SonicOS Enhanced 5.1 Log Event Reference Guide

SONICOS LOG EVENT REFERENCE GUIDE 1

Using the SonicOS Log Event Reference Guide

This reference guide lists and describes SonicOS log event messages. Reference a log event mes-sage by using the alphabetical index of log event messages. This document contains the following sections: SonicOS Log Event Messages Overview on page 1 Configuring SonicOS Log > View on page 3 Referencing the SonicOS Log > View Field Display on page 5 Index of Log Event Messages on page 6 Index of Syslog Tag Field Description on page 53

SonicOS Log Event Messages OverviewDuring the operation of a SonicWALL security appliance, SonicOS software sends log event mes-sages to the Log > View page in the SonicWALL management interface.In Figure 1, the Log > View page is displayed.Figure 1 SonicOS Enhanced Log > View page

Event logging automatically begins when the SonicWALL security appliance is powered on and con-figured. SonicOS supports a traffic log containing entries with multiple fields. Log event messages provide operational informational and debugging information to help you diag-nose problems with communication lines, internal hardware, or your firmware configuration.

Note: For the SonicOS CLI console display, use the show log command to display log events. Refer to the SonicOS CLI Reference Guide located on the SonicWALL Web site:

2 SONICOS LOG EVENT REFERENCE GUIDE

Note: Not all log event messages indicate operational issues with your SonicWALL security appliance.SonicOS Log Entries

Each log entry contains the date and time of the event and a brief message describing the event. The SonicWALL manages log events in the following manner: TCP, UDP, or ICMP packets dropped

When IP packets are dropped by the SonicWALL security appliance, dropped TCP, UDP and ICMP messages are displayed. The messages include the source and destination IP addresses of the packet. The TCP or UDP port number or the ICMP code follows the IP address. Log event messages usually include the name of the service in quotation marks.

Web, FTP, Gopher, or Newsgroup blockedWhen a computer attempts to connect to the blocked site or newsgroup, a log event is displayed. Blocked is defined as a Web site, connection, or event that is denied access from the SonicWALL security appliance. The computers IP address, Ethernet address, the name of the blocked Web site, and the Content Filter List Code is displayed. Code definitions for the 12 Content Filter List categories are shown below.

ActiveX, Java, Cookie or Code Archive blockedWhen ActiveX, Java or Web cookies are blocked, messages with the source and destination IP addresses of the connection attempt is displayed.

Ping of Death, IP Spoof, and SYN Flood AttacksThe IP address of the machine under attack and the source of the attack is displayed. In most attacks, the source address shown is fake and does not reflect the real source of the attack.

SonicOS Log View SettingsThe Log View Settings section of the Log > View page provides you the filtering controls to filter log event messages based on your configured log filter logic. It also contains the following log manage-ment buttons: RefreshRenews the Log View table with current log event messages. Clear LogEmpties the entries in the Log View table. E-mail LogE-mails log event messages to your configured SMTP server or list of e-mail

addresses. Export LogExports the log into a plain .txt or .csv file format.

1. Violence 7. Cult

2. Intimate Apparel/Swim-suit

8. Drugs/Illegal Drugs

3. Nudism 9. Criminal Skills/Illegal Skills

4. Adult/Mature Content/Pornography

10. Sex Education

5. Weapons 11. Gambling

6. Hate/Racism 12. Alcohol & Tobacco


SonicOS Log View Display FormatThe Log > View page displays log event messages in following format for alert notification: TimeDisplays the hour and minute the event occurred. PriorityDisplays the level urgency for the event. CategoryDisplays the event type. MessageDisplays a description of the event. SourceDisplays the source IP address of incoming IP packet. DestinationDisplays the destination IP address of incoming IP packet. NoteDisplays displays additional information specific to a particular event occurrence. RuleDisplays the source and destination zones for the access rule. This field provides a link to

the access rule defined in the Firewall > Access Rules page.The display fields for a log event message provides you with data to verify your configurations, trou-ble-shoot your security appliance, and track IP traffic.

Configuring SonicOS Log > View The Log > View page in the Web-based SonicWALL management interface allows you to export log reports, e-mail log reports, and monitor real-time Syslog data. As soon as you power on your Son-icWALL security appliance, SonicOS software sends Syslog data to your log. In the SonicWALL man-agement interface, you can navigate through the subcategories of the Log setting for reporting and customizing log reports.In Figure 2, the Log > View page is displayed.

Setting the Log Filter LogicBy default, the SonicOS filter logic is set to Priority && Category && Source && Destination. The double ampersand symbols (&&) indicate the boolean expression and. The default SonicOS filter logic displays all log events.Figure 2 SonicOS Log View Settings


Applying Custom Log Event Message FiltersThis section provides examples on using the Log View Settings to filter log event messages dis-played in the Log View page.

Configuration Example: Filtering Log Event Messages by Priority ValueTo set the log filter logic to display only log event messages with a priority level of Emergency:1. Select Emergency from the filter-Priority Value pull-down menu.

2. Click on the Apply Filters button.

Configuration Example: Filtering Log Event Messages by Category ValueTo set the log filter logic to display only log event messages with a category event type of Attacks:1. Select Attacks from the filter-Category Value pull-down menu.


Configuration Example: Filtering Log Event Messages by Source ValueTo set the log filter logic to display only log event messages associated to a source IP address:1. Enter the source IP address or select an interface from the filter-Source Value pull-down menu.


Configuration Example: Filtering Log Event Messages by Destination ValueTo set the log filter logic to display only log event messages associated to a destination IP address:1. Enter the destination IP address or select an interface from the filter-Source Value pull-down

menu. 2. Click on the Apply Filters button.

Using Group FiltersUse Group filters to change the default SonicOS filter logic (Priority && Category && Source && Des-tination) from double ampersand symbols (&&) to double pipe symbols (||) to indicate the boolean expression or. When using group filters, select two or more Group Filters checkboxes.

Note: If you select only one Group Filter checkbox, the filter logic will remain the same. Selecting only the Priority-Group Filter checkbox provides you with the following filter logic:(Priority) && Category && Source && Destination

Configuration Example: Using the Priority Group Filter and Category Group FilterTo set the log filter logic to display log event messages with a priority level of Emergency or a category event type of Attack:1. Select the Priority group filter checkbox.

2. Select the Category group filter checkbox.3. Select Emergency from the filter-Priority Value pull-down menu. 4. Select Attacks from the filter-Category Value pull-down menu. Figure 3 illustrates the SonicOS filter logic updated as follows:


(Priority || Category) && Source && DestinationFigure 3 SonicOS Log Group Filters

A filter logic using the boolean expression || is less restrictive than the default filter logic using the boolean expression &&. With the boolean expression ||, log event messages are displayed if they match either filter values. With the boolean expression &&, log event messages are displayed if they match both filter values.

Exporting the Logs to a FileThis section provides instructions to export your log to a file. To export the log to a file:1. Click on the Export Log button. You will be prompted to select a export file format type as

illustrated in Figure 4.Figure 4 SonicOS Export Log

2. Select a file format: Plain text format used in log and alert e-mailSaves the log file as plain text, which can be used for alert e-mails.Comma-Separated Value (CSV) formatSaves the log file for importing into Microsoft Excel or other presentation development application.

3. Click on the Export button.4. Save the exported log file to a location on your personal computers hard drive.

Note: You can export a log to a file with applied filter settings.

Referencing the SonicOS Log > View Field Display

SonicOS 2.5 Enhanced and Standard releases and greater provide the SonicOS Log > View field display as illustrated in Figure 5.


