NetVtxId netvtxid Explanation Unable to find local link to described LSA Gateway A...

Page 357: ...e 2 29 58 internal_error_unable_to_find_iface_connecting_to_lsa ID 02400404 Default Severity WARNING Log Message Internal error Unable to find my interface connecting to described LSA RtrVtxId rtrvtxi...

Page 358: ...nded Action Check OSPF interface configuration Revision 1 Parameters ifacetype rtrvtxid Context Parameters Rule Name 2 29 61 internal_error_unable_to_find_lnk_connecting_to_lsa ID 02400407 Default Sev...

Page 359: ...sendbuffer Explanation Unable to get buffer for sending Gateway Action alert Recommended Action Check buffer consumption Revision 1 Context Parameters Rule Name 2 29 64 failed_to_add_route ID 0240050...

Page 360: ...s tunnel_type 2 30 2 ip_address_required_but_not_received ID 02500002 Default Severity WARNING Log Message IP address required but not received PPP terminated Explanation Peer refuses to give out an I...

Page 361: ...ddress required but not received PPP terminated Explanation Peer refuses to give out a primary NBNS address Since reception of a primary NBNS address is required PPP is terminated Gateway Action ppp_t...

Page 362: ...ed Explanation Peer refuses to use any authentication at all PPP is terminated since we demand authentication Gateway Action ppp_terminated Recommended Action Review the allowed authentication types c...

Page 363: ...uthentication_failed ID 02500101 Default Severity WARNING Log Message Authentication failed PPP terminated Explanation Authentication failed PPP terminated Gateway Action ppp_terminated Recommended Ac...

Page 364: ...on mschapv1_username_truncated Recommended Action Reconfigure the endpoints to use a shorter username Revision 1 Parameters tunnel_type 2 30 15 username_too_long ID 02500301 Default Severity WARNING L...

Page 365: ...Default Severity ERROR Log Message Unsupported authentication server PPP Authentication terminated Explanation Unsupported authentication server PPP Authentication terminated Gateway Action authentic...

Page 366: ...Gateway Action authentication_terminated Recommended Action None Revision 1 Parameters tunnel_type 2 30 22 MPPE_decrypt_fail ID 02500600 Default Severity ERROR Log Message MPPE decryption resulted in...

Page 367: ...he interface have been established Gateway Action None Recommended Action None Revision 1 Parameters iface pppoeserver auth ifaceip downtime 2 31 2 pppoe_tunnel_closed ID 02600002 Default Severity NOT...

Page 368: ...xplanation The PPTP client failed to resolve the DNS name of the remote gateway Gateway Action None Recommended Action Make sure you have configured the DNS name of the remote gateway and the DNS serv...

Page 369: ...disconnected ID 02700005 Default Severity WARNING Log Message User user is forcibly disconnected Call ID callid Remote gateway remotegw Explanation The connected client is forcibly disconnected by the...

Page 370: ...will be closed Gateway Action close_session Recommended Action Make sure the peer is capable of MPPE encryption or disable the MPPE requirement Revision 1 Parameters iface remotegw callid 2 32 8 pptp...

Page 371: ...eters iface type callid remotegw 2 32 11 failure_init_radius_accounting ID 02700011 Default Severity WARNING Log Message Failed to send Accounting Start to RADIUS Accounting Server Accouting will be d...

Page 372: ...completed for session callid on iface connected to remotegw Auth auth MPPE mppe Explanation The PPP negotiation has completed successfully for this session The specified interface remote gateway and c...

Page 373: ...t iface started connecting to server on remotegw Explanation A PPTP client has initiated the connection to its remote gateway Gateway Action None Recommended Action None Revision 1 Parameters iface re...

Page 374: ...lanation A remote PPTP server refused to establish PPTP control connection Gateway Action None Recommended Action Read the reason specified by the PPTP server This might give a clue why the PPTP serve...

Page 375: ...ording to the specified userauth rule Gateway Action None Recommended Action Make sure the userauth rules are configured correctly Revision 1 Parameters rule iface remotegw 2 32 23 unknown_pptp_auth_s...

