232-002230-00 rev b sonicos 5.9 log event reference...

| 1

SonicOS 5.9Log Event Reference Guide

2

Notes, Cautions, and Warnings

© 2013 Dell Inc.

Trademarks: Dell™, the DELL logo, SonicWALL™, SonicWALL GMS™, SonicWALL Analyzer™, Reassem-bly-Free Deep Packet Inspection™, Dynamic Security for the Global Network™, SonicWALL Clean VPN™, SonicWALL Clean Wireless™, SonicWALL Comprehensive Gateway Security Suite™, SonicWALL Mobile Connect™, and all other SonicWALL product and service names and slogans are trademarks of Dell Inc.

2013 – 09 P/N 232-002230-00 Rev. B

NOTE: A NOTE indicates important information that helps you make better use of your system.

CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

Overview This reference guide lists and describes Dell SonicWALL SonicOS 5.9 log event messages. Reference a log event message by using the alphabetical index of log event messages.

This document contains the following sections: • “Log > Log Monitor” on page 1

• “Log > Settings” on page 2

• “Index of Log Event Messages” on page 6

• “Index of Syslog Tag Field Description” on page 56

Log > Log MonitorThe Dell SonicWALL security appliance maintains an Event log for tracking potential security threats. This log can be viewed by navigating to the Log > Log Monitor or Dashboard > Log Monitor page.

For information on configuring the Log Monitor page, refer to the SonicOS Administrator’s Guide.

Log > SettingsThe Settings page provides custom logging functions for troubleshooting and diagnostics on your Dell SonicWALL security appliance.

You can extend your Dell SonicWALL security appliance log reporting capabilities by using the Dell SonicWALL GMS or Analyzer, which is a Web-based graphical reporting tool for detailed and comprehensive reports. For more information on GMS and Analyzer reporting, refer to www.sonicwall.com.

For information on configuring the Log > Settings page, refer to the SonicOS Administrator’s Guide.

The Category column provides the following SonicOS Management Interface screen names:

• System

• Log

• Security Services

• Network

• Users

• Firewall Settings

• VPN

• High Availability

• 3G/4G, Modem, and Module

• Firewall

• Wireless

• VoIP

• SSL VPN

• Anti-Spam

• WAN Acceleration

2 | SonicOS 5.9 Log Event Reference Guide

www.sonicwall.com

www.sonicwall.com

Each of the Categories can be expanded to display the Event Groups within that category. The table below displays the Management Interface Group Name and the Enhanced Category where the group belongs:

Table 1 Event Groups & Categories

Group GUI Name Enhanced Category where Group belongs

PPP Dial‐Up 3G/4G, Modem, and Module

3G/4G and Modem 3G/4G, Modem, and Module

E1‐T1 Module 3G/4G, Modem, and Module

DSL Module 3G/4G, Modem, and Module

Probe Anti‐Spam

General Anti‐Spam

E‐mail Anti‐Spam

GRID Anti‐Spam

Access Rules Firewall

Application Firewall Firewall

Application Control Firewall

Flood Protection Firewall Settings

Advanced Firewall Settings

FTP Firewall Settings

Multicast Firewall Settings

Checksum Enforcement Firewall Settings

SSL Control Firewall Settings

State High Availability

Synchronization High Availability

General High Availability

Monitoring High Availability

Cluster High Availability

General Log

E‐mail Log

Syslog Log

Network Access Network

IP Network

TCP Network

UDP Network

ICMP Network

ARP Network

Interfaces Network

DNS Network

DHCP Client Network

PPPoE Network

| 3

L2TP Client Network

PPP Network

Failover and Load Balancing Network

NAT Network

PPTP Network

RIP Network

BOOTP Network

IPcomp Network

Network Monitor Network

Dynamic DNS Network

DHCP Server Network

Advanced Routing Network

Dynamic Address Objects Network

MAC‐IP Anti‐Spoof Network

NAT Policy Network

General Security Services

Attacks Security Services

Anti‐Virus Security Services

E‐mail Filtering Security Services

Content Filter Security Services

Crypto Test Security Services

IDP Security Services

IPS Security Services

DPI‐SSL Security Services

Anti‐Spyware Security Services

RBL Filter Security Services

Botnet Filter Security Services

Geo‐IP Filter Security Services

General SSL VPN

Status System

Restart System

GMS System

Administration System

Settings System

Hardware System

Time System

SNMP System

Authentication Access Users

Radius Authentication Users

SSO Agent Authentication Users

Call VoIP

H.323 VoIP


SIP VoIP

Anomaly VoIP

VPN IPsec VPN

VPN IKE VPN

VPN Client VPN

DHCP Relay VPN

VPN PKI VPN

L2TP Server VPN

VPN IKEv2 VPN

Local WXA Appliance WAN Acceleration

Remote WXA Appliance WAN Acceleration

Network Access Wireless

WLAN Wireless

WLAN IDS Wireless

SonicPoint Wireless

RF Monitoring Wireless

SonicPointN Wireless

| 5

Index of Log Event MessagesThis section contains a list of alphabetically ordered log event messages for the SonicOS 5.9 firmware. Use a Search or Find function to search for a specific command. For more information regarding the Log Event Message Symbols, reference the table below:

Table 2 Log Event Message Symbols Key

TCP IP Layered-Data Packet Processing

In specific cases of multi-layer packet processing, a TCP connection initially logged as "open," will be rejected by a deeper layer of packet processing. In these cases, the connection request has not been forwarded by the Dell SonicWALL security appliance, and the initial Connection Open SonicOS log event message should be ignored in favor of the TCP Connection Dropped log event message.

Each log event message described in the following table provides the following log event details:

• Group—Displays the category event group.

• Legacy Category—Displays the category event type.

• Priority Level—Displays the level of urgency of the log event message.

• ID—Displays the ID number of the log event message.

• Enhanced SNMP Trap Type—Displays the SNMP Trap ID number of the log event message.

Note The information in the Legacy Category column does not appear in the SonicOS 5.9 Management Interface. However, the equivalent numeric value is used in the Syslog packet for the “c=” and “cat=” tags. Refer to “Numeric Values for the Legacy Category” on page 55, for a full list of values.

Log Event Message Symbol Description Context

%s Ethernet Port Down Represents a character string. [WAN | LAN | DMZ] Ethernet Port Down

The cache is full; %u openconnections; some will be dropped

Represents a numerical string. The cache is full; [40,000] openconnections; some will be dropped


Log Event Message Index

The following table is the Log Event Message Index, which is an alphabetical list of log event messages for the SonicOS 5.9 firmware.

Table 3 Log Event Message Index

Enhanced Log Event Message Group Legacy

Category

Priority

Level

ID Enhanced

SNMP Trap

Type DOS protection on WAN begins %s Intrusion

Detection

Debug ALERT 1180 ‐‐‐

"As per Diagnostic Auto‐restart

configuration Request, restarting

system"

Firewall Event ‐‐‐ INFO 1047 ‐‐‐

%s auto‐dial failed: Current Connection

Model is configured as Ethernet Only

PPP Dial‐UP System Error ALERT 1028 ‐‐‐

%s Ethernet Port Down Firewall Event System Error ERROR 333 641

%s Ethernet Port Up Firewall Event System Error WARNING 332 640

%s is operational. Anti‐Spam ‐‐‐ WARNING 1082 13801

%s is unavailable. Anti‐Spam ‐‐‐ WARNING 1083 13802

3G/4G %s device detected Firewall

Hardware

System

Environment

INFO 1017 ‐‐‐

3G/4G Dial‐up: %s. PPP Dial‐UP User Activity ALERT 1026 ‐‐‐

3G/4G Dial‐up: data usage limit reached

for the '%s' billing cycle. Disconnecting

the session.

PPP Dial‐UP User Activity ALERT 1027 7643

3G/4G: No SIM detected Firewall

Hardware

‐‐‐ ALERT 1055 ‐‐‐

802.11 Management Wireless 80211b

Management

INFO 518 ‐‐‐

A high percentage of the system packet

buffers are held waiting for SSO

CIA User Activity ALERT 1178 ‐‐‐

A prior version of preferences was

loaded because the most recent

preferences file was inaccessible

Firewall Event System Error WARNING 572 648

A SonicOS Standard to Enhanced

Upgrade was performed

Firewall Event Maintenance INFO 611 ‐‐‐

A user has a very high number of

connections waiting for SSO

CIA User Activity ALERT 1179 ‐‐‐

Access attempt from host out of

compliance with GSC Policy

Security

Services

Maintenance INFO 761 ‐‐‐

Access attempt from host without Anti‐

Virus agent installed

Security

Services


| 7

Access attempt from host without GSC

installed

Security

Services

Maintenance INFO 763 8627

Access rule added Firewall Rule User Activity INFO 440 ‐‐‐

Access rule deleted Firewall Rule User Activity INFO 442 ‐‐‐

Access rule modified Firewall Rule User Activity INFO 441 ‐‐‐

Access rules restored to defaults Firewall Rule User Activity INFO 443 ‐‐‐

Access to proxy server denied Network Access Blocked Sites NOTICE 60 705

Active Secondary detects Active

Primary: Secondary going Idle

High Availability Maintenance INFO 154 ‐‐‐

Active/Active Clustering license is not

activated on the following cluster units:

%s

High Availability ‐‐‐ ERROR 1152 ‐‐‐

ActiveX access denied Network Access Blocked Code NOTICE 18 ‐‐‐

ActiveX or Java archive access denied Network Access Blocked Code NOTICE 20 ‐‐‐

ADConnector %s response timed‐out;

applying caching policy

Microsoft

Active Directory

‐‐‐ ERROR 769 ‐‐‐

Add an attack message Firewall Event Attack ERROR 143 525

Added a new member to an LDAP

mirror user group

RADIUS ‐‐‐ INFO 1192 ‐‐‐

Added host entry to dynamic address

object

Dynamic

Address Objects


Added new LDAP mirror user group: %s RADIUS ‐‐‐ INFO 1190 ‐‐‐

Adding Dynamic Entry for Bound MAC

Address

Network ‐‐‐ INFO 813 ‐‐‐

Adding L2TP IP pool Address object

Failed.

L2TP Server System Error ERROR 603 661

Adding to multicast policy List ,

interface : %s

Multicast ‐‐‐ DEBUG 697 ‐‐‐

Adding to Multicast policy List , VPN SPI

: %s


Administrator logged out Authentication

Access

User Activity INFO 261 ‐‐‐

Administrator logged out ‐ inactivity

timer expired

Authentication

Access


Administrator login allowed Authentication

Access


Administrator login denied due to bad

credentials

Authentication

Access

Attack ALERT 30 560

Administrator login denied from %s;

logins disabled from this interface

Authentication

Access

Attack ALERT 35 506

Administrator name changed Authentication

Access


All Dynamic DNS associations have been

deleted

Dynamic DNS Maintenance INFO 783 ‐‐‐


All preference values have been set to

factory default values


Allowed LDAP server certificate with

wrong host name

RADIUS User Activity WARNING 752 ‐‐‐

An LDAP user group nesting is not being

mirrored

RADIUS ‐‐‐ WARNING 1246 ‐‐‐

Anti‐Spam service is disabled by

administrator.

Anti‐Spam ‐‐‐ INFO 1085 13804

Anti‐Spam service is enabled by

administrator.


Anti‐Spam Startup Failure ‐ %s Anti‐Spam ‐‐‐ WARNING 1088 13807

Anti‐Spam Teardown Failure ‐ %s Anti‐Spam ‐‐‐ WARNING 1089 13808

Anti‐Spyware Detection Alert: %s Intrusion

Detection

Attack ALERT 795 6438

Anti‐Spyware Prevention Alert: %s Intrusion

Detection


Anti‐Spyware Service Expired Security

Services

Maintenance WARNING 796 8631

Anti‐Virus agent out‐of‐date on host Security

Services


Anti‐Virus Licenses Exceeded Security

Services


Application Control Detection Alert: %s AppControl

Detection

‐‐‐ ALERT 1154 15001

Application Control Prevention Alert: %s AppControl

Detection

‐‐‐ ALERT 1155 15002

Application Filter Detection Alert: %s Intrusion

Detection

Attack ALERT 650 ‐‐‐

Application Filters Block Alert: %s Intrusion

Detection


Application Firewall Alert: %s Application

Firewall

User Activity ALERT 793 13201

ARP request packet received Network ‐‐‐ INFO 717 ‐‐‐

ARP request packet sent Network ‐‐‐ INFO 715 ‐‐‐

ARP response packet received Network ‐‐‐ INFO 716 ‐‐‐

ARP response packet sent Network ‐‐‐ INFO 718 ‐‐‐

ARP Timeout Network Debug DEBUG 45 ‐‐‐

Assigned IP address %s DHCP Server ‐‐‐ INFO 1110 ‐‐‐

Association Flood from WLAN station WLAN IDS WLAN IDS ALERT 548 903

Attempt to contact Remote backup

server for upload approval failed

Firewall Event Maintenance DEBUG 1160 ‐‐‐

Authentication Timeout during

Remotely Triggered Dial‐out session

Authentication

Access


Back Orifice attack dropped Intrusion

Detection

Attack ALERT 73 512

| 9

Backup remote server did not approve

upload Request

Firewall Event Maintenance DEBUG 1161 ‐‐‐

Bad CRL format VPN PKI User Activity ALERT 277 ‐‐‐

Bind to LDAP server failed RADIUS System Error ERROR 1009 ‐‐‐

Blocked Quick Mode for Client using

Default KeyId

VPN Client System Error ERROR 505 660

BOOTP Client IP address on LAN

conflicts with remote device IP, deleting

IP address from remote table

BOOTP Maintenance INFO 619 ‐‐‐

BOOTP reply relayed to local device BOOTP Maintenance INFO 620 ‐‐‐

BOOTP Request received from remote

device

BOOTP Debug DEBUG 621 ‐‐‐

BOOTP server response relayed to

remote device

BOOTP Debug DEBUG 618 ‐‐‐

Broadcast packet dropped Network Access Debug DEBUG 46 ‐‐‐

Cannot connect to the CRL server VPN PKI User Activity ALERT 274 ‐‐‐

Cannot Validate Issuer Path VPN PKI User Activity ALERT 878 ‐‐‐

Certificate on Revoked list(CRL) VPN PKI User Activity ALERT 279 ‐‐‐

CFL auto‐download disabled, time

problem detected

Security

Services


Chat %s PPP Dial‐UP User Activity INFO 1022 ‐‐‐

Chat completed PPP Dial‐UP User Activity INFO 1020 ‐‐‐

Chat failed: %s PPP Dial‐UP User Activity INFO 1023 ‐‐‐

Chat started PPP Dial‐UP User Activity INFO 1019 ‐‐‐

Chat started by '%s' PPP Dial‐UP User Activity INFO 1032 ‐‐‐

Chat wrote '%s' PPP Dial‐UP User Activity INFO 1021 ‐‐‐

CLI administrator logged out Authentication

Access


CLI administrator login allowed Authentication

Access


CLI administrator login denied due to

bad credentials

Authentication

Access

User Activity WARNING 200 ‐‐‐

Computed hash does not match hash

received from peer; preshared key

mismatch

VPN IKE User Activity WARNING 410 ‐‐‐

Configuration mode administration

session ended

Authentication

Access


Configuration mode administration

session started

Authentication

Access


Connection Closed Network Traffic

AppFirewall FIC

Connection

Traffic

AppFirewall

FIC

INFO 537 ‐‐‐


Connection Opened Network Traffic

AppFirewall FIC

Connection INFO 98 ‐‐‐

Connection timed out VPN PKI User Activity ALERT 273 ‐‐‐

Content filter subscRIPtion expired. Security

Services

System Error ERROR 197 631

Cookie removed Network Access Blocked Code NOTICE 21 ‐‐‐

CPU reaches 80% utilization for more

than 10 seconds.