Figure 5 SonicOS Log > View Field Display

Referencing the SonicWALL Firmware Log > View Log Field DisplaySonicWALL Firmware 6.6.0.0 release and greater provide the SonicWALL Firmware Log > View Log field display.

Index of Log Event MessagesThis section contains a list of log event messages for all SonicWALL Firmware and SonicOS Software Releases, ordered alphabetically. Use your web browsers Find function to search for a command.

Log Event Message Symbols Key

TCP IP Layered-Data Packet Processing and SonicOS Log Event Handling In specific cases of multi-layer packet processing, a TCP connection initially logged as "open," will be rejected by a deeper layer of packet processing. In these cases, the connection request has not been forwarded by the SonicWALL security appliance, and the initial Connection Open SonicOS log event message should be ignored in favor of the TCP Connection Dropped log event message.

Each log event message described in the following table provides the following log event details: SonicOS CategoryDisplays the SonicOS Software category event type. Legacy CategoryDisplays the SonicWALL Firmware Software category event type. Priority LevelDisplays the level of urgency of the log event message. Log Message ID NumberDisplays the ID number of the log event message. SNMP Trap TypeDisplays the SNMP Trap ID number of the log event message.

Log Event Message Symbol Description Context

%s Ethernet Port Down Represents a character string. [WAN | LAN | DMZ] Ethernet Port Down

The cache is full; %u openconnections; some will be dropped

Represents a numerical string. The cache is full; [40,000] openconnections; some will be dropped

Log Event Messages SonicOS Category

Legacy Category

Priority Level

Log Message ID Number

SNMP TrapType

Log Event Type

"As per Diagnostic Auto-restart configuration request, restarting system"

Firewall Event --- Info 1047 --- Simple

#Web site hit Network Traffic Connection Traffic

Info 97 --- Standard HTTP Traffic Report


%s Auto-dial failed: Current Connection Model is configured as Ethernet Only

PPP Dial Up System Error Alert 1028 --- Simple Message String

%s Ethernet Port Down Firewall Event System Error Error 333 641 Simple Message String

%s Ethernet Port Up Firewall Event System Error Warning 332 640 Simple Message String

Dumped to email at None --- Debug 1 --- Unused*** Alert from SonicWALL ***

None --- Debug 3 --- Unused

SonicWALL Registration Update Needed: Restore your existing security service subscriptions by clicking here.

Security Services

Maintenance Warning 496 --- Simple

802.11b Management Wireless 80211bmgmt Info 518 --- Simple Destination

A prior version of preferences was loaded because the most recent preferences file was inaccessible

Firewall Event System Error Warning 572 648 Simple

A SonicOS Standard to Enhanced Upgrade was performed

Firewall Event Maintenance Info 611 --- Simple

Access attempt from host out of compliance with GSC policy

Security Services

Maintenance Info 761 --- Standard

Access attempt from host without Anti-Virus agent installed

Security Services


Access attempt from host without GSC installed

Security Services

Maintenance Info 763 8627 Standard

Access rule added Firewall Rule User Activity Info 440 --- Simple RuleAccess rule deleted Firewall Rule User Activity Info 442 --- Simple Rule

StringAccess rule modified Firewall Rule User Activity Info 441 --- Simple RuleAccess rules restored to defaults

Firewall Rule User Activity Info 443 --- Unused

Access to proxy server denied

Network Access

Blocked Sites Notice 60 705 Standard Note Blocked

Active Backup detects Active Primary: Backup going Idle

High Availability

Maintenance Info 154 --- Unused

ActiveX access denied Network Access

Blocked Code Notice 18 --- Standard Note Blocked

ActiveX or Java archive access denied

Network Access


AD Connector %s response timed-out; applying caching policy

Microsoft Active Directory

--- Error 769 --- Standard Message String

Add an attack message Firewall Event Attack Error 143 525 Simple String


Added host entry to dynamic address object

Dynamic Address Objects

Maintenance Info 911 --- Standard Destination

Adding dynamic entry for bound MAC address

Network --- Info 813 --- Standard Note Ethernet Network

Adding L2TP IP pool address object Failed.

L2TP Server System Error Error 603 661 Simple

Adding to multicast policy list , interface : %s

Multicast --- Debug 697 --- Standard Message String

Adding to Multicast policy list , VPN SPI : %s


Administrator logged out Authentication Access

User Activity Info 261 --- Standard Note String

Administrator logged out - inactivity timer expired

Authentication Access

User Activity Info 262 --- Standard

Administrator login allowed


User Activity Info 29 --- Standard String Service

Administrator login denied due to bad credentials


Attack Alert 30 560 Standard String Service

Administrator login denied from %s; logins disabled from this interface


Attack Alert 35 506 Standard Message String

Administrator name changed



Agent returned no user name

CIA User Activity Warning 1008 --- Standard String Service

All DDNS associations have been deleted

DDNS Maintenance Info 783 --- Simple

All preference values have been set to factory default values

Firewall Event System Error Warning 574 650 Simple

Allowed LDAP server certificate with wrong host name

RADIUS User Activity Warning 752 --- Standard Note String

Anti-Spyware detection alert: %s

Intrusion Detection

Attack Alert 795 6438 Standard As Message String

Anti-Spyware prevention alert: %s

Intrusion Detection

Attack Alert 794 6437 Standard As Message String

Anti-Spyware service expired

Security Services

Maintenance Warning 796 8631 Simple

Anti-Virus agent out-of-date on host

Security Services


Anti-Virus licenses exceeded

Security Services


Application Filter detection Alert: %s

Intrusion Detection

Attack Alert 650 --- Standard Message String

Application filters block alert: %s

Intrusion Detection

Attack Alert 649 --- Standard Message String

Application firewall alert: %s

Network Access

User Activity Alert 793 7241 Standard Application Firewall Message String


ARP request packet received


ARP request packet sent Network --- Info 715 --- Standard Note Ethernet Network

ARP response packet received


ARP response packet sent


ARP timeout Network Debug Debug 45 --- StandardARP unused/spare Network --- Debug 816 --- UnusedARS unused/spare Unused --- Debug 843 --- UnusedARS unused/spare Unused --- Debug 844 --- UnusedARS unused/spare Unused --- Debug 845 --- UnusedARS unused/spare Unused --- Debug 846 --- UnusedAssociation Flood from WLAN station

WLAN IDS WLAN IDs Alert 548 903 Simple Destination

Authentication timeout during Remotely Triggered Dial-out session


User Activity Info 821 --- Simple

AV unused/spare Unused --- Debug 126 --- UnusedBack orifice attack dropped

Intrusion Detection

Attack Alert 73 512 Standard

Backup active High Availability

System Error Info 825 --- Simple

Backup firewall being preempted by Primary

High Availability

System Error Error 152 619 Simple

Backup firewall has transitioned to Active

High Availability

Maintenance Info 145 --- Simple

Backup firewall has transitioned to Idle

High Availability


Backup firewall rebooting itself as it transitioned from Active to Idle while Preempt

High Availability

--- Info 1059 --- Simple

Backup going active in preempt mode after reboot

High Availability


Backup missed heartbeats from Primary

High Availability


Backup received error signal from Primary

High Availability


Backup received heartbeat from wrong source

High Availability


Backup received reboot signal from Primary

High Availability


Backup shut down because license is expired

High Availability

System Error Error 824 --- Simple

Backup WAN link down, Primary going Active

High Availability

System Error Error 219 633 Unused

Backup will be shut down in %s minutes

High Availability

System Error Error 823 --- Simple Message String


Bad CRL format VPN PKI User Activity Alert 277 --- Simple Destination

Bind to LDAP server failed

RADIUS System Error Error 1009 --- Simple Note String

Blocked Quick Mode for Client using Default Key ID

VPN Client System Error Error 505 660 Standard

BOOTP Client IP address on LAN conflicts with remote device IP, deleting IP address from remote table

BOOTP Maintenance Info 619 --- Standard Destination

BOOTP reply relayed to local device

BOOTP Maintenance Info 620 --- Standard Destination

BOOTP Request received from remote device

BOOTP Debug Debug 621 --- Standard Destination

BOOTP server response relayed to remote device

BOOTP Debug Debug 618 --- Standard Destination

Broadcast packet dropped

Network Access

Debug Debug 46 --- Standard Note Protocol

Cannot connect to the CRL server

VPN PKI User Activity Alert 274 --- Simple Destination

Cannot Validate Issuer Path


Category: None --- Debug 485 --- UnusedCertificate on Revoked list(CRL)


CFL auto-download disabled, time problem detected

Security Services


Chat %s PPP Dial Up User Activity Info 1022 --- Standard Message String

Chat completed PPP Dial Up User Activity Info 1020 --- Standard Message String

Chat failed: %s PPP Dial Up User Activity Info 1023 --- Standard Message String

Chat started PPP Dial Up User Activity Info 1019 --- Standard Message String

Chat started by '%s' PPP Dial Up User Activity Info 1032 --- Standard Message String

Chat wrote '%s' PPP Dial Up User Activity Info 1021 --- Standard Message String

CLI administrator logged out



CLI administrator login allowed



CLI administrator login denied due to bad credentials


User Activity Warning 200 --- Standard Note String

Code: None --- Debug 54 --- UnusedComputed hash does not match hash received from peer; preshared key mismatch

VPN IKE User Activity Warning 410 --- Standard Destination


Configuration mode administration session ended



Configuration mode administration session started



Connection closed Network Traffic Connection Traffic

Info 537 --- Standard Traffic Report

Connection opened Network Traffic Connection Info 98 --- Standard Note Protocol

Connection timed out VPN PKI User Activity Alert 273 --- Simple Destination

Content filter subscription expired.

Security Services


Cookie removed Network Access

Blocked Code Notice 21 --- Standard String Service

CRL has expired VPN PKI User Activity Alert 874 --- Simple Destination

CRL loaded from VPN PKI User Activity Info 270 --- Simple Destination

CRL missing - Issuer requires CRL checking.


CRL validation failure for Root Certificate


Crypto DES test failed Crypto Test Maintenance Error 360 --- SimpleCrypto DH test failed Crypto Test Maintenance Error 361 --- SimpleCrypto hardware 3DES test failed

Crypto Test Maintenance Error 367 --- Simple

Crypto hardware 3DES with SHA test failed


Crypto hardware AES test failed

Crypto Test Maintenance Error 610 --- Standard

Crypto hardware DES test failed


Crypto hardware DES with SHA test failed


Crypto Hmac-MD5 fest failed


Crypto Hmac-Sha1 test failed


Crypto MD5 test failed Crypto Test Maintenance Error 370 --- SimpleCrypto RSA test failed Crypto Test Maintenance Error 364 --- SimpleCrypto SHA1 based DRNG KAT test failed

Crypto Test --- Error 1060 --- Simple

Crypto Sha1 test failed Crypto Test Maintenance Error 365 --- SimpleDDNS association %s disabled

DDNS Maintenance Info 781 --- Simple Message String

DDNS association %s enabled


DDNS association %s added


DDNS association %s deactivated


DDNS association %s deleted



DDNS Association %s put on line


DDNS association %s taken Offline locally


DDNS failure: provider %s

DDNS System Error Error 774 --- Simple Message String

DDNS failure: Provider %s


DDNS failure: Provider %s


DDNS update success for domain %s

DDNS Maintenance Info 776 --- Standard Message String

DDNS warning: Provider %s

DDNS System Error Warning 777 --- Simple Message String

Deleting from Multicast policy list, interface: %s


Deleting from multicast policy list, VPN SPI: %s


Deleting IPsec SA VPN IKE User Activity Info 92 --- Standard Note SPI

Deleting IPsec SA for destination

VPN IKE User Activity Info 91 --- Unused

Destination IP address connection status: %s

Firewall Event --- Info 735 --- Standard Message String

Destination: None --- Debug 57 --- UnusedDHCP client enabled but not ready

DHCP Client Maintenance Info 504 --- Simple

DHCP Client did not get DHCP ACK.

DHCP Client Maintenance Info 109 --- Standard

DHCP Client failed to verify and lease has expired. Go to INIT state.


DHCP Client failed to verify and lease is still valid. Go to BOUND state.

DHCP Client Maintenance Info 120 --- Unused

DHCP Client got a new IP address lease.

DHCP Client Maintenance Info 121 --- Standard Destination

DHCP Client got ACK from server.


DHCP Client got NACK. DHCP Client Maintenance Info 110 --- StandardDHCP Client is declining address offered by the server.


DHCP Client sending REQUEST and going to REBIND state.


DHCP Client sending REQUEST and going to RENEW state.


DHCP DECLINE received from remote device

DHCP Relay Debug Info 475 --- Unused


DHCP DISCOVER received from local device


DHCP DISCOVER received from remote device

DHCP Relay Debug Info 474 --- Standard Destination

DHCP lease dropped. Lease from Central Gateway conflicts with Relay IP

DHCP Relay Maintenance Warning 228 --- Standard Destination

DHCP lease dropped. Lease from Central Gateway conflicts with Remote Management IP

DHCP Relay Maintenance Warning 484 --- Standard Destination

DHCP lease file in the flash is corrupted; read failed

Firewall Event System Error Warning 833 --- Simple

DHCP lease relayed to local device

DHCP Relay Maintenance Info 223 --- Standard Destination

DHCP lease relayed to remote device


DHCP lease to LAN device conflicts with remote device, deleting remote IP entry


DHCP leases written to flash


DHCP NACK received from server


DHCP OFFER received from server


DHCP Ranges altered automatically due to change in network settings for interface %s

Firewall Event --- Info 832 --- Simple Message String

DHCP RELEASE received from remote device


DHCP RELEASE relayed to Central Gateway


DHCP REQUEST received from local device


DHCP REQUEST received from remote device


DHCP Server not available. Did not get any DHCP OFFER.


DHCP Server: IP conflict detected

Firewall Event --- Alert 1040 --- Standard Destination

DHCP Server: Received DHCP decline from client

Firewall Event --- Alert 1041 --- Standard Destination

Diagnostic Auto-restart canceled

Firewall Event --- Info 1046 --- Simple


Diagnostic Auto-restart scheduled for %s minutes from now

Firewall Event --- Info 1045 --- Simple Message String

Diagnostic Code A Firewall Hardware

System Error Error 93 611 Simple Note String

Diagnostic Code B Firewall Hardware


Diagnostic Code C Firewall Hardware


Diagnostic Code D Firewall Hardware

System Error Error 64 61--- Standard Note Code

Diagnostic Code E VPN IPsec System Error Error 61 609 Standard Note Code

Diagnostic Code F Firewall Hardware


Diagnostic Code G Firewall Hardware


Diagnostic Code H Firewall Hardware


Diagnostic Code I Firewall Hardware


Diagnostic Code J Firewall Hardware


Dial-up: Session initiated by data packet

PPP Dial Up --- Info 1039 --- Standard Service

Dial-up: Traffic generated by '%s'

PPP Dial Up --- Info 1038 --- Standard Message String

Disconnecting L2TP Tunnel due to traffic timeout

L2TP Client Maintenance Info 215 --- Simple

Disconnecting PPPoE due to traffic timeout

PPPoE Maintenance Info 168 --- Simple

Disconnecting PPTP Tunnel due to traffic timeout

PPTP Maintenance Info 389 --- Simple

Discovered HA %s Firewall

High Availability

--- Info 1044 --- Simple Message String

Discovered HA Backup Firewall

High Availability


DNS packet allowed Network Access

Debug Info 602 --- Standard Policy

Drop WLAN traffic from non-SonicPoint devices

Intrusion Detection

Attack Error 662 6434 Standard

Duplicate packet dropped Network Access

Debug Debug 51 --- Unused

Dynamic IPsec client connected

VPN IPsec User Activity Info 62 --- Standard Destination

EIGRP packet dropped Network Access

Debug Notice 714 --- Standard Note String

E-Mail fragment dropped Intrusion Detection


Entering FIPS ERROR state

Crypto Test Maintenance Error 359 --- Unused

Entering FIPS Error State.

Crypto Test System Error Error 497 659 Unused


Error initializing Hardware acceleration for VPN

Firewall Hardware

Maintenance Error 374 --- Simple

Error Rebooting HA Peer Firewall

High Availability


Error setting the IP address of the backup, please manually set to backup LAN IP

High Availability


Error synchronizing HA peer firewall (%s)

High Availability

System Error Error 158 662 Simple Message String

Error updating HA peer configuration

High Availability


ERROR: DHCP over VPN policy is not defined. Cannot start IKE.

DHCP Relay Maintenance Info 478 --- Unused

Exceeded Max multicast address limit

Multicast --- Warning 703 --- Standard

Failed payload validation VPN IKE User Activity Warning 405 --- Standard Note String

Failed payload verification after decryption; possible preshared key mismatch

VPN IKE User Activity Warning 404 --- Standard Note String

Failed to find certificate VPN PKI User Activity Alert 875 --- Simple Destination

Failed to get CRL from VPN PKI User Activity Alert 271 --- Simple Destination

Failed to Process CRL from


Failed to resolve name Network Maintenance Info 84 --- Simple Destination

Failed to synchronize license information with Licensing Server. Please see HTTP://help.mySonicWALL.com/licsyncfail.html (code: %s)

Security Services

Maintenance Warning 766 8628 Simple Message String

Failed to synchronize Relay IP Table

DHCP Relay System Error Warning 234 632 Standard

Failed to write DHCP leases to flash

Firewall Event System Error Warning 834 --- Simple

Failure to add data channel

Unused Debug Debug 49 --- Standard

Failure to reach Interface %s probe

High Availability


Fan Failure Firewall Hardware

System Environment

Alert 576 102 Simple

FIN Flood Blacklist on IF %s continues

Intrusion Detection

Debug Warning 902 --- Simple Message String

FIN-Flooding machine %s blacklisted

Intrusion Detection

Debug Alert 901 --- Simple Message String

Forbidden E-Mail attachment deleted

Intrusion Detection

Attack Error 248 534 Standard Destination


Forbidden E-Mail attachment disabled

Intrusion Detection

Attack Alert 165 527 Standard Destination

Found Rogue Access Point


Found Rogue Access Point


Fragmented packet dropped

Network TCP | UDP | ICMP

Notice 28 --- Standard Note Protocol

Fraudulent Microsoft certificate found; access denied

Intrusion Detection


FTP: Data connection from non default port dropped

Network Access


FTP: PASV response bounce attack dropped.

Intrusion Detection

Attack Alert 528 556 Standard Note String

FTP: PASV response spoof attack dropped

Intrusion Detection


FTP: PORT bounce attack dropped.

Intrusion Detection


Gateway Anti-Virus Alert: %s

Security Services


Gateway Anti-Virus Service expired

Security Services

Maintenance Warning 810 8633 Simple

Global VPN Client connection is not allowed. Appliance is not registered.

VPN Client System Error Info 529 643 Standard

Global VPN Client License Exceeded: Connection denied.

VPN Client System Error Info 494 658 Standard

Global VPN Client version cannot enforce personal firewall. Minimum Version required is 2.1

VPN Client User Activity Info 604 --- Standard Destination

Got DHCP OFFER. Selecting.


GSC policy out-of-date on host

Security Services


Guest account '%s' created


User Activity Info 558 --- Standard Message String

Guest account '%s' deleted



Guest account '%s' disabled



Guest account '%s' pruned



Guest account '%s' re-enabled



Guest account '%s' re-generated




Guest login denied. Guest '%s' is already logged in. Please try again later.



GUI administration session ended



H.323/H.225 Connect VOIP VOIP Debug 634 --- Standard Note String

H.323/H.225 Setup VOIP VOIP Debug 633 --- Standard Note String

H.323/H.245 Address VOIP VOIP Debug 635 --- Standard Note String

H.323/H.245 End Session

VOIP VOIP Debug 636 --- Standard Note String

H.323/RAS Admission Confirm


H.323/RAS Admission Reject


H.323/RAS Admission Request


H.323/RAS Bandwidth Reject


H.323/RAS Disengage Confirm


H.323/RAS Disengage Reject


H.323/RAS Gatekeeper Reject


H.323/RAS Location Confirm


H.323/RAS Location Reject


H.323/RAS Registration Reject


H.323/RAS Unknown Message Response


H.323/RAS Unregistration Reject


HA packet processing error

High Availability


HA Peer Firewall Rebooted

High Availability


HA Peer Firewall Synchronized

High Availability


Hardware Failover settings were not upgraded.


Header verification failed VPN IKE User Activity Warning 587 --- StandardHeartbeat received from incompatible source

High Availability


HTTP management port has changed

Firewall Event Maintenance Info 340 --- Simple Note String

HTTP method detected; examining stream for host header

Network Access

TCP Debug 882 --- Standard Policy


HTTPS management port has changed

Firewall Event Maintenance Info 341 --- Simple Note String

ICMP checksum error Network Access

UDP Notice 886 --- Standard

ICMP packet allowed Network Access

Debug Info 597 --- Standard Policy

ICMP packet dropped due to policy

Network Access

ICMP Notice 38 --- Standard Policy

ICMP packet dropped no match

Network Access

ICMP Notice 523 --- Standard ICMP Service

ICMP packet from LAN allowed

Network Access

Debug Info 598 --- Standard ICMP Service

ICMP packet from LAN dropped

Network Access

LAN ICMP | LAN TCP

Notice 175 --- Standard ICMP Service

If not already enabled, enabling NTP is recommended

Firewall Hardware

System Error Warning 540 645 Simple

IGMP packet dropped, wrong checksum received on interface %s

Multicast --- Notice 683 --- Standard Message String

IGMP Leave group message Received on interface %s

Multicast --- Info 682 --- Standard Message String

IGMP packet dropped, decoding error

Multicast --- Notice 686 --- Standard

IGMP Packet Not handled. Packet type : %s


IGMP querier Router detected on interface %s


IGMP querier Router detected on VPN tunnel , SPI %S


IGMP state table entry time out, deleting interface : %s for multicast address : %s


IGMP state table entry time out, deleting VPN SPI :%s for Multicast address : %s


IGMP V2 client joined multicast Group : %s


IGMP V2 Membership report received from interface %s


IGMP V3 client joined multicast Group : %s


IGMP V3 Membership report received from interface %s


IGMP V3 packet dropped, unsupported Record type : %s



IGMP V3 record type : %s not Handled


IKE Initiator drop: VPN tunnel end point does not match configured VPN Policy Bound to scope

VPN IKE User Activity Info 544 --- Standard

IKE Initiator: Accepting IPsec proposal (Phase 2)

VPN IKE User Activity Info 372 --- Standard Note String

IKE Initiator: Accepting peer lifetime. (Phase 1)

VPN IKE User Activity Info 445 --- Standard Destination

IKE Initiator: Aggressive Mode complete (Phase 1).