Page 376: ...code error_code Explanation A malformed packet was received by the PPTP interface Gateway Action None Recommended Action None Revision 1 Parameters iface remotegw error_code 2 32 26 waiting_for_ip_to...

Page 377: ...segment with an invalid checksum was received The segment will be dropped Gateway Action drop Recommended Action None Revision 1 Context Parameters Connection 2 33 3 mismatching_data_in_overlapping_t...

Page 378: ...et The packet that triggered the need to send a packet will be dropped Gateway Action drop Recommended Action Check buffer consumption Revision 1 2 33 6 failed_to_send_ack ID 04800008 Default Severity...

Page 379: ...y subsystem has reached the maximum number of concurrent connections Gateway Action none Recommended Action Consider increasing the setting Reassembly_MaxConnections Revision 1 Context Parameters Conn...

Page 380: ...ARNING Log Message Interface iface Table table Net net Unable to open conn for PING trying again later Explanation Unable to open a connection to verify the status of the route Will try again later Ga...

Page 381: ...ameters iface table net gateway 2 34 5 unable_to_register_pingmon ID 04100005 Default Severity ERROR Log Message Interface iface Table table Net net Route no longer monitored via PING unable to regist...

Page 382: ...ARP reply from the gateway Gateway Action route_enabled Recommended Action None Revision 1 Parameters iface table net gateway 2 34 8 unable_to_register_arp_monitor ID 04100008 Default Severity ERROR...

Page 383: ...eason all associated routes disabled Explanation The interface has no link and all associated routes has been disabled Gateway Action associated_routes_disabled Recommended Action None Revision 2 Para...

Page 384: ...face Table table Net net Route no longer monitored unable to register interface monitor Explanation Internal Error Route is no longer monitored Unable to register Interface Monitor Gateway Action disa...

Page 385: ...Interface iface Table table Net net Route enabled host monitoring successful Explanation Route is available Host monitoring successful Gateway Action route_enabled Recommended Action None Revision 1...

Page 386: ...IP address verfied according to ACCESS section Explanation The IP address was verified according to the ACCESS section Gateway Action access_allow Recommended Action None Revision 1 Context Parameters...

Page 387: ...tion The destination address was the 0 net which is not allowed according to the configuration The packet is dropped Gateway Action drop Recommended Action Investigate why this traffic had the 0 net a...

Page 388: ...The destination address was the 127 net which is allowed according to the configuration The packet is accepted Gateway Action accept Recommended Action If this type of traffic should be dropped modify...

Page 389: ...vlanid Dropping Explanation The unit received a VLAN packet with an unknown tag and the packet is dropped Gateway Action drop Recommended Action None Revision 2 Parameters vlanid Context Parameters R...

Page 390: ...14 unhandled_local ID 06000060 Default Severity NOTICE Log Message Allowed but unhandled packet to the firewall Dropping Explanation A packet directed to the unit itself was received The packet is al...

Page 391: ...on_denied ID 04900002 Default Severity WARNING Log Message New session denied for User user Database database IP ip Type type Explanation New session denied in Session Manager Gateway Action remove_se...

Page 392: ...n_timeout ID 04900005 Default Severity NOTICE Log Message Session has timed out for User user Database database IP ip Type type Explanation Session has timed out and will be removed Gateway Action rem...

Page 393: ...ision 1 Parameters user database ip type 2 36 8 sesmgr_session_maximum_reached ID 04900008 Default Severity WARNING Log Message Maximum number of sessions reached Explanation Maximum number of session...

Page 394: ...Database database IP ip Type type Explanation Session has been disabled Gateway Action none Recommended Action None Revision 1 Parameters user database ip type 2 36 12 sesmgr_console_denied_init ID 04...

Page 395: ...lt Severity NOTICE Log Message Old session disconnected to be replaced for User user Database database IP ip Type type Explanation Old session disconnected and is being replaced by a new session for t...

Page 396: ...y NOTICE Log Message Sending technical support file Explanation Technical support file created and is being sent to user Gateway Action techsupport_created Recommended Action None Revision 1 2 36 16 s...