Firewall

Hardware

‐‐‐ ALERT 1248 17002

CRL has expired VPN PKI User Activity ALERT 874 ‐‐‐

CRL loaded from VPN PKI User Activity INFO 270 ‐‐‐

CRL missing ‐ Issuer requires CRL

checking.

VPN PKI User Activity ALERT 876 ‐‐‐

CRL validation failure for Root

Certificate

VPN PKI User Activity ALERT 877 ‐‐‐

Crypto AES failed ‐‐‐ Maintenance ERROR 1291 ‐‐‐

Crypto AES test failed ‐‐‐ Maintenance ERROR 1278 ‐‐‐

Crypto AES test success ‐‐‐ Maintenance INFO 1279 ‐‐‐

Crypto DES failed ‐‐‐ Maintenance ERROR 1298 ‐‐‐

Crypto DES test failed Crypto Test Maintenance ERROR 360 ‐‐‐

Crypto DES test success ‐‐‐ Maintenance INFO 1277 ‐‐‐

Crypto DH test failed Crypto Test Maintenance ERROR 361 ‐‐‐

Crypto DH test success ‐‐‐ Maintenance INFO 1270 ‐‐‐

Crypto DRBG failed ‐‐‐ Maintenance ERROR 1292 ‐‐‐

Crypto DRBG test failed ‐‐‐ Maintenance ERROR 1281 ‐‐‐

Crypto DRBG test success ‐‐‐ Maintenance INFO 1280 ‐‐‐

Crypto DSA failed ‐‐‐ Maintenance ERROR 1293 ‐‐‐

Crypto hardware 3DES test failed Crypto Test Maintenance ERROR 367 ‐‐‐

Crypto hardware 3DES test success ‐‐‐ Maintenance INFO 1276 ‐‐‐

Crypto Hardware 3DES with SHA test

failed

Crypto Test Maintenance ERROR 369 ‐‐‐

Crypto hardware 3DES with SHA test

success

‐‐‐ Maintenance INFO 1290 ‐‐‐

Crypto Hardware AES test failed Crypto Test Maintenance ERROR 610 ‐‐‐

Crypto hardware AES test success ‐‐‐ Maintenance INFO 1288 ‐‐‐

Crypto hardware DES test failed Crypto Test Maintenance ERROR 366 ‐‐‐

Crypto hardware DES test success ‐‐‐ Maintenance INFO 1272 ‐‐‐

Crypto hardware DES with SHA test

failed

Crypto Test Maintenance ERROR 368 ‐‐‐

Crypto hardware DES with SHA test

success

‐‐‐ Maintenance INFO 1289 ‐‐‐

Crypto Hmac‐MD5 fest failed Crypto Test Maintenance ERROR 362 ‐‐‐

Crypto Hmac‐MD5 test success ‐‐‐ Maintenance INFO 1271 ‐‐‐

Crypto Hmac‐Sha1 test failed Crypto Test Maintenance ERROR 363 ‐‐‐

Crypto Hmac‐Sha1 test success ‐‐‐ Maintenance INFO 1275 ‐‐‐

| 11

Crypto Hmac‐SHA256 failed ‐‐‐ Maintenance ERROR 1294 ‐‐‐

Crypto Hmac‐Sha256 test failed ‐‐‐ Maintenance ERROR 1283 ‐‐‐

Crypto Hmac‐Sha256 test success ‐‐‐ Maintenance INFO 1282 ‐‐‐

Crypto MD5 test failed Crypto Test Maintenance ERROR 370 ‐‐‐

Crypto MD5 test success ‐‐‐ Maintenance INFO 1273 ‐‐‐

Crypto RSA failed ‐‐‐ Maintenance ERROR 1295 ‐‐‐

Crypto RSA test failed Crypto Test Maintenance ERROR 364 ‐‐‐

Crypto RSA test success ‐‐‐ Maintenance INFO 1284 ‐‐‐

Crypto SHA1 based DRNG KAT test

failed

Crypto Test ‐‐‐ ERROR 1060 ‐‐‐

Crypto SHA1 based DRNG KAT test

success

‐‐‐ ‐‐‐ INFO 1274 ‐‐‐

Crypto SHA1 failed ‐‐‐ Maintenance ERROR 1296 ‐‐‐

Crypto Sha1 test failed Crypto Test Maintenance ERROR 365 ‐‐‐

Crypto Sha1 test success ‐‐‐ Maintenance INFO 1285 ‐‐‐

Crypto SHA256 failed ‐‐‐ Maintenance ERROR 1297 ‐‐‐

Crypto Sha256 test failed ‐‐‐ Maintenance ERROR 1287 ‐‐‐

Crypto Sha256 test success ‐‐‐ Maintenance INFO 1286 ‐‐‐

CSR Generation: %s VPN PKI ‐‐‐ INFO 1109 ‐‐‐

Current dynamic NAT translation count

is more than 50% of the configured

maximum.

Firewall

Hardware

‐‐‐ ALERT 1250 17004

Current session count is more than 50%

of the supported maximum.

Firewall

Hardware

‐‐‐ ALERT 1249 17003

Dynamic DNS association %s disabled Dynamic DNS Maintenance INFO 781 ‐‐‐

Dynamic DNS association %s enabled Dynamic DNS Maintenance INFO 780 ‐‐‐

Dynamic DNS association %s added Dynamic DNS Maintenance INFO 779 ‐‐‐

Dynamic DNS association %s

deactivated


Dynamic DNS association %s deleted Dynamic DNS Maintenance INFO 785 ‐‐‐

Dynamic DNS Association %s put on line Dynamic DNS Maintenance INFO 782 ‐‐‐

Dynamic DNS association %s taken

Offline locally


Dynamic DNS association %s updated Dynamic DNS ‐‐‐ INFO 786 ‐‐‐

Dynamic DNS Failure: Provider %s Dynamic DNS System Error ERROR 774 ‐‐‐



Dynamic DNS Update success for

domain %s


Dynamic DNS Warning: Provider %s Dynamic DNS System Error WARNING 777 ‐‐‐

Default to not blacklisted Anti‐Spam ‐‐‐ DEBUG 1144 ‐‐‐

Delete invalid scope because port IP in

the range of this DHCP scope.

DHCP Server ‐‐‐ WARNING 1184 ‐‐‐

Deleted LDAP mirror user group: %s RADIUS ‐‐‐ INFO 1191 ‐‐‐


Deleting from Multicast policy list,

interface : %s


Deleting from Multicast policy list, VPN

SPI : %s


Deleting IPsec SA VPN IKE User Activity INFO 92 ‐‐‐

Deleting IPsec SA for destination VPN IKE User Activity INFO 91 ‐‐‐

Deleting IPsec SA. (Phase 2) VPN IKE ‐‐‐ DEBUG 1183 ‐‐‐

Destination IP address connection

status: %s


Destination IPv6 address is unspecified.

Packet is dropped

Network Access Debug ALERT 1302 ‐‐‐

DHCP client enabled but not ready DHCP Client Maintenance INFO 504 ‐‐‐

DHCP Client did not get DHCP ACK. DHCP Client Maintenance INFO 109 ‐‐‐

DHCP Client failed to verify and lease

has expired. Go to INIT state.

DHCP Client Maintenance INFO 119 ‐‐‐

DHCP Client failed to verify and lease is

still valid. Go to BOUND state.


DHCP Client got a new IP address lease. DHCP Client Maintenance INFO 121 ‐‐‐

DHCP Client got ACK from server. DHCP Client Maintenance INFO 111 ‐‐‐

DHCP Client got NACK. DHCP Client Maintenance INFO 110 ‐‐‐

DHCP Client is declining address offered

by the server.


DHCP Client sending Request and going

to REBIND state.


DHCP Client sending Request and going

to RENEW state.


DHCP DECLINE received from remote

device

DHCP Relay Debug INFO 475 ‐‐‐

DHCP DISCOVER received from local

device


DHCP DISCOVER received from remote

device


DHCP INFORM received from remote

device


DHCP lease dropped. Lease from

Central Gateway conflicts with Relay IP

DHCP Relay Maintenance WARNING 228 ‐‐‐

DHCP lease dropped. Lease from

Central Gateway conflicts with Remote

Management IP

DHCP Relay Maintenance WARNING 484 ‐‐‐

DHCP lease file in the flash is corrupted;

read failed

Firewall Event System Error WARNING 833 ‐‐‐

DHCP lease relayed to local device DHCP Relay Maintenance INFO 223 ‐‐‐

DHCP lease relayed to remote device DHCP Relay Debug INFO 225 ‐‐‐

| 13

DHCP lease to LAN device conflicts with

remote device, deleting remote IP entry

DHCP Relay Maintenance INFO 226 ‐‐‐

DHCP leases written to flash Firewall Event Maintenance INFO 835 ‐‐‐

DHCP NACK received from server DHCP Relay Debug INFO 477 ‐‐‐

DHCP OFFER received from server DHCP Relay Debug INFO 476 ‐‐‐

DHCP RELEASE received from remote

device


DHCP RELEASE relayed to Central

Gateway


DHCP REQUEST received from local

device


DHCP REQUEST received from remote

device


DHCP Scopes altered automatically due

to change in network settings for

interface %s


DHCP Server not available. Did not get

any DHCP OFFER.


DHCP Server sanity check failed %s Firewall Event ‐‐‐ CRITICAL 1072 ‐‐‐

DHCP Server sanity check passed %s Firewall Event ‐‐‐ CRITICAL 1071 ‐‐‐

DHCP Server: IP conflict detected Firewall Event ‐‐‐ ALERT 1040 ‐‐‐

DHCP Server: Received DHCP decline

from client

Firewall Event ‐‐‐ ALERT 1041 ‐‐‐

DHCP Server: Received DHCP message

from untrusted relay agent

Firewall Event ‐‐‐ NOTICE 1090 ‐‐‐

DHCP Server: Resources of this pool ran

out. Client Info: %s

DHCP Server ‐‐‐ ALERT 1311 ‐‐‐

DHCPv6 lease file in the flash is

corrupted; read failed

Network ‐‐‐ WARNING 1259 ‐‐‐

DHCPv6 leases written to flash Network ‐‐‐ INFO 1261 ‐‐‐

Diagnostic Auto‐restart canceled Firewall Event ‐‐‐ INFO 1046 ‐‐‐

Diagnostic Auto‐restart scheduled for

%s minutes from now


Diagnostic Code A Firewall

Hardware


Diagnostic Code B Firewall

Hardware


Diagnostic Code C Firewall

Hardware


Diagnostic Code D Firewall

Hardware


Diagnostic Code E VPN IPsec System Error ERROR 61 609

Diagnostic Code F Firewall

Hardware



Diagnostic Code G Firewall

Hardware


Diagnostic Code H Firewall

Hardware


Diagnostic Code I Firewall

Hardware


Diagnostic Code J Firewall

Hardware


Dial‐up: Session initiated by data packet PPP Dial‐UP ‐‐‐ INFO 1039 ‐‐‐

Dial‐up: TrApplication Firewallfic

generated by '%s'

PPP Dial‐UP ‐‐‐ INFO 1038 ‐‐‐

Disconnecting L2TP Tunnel due to

trApplication Firewallfic Timeout

L2TP Client Maintenance INFO 215 ‐‐‐

Disconnecting PPPoE due to


PPPoE Maintenance INFO 168 ‐‐‐

Disconnecting PPTP Tunnel due to


PPTP Maintenance INFO 389 ‐‐‐

Discovered HA %s Firewall High Availability ‐‐‐ INFO 1044 ‐‐‐

Discovered HA Secondary Firewall High Availability Maintenance INFO 156 ‐‐‐

DNS packet allowed Network Access Debug INFO 602 ‐‐‐

DNS rebind attack blocked Intrusion

Detection

‐‐‐ ALERT 1099 6466

DOS protection on WAN %s Intrusion

Detection

Debug WARNING 1181 ‐‐‐

DOS protection on WAN %s Intrusion

Detection


DPI‐SSL: %s DPI SSL ‐‐‐ INFO 791 ‐‐‐

Drop WLAN trApplication Firewallfic

from non‐SonicPoint devices

Intrusion

Detection

Attack ERROR 662 6434

DSL: %s Device Down DSL ‐‐‐ ALERT 1186 ‐‐‐

DSL: %s Device Up DSL ‐‐‐ ALERT 1185 ‐‐‐

DSL: %s WAN is connected DSL ‐‐‐ ALERT 1187 ‐‐‐

DSL: %s WAN is initializing DSL ‐‐‐ ALERT 1188 ‐‐‐

Duplicate packet dropped Network Access Debug DEBUG 51 ‐‐‐

Dynamic IPsec client connected VPN IPsec User Activity INFO 62 ‐‐‐

E1_T1 Layer 1 status: Controlled slip E1/T1 Status ‐‐‐ INFO 1167 ‐‐‐

E1_T1 Layer 1 status: No frame

synchronization

E1/T1 Status ‐‐‐ INFO 1164 ‐‐‐

E1_T1 Layer 1 status: No multiframe

synchronization


E1_T1 Layer 1 status: No signal E1/T1 Status ‐‐‐ INFO 1163 ‐‐‐

E1_T1 Layer 1 status: OK E1/T1 Status ‐‐‐ INFO 1168 ‐‐‐

E1_T1 Layer 1 status: Remote alarm

detected


| 15

EIGRP packet dropped Network Access Debug NOTICE 714 ‐‐‐

E‐Mail fragment dropped Intrusion

Detection


Entering FIPS ERROR state Crypto Test Maintenance ERROR 359 ‐‐‐

Entering FIPS Error State. Crypto Test System Error ERROR 497 659

Error initializing Hardware acceleration

for VPN

Firewall

Hardware

Maintenance ERROR 374 ‐‐‐

Error Rebooting HA Peer Firewall High Availability System Error ERROR 669 663

Error setting the IP address of the

Secondary, please manually set to

Secondary LAN IP

High Availability System Error ERROR 191 629

Error synchronizing HA peer firewall

(%s)


Error updating HA peer configuration High Availability System Error ERROR 192 630

ERROR: DHCP over VPN Policy is not

defined. Cannot start IKE.


Exceeded Max multicast address limit Multicast ‐‐‐ WARNING 703 ‐‐‐

External Web Server Host Resolution

Failed %s

Authentication

Access

‐‐‐ ERROR 1069 ‐‐‐

Failed in SNMP memory allocateation.

Not enough memory

‐‐‐ ‐‐‐ ERROR 1224 ‐‐‐

Failed on updating time from NTP

server

‐‐‐ UDP NOTICE 1230 ‐‐‐

Failed payload validation VPN IKE User Activity WARNING 405 ‐‐‐

Failed payload verification Application

Firewallter decryption; possible

preshared key mismatch


Failed to add a member to an LDAP

mirror user group

RADIUS ‐‐‐ WARNING 1245 ‐‐‐

Failed to add an LDAP mirror user group RADIUS ‐‐‐ WARNING 1244 ‐‐‐

Failed to find certificate VPN PKI User Activity ALERT 875 ‐‐‐

Failed to get CRL from VPN PKI User Activity ALERT 271 ‐‐‐

Failed to insert entry into GRID result IP

cached table

Anti‐Spam ‐‐‐ DEBUG 1145 ‐‐‐

Failed to Process CRL from VPN PKI User Activity ALERT 276 ‐‐‐

Failed to resolve name Network Maintenance INFO 84 ‐‐‐

Failed to send file to remote backup

server, Error: %s


Failed to send Preference file to remote

backup server, Error: %s


Failed to send TSR file to remote backup

server, Error: %s


Failed to synchronize license

information with Licensing Server. %s

Security

Services



Failed to synchronize Relay IP Table DHCP Relay System Error WARNING 234 632

Failed to write DHCP leases to flash Firewall Event System Error WARNING 834 ‐‐‐

Failed to write DHCPv6 leases to flash Network ‐‐‐ WARNING 1260 ‐‐‐

Failed VPN I/O processing VPN IKE User Activity ERROR 1234 ‐‐‐

Failure to reach Interface %s probe High Availability System Error ERROR 675 6234

Fan Failure Firewall

Hardware

System

Environment

ALERT 576 102

FIN Flood Blacklist on IF %s continues Intrusion

Detection


FIN‐Flooding machine %s blacklisted Intrusion

Detection


Firmware Update Failed ‐‐‐ ‐‐‐ NOTICE 1268 ‐‐‐

Firmware Update Success ‐‐‐ ‐‐‐ NOTICE 1269 ‐‐‐

Forbidden E‐Mail attachment deleted Intrusion

Detection


Forbidden E‐Mail attachment disabled Intrusion

Detection


Found Rogue Access Point WLAN IDS WLAN IDS ALERT 546 901

Found Rogue Access Point WLAN IDS WLAN IDS ALERT 556 10804

Fragmented packet dropped Network TCP | UDP |

ICMP

NOTICE 28 ‐‐‐

Fraudulent Microsoft certificate found;

access denied

Intrusion

Detection


FTP client user logged in failed FTP ‐‐‐ DEBUG 1115 ‐‐‐

FTP client user logged in successfully FTP ‐‐‐ DEBUG 1114 ‐‐‐

FTP client user logged out FTP ‐‐‐ DEBUG 1116 ‐‐‐

FTP client user name was sent FTP ‐‐‐ DEBUG 1113 ‐‐‐

FTP server accepted the connection FTP ‐‐‐ DEBUG 1112 ‐‐‐

FTP: Data connection from non default

port dropped

Network Access Attack ALERT 538 557

FTP: PASV response bounce attack

dropped.

Intrusion

Detection


FTP: PASV response spoof attack

dropped

Intrusion

Detection


FTP: PORT bounce attack dropped. Intrusion

Detection


Gateway Anti‐Virus Alert: %s Security

Services


Gateway Anti‐Virus Service expired Security

Services


Global VPN Client connection is not

allowed. Appliance is not registered.

VPN Client System Error INFO 529 643

Global VPN Client License Exceeded:

Connection denied.

VPN Client System Error INFO 494 658

| 17

Global VPN Client version cannot

enforce personal firewall. Minimum

Version required is 2.1

VPN Client User Activity INFO 604 ‐‐‐

Got DHCP OFFER. Selecting. DHCP Client Maintenance INFO 107 ‐‐‐

GSC Policy out‐of‐date on host Security

Services


Guest account '%s' created Authentication

Access


Guest account '%s' deleted Authentication

Access


Guest account '%s' disabled Authentication

Access


Guest account '%s' pruned Authentication

Access


Guest account '%s' re‐enabled Authentication

Access


Guest account '%s' re‐generated Authentication

Access


Guest Account Timeout Authentication

Access


Guest Idle Timeout Authentication

Access


Guest login denied. Guest '%s' is already

logged in. Please try again later.

Authentication

Access


Guest policy accepted ‐‐‐ User Activity INFO 1228 ‐‐‐

Guest Services drop trApplication

Firewallfic to deny network

Network Access ‐‐‐ INFO 724 ‐‐‐

Guest Services pass trApplication

Firewallfic to access allow network


Guest Session Timeout Authentication

Access


Guest trApplication Firewallfic quota

exceeded

‐‐‐ User Activity INFO 1227 ‐‐‐

GUI administration session ended Authentication

Access


H.323/H.225 Connect VoIP VoIP DEBUG 634 ‐‐‐

H.323/H.225 Setup VoIP VoIP DEBUG 633 ‐‐‐

H.323/H.245 Address VoIP VoIP DEBUG 635 ‐‐‐

H.323/H.245 End Session VoIP VoIP DEBUG 636 ‐‐‐

H.323/RAS Admission Confirm VoIP VoIP DEBUG 625 ‐‐‐

H.323/RAS Admission Reject VoIP VoIP DEBUG 624 ‐‐‐

H.323/RAS Admission Request VoIP VoIP DEBUG 626 ‐‐‐

H.323/RAS Bandwidth Reject VoIP VoIP DEBUG 627 ‐‐‐

H.323/RAS Disengage Confirm VoIP VoIP DEBUG 628 ‐‐‐


H.323/RAS Disengage Reject VoIP VoIP DEBUG 641 ‐‐‐

H.323/RAS Gatekeeper Reject VoIP VoIP DEBUG 629 ‐‐‐

H.323/RAS Location Confirm VoIP VoIP DEBUG 630 ‐‐‐

H.323/RAS Location Reject VoIP VoIP DEBUG 631 ‐‐‐

H.323/RAS Registration Reject VoIP VoIP DEBUG 632 ‐‐‐

H.323/RAS Unknown Message

Response

VoIP VoIP DEBUG 640 ‐‐‐

H.323/RAS Unregistration Reject VoIP VoIP DEBUG 642 ‐‐‐

HA association posted successfully to

License Manager


HA association request to License

Manager failed: %s

Firewall Event ‐‐‐ WARNING 1309 ‐‐‐

HA packet processing error High Availability Maintenance INFO 162 ‐‐‐

HA Peer Firewall Rebooted High Availability Maintenance INFO 668 ‐‐‐

HA Peer Firewall Synchronized High Availability Maintenance INFO 157 ‐‐‐

Hardware Failover settings were not

upgraded.


Header verification failed VPN IKE User Activity WARNING 587 ‐‐‐

Heartbeat received from incompatible

source


High Availability has been enabled, Dial‐

Up device(s) are not supported in High

Availability processing.

High Availability User Activity INFO 1125 ‐‐‐

Host IP address not in GRID List Anti‐Spam ‐‐‐ DEBUG 1141 ‐‐‐

HTTP management port has changed Firewall Event Maintenance INFO 340 ‐‐‐

HTTP method detected; examining

stream for host header

Network Access TCP DEBUG 882 ‐‐‐

HTTPS Handshake: %s ‐‐‐ ‐‐‐ INFO 1226 ‐‐‐

HTTPS management port has changed Firewall Event Maintenance INFO 341 ‐‐‐

ICMP checksum error; packet dropped Network Access UDP NOTICE 886 ‐‐‐

ICMP packet allowed Network Access Debug INFO 597 ‐‐‐

ICMP packet dropped due to Policy Network Access ICMP NOTICE 38 ‐‐‐

ICMP packet dropped no match Network Access ICMP NOTICE 523 ‐‐‐

ICMP packet from LAN allowed Network Access Debug INFO 598 ‐‐‐

ICMP packet from LAN dropped Network Access LAN ICMP |

LAN TCP

NOTICE 175 ‐‐‐

ICMPv6 packet allowed Network ‐‐‐ INFO 1256 ‐‐‐

ICMPv6 packet dropped due to policy Network ‐‐‐ NOTICE 1257 ‐‐‐

ICMPv6 packet from LAN allowed Network ‐‐‐ INFO 1255 ‐‐‐

ICMPv6 packet from LAN dropped Network ‐‐‐ NOTICE 1254 ‐‐‐

If not already enabled, enabling NTP is

recommended

Firewall

Hardware

System Error WARNING 540 645

IGMP Leave group message Received on

interface %s

Multicast ‐‐‐ INFO 682 ‐‐‐

| 19

IGMP packet dropped, decoding error Multicast ‐‐‐ NOTICE 686 ‐‐‐

IGMP packet dropped, wrong checksum

received on interface %s

Multicast ‐‐‐ NOTICE 683 ‐‐‐

IGMP Packet Not handled. Packet type :

%s


IGMP querier Router detected on

interface %s


IGMP querier Router detected on VPN

tunnel , SPI %S


IGMP state table entry time out,

deleting interface : %s


IGMP state table entry time out,

deleting VPN SPI : %s


IGMP V2 client joined multicast Group :

%s


IGMP V2 Membership report received

from interface %s


IGMP V3 client joined multicast Group :

%s


IGMP V3 Membership report received

from interface %s


IGMP V3 packet dropped, unsupported

Record type : %s


IGMP V3 record type : %s not Handled Multicast ‐‐‐ DEBUG 689 ‐‐‐

IKE Initiator : VPN Policy for gateway

address not found


IKE Initiator : VPN Policy for IKE ID not

found


IKE Initiator drop: VPN tunnel end point

does not match configured VPN Policy

Bound to scope

VPN IKE User Activity INFO 544 ‐‐‐

IKE Initiator: Accepting IPsec proposal

(Phase 2)


IKE Initiator: Accepting peer lifetime.

(Phase 1)


IKE Initiator: Aggressive Mode complete

(Phase 1).


IKE Initiator: IKE proposal does not

match (Phase 1)


IKE Initiator: Main Mode complete

(Phase 1)


IKE Initiator: Proposed IKE ID mismatch VPN IKE User Activity WARNING 933 ‐‐‐

IKE Initiator: Remote party Timeout ‐

Retransmitting IKE Request.



IKE Initiator: Start Aggressive Mode

negotiation (Phase 1)


IKE Initiator: Start Main Mode

negotiation (Phase 1)


IKE Initiator: Start Quick Mode (Phase

2).


IKE Initiator: Using secondary gateway

to negotiate


IKE negotiation aborted due to Timeout VPN IKE User Activity INFO 403 ‐‐‐

IKE negotiation complete. Adding IPsec

SA. (Phase 2)


IKE Responder : VPN Policy for gateway

address not found


IKE Responder : VPN Policy for IKE ID

not found


IKE Responder drop: VPN tunnel end

point does not match configured VPN

Policy Bound to scope


IKE Responder: %s Policy does not allow

static IP for Virtual Adapter.

VPN Client System Error ERROR 660 ‐‐‐

IKE Responder: Accepting IPsec

proposal (Phase 2)


IKE Responder: Aggressive Mode

complete (Phase 1)


IKE Responder: AH authentication

algorithm does not match


IKE Responder: AH authentication key

length does not match


IKE Responder: AH authentication key

rounds does not match


IKE Responder: AH Perfect Forward

Secrecy mismatch

VPN IKE User Activity WARNING 258 544

IKE Responder: Algorithms and/or keys

do not match


IKE Responder: Client Policy has no VPN

Access Networks assigned. Check

Configuration.

VPN IKE System Error ERROR 965 ‐‐‐

IKE Responder: Default LAN gateway is

not set but peer is proposing to use this

SA as a default route

VPN IKE Attack ERROR 516 553

IKE Responder: Default LAN gateway is

set but peer is not proposing to use this

SA as a default route


| 21

IKE Responder: ESP authentication



IKE Responder: ESP authentication key



IKE Responder: ESP authentication key



IKE Responder: ESP encryption



IKE Responder: ESP encryption key



IKE Responder: ESP encryption key



IKE Responder: ESP mode mismatch

Local ‐ Transport Remote ‐ Tunnel


IKE Responder: ESP mode mismatch

Local ‐ Tunnel Remote ‐ Transport


IKE Responder: ESP Perfect Forward

Secrecy mismatch


IKE Responder: IKE Phase 1 exchange

does not match

VPN IKE User Activity ERROR 1036 ‐‐‐

IKE Responder: IKE proposal does not

match (Phase 1)


IKE Responder: IP Address already exists

in the DHCP relay table. Client

trApplication Firewallfic not allowed.

VPN Client System Error ERROR 659 ‐‐‐

IKE Responder: IP Compression



IKE Responder: IPsec proposal does not

match (Phase 2)


IKE Responder: IPsec protocol mismatch VPN IKE User Activity WARNING 932 ‐‐‐

IKE Responder: Main Mode complete

(Phase 1)


IKE Responder: Mode %d ‐ not transport

mode. XAUTH is required but not

supported by peer.

VPN IKE Debug WARNING 342 ‐‐‐

IKE Responder: Mode %d ‐ not tunnel

mode


IKE Responder: No match for proposed

remote network address


IKE Responder: No matching Phase 1 ID

found for proposed remote network


IKE Responder: Peer's destination

network does not match VPN Policy's

[Local Network]



IKE Responder: Peer's local network

does not match VPN Policy's

[Destination ]


IKE Responder: Peer's proposed


Network

VPN IKE ‐‐‐ WARNING 1189 ‐‐‐

IKE Responder: Phase 1 Authentication

Method does not match


IKE Responder: Phase 1 DH Group does

not match


IKE Responder: Phase 1 encryption



IKE Responder: Phase 1 encryption

algorithm keylength does not match


IKE Responder: Phase 1 hash algorithm

does not match


IKE Responder: Phase 1 XAUTH required

but Policy has no user name


IKE Responder: Phase 1 XAUTH required

but Policy has no user password


IKE Responder: Proposed IKE ID

mismatch

VPN IKE System Error WARNING 658 ‐‐‐

IKE Responder: Proposed local network

is 0.0.0.0 but SA has no LAN Default

Gateway


IKE Responder: Proposed remote

network is 0.0.0.0 but not DHCP relay

nor default route


IKE Responder: Received Aggressive

Mode Request (Phase 1)


IKE Responder: Received Main Mode

Request (Phase 1)


IKE Responder: Received Quick Mode

Request (Phase 2)


IKE Responder: Remote party Timeout ‐

Retransmitting IKE Request.


IKE Responder: Route table overrides

VPN Policy


IKE Responder: Tunnel terminates

inside firewall but proposed local

network is not inside firewall


IKE Responder: Tunnel terminates on

DMZ but proposed local network is on

LAN


| 23

IKE Responder: Tunnel terminates on

LAN but proposed local network is on

DMZ



outside firewall but proposed local

network is not NAT public address



outside firewall but proposed remote

network is not NAT public address


IKE SA lifetime expired. VPN IKE User Activity INFO 350 ‐‐‐

IKEv2 Accept IKE SA Proposal VPN IKE User Activity INFO 943 ‐‐‐

IKEv2 Accept IPsec SA Proposal VPN IKE User Activity INFO 944 ‐‐‐

IKEv2 Authentication successful VPN IKE User Activity INFO 942 ‐‐‐

IKEv2 Decrypt packet failed VPN IKE User Activity WARNING 960 ‐‐‐

IKEv2 Function sendto() failed to

transmit packet.


IKEv2 IKE attribute not found VPN IKE User Activity WARNING 970 ‐‐‐

IKEv2 IKE proposal does not match VPN IKE User Activity WARNING 981 ‐‐‐

IKEv2 Initiator: Negotiations failed.

Extra payloads present.



Invalid input state.



Invalid output state.



Missing required payloads.


IKEv2 Initiator: Proposed IKE ID

mismatch


IKEv2 Initiator: Received

CREATE_CHILD_SA response


IKEv2 Initiator: Received IKE_AUTH

response


IKEv2 Initiator: Received IKE_SA_INT

response


IKEv2 Initiator: Remote party Timeout ‐

Retransmitting IKEv2 Request.


IKEv2 Initiator: Send CREATE_CHILD_SA

Request


IKEv2 Initiator: Send IKE_AUTH Request VPN IKE User Activity INFO 940 ‐‐‐

IKEv2 Initiator: Send IKE_SA_INIT

Request


IKEv2 Invalid SPI size VPN IKE User Activity WARNING 966 ‐‐‐

IKEv2 Invalid state VPN IKE User Activity WARNING 964 ‐‐‐

IKEv2 IPsec attribute not found VPN IKE User Activity WARNING 969 ‐‐‐


IKEv2 IPsec proposal does not match VPN IKE User Activity WARNING 968 ‐‐‐

IKEv2 NAT device detected between

negotiating peers


IKEv2 negotiation complete VPN IKE User Activity INFO 978 ‐‐‐

IKEv2 No NAT device detected between

negotiating peers


IKEv2 Out of memory VPN IKE User Activity WARNING 961 ‐‐‐

IKEv2 Payload processing error VPN IKE User Activity WARNING 953 ‐‐‐

IKEv2 Payload validation failed. VPN IKE User Activity WARNING 958 ‐‐‐

IKEv2 Peer is not responding.

Negotiation aborted.


IKEv2 Process Message queue failed VPN IKE User Activity WARNING 963 ‐‐‐

IKEv2 Received delete IKE SA Request VPN IKE User Activity INFO 948 ‐‐‐

IKEv2 Received delete IKE SA response VPN IKE User Activity INFO 1015 ‐‐‐

IKEv2 Received delete IPsec SA Request VPN IKE User Activity INFO 950 ‐‐‐

IKEv2 Received delete IPsec SA

response


IKEv2 Received notify error payload VPN IKE User Activity WARNING 983 ‐‐‐

IKEv2 Received notify status payload VPN IKE User Activity INFO 982 ‐‐‐

IKEv2 Responder: Peer's destination


[Local Network]


IKEv2 Responder: Peer's local network

does not match VPN Policy's

[Destination Network]


IKEv2 Responder: Policy for remote IKE

ID not found


IKEv2 Responder: Received

CREATE_CHILD_SA Request


IKEv2 Responder: Received IKE_AUTH

Request


IKEv2 Responder: Received IKE_SA_INIT

Request


IKEv2 Responder: Send

CREATE_CHILD_SA response


IKEv2 Responder: Send IKE_AUTH

response


IKEv2 Responder: Send IKE_SA_INIT

response


IKEv2 Send delete IKE SA Request VPN IKE User Activity INFO 947 ‐‐‐

IKEv2 Send delete IKE SA response VPN IKE User Activity INFO 1013 ‐‐‐

IKEv2 Send delete IPsec SA Request VPN IKE User Activity INFO 949 ‐‐‐

IKEv2 Send delete IPsec SA response VPN IKE User Activity INFO 1014 ‐‐‐

IKEv2 Unable to find IKE SA VPN IKE User Activity WARNING 959 ‐‐‐

| 25

IKEv2 VPN Policy not found VPN IKE User Activity WARNING 967 ‐‐‐

IKEv2: Peer's IP Version of TrApplication

Firewallfic Selector does not match with

ours

VPN IKE ‐‐‐ INFO 1312 ‐‐‐

Illegal IPsec SPI VPN IPsec User Activity INFO 65 ‐‐‐

Imported HA hardware ID did not match

this firewall


Imported VPN SA is invalid ‐ disabled Firewall Event Maintenance WARNING 348 ‐‐‐

Inbound connection from GRID‐listed

SMTP server dropped

Anti‐Spam ‐‐‐ NOTICE 1092 13810

Inbound connection from RBL‐listed

SMTP server dropped

RBL ‐‐‐ NOTICE 798 ‐‐‐

Incoming call received for Remotely

Triggered Dial‐out session

Authentication

Access


Incompatible IPsec Security Association VPN IPsec User Activity INFO 69 ‐‐‐

Incorrect authentication received for

Remotely Triggered Dial‐out

Authentication

Access


Ini Killer attack dropped Intrusion

Detection

Attack ALERT 80 519

Initiator from country blocked: %s GeoIP GeoIP ALERT 1198 ‐‐‐

Interface %s Link Is Down Firewall Event System Error ALERT 566 647

Interface %s Link Is Up Firewall Event System Error ALERT 565 646

Interface IP Assignment : Binding and

initializing %s


Interface IP Assignment changed:

Shutting down %s


Interface statistics report GMS ‐‐‐ INFO 805 ‐‐‐

Internet Access restricted to authorized

users. Dropped packet received in the

clear.

Wireless TCP | UDP |

ICMP

WARNING 532 ‐‐‐

Invalid DNS Server will not be accepted

by the dynamic client


Invalid key or serial number used for

GRID response


Invalid key version used for GRID

response


Invalid Product Code Upgrade request

received: %s

Firewall Event ‐‐‐ ERROR 704 ‐‐‐

Invalid SNMP packet ‐‐‐ ‐‐‐ WARNING 1220 ‐‐‐

Invalid SNMPv3 engineID ‐‐‐ ‐‐‐ WARNING 1221 ‐‐‐

Invalid SNMPv3 Time Window ‐‐‐ ‐‐‐ WARNING 1223 ‐‐‐

Invalid SNMPv3 User ‐‐‐ ‐‐‐ WARNING 1222 ‐‐‐

Invalid VLAN packet dropped Network ‐‐‐ ALERT 836 ‐‐‐


IP address conflict detected from

Ethernet address %s

Network Maintenance WARNING 847 ‐‐‐

IP Address is allocateated for Client ‐‐‐ ‐‐‐ INFO 1219 ‐‐‐

IP Header checksum error; packet

dropped

Network Access TCP|UDP NOTICE 883 ‐‐‐

IP Pool of the VPN Policy is Full ‐‐‐ ‐‐‐ DEBUG 1216 ‐‐‐

IP Pool of the VPN Policy is Not

Configured

‐‐‐ ‐‐‐ DEBUG 1217 ‐‐‐

IP spoof detected on packet to Central

Gateway, packet dropped

DHCP Relay Attack ERROR 229 533

IP spoof dropped Intrusion

Detection

Attack ALERT 23 502

IP type %s packet dropped Network Access LAN UDP |

LAN TCP


IPComp connection interrupt IPComp Debug DEBUG 651 ‐‐‐

IPComp packet dropped IPComp TCP | UDP |

ICMP


IPComp packet dropped; waiting for

pending IPComp connection

IPComp Debug DEBUG 653 ‐‐‐

IPS Detection Alert: %s Intrusion

Detection


IPS Detection Alert: %s Intrusion

Detection


IPS Prevention Alert: %s Intrusion

Detection


IPS Prevention Alert: %s Intrusion

Detection


IPsec (AH) packet dropped VPN IPsec TCP | UDP |

ICMP


IPsec (AH) packet dropped; waiting for

pending IPsec connection

VPN IPsec Debug DEBUG 536 ‐‐‐

IPsec (ESP) packet dropped VPN IPsec TCP | UDP |

ICMP


IPsec (ESP) packet dropped; waiting for


VPN IPsec Debug DEBUG 535 ‐‐‐

IPsec Authentication Failed VPN IPsec Attack ERROR 67 508

IPsec connection interrupt Network Access Debug DEBUG 43 ‐‐‐

IPsec Decryption Failed VPN IPsec Attack ERROR 68 509

IPsec packet dropped Network Access TCP | UDP |

ICMP

NOTICE 40 ‐‐‐

IPsec packet dropped; waiting for


Network Access Debug DEBUG 42 ‐‐‐

IPsec packet from an illegal host VPN IPsec Maintenance INFO 247 ‐‐‐

IPsec packet from or to an illegal host VPN IPsec Attack ERROR 70 510

IPsec Replay Detected VPN IPsec Attack ALERT 180 531

| 27

IPsec SA lifetime expired. VPN IPsec User Activity INFO 349 ‐‐‐

IPsec Tunnel status changed VPN VPN Tunne

lStatus

INFO 427 801

IPv6 Tunnel packet dropped VPN IKE ‐‐‐ NOTICE 1253 ‐‐‐

IPv6 VPN only support IKEv2 mode VPN IKE ‐‐‐ INFO 1252 ‐‐‐

ISDN Driver Firmware successfully

updated


Issuer match failed VPN PKI User Activity ALERT 278 ‐‐‐

Java access denied Network Access Blocked Code NOTICE 19 ‐‐‐

L2TP Connect Initiated by the User L2TP Client Maintenance INFO 216 ‐‐‐

L2TP Disconnect Initiated by the User L2TP Client Maintenance INFO 214 ‐‐‐

L2TP LCP Down L2TP Client Maintenance INFO 209 ‐‐‐

L2TP LCP Up L2TP Client Maintenance INFO 213 ‐‐‐

L2TP Max Retransmission Exceeded L2TP Client Maintenance INFO 203 ‐‐‐

L2TP PPP Authentication Failed L2TP Client Maintenance INFO 212 ‐‐‐

L2TP PPP Down L2TP Client Maintenance INFO 211 ‐‐‐

L2TP PPP link down L2TP Client Maintenance INFO 217 ‐‐‐

L2TP PPP Negotiation Started L2TP Client Maintenance INFO 208 ‐‐‐

L2TP PPP Session Up L2TP Client Maintenance INFO 210 ‐‐‐

L2TP Server : Access from L2TP VPN

Client Privilege not enabled for RADIUS

Users.

L2TP Server Maintenance INFO 343 ‐‐‐

L2TP Server : Deleting the L2TP active

Session


L2TP Server : Deleting the Tunnel L2TP Server Maintenance INFO 336 ‐‐‐

L2TP Server : L2TP PPP Session

Established.


L2TP Server : L2TP Session Established. L2TP Server Maintenance INFO 309 ‐‐‐

L2TP Server : L2TP Tunnel Established. L2TP Server Maintenance INFO 308 ‐‐‐

L2TP Server : Retransmission Timeout,

Deleting the Tunnel


L2TP Server : User Name authentication

Failure locally.


L2TP Server: Keep alive Failure. Closing

Tunnel


L2TP Server: L2TP Remote terminated

the PPP session


L2TP Server: L2TP Session Disconnect

from the Remote.


L2TP Server: L2TP Tunnel Disconnect

from the Remote.


L2TP Server: Local Authentication

Failure



L2TP Server: Local Authentication

Success.


L2TP Server: No IP address available in

the Local IP Pool


L2TP Server: RADIUS/LDAP

Authentication Success


L2TP Server: RADIUS/LDAP reports

Authentication Failure


L2TP Server: RADIUS/LDAP server not

assigned IP address


L2TP Server: Call Disconnect from

Remote.


L2TP Server: Tunnel Disconnect from

Remote.


L2TP Session Disconnect from Remote L2TP Client Maintenance INFO 207 ‐‐‐

L2TP Session Established L2TP Client Maintenance INFO 206 ‐‐‐

L2TP Session Negotiation Started L2TP Client Maintenance INFO 202 ‐‐‐

L2TP Tunnel Disconnect from Remote L2TP Client Maintenance INFO 205 ‐‐‐

L2TP Tunnel Established L2TP Client Maintenance INFO 204 ‐‐‐

L2TP Tunnel Negotiation %s L2TP Client ‐‐‐ INFO 1074 ‐‐‐

L2TP Tunnel Negotiation Started L2TP Client Maintenance INFO 201 ‐‐‐

LAN Subnet configurations were not

upgraded.


Land attack dropped Intrusion

Detection

Attack ALERT 27 505

LDAP server does not allow CHAP RADIUS User Activity WARNING 758 ‐‐‐

LDAP using non‐administrative account

‐ VPN client user will not be able to

change passwords

RADIUS System Error WARNING 1011 ‐‐‐

License exceeded: Connection dropped

because too many IP addresses are in

use on your LAN

Firewall Event System Error ERROR 58 608

License of HA pair doesn't match: %s High Availability System Error ERROR 670 664

Locked‐out user logins allowed ‐ lockout

period expired

Authentication

Access


Locked‐out user logins allowed by

administrator

Authentication

Access


Log Cleared Firewall Logging Maintenance INFO 5 ‐‐‐

Log Debug Firewall Event Debug ERROR 142 ‐‐‐

Log full; deactivating Network Security

Appliance

Firewall Logging System Error ERROR 7 601

Log successfully sent via email Firewall Logging Maintenance INFO 6 ‐‐‐

Login screen timed out Authentication

Access


| 29

MAC address collides with Static ARP

Entry with Bound MAC address; packet

dropped

Network ‐‐‐ NOTICE 814 ‐‐‐

Machine %s removed from FIN flood

blacklist

Intrusion

Detection


Machine %s removed from RST flood

blacklist

Intrusion

Detection


Machine %s removed from SYN flood

blacklist

Intrusion

Detection


MAC‐IP Anti‐spoof cache found, but it is

blacklisted device

Mac IP spoof Attack ALERT 1212 ‐‐‐

MAC‐IP Anti‐spoof cache found, but it is

not a router


MAC‐IP Anti‐spoof cache not found for

this router


MAC‐IP Anti‐spoof check enforced for

hosts


Malformed DNS packet detected Network Access Debug ALERT 1177 ‐‐‐

Malformed or unhandled IP packet

dropped

Network Access Debug ALERT 522 554

Maximum events per second threshold

exceeded

Firewall Logging System Error CRITICAL 654 ‐‐‐

Maximum number of Bandwidth

Managed rules exceeded upon upgrade

to this version. Some Bandwidth

settings ignored.

Firewall Event Maintenance NOTICE 541 ‐‐‐

Maximum sequential failed dial

attempts (10) to a single dial‐up

number: %s

PPP Dial‐UP Attack ERROR 591 566

Maximum syslog data per second

threshold exceeded

Firewall Logging System Error CRITICAL 655 ‐‐‐

Message blocked by Real‐Time Email

Scanner

Anti‐Spam ‐‐‐ INFO 1108 ‐‐‐

MOBIKE: Update Peer Gateway IP ‐‐‐ ‐‐‐ INFO 1218 ‐‐‐

Modules attached to HA units do not

match: %s

High Availability System Error ALERT 1162 664

Monitoring probe out interface

mismatch %s

High Availability ‐‐‐ ERROR 1194 ‐‐‐

Multicast application %s not supported Multicast ‐‐‐ INFO 696 ‐‐‐

Multicast packet dropped, Invalid src IP

received on interface : %s

Multicast ‐‐‐ ALERT 685 ‐‐‐

Multicast packet dropped, wrong MAC

address received on interface : %s

Multicast ‐‐‐ ALERT 684 ‐‐‐

Multicast TCP packet dropped Multicast ‐‐‐ NOTICE 691 ‐‐‐


Multicast UDP packet dropped, no state

entry


Multicast UDP packet dropped, RTCP

stateful failed

Multicast ‐‐‐ WARNING 695 ‐‐‐

Multicast UDP packet dropped, RTP

stateful failed

Multicast ‐‐‐ WARNING 694 ‐‐‐

Multiple DHCP Servers are detected on

network


Name Resolution for Syslog or GMS

failed.