IKE Initiator: IKE proposal does not match (Phase 1)


IKE Initiator: Main Mode complete (Phase 1)


IKE Initiator: Proposed IKE ID mismatch


IKE Initiator: Remote party timeout - Retransmitting IKE request.


IKE Initiator: Start Aggressive Mode negotiation (Phase 1)


IKE Initiator: Start Main Mode negotiation (Phase 1)


IKE Initiator: Start Quick Mode (Phase 2).

VPN IKE User Activity Info 346 0 Standard Note String

IKE Initiator: Using secondary gateway to negotiate

VPN IKE User Activity Info 543 --- Standard Destination

IKE negotiation aborted due to timeout


IKE negotiation complete. Adding IPsec SA. (Phase 2)


IKE Responder drop: VPN tunnel end point does not match configured VPN Policy Bound to scope

VPN IKE User Activity Info 545 --- Standard

IKE Responder: %s policy does not allow static IP for Virtual Adapter.

VPN Client System Error Error 660 --- Standard Message String

IKE Responder: Accepting IPsec proposal (Phase 2)


IKE Responder: Aggressive Mode complete (Phase 1)



IKE Responder: AH authentication algorithm does not match


IKE Responder: AH authentication key length does not match


IKE Responder: AH authentication key rounds does not match


IKE Responder: AH Perfect Forward Secrecy mismatch

VPN IKE User Activity Warning 258 544 Standard Note String

IKE Responder: Algorithms and/or keys do not match


IKE Responder: Client Policy has no VPN Access Networks assigned. Check Configuration.

VPN IKE System Error Error 965 --- Standard Note String

IKE Responder: Default LAN gateway is not set but peer is proposing to use this SA as a default route

VPN IKE Attack Error 516 553 Standard Note String

IKE Responder: Default LAN gateway is set but peer is not proposing to use this SA as a default route


IKE Responder: ESP authentication algorithm does not match


IKE Responder: ESP authentication key length does not match


IKE Responder: ESP authentication key rounds does not match


IKE Responder: ESP encryption algorithm does not match


IKE Responder: ESP encryption key length does not match


IKE Responder: ESP encryption key rounds does not match


IKE Responder: ESP Perfect Forward Secrecy mismatch


IKE Responder: IKE Phase 1 exchange does not match

VPN IKE User Activity Error 1036 --- Standard Note String


IKE Responder: IKE proposal does not match (Phase 1)


IKE Responder: IP Address already exists in the DHCP relay table. Client traffic not allowed.

VPN Client System Error Error 659 --- Standard Note String

IKE Responder: IP Compression algorithm does not match


IKE Responder: IPsec proposal does not match (Phase 2)


IKE Responder: IPsec protocol mismatch


IKE Responder: Main Mode complete (Phase 1)


IKE Responder: Mode %d - not transport mode. Xauth is required but not supported by peer.

VPN IKE Debug Warning 342 --- Standard Message Number

IKE Responder: Mode %d - not tunnel mode

VPN IKE User Activity Warning 249 535 Standard Message Number

IKE Responder: No match for proposed remote network address


IKE Responder: No matching Phase 1 ID found for proposed remote network


IKE Responder: Peer's destination network does not match VPN policy's Local Network


IKE Responder: Peer's local network does not match VPN policy's Destination Network


IKE Responder: Phase 1 Authentication Method does not match


IKE Responder: Phase 1 DH Group does not match


IKE Responder: Phase 1 encryption algorithm does not match


IKE Responder: Phase 1 encryption algorithm key length does not match


IKE Responder: Phase 1 hash algorithm does not match



IKE Responder: Phase 1 XAUTH required but policy has no user name


IKE Responder: Phase 1 XAUTH required but policy has no user password


IKE Responder: Proposed IKE ID mismatch

VPN IKE System Error Warning 658 --- Standard Note String

IKE Responder: Proposed local network is 0.0.0.0 but SA has no LAN Default Gateway


IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route


IKE Responder: Received Aggressive Mode request (Phase 1)


IKE Responder: Received Main Mode request (Phase 1)


IKE Responder: Received Quick Mode Request (Phase 2)


IKE Responder: Remote party timeout - Retransmitting IKE request.


IKE Responder: Route table overrides VPN policy


IKE Responder: Tunnel terminates inside firewall but proposed local network is not inside firewall


IKE Responder: Tunnel terminates on DMZ but proposed local network is on LAN


IKE Responder: Tunnel terminates on LAN but proposed local network is on DMZ


IKE Responder: Tunnel terminates outside firewall but proposed local network is not NAT public address



IKE Responder: Tunnel terminates outside firewall but proposed remote network is not NAT public address


IKE SA lifetime expired. VPN IKE User Activity Info 350 --- Standard Note String

IKEv2 Accept IKE SA Proposal


IKEv2 Accept IPsec SA Proposal


IKEv2 Authentication successful


IKEv2 Decrypt packet failed


IKEv2 Function sendto() failed to transmit packet.


IKEv2 IKE attribute not found


IKEv2 IKE proposal does not match


IKEv2 Initiator: Negotiations failed. Extra payloads present.


IKEv2 Initiator: Negotiations failed. Invalid input state.


IKEv2 Initiator: Negotiations failed. Invalid output state.


IKEv2 Initiator: Negotiations failed. Missing required payloads.


IKEv2 Initiator: Proposed IKE ID mismatch


IKEv2 Initiator: Received CREATE CHILD SA response


IKEv2 Initiator: Received IKE AUTH response


IKEv2 Initiator: Received IKE SA INT response


IKEv2 Initiator: Remote party timeout - Retransmitting IKEv2 request.


IKEv2 Initiator: Send CREATE CHILD SA request


IKEv2 Initiator: Send IKE AUTH request


IKEv2 Initiator: Send IKE SA INIT request



IKEv2 Invalid SPI size VPN IKE User Activity Warning 966 --- Standard Note String

IKEv2 Invalid state VPN IKE User Activity Warning 964 --- Standard Note String

IKEv2 IPsec attribute not found


IKEv2 IPsec proposal does not match


IKEv2 NAT device detected between negotiating peers


IKEv2 negotiation complete


IKEv2 No NAT device detected between negotiating peers


IKEv2 Out of memory VPN IKE User Activity Warning 961 --- Standard Note String

IKEv2 Payload processing error


IKEv2 Payload validation failed.


IKEv2 Peer is not responding. Negotiation aborted.


IKEv2 Process Message queue failed


IKEv2 Received delete IKE SA request


IKEv2 Received delete IKE SA response


IKEv2 Received delete IPsec SA request


IKEv2 Received delete IPsec SA response


IKEv2 Received notify error payload


IKEv2 Received notify status payload


IKEv2 Responder: Peer's destination network does not match VPN policy's Local Network


IKEv2 Responder: Peer's local network does not match VPN policy's Destination Network


IKEv2 Responder: Policy for remote IKE ID not found


IKEv2 Responder: Received CREATE CHILD SA request



IKEv2 Responder: Received IKE AUTH request


IKEv2 Responder: Received IKE SA INIT request


IKEv2 Responder: Send CREATE CHILD SA response


IKEv2 Responder: Send IKE AUTH response


IKEv2 Responder: Send IKE SA INIT response


IKEv2 Send delete IKE SA request


IKEv2 Send delete IKE SA response


IKEv2 Send delete IPsec SA request


IKEv2 Send delete IPsec SA response


IKEv2 Unable to find IKE SA


IKEv2 VPN Policy not found


Illegal IPsec SPI VPN IPsec User Activity Info 65 --- Standard Destination

Imported HA hardware ID did not match this firewall

High Availability


Imported VPN SA is invalid - disabled

Firewall Event Maintenance Warning 348 --- Standard Note String

Inbound connection from RBL-listed SMTP server dropped

RBL --- Notice 798 --- Standard

Incoming call received for Remotely Triggered Dial-out session



Incompatible IPsec Security Association

VPN IPsec User Activity Info 69 --- Standard Destination

Incorrect authentication received for Remotely Triggered Dial-out



Ini Killer attack dropped Intrusion Detection


Interface %s Link Is Down

Firewall Event System Error Error 566 647 Simple Message String

Interface %s Link Is Up Firewall Event System Error Warning 565 646 Simple Message String

Interface IP Assignment : Binding and initializing %s

Firewall Event Maintenance Info 568 --- Simple Message String

Interface IP Assignment changed: Shutting down %s



Interface statistics report GMS --- Info 805 --- Simple Interface Stats

Internet Access restricted to authorized users. Dropped packet received in the clear.

Wireless TCP | UDP | ICMP

Warning 532 --- Unused

Invalid Product Code Upgrade request received: %s

Firewall Event --- Error 704 --- Standard Message String

Invalid VLAN packet dropped

Network --- Alert 836 --- Standard Note String

IP address conflict detected from Ethernet address %s

Network Maintenance Warning 847 --- Standard Message String

IP Header checksum error

Network Access

TCP|UDP Notice 883 --- Standard

IP spoof detected on packet to Central Gateway, packet dropped

DHCP Relay Attack Error 229 533 Standard Note Ethernet Network

IP spoof dropped Intrusion Detection

Attack Alert 23 502 Standard Note Ethernet Network

IP type %s packet dropped

Network Access

LAN UDP | LAN TCP

Notice 590 --- Standard Message String

IP Comp connection interrupt

IP Comp Debug Debug 651 --- Standard

IP Comp packet dropped IP Comp TCP | UDP | ICMP

Notice 652 --- Standard Note String

IP Comp packet dropped; waiting for pending IP Comp connection

IP Comp Debug Debug 653 --- Standard

IPS Detection Alert: %s Intrusion Detection

Attack Alert 608 569 Standard IDP Message String

IPS Detection Alert: %s Intrusion Detection


IPS Prevention Alert: %s Intrusion Detection

Attack Alert 609 570 Standard IDP Message String

IPS Prevention Alert: %s Intrusion Detection


IPsec (AH) packet dropped

VPN IPsec TCP | UDP | ICMP


IPsec (AH) packet dropped; waiting for pending IPsec connection

VPN IPsec Debug Debug 536 --- Standard

IPsec (ESP) packet dropped

VPN IPsec TCP | UDP | ICMP


IPsec (ESP) packet dropped; waiting for pending IPsec connection

VPN IPsec Debug Debug 535 --- Standard

IPsec Authentication Failed

VPN IPsec Attack Error 67 508 Standard Destination

IPsec connection interrupt

Network Access

Debug Debug 43 --- Standard

IPsec Decryption Failed VPN IPsec Attack Error 68 509 Standard Destination


IPsec packet dropped Network Access

TCP | UDP | ICMP

Notice 40 --- Standard

IPsec packet dropped; waiting for pending IPsec connection

Network Access


IPsec packet from an illegal host

VPN IPsec Maintenance Info 247 --- Standard Destination

IPsec packet from or to an illegal host


IPsec Replay Detected VPN IPsec Attack Alert 180 531 Standard Note String

IPsec SA lifetime expired. VPN IPsec User Activity Info 349 --- Unused

IPsec Tunnel status changed

VPN VPN Tunnel Status

Info 427 801 Simple

ISDN Driver Firmware successfully updated


Issuer match failed VPN PKI User Activity Alert 278 --- Simple Destination

Java access denied Network Access


L2TP Connect Initiated by the User

L2TP Client Maintenance Info 216 --- Unused

L2TP Disconnect Initiated by the User

L2TP Client Maintenance Info 214 --- Unused

L2TP enabled but not ready

Unused Maintenance Info 500 --- Simple

L2TP LCP Down L2TP Client Maintenance Info 209 --- UnusedL2TP LCP Up L2TP Client Maintenance Info 213 --- UnusedL2TP Max Retransmission Exceeded


L2TP PPP Authentication Failed


L2TP PPP Down L2TP Client Maintenance Info 211 --- SimpleL2TP PPP link down L2TP Client Maintenance Info 217 --- SimpleL2TP PPP Negotiation Started


L2TP PPP Session Up L2TP Client Maintenance Info 210 --- SimpleL2TP Server: Access from L2TP VPN Client Privilege not enabled for RADIUS Users.

L2TP Server Maintenance Info 343 --- Unused

L2TP Server : Deleting the L2TP active Session

L2TP Server Maintenance Info 337 --- Standard Destination

L2TP Server: Deleting the Tunnel


L2TP Server: L2TP PPP Session Established.


L2TP Server: L2TP Session Established.


L2TP Server: L2TP Tunnel Established.


L2TP Server : Retransmission Timeout, Deleting the Tunnel



L2TP Server: User Name authentication Failure locally.


L2TP Server: Keep alive Failure. Closing Tunnel


L2TP Server: L2TP Remote terminated the PPP session


L2TP Server: L2TP Session Disconnect from the Remote.


L2TP Server: L2TP Tunnel Disconnect from the Remote.


L2TP Server: Local Authentication Failure


L2TP Server: Local Authentication Success.


L2TP Server: No IP address available in the Local IP Pool


L2TP Server: RADIUS/LDAP Authentication Success


L2TP Server: RADIUS/LDAP reports Authentication Failure


L2TP Server: RADIUS/LDAP server not assigned IP address


L2TP Server: Call Disconnect from Remote.


L2TP Server: Tunnel Disconnect from Remote.


L2TP Session Disconnect from Remote


L2TP Session Established


L2TP Session Negotiation Started


L2TP Tunnel Disconnect from Remote


L2TP Tunnel Established L2TP Client Maintenance Info 204 --- SimpleL2TP Tunnel Negotiation Started


LAN Subnet configurations were not upgraded.


Land attack dropped Intrusion Detection


LDAP server does not allow CHAP

RADIUS User Activity Warning 758 --- Standard String Service


LDAP using non-administrative account - VPN client user will not be able to change passwords

RADIUS System Error Warning 1011 --- Simple Note String

License exceeded: Connection dropped because too many IP addresses are in use on your LAN

Firewall Event System Error Error 58 608 Standard

License of HA pair doesn't match: %s

High Availability


local range: None --- Debug 85 --- UnusedLocal user login allowed Authentication

AccessUser Activity Info 31 --- Standard String

ServiceLocal user login denied - user already logged in



Local user login denied due to bad credentials



Locked-out user logins allowed - lockout period expired



Locked-out user logins allowed by administrator



Log (part None --- Debug 0 --- UnusedLog Cleared Firewall

LoggingMaintenance Info 5 --- Simple

Log Debug Firewall Event Debug Error 142 --- Simple StringLog file from SonicWALL None --- Debug 2 --- UnusedLog full; deactivating SonicWALL

Firewall Logging


Log successfully sent via email

Firewall Logging


Login screen timed out Authentication Access


MAC address collides with Static ARP Entry with Bound MAC address; packet dropped

Network --- Notice 814 --- Standard Note Ethernet Network

Machine %s removed from FIN flood blacklist

Intrusion Detection


Machine %s removed from RST flood blacklist

Intrusion Detection


Machine %s removed from SYN flood blacklist

Intrusion Detection


Malformed or unhandled IP packet dropped

Network Access

Debug Alert 522 554 Standard Destination

Maximum events per second threshold exceeded

Firewall Logging

System Error Critical 654 --- Simple


Maximum number of Bandwidth Managed rules exceeded upon upgrade to this version. Some Bandwidth settings ignored.

Firewall Event Maintenance Notice 541 --- Unused

Maximum sequential failed dial attempts (10) to a single dial-up number: %s

PPP Dial Up Attack Error 591 566 Standard Message String

Maximum syslog data per second threshold exceeded

Firewall Logging

System Error Critical 655 --- Simple

MTU: None --- Debug 189 --- UnusedMulticast application %s not supported


Multicast packet dropped, Invalid src IP received on interface : %s

Multicast --- Alert 685 --- Standard Message String

Multicast packet dropped, wrong MAC address received on interface : %s

Multicast --- Alert 684 --- Standard Message String

Multicast TCP packet dropped


Multicast UDP packet dropped, no state entry


Multicast UDP packet dropped, RTCP stateful failed


Multicast UDP packet dropped, RTP stateful failed


NAT could not remap incoming packet

Unused System Error Error 44 606 Unused

NAT device may not support IPsec AH passthrough

VPN IPsec Maintenance Info 266 --- Simple

NAT Discovery : No NAT/NAPT device detected between IPsec Security gateways


NAT Discovery : Local IPsec Security Gateway behind a NAT/NAPT Device


NAT Discovery : Peer IPsec Security Gateway behind a NAT/NAPT Device


NAT Discovery : Peer IPsec Security Gateway doesn't support VPN NAT Traversal



NAT translated packet exceeds size limit, packet dropped

Network Debug Debug 339 --- Standard

Net Spy attack dropped Intrusion Detection


NetBIOS settings were not upgraded. Use Network>IP Helper to configure NetBIOS support


NetBus attack dropped Intrusion Detection


Network for interface %s overlaps with another interface.


Network Modem Mode Disabled: re-enabling NAT

PPP Dial Up Maintenance Info 531 --- Simple

Network Modem Mode Enabled: turning off NAT


Network Monitor: Host %s is offline

Firewall Event Connection Alert 706 --- Simple Message String

Network Monitor: Host %s is online

Firewall Event Connection Alert 707 --- Simple Message String

New firmware available. Firewall Event Maintenance Info 198 --- UnusedNew URL List loaded Security

ServicesMaintenance Info 8 --- Simple

Newsgroup access allowed

Network Access


Newsgroup access denied

Network Access


No Certificate for VPN PKI User Activity Alert 280 --- Simple Destination

No HOST tag found in HTTP request

Network Access

Debug Debug 52 --- Unused

No ICMP redirect sent Unused Debug Debug 47 --- UnusedNo new URL List available

Security Services


No response from ISP Disconnecting PPPoE.


No response from PPTP server to call requests


No response from PPTP server to control connection requests


No response from server to Echo Requests, disconnecting PPTP Tunnel


No valid DNS server specified for RBL lookups

RBL --- Error 800 --- Simple

Non-config mode GUI administration session started




Not all configurations may have been completely upgraded


Not enough memory to hold the CRL

VPN PKI User Activity Warning 272 --- Simple Destination

Obtained Relay IP Table from Remote Gateway

DHCP Relay Maintenance Info 233 --- Standard

OCSP Failed to Resolve Domain Name.

VPN PKI User Activity Error 853 --- Standard Note String

OCSP Internal error handling received response.


OCSP received response error.


OCSP received response.

VPN PKI User Activity Info 850 --- Standard Note String

OCSP Resolved Domain Name.

VPN PKI User Activity Info 852 --- Standard Note String

OCSP send request message failed.


OCSP sending request. VPN PKI User Activity Info 848 --- Standard Note String

OCSP unused/spare Unused --- Debug 855 --- UnusedOutbound connection to RBL-listed SMTP server dropped

RBL --- Notice 797 --- Standard

Out-of-order command packet dropped

Network Access


Overriding Product Code Upgrade to: %s

Firewall Event --- Error 705 --- Standard Message String

Packet destination not in VPN Access list


Packet Dropped - IP TTL expired

Network Debug Warning 910 --- Standard Note String

Packet dropped by WLAN guest check


Warning 488 --- Standard Destination

Packet dropped by WLAN SSL-VPN enforcement check



Packet dropped by WLAN vpn traversal check



Packet dropped. No firewall rule associated with VPN policy.

VPN System Error Alert 739 --- Standard Note String

Packet dropped; connection limit for this destination IP address has been reached

Firewall Event System Error Alert 647 5239 Standard Note String

Packet dropped; connection limit for this source IP address has been reached

Firewall Event System Error Alert 646 5238 Standard Note String

Payload processing failed VPN IKE Debug Error 616 0 Standard Note String


PC Card inserted. Rebooting.

Firewall Hardware

--- Alert 1054 5419 Simple Message String

PC Card removed. Rebooting.

Firewall Hardware

--- Alert 1053 5418 Simple Message String

PC Card: No device detected

Firewall Hardware

--- Alert 1056 --- Simple Message String

Peer firewall rebooting (%s)

High Availability

--- Info 1057 --- Simple Message String

Physical environment normal

Firewall Hardware

--- Info 1042 5424 Simple

Ping of death dropped Intrusion Detection


PKI Error: VPN PKI Maintenance Error 417 --- UnusedPKI Failure VPN PKI Maintenance Error 447 --- UnusedPKI Failure: CA certificates store exceeded. Cannot verify this Local Certificate

VPN PKI Maintenance Error 453 --- Simple

PKI Failure: Cannot allocate memory


PKI Failure: Certificate's ID does not match this SonicWALL


PKI Failure: Duplicate local certificate


PKI Failure: Duplicate local certificate name


PKI Failure: Import failed VPN PKI Maintenance Error 451 --- SimplePKI Failure: Improper file format. Please select PKCS#12 (*.p12) file


PKI Failure: Incorrect admin password


PKI Failure: Internal error VPN PKI Maintenance Error 460 --- SimplePKI Failure: Loaded but could not verify certificate


PKI Failure: Loaded the certificate but could not verify it's chain


PKI Failure: No CA certificates yet loaded


PKI Failure: Output buffer too small


PKI Failure: public-private key mismatch


PKI Failure: Reached the limit for local certificates, cant load any more


PKI Failure: Temporary memory shortage, try again


PKI Failure: The certificate chain has no root



PKI Failure: The certificate chain is circular


PKI Failure: The certificate chain is incomplete


PKI Failure: The certificate or a certificate in the chain has a bad signature


PKI Failure: The certificate or a certificate in the chain has a validity period in the future


PKI Failure: The certificate or a certificate in the chain has expired


PKI Failure: The certificate or a certificate in the chain is corrupt


Please connect interface %s to another network to function properly


Please manually check all system configurations for correctness of Upgrade


Port configured to receive IPsec protocol ONLY; drop packet received in the clear

Network Access

TCP | UDP | ICMP


Possible FIN Flood on IF %s

Intrusion Detection


Possible FIN Flood on IF %s continues

Intrusion Detection


Possible FIN Flood on IF %s has ceased

Intrusion Detection


Possible port scan detected

Intrusion Detection


Possible RST Flood on IF %s

Intrusion Detection


Possible RST Flood on IF %s continues

Intrusion Detection


Possible RST Flood on IF %s has ceased

Intrusion Detection


Possible SYN flood attack detected

Intrusion Detection

Attack Warning 25 503 Standard

Possible SYN flood detected on WAN IF %s - switching to connection-proxy mode

Intrusion Detection


Possible SYN Flood on IF %s

Intrusion Detection


Possible SYN Flood on IF %s continues

Intrusion Detection



Possible SYN Flood on IF %s has ceased

Intrusion Detection


Power supply without redundancy

Firewall Hardware

--- Error 1043 5425 Simple

PPP Dial-Up: Connect request canceled

PPP Dial Up User Activity Info 306 --- Simple

PPP Dial-Up: Connected at %s bps - starting PPP

PPP Dial Up User Activity Info 286 --- Simple Message String

PPP Dial-Up: Connection disconnected as scheduled.

PPP Dial Up --- Info 666 --- Standard

PPP Dial-Up: Dial initiated by %s

PPP Dial Up Maintenance Info 324 --- Standard Message String

PPP Dial-Up: Dialed number did not answer


PPP Dial-Up: Dialed number is busy


PPP Dial-Up: Dialing not allowed by schedule. %s

PPP Dial Up --- Info 665 --- Standard Message String

PPP Dial-Up: Dialing: %s PPP Dial Up User Activity Info 281 --- Simple Message String

PPP Dial-Up: Failed to get IP address

PPP Dial Up User Activity Info 298 --- Unused

PPP Dial-Up: Idle time limit exceeded - disconnecting


PPP Dial-Up: Initialization : %s


PPP Dial-Up: Invalid DNS IP address returned from Dial-Up ISP; overriding using dial-up profile settings


PPP Dial-Up: Link carrier lost


PPP Dial-Up: Manual intervention needed. Check Primary Profile or Profile details


PPP Dial-Up: Maximum connection time exceeded - disconnecting


PPP Dial-Up: No dialtone detected - check phone-line connection


PPP Dial-Up: No link carrier detected - check phone number


PPP Dial-Up: No peer IP address from Dial-Up ISP, local and remote IPs will be the same


PPP Dial-Up: PPP link down



PPP Dial-Up: PPP link established


PPP Dial-Up: PPP negotiation failed - disconnecting


PPP Dial-Up: Previous session was connected for %s


PPP Dial-Up: Received new IP address

PPP Dial Up User Activity Info 299 --- Standard

PPP Dial-Up: Shutting down link


PPP Dial-Up: Starting PPP

PPP Dial Up --- Info 1037 --- Simple Message String

PPP Dial-Up: Startup without Ethernet cable, will try to dial on outbound traffic


PPP Dial-Up: The profile in use disabled VPN networking.


PPP Dial-Up: Trying to failover but Alternate Profile is manual

WAN Failover User Activity Info 434 --- Simple

PPP Dial-Up: Trying to failover but Primary Profile is manual


PPP Dial-Up: Unknown dialing failure


PPP Dial-Up: User requested connect


PPP Dial-Up: User requested disconnect


PPP Dial-Up: VPN networking restored.


PPP message: %s PPP System Environment

Info 1018 --- Standard Message String

PPP: Authentication successful

PPP User Activity Info 289 --- Simple

PPP: CHAP authentication failed - check username / password


PPP: MS-CHAP authentication failed - check username / password


PPP: PAP authentication failed - check username / password


PPP: Starting CHAP authentication


PPP: Starting MS-CHAP authentication



PPP: Starting PAP authentication


PPPoE terminated PPPoE Maintenance Info 130 --- SimplePPPoE CHAP authentication failed

PPPoE Maintenance Info 136 --- Unused

PPPoE Client: Previous session was connected for %s

PPPoE Maintenance Info 738 --- Simple Message String

PPPoE discovery process complete


PPPoE enabled but not ready


PPPoE LCP link down PPPoE Maintenance Info 129 --- SimplePPPoE LCP link up PPPoE Maintenance Info 128 --- SimplePPPoE network connected


PPPoE network disconnected


PPPoE PAP authentication Failed


PPPoE PAP authentication Failed. Please verify PPPoE username and password


PPPoE PAP authentication success.


PPPoE password changed by administrator


User Activity Info 515 --- Unused

PPPoE starting CHAP authentication


PPPoE starting PAP authentication


PPPoE user name changed by Administrator


User Activity Info 514 --- Unused

PPTP enabled but not ready


PPTP CHAP authentication failed. Please verify PPTP username and password

PPTP Maintenance Info 394 --- Unused

PPTP connect initiated by the User

PPTP Maintenance Info 390 --- Standard Destination

PPTP control connection Established


PPTP control connection negotiation started


PPTP decode failure PPTP Debug Debug 596 --- StandardPPTP disconnect initiated by the user

PPTP Maintenance Info 388 --- Standard Destination

PPTP LCP down PPTP Maintenance Info 383 --- UnusedPPTP LCP up PPTP Maintenance Info 387 --- UnusedPPTP Max Retransmission Exceeded



PPTP packet dropped Network Access

TCP | UDP | ICMP

Notice 39 --- Unused

PPTP PAP authentication failed


PPTP PAP authentication failed. Please verify PPTP username and password


PPTP PAP authentication success.


PPTP PPP authentication failed


PPTP PPP down PPTP Maintenance Info 385 --- SimplePPTP PPP link down PPTP Maintenance Info 391 --- UnusedPPTP PPP link down PPTP Maintenance Info 399 --- SimplePPTP PPP link finished PPTP Maintenance Info 400 --- SimplePPTP PPP link up PPTP Maintenance Info 398 --- SimplePPTP PPP negotiation started


PPTP PPP session up PPTP Maintenance Info 384 --- SimplePPTP server is not responding, check if the server is UP and running.


PPTP server rejected control connection


PPTP server rejected the call request


PPTP session disconnect from Remote


PPTP session established


PPTP session negotiation started


PPTP starting CHAP authentication


PPTP starting PAP authentication


PPTP tunnel disconnect from Remote


Primary firewall has transitioned to Active

High Availability


Primary firewall has transitioned to Idle

High Availability


Primary firewall preempting backup

High Availability


Primary firewall rebooting itself as it transitioned from active to idle while preempt

High Availability

--- Info 1058 --- Simple

Primary missed heartbeats from Backup

High Availability


Primary received error signal from Backup

High Availability



Primary received heartbeat from wrong source

High Availability


Primary received reboot signal from Backup

High Availability


Primary WAN link down, Backup going Active

High Availability


Primary WAN link down, Primary going Idle

High Availability


Primary WAN link up, preempting Backup

High Availability


Priority attack dropped Intrusion Detection


Probable port scan detected

Intrusion Detection

Attack Alert 83

Documents

SonicOS Enhanced 5.1 Log Event Reference Guide