Page 397: ...Action None Revision 1 Parameters server_ip Context Parameters Rule Name 2 37 2 server_offline ID 02900002 Default Severity WARNING Log Message SLB Server server_ip is offline according to monitor Exp...

Page 398: ...002 Default Severity WARNING Log Message Timeout connecting to SMTP server smtp_server Send aborted Explanation The unit timed out while trying to establish a connection to the SMTP server No SMTP Log...

Page 399: ...SMTP Log will be sent Gateway Action abort_sending Recommended Action Verify that a SMTP Server is configured to accept connections from the unit Revision 1 Parameters smtp_server 2 38 6 rejected_ehlo...

Page 400: ...SMTP server is configured to accept this recipient Revision 1 Parameters smtp_server recipient 2 38 9 rejected_all_recipients ID 03000010 Default Severity WARNING Log Message SMTP server smtp_server r...

Page 401: ...y WARNING Log Message SMTP server smtp_server rejected message text Send aborted Explanation The SMTP server rejected the message text No SMTP Log will be sent Gateway Action None Recommended Action V...

Page 402: ...on If this sender IP address should have SNMP access to the unit this should be configured in the ACCESS section Revision 1 Parameters peer Context Parameters Connection 2 39 2 invalid_snmp_community...

Page 403: ...error when exchanging keys with client client Explanation A Diffie Hellman Key Exchange Failure occured when keys were exchanged with the client Connection will be closed Gateway Action close Recomme...

Page 404: ...None Revision 1 2 40 6 invalid_service_request ID 04700015 Default Severity WARNING Log Message Error processing service request from client client Explanation Failed to process service request sent...

Page 405: ...lient 2 40 9 max_auth_tries_reached ID 04700030 Default Severity ERROR Log Message Maximum authentication re tries reached for client client Explanation User failed to authenticate within the maximum...

Page 406: ...it is set too low Revision 1 Parameters inactivetime client 2 40 12 rsa_sign_verification_failed ID 04700050 Default Severity ERROR Log Message RSA signature verification for client client failed Exp...

Page 407: ...The client is trying to authenticate using a Public Key Algorithm which is either not supported or not enabled Gateway Action close Recommended Action If the algorithm is supported by unit configure t...

Page 408: ...ion Explanation The SSH connection is no longer valid The might be a result of a remotes object being changed to no longer allow the SSH connection Closing connection Gateway Action close Recommended...

Page 409: ...2 40 19 scp_failed_not_admin ID 04704000 Chapter 2 Log Message Reference 409...

Page 410: ...Action Install a license Revision 1 Parameters shutdown 2 41 2 demo_mode ID 03200021 Default Severity ALERT Log Message This copy of D Link Firewall is in DEMO mode Firewall core will halt in time se...

Page 411: ...og Message Failed to verify IP address as per ACCESS section Dropping Explanation The IP address was not verified according to the ACCESS section Gateway Action drop Recommended Action None Revision 1...

Page 412: ...atchdog_chip watchdog_timeout 2 41 9 port_bind_failed ID 03200300 Default Severity ALERT Log Message Out of memory while tying to allocate dynamic port for local IP localip to destination IP destip Ex...

Page 413: ...ed Action None Revision 1 Parameters localip destip 2 41 12 port_llm_conversion ID 03200303 Default Severity NOTICE Log Message Using Low Load Mode for Local IP localip Destination IP destip pair Expl...

Page 414: ...is is normal activity the LogSendPerSec setting might be set too low Revision 1 Parameters logcnt 2 41 15 ssl_encryption_failed ID 03200450 Default Severity ERROR Log Message Encryption failed Explana...

Page 415: ...Parameters file 2 41 18 file_open_failed ID 03200602 Default Severity ERROR Log Message Failed to open newly uploaded configuration file new_cfg Explanation The unit failed to open the uploaded config...

Page 416: ...onfiguration and will continue to use the present configuration Gateway Action None Recommended Action Consult the recommended action in the previous log message which contained a more detailed error...

Page 417: ...onds Reason reason Explanation The unit is shutting down Gateway Action shutdown Recommended Action None Revision 1 Parameters shutdown time reason 2 41 25 shutdown ID 03201010 Default Severity NOTICE...

Page 418: ...requested Gateway Action reconfiguration Recommended Action None Revision 1 Parameters username userdb client_ip config_system 2 41 28 reconfiguration ID 03201021 Default Severity NOTICE Log Message...

Page 419: ...t uptime uptime Using configuration file cfgfile localcfgver localcfgver remotecfgver remotecfgver Previous shutdown previous_shutdown Explanation The Security Gateway is starting up echo Gateway Acti...

Page 420: ...ssage Administrative user username logged out via authsystem Access level access_level Explanation An adminsitrative user has logged out from the configuration system Gateway Action None Recommended A...

Page 421: ...mended Action Make sure that the new configuration allows the unit to establish a connection with the administration interface Revision 1 Parameters authsystem 2 41 36 accept_configuration ID 03204001...

Page 422: ...al Date and Time of the unit has been changed Gateway Action using_new_date_time Recommended Action None Revision 2 Parameters authsystem user pre_change_date_time post_change_date_time 2 41 39 admin_...

Page 423: ...nal_error ID 03206002 Default Severity WARNING Log Message Internal error occured when administrative user username tried to login not allowed access via authsystem Explanation An internal error occur...

Page 424: ...text Parameters Rule Name Packet Buffer 2 42 2 tcp_flags_set ID 03300002 Default Severity WARNING Log Message The TCP good_flag and bad_flag flags are set Stripping bad_flag flag Explanation The possi...

Page 425: ...r 2 42 5 tcp_null_flags ID 03300005 Default Severity NOTICE Log Message Packet has no SYN ACK FIN or RST flag set Explanation The packet has no SYN ACK FIN or RST flag set Ignoring Gateway Action igno...

Page 426: ...et Gateway Action drop Recommended Action None Revision 1 Parameters bad_flag Context Parameters Rule Name Packet Buffer 2 42 8 unexpected_tcp_flags ID 03300010 Default Severity WARNING Log Message Un...

Page 427: ...seqno Expected expectseqno Dropping Explanation Mismatching sequence numbers Dropping packet Gateway Action drop Recommended Action None Revision 1 Parameters seqno expectseqno Context Parameters Rul...

Page 428: ...Parameters Rule Name Connection Packet Buffer 2 42 13 tcp_seqno_too_low ID 03300016 Default Severity DEBUG Log Message TCP sequence number seqno is not in the acceptable range accstart accend Droppin...

Page 429: ...SYN_SENT Dropping Explanation A TCP segment with the RST flag but not the ACK flag was received during state SYN_SENT The packet will be dropped Gateway Action drop Recommended Action None Revision 1...

Page 430: ...lt Severity CRITICAL Log Message Out of large TCP send windows Maximum windows max_windows Triggered num_events times last 10 seconds Explanation The TCP stack could not send data since it has run out...

Page 431: ...the acceptable range accstart accend Dropping Explanation A TCP segment with an unacceptable sequence number was received The packet will be dropped Gateway Action drop Recommended Action None Revisio...

Page 432: ...me Packet Buffer 2 43 2 tcp_mss_too_low ID 03400002 Default Severity NOTICE Log Message TCP MSS mss too low TCPMSSMin minmss Adjusting Explanation The TCP MSS is too low Adjusting to use the configure...

Page 433: ...commended Action None Revision 1 Parameters tcpopt mss maxmss Context Parameters Rule Name Packet Buffer 2 43 5 tcp_mss_above_log_level ID 03400005 Default Severity NOTICE Log Message TCP MSS mss high...

Page 434: ...Option of the specified type Removing it Gateway Action strip Recommended Action None Revision 1 Parameters tcpopt Context Parameters Rule Name Packet Buffer 2 43 8 bad_tcpopt_length ID 03400010 Defau...

Page 435: ...verity WARNING Log Message Type tcpopt bad length optlen Expected expectlen bytes Dropping Explanation The TCP Option type has an invalid length Dropping packet Gateway Action drop Recommended Action...

Page 436: ...owed ID 03400015 Default Severity WARNING Log Message Packet has a tcpopt TCP option which is disallowed Dropping Explanation The packet has a TCP Option of the specified type Dropping packet Gateway...

Page 437: ...was received The shift count will be lowered to 14 Explanation A TCP segment with a window scale option specifying a shift count that is larger than 14 was received The shift count will be lowered to...

Page 438: ...Action adjust Recommended Action None Revision 1 Parameters old new effective Context Parameters Connection Packet Buffer 2 43 17 mismatching_tcp_window_scale ID 03400019 Chapter 2 Log Message Refere...

Page 439: ...minder_conn_threshold ID 05300101 Default Severity INFORMATIONAL Log Message Reminder Connection threshold description exceeded threshold Source IP srcip Explanation The source ip is still opening up...

Page 440: ...05300201 Default Severity ERROR Log Message Failed to keep connection count Reason Out of memory Explanation The device was unable to allocate resources needed to include the connection in the connect...

Page 441: ...old The configured protective measures will be triggered Note This log message is rate limited via an exponential back off procedure Gateway Action protect Recommended Action None Revision 1 Parameter...

Page 442: ...p Explanation The number of connections matching the threshold rule exceeds the configured threshold The configured protective measures will be triggered Note This log message is rate limited via an e...

Page 443: ...d Clock not updated Explanation The unit failed to establish a connection with the time sync server The clock has not been updated Gateway Action clock_not_synced Recommended Action Verify that the ti...

Page 444: ...Revision 1 Parameters clockdrift timeserver interval 2 45 3 clockdrift_too_high ID 03500003 Chapter 2 Log Message Reference 444...

Page 445: ...meters Rule Name Packet Buffer 2 46 2 enet_hw_sender_broadcast ID 04400411 Default Severity NOTICE Log Message Ethernet hardware sender is a broadcast address Accepting Explanation The Ethernet hardwa...

Page 446: ...D 04400414 Default Severity NOTICE Log Message Ethernet hardware sender is a multicast address Accepting Explanation The Ethernet hardware sender address is a multicast address The packet will be acce...

Page 447: ...Revision 1 Context Parameters Rule Name Packet Buffer 2 46 8 relay_stp_frame ID 04400417 Default Severity INFORMATIONAL Log Message Relaying STP frame from recvif to switched interfaces Explanation An...

Page 448: ...rity INFORMATIONAL Log Message Forwarding MPLS packet from recvif Explanation An incomming MPLS packet has been forwarded through the gateway destif indicates if it was forwarded to an ultimate destin...

Page 449: ...An incomming MPLS packet has been dropped since it was malformed Gateway Action drop Recommended Action If the packet format is invalid locate the unit which is sending the malformed packet Revision...

Page 450: ...ceived a RADIUS Accounting START response with an Identifier mismatch Ignoring this packet Explanation The unit received a response with an invalid Identifier mismatch This can be the result of a busy...

Page 451: ...rt_server_response ID 03700005 Default Severity WARNING Log Message Logging out the authenticated user as no RADIUS Accounting START response was received from RADIUS Accounting server Explanation The...

Page 452: ...ateway Action None Recommended Action None Revision 1 Context Parameters User Authentication 2 47 8 accounting_stop ID 03700008 Default Severity NOTICE Log Message Successfully received RADIUS Account...

Page 453: ...Accounting Server Accounting information might not have been propery received by the Accounting Server Gateway Action None Recommended Action Verify that the RADIUS Accounting server daemon is runnin...

Page 454: ...authenticated user is logged out as an Accounting Start request did not get sent to the Accounting Server This could be a result of missing a route from the unit to the Accounting Server Gateway Acti...

Page 455: ...ault Severity NOTICE Log Message Delayed user timeout expired user is removed Explanation User did not receive any Accounting Start Response from Radius Gateway Action delayed_user_removed Recommended...

Page 456: ...recv packetssent packetsrecv gigawrapsent gigawraprecv sestime Context Parameters User Authentication 2 47 19 accounting_interim_failure ID 03700051 Default Severity ALERT Log Message Failed to send A...

Page 457: ...t not have been updated on the Accounting Server Explanation The unit received an invalid response to an Accounting Interm event from the Accounting Server Accounting information might not have been p...

Page 458: ...ARNING Log Message This user is already logged in Explanation A user with the same username as an already authenticated user tried to logged in and was rejected Gateway Action disallowed_login Recomme...

Page 459: ...Explanation The unit did not receive a response from the RADIUS Authentication server and the authentication process failed Gateway Action None Recommended Action Verify that the RADIUS Authentication...

Page 460: ...Disable the challange and response feature and use password verification instead Revision 1 Context Parameters User Authentication 2 47 31 ldap_auth_error ID 03700109 Default Severity ALERT Log Messa...

Page 461: ...n 1 Parameters reason 2 47 34 cant_create_new_request ID 03700402 Default Severity ERROR Log Message Can t create new user request Authentication aborted Explanation Can t create new user request Gate...

Page 462: ...of memory Gateway Action None Recommended Action None Revision 1 Parameters reason 2 47 38 user_req_new_out_of_memory ID 03700406 Default Severity ALERT Log Message Out of memory while trying to alloc...

Page 463: ...assword from LDAP database database Explanation Cannot retrive the user password from LDAP database making user authentication impossible Gateway Action user authentication failed Recommended Action C...

Page 464: ...to find out if it is a part of a possible attack or normal traffic Revision 2 Parameters client_ip 2 47 44 bad_packet_order ID 03700502 Default Severity ERROR Log Message Bad SSL Handshake packet ord...

Page 465: ...Exchange message Closing down SSL connection Explanation The ClientKeyExchange message which is a part of a SSL handshake is invalid and the SSL connection is closed Gateway Action ssl_close Recommend...

Page 466: ...nection is closed Gateway Action ssl_close Recommended Action None Revision 1 Parameters client_ip 2 47 51 negotiated_cipher_does_not_permit_the_chosen_certificate_size ID 03700509 Default Severity ER...

Page 467: ...el description 2 47 53 sent_sslalert ID 03700511 Default Severity ERROR Log Message Sent SSL Alert Closing down SSL connection Explanation The unit has sent a SSL Alert message to the client due to so...

Page 468: ...iption 2 48 2 odm_execute_action_reboot ID 05200002 Default Severity NOTICE Log Message Uploaded file filename was validated as description Rebooting system Explanation An uploaded file was validated...

Page 469: ...e was validated but could not be executed correctly This could be because the unit is out of disk space or that the disk is corrupt Gateway Action None Recommended Action Check that the disk is intact...

Page 470: ...ld not be added to the configuration Explanation Certificate data could not be added to the configuration Gateway Action None Recommended Action Make sure that the certificate data is of the correct f...

Page 471: ...Severity WARNING Log Message Unable to allocate exclude entry for host Explanation Unable to allocate exclude entry Unit is low on memory Gateway Action no_exclude Recommended Action Review the confi...

Page 472: ...s left on the switch No more hosts can be be blocked excluded on this switch Gateway Action no_block Recommended Action None Revision 1 Parameters switch 2 49 6 failed_to_create_profile ID 03800006 De...

Page 473: ...orrupted Gateway Action none Recommended Action Verify that the media is intact Revision 1 2 49 9 failed_to_create_access_rule ID 03800009 Default Severity CRITICAL Log Message Failed to create rulety...

Page 474: ...e configured switch model is correct Revision 1 Parameters type profile switch 2 49 12 failed_to_save_configuration ID 03800012 Default Severity CRITICAL Log Message Failed to save configuration on sw...

Page 475: ...blocking host host Alert Type type Explanation A configured action of type type has triggered ZoneDefense to block the host host at the configured ZoneDefense switches Gateway Action block Recommende...

Page 476: ...2 49 14 zd_block ID 03800014 Chapter 2 Log Message Reference 476...