NAT device may not support IPsec AH

pass‐through

VPN IPsec Maintenance INFO 266 ‐‐‐

NAT Discovery : No NAT/NAPT device

detected between IPsec Security

gateways


NAT Discovery : Local IPsec Security

Gateway behind a NAT/NAPT Device


NAT Discovery : Peer IPsec Security

Gateway behind a NAT/NAPT Device


NAT Discovery : Peer IPsec Security

Gateway doesn't support VPN NAT

Traversal


Nat Mapping Network Access ‐‐‐ NOTICE 1197 ‐‐‐

NAT policy added ‐‐‐ ‐‐‐ INFO 1313 ‐‐‐

NAT policy deleted ‐‐‐ ‐‐‐ INFO 1315 ‐‐‐

NAT policy modified ‐‐‐ ‐‐‐ INFO 1314 ‐‐‐

NAT translated packet exceeds size

limit, packet dropped

Network Debug DEBUG 339 ‐‐‐

Ndpp SelfTest write/read encrypt/

decrypt failure

‐‐‐ Maintenance ALERT 1300 ‐‐‐

Ndpp SelfTest write/read encrypt/

decrypt successsfully

‐‐‐ Maintenance ALERT 1299 ‐‐‐

Net Spy attack dropped Intrusion

Detection

Attack ALERT 74 513

NetBIOS settings were not upgraded.

Use Network>IP Helper to configure

NetBIOS support


NetBus attack dropped Intrusion

Detection

Attack ALERT 72 511

Network for interface %s overlaps with

another interface.


Network Modem Mode Disabled: re‐

enabling NAT

PPP Dial‐UP Maintenance INFO 531 ‐‐‐

| 31

Network Modem Mode Enabled:

turning off NAT


Network Monitor Policy %s Added Network

Monitor

‐‐‐ INFO 1104 ‐‐‐

Network Monitor Policy %s Deleted Network

Monitor

‐‐‐ INFO 1105 ‐‐‐

Network Monitor Policy %s Modified Network

Monitor

‐‐‐ INFO 1106 ‐‐‐

Network Monitor: Host %s is offline Network

Monitor

‐‐‐ ALERT 706 14005

Network Monitor: Host %s is online Network

Monitor

‐‐‐ ALERT 707 14006

Network Monitor: Host %s status is

UNKNOWN

Network

Monitor

‐‐‐ ALERT 1103 14004

Network Monitor: Policy %s status is

DOWN

Network

Monitor

‐‐‐ ALERT 1101 14002

Network Monitor: Policy %s status is

UNKNOWN

Network

Monitor

‐‐‐ ALERT 1102 14003

Network Monitor: Policy %s status is UP Network

Monitor

‐‐‐ ALERT 1100 14001

Network Security Appliance activated Firewall Event Maintenance ALERT 4 ‐‐‐

Network Security Appliance initializing Firewall Event Maintenance INFO 521 ‐‐‐

New firmware available. Firewall Event Maintenance INFO 198 ‐‐‐

New URL List loaded Security

Services


Newsgroup access allowed Network Access Blocked Sites NOTICE 17 704

Newsgroup access denied Network Access Blocked Sites NOTICE 15 702

No Certificate for VPN PKI User Activity ALERT 280 ‐‐‐

No DNS response to domain ‐ %s Security

Services

‐‐‐ DEBUG 1238 ‐‐‐

No HOST tag found in HTTP Request Network Access Debug DEBUG 52 ‐‐‐

No new URL List available Security

Services


No response from ISP Disconnecting

PPPoE.


No response from PPTP server to call

requests


No response from PPTP server to

control connection requests


No response from server to Echo

Requests, disconnecting PPTP Tunnel


No response received from DNS server Anti‐Spam ‐‐‐ DEBUG 1142 ‐‐‐

No valid DNS server specified for GRID

lookups

Anti‐Spam ‐‐‐ ERROR 1094 13812


No valid DNS server specified for RBL

lookups

RBL ‐‐‐ ERROR 800 ‐‐‐

Non‐config mode GUI administration

session started

Authentication

Access


Not all configurations may have been

completely upgraded


Not blacklisted as per configuration Anti‐Spam ‐‐‐ DEBUG 1143 ‐‐‐

Not Blacklisted by domain ‐ %s Security

Services

‐‐‐ DEBUG 1237 ‐‐‐

Not enough memory to hold the CRL VPN PKI User Activity WARNING 272 ‐‐‐

NTP Request sent ‐‐‐ UDP NOTICE 1232 ‐‐‐

Obtained Relay IP Table from Remote

Gateway


OCSP Failed to Resolve Domain Name. VPN PKI User Activity ERROR 853 ‐‐‐

OCSP Internal error handling received

response.

VPN PKI User Activity ERROR 854 ‐‐‐

OCSP received response error. VPN PKI User Activity ERROR 851 ‐‐‐

OCSP received response. VPN PKI User Activity INFO 850 ‐‐‐

OCSP Resolved Domain Name. VPN PKI User Activity INFO 852 ‐‐‐

OCSP send request message failed. VPN PKI User Activity ERROR 849 ‐‐‐

OCSP sending request. VPN PKI User Activity INFO 848 ‐‐‐

On HA peer firewall, Interface %s Link Is

Down

High Availability System Error ALERT 1206 ‐‐‐

On HA peer firewall, Interface %s Link Is

Up


Outbound connection to GRID‐listed

SMTP server dropped

Anti‐Spam ‐‐‐ NOTICE 1091 13809

Outbound connection to RBL‐listed

SMTP server dropped

RBL ‐‐‐ NOTICE 797 ‐‐‐

Out‐of‐order command packet dropped Network Access Debug DEBUG 48 ‐‐‐

Overriding Product Code Upgrade to:

%s


Packet allowed by ACL Network ‐‐‐ INFO 1235 ‐‐‐

Packet destination not in VPN Access list VPN IPsec Attack ERROR 648 572

Packet Dropped ‐ IP TTL expired Network Debug WARNING 910 ‐‐‐

Packet dropped by guest check Network Access TCP | UDP |

ICMP


Packet dropped by wireless Advanced

IDP

‐‐‐ TCP | UDP |

ICMP


Packet dropped by WLAN SSL VPN

enforcement check


ICMP


Packet dropped by WLAN VPN traversal

check


ICMP


| 33

Packet dropped. No firewall rule

associated with VPN policy.

VPN System Error ALERT 739 ‐‐‐

Packet dropped; connection limit for

this destination IP address has been

reached

Firewall Event System Error ALERT 647 5239

Packet dropped; connection limit for

this source IP address has been reached

Firewall Event System Error ALERT 646 5238

Packet is dropped due to NDPP rules. Network Access Debug ALERT 1304 ‐‐‐

Payload processing failed VPN IKE Debug ERROR 616 ‐‐‐

PC Card inserted. Firewall

Hardware

‐‐‐ ALERT 1054 5419

PC Card removed. Firewall

Hardware

‐‐‐ ALERT 1053 5418

PC Card: No device detected Firewall

Hardware

‐‐‐ ALERT 1056 ‐‐‐

Peer firewall has equivalent link status.

In event of failover, it will operate with

equal capability.


Peer firewall has reduced link status. In

event of failover, it will operate with

limited capability.


Peer firewall rebooting (%s) High Availability ‐‐‐ INFO 1057 ‐‐‐

Peer HA firewall has stateful license but

this firewall is not yet registered


Physical environment normal Firewall

Hardware

‐‐‐ INFO 1042 5424

Physical interface utilization is greater

than 80% of the maximum rated

tolerance(for the interface)for more

than 10 seconds.

Firewall

Hardware

‐‐‐ ALERT 1247 17001

Ping of death dropped Intrusion

Detection

Attack ALERT 22 501

PKI Error: VPN PKI Maintenance ERROR 417 ‐‐‐

PKI Failure VPN PKI Maintenance ERROR 447 ‐‐‐

PKI Failure: CA certificates store

exceeded. Cannot verify this Local

Certificate

VPN PKI Maintenance ERROR 453 ‐‐‐

PKI Failure: Cannot allocate memory VPN PKI Maintenance ERROR 449 ‐‐‐

PKI Failure: Certificate's ID does not

match this Network Security Appliance


PKI Failure: Duplicate local certificate VPN PKI Maintenance ERROR 458 ‐‐‐

PKI Failure: Duplicate local certificate

name


PKI Failure: Import failed VPN PKI Maintenance ERROR 451 ‐‐‐


PKI Failure: Improper file format. Please

select PKCS#12 (*.p12) file


PKI Failure: Incorrect admin password VPN PKI Maintenance ERROR 452 ‐‐‐

PKI Failure: Internal error VPN PKI Maintenance ERROR 460 ‐‐‐

PKI Failure: Loaded but could not verify

certificate


PKI Failure: Loaded the certificate but

could not verify its chain


PKI Failure: No CA certificates yet

loaded


PKI Failure: Output buffer too small VPN PKI Maintenance ERROR 448 ‐‐‐

PKI Failure: public‐private key mismatch VPN PKI Maintenance ERROR 456 ‐‐‐

PKI Failure: Reached the limit for local

certificates, cant load any more


PKI Failure: Temporary memory

shortage, try again


PKI Failure: The certificate chain has no

root


PKI Failure: The certificate chain is

circular


PKI Failure: The certificate chain is

incomplete


PKI Failure: The certificate or a

certificate in the chain has a bad

signature



certificate in the chain has a validity

period in the future



certificate in the chain has expired



certificate in the chain is corrupt


Please connect interface %s to another

network to function properly


Please manually check all system

configurations for correctness of

Upgrade


Port configured to receive IPsec

protocol ONLY; drop packet received in

the clear

Network Access TCP | UDP |

ICMP


Possible DNS rebind attack detected Intrusion

Detection

‐‐‐ ALERT 1098 6465

Possible FIN Flood on IF %s Intrusion

Detection


| 35

Possible FIN Flood on IF %s continues Intrusion

Detection


Possible FIN Flood on IF %s has ceased Intrusion

Detection


Possible ICMP flood attack detected Intrusion

Detection


Possible port scan detected Intrusion

Detection

Attack ALERT 82 521

Possible RST Flood on IF %s Intrusion

Detection


Possible RST Flood on IF %s continues Intrusion

Detection


Possible RST Flood on IF %s has ceased Intrusion

Detection


Possible SYN flood attack detected Intrusion

Detection

Attack WARNING 25 503

Possible SYN flood detected on WAN IF

%s ‐ switching to connection‐proxy

mode

Intrusion

Detection


Possible SYN Flood on IF %s Intrusion

Detection


Possible SYN Flood on IF %s continues Intrusion

Detection


Possible SYN Flood on IF %s has ceased Intrusion

Detection


Possible UDP flood attack detected Intrusion

Detection


Power supply without redundancy Firewall

Hardware

‐‐‐ ERROR 1043 5425

PPP Dial‐Up: Connect request canceled PPP Dial‐UP User Activity INFO 306 ‐‐‐

PPP Dial‐Up: Connected at %s bps ‐

starting PPP

PPP Dial‐UP User Activity INFO 286 ‐‐‐

PPP Dial‐Up: Connection disconnected

as scheduled.


PPP Dial‐Up: Dial initiated by %s PPP Dial‐UP Maintenance INFO 324 ‐‐‐

PPP Dial‐Up: Dialed number did not

answer


PPP Dial‐Up: Dialed number is busy PPP Dial‐UP User Activity INFO 284 ‐‐‐

PPP Dial‐Up: Dialing not allowed by

schedule. %s


PPP Dial‐Up: Dialing: %s PPP Dial‐UP User Activity INFO 281 ‐‐‐

PPP Dial‐Up: Failed to get IP address PPP Dial‐UP Module INFO 298 ‐‐‐

PPP Dial‐Up: Idle time limit exceeded ‐

disconnecting


PPP Dial‐Up: Initialization : %s PPP Dial‐UP User Activity INFO 303 ‐‐‐


PPP Dial‐Up: Invalid DNS IP address

returned from Dial‐Up ISP; overriding

using dial‐up profile settings


PPP Dial‐Up: Link carrier lost PPP Dial‐UP User Activity INFO 288 ‐‐‐

PPP Dial‐Up: Manual intervention

needed. Check Primary Profile or Profile

details


PPP Dial‐Up: Maximum connection time

exceeded ‐ disconnecting


PPP Dial‐Up: No dial tone detected ‐

check phone‐line connection


PPP Dial‐Up: No link carrier detected ‐

check phone number


PPP Dial‐Up: No peer IP address from

Dial‐Up ISP, local and remote IPs will be

the same


PPP Dial‐Up: PPP link down PPP Dial‐UP User Activity INFO 301 ‐‐‐

PPP Dial‐Up: PPP link established PPP Dial‐UP User Activity INFO 300 ‐‐‐

PPP Dial‐Up: PPP negotiation failed ‐

disconnecting


PPP Dial‐Up: Previous session was

connected for %s


PPP Dial‐Up: Received new IP address PPP Dial‐UP User Activity INFO 299 ‐‐‐

PPP Dial‐Up: Shutting down link PPP Dial‐UP User Activity INFO 302 ‐‐‐

PPP Dial‐Up: Starting PPP PPP Dial‐UP ‐‐‐ INFO 1037 ‐‐‐

PPP Dial‐Up: Startup without Ethernet

cable, will try to dial on outbound

trApplication Firewallfic


PPP Dial‐Up: The profile in use disabled

VPN networking.


PPP Dial‐Up: Trying to failover but

Alternate Profile is manual

WAN Failover User Activity INFO 434 ‐‐‐

PPP Dial‐Up: Trying to failover but

Primary Profile is manual


PPP Dial‐Up: Unknown dialing failure PPP Dial‐UP User Activity INFO 287 ‐‐‐

PPP Dial‐Up: User requested connect PPP Dial‐UP User Activity INFO 305 ‐‐‐

PPP Dial‐Up: User requested disconnect PPP Dial‐UP User Activity INFO 304 ‐‐‐

PPP Dial‐Up: VPN networking restored. PPP Dial‐UP Maintenance INFO 331 ‐‐‐

PPP message: %s PPP ‐‐‐ INFO 1018 ‐‐‐

PPP: Authentication successful PPP ‐‐‐ INFO 289 ‐‐‐

PPP: CHAP authentication failed ‐ check

username / password

PPP ‐‐‐ INFO 291 ‐‐‐

PPP: MS‐CHAP authentication failed ‐

check username / password

PPP ‐‐‐ INFO 292 ‐‐‐

| 37

PPP: PAP Authentication failed ‐ check

username / password

PPP ‐‐‐ INFO 290 ‐‐‐

PPP: Starting CHAP authentication PPP ‐‐‐ INFO 294 ‐‐‐

PPP: Starting MS‐CHAP authentication PPP ‐‐‐ INFO 293 ‐‐‐

PPP: Starting PAP authentication PPP ‐‐‐ INFO 295 ‐‐‐

PPPoE terminated PPPoE Maintenance INFO 130 ‐‐‐

PPPoE CHAP Authentication Failed PPPoE Maintenance INFO 136 ‐‐‐

PPPoE Client: Previous session was

connected for %s


PPPoE discovery process complete PPPoE Maintenance INFO 133 ‐‐‐

PPPoE enabled but not ready PPPoE Maintenance INFO 499 ‐‐‐

PPPoE LCP Link Down PPPoE Maintenance INFO 129 ‐‐‐

PPPoE LCP Link Up PPPoE Maintenance INFO 128 ‐‐‐

PPPoE Network Connected PPPoE Maintenance INFO 131 ‐‐‐

PPPoE Network Disconnected PPPoE Maintenance INFO 132 ‐‐‐

PPPoE PAP Authentication Failed PPPoE Maintenance INFO 137 ‐‐‐

PPPoE PAP Authentication Failed.

Please verify PPPoE username and

password


PPPoE PAP Authentication success. PPPoE Maintenance INFO 166 ‐‐‐

PPPoE password changed by

Administrator

Authentication

Access


PPPoE starting CHAP Authentication PPPoE Maintenance INFO 134 ‐‐‐

PPPoE starting PAP Authentication PPPoE Maintenance INFO 135 ‐‐‐

PPPoE user name changed by

Administrator

Authentication

Access


PPTP enabled but not ready PPTP Maintenance INFO 501 ‐‐‐

PPTP CHAP Authentication Failed.

Please verify PPTP username and

password


PPTP Connect Initiated by the User PPTP Maintenance INFO 390 ‐‐‐

PPTP Control Connection Established PPTP Maintenance INFO 378 ‐‐‐

PPTP Control Connection Negotiation

Started


PPTP decode failure PPTP Debug DEBUG 596 ‐‐‐

PPTP Disconnect Initiated by the User PPTP Maintenance INFO 388 ‐‐‐

PPTP LCP Down PPTP Maintenance INFO 383 ‐‐‐

PPTP LCP Up PPTP Maintenance INFO 387 ‐‐‐

PPTP Max Retransmission Exceeded PPTP Maintenance INFO 377 ‐‐‐

PPTP packet dropped Network Access TCP | UDP |

ICMP

NOTICE 39 ‐‐‐

PPTP PAP Authentication Failed PPTP Maintenance INFO 395 ‐‐‐

PPTP PAP Authentication Failed. Please

verify PPTP username and password



PPTP PAP Authentication success. PPTP Maintenance INFO 396 ‐‐‐

PPTP PPP Authentication Failed PPTP Maintenance INFO 386 ‐‐‐

PPTP PPP Down PPTP Maintenance INFO 385 ‐‐‐

PPTP PPP link down PPTP Maintenance INFO 391 ‐‐‐

PPTP PPP Link down PPTP Maintenance INFO 399 ‐‐‐

PPTP PPP Link Finished PPTP Maintenance INFO 400 ‐‐‐

PPTP PPP Link Up PPTP Maintenance INFO 398 ‐‐‐

PPTP PPP Negotiation Started PPTP Maintenance INFO 382 ‐‐‐

PPTP PPP Session Up PPTP Maintenance INFO 384 ‐‐‐

PPTP Server is not responding, check if

the server is UP and running.


PPTP server rejected control connection PPTP Maintenance INFO 432 ‐‐‐

PPTP server rejected the call request PPTP Maintenance INFO 433 ‐‐‐

PPTP Session Disconnect from Remote PPTP Maintenance INFO 381 ‐‐‐

PPTP Session Established PPTP Maintenance INFO 380 ‐‐‐

PPTP Session Negotiation Started PPTP Maintenance INFO 376 ‐‐‐

PPTP starting CHAP Authentication PPTP Maintenance INFO 392 ‐‐‐

PPTP starting PAP Authentication PPTP Maintenance INFO 393 ‐‐‐

PPTP Tunnel Disconnect from Remote PPTP Maintenance INFO 379 ‐‐‐

Primary firewall has transitioned to

Active

High Availability Maintenance ALERT 144 ‐‐‐

Primary firewall has transitioned to Idle High Availability System Error ALERT 146 614

Primary firewall preempting Secondary High Availability System Error ERROR 153 620

Primary firewall rebooting itself as it

transitioned from Active to Idle while

Preempt

High Availability ‐‐‐ INFO 1058 ‐‐‐

Primary missed heartbeats from

Secondary


Primary received error signal from

Secondary


Primary received heartbeat from wrong

source


Primary received reboot signal from

Secondary


Primary WAN link down, Primary going

Idle


Primary WAN link down, Secondary

going Active


Primary WAN link up, preempting

Secondary


Priority attack dropped Intrusion

Detection

Attack ALERT 79 518

Probable port scan detected Intrusion

Detection

Attack ALERT 83 522

| 39

Probable TCP FIN scan detected Intrusion

Detection


Probable TCP NULL scan detected Intrusion

Detection


Probable TCP XMAS scan detected Intrusion

Detection


Probe Response Failure ‐ %s Anti‐Spam ‐‐‐ DEBUG 1132 ‐‐‐

Probe Response Success ‐ %s Anti‐Spam ‐‐‐ DEBUG 1131 ‐‐‐

Probing failure on %s WAN Failover System Error ALERT 326 637

Probing succeeded on %s WAN Failover System Error ALERT 436 638

Problem loading the URL List; Appliance

not registered.

Security

Services


Problem loading the URL List; check

Filter settings

Security

Services


Problem loading the URL List; check

your DNS server

Security

Services


Problem loading the URL List; Flash

write failure.

Security

Services


Problem loading the URL List; Retrying

later.

Security

Services


Problem loading the URL List;

SubscRIPtion expired.

Security

Services


Problem loading the URL List; Try

loading it again.

Security

Services


Problem occurred during user group

membership retrieval

Authentication

Access


Problem sending log email; check log

settings

Firewall Logging System Error WARNING 12 604

Processed Email received from Email

Security Service


Product maximum entries reached ‐ %s Firewall Event Maintenance ALERT 1196 ‐‐‐

RADIUS user cannot use One Time

Password ‐ no mail address set for

equivalent local user

Authentication

Access


RBL DNS server responded with error

code ‐ %s

Security

Services

‐‐‐ DEBUG 1239 ‐‐‐

Read‐only mode GUI administration

session started

Authentication

Access


Real time clock battery failure Time

values may be incorrect

Firewall

Hardware

System Error WARNING 539 644

Received a path MTU ICMP message

from router/gateway

Network User Activity INFO 182 ‐‐‐

Received a path MTU ICMP message

from router/gateway

Network User Activity INFO 188 ‐‐‐


Received Alert: Your Firewall Botnet

Filter subscRIPtion has expired.

Security

Services

Security

Services


Received Alert: Your Visualization

Control subscRIPtion has expired.

Security

Services

‐‐‐ WARNING 1159 ‐‐‐

Received Application Firewall Alert:

Your Application Firewall (Application

Firewall) subscRIPtion has expired.

Security

Services


Received AV Alert: %s Security

Services


Received AV Alert: Your Network Anti‐

Virus subscRIPtion has expired. %s

Security

Services


Received AV Alert: Your Network Anti‐

Virus subscRIPtion will expire in 7 days.

%s

Security

Services


Received Blacklisted Directive from ‐ %s Security

Services

‐‐‐ DEBUG 1236 ‐‐‐

Received CFS Alert: Your Content

Filtering subscRIPtion has expired.

Security

Services


Received CFS Alert: Your Content

Filtering subscRIPtion will expire in 7

days.

Security

Services


Received DHCP offer packet has errors DHCP Client Maintenance INFO 588 ‐‐‐

Received E‐Mail Filter Alert: Your E‐Mail

Filtering subscRIPtion has expired.

Security

Services


Received E‐Mail Filter Alert: Your E‐Mail

Filtering subscRIPtion will expire in 7

days.

Security

Services


Received fragmented packet or

fragmentation needed


Received IKE SA delete request VPN IKE User Activity INFO 413 ‐‐‐

Received IPS Alert: Your Intrusion

Prevention (IDP) subscRIPtion has

expired.

Security

Services


Received IPsec SA delete request VPN IKE User Activity INFO 412 ‐‐‐

Received ISAKMP packet destined to

port %s

VPN IKE Debug | UDP INFO 607 ‐‐‐

Received LCP Echo Reply PPPoE Maintenance INFO 723 ‐‐‐

Received LCP Echo Request PPPoE Maintenance INFO 721 ‐‐‐

Received notify.

NO_PROPOSAL_CHOSEN


Received notify: INVALID_COOKIES VPN IKE User Activity INFO 414 ‐‐‐

Received notify: INVALID_ID_INFO VPN IPsec User Activity WARNING 483 ‐‐‐

Received notify: INVALID_PAYLOAD VPN IKE User Activity ERROR 661 ‐‐‐

Received notify: INVALID_SPI VPN IKE User Activity INFO 416 ‐‐‐

| 41

Received notify: ISAKMP_AUTH_FAILED VPN IKE User Activity WARNING 409 ‐‐‐

Received notify:

PAYLOAD_MALFORMED


Received notify: RESPONDER_LIFETIME VPN IKE User Activity INFO 415 ‐‐‐

Received packet retransmission. Drop

duplicate packet


Received PPPoE Active Discovery Offer PPPoE Maintenance INFO 593 ‐‐‐

Received PPPoE Active Discovery

Session_confirmation


Received response packet for DHCP

request has errors


Received unauthenticated GRID

response


Received unencrypted packet in crypto

active state


Registration Update Needed, Please

restore your existing security service

subscRIPtions.

Security

Services

Maintenance WARNING 496 ‐‐‐

Regulatory requirements prohibit %s

from being re‐dialed for 30 minutes

PPP Dial‐UP Attack ERROR 592 567

Released IP address %s DHCP Server ‐‐‐ INFO 1111 ‐‐‐

Remote WAN Acceleration device

started responding to probes

Bandwidth

Optimization

‐‐‐ WARNING 1175 ‐‐‐

Remote WAN Acceleration device

stopped responding to probes

Bandwidth

Optimization

‐‐‐ WARNING 1174 ‐‐‐


ended. Valid WAN bound data found.

Normal dial‐up sequence will

commence

Authentication

Access



started. Requesting authentication

Authentication

Access


Removed a member from an LDAP

mirror user group

RADIUS ‐‐‐ INFO 1193 ‐‐‐

Removed host entry from dynamic

address object

Dynamic

Address Objects


Request for Relay IP Table from Central

Gateway


Requesting CRL from VPN PKI User Activity INFO 269 ‐‐‐

Requesting Relay IP Table from Remote

Gateway


Resolved ES Cloud ‐ %s Anti‐Spam ‐‐‐ DEBUG 1146 ‐‐‐

Responder from country blocked: %s GeoIP GeoIP ALERT 1199 ‐‐‐

Restarting Network Security Appliance;

dumping log to email



Retransmitting DHCP DISCOVER. DHCP Client Maintenance INFO 99 ‐‐‐

Retransmitting DHCP Request

(Rebinding).



(Rebooting).



(Renewing).



(Requesting).



(Verifying).


RIP Broadcasts for LAN Network %s are

being broadcast over dialup‐connection

RIP Maintenance INFO 571 8413

RIP disabled on DMZ interface RIP Maintenance INFO 423 8405

RIP disabled on interface %s RIP Maintenance INFO 419 8401

RIP disabled on WAN interface RIP Maintenance INFO 552 8409

RIPper attack dropped Intrusion

Detection

Attack ALERT 76 515

RIPv1 enabled on DMZ interface RIP Maintenance INFO 424 8406

RIPv1 enabled on interface %s RIP Maintenance INFO 420 8402

RIPv1 enabled on WAN interface RIP Maintenance INFO 553 8410

RIPv2 compatibility (broadcast) mode

enabled on DMZ interface



enabled on interface %s



enabled on WAN interface


RIPv2 enabled on DMZ interface RIP Maintenance INFO 425 8407

RIPv2 enabled on interface %s RIP Maintenance INFO 421 8403

RIPv2 enabled on WAN interface RIP Maintenance INFO 554 8411

Router IGMP General query received on

interface %s


Router IGMP Membership query

received on interface %s


RST Flood Blacklist on IF %s continues Intrusion

Detection


RST‐Flooding machine %s blacklisted Intrusion

Detection


SA is disabled. Check VPN SA settings VPN IKE User Activity INFO 407 ‐‐‐

SCEP Client: %s VPN PKI ‐‐‐ NOTICE 1097 ‐‐‐

Secondary active High Availability System Error INFO 825 ‐‐‐

Secondary firewall being preempted by

Primary


| 43

Secondary firewall has transitioned to

Active


Secondary firewall has transitioned to

Idle


Secondary firewall rebooting itself as it

transitioned from Active to Idle while

Preempt

High Availability ‐‐‐ INFO 1059 ‐‐‐

Secondary going Active in preempt

mode Application Firewallter reboot


Secondary missed heartbeats from

Primary


Secondary received error signal from

Primary


Secondary received heartbeat from

wrong source


Secondary received reboot signal from

Primary


Secondary shut down because license is

expired

High Availability System Error ERROR 824 ‐‐‐

Secondary WAN link down, Primary

going Active


Secondary will be shut down in %s

minutes

High Availability System Error ERROR 823 ‐‐‐

Sending DHCP DISCOVER. DHCP Client Maintenance INFO 105 ‐‐‐

Sending DHCP RELEASE. DHCP Client Maintenance INFO 122 ‐‐‐

Sending DHCP Request (Rebinding). DHCP Client Maintenance INFO 116 ‐‐‐

Sending DHCP Request (Rebooting). DHCP Client Maintenance INFO 117 ‐‐‐

Sending DHCP Request (Renewing). DHCP Client Maintenance INFO 115 ‐‐‐

Sending DHCP Request (Verifying). DHCP Client Maintenance INFO 118 ‐‐‐

Sending DHCP Request. DHCP Client Maintenance INFO 108 ‐‐‐

Sending LCP Echo Reply PPPoE Maintenance INFO 722 ‐‐‐

Sending LCP Echo Request PPPoE Maintenance INFO 720 ‐‐‐

Sending PPPoE Active Discovery

Request


Senna Spy attack dropped Intrusion

Detection

Attack ALERT 78 517

Sent Relay IP Table to Central Gateway DHCP Relay Maintenance INFO 232 ‐‐‐

Settings Import: %s Firewall Event ‐‐‐ INFO 1049 ‐‐‐

SIP Register expiration exceeds

configured Signaling inactivity time out

VoIP VoIP WARNING 645 ‐‐‐

SIP Request VoIP VoIP DEBUG 643 ‐‐‐

SIP Response VoIP VoIP DEBUG 644 ‐‐‐

SMTP authentication problem:%s Firewall Logging System Error WARNING 737 ‐‐‐


SMTP connection limit is reached.

Connection is dropped.

Anti‐Spam ‐‐‐ WARNING 1087 13806

SMTP POP‐Before‐SMTP authentication

failed

Firewall Logging System Error WARNING 656 ‐‐‐

SMTP server found on RBL blacklist RBL ‐‐‐ NOTICE 799 ‐‐‐

SMTP server found on Reject List Anti‐Spam ‐‐‐ NOTICE 1093 13811

Smurf Amplification attack dropped Intrusion

Detection

Attack ALERT 81 520

SNMP Packet Dropped ‐‐‐ ‐‐‐ INFO 1225 ‐‐‐

SonicPoint association posted

successfully to License Manager


SonicPoint association request to

License Manager failed: %s


SonicPoint Provision SonicPoint SonicPoint INFO 727 ‐‐‐

SonicPoint statistics report GMS ‐‐‐ INFO 806 ‐‐‐

SonicPoint Status SonicPoint SonicPoint INFO 667 ‐‐‐

SonicPointN Provision SonicPointN ‐‐‐ INFO 1078 ‐‐‐

SonicPointN Status SonicPointN ‐‐‐ INFO 1077 ‐‐‐

Source IP address connection status: %s Firewall Event ‐‐‐ INFO 734 ‐‐‐

Source IPv6 address is unspecified but

this packet is not Neighbor Solicitation

message for DAD. Packet is dropped


Source or Destination IPv6 address is

reserved by RFC 4291. Packet is

dropped


Source routed IP packet dropped Intrusion

Detection


Spank attack multicast packet dropped Intrusion

Detection


SSL Control: Certificate chain not

complete

Network Access Blocked Sites INFO 1006 ‐‐‐

SSL Control: Certificate with invalid date Network Access Blocked Sites INFO 1002 ‐‐‐

SSL Control: Certificate with MD5 Digest

Signature Algorithm


SSL Control: Failed to decode Server

Hello


SSL Control: HTTPS via SSL2 Network Access Blocked Sites INFO 1001 ‐‐‐

SSL Control: Self‐signed certificate Network Access Blocked Sites INFO 1003 ‐‐‐

SSL Control: Untrusted CA Network Access Blocked Sites INFO 1005 ‐‐‐

SSL Control: Weak cipher being used Network Access Blocked Sites INFO 1004 ‐‐‐

SSL Control: Website found in blacklist Network Access Blocked Sites INFO 999 ‐‐‐

SSL Control: Website found in whitelist Network Access Blocked Sites INFO 1000 ‐‐‐

SSL VPN enforcement Wireless Maintenance INFO 733 ‐‐‐

| 45

SSL VPN TrApplication Firewallfic SslVPN Connection

Traffic

AppFirewall

FIC

INFO 1153 ‐‐‐

SSL VPN zone remote user login allowed Authentication

Access

‐‐‐ INFO 1080 ‐‐‐

SSO agent is down CIA User Activity ALERT 1075 ‐‐‐

SSO agent is up CIA User Activity ALERT 1076 ‐‐‐

SSO agent returned domain name too

long

CIA User Activity WARNING 993 ‐‐‐

SSO agent returned error CIA User Activity WARNING 1073 ‐‐‐

SSO agent returned user name too long CIA User Activity WARNING 992 ‐‐‐

Starting IKE negotiation VPN IKE User Activity INFO 90 ‐‐‐

Starting PPPoE discovery PPPoE Maintenance INFO 127 ‐‐‐

Status GMS Maintenance INFO 96 ‐‐‐

Striker attack dropped Intrusion

Detection

Attack ALERT 77 516

Sub Seven attack dropped Intrusion

Detection

Attack ALERT 75 514

Succeed in updating time from NTP

server

‐‐‐ UDP NOTICE 1231 ‐‐‐

Success to reach Interface %s probe High Availability System Error INFO 674 ‐‐‐

Successful authentication received for

Remotely Triggered Dial‐out

Authentication

Access


Successfully sent %s file to remote

backup server


Successfully sent Preference file to

remote backup server


Successfully sent TSR file to remote

backup server


Suspected Botnet initiator blocked: %s Botnet Botnet ALERT 1200 ‐‐‐

Suspected Botnet responder blocked:

%s

Botnet Botnet ALERT 1201 ‐‐‐

SYN Flood Blacklist on IF %s continues Intrusion

Detection


SYN Flood blacklisting disabled by user Intrusion

Detection


SYN Flood blacklisting enabled by user Intrusion

Detection


SYN flood ceased or flooding machines

blacklisted ‐ connection proxy disabled

Intrusion

Detection


SYN Flood Mode changed by user to:

Always proxy WAN connections

Intrusion

Detection




Watch and proxy WAN connections

when under attack

Intrusion

Detection



Watch and report possible SYN floods

Intrusion

Detection


Synchronizing preferences to HA Peer

Firewall


SYN‐Flooding machine %s blacklisted Intrusion

Detection


Syslog Server cannot be reached Network Maintenance INFO 657 ‐‐‐

System clock manually updated Firewall Logging ‐‐‐ NOTICE 881 ‐‐‐

System shutdown by administrator.

Power cycle required.

Firewall Event ‐‐‐ ALERT 1067 5242

TCP checksum error; packet dropped Network Access TCP NOTICE 884 ‐‐‐

TCP connection abort received; TCP

connection dropped


TCP connection dropped Network Access TCP NOTICE 36 ‐‐‐

TCP connection from LAN denied Network Access LanTCP NOTICE 173 ‐‐‐

TCP connection reject received; TCP

connection dropped


TCP FIN packet dropped Network Debug DEBUG 181 ‐‐‐

TCP handshake violation detected; TCP

connection dropped

Network Access ‐‐‐ NOTICE 760 ‐‐‐

TCP packet received on a closing

connection; TCP packet dropped


TCP packet received on non‐existent/

closed connection; TCP packet dropped


TCP packet received with invalid ACK

number; TCP packet dropped


TCP packet received with invalid header

length; TCP packet dropped


TCP packet received with invalid MSS

option length; TCP packet dropped


TCP packet received with invalid option

length; TCP packet dropped


TCP packet received with invalid SACK

option length; TCP packet dropped


TCP packet received with invalid SEQ

number; TCP packet dropped


TCP packet received with invalid source

port; TCP packet dropped


TCP packet received with invalid SYN

Flood cookie; TCP packet dropped

Network Debug INFO 897 ‐‐‐

| 47

TCP packet received with invalid

Window Scale option length; TCP packet

dropped


TCP packet received with invalid

Window Scale option value; TCP packet

dropped


TCP packet received with non‐

permitted option; TCP packet dropped


TCP packet received with SYN flag on an

existing connection; TCP packet

dropped


TCP packet received without mandatory

ACK flag; TCP packet dropped


TCP packet received without mandatory

SYN flag; TCP packet dropped


TCP stateful inspection: Bad header;

TCP packet dropped


TCP stateful inspection: Invalid flag; TCP

packet dropped


TCP SYN received Intrusion

Detection

Debug DEBUG 869 ‐‐‐

TCP SYN/FIN packet dropped Network Access Attack ALERT 580 558

TCP Xmas Tree dropped Intrusion

Detection


Terminal Services agent is down CIA User Activity ALERT 1150 ‐‐‐

Terminal Services agent is up CIA User Activity ALERT 1151 ‐‐‐

The cache is full; %u open connections;

some will be droppedlogstrCode


The current WAN interface is not ready

to route packets.


The High Availability monitoring IP

configuration of Interface %s is

incorrect.

High Availability User Activity ERROR 1126 ‐‐‐

The loaded content URL List has

expired.

Security

Services


The network connection in use is %s WAN Failover System Error WARNING 307 639

The preferences file is too large to be

saved in available flash memory


The stateful license of HA peer firewall

is not activated


Thermal Red Firewall

Hardware

System

Environment

ALERT 578 104

Thermal Red Timer Exceeded Firewall

Hardware

System

Environment

ALERT 579 105


Thermal Yellow Firewall

Hardware

System

Environment

ALERT 577 103

Time of day settings for firewall policies

were not upgraded.


Too many gratuitous ARPs detected Network ‐‐‐ WARNING 815 ‐‐‐

Total firewall throughput is greater than

50% of the maximum rated tolerance

for more than 10 seconds.

Firewall

Hardware

‐‐‐ ALERT 1251 17005

UDP checksum error; packet dropped Network Access UDP NOTICE 885 ‐‐‐

UDP packet dropped Network Access UDP NOTICE 37 ‐‐‐

UDP packet from LAN dropped Network Access LAN UDP |

LAN TCP


Unable to resolve dynamic address

object

Dynamic

Address Objects


Unable to send message to dial‐up task PPP Dial‐UP System Error ERROR 1024 ‐‐‐

Unhandled link‐local or multicast IPv6

packet dropped

‐‐‐ Debug ALERT 1233 ‐‐‐

Unknown IPsec SPI VPN IPsec Attack ERROR 66 507

Unknown protocol dropped Network Access Debug NOTICE 41 ‐‐‐

Unknown reason VPN PKI User Activity ERROR 275 ‐‐‐

Unprocessed email received from MTA

on Inbound SMTP port


Updated ES Cloud Address ‐ %s Anti‐Spam ‐‐‐ DEBUG 1147 ‐‐‐

User account '%s' expired and disabled Authentication

Access


User account '%s' expired and pruned Authentication

Access


User logged out Authentication

Access


User logged out ‐ inactivity timer

expired

Authentication

Access


User logged out ‐ logout detected by

SSO

Authentication

Access


User logged out ‐ logout reported by

Terminal Services agent

Authentication

Access


User logged out ‐ max session time

exceeded

Authentication

Access


User logged out ‐ user disconnect

detected (heartbeat timer expired)

Authentication

Access


User login denied ‐ insufficient access

on LDAP server


User login denied ‐ invalid credentials

on LDAP server


| 49

User login denied ‐ LDAP authentication

failure

RADIUS User Activity INFO 745 ‐‐‐

User login denied ‐ LDAP

communication problem


User login denied ‐ LDAP directory

mismatch


User login denied ‐ LDAP schema

mismatch


User login denied ‐ LDAP server

certificate not valid


User login denied ‐ LDAP server down or

misconfigured


User login denied ‐ LDAP server name

resolution failed


User login denied ‐ LDAP server Timeout RADIUS User Activity WARNING 746 ‐‐‐

User login denied ‐ Mail Address(From/

to) or SMTP Server is not configured

Authentication

Access


User login denied ‐ No name received

from Terminal Services agent

Authentication

Access


User login denied ‐ not allowed by

Policy rule

Authentication

Access


User login denied ‐ not found locally Authentication

Access


User login denied ‐ password doesn't

meet constraints

Authentication

Access

‐‐‐ INFO 1048 ‐‐‐

User login denied ‐ password expired Authentication

Access


User login denied ‐ RADIUS

authentication failure

RADIUS User Activity INFO 243 ‐‐‐





configuration error


User login denied ‐ RADIUS server name

resolution failed


User login denied ‐ RADIUS server

Timeout


User login denied ‐ SSO agent


Authentication

Access


User login denied ‐ SSO agent

configuration error

Authentication

Access


User login denied ‐ SSO agent name

resolution failed

Authentication

Access



User login denied ‐ SSO agent Timeout Authentication

Access


User login denied ‐ SSO probe failed Authentication

Access


User login denied ‐ Terminal Services

agent communication problem

Authentication

Access



agent name resolution failed

Authentication

Access



agent Timeout

Authentication

Access


User login denied ‐ TLS or local

certificate problem


User login denied ‐ user already logged

in

Authentication

Access


User login denied ‐ User has no

privileges for guest service

Authentication

Access


User login denied ‐ User has no

privileges for login from that location

Authentication

Access


User login denied due to bad

credentials

Authentication

Access


User login denied due to bad

credentials

Authentication

Access


User login disabled from %s Authentication

Access


User login Failed ‐ An error has occurred

while sending your one‐time password

Authentication

Access


User login failed ‐ Guest service limit

reached

Authentication

Access


User login failure rate exceeded ‐ logins

from user IP address denied

Authentication

Access


User login from an internal zone

allowed

Authentication

Access


Using LDAP without TLS ‐ highly

insecure

RADIUS System Error ALERT 1010 ‐‐‐

Virtual Access Point is disabled SonicPoint 80211b

Management

INFO 731 ‐‐‐

Virtual Access Point is enabled SonicPoint 80211b

Management

INFO 730 ‐‐‐

VoIP %s Endpoint added VoIP VoIP DEBUG 637 ‐‐‐

VoIP %s Endpoint not added ‐

configured 'public' endpoint limit

reached

VoIP VoIP WARNING 639 ‐‐‐

VoIP %s Endpoint removed VoIP VoIP DEBUG 638 ‐‐‐

VoIP Call Connected VoIP VoIP INFO 622 ‐‐‐

| 51

VoIP Call Disconnected VoIP VoIP INFO 623 ‐‐‐

Voltages Out of Tolerance Firewall

Hardware

System

Environment

ERROR 575 101

VPN Cleanup: Dynamic network settings

change

VPN User Activity INFO 471 ‐‐‐

VPN Client Policy Provisioning VPN Client User Activity INFO 371 ‐‐‐

VPN disabled by administrator Authentication

Access


VPN enabled by administrator Authentication

Access


VPN Log Debug VPN IKE Debug INFO 172 ‐‐‐

VPN Policy Added VPN ‐‐‐ INFO 1050 ‐‐‐

VPN policy count received exceeds the

limit; %s

VPN System Error ERROR 719 ‐‐‐

VPN Policy Deleted VPN ‐‐‐ INFO 1051 ‐‐‐

VPN Policy Modified VPN ‐‐‐ INFO 1052 ‐‐‐

VPN TCP FIN VPN VPN Status INFO 195 ‐‐‐

VPN TCP PSH VPN VPN Status INFO 196 ‐‐‐

VPN TCP SYN VPN VPN Status INFO 194 ‐‐‐

VPN zone administrator login allowed Authentication

Access


VPN zone remote user login allowed Authentication

Access


WAN Acceleration device %s found Bandwidth

Optimization

‐‐‐ INFO 1169 ‐‐‐

WAN Acceleration device %s is being

used

Bandwidth

Optimization

‐‐‐ ALERT 1172 ‐‐‐

WAN Acceleration device %s is no

longer being used

Bandwidth

Optimization

‐‐‐ ALERT 1173 ‐‐‐

WAN Acceleration device %s is no

longer operational

Bandwidth

Optimization

‐‐‐ ALERT 1171 ‐‐‐

WAN Acceleration device %s is

operational

Bandwidth

Optimization

‐‐‐ ALERT 1170 ‐‐‐

WAN DHCPC IP Changed Firewall Event System Error WARNING 1129 ‐‐‐

WAN Interface not setup Firewall Event Maintenance INFO 498 ‐‐‐

Wan IP Changed Firewall Event System Error WARNING 138 636

WAN node exceeded: Connection

dropped because too many IP addresses

are in use on your LAN

Firewall Event System Error ERROR 812 ‐‐‐

WAN not ready Firewall Event Maintenance INFO 502 ‐‐‐

WAN zone administrator login allowed Authentication

Access


WAN zone remote user login allowed Authentication

Access



WARNING: Central Gateway does not

have a Relay IP Address. DHCP message

dropped.


WARNING: DHCP lease relayed from

Central Gateway conflicts with IP in

Static Devices list


Web access Request dropped Network Access TCP NOTICE 524 ‐‐‐

Web management request allowed Network Access User Activity NOTICE 526 ‐‐‐

Web site access allowed Network Access Blocked Sites NOTICE 16 703

Web site access denied Network Access Blocked Sites ERROR 14 701

Web site hit Network Traffic

AppFirewall FIC

Connection

Traffic

AppFirewall

FIC

INFO 97 ‐‐‐

WiFiSec Enforcement disabled by

administrator

Authentication

Access


WiFiSec Enforcement enabled by

administrator

Authentication

Access


Wireless MAC Filter List disabled by

administrator

Authentication

Access


Wireless MAC Filter List enabled by

administrator

Authentication

Access


WLAN client null probing WLAN IDS WLAN IDS WARNING 615 904

WLAN DHCPC IP Changed Firewall Event System Error WARNING 1130 ‐‐‐

WLAN disabled by administrator Authentication

Access


WLAN disabled by schedule Authentication

Access


WLAN enabled by administrator Authentication

Access


WLAN enabled by schedule Authentication

Access


WLAN firmware image has been

updated

Wireless Maintenance INFO 487 ‐‐‐

WLAN HTTP trApplication Firewallfic not

being sent to WXA WebCache; zone

conflict

Bandwidth

Optimization

‐‐‐ WARNING 1264 ‐‐‐

WLAN max concurrent users reached

already


WLAN not in AP mode, DHCP server will

not provide lease to clients on WLAN

Wireless Maintenance INFO 617 ‐‐‐

WLAN radio frequency threat detected RF

Management

‐‐‐ WARNING 879 ‐‐‐

| 53

WLAN Reboot Firewall

Hardware


WLAN recovery Wireless Maintenance INFO 519 ‐‐‐

WLAN sequence number out of order WLAN IDS WLAN IDS WARNING 547 902

WLB Failback initiated by %s WAN Failover System Error ALERT 435 652

WLB Failover in progress WAN Failover System Error ALERT 584 651

WLB Resource failed WAN Failover System Error ALERT 586 654

WLB Resource is now available WAN Failover System Error ALERT 585 653

WLB SPIll‐over started, configured

threshold exceeded

WAN Failover Maintenance WARNING 581 ‐‐‐

WLB SPIll‐over stopped WAN Failover Maintenance WARNING 582 ‐‐‐

WPA MIC Failure Wireless 80211b

Management


WPA RADIUS Server Timeout Wireless 80211b

Management

INFO 664 ‐‐‐

XAUTH Failed with VPN client,

Authentication failure

VPN Client User Activity ERROR 140 ‐‐‐

XAUTH Failed with VPN client, Cannot

Contact RADIUS Server

VPN Client User Activity INFO 141 ‐‐‐

XAUTH Succeeded with VPN client VPN Client User Activity INFO 139 ‐‐‐

Your Active/Active Clustering

subscRIPtion has expired.

High Availability ‐‐‐ WARNING 1149 ‐‐‐

Your Anti‐Spam Service subscRIPtion

has expired.

Anti‐Spam ‐‐‐ WARNING 1086 13805

Your WAN Acceleration Service

subscRIPtion has expired.

Bandwidth

Optimization

‐‐‐ WARNING 1176 ‐‐‐

YouTube for school enforced Network Access ‐‐‐ DEBUG 1262 ‐‐‐


Numeric Values for the Legacy Category

This table list the numeric equivalents to the Legacy Category names:

Table 4 Legacy Category ID & Name

Category ID used in syslog Category Name0 Not backward compatible1 Maintenance2 System Error4 Blocked Sites8 Blocked Code16 User Activity32 Attack64 TCP128 UDP256 ICMP512 Debug1024 Connection Traffic2048 LAN TCP4096 LAN UDP8192 LAN ICMP16384 VPN Status32768 Modem Debug65536 VPN Tunnel Status131072 80211b Management262144 Connection524288 System Environment2097152 WLAN IDS1048576 VoIP4194304 Sonic Point

| 55

Index of Syslog Tag Field DescriptionThis section provides an alphabetical listing of Syslog tags and the associated field description.

For examples of Syslog messages, refer to the following sections: • “Examples of Standard Syslogs” on page 63

• “Examples of ArcSight Syslogs” on page 64

Table 5 Syslog Tag Field Index

TagTags for Arc-

SightField Description

<ddd>Syslog mes-sage prefix

The beginning of each syslog message has a string of the form <ddd> where ddd is a decimal number indicating facility and priority of the message

af_polid Application Filter

Displays the Application Filter Policy ID

af_policy Application Filter

Displays the Application Policy name

af_type Application Filter

Displays the Application Policy type such as:

SMTP Client Request

HTTP Client Request

HTTP Server Response

FTP Client Request

FTP Client Upload File

FTP Client Download File

POP3 Client Request

POP3 Server Response

FTP Data Transfer

IPS Content

App Control Content

Custom Policy Type

CFS

af_service Application Filter

Displays the Application Policy service name


af_action Application Filter

Displays the Application Policy action such as

HTTP Block Page

HTTP Redirect

Bandwidth Management

Disable E-Mail Attachment

FTP Notification Reply

Reset/Drop

Block SMTP E-Mail

Bypass DPI

CFS Block Page

Packet Monitor

Af_objectApplication policy object name

Displays the custom Application Policy object name

ai

Active Interface via GMS heartbeat

Displays the Active WAN Interface. Normally it is Primary WAN but in a failover, it displays the value of the failover default outbound WAN interface, if there’s more than one WAN. When there is only one WAN interface, it is always Primary WAN regardless of the link state

app appNumeric appli-cation ID

Indicates the application for the applied syslog. Only displays when Flow Report-ing is enabled

appcat appcatApplication Control

Display the application category when Application Control is enabled

appid appid Application IDDisplay the application ID when Applica-tion Control is enabled

arg arg URLUsed to render a URL: arg represents the URL path name part

bcastRx bcastRxInterface statis-tics report

Displays the broadcast packets received

bcastTx bcastTxInterface statis-tics report

Displays the broadcast packets transmit-ted

bytesRx bytesRxInterface statis-tics report

Displays the bytes received

bytesTx bytesTxInterface statis-tics report

Displays the bytes transmitted

| 57

c catMessage cate-gory (legacy only)

Indicates the legacy category number (Note: We are not currently sending new category information.)

category category Blocking code description

Applicable only when CFS is enabled, indicates the category of the blocked content such as “Gambling”. This works in conjunction with “code” Blocking code.

catid Rule category Indicates the category id of the rule

cdur cn3LabelConnection Duration

Displays the connection duration

changeSWGMSchan-geUrl

Configuration change web-page

Displays the basename of the firewall web page that performed the last config-uration change

code reason Blocking code Indicates the CFS block code category

icmpCode cn2ICMP type and code

Indicates the ICMP code

connsFirewall status report via GMS heartbeat

Indicates the number of connections in use

contentObject Firewall Indicates rule name

cs4Interface Sta-tistics

Display interface statistics

deviceIn-boundInterface

InterfaceIndicates interface on which the packet leaves the device

deviceIn-boundInterface

InterfaceIndicates interface on which the packet enters the device

dpt Port Display destination port

dnpt NAT’ed Port Display NAT’ed destination port

dst dst DestinationDestination IP address, and optionally, port, network interface, and resolved name.

dstV6 dst DestinationDestination IPv6 address, and option-ally, port, network interface, and resolved name.

dstname dst URLDisplays the URL of web site hit and other legacy destination strings such as the URL of the host


dur requestNumeric, ses-sion duration in seconds

Indicates the duration in units of seconds that a session is connected

dyn cs6LabelFirewall status report via GMS heartbeat

Displays the HA and dialup connection state (rendered as “h.d” where “h” is “n” (not enabled), “b” (backup), or “p” (pri-mary) and “d” is “1” (enabled) or “0” (dis-abled))

f flowTypeNumeric flow type

Indicates the flow type when Flow Reporting is disabled

fwFirewall WAN IP

Indicates the WAN IP Address

fwlanFirewall status report via GMS heartbeat

Indicates the LAN zone IP address

gcat gcat Group categoryDisplay event group category when using Enhanced Syslog

goodRxBytes goodRxBytesSonicPoint sta-tistics report

Indicates the well formed bytes received

goodTxBytes goodTxBytesSonicPoint sta-tistics report

Indicates the well formed bytes transmit-ted

iFirewall status report via GMS heartbeat

Displays the GMS message interval in seconds

id=firewallWebTrends prefix

Syntactic sugar for WebTrends (and GMS by habit)

if ifInterface statis-tics report

Displays the interface on which statistics are reported

ipscat ipscat IPS message Displays the IPS category

ipspri ipspri IPS message Displays the IPS priority

licFirewall status report via GMS heartbeat

Indicates the number of licenses for fire-walls with limited modes

m Message ID Provides the message ID number

mac smac or dmac MAC addressProvides the source or destination MAC address

mailFrom Email sender Originator of the email

| 59

msg msg Message

Displays the message which is com-posed of either or both a predefined message and a dynamic message con-taining a string %s or numeric %d argu-ment

n cnt Message count

Indicates the number of times event occurs

natDst cs2LabelNAT destina-tion IP

Displays the NAT’ed destination IP address

natDstV6 cs2LabelNAT destina-tion IPv6

Displays the NAT’ed destination IPv6 address

natSrc cs1Label NAT source IP Displays the NAT’ed source IP address

natSrcV6 cs1LabelNAT source IPv6

Displays the NAT’ed source IPv6 address

note cs6 Additional Information

Additional information that is application-dependent

npcs cs5 URL

Applicable only when Network Packet Capture System (NPCS Solera) is enabled, displays URL of an NPCS object

op requestMethod HTTP OP codeDisplays the HTTP operation (GET, POST, etc.) of web site hit

priMessage prior-ity

Displays the event priority level (0=emer-gency..7=debug)

proto protoProtocol and service

Displays the protocol information (ren-dered as “proto=[protocol]” or just “[proto]/[service]”)

ptFirewall status report via GMS heartbeat

Displays the HTTP/HTTPS management port (rendered as “hhh.sss”)

radio radioSonicPoint sta-tistics report

Displays the SonicPoint radio on which event occurred

rcptTo recipient Indicates the email recipient

rcvd in Bytes receivedIndicates the number of bytes received within connection

result outcomeHTTP Result code

Displays the HTTP result code (200, 403, etc.) of web site hit


rpkt cn1LabelPacket received

Display the number of packet received

rule cs1 Rule IDDisplays the Access Rule number caus-ing packet drop. The policy index includes Address Object names

sent out Bytes sentDisplays the number of bytes sent within connection

sess cs5Label

Pre-defined string indicat-ing session type

Applies to syslogs with an associated user session being tracked by the UTM

sid sidIPS or Anti-Spyware mes-sage

Provides either IPS or Anti-Spyware sig-nature ID

snFirewall serial number

Indicates the device serial number

spkt cn2Label Packet sent Display the number of packets sent

spt Port Displays source port

spycat spycatAnti-Spyware message

Displays the Anti-Spyware category

spypri spypriAnti-Spyware message

Displays the Anti-Spyware priority

snptNAT source port

Display NAT’ed source port

src src SourceIndicates the source IP address, and optionally, port, network interface, and resolved name.

station stationSonicPoint sta-tistics report

Displays the client (station) on which event occurred

SWSPstatsSonicPoint sta-tistics report

Display SonicPoint statistics

time Time Reports the time of event

type cn1ICMP type and code

Indicates the ICMP type

ucastRx ucastRxInterface statis-tics report

Displays the unicast packets received

ucastTx ucastTxInterface statis-tics report

Displays the unicast packets transmitted

| 61

unsynchedFirewall status report via GMS heartbeat

Reports the time since last local change in seconds

usestandbysaFirewall status report via GMS heartbeat

Displays whether standby SA is in use (“1” or “0”) for GMS management

usr (or user) susr UserDisplays the user name (“user” is the tag used by WebTrends)

vpnpolicy

cs2 (source) or

cs3 (destina-tion)

Source VPN policy name

Displays the source VPN policy name of event

vpnpolicyDst

cs2 (source) or

cs3 (destina-tion)

Destination VPN policy name

Displays the destination VPN policy name of event

dstZone

cs3Label (source)

cs4Label (des-tination)

Destination zone name

Displays destination zone

srcZone

cs3Label (source)

cs4Label (des-tination)

Source zone name

Displays source zone


Examples of Standard Syslogs

The following examples show the content of the Syslog packet. This type of message can be viewed on the Syslog server or any packet analyzer application. Note that this is the Default Syslog Format.

id=firewall123 sn=0017C5991784 time="2013-03-20 11:56:53" fw=10.0.203.108 pri=6 c=1024 m=97 n=1 src=1.2.3.4:5432:X0 dst=4.3.2.1:2345:X1 proto=tcp/2345 op=1 sent=9876 rcvd=6789 result=403 dstname=http: arg=//www.gui.log.eng.sonicwall.com code=20 Category="Online Banking"

id=firewall123 sn=0017C5991784 time="2013-03-20 11:57:04" fw=10.0.203.108 pri=6 c=262144 m=98 msg="Connection Opened" n=1437 usr="admin" src=192.168.168.1:61505:X0 dst=192.168.168.168:443:X0 proto=tcp/https sent=52

id=firewall123 sn=0017C5991784 time="2013-03-20 11:57:06" fw=10.0.203.108 pri=6 c=1024 m=537 msg="Connection Closed" n=3683 usr="admin" src=192.168.168.1:61505:X0 dst=192.168.168.168:443:X0 proto=tcp/https sent=1519 rcvd=951 spkt=7 rpkt=8 cdur=2133

id=firewall123 sn=0017C5991784 time="2013-03-20 11:56:53" fw=10.0.203.108 pri=1 c=32 m=609 msg="IPS Prevention Alert: P2P BitTorrent -- Peer Sync" sid=1994 ipscat=P2P ipspri=3 P2P BitTorrent -- Peer Sync, SID: 1994, Priority: Low n=1 src=1.2.3.4:5432:X0 dst=4.3.2.1:2345:X1

id=firewall123 sn=0017C5991784 time="2013-01-29 23:38:24" bid=1 fw=10.8.70.22 pri=1 c=16 m=793 msg="App Rules Alert" af_polid=1 af_policy="test" af_type="SMTP Client Request" af_service="SMTP (Send E-Mail)" af_action="No Action" n=0 src=10.10.10.245:50613:X0 dst=10.8.41.228:25:X1"

id=firewall123 sn=0017C5991784 mgmtip=10.0.203.108 time="2013-03-20 20:14:30 UTC" fw=10.0.203.108 m=96 n=25 i=60 lic=0 unsynched=893 pt=80.443 usestandbysa=0 dyn=n.n ai=1 fwlan=192.168.168.168 conns=0

| 63

Examples of ArcSight Syslogs

The following examples show the content of the Syslog packet. This type of message can be viewed on the Syslog server or any packet analyzer application.

MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|97|Syslog Website Accessed|4|cat=1024 gcat=2 src=1.2.3.4 spt=5432 deviceInboundInterface=X0 cs1Label=1.2.4.5 snpt=1 dst=4.3.2.1 dpt=2345 deviceOutboundInterface=X1 cs2Label=5.4.3.2 dnpt=2 proto=tcp/2345 out=9876 in=6789 requestMethod=1 outcome=403 request=http://www.gui.log.eng.sonicwall.com reason=20 Category-"Online Banking"

MAR 20 2013 19:07:49 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|98|Syslog Connection Logged|4|cat=262144 gcat=2 src=192.168.168.1 spt=61693 deviceInboundInterface=X0 dst=192.168.168.168 dpt=443 deviceOutboundInterface=X0 susr="admin" proto=tcp/https out=52 cnt=1570

MAR 20 2013 19:07:52 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|537|Syslog Close|4|cat=1024 gcat=2 smac=00:00:c5:b3:6b:e5 src=192.168.168.1 spt=61693 deviceInboundInterface=X0 cs3Label=Trusted dst=192.168.168.168 dpt=443 deviceOutboundInterface=X0 cs4Label=Trusted susr="admin" proto=tcp/https out=1519 in=967 cn2Label=7 cn1Label=8 cn3Label=2333 cnt=3815

MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|609|IDP Prevention Alert|9|cat=32 gcat=3 src=1.2.3.4 spt=5432 deviceInboundInterface=X0 cs1Label=1.2.4.5 snpt=1 dst=4.3.2.1 dpt=2345 deviceOutboundInterface=X1 cs2Label=5.4.3.2 dnpt=2 msg="IPS Prevention Alert: P2P BitTorrent -- Peer Sync, SID: 1994, Priority: Low" cnt=3

MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|793|Application Firewall Alert|9|cat=16 gcat=10 src=1.2.3.4 spt=5432 deviceInboundInterface=X0 dst=4.3.2.1 dpt=2345 deviceOutboundInterface=X1 msg="Application Firewall Alert: Policy: foobar, Action Type: Block SMTP E-Mail - Send Error Reply, Mail From: an unknown string of unknown length" cnt=


232-002230-00 rev b sonicos 5.9 log event reference...

Documents