Notes, Cautions, and Warnings
© 2013 Dell Inc.
Trademarks: Dell™, the DELL logo, SonicWALL™, SonicWALL GMS™, SonicWALL Analyzer™, Reassem-bly-Free Deep Packet Inspection™, Dynamic Security for the Global Network™, SonicWALL Clean VPN™, SonicWALL Clean Wireless™, SonicWALL Comprehensive Gateway Security Suite™, SonicWALL Mobile Connect™, and all other SonicWALL product and service names and slogans are trademarks of Dell Inc.
2013 – 09 P/N 232-001771-00 Rev. C
NOTE: A NOTE indicates important information that helps you make better use of your system.
CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
OverviewThis reference guide lists and describes SonicOS log event messages for SonicOS 5.8.1, 6.0.1, and 6.1. Reference a log event message by using the alphabetical index from the Log Event Message Index table of this document.
This document contains the following sections: • Log > Monitor on page 1
• Log > Categories on page 2
• Index of Log Event Messages on page 2
• Log > Syslog on page 67
• Index of Syslog Tag Field Descriptions on page 68
• Table of Values on page 79
Log > MonitorThe Dell SonicWALL security appliance maintains an Event log for tracking potential security threats. This log can be viewed by navigating to the Dashboard > Log Monitor or Log > View page, or it can be automatically sent to an email address for convenience and archiving. The log is displayed in a table and can be sorted by column.
For more information on configuring the Log Monitor page, refer to the SonicOS Administrator’s Guide.
| 1
P
e
Log > CategoriesThe Log > Categories page allows you to categorize and customize the logging functions on your Dell SonicWALL security appliance for troubleshooting and diagnostics.
For more information on configuring and managing the Log > Categories page, refer to the SonicOS Administrator’s Guide.
Index of Log Event MessagesThe following table is the Log Event Message Index, which is an alphabetical list of log event messages for the SonicOS 5.8.1,
, and 6.1 firmware.
Each log event message described in the following table provides the following log event details:
• Log Event Messages—Displays the name of the event message.
• SonicOS Category—Displays the SonicOS category type. This is the same category as Table 2: Expanded Categories on page 80.
• Legacy Category—Displays the category event type. This is the same category as Table 1: Legacy Category on page 79.
• Priority Level—Displays the level of urgency of the log event message. For additional information, you can also reference Table 3: Priority Leve on page 83.
• Log Event Message ID Number—Displays the ID number of the log event message.
• SNMP Trap Type—Displays the SNMP Trap ID number of the log event message.
Log Event Messages SonicOS Category Legacy Category Priority Level
Log
Message
ID
Number
SNM
Trap
Typ
DOS protection on WAN %s Intrusion Prevention Network Debug ALERT 1181 ‐‐‐
DOS protection on WAN begins
%s Intrusion Prevention Network Debug ALERT 1180 ‐‐‐
"As per Diagnostic Auto‐restart
configuration request, restarting
system" Firewall Event ‐‐‐ INFO 1047 ‐‐‐
2 |
01
02
3
#Web site hit Network Traffic
Syslog only – for
traffic reporting INFO 97 ‐‐‐
%s auto‐dial failed: Current
Connection Model is configured
as Ethernet Only PPP Dial‐Up System Errors ALERT 1028 ‐‐‐
%s Ethernet Port Down Firewall Event System Errors ERROR 333 641
%s Ethernet Port Up Firewall Event System Errors WARNING 332 640
%s is operational Anti‐Spam Service ‐‐‐ WARNING 1082 138
%s is unavailable Anti‐Spam Service ‐‐‐ WARNING 1083 138
<b>Registration Update
Needed:</b> Restore your
existing security service
subscriptions by clicking <a
href="/Security_Services/
enable_services.html">here</a> Security Services
System
Maintenance WARNING 496 ‐‐‐
3G/4G %s device detected Firewall Hardware
System
Environment INFO 1017 ‐‐‐
3G/4G Dial‐up: %s PPP Dial‐Up User Activity ALERT 1026 ‐‐‐
3G/4G Dial‐up: data usage limit
reached for the '%s' billing cycle.
Disconnecting the 3G/4G session. PPP Dial‐Up User Activity ALERT 1027 764
3G/4G: No SIM detected Firewall Hardware ‐‐‐ ALERT 1055 ‐‐‐
802.11 Management Wireless
802.11
Management INFO 518 ‐‐‐
A high percentage of the system
packet buffers are held waiting
for SSO
SSO Agent
Authentication User Activity ALERT 1178 ‐‐‐
A prior version of preferences
was loaded because the most
recent preferences file was
inaccessible Firewall Event System Errors WARNING 572 648
| 3
7
A SonicOS Standard to Enhanced
Upgrade was performed Firewall Event
System
Maintenance INFO 611 ‐‐‐
A user has a very high number of
connections waiting for SSO
SSO Agent
Authentication User Activity ALERT 1179 ‐‐‐
Access attempt from host out of
compliance with GSC policy Security Services
System
Maintenance INFO 761 ‐‐‐
Access attempt from host
without Anti‐Virus agent installed Security Services
System
Maintenance INFO 123 ‐‐‐
Access attempt from host
without GSC installed Security Services
System
Maintenance INFO 763 862
Access rule added Firewall Rule User Activity INFO 440 ‐‐‐
Access rule deleted Firewall Rule User Activity INFO 442 ‐‐‐
Access rule modified Firewall Rule User Activity INFO 441 ‐‐‐
Access rules restored to defaults Firewall Rule User Activity INFO 443 ‐‐‐
Access to proxy server denied Network Access Blocked Web Sites NOTICE 60 705
Active Backup detects Active
Primary: Backup going Idle High Availability
System
Maintenance INFO 154 ‐‐‐
Active/Active Clustering license is
not activated on the following
cluster units: %s High Availability ‐‐‐ ERROR 1152 ‐‐‐
ActiveX access denied Network Access Blocked Java Etc NOTICE 18 ‐‐‐
ActiveX or Java archive access
denied Network Access Blocked Java Etc NOTICE 20 ‐‐‐
ADConnector %s response timed‐
out; applying caching policy
Microsoft Active
Directory ‐‐‐ ERROR 769 ‐‐‐
Add an attack message Firewall Event Attacks ERROR 143 525
Added a new member to an LDAP
mirror user group
Remote
Authentication User Activity INFO 1192 ‐‐‐
Added host entry to dynamic
address object
Dynamic Address
Objects
System
Maintenance INFO 911 ‐‐‐
Added new LDAP mirror user
group: %s
Remote
Authentication User Activity INFO 1190 ‐‐‐
4 |
04
03
07
08
8
7
Adding Dynamic Entry for Bound
MAC Address Network ‐‐‐ INFO 813 ‐‐‐
Adding L2TP IP pool Address
object Failed. L2TP Server System Errors ERROR 603 661
Adding to multicast policyList ,
interface : %s Multicast ‐‐‐ DEBUG 697 ‐‐‐
Adding to Multicast policyList ,
VPN SPI : %s Multicast ‐‐‐ DEBUG 699 ‐‐‐
Administrator logged out
Authenticated
Access User Activity INFO 261 ‐‐‐
Administrator logged out ‐
inactivity timer expired
Authenticated
Access User Activity INFO 262 ‐‐‐
Administrator login allowed
Authenticated
Access User Activity INFO 29 ‐‐‐
Administrator login denied due
to bad credentials
Authenticated
Access Attacks ALERT 30 560
Administrator login denied from
%s; logins disabled from this
interface
Authenticated
Access Attacks ALERT 35 506
Administrator name changed
Authenticated
Access
System
Maintenance INFO 328 ‐‐‐
All DDNS associations have been
deleted DDNS
System
Maintenance INFO 783 ‐‐‐
All preference values have been
set to factory default values Firewall Event System Errors WARNING 574 650
Allowed LDAP server certificate
with wrong host name
Remote
Authentication User Activity WARNING 752 ‐‐‐
An LDAP user group nesting is not
being mirrored
Remote
Authentication User Activity WARNING 1246 ‐‐‐
Anti‐Spam service is disabled by
administrator. Anti‐Spam Service ‐‐‐ INFO 1085 138
Anti‐Spam service is enabled by
administrator. Anti‐Spam Service ‐‐‐ INFO 1084 138
Anti‐Spam Startup Failure ‐ %s Anti‐Spam Service ‐‐‐ WARNING 1088 138
Anti‐Spam Teardown Failure ‐ %s Anti‐Spam Service ‐‐‐ WARNING 1089 138
Anti‐Spyware Detection Alert: %s Intrusion Prevention Attacks ALERT 795 643
Anti‐Spyware Prevention Alert:
%s Intrusion Prevention Attacks ALERT 794 643
| 5
1
01
02
01
Anti‐Spyware Service Expired Security Services
System
Maintenance WARNING 796 863
Anti‐Virus agent out‐of‐date on
host Security Services
System
Maintenance INFO 124 ‐‐‐
Anti‐Virus Licenses Exceeded Security Services
System
Maintenance INFO 408 ‐‐‐
Appflow Server Event App Flow Server ‐‐‐ INFO 1263 ‐‐‐
Application Control Detection
Alert: %s Application Control ‐‐‐ ALERT 1154 150
Application Control Prevention
Alert: %s Application Control ‐‐‐ ALERT 1155 150
Application Filter Detection Alert:
%s Intrusion Prevention Attacks ALERT 650 ‐‐‐
Application Filters Block Alert: %s Intrusion Prevention Attacks ALERT 649 ‐‐‐
Application Firewall Alert: %s App Rules User Activity ALERT 793 132
ARP request packet received Network ‐‐‐ INFO 717 ‐‐‐
ARP request packet sent Network ‐‐‐ INFO 715 ‐‐‐
ARP response packet received Network ‐‐‐ INFO 716 ‐‐‐
ARP response packet sent Network ‐‐‐ INFO 718 ‐‐‐
ARP timeout Network Network Debug DEBUG 45 ‐‐‐
Assigned IP address %s DHCP Server ‐‐‐ INFO 1110 ‐‐‐
Association Flood from WLAN
station WLAN IDS
Expanded – WLAN
IDS activity ALERT 548 903
Attempt to contact Remote
backup server for upload
approval failed Firewall Event
System
Maintenance DEBUG 1160 ‐‐‐
Authentication timeout during
Remotely Triggered Dial‐out
session
Authenticated
Access User Activity INFO 821 ‐‐‐
6 |
Back Orifice attack dropped Intrusion Prevention Attacks ALERT 73 512
Backup active High Availability System Errors INFO 825 ‐‐‐
Backup firewall being preempted
by Primary High Availability System Errors ERROR 152 619
Backup firewall has transitioned
to Active High Availability
System
Maintenance ALERT 145 ‐‐‐
Backup firewall has transitioned
to Idle High Availability
System
Maintenance ALERT 147 ‐‐‐
Backup firewall rebooting itself
as it transitioned from Active to
Idle while Preempt High Availability ‐‐‐ INFO 1059 ‐‐‐
Backup going Active in preempt
mode Application Firewall reboot High Availability System Errors ERROR 170 622
Backup missed heartbeats from
Primary High Availability System Errors ERROR 149 616
Backup received error signal
from Primary High Availability System Errors ERROR 151 618
Backup received heartbeat from
wrong source High Availability
System
Maintenance INFO 161 ‐‐‐
Backup received reboot signal
from Primary High Availability System Errors ERROR 672 666
Backup remote server did not
approve upload request Firewall Event
System
Maintenance DEBUG 1161 ‐‐‐
Backup shut down because
license is expired High Availability System Errors ERROR 824 ‐‐‐
Backup WAN link down, Primary
going Active High Availability System Errors ERROR 219 633
Backup will be shut down in %s
minutes High Availability System Errors ERROR 823 ‐‐‐
Bad CRL format VPN PKI User Activity ALERT 277 ‐‐‐
Bind to LDAP server failed
Remote
Authentication System Errors ERROR 1009 ‐‐‐
Blocked Quick Mode for Client
using Default KeyId VPN Client System Errors ERROR 505 660
BOOTP Client IP address on LAN
conflicts with remote device IP,
deleting IP address from remote
table BOOTP
System
Maintenance INFO 619 ‐‐‐
BOOTP reply relayed to local
device BOOTP
System
Maintenance INFO 620 ‐‐‐
| 7
BOOTP Request received from
remote device BOOTP Network Debug DEBUG 621 ‐‐‐
BOOTP server response relayed
to remote device BOOTP Network Debug DEBUG 618 ‐‐‐
Broadcast packet dropped Network Access Network Debug DEBUG 46 ‐‐‐
Cannot connect to the CRL server VPN PKI User Activity ALERT 274 ‐‐‐
Cannot Validate Issuer Path VPN PKI User Activity ALERT 878 ‐‐‐
Certificate on Revoked list(CRL) VPN PKI User Activity ALERT 279 ‐‐‐
CFL auto‐download disabled,
time problem detected Security Services
System
Maintenance INFO 268 ‐‐‐
Chat %s PPP Dial‐Up User Activity INFO 1022 ‐‐‐
Chat completed PPP Dial‐Up User Activity INFO 1020 ‐‐‐
Chat failed: %s PPP Dial‐Up User Activity INFO 1023 ‐‐‐
Chat started PPP Dial‐Up User Activity INFO 1019 ‐‐‐
Chat started by '%s' PPP Dial‐Up User Activity INFO 1032 ‐‐‐
Chat wrote '%s' PPP Dial‐Up User Activity INFO 1021 ‐‐‐
CLI administrator logged out
Authenticated
Access User Activity INFO 520 ‐‐‐
CLI administrator login allowed
Authenticated
Access User Activity INFO 199 ‐‐‐
CLI administrator login denied
due to bad credentials
Authenticated
Access User Activity WARNING 200 ‐‐‐
Computed hash does not match
hash received from peer;
preshared key mismatch VPN IKE User Activity WARNING 410 ‐‐‐
Configuration mode
administration session ended
Authenticated
Access User Activity INFO 995 ‐‐‐
Configuration mode
administration session started
Authenticated
Access User Activity INFO 994 ‐‐‐
8 |
02
Connection Closed Network Traffic
Syslog only ‐ for
traffic reporting INFO 537 ‐‐‐
Connection Opened Network Traffic
Syslog only ‐ for
traffic reporting INFO 98 ‐‐‐
Connection timed out VPN PKI User Activity ALERT 273 ‐‐‐
Content filter subscription
expired. Security Services System Errors ERROR 197 631
Cookie removed Network Access Blocked Java Etc NOTICE 21 ‐‐‐
CPU reaches 80% utilization for
more than 10 seconds. Firewall Hardware ‐‐‐ ALERT 1248 170
CRL has expired VPN PKI User Activity ALERT 874 ‐‐‐
CRL loaded from VPN PKI User Activity INFO 270 ‐‐‐
CRL missing ‐ Issuer requires CRL
checking. VPN PKI User Activity ALERT 876 ‐‐‐
CRL validation failure for Root
Certificate VPN PKI User Activity ALERT 877 ‐‐‐
Crypto DES test failed Crypto Test
System
Maintenance ERROR 360 ‐‐‐
Crypto DH test failed Crypto Test
System
Maintenance ERROR 361 ‐‐‐
Crypto hardware 3DES test failed Crypto Test
System
Maintenance ERROR 367 ‐‐‐
Crypto Hardware 3DES with SHA
test failed Crypto Test
System
Maintenance ERROR 369 ‐‐‐
Crypto Hardware AES test failed Crypto Test
System
Maintenance ERROR 610 ‐‐‐
Crypto hardware DES test failed Crypto Test
System
Maintenance ERROR 366 ‐‐‐
Crypto hardware DES with SHA
test failed Crypto Test
System
Maintenance ERROR 368 ‐‐‐
Crypto Hmac‐MD5 fest failed Crypto Test
System
Maintenance ERROR 362 ‐‐‐
Crypto Hmac‐Sha1 test failed Crypto Test
System
Maintenance ERROR 363 ‐‐‐
| 9
04
03
Crypto MD5 test failed Crypto Test
System
Maintenance ERROR 370 ‐‐‐
Crypto RSA test failed Crypto Test
System
Maintenance ERROR 364 ‐‐‐
Crypto SHA1 based DRNG KAT
test failed Crypto Test ‐‐‐ ERROR 1060 ‐‐‐
Crypto Sha1 test failed Crypto Test
System
Maintenance ERROR 365 ‐‐‐
CSR Generation: %s VPN PKI ‐‐‐ INFO 1109 ‐‐‐
Current dynamic NAT translation
count is more than 50% of the
configured maximum. Firewall Hardware ‐‐‐ ALERT 1250 170
Current session count is more
than 50% of the supported
maximum. Firewall Hardware ‐‐‐ ALERT 1249 170
DDNS association %s disabled DDNS
System
Maintenance INFO 781 ‐‐‐
DDNS association %s enabled DDNS
System
Maintenance INFO 780 ‐‐‐
DDNS association %s added DDNS
System
Maintenance INFO 779 ‐‐‐
DDNS association %s deactivated DDNS
System
Maintenance INFO 784 ‐‐‐
DDNS association %s deleted DDNS
System
Maintenance INFO 785 ‐‐‐
DDNS Association %s put on line DDNS
System
Maintenance INFO 782 ‐‐‐
DDNS association %s taken
Offline locally DDNS
System
Maintenance INFO 778 ‐‐‐
DDNS association %s updated DDNS ‐‐‐ INFO 786 ‐‐‐
DDNS Failure: Provider %s DDNS System Errors ERROR 774 ‐‐‐
DDNS Failure: Provider %s DDNS System Errors ERROR 775 ‐‐‐
DDNS Failure: Provider %s DDNS System Errors ERROR 773 ‐‐‐
DDNS Update success for domain
%s DDNS
System
Maintenance INFO 776 ‐‐‐
DDNS Warning: Provider %s DDNS System Errors WARNING 777 ‐‐‐
10 |
Default to not blacklisted Anti‐Spam Service ‐‐‐ DEBUG 1144 ‐‐‐
Delete invalid scope because port
ip in the range of this DHCP
scope. DHCP Server ‐‐‐ WARNING 1184 ‐‐‐
Deleted LDAP mirror user group:
%s
Remote
Authentication User Activity INFO 1191 ‐‐‐
Deleting from Multicast policy
list, interface : %s Multicast ‐‐‐ DEBUG 698 ‐‐‐
Deleting from Multicast policy
list, VPN SPI : %s Multicast ‐‐‐ DEBUG 700 ‐‐‐
Deleting IPsec SA VPN IKE User Activity INFO 92 ‐‐‐
Deleting IPsec SA for destination VPN IKE User Activity INFO 91 ‐‐‐
Deleting IPsec SA. (Phase 2) VPN IKE User Activity DEBUG 1183 ‐‐‐
Destination IP address
connection status: %s Firewall Event ‐‐‐ INFO 735 ‐‐‐
DHCP client enabled but not
ready DHCP Client
System
Maintenance INFO 504 ‐‐‐
DHCP Client did not get DHCP
ACK. DHCP Client
System
Maintenance INFO 109 ‐‐‐
DHCP Client failed to verify and
lease has expired. Go to INIT
state. DHCP Client
System
Maintenance INFO 119 ‐‐‐
DHCP Client failed to verify and
lease is still valid. Go to BOUND
state. DHCP Client
System
Maintenance INFO 120 ‐‐‐
DHCP Client got a new IP address
lease. DHCP Client
System
Maintenance INFO 121 ‐‐‐
DHCP Client got ACK from server. DHCP Client
System
Maintenance INFO 111 ‐‐‐
DHCP Client got NACK. DHCP Client
System
Maintenance INFO 110 ‐‐‐
DHCP Client is declining address
offered by the server. DHCP Client
System
Maintenance INFO 112 ‐‐‐
DHCP Client sending REQUEST
and going to REBIND state. DHCP Client
System
Maintenance INFO 113 ‐‐‐
DHCP Client sending REQUEST
and going to RENEW state. DHCP Client
System
Maintenance INFO 114 ‐‐‐
| 11
DHCP DECLINE received from
remote device DHCP Relay Network Debug INFO 475 ‐‐‐
DHCP DISCOVER received from
local device DHCP Relay Network Debug INFO 479 ‐‐‐
DHCP DISCOVER received from
remote device DHCP Relay Network Debug INFO 474 ‐‐‐
DHCP INFORM received from
remote device DHCP Relay Network Debug INFO 1215 ‐‐‐
DHCP lease dropped. Lease from
Central Gateway conflicts with
Relay IP DHCP Relay
System
Maintenance WARNING 228 ‐‐‐
DHCP lease dropped. Lease from
Central Gateway conflicts with
Remote Management IP DHCP Relay
System
Maintenance WARNING 484 ‐‐‐
DHCP lease file in the flash is
corrupted; read failed Firewall Event System Errors WARNING 833 ‐‐‐
DHCP lease relayed to local
device DHCP Relay
System
Maintenance INFO 223 ‐‐‐
DHCP lease relayed to remote
device DHCP Relay Network Debug INFO 225 ‐‐‐
DHCP lease to LAN device
conflicts with remote device,
deleting remote IP entry DHCP Relay
System
Maintenance INFO 226 ‐‐‐
DHCP leases written to flash Firewall Event
System
Maintenance INFO 835 ‐‐‐
DHCP NACK received from server DHCP Relay Network Debug INFO 477 ‐‐‐
DHCP OFFER received from
server DHCP Relay Network Debug INFO 476 ‐‐‐
DHCP RELEASE received from
remote device DHCP Relay Network Debug INFO 224 ‐‐‐
DHCP RELEASE relayed to Central
Gateway DHCP Relay
System
Maintenance INFO 222 ‐‐‐
DHCP REQUEST received from
local device DHCP Relay Network Debug INFO 480 ‐‐‐
DHCP REQUEST received from
remote device DHCP Relay Network Debug INFO 473 ‐‐‐
DHCP Scopes altered
automatically due to change in
network settings for interface %s Firewall Event ‐‐‐ INFO 832 ‐‐‐
12 |
3
DHCP Server not available. Did
not get any DHCP OFFER. DHCP Client
System
Maintenance INFO 106 ‐‐‐
DHCP Server sanity check failed
%s Firewall Event ‐‐‐ CRITICAL 1072 ‐‐‐
DHCP Server sanity check passed
%s Firewall Event ‐‐‐ CRITICAL 1071 ‐‐‐
DHCP Server: IP conflict detected Firewall Event ‐‐‐ ALERT 1040 ‐‐‐
DHCP Server: Received DHCP
decline from client Firewall Event ‐‐‐ ALERT 1041 ‐‐‐
DHCP Server: Received DHCP
message from untrusted relay
agent Firewall Event ‐‐‐ NOTICE 1090 ‐‐‐
DHCPv6 lease file in the flash is
corrupted; read failed Network ‐‐‐ WARNING 1259 ‐‐‐
DHCPv6 leases written to flash Network ‐‐‐ INFO 1261 ‐‐‐
Diagnostic Auto‐restart canceled Firewall Event ‐‐‐ INFO 1046 ‐‐‐
Diagnostic Auto‐restart
scheduled for %s minutes from
now Firewall Event ‐‐‐ INFO 1045 ‐‐‐
Diagnostic Code A Firewall Hardware System Errors ERROR 93 611
Diagnostic Code B Firewall Hardware System Errors ERROR 94 612
Diagnostic Code C Firewall Hardware System Errors ERROR 95 613
Diagnostic Code D Firewall Hardware System Errors ERROR 64 610
Diagnostic Code E VPN IPSec System Errors ERROR 61 609
Diagnostic Code F Firewall Hardware System Errors ERROR 164 621
Diagnostic Code G Firewall Hardware System Errors ERROR 599 655
Diagnostic Code H Firewall Hardware System Errors ERROR 600 656
Diagnostic Code I Firewall Hardware System Errors ERROR 601 657
Diagnostic Code J Firewall Hardware System Errors ERROR 1025 542
| 13
6
4
Dial‐up: Session initiated by data
packet PPP Dial‐Up ‐‐‐ INFO 1039 ‐‐‐
Dial‐up: Traffic generated by '%s' PPP Dial‐Up ‐‐‐ INFO 1038 ‐‐‐
Disconnecting L2TP Tunnel due
to traffic timeout L2TP Client
System
Maintenance INFO 215 ‐‐‐
Disconnecting PPPoE due to
traffic timeout PPPoE
System
Maintenance INFO 168 ‐‐‐
Disconnecting PPTP Tunnel due
to traffic timeout PPTP
System
Maintenance INFO 389 ‐‐‐
Discovered HA %s Firewall High Availability ‐‐‐ INFO 1044 ‐‐‐
Discovered HA Backup Firewall High Availability
System
Maintenance INFO 156 ‐‐‐
DNS packet allowed Network Access Network Debug INFO 602 ‐‐‐
DNS rebind attack blocked Intrusion Prevention ‐‐‐ ALERT 1099 646
DOS protection on WAN %s Intrusion Prevention Network Debug ALERT 1182 ‐‐‐
DPI‐SSL: %s DPI‐SSL Network Access INFO 791 ‐‐‐
Drop WLAN traffic from non‐
SonicPoint devices Intrusion Prevention Attack ERROR 662 643
DSL: %s Device Down DSL ‐‐‐ ALERT 1186 ‐‐‐
DSL: %s Device Up DSL ‐‐‐ ALERT 1185 ‐‐‐
DSL: %s WAN is connected DSL ‐‐‐ ALERT 1187 ‐‐‐
DSL: %s WAN is initializing DSL ‐‐‐ ALERT 1188 ‐‐‐
Duplicate packet dropped Network Access Network Debug DEBUG 51 ‐‐‐
Dynamic IPsec client connected VPN IPSec User Activity INFO 62 ‐‐‐
E1 T1 Layer 1 status: Controlled
slip E1‐T1 ‐‐‐ INFO 1167 ‐‐‐
E1 T1 Layer 1 status: No frame
synchronization E1‐T1 ‐‐‐ INFO 1164 ‐‐‐
14 |
E1 T1 Layer 1 status: No
multiframe synchronization E1‐T1 ‐‐‐ INFO 1165 ‐‐‐
E1 T1 Layer 1 status: No signal E1‐T1 ‐‐‐ INFO 1163 ‐‐‐
E1 T1 Layer 1 status: OK E1‐T1 ‐‐‐ INFO 1168 ‐‐‐
E1 T1 Layer 1 status: Remote
alarm detected E1‐T1 ‐‐‐ INFO 1166 ‐‐‐
EIGRP packet dropped Network Access Network Debug NOTICE 714 ‐‐‐
E‐Mail fragment dropped Intrusion Prevention Attacks ERROR 437 550
Entering FIPS ERROR state Crypto Test
System
Maintenance ERROR 359 ‐‐‐
Entering FIPS Error State. Crypto Test System Errors ERROR 497 659
Error initializing Hardware
acceleration for VPN Firewall Hardware
System
Maintenance ERROR 374 ‐‐‐
Error Rebooting HA Peer Firewall High Availability System Errors ERROR 669 663
Error setting the IP address of the
backup, please manually set to
backup LAN IP High Availability System Errors ERROR 191 629
Error synchronizing HA peer
firewall (%s) High Availability System Errors ERROR 158 662
Error updating HA peer
configuration High Availability System Errors ERROR 192 630
ERROR: DHCP over VPN policy is
not defined. Cannot start IKE. DHCP Relay
System
Maintenance INFO 478 ‐‐‐
Exceeded Max multicast address
limit Multicast ‐‐‐ WARNING 703 ‐‐‐
External Web Server Host
Resolution Failed %s
Authenticated
Access ‐‐‐ ERROR 1069 ‐‐‐
Failed on updating time from NTP
server System ‐‐‐ NOTICE 1230 ‐‐‐
Failed payload validation VPN IKE User Activity WARNING 405 ‐‐‐
Failed payload verification
Application Firewall decryption;
possible preshared key mismatch VPN IKE User Activity WARNING 404 ‐‐‐
Failed to add a member to an
LDAP mirror user group
Remote
Authentication User Activity WARNING 1245 ‐‐‐
| 15
8
4
Failed to add an LDAP mirror user
group
Remote
Authentication User Activity WARNING 1244 ‐‐‐
Failed to find certificate VPN PKI User Activity ALERT 875 ‐‐‐
Failed to get CRL from VPN PKI User Activity ALERT 271 ‐‐‐
Failed to insert entry into GRID
result IP cached table Anti‐Spam Service ‐‐‐ DEBUG 1145 ‐‐‐
Failed to Process CRL from VPN PKI User Activity ALERT 276 ‐‐‐
Failed to resolve name Network
System
Maintenance INFO 84 ‐‐‐
Failed to send file to remote
backup server, Error: %s Firewall Event
System
Maintenance INFO 1066 ‐‐‐
Failed to send Preference file to
remote backup server, Error: %s Firewall Event
System
Maintenance INFO 1062 ‐‐‐
Failed to send TSR file to remote
backup server, Error: %s Firewall Event
System
Maintenance INFO 1064 ‐‐‐
Failed to synchronize license
information with Licensing
Server. %s Security Services
System
Maintenance WARNING 766 862
Failed to synchronize Relay IP
Table DHCP Relay System Errors WARNING 234 632
Failed to write DHCP leases to
flash Firewall Event System Errors WARNING 834 ‐‐‐
Failed to write DHCPv6 leases to
flash Network ‐‐‐ WARNING 1260 ‐‐‐
Failed VPN I/O processing VPN IKE User Activity ERROR 1234 ‐‐‐
Failure to reach Interface %s
probe High Availability System Errors ERROR 675 623
Fan Failure Firewall Hardware
System
Environment ALERT 576 102
FIN Flood Blacklist on IF %s
continues Intrusion Prevention Network Debug WARNING 902 ‐‐‐
FIN‐Flooding machine %s
blacklisted Intrusion Prevention Network Debug ALERT 901 ‐‐‐
Forbidden E‐Mail attachment
deleted Intrusion Prevention Attacks ERROR 248 534
Forbidden E‐Mail attachment
disabled Intrusion Prevention Attacks ALERT 165 527
16 |
04
2
3
Found Rogue Access Point WLAN IDS WLAN IDS ALERT 546 901
Found Rogue Access Point WLAN IDS WLAN IDS ALERT 556 108
Fragmented packet dropped Network
Dropped TCP |
Dropped UDP |
Dropped ICMP NOTICE 28 ‐‐‐
Fraudulent Microsoft certificate
found; access denied Intrusion Prevention Attacks ERROR 193 532
FTP client user logged in failed FTP ‐‐‐ DEBUG 1115 ‐‐‐
FTP client user logged in
successfully FTP ‐‐‐ DEBUG 1114 ‐‐‐
FTP client user logged out FTP ‐‐‐ DEBUG 1116 ‐‐‐
FTP client user name was sent FTP ‐‐‐ DEBUG 1113 ‐‐‐
FTP server accepted the
connection FTP ‐‐‐ DEBUG 1112 ‐‐‐
FTP: Data connection from non
default port dropped Network Access Attacks ALERT 538 557
FTP: PASV response bounce
attack dropped Intrusion Prevention Attacks ALERT 528 556
FTP: PASV response spoof attack
dropped Intrusion Prevention Attacks ERROR 446 551
FTP: PORT bounce attack
dropped. Intrusion Prevention Attacks ALERT 527 555
Gateway Anti‐Virus Alert: %s Security Services Attacks ALERT 809 863
Gateway Anti‐Virus Service
expired Security Services
System
Maintenance WARNING 810 863
Global VPN Client connection is
not allowed. Appliance is not
registered. VPN Client System Errors INFO 529 643
Global VPN Client License
Exceeded: Connection denied. VPN Client System Errors INFO 494 658
Global VPN Client version cannot
enforce personal firewall.
Minimum Version required is 2.1 VPN Client User Activity INFO 604 ‐‐‐
| 17
GMS or syslog server name
lookup failed ‐ try again in 60
secs. Firewall Event ‐‐‐ ERROR 1156 ‐‐‐
Got DHCP OFFER. Selecting. DHCP Client
System
Maintenance INFO 107 ‐‐‐
GSC policy out‐of‐date on host Security Services
System
Maintenance INFO 762 ‐‐‐
Guest account '%s' created
Authenticated
Access User Activity INFO 558 ‐‐‐
Guest account '%s' deleted
Authenticated
Access User Activity INFO 559 ‐‐‐
Guest account '%s' disabled
Authenticated
Access User Activity INFO 560 ‐‐‐
Guest account '%s' pruned
Authenticated
Access User Activity INFO 562 ‐‐‐
Guest account '%s' re‐enabled
Authenticated
Access User Activity INFO 561 ‐‐‐
Guest account '%s' re‐generated
Authenticated
Access User Activity INFO 563 ‐‐‐
Guest Account Timeout
Authenticated
Access User Activity INFO 551 ‐‐‐
Guest Idle Timeout
Authenticated
Access User Activity INFO 564 ‐‐‐
Guest login denied. Guest '%s' is
already logged in. Please try
again later.
Authenticated
Access User Activity INFO 557 ‐‐‐
Guest policy accepted User Activity ‐‐‐ INFO 1228 ‐‐‐
Guest Services drop traffic to
deny network Network Access ‐‐‐ INFO 724 ‐‐‐
Guest Services pass traffic to
access allow network Network Access ‐‐‐ INFO 725 ‐‐‐
Guest Session Timeout
Authenticated
Access User Activity INFO 550 ‐‐‐
Guest traffic quota exceeded User Activity ‐‐‐ INFO 1227 ‐‐‐
GUI administration session
ended
Authenticated
Access User Activity INFO 998 ‐‐‐
H.323/H.225 Connect VoIP
Expanded – VoIP
activity DEBUG 634 ‐‐‐
18 |
H.323/H.225 Setup VoIP
Expanded – VoIP
activity DEBUG 633 ‐‐‐
H.323/H.245 Address VoIP
Expanded – VoIP
activity DEBUG 635 ‐‐‐
H.323/H.245 End Session VoIP
Expanded – VoIP
activity DEBUG 636 ‐‐‐
H.323/RAS Admission Confirm VoIP
Expanded – VoIP
activity DEBUG 625 ‐‐‐
H.323/RAS Admission Reject VoIP
Expanded – VoIP
activity DEBUG 624 ‐‐‐
H.323/RAS Admission Request VoIP
Expanded – VoIP
activity DEBUG 626 ‐‐‐
H.323/RAS Bandwidth Reject VoIP
Expanded – VoIP
activity DEBUG 627 ‐‐‐
H.323/RAS Disengage Confirm VoIP
Expanded – VoIP
activity DEBUG 628 ‐‐‐
H.323/RAS Disengage Reject VoIP
Expanded – VoIP
activity DEBUG 641 ‐‐‐
H.323/RAS Gatekeeper Reject VoIP
Expanded – VoIP
activity DEBUG 629 ‐‐‐
H.323/RAS Location Confirm VoIP
Expanded – VoIP
activity DEBUG 630 ‐‐‐
H.323/RAS Location Reject VoIP
Expanded – VoIP
activity DEBUG 631 ‐‐‐
H.323/RAS Registration Reject VoIP
Expanded – VoIP
activity DEBUG 632 ‐‐‐
H.323/RAS Unknown Message
Response VoIP
Expanded – VoIP
activity DEBUG 640 ‐‐‐
H.323/RAS Unregistration Reject VoIP
Expanded – VoIP
activity DEBUG 642 ‐‐‐
HA packet processing error High Availability
System
Maintenance INFO 162 ‐‐‐
HA Peer Firewall Rebooted High Availability
System
Maintenance INFO 668 ‐‐‐
HA Peer Firewall Synchronized High Availability
System
Maintenance INFO 157 ‐‐‐
Hardware Failover settings were
not upgraded Firewall Event
System
Maintenance INFO 743 ‐‐‐
Header verification failed VPN IKE User Activity WARNING 587 ‐‐‐
Heartbeat received from
incompatible source High Availability
System
Maintenance INFO 163 ‐‐‐
| 19
High Availability has been
enabled and Dial‐Up device(s) are
not supported in High Availability
processing High Availability ‐‐‐ INFO 1125 ‐‐‐
Host IP address not in GRID List Anti‐Spam Service ‐‐‐ DEBUG 1141 ‐‐‐
HTTP management port has
changed Firewall Event
System
Maintenance INFO 340 ‐‐‐
HTTP method detected;
examining stream for host
header Network Access Dropped TCP DEBUG 882 ‐‐‐
HTTPS Handshake: %s Network ‐‐‐ INFO 1226 ‐‐‐
HTTPS management port has
changed Firewall Event
System
Maintenance INFO 341 ‐‐‐
ICMP checksum error; packet
dropped Network Access Dropped UDP NOTICE 886 ‐‐‐
ICMP packet allowed Network Access Network Debug INFO 597 ‐‐‐
ICMP packet dropped due to
policy Network Access Dropped ICMP NOTICE 38 ‐‐‐
ICMP packet dropped no match Network Access Dropped ICMP NOTICE 523 ‐‐‐
ICMP packet from LAN allowed Network Access Network Debug INFO 598 ‐‐‐
ICMP packet from LAN dropped Network Access
Dropped LAN
ICMP | Dropped
LAN TCP NOTICE 175 ‐‐‐
ICMPv6 packet allowed Network ‐‐‐ INFO 1256 ‐‐‐
ICMPv6 packet dropped due to
policy Network ‐‐‐ NOTICE 1257 ‐‐‐
ICMPv6 packet from LAN allowed Network ‐‐‐ INFO 1255 ‐‐‐
ICMPv6 packet from LAN
dropped Network ‐‐‐ NOTICE 1254 ‐‐‐
If not already enabled, enabling
NTP is recommended Firewall Hardware System Errors WARNING 540 645
IGMP packet dropped, wrong
checksum received on interface
%s Multicast ‐‐‐ NOTICE 683 ‐‐‐
20 |
IGMP Leave group message
Received on interface %s Multicast ‐‐‐ INFO 682 ‐‐‐
IGMP packet dropped, decoding
error Multicast ‐‐‐ NOTICE 686 ‐‐‐
IGMP Packet Not handled. Packet
type : %s Multicast ‐‐‐ NOTICE 687 ‐‐‐
IGMP querier Router detected on
interface %s Multicast ‐‐‐ DEBUG 701 ‐‐‐
IGMP querier Router detected on
VPN tunnel , SPI %S Multicast ‐‐‐ DEBUG 702 ‐‐‐
IGMP state table entry time
out,deleting interface : %s for
multicast address : %s Multicast ‐‐‐ DEBUG 692 ‐‐‐
IGMP state table entry time
out,deleting VPN SPI :%s for
Multicast address : %s Multicast ‐‐‐ DEBUG 693 ‐‐‐
IGMP V2 client joined multicast
Group : %s Multicast ‐‐‐ INFO 676 ‐‐‐
IGMP V2 Membership report
received from interface %s Multicast ‐‐‐ DEBUG 679 ‐‐‐
IGMP V3 client joined multicast
Group : %s Multicast ‐‐‐ INFO 677 ‐‐‐
IGMP V3 Membership report
received from interface %s Multicast ‐‐‐ DEBUG 678 ‐‐‐
IGMP V3 packet dropped,
unsupported Record type : %s Multicast ‐‐‐ NOTICE 688 ‐‐‐
IGMP V3 record type : %s not
Handled Multicast ‐‐‐ DEBUG 689 ‐‐‐
IKE Initiator drop: VPN tunnel
end point does not match
configured VPN Policy Bound to
scope VPN IKE User Activity INFO 544 ‐‐‐
IKE Initiator: Accepting IPsec
proposal (Phase 2) VPN IKE User Activity INFO 372 ‐‐‐
IKE Initiator: Accepting peer
lifetime. (Phase 1) VPN IKE User Activity INFO 445 ‐‐‐
IKE Initiator: Aggressive Mode
complete (Phase 1). VPN IKE User Activity INFO 354 ‐‐‐
IKE Initiator: IKE proposal does
not match (Phase 1) VPN IKE User Activity WARNING 937 ‐‐‐
| 21
IKE Initiator: Main Mode
complete (Phase 1) VPN IKE User Activity INFO 353 ‐‐‐
IKE Initiator: Proposed IKE ID
mismatch VPN IKE User Activity WARNING 933 ‐‐‐
IKE Initiator: Remote party
timeout ‐ Retransmitting IKE
request. VPN IKE User Activity INFO 930 ‐‐‐
IKE Initiator: Start Aggressive
Mode negotiation (Phase 1) VPN IKE User Activity INFO 358 ‐‐‐
IKE Initiator: Start Main Mode
negotiation (Phase 1) VPN IKE User Activity INFO 351 ‐‐‐
IKE Initiator: Start Quick Mode
(Phase 2). VPN IKE User Activity INFO 346 ‐‐‐
IKE Initiator: Using secondary
gateway to negotiate VPN IKE User Activity INFO 543 ‐‐‐
IKE negotiation aborted due to
timeout VPN IKE User Activity INFO 403 ‐‐‐
IKE negotiation complete. Adding
IPsec SA. (Phase 2) VPN IKE User Activity INFO 89 ‐‐‐
IKE Responder drop: VPN tunnel
end point does not match
configured VPN Policy Bound to
scope VPN IKE User Activity INFO 545 ‐‐‐
IKE Responder: %s policy does
not allow static IP for Virtual
Adapter. VPN Client System Errors ERROR 660 ‐‐‐
IKE Responder: Accepting IPsec
proposal (Phase 2) VPN IKE User Activity INFO 87 ‐‐‐
IKE Responder: Aggressive Mode
complete (Phase 1) VPN IKE User Activity INFO 373 ‐‐‐
IKE Responder: AH
authentication algorithm does
not match VPN IKE User Activity WARNING 920 ‐‐‐
IKE Responder: AH
authentication key length does
not match VPN IKE User Activity WARNING 923 ‐‐‐
IKE Responder: AH
authentication key rounds does
not match VPN IKE User Activity WARNING 926 ‐‐‐
IKE Responder: AH Perfect
Forward Secrecy mismatch VPN IKE User Activity WARNING 258 544
22 |
IKE Responder: Algorithms and/
or keys do not match VPN IKE User Activity WARNING 260 546
IKE Responder: Client Policy has
no VPN Access Networks
assigned. Check Configuration. VPN IKE System Errors ERROR 965 ‐‐‐
IKE Responder: Default LAN
gateway is not set but peer is
proposing to use this SA as a
default route VPN IKE Attacks ERROR 516 553
IKE Responder: Default LAN
gateway is set but peer is not
proposing to use this SA as a
default route VPN IKE User Activity WARNING 253 539
IKE Responder: ESP
authentication algorithm does
not match VPN IKE User Activity WARNING 922 ‐‐‐
IKE Responder: ESP
authentication key length does
not match VPN IKE User Activity WARNING 925 ‐‐‐
IKE Responder: ESP
authentication key rounds does
not match VPN IKE User Activity WARNING 928 ‐‐‐
IKE Responder: ESP encryption
algorithm does not match VPN IKE User Activity WARNING 921 ‐‐‐
IKE Responder: ESP encryption
key length does not match VPN IKE User Activity WARNING 924 ‐‐‐
IKE Responder: ESP encryption
key rounds does not match VPN IKE User Activity WARNING 927 ‐‐‐
IKE Responder: ESP mode
mismatch Local ‐ Transport
Remote ‐ Tunnel VPN IKE User Activity WARNING 1128 ‐‐‐
IKE Responder: ESP mode
mismatch Local ‐ Tunnel Remote
‐ Transport VPN IKE User Activity WARNING 1127 ‐‐‐
IKE Responder: ESP Perfect
Forward Secrecy mismatch VPN IKE User Activity WARNING 259 545
IKE Responder: IKE Phase 1
exchange does not match VPN IKE User Activity ERROR 1036 ‐‐‐
IKE Responder: IKE proposal does
not match (Phase 1) VPN IKE User Activity WARNING 402 ‐‐‐
| 23
IKE Responder: IP Address
already exists in the DHCP relay
table. Client traffic not allowed. VPN Client System Errors ERROR 659 ‐‐‐
IKE Responder: IP Compression
algorithm does not match VPN IKE User Activity WARNING 929 ‐‐‐
IKE Responder: IPsec proposal
does not match (Phase 2) VPN IKE User Activity WARNING 88 523
IKE Responder: IPsec protocol
mismatch VPN IKE User Activity WARNING 932 ‐‐‐
IKE Responder: Main Mode
complete (Phase 1) VPN IKE User Activity INFO 357 ‐‐‐
IKE Responder: Mode %d ‐ not
transport mode. Xauth is
required but not supported by
peer. VPN IKE Network Debug WARNING 342 ‐‐‐
IKE Responder: Mode %d ‐ not
tunnel mode VPN IKE User Activity WARNING 249 535
IKE Responder: No match for
proposed remote network
address VPN IKE User Activity WARNING 252 538
IKE Responder: No matching
Phase 1 ID found for proposed
remote network VPN IKE User Activity WARNING 250 536
IKE Responder: Peer's destination
network does not match VPN
policy's <b>Local Network</b> VPN IKE User Activity WARNING 935 ‐‐‐
IKE Responder: Peer's local
network does not match VPN
policy's <b>Destination
Network</b> VPN IKE User Activity WARNING 934 ‐‐‐
IKE Responder: Peer's network
does not match VPN policy's
<b>Network</b> VPN IKE User Activity WARNING 1189 ‐‐‐
IKE Responder: Phase 1
Authentication Method does not
match VPN IKE User Activity WARNING 913 ‐‐‐
24 |
IKE Responder: Phase 1 DH
Group does not match VPN IKE User Activity WARNING 919 ‐‐‐
IKE Responder: Phase 1
encryption algorithm does not
match VPN IKE User Activity WARNING 914 ‐‐‐
IKE Responder: Phase 1
encryption algorithm keylength
does not match VPN IKE User Activity WARNING 915 ‐‐‐
IKE Responder: Phase 1 hash
algorithm does not match VPN IKE User Activity WARNING 916 ‐‐‐
IKE Responder: Phase 1 XAUTH
required but policy has no user
name VPN IKE User Activity WARNING 917 ‐‐‐
IKE Responder: Phase 1 XAUTH
required but policy has no user
password VPN IKE User Activity WARNING 918 ‐‐‐
IKE Responder: Proposed IKE ID
mismatch VPN IKE System Errors WARNING 658 ‐‐‐
IKE Responder: Proposed local
network is 0.0.0.0 but SA has no
LAN Default Gateway VPN IKE User Activity WARNING 418 549
IKE Responder: Proposed remote
network is 0.0.0.0 but not DHCP
relay nor default route VPN IKE User Activity WARNING 251 537
IKE Responder: Received
Aggressive Mode request (Phase
1) VPN IKE User Activity INFO 356 ‐‐‐
IKE Responder: Received Main
Mode request (Phase 1) VPN IKE User Activity INFO 355 ‐‐‐
IKE Responder: Received Quick
Mode Request (Phase 2) VPN IKE User Activity INFO 352 ‐‐‐
IKE Responder: Remote party
timeout ‐ Retransmitting IKE
request. VPN IKE User Activity INFO 931 ‐‐‐
IKE Responder: Route table
overrides VPN policy VPN IKE User Activity WARNING 936 ‐‐‐
| 25
IKE Responder: Tunnel
terminates inside firewall but
proposed local network is not
inside firewall VPN IKE User Activity WARNING 255 541
IKE Responder: Tunnel
terminates on DMZ but proposed
local network is on LAN VPN IKE User Activity WARNING 256 542
IKE Responder: Tunnel
terminates on LAN but proposed
local network is on DMZ VPN IKE User Activity WARNING 257 543
IKE Responder: Tunnel
terminates outside firewall but
proposed local network is not
NAT public address VPN IKE User Activity WARNING 254 540
IKE Responder: Tunnel
terminates outside firewall but
proposed remote network is not
NAT public address VPN IKE User Activity WARNING 345 548
IKE SA lifetime expired. VPN IKE User Activity INFO 350 ‐‐‐
IKEv2 Accept IKE SA Proposal VPN IKE User Activity INFO 943 ‐‐‐
IKEv2 Accept IPsec SA Proposal VPN IKE User Activity INFO 944 ‐‐‐
IKEv2 Authentication successful VPN IKE User Activity INFO 942 ‐‐‐
IKEv2 Decrypt packet failed VPN IKE User Activity WARNING 960 ‐‐‐
IKEv2 Function sendto() failed to
transmit packet. VPN IKE User Activity ERROR 979 ‐‐‐
IKEv2 IKE attribute not found VPN IKE User Activity WARNING 970 ‐‐‐
IKEv2 IKE proposal does not
match VPN IKE User Activity WARNING 981 ‐‐‐
IKEv2 Initiator: Negotiations
failed. Extra payloads present. VPN IKE User Activity WARNING 954 ‐‐‐
IKEv2 Initiator: Negotiations
failed. Invalid input state. VPN IKE User Activity WARNING 956 ‐‐‐
IKEv2 Initiator: Negotiations
failed. Invalid output state. VPN IKE User Activity WARNING 957 ‐‐‐
26 |
IKEv2 Initiator: Negotiations
failed. Missing required payloads. VPN IKE User Activity WARNING 955 ‐‐‐
IKEv2 Initiator: Proposed IKE ID
mismatch VPN IKE User Activity WARNING 980 ‐‐‐
IKEv2 Initiator: Received
CREATE_CHILD_SA response VPN IKE User Activity INFO 975 ‐‐‐
IKEv2 Initiator: Received
IKE_AUTH response VPN IKE User Activity INFO 974 ‐‐‐
IKEv2 Initiator: Received
IKE_SA_INT response VPN IKE User Activity INFO 973 ‐‐‐
IKEv2 Initiator: Remote party
timeout ‐ Retransmitting IKEv2
request. VPN IKE User Activity INFO 972 ‐‐‐
IKEv2 Initiator: Send
CREATE_CHILD_SA request VPN IKE User Activity INFO 945 ‐‐‐
IKEv2 Initiator: Send IKE_AUTH
request VPN IKE User Activity INFO 940 ‐‐‐
IKEv2 Initiator: Send IKE_SA_INIT
request VPN IKE User Activity INFO 938 ‐‐‐
IKEv2 Invalid SPI size VPN IKE User Activity WARNING 966 ‐‐‐
IKEv2 Invalid state VPN IKE User Activity WARNING 964 ‐‐‐
IKEv2 IPsec attribute not found VPN IKE User Activity WARNING 969 ‐‐‐
IKEv2 IPsec proposal does not
match VPN IKE User Activity WARNING 968 ‐‐‐
IKEv2 NAT device detected
between negotiating peers VPN IKE User Activity INFO 985 ‐‐‐
IKEv2 negotiation complete VPN IKE User Activity INFO 978 ‐‐‐
IKEv2 No NAT device detected
between negotiating peers VPN IKE User Activity INFO 984 ‐‐‐
IKEv2 Out of memory VPN IKE User Activity WARNING 961 ‐‐‐
IKEv2 Payload processing error VPN IKE User Activity WARNING 953 ‐‐‐
IKEv2 Payload validation failed. VPN IKE User Activity WARNING 958 ‐‐‐
| 27
IKEv2 Peer is not responding.
Negotiation aborted. VPN IKE User Activity WARNING 971 ‐‐‐
IKEv2 Process Message queue
failed VPN IKE User Activity WARNING 963 ‐‐‐
IKEv2 Received delete IKE SA
request VPN IKE User Activity INFO 948 ‐‐‐
IKEv2 Received delete IKE SA
response VPN IKE User Activity INFO 1015 ‐‐‐
IKEv2 Received delete IPsec SA
request VPN IKE User Activity INFO 950 ‐‐‐
IKEv2 Received delete IPsec SA
response VPN IKE User Activity INFO 1016 ‐‐‐
IKEv2 Received notify error
payload VPN IKE User Activity WARNING 983 ‐‐‐
IKEv2 Received notify status
payload VPN IKE User Activity INFO 982 ‐‐‐
IKEv2 Responder: Peer's
destination network does not
match VPN policy's <b>Local
Network</b> VPN IKE User Activity INFO 951 ‐‐‐
IKEv2 Responder: Peer's local
network does not match VPN
policy's <b>Destination
Network</b> VPN IKE User Activity INFO 952 ‐‐‐
IKEv2 Responder: Policy for
remote IKE ID not found VPN IKE User Activity ERROR 962 ‐‐‐
IKEv2 Responder: Received
CREATE_CHILD_SA request VPN IKE User Activity INFO 946 ‐‐‐
IKEv2 Responder: Received
IKE_AUTH request VPN IKE User Activity INFO 941 ‐‐‐
IKEv2 Responder: Received
IKE_SA_INIT request VPN IKE User Activity INFO 939 ‐‐‐
IKEv2 Responder: Send
CREATE_CHILD_SA response VPN IKE User Activity INFO 1012 ‐‐‐
IKEv2 Responder: Send IKE_AUTH
response VPN IKE User Activity INFO 977 ‐‐‐
IKEv2 Responder: Send
IKE_SA_INIT response VPN IKE User Activity INFO 976 ‐‐‐
IKEv2 Send delete IKE SA request VPN IKE User Activity INFO 947 ‐‐‐
IKEv2 Send delete IKE SA
response VPN IKE User Activity INFO 1013 ‐‐‐
28 |
10
IKEv2 Send delete IPsec SA
request VPN IKE User Activity INFO 949 ‐‐‐
IKEv2 Send delete IPsec SA
response VPN IKE User Activity INFO 1014 ‐‐‐
IKEv2 Unable to find IKE SA VPN IKE User Activity WARNING 959 ‐‐‐
IKEv2 VPN Policy not found VPN IKE User Activity WARNING 967 ‐‐‐
Illegal IPsec SPI VPN IPSec User Activity INFO 65 ‐‐‐
Imported HA hardware ID did not
match this firewall High Availability
System
Maintenance INFO 155 ‐‐‐
Imported VPN SA is invalid ‐
disabled Firewall Event
System
Maintenance WARNING 348 ‐‐‐
Inbound connection from GRID‐
listed SMTP server dropped Anti‐Spam Service ‐‐‐ NOTICE 1092 138
Inbound connection from RBL‐
listed SMTP server dropped RBL ‐‐‐ NOTICE 798 ‐‐‐
Incoming call received for
Remotely Triggered Dial‐out
session
Authenticated
Access User Activity INFO 817 ‐‐‐
Incompatible IPsec Security
Association VPN IPSec User Activity INFO 69 ‐‐‐
Incorrect authentication received
for Remotely Triggered Dial‐out
Authenticated
Access User Activity INFO 819 ‐‐‐
Ini Killer attack dropped Intrusion Prevention Attacks ALERT 80 519
Initiator from country blocked:
%s Geolocation ‐‐‐ ALERT 1198 ‐‐‐
Interface %s Link Is Down Firewall Event System Errors ALERT 566 647
Interface %s Link Is Up Firewall Event System Errors ALERT 565 646
Interface IP Assignment : Binding
and initializing %s Firewall Event
System
Maintenance INFO 568 ‐‐‐
Interface IP Assignment changed:
Shutting down %s Firewall Event
System
Maintenance INFO 567 ‐‐‐
Interface statistics report GMS ‐‐‐ INFO 805 ‐‐‐
| 29
Internet Access restricted to
authorized users. Dropped
packet received in the clear. Wireless
Dropped TCP |
Dropped UDP |
Dropped ICMP WARNING 532 ‐‐‐
Invalid DNS Server will not be
accepted by the dynamic client Firewall Event ‐‐‐ INFO 1070 ‐‐‐
Invalid key or serial number used
for GRID response Anti‐Spam Service ‐‐‐ DEBUG 1139 ‐‐‐
Invalid key version used for GRID
response Anti‐Spam Service ‐‐‐ DEBUG 1140 ‐‐‐
Invalid Product Code Upgrade
request received: %s Firewall Event ‐‐‐ ERROR 704 ‐‐‐
Invalid SNMP packet SNMP ‐‐‐ WARNING 1220 ‐‐‐
Invalid SNMPv3 engineID SNMP ‐‐‐ WARNING 1221 ‐‐‐
Invalid SNMPv3 Time Window SNMP ‐‐‐ WARNING 1223 ‐‐‐
Invalid SNMPv3 User SNMP ‐‐‐ WARNING 1222 ‐‐‐
Invalid VLAN packet dropped Network ‐‐‐ ALERT 836 ‐‐‐
IP address conflict detected from
Ethernet address %s Network
System
Maintenance WARNING 847 ‐‐‐
IP Address is allocated for Client VPN IKE ‐‐‐ INFO 1219 ‐‐‐
IP Header checksum error;
packet dropped Network Access
Dropped TCP|
Dropped UDP NOTICE 883 ‐‐‐
IP Pool of the VPN Policy is Full VPN IKE ‐‐‐ DEBUG 1216 ‐‐‐
IP Pool of the VPN Policy is Not
Configured VPN IKE ‐‐‐ DEBUG 1217 ‐‐‐
IP spoof detected on packet to
Central Gateway, packet dropped DHCP Relay Attacks ERROR 229 533
IP spoof dropped Intrusion Prevention Attacks ALERT 23 502
IP type %s packet dropped Network Access
Dropped LAN UDP
| Dropped LAN
TCP NOTICE 590 ‐‐‐
IP Comp connection interrupt IPcomp Network Debug DEBUG 651 ‐‐‐
30 |
5
6
IP Comp packet dropped IPcomp
Dropped TCP |
Dropped UDP |
Dropped ICMP NOTICE 652 ‐‐‐
IP Comp packet dropped; waiting
for pending IP Comp connection IPcomp Network Debug DEBUG 653 ‐‐‐
IPS Detection Alert: %s Intrusion Prevention Attacks ALERT 608 569
IPS Detection Alert: %s Intrusion Prevention Attacks ALERT 789 643
IPS Prevention Alert: %s Intrusion Prevention Attacks ALERT 609 570
IPS Prevention Alert: %s Intrusion Prevention Attacks ALERT 790 643
IPsec (AH) packet dropped VPN IPSec
Dropped TCP |
Dropped UDP |
Dropped ICMP NOTICE 534 ‐‐‐
IPsec (AH) packet dropped;
waiting for pending IPsec
connection VPN IPSec Network Debug DEBUG 536 ‐‐‐
IPsec (ESP) packet dropped VPN IPSec
Dropped TCP |
Dropped UDP |
Dropped ICMP NOTICE 533 ‐‐‐
IPsec (ESP) packet dropped;
waiting for pending IPsec
connection VPN IPSec Network Debug DEBUG 535 ‐‐‐
IPsec Authentication Failed VPN IPSec Attacks ERROR 67 508
IPsec connection interrupt Network Access Network Debug DEBUG 43 ‐‐‐
IPsec Decryption Failed VPN IPSec Attacks ERROR 68 509
IPsec packet dropped Network Access
Dropped TCP |
Dropped UDP |
Dropped ICMP NOTICE 40 ‐‐‐
IPsec packet dropped; waiting for
pending IPsec connection Network Access Network Debug DEBUG 42 ‐‐‐
IPsec packet from an illegal host VPN IPSec
System
Maintenance INFO 247 ‐‐‐
IPsec packet from or to an illegal
host VPN IPSec Attacks ERROR 70 510
IPsec Replay Detected VPN IPSec Attacks ALERT 180 531
IPsec SA lifetime expired. VPN IPSec User Activity INFO 349 ‐‐‐
| 31
IPsecTunnel status changed VPN VPN Tunnel Status INFO 427 801
IPv6 Tunnel packet dropped VPN IKE ‐‐‐ NOTICE 1253 ‐‐‐
IPv6 VPN only support IKEv2
mode VPN IKE ‐‐‐ INFO 1252 ‐‐‐
ISDN Driver Firmware
successfully updated Firewall Event
System
Maintenance INFO 493 ‐‐‐
Issuer match failed VPN PKI User Activity ALERT 278 ‐‐‐
Java access denied Network Access Blocked Java Etc NOTICE 19 ‐‐‐
L2TP Connect Initiated by the
User L2TP Client
System
Maintenance INFO 216 ‐‐‐
L2TP Disconnect Initiated by the
User L2TP Client
System
Maintenance INFO 214 ‐‐‐
L2TP LCP Down L2TP Client
System
Maintenance INFO 209 ‐‐‐
L2TP LCP Up L2TP Client
System
Maintenance INFO 213 ‐‐‐
L2TP Max Retransmission
Exceeded L2TP Client
System
Maintenance INFO 203 ‐‐‐
L2TP PPP Authentication Failed L2TP Client
System
Maintenance INFO 212 ‐‐‐
L2TP PPP Down L2TP Client
System
Maintenance INFO 211 ‐‐‐
L2TP PPP link down L2TP Client
System
Maintenance INFO 217 ‐‐‐
L2TP PPP Negotiation Started L2TP Client
System
Maintenance INFO 208 ‐‐‐
L2TP PPP Session Up L2TP Client
System
Maintenance INFO 210 ‐‐‐
L2TP Server : Access from L2TP
VPN Client Privilege not enabled
for RADIUS Users. L2TP Server
System
Maintenance INFO 343 ‐‐‐
L2TP Server : Deleting the L2TP
active Session L2TP Server
System
Maintenance INFO 337 ‐‐‐
L2TP Server : Deleting the Tunnel L2TP Server
System
Maintenance INFO 336 ‐‐‐
L2TP Server : L2TP PPP Session
Established. L2TP Server
System
Maintenance INFO 310 ‐‐‐
L2TP Server : L2TP Session
Established. L2TP Server
System
Maintenance INFO 309 ‐‐‐
32 |
L2TP Server : L2TP Tunnel
Established. L2TP Server
System
Maintenance INFO 308 ‐‐‐
L2TP Server : Retransmission
Timeout, Deleting the Tunnel L2TP Server
System
Maintenance INFO 338 ‐‐‐
L2TP Server : User Name
authentication Failure locally. L2TP Server
System
Maintenance INFO 344 ‐‐‐
L2TP Server: Keep alive Failure.
Closing Tunnel L2TP Server
System
Maintenance INFO 320 ‐‐‐
L2TP Server: L2TP Remote
terminated the PPP session L2TP Server
System
Maintenance INFO 317 ‐‐‐
L2TP Server: L2TP Session
Disconnect from the Remote. L2TP Server
System
Maintenance INFO 316 ‐‐‐
L2TP Server: L2TP Tunnel
Disconnect from the Remote. L2TP Server
System
Maintenance INFO 315 ‐‐‐
L2TP Server: Local
Authentication Failure L2TP Server
System
Maintenance INFO 312 ‐‐‐
L2TP Server: Local
Authentication Success. L2TP Server
System
Maintenance INFO 318 ‐‐‐
L2TP Server: No IP address
available in the Local IP Pool L2TP Server
System
Maintenance INFO 314 ‐‐‐
L2TP Server: RADIUS/LDAP
Authentication Success L2TP Server
System
Maintenance INFO 319 ‐‐‐
L2TP Server: RADIUS/LDAP
reports Authentication Failure L2TP Server
System
Maintenance INFO 311 ‐‐‐
L2TP Server: RADIUS/LDAP
server not assigned IP address L2TP Server
System
Maintenance INFO 313 ‐‐‐
L2TP Server: Call Disconnect from
Remote. L2TP Server
System
Maintenance INFO 334 ‐‐‐
L2TP Server: Tunnel Disconnect
from Remote. L2TP Server
System
Maintenance INFO 335 ‐‐‐
L2TP Session Disconnect from
Remote L2TP Client
System
Maintenance INFO 207 ‐‐‐
L2TP Session Established L2TP Client
System
Maintenance INFO 206 ‐‐‐
L2TP Session Negotiation Started L2TP Client
System
Maintenance INFO 202 ‐‐‐
| 33
L2TP Tunnel Disconnect from
Remote L2TP Client
System
Maintenance INFO 205 ‐‐‐
L2TP Tunnel Established L2TP Client
System
Maintenance INFO 204 ‐‐‐
L2TP Tunnel Negotiation %s L2TP Client ‐‐‐ INFO 1074 ‐‐‐
L2TP Tunnel Negotiation Started L2TP Client
System
Maintenance INFO 201 ‐‐‐
LAN Subnet configurations were
not upgraded. Firewall Event
System
Maintenance INFO 741 ‐‐‐
Land attack dropped Intrusion Prevention Attacks ALERT 27 505
LDAP server does not allow CHAP
Remote
Authentication User Activity WARNING 758 ‐‐‐
LDAP using non‐administrative
account ‐ VPN client user will not
be able to change passwords
Remote
Authentication System Errors WARNING 1011 ‐‐‐
License exceeded: Connection
dropped because too many IP
addresses are in use on your LAN Firewall Event System Errors ERROR 58 608
License of HA pair doesn't match:
%s High Availability System Errors ERROR 670 664
Locked‐out user logins allowed ‐
lockout period expired
Authenticated
Access User Activity INFO 438 ‐‐‐
Locked‐out user logins allowed
by administrator
Authenticated
Access User Activity INFO 439 ‐‐‐
Log Cleared Firewall Logging
System
Maintenance INFO 5 ‐‐‐
Log Debug Firewall Event Network Debug ERROR 142 ‐‐‐
Log full; deactivating Network
Security Appliance Firewall Logging System Errors ERROR 7 601
Log successfully sent via email Firewall Logging
System
Maintenance INFO 6 ‐‐‐
Login screen timed out
Authenticated
Access User Activity INFO 34 ‐‐‐
MAC address collides with Static
ARP Entry with Bound MAC
address; packet dropped Network ‐‐‐ NOTICE 814 ‐‐‐
34 |
Machine %s removed from FIN
flood blacklist Intrusion Prevention Network Debug ALERT 903 ‐‐‐
Machine %s removed from RST
flood blacklist Intrusion Prevention Network Debug ALERT 900 ‐‐‐
Machine %s removed from SYN
flood blacklist Intrusion Prevention Network Debug ALERT 865 ‐‐‐
MAC‐IP Anti‐Spoof cache found,
but it is blacklisted device. MAC‐IP Anti‐Spoof ‐‐‐ ALERT 1212 ‐‐‐
MAC‐IP Anti‐spoof cache found,
but it is not a router. MAC‐IP Anti‐Spoof ‐‐‐ ALERT 1211 ‐‐‐
MAC‐IP Anti‐spoof cache not
found for this router. Mac IP Spoof ‐‐‐ ALERT 1210 ‐‐‐
MAC‐IP Anti‐spoof check
enforced for hosts. MAC‐IP Anti‐Spoof ‐‐‐ ALERT 1209 ‐‐‐
Malformed DNS packet detected Network Access Network Debug ALERT 1177 ‐‐‐
Malformed or unhandled IP
packet dropped Network Access Network Debug ALERT 522 554
Maximum events per second
threshold exceeded Firewall Logging System Errors CRITICAL 654 ‐‐‐
Maximum number of Bandwidth
Managed rules exceeded upon
upgrade to this version. Some
Bandwidth settings ignored. Firewall Event
System
Maintenance NOTICE 541 ‐‐‐
Maximum sequential failed dial
attempts (10) to a single dial‐up
number: %s PPP Dial‐Up Attacks ERROR 591 566
Maximum syslog data per second
threshold exceeded Firewall Logging System Errors CRITICAL 655 ‐‐‐
Message blocked by Real‐Time
Email Scanner Anti‐Spam Service ‐‐‐ INFO 1108 ‐‐‐
MOBIKE: Update Peer Gateway
IP VPN IKE ‐‐‐ INFO 1218 ‐‐‐
Modules attached to HA units do
not match: %s High Availability System Errors ALERT 1162 664
Monitoring probe out interface
mismatch %s High Availability ‐‐‐ ERROR 1194 ‐‐‐
Multicast application %s not
supported Multicast ‐‐‐ INFO 696 ‐‐‐
Multicast packet dropped, Invalid
src IP received on interface : %s Multicast ‐‐‐ ALERT 685 ‐‐‐
| 35
Multicast packet dropped, wrong
MAC address received on
interface : %s Multicast ‐‐‐ ALERT 684 ‐‐‐
Multicast TCP packet dropped Multicast ‐‐‐ NOTICE 691 ‐‐‐
Multicast UDP packet dropped,
no state entry Multicast ‐‐‐ NOTICE 690 ‐‐‐
Multicast UDP packet dropped,
RTCP stateful failed Multicast ‐‐‐ WARNING 695 ‐‐‐
Multicast UDP packet dropped,
RTP stateful failed Multicast ‐‐‐ WARNING 694 ‐‐‐
Multiple DHCP Servers are
detected on network Firewall Event ‐‐‐ WARNING 1068 ‐‐‐
NAT device may not support
IPsec AH passthrough VPN IPSec
System
Maintenance INFO 266 ‐‐‐
NAT Discovery : No NAT/NAPT
device detected between IPsec
Security gateways VPN IKE User Activity INFO 241 ‐‐‐
NAT Discovery : Local IPsec
Security Gateway behind a NAT/
NAPT Device VPN IKE User Activity INFO 240 ‐‐‐
NAT Discovery : Peer IPsec
Security Gateway behind a NAT/
NAPT Device VPN IKE User Activity INFO 239 ‐‐‐
NAT Discovery : Peer IPsec
Security Gateway doesn't
support VPN NAT Traversal VPN IKE User Activity INFO 242 ‐‐‐
Nat Mapping Network Access ‐‐‐ NOTICE 1197 ‐‐‐
NAT translated packet exceeds
size limit, packet dropped Network Network Debug DEBUG 339 ‐‐‐
Net Spy attack dropped Intrusion Prevention Attacks ALERT 74 513
NetBIOS settings were not
upgraded. Use Network>IP
Helper to configure NetBIOS
support Firewall Event
System
Maintenance INFO 740 ‐‐‐
NetBus attack dropped Intrusion Prevention Attacks ALERT 72 511
36 |
05
06
04
02
03
01
Network for interface %s
overlaps with another interface. Firewall Event
System
Maintenance INFO 569 ‐‐‐
Network Modem Mode Disabled:
re‐enabling NAT PPP Dial‐Up
System
Maintenance INFO 531 ‐‐‐
Network Modem Mode Enabled:
turning off NAT PPP Dial‐Up
System
Maintenance INFO 530 ‐‐‐
Network Monitor Policy %s
Added Network Monitor ‐‐‐ INFO 1104 ‐‐‐
Network Monitor Policy %s
Deleted Network Monitor ‐‐‐ INFO 1105 ‐‐‐
Network Monitor Policy %s
Modified Network Monitor ‐‐‐ INFO 1106 ‐‐‐
Network Monitor: Host %s is
offline Network Monitor ‐‐‐ ALERT 706 140
Network Monitor: Host %s is
online Network Monitor ‐‐‐ ALERT 707 140
Network Monitor: Host %s status
is UNKNOWN Network Monitor ‐‐‐ ALERT 1103 140
Network Monitor: Policy %s
status is DOWN Network Monitor ‐‐‐ ALERT 1101 140
Network Monitor: Policy %s
status is UNKNOWN Network Monitor ‐‐‐ ALERT 1102 140
Network Monitor: Policy %s
status is UP Network Monitor ‐‐‐ ALERT 1100 140
Network Security Appliance
activated Firewall Event
System
Maintenance ALERT 4 ‐‐‐
Network Security Appliance
initializing Firewall Event
System
Maintenance INFO 521 ‐‐‐
New firmware available. Firewall Event
System
Maintenance INFO 198 ‐‐‐
New URL List loaded Security Services
System
Maintenance INFO 8 ‐‐‐
Newsgroup access allowed Network Access Blocked Web Sites NOTICE 17 704
Newsgroup access denied Network Access
Blocked Web
Sites NOTICE 15 702
No Certificate for VPN PKI User Activity ALERT 280 ‐‐‐
No DNS response to domain ‐ %s Security Services ‐‐‐ DEBUG 1238 ‐‐‐
No HOST tag found in HTTP
request Network Access Network Debug DEBUG 52 ‐‐‐
| 37
12
No new URL List available Security Services
System
Maintenance INFO 9 ‐‐‐
No response from ISP
Disconnecting PPPoE. PPPoE
System
Maintenance INFO 169 ‐‐‐
No response from PPTP server to
call requests PPTP
System
Maintenance INFO 431 ‐‐‐
No response from PPTP server to
control connection requests PPTP
System
Maintenance INFO 430 ‐‐‐
No response from server to Echo
Requests, disconnecting PPTP
Tunnel PPTP
System
Maintenance INFO 429 ‐‐‐
No response received from DNS
server Anti‐Spam Service ‐‐‐ DEBUG 1142 ‐‐‐
No valid DNS server specified for
GRID lookups Anti‐Spam Service ‐‐‐ ERROR 1094 138
No valid DNS server specified for
RBL lookups RBL ‐‐‐ ERROR 800 ‐‐‐
Non‐config mode GUI
administration session started
Authenticated
Access User Activity INFO 997 ‐‐‐
Not all configurations may have
been completely upgraded Firewall Event
System
Maintenance INFO 612 ‐‐‐
Not blacklisted as per
configuration Anti‐Spam Service ‐‐‐ DEBUG 1143 ‐‐‐
Not Blacklisted by domain ‐ %s Security Services ‐‐‐ DEBUG 1237 ‐‐‐
Not enough memory to hold the
CRL VPN PKI User Activity WARNING 272 ‐‐‐
NTP Request sent System ‐‐‐ NOTICE 1232 ‐‐‐
Obtained Relay IP Table from
Remote Gateway DHCP Relay
System
Maintenance INFO 233 ‐‐‐
OCSP Failed to Resolve Domain
Name. VPN PKI User Activity ERROR 853 ‐‐‐
OCSP Internal error handling
received response. VPN PKI User Activity ERROR 854 ‐‐‐
OCSP received response error. VPN PKI User Activity ERROR 851 ‐‐‐
OCSP received response. VPN PKI User Activity INFO 850 ‐‐‐
38 |
09
9
OCSP Resolved Domain Name. VPN PKI User Activity INFO 852 ‐‐‐
OCSP send request message
failed. VPN PKI User Activity ERROR 849 ‐‐‐
OCSP sending request. VPN PKI User Activity INFO 848 ‐‐‐
On HA peer firewall, Interface %s
Link Is Down High Availability System Errors ALERT 1206 ‐‐‐
On HA peer firewall, Interface %s
Link Is Up High Availability System Errors ALERT 1205 ‐‐‐
Outbound connection to GRID‐
listed SMTP server dropped Anti‐Spam Service ‐‐‐ NOTICE 1091 138
Outbound connection to RBL‐
listed SMTP server dropped RBL ‐‐‐ NOTICE 797 ‐‐‐
Out‐of‐order command packet
dropped Network Access Network Debug DEBUG 48 ‐‐‐
Overriding Product Code
Upgrade to: %s Firewall Event ‐‐‐ ERROR 705 ‐‐‐
Packet allowed by ACL Network ‐‐‐ INFO 1235 ‐‐‐
Packet destination not in VPN
Access list VPN IPSec Attacks ERROR 648 572
Packet Dropped ‐ IP TTL expired Network Network Debug WARNING 910 ‐‐‐
Packet dropped by guest check Network Access
Dropped TCP |
Dropped UDP |
Dropped ICMP WARNING 488 ‐‐‐
Packet dropped by wireless
Advanced IDP Wireless ‐‐‐ WARNING 1229 ‐‐‐
Packet dropped by WLAN SSL‐
VPN enforcement check Wireless
Dropped TCP |
Dropped UDP |
Dropped ICMP WARNING 732 ‐‐‐
Packet dropped by WLAN VPN
traversal check Wireless
Dropped TCP |
Dropped UDP |
Dropped ICMP WARNING 495 ‐‐‐
Packet dropped. No firewall rule
associated with VPN policy. VPN System Errors ALERT 739 ‐‐‐
Packet dropped; connection limit
for this destination IP address has
been reached Firewall Event System Errors ALERT 647 523
| 39
8
9
8
4
01
Packet dropped; connection limit
for this source IP address has
been reached Firewall Event System Errors ALERT 646 523
Payload processing failed VPN IKE Network Debug ERROR 616 ‐‐‐
PC Card inserted. Firewall Hardware ‐‐‐ ALERT 1054 541
PC Card removed. Firewall Hardware ‐‐‐ ALERT 1053 541
PC Card: No device detected Firewall Hardware ‐‐‐ ALERT 1056 ‐‐‐
Peer firewall has equivalent link
status. In event of failover, it will
operate with equal capability. High Availability
System
Maintenance INFO 1208 ‐‐‐
Peer firewall has reduced link
status. In event of failover, it will
operate with limited capability. High Availability
System
Maintenance INFO 1207 ‐‐‐
Peer firewall rebooting (%s) High Availability ‐‐‐ INFO 1057 ‐‐‐
Peer HA firewall has stateful
license but this firewall is not yet
registered High Availability System Errors ALERT 1136 ‐‐‐
Physical environment normal Firewall Hardware ‐‐‐ INFO 1042 542
Physical interface utilization is
greater than 80% of the
maximum rated tolerance(for the
interface)for more than 10
seconds. Firewall Hardware ‐‐‐ ALERT 1247 170
Ping of death dropped Intrusion Prevention Attacks ALERT 22 501
PKI Error: VPN PKI
System
Maintenance ERROR 417 ‐‐‐
PKI Failure VPN PKI
System
Maintenance ERROR 447 ‐‐‐
PKI Failure: CA certificates store
exceeded. Cannot verify this
Local Certificate VPN PKI
System
Maintenance ERROR 453 ‐‐‐
PKI Failure: Cannot allocate
memory VPN PKI
System
Maintenance ERROR 449 ‐‐‐
40 |
PKI Failure: Certificate's ID does
not match this Network Security
Appliance VPN PKI
System
Maintenance ERROR 455 ‐‐‐
PKI Failure: Duplicate local
certificate VPN PKI
System
Maintenance ERROR 458 ‐‐‐
PKI Failure: Duplicate local
certificate name VPN PKI
System
Maintenance ERROR 457 ‐‐‐
PKI Failure: Import failed VPN PKI
System
Maintenance ERROR 451 ‐‐‐
PKI Failure: Improper file format.
Please select PKCS#12 (*.p12) file VPN PKI
System
Maintenance ERROR 454 ‐‐‐
PKI Failure: Incorrect admin
password VPN PKI
System
Maintenance ERROR 452 ‐‐‐
PKI Failure: Internal error VPN PKI
System
Maintenance ERROR 460 ‐‐‐
PKI Failure: Loaded but could not
verify certificate VPN PKI
System
Maintenance ERROR 469 ‐‐‐
PKI Failure: Loaded the certificate
but could not verify its chain VPN PKI
System
Maintenance ERROR 470 ‐‐‐
PKI Failure: No CA certificates yet
loaded VPN PKI
System
Maintenance ERROR 459 ‐‐‐
PKI Failure: Output buffer too
small VPN PKI
System
Maintenance ERROR 448 ‐‐‐
PKI Failure: public‐private key
mismatch VPN PKI
System
Maintenance ERROR 456 ‐‐‐
PKI Failure: Reached the limit for
local certificates, cant load any
more VPN PKI
System
Maintenance ERROR 450 ‐‐‐
PKI Failure: Temporary memory
shortage, try again VPN PKI
System
Maintenance ERROR 461 ‐‐‐
PKI Failure: The certificate chain
has no root VPN PKI
System
Maintenance ERROR 464 ‐‐‐
PKI Failure: The certificate chain
is circular VPN PKI
System
Maintenance ERROR 462 ‐‐‐
PKI Failure: The certificate chain
is incomplete VPN PKI
System
Maintenance ERROR 463 ‐‐‐
PKI Failure: The certificate or a
certificate in the chain has a bad
signature VPN PKI
System
Maintenance ERROR 468 ‐‐‐
| 41
5
PKI Failure: The certificate or a
certificate in the chain has a
validity period in the future VPN PKI
System
Maintenance ERROR 466 ‐‐‐
PKI Failure: The certificate or a
certificate in the chain has
expired VPN PKI
System
Maintenance ERROR 465 ‐‐‐
PKI Failure: The certificate or a
certificate in the chain is corrupt VPN PKI
System
Maintenance ERROR 467 ‐‐‐
Please connect interface %s to
another network to function
properly Firewall Event
System
Maintenance INFO 570 ‐‐‐
Please manually check all system
configurations for correctness of
Upgrade Firewall Event
System
Maintenance INFO 613 ‐‐‐
Port configured to receive IPsec
protocol ONLY; drop packet
received in the clear Network Access
Dropped TCP |
Dropped UDP |
Dropped ICMP WARNING 347 ‐‐‐
Possible DNS rebind attack
detected Intrusion Prevention ‐‐‐ ALERT 1098 646
Possible FIN Flood on IF %s Intrusion Prevention Network Debug ALERT 905 ‐‐‐
Possible FIN Flood on IF %s
continues Intrusion Prevention Network Debug WARNING 909 ‐‐‐
Possible FIN Flood on IF %s has
ceased Intrusion Prevention Network Debug ALERT 907 ‐‐‐
Possible ICMP Flood attack
detected Intrusion Prevention Attacks ALERT 1214 ‐‐‐
Possible port scan detected Intrusion Prevention Attacks ALERT 82 521
Possible RST Flood on IF %s Intrusion Prevention Network Debug ALERT 904 ‐‐‐
Possible RST Flood on IF %s
continues Intrusion Prevention Network Debug WARNING 908 ‐‐‐
Possible RST Flood on IF %s has
ceased Intrusion Prevention Network Debug ALERT 906 ‐‐‐
Possible SYN flood attack
detected Intrusion Prevention Attacks WARNING 25 503
Possible SYN flood detected on
WAN IF %s ‐ switching to
connection‐proxy mode Intrusion Prevention Network Debug ALERT 859 ‐‐‐
Possible SYN Flood on IF %s Intrusion Prevention Network Debug ALERT 860 ‐‐‐
42 |
5
Possible SYN Flood on IF %s
continues Intrusion Prevention Network Debug WARNING 866 ‐‐‐
Possible SYN Flood on IF %s has
ceased Intrusion Prevention Network Debug ALERT 867 ‐‐‐
Possible UDP Flood attack
detected Intrusion Prevention Attacks ALERT 1213 ‐‐‐
Power supply without
redundancy Firewall Hardware ‐‐‐ ERROR 1043 542
PPP Dial‐Up: Connect request
canceled PPP Dial‐Up User Activity INFO 306 ‐‐‐
PPP Dial‐Up: Connected at %s
bps ‐ starting PPP PPP Dial‐Up User Activity INFO 286 ‐‐‐
PPP Dial‐Up: Connection
disconnected as scheduled. PPP Dial‐Up ‐‐‐ INFO 666 ‐‐‐
PPP Dial‐Up: Dial initiated by %s PPP Dial‐Up
System
Maintenance INFO 324 ‐‐‐
PPP Dial‐Up: Dialed number did
not answer PPP Dial‐Up User Activity INFO 285 ‐‐‐
PPP Dial‐Up: Dialed number is
busy PPP Dial‐Up User Activity INFO 284 ‐‐‐
PPP Dial‐Up: Dialing not allowed
by schedule. %s PPP Dial‐Up ‐‐‐ INFO 665 ‐‐‐
PPP Dial‐Up: Dialing: %s PPP Dial‐Up User Activity INFO 281 ‐‐‐
PPP Dial‐Up: Failed to get IP
address PPP Dial‐Up User Activity INFO 298 ‐‐‐
PPP Dial‐Up: Idle time limit
exceeded ‐ disconnecting PPP Dial‐Up User Activity INFO 297 ‐‐‐
PPP Dial‐Up: Initialization : %s PPP Dial‐Up User Activity INFO 303 ‐‐‐
PPP Dial‐Up: Invalid DNS IP
address returned from Dial‐Up
ISP; overriding using dial‐up
profile settings PPP Dial‐Up
System
Maintenance INFO 811 ‐‐‐
PPP Dial‐Up: Link carrier lost PPP Dial‐Up User Activity INFO 288 ‐‐‐
PPP Dial‐Up: Manual intervention
needed. Check Primary Profile or
Profile details PPP Dial‐Up User Activity INFO 321 ‐‐‐
PPP Dial‐Up: Maximum
connection time exceeded ‐
disconnecting PPP Dial‐Up User Activity INFO 327 ‐‐‐
| 43
PPP Dial‐Up: No dial tone
detected ‐ check phone‐line
connection PPP Dial‐Up User Activity INFO 282 ‐‐‐
PPP Dial‐Up: No link carrier
detected ‐ check phone number PPP Dial‐Up User Activity INFO 283 ‐‐‐
PPP Dial‐Up: No peer IP address
from Dial‐Up ISP, local and
remote IPs will be the same PPP Dial‐Up
System
Maintenance INFO 481 ‐‐‐
PPP Dial‐Up: PPP link down PPP Dial‐Up User Activity INFO 301 ‐‐‐
PPP Dial‐Up: PPP link established PPP Dial‐Up User Activity INFO 300 ‐‐‐
PPP Dial‐Up: PPP negotiation
failed ‐ disconnecting PPP Dial‐Up User Activity INFO 296 ‐‐‐
PPP Dial‐Up: Previous session
was connected for %s PPP Dial‐Up User Activity INFO 542 ‐‐‐
PPP Dial‐Up: Received new IP
address PPP Dial‐Up User Activity INFO 299 ‐‐‐
PPP Dial‐Up: Shutting down link PPP Dial‐Up User Activity INFO 302 ‐‐‐
PPP Dial‐Up: Starting PPP PPP Dial‐Up ‐‐‐ INFO 1037 ‐‐‐
PPP Dial‐Up: Startup without
Ethernet cable, will try to dial on
outbound traffic PPP Dial‐Up User Activity INFO 323 ‐‐‐
PPP Dial‐Up: The profile in use
disabled VPN networking. PPP Dial‐Up
System
Maintenance INFO 330 ‐‐‐
PPP Dial‐Up: Trying to failover
but Alternate Profile is manual WAN Availability User Activity INFO 434 ‐‐‐
PPP Dial‐Up: Trying to failover
but Primary Profile is manual PPP Dial‐Up User Activity INFO 322 ‐‐‐
PPP Dial‐Up: Unknown dialing
failure PPP Dial‐Up User Activity INFO 287 ‐‐‐
PPP Dial‐Up: User requested
connect PPP Dial‐Up User Activity INFO 305 ‐‐‐
PPP Dial‐Up: User requested
disconnect PPP Dial‐Up User Activity INFO 304 ‐‐‐
44 |
PPP Dial‐Up: VPN networking
restored. PPP Dial‐Up
System
Maintenance INFO 331 ‐‐‐
PPP message: %s PPP ‐‐‐ INFO 1018 ‐‐‐
PPP: Authentication successful PPP ‐‐‐ INFO 289 ‐‐‐
PPP: CHAP authentication failed ‐
check username / password PPP ‐‐‐ INFO 291 ‐‐‐
PPP: MS‐CHAP authentication
failed ‐ check username /
password PPP ‐‐‐ INFO 292 ‐‐‐
PPP: PAP Authentication failed ‐
check username / password PPP ‐‐‐ INFO 290 ‐‐‐
PPP: Starting CHAP
authentication PPP ‐‐‐ INFO 294 ‐‐‐
PPP: Starting MS‐CHAP
authentication PPP ‐‐‐ INFO 293 ‐‐‐
PPP: Starting PAP authentication PPP ‐‐‐ INFO 295 ‐‐‐
PPPoE terminated PPPoE
System
Maintenance INFO 130 ‐‐‐
PPPoE CHAP Authentication
Failed PPPoE
System
Maintenance INFO 136 ‐‐‐
PPPoE Client: Previous session
was connected for %s PPPoE
System
Maintenance INFO 738 ‐‐‐
PPPoE discovery process
complete PPPoE
System
Maintenance INFO 133 ‐‐‐
PPPoE enabled but not ready PPPoE
System
Maintenance INFO 499 ‐‐‐
PPPoE LCP Link Down PPPoE
System
Maintenance INFO 129 ‐‐‐
PPPoE LCP Link Up PPPoE
System
Maintenance INFO 128 ‐‐‐
PPPoE Network Connected PPPoE
System
Maintenance INFO 131 ‐‐‐
PPPoE Network Disconnected PPPoE
System
Maintenance INFO 132 ‐‐‐
PPPoE PAP Authentication Failed PPPoE
System
Maintenance INFO 137 ‐‐‐
| 45
PPPoE PAP Authentication Failed.
Please verify PPPoE username
and password PPPoE
System
Maintenance INFO 167 ‐‐‐
PPPoE PAP Authentication
success. PPPoE
System
Maintenance INFO 166 ‐‐‐
PPPoE password changed by
Administrator
Authenticated
Access User Activity INFO 515 ‐‐‐
PPPoE starting CHAP
Authentication PPPoE
System
Maintenance INFO 134 ‐‐‐
PPPoE starting PAP
Authentication PPPoE
System
Maintenance INFO 135 ‐‐‐
PPPoE user name changed by
Administrator
Authenticated
Access User Activity INFO 514 ‐‐‐
PPTP enabled but not ready PPTP
System
Maintenance INFO 501 ‐‐‐
PPTP CHAP Authentication
Failed. Please verify PPTP
username and password PPTP
System
Maintenance INFO 394 ‐‐‐
PPTP Connect Initiated by the
User PPTP
System
Maintenance INFO 390 ‐‐‐
PPTP Control Connection
Established PPTP
System
Maintenance INFO 378 ‐‐‐
PPTP Control Connection
Negotiation Started PPTP
System
Maintenance INFO 375 ‐‐‐
PPTP decode failure PPTP Network Debug DEBUG 596 ‐‐‐
PPTP Disconnect Initiated by the
User PPTP
System
Maintenance INFO 388 ‐‐‐
PPTP LCP Down PPTP
System
Maintenance INFO 383 ‐‐‐
PPTP LCP Up PPTP
System
Maintenance INFO 387 ‐‐‐
PPTP Max Retransmission
Exceeded PPTP
System
Maintenance INFO 377 ‐‐‐
PPTP packet dropped Network Access
Dropped TCP |
Dropped UDP |
Dropped ICMP NOTICE 39 ‐‐‐
PPTP PAP Authentication Failed PPTP
System
Maintenance INFO 395 ‐‐‐
PPTP PAP Authentication Failed.
Please verify PPTP username and
password PPTP
System
Maintenance INFO 397 ‐‐‐
PPTP PAP Authentication
success. PPTP
System
Maintenance INFO 396 ‐‐‐
46 |
PPTP PPP Authentication Failed PPTP
System
Maintenance INFO 386 ‐‐‐
PPTP PPP Down PPTP
System
Maintenance INFO 385 ‐‐‐
PPTP PPP link down PPTP
System
Maintenance INFO 391 ‐‐‐
PPTP PPP Link down PPTP
System
Maintenance INFO 399 ‐‐‐
PPTP PPP Link Finished PPTP
System
Maintenance INFO 400 ‐‐‐
PPTP PPP Link Up PPTP
System
Maintenance INFO 398 ‐‐‐
PPTP PPP Negotiation Started PPTP
System
Maintenance INFO 382 ‐‐‐
PPTP PPP Session Up PPTP
System
Maintenance INFO 384 ‐‐‐
PPTP Server is not responding,
check if the server is UP and
running. PPTP
System
Maintenance INFO 444 ‐‐‐
PPTP server rejected control
connection PPTP
System
Maintenance INFO 432 ‐‐‐
PPTP server rejected the call
request PPTP
System
Maintenance INFO 433 ‐‐‐
PPTP Session Disconnect from
Remote PPTP
System
Maintenance INFO 381 ‐‐‐
PPTP Session Established PPTP
System
Maintenance INFO 380 ‐‐‐
PPTP Session Negotiation Started PPTP
System
Maintenance INFO 376 ‐‐‐
PPTP starting CHAP
Authentication PPTP
System
Maintenance INFO 392 ‐‐‐
PPTP starting PAP Authentication PPTP
System
Maintenance INFO 393 ‐‐‐
PPTP Tunnel Disconnect from
Remote PPTP
System
Maintenance INFO 379 ‐‐‐
Primary firewall has transitioned
to Active High Availability
System
Maintenance ALERT 144 ‐‐‐
Primary firewall has transitioned
to Idle High Availability System Errors ALERT 146 614
Primary firewall preempting
Backup High Availability System Errors ERROR 153 620
| 47
Primary firewall rebooting itself
as it transitioned from Active to
Idle while Preempt High Availability ‐‐‐ INFO 1058 ‐‐‐
Primary missed heartbeats from
Backup High Availability System Errors ERROR 148 615
Primary received error signal
from Backup High Availability System Errors ERROR 150 617
Primary received heartbeat from
wrong source High Availability
System
Maintenance INFO 160 ‐‐‐
Primary received reboot signal
from Backup High Availability System Errors ERROR 671 665
Primary WAN link down, Backup
going Active High Availability System Errors ERROR 220 634
Primary WAN link down, Primary
going Idle High Availability
System
Maintenance INFO 218 ‐‐‐
Primary WAN link up, preempting
Backup High Availability
System
Maintenance INFO 221 ‐‐‐
Priority attack dropped Intrusion Prevention Attacks ALERT 79 518
Probable port scan detected Intrusion Prevention Attacks ALERT 83 522
Probable TCP FIN scan detected Intrusion Prevention Attacks ALERT 177 528
Probable TCP NULL scan detected Intrusion Prevention Attacks ALERT 179 530
Probable TCP XMAS scan
detected Intrusion Prevention Attacks ALERT 178 529
Probe Response Failure ‐ %s Anti‐Spam Service ‐‐‐ DEBUG 1132 ‐‐‐
Probe Response Success ‐ %s Anti‐Spam Service ‐‐‐ DEBUG 1131 ‐‐‐
Probing failure on %s WAN Availability System Errors ALERT 326 637
Probing succeeded on %s WAN Availability System Errors ALERT 436 638
Problem loading the URL List;
Appliance not registered. Security Services System Errors ERROR 183 623
Problem loading the URL List;
check Filter settings Security Services System Errors ERROR 10 602
Problem loading the URL List;
check your DNS server Security Services System Errors ERROR 11 603
48 |
14
5
Problem loading the URL List;
Flash write failure. Security Services System Errors ERROR 187 627
Problem loading the URL List;
Retrying later. Security Services System Errors ERROR 186 626
Problem loading the URL List;
Subscription expired. Security Services System Errors ERROR 184 624
Problem loading the URL List; Try
loading it again. Security Services System Errors ERROR 185 625
Problem occurred during user
group membership retrieval
Authenticated
Access User Activity WARNING 1033 ‐‐‐
Problem sending log email; check
log settings Firewall Logging System Errors WARNING 12 604
Processed Email received from
Email Security Service Anti‐Spam Service ‐‐‐ INFO 1096 138
Product maximum entries
reached ‐ %s Firewall Event ‐‐‐ WARNING 1196 ‐‐‐
RADIUS user cannot use One
Time Password ‐ no mail address
set for equivalent local user
Authenticated
Access User Activity INFO 1119 ‐‐‐
RBL DNS server responded with
error code ‐ %s Security Services ‐‐‐ DEBUG 1239 ‐‐‐
Read‐only mode GUI
administration session started
Authenticated
Access User Activity INFO 996 ‐‐‐
Real time clock battery failure
Time values may be incorrect Firewall Hardware System Errors WARNING 539 644
Received a path MTU ICMP
message from router/gateway Network User Activity INFO 182 ‐‐‐
Received a path MTU ICMP
message from router/gateway Network User Activity INFO 188 ‐‐‐
Received Application Firewall
Alert: Your Application Firewall
(Application Firewall)
subscription has expired. Security Services
System
Maintenance WARNING 1034 863
Received Alert: Your Firewall
Botnet Filter subscription has
expired. Security Services ‐‐‐ WARNING 1195 ‐‐‐
| 49
Received Alert: Your Firewall
Visualization Control subscription
has expired. Security Services ‐‐‐ WARNING 1159 ‐‐‐
Received AV Alert: %s Security Services
System
Maintenance WARNING 125 524
Received AV Alert: Your Network
Anti‐Virus subscription has
expired. %s Security Services
System
Maintenance WARNING 159 526
Received AV Alert: Your Network
Anti‐Virus subscription will expire
in 7 days. %s Security Services
System
Maintenance WARNING 482 552
Received Blacklisted Directive
from ‐ %s Security Services ‐‐‐ DEBUG 1236 ‐‐‐
Received CFS Alert: Your Content
Filtering subscription has
expired. Security Services
System
Maintenance WARNING 490 563
Received CFS Alert: Your Content
Filtering subscription will expire
in 7 days. Security Services
System
Maintenance WARNING 489 562
Received DHCP offer packet has
errors DHCP Client
System
Maintenance INFO 588 ‐‐‐
Received E‐Mail Filter Alert: Your
E‐Mail Filtering subscription has
expired. Security Services
System
Maintenance WARNING 492 565
Received E‐Mail Filter Alert: Your
E‐Mail Filtering subscription will
expire in 7 days. Security Services
System
Maintenance WARNING 491 564
Received fragmented packet or
fragmentation needed Network Network Debug DEBUG 63 ‐‐‐
Received IKE SA delete request VPN IKE User Activity INFO 413 ‐‐‐
Received IPS Alert: Your Intrusion
Prevention (IDP) subscription has
expired. Security Services
System
Maintenance WARNING 614 571
Received IPsec SA delete request VPN IKE User Activity INFO 412 ‐‐‐
Received ISAKMP packet
destined to port %s VPN IKE
Network Debug |
Dropped UDP INFO 607 ‐‐‐
50 |
06
Received LCP Echo Reply PPPoE
System
Maintenance INFO 723 ‐‐‐
Received LCP Echo Request PPPoE
System
Maintenance INFO 721 ‐‐‐
Received notify.
NO_PROPOSAL_CHOSEN VPN IKE User Activity WARNING 401 ‐‐‐
Received notify:
INVALID_COOKIES VPN IKE User Activity INFO 414 ‐‐‐
Received notify:
INVALID_ID_INFO VPN IPSec User Activity WARNING 483 ‐‐‐
Received notify:
INVALID_PAYLOAD VPN IKE User Activity ERROR 661 ‐‐‐
Received notify: INVALID_SPI VPN IKE User Activity INFO 416 ‐‐‐
Received notify:
ISAKMP_AUTH_FAILED VPN IKE User Activity WARNING 409 ‐‐‐
Received notify:
PAYLOAD_MALFORMED VPN IKE User Activity WARNING 411 ‐‐‐
Received notify:
RESPONDER_LIFETIME VPN IKE User Activity INFO 415 ‐‐‐
Received packet retransmission.
Drop duplicate packet VPN IKE User Activity WARNING 406 ‐‐‐
Received PPPoE Active Discovery
Offer PPPoE
System
Maintenance INFO 593 ‐‐‐
Received PPPoE Active Discovery
Session_confirmation PPPoE
System
Maintenance INFO 594 ‐‐‐
Received response packet for
DHCP request has errors DHCP Client
System
Maintenance INFO 589 ‐‐‐
Received unauthenticated GRID
response Anti‐Spam Service ‐‐‐ DEBUG 1138 ‐‐‐
Received unencrypted packet in
crypto active state VPN IKE User Activity WARNING 605 ‐‐‐
Regulatory requirements prohibit
%s from being re‐dialed for 30
minutes PPP Dial‐Up Attacks ERROR 592 567
Released IP address %s DHCP Server ‐‐‐ INFO 1111 ‐‐‐
Remote WAN Acceleration
device started responding to
probes WAN Acceleration ‐‐‐ ALERT 1175 160
| 51
05
3
Remote WAN Acceleration
device stopped responding to
probes WAN Acceleration ‐‐‐ ALERT 1174 160
Remotely Triggered Dial‐out
session ended. Valid WAN bound
data found. Normal dial‐up
sequence will commence
Authenticated
Access User Activity INFO 822 ‐‐‐
Remotely Triggered Dial‐out
session started. Requesting
authentication
Authenticated
Access User Activity INFO 818 ‐‐‐
Removed a member from an
LDAP mirror user group
Remote
Authentication User Activity INFO 1193 ‐‐‐
Removed host entry from
dynamic address object
Dynamic Address
Objects
System
Maintenance INFO 912 ‐‐‐
Request for Relay IP Table from
Central Gateway DHCP Relay
System
Maintenance INFO 230 ‐‐‐
Requesting CRL from VPN PKI User Activity INFO 269 ‐‐‐
Requesting Relay IP Table from
Remote Gateway DHCP Relay
System
Maintenance INFO 231 ‐‐‐
Resolved ES Cloud ‐ %s Anti‐Spam Service ‐‐‐ DEBUG 1146 ‐‐‐
Responder from country blocked:
%s Geolocation ‐‐‐ ALERT 1199 ‐‐‐
Restarting Network Security
Appliance; dumping log to email Firewall Event
System
Maintenance INFO 13 ‐‐‐
Retransmitting DHCP DISCOVER. DHCP Client
System
Maintenance INFO 99 ‐‐‐
Retransmitting DHCP REQUEST
(Rebinding). DHCP Client
System
Maintenance INFO 102 ‐‐‐
Retransmitting DHCP REQUEST
(Rebooting). DHCP Client
System
Maintenance INFO 103 ‐‐‐
Retransmitting DHCP REQUEST
(Renewing). DHCP Client
System
Maintenance INFO 101 ‐‐‐
Retransmitting DHCP REQUEST
(Requesting). DHCP Client
System
Maintenance INFO 100 ‐‐‐
Retransmitting DHCP REQUEST
(Verifying). DHCP Client
System
Maintenance INFO 104 ‐‐‐
RIP Broadcasts for LAN Network
%s are being broadcast over
dialup‐connection RIP
System
Maintenance INFO 571 841
52 |
5
1
9
6
2
0
8
4
2
7
3
1
RIP disabled on DMZ interface RIP
System
Maintenance INFO 423 840
RIP disabled on interface %s RIP
System
Maintenance INFO 419 840
RIP disabled on WAN interface RIP
System
Maintenance INFO 552 840
Ripper attack dropped Intrusion Prevention Attacks ALERT 76 515
RIPv1 enabled on DMZ interface RIP
System
Maintenance INFO 424 840
RIPv1 enabled on interface %s RIP
System
Maintenance INFO 420 840
RIPv1 enabled on WAN interface RIP
System
Maintenance INFO 553 841
RIPv2 compatibility (broadcast)
mode enabled on DMZ interface RIP
System
Maintenance INFO 426 840
RIPv2 compatibility (broadcast)
mode enabled on interface %s RIP
System
Maintenance INFO 422 840
RIPv2 compatibility (broadcast)
mode enabled on WAN interface RIP
System
Maintenance INFO 555 841
RIPv2 enabled on DMZ interface RIP
System
Maintenance INFO 425 840
RIPv2 enabled on interface %s RIP
System
Maintenance INFO 421 840
RIPv2 enabled on WAN interface RIP
System
Maintenance INFO 554 841
Router IGMP General query
received on interface %s Multicast ‐‐‐ DEBUG 680 ‐‐‐
Router IGMP Membership query
received on interface %s Multicast ‐‐‐ DEBUG 681 ‐‐‐
RST Flood Blacklist on IF %s
continues Intrusion Prevention Network Debug WARNING 899 ‐‐‐
RST‐Flooding machine %s
blacklisted Intrusion Prevention Network Debug ALERT 898 ‐‐‐
SA is disabled. Check VPN SA
settings VPN IKE User Activity INFO 407 ‐‐‐
SCEP Client: %s VPN PKI ‐‐‐ NOTICE 1097 ‐‐‐
Sending DHCP DISCOVER. DHCP Client
System
Maintenance INFO 105 ‐‐‐
| 53
06
11
Sending DHCP RELEASE. DHCP Client
System
Maintenance INFO 122 ‐‐‐
Sending DHCP REQUEST
(Rebinding). DHCP Client
System
Maintenance INFO 116 ‐‐‐
Sending DHCP REQUEST
(Rebooting). DHCP Client
System
Maintenance INFO 117 ‐‐‐
Sending DHCP REQUEST
(Renewing). DHCP Client
System
Maintenance INFO 115 ‐‐‐
Sending DHCP REQUEST
(Verifying). DHCP Client
System
Maintenance INFO 118 ‐‐‐
Sending DHCP REQUEST. DHCP Client
System
Maintenance INFO 108 ‐‐‐
Sending LCP Echo Reply PPPoE
System
Maintenance INFO 722 ‐‐‐
Sending LCP Echo Request PPPoE
System
Maintenance INFO 720 ‐‐‐
Sending PPPoE Active Discovery
Request PPPoE
System
Maintenance INFO 595 ‐‐‐
Senna Spy attack dropped Intrusion Prevention Attacks ALERT 78 517
Sent Relay IP Table to Central
Gateway DHCP Relay
System
Maintenance INFO 232 ‐‐‐
Settings Import: %s Firewall Event ‐‐‐ INFO 1049 ‐‐‐
SIP Register expiration exceeds
configured Signaling inactivity
time out VoIP
Expanded – VoIP
Activity WARNING 645 ‐‐‐
SIP Request VoIP
Expanded – VoIP
Activity DEBUG 643 ‐‐‐
SIP Response VoIP
Expanded – VoIP
Activity DEBUG 644 ‐‐‐
SMTP authentication problem:%s Firewall Logging System Errors WARNING 737 ‐‐‐
SMTP connection limit is
reached. Connection is dropped. Anti‐Spam Service ‐‐‐ WARNING 1087 138
SMTP POP‐Before‐SMTP
authentication failed Firewall Logging System Errors WARNING 656 ‐‐‐
SMTP server found on RBL
blacklist RBL ‐‐‐ NOTICE 799 ‐‐‐
SMTP server found on Reject List Anti‐Spam Service ‐‐‐ NOTICE 1093 138
Smurf Amplification attack
dropped Intrusion Prevention Attacks ALERT 81 520
54 |
SNMP Packet Dropped Unused ‐‐‐ INFO 1225 ‐‐‐
SonicPoint association posted
successfully to License Manager Firewall Event ‐‐‐ INFO 1266 ‐‐‐
SonicPoint association request to
License Manager failed: %s Firewall Event ‐‐‐ WARNING 1265 ‐‐‐
SonicPoint Provision SonicPoint
Expanded –
SonicPoint Activity INFO 727 ‐‐‐
SonicPoint statistics report GMS ‐‐‐ INFO 806 ‐‐‐
SonicPoint Status SonicPoint
Expanded –
SonicPoint Activity INFO 667 ‐‐‐
SonicPointN Provision SonicPointN ‐‐‐ INFO 1078 ‐‐‐
SonicPointN Status SonicPointN ‐‐‐ INFO 1077 ‐‐‐
Source IP address connection
status: %s Firewall Event ‐‐‐ INFO 734 ‐‐‐
Source routed IP packet dropped Intrusion Prevention Network Debug WARNING 428 ‐‐‐
Spank attack multicast packet
dropped Intrusion Prevention Attacks ALERT 606 568
SSL Control: Certificate chain not
complete Network Access Blocked Web Sites INFO 1006 ‐‐‐
SSL Control: Certificate with
invalid date Network Access Blocked Web Sites INFO 1002 ‐‐‐
SSL Control: Certificate with MD5
Digest Signature Algorithm Network Access Blocked Web Sites INFO 1081 ‐‐‐
SSL Control: Failed to decode
Server Hello Network Access Blocked Web Sites INFO 1007 ‐‐‐
SSL Control: HTTPS via SSL2 Network Access Blocked Web Sites INFO 1001 ‐‐‐
SSL Control: Self‐signed
certificate Network Access Blocked Web Sites INFO 1003 ‐‐‐
SSL Control: Untrusted CA Network Access Blocked Web Sites INFO 1005 ‐‐‐
SSL Control: Weak cipher being
used Network Access Blocked Web Sites INFO 1004 ‐‐‐
SSL Control: Website found in
blacklist Network Access Blocked Web Sites INFO 999 ‐‐‐
| 55
SSL Control: Website found in
whitelist Network Access Blocked Web Sites INFO 1000 ‐‐‐
SSLVPN enforcement Wireless
System
Maintenance INFO 733 ‐‐‐
SSLVPN Traffic SSLVPN
Syslog only ‐ for
traffic reporting INFO 1153 ‐‐‐
SSLVPN zone remote user login
allowed
Authenticated
Access User Activity INFO 1080 ‐‐‐
SSO agent is down
SSO Agent
Authentication User Activity ALERT 1075 ‐‐‐
SSO agent is up
SSO Agent
Authentication User Activity ALERT 1076 ‐‐‐
SSO agent returned error
SSO Agent
Authentication User Activity WARNING 1073 ‐‐‐
SSO returned a domain name
that is too long
SSO Agent
Authentication User Activity WARNING 993 ‐‐‐
SSO returned a user name that is
too long
SSO Agent
Authentication User Activity WARNING 992 ‐‐‐
Starting IKE negotiation VPN IKE User Activity INFO 90 ‐‐‐
Starting PPPoE discovery PPPoE
System
Maintenance INFO 127 ‐‐‐
Status GMS
System
Maintenance EMERGENCY 96 ‐‐‐
Striker attack dropped Intrusion Prevention Attacks ALERT 77 516
Sub Seven attack dropped Intrusion Prevention Attacks ALERT 75 514
Succeed in updating time from
NTP server System ‐‐‐ NOTICE 1231 ‐‐‐
Success to reach Interface %s
probe High Availability System Errors INFO 674 ‐‐‐
Successful authentication
received for Remotely Triggered
Dial‐out
Authenticated
Access User Activity INFO 820 ‐‐‐
Successfully sent %s file to
remote backup server Firewall Event
System
Maintenance INFO 1065 ‐‐‐
Successfully sent Preference file
to remote backup server Firewall Event
System
Maintenance INFO 1061 ‐‐‐
56 |
2
Successfully sent TSR file to
remote backup server Firewall Event
System
Maintenance INFO 1063 ‐‐‐
Suspected Botnet initiator
blocked: %s Botnet Blocking ‐‐‐ ALERT 1200 ‐‐‐
Suspected Botnet responder
blocked: %s Botnet Blocking ‐‐‐ ALERT 1201 ‐‐‐
SYN Flood Blacklist on IF %s
continues Intrusion Prevention Network Debug WARNING 868 ‐‐‐
SYN Flood blacklisting disabled by
user Intrusion Prevention Network Debug WARNING 863 ‐‐‐
SYN Flood blacklisting enabled by
user Intrusion Prevention Network Debug WARNING 862 ‐‐‐
SYN flood ceased or flooding
machines blacklisted ‐
connection proxy disabled Intrusion Prevention Network Debug ALERT 861 ‐‐‐
SYN Flood Mode changed by user
to: Always proxy WAN
connections Intrusion Prevention Network Debug WARNING 858 ‐‐‐
SYN Flood Mode changed by user
to: Watch and proxy WAN
connections when under attack Intrusion Prevention Network Debug WARNING 857 ‐‐‐
SYN Flood Mode changed by user
to: Watch and report possible
SYN floods Intrusion Prevention Network Debug WARNING 856 ‐‐‐
Synchronizing preferences to HA
Peer Firewall High Availability
System
Maintenance INFO 673 ‐‐‐
SYN‐Flooding machine %s
blacklisted Intrusion Prevention Network Debug ALERT 864 ‐‐‐
Syslog Server cannot be reached Network
System
Maintenance INFO 657 ‐‐‐
System clock manually updated Firewall Logging ‐‐‐ NOTICE 881 ‐‐‐
System shutdown by
administrator. Power cycle
required. Firewall Event ‐‐‐ ALERT 1067 524
TCP checksum error; packet
dropped Network Access Dropped TCP NOTICE 884 ‐‐‐
TCP connection abort received;
TCP connection dropped Network Network Debug DEBUG 713 ‐‐‐
TCP connection dropped Network Access Dropped TCP NOTICE 36 ‐‐‐
| 57
TCP connection from LAN denied Network Access Dropped LAN TCP NOTICE 173 ‐‐‐
TCP connection reject received;
TCP connection dropped Network Network Debug DEBUG 712 ‐‐‐
TCP FIN packet dropped Network Network Debug DEBUG 181 ‐‐‐
TCP handshake violation
detected; TCP connection
dropped Network Access ‐‐‐ NOTICE 760 ‐‐‐
TCP packet received on a closing
connection; TCP packet dropped Network Network Debug DEBUG 891 ‐‐‐
TCP packet received on non‐
existent/closed connection; TCP
packet dropped Network Network Debug DEBUG 888 ‐‐‐
TCP packet received with invalid
ACK number; TCP packet
dropped Network Network Debug DEBUG 709 ‐‐‐
TCP packet received with invalid
header length; TCP packet
dropped Network Network Debug DEBUG 887 ‐‐‐
TCP packet received with invalid
MSS option length; TCP packet
dropped Network Network Debug DEBUG 894 ‐‐‐
TCP packet received with invalid
option length; TCP packet
dropped Network Network Debug DEBUG 895 ‐‐‐
TCP packet received with invalid
SACK option length; TCP packet
dropped Network Network Debug DEBUG 893 ‐‐‐
TCP packet received with invalid
SEQ number; TCP packet
dropped Network Network Debug DEBUG 708 ‐‐‐
TCP packet received with invalid
source port; TCP packet dropped Network Network Debug DEBUG 896 ‐‐‐
TCP packet received with invalid
SYN Flood cookie; TCP packet
dropped Network Network Debug INFO 897 ‐‐‐
TCP packet received with invalid
Window Scale option length; TCP
packet dropped Network Network Debug DEBUG 1030 ‐‐‐
58 |
TCP packet received with invalid
Window Scale option value; TCP
packet dropped Network Network Debug DEBUG 1031 ‐‐‐
TCP packet received with non‐
permitted option; TCP packet
dropped Network Network Debug DEBUG 1029 ‐‐‐
TCP packet received with SYN
flag on an existing connection;
TCP packet dropped Network Network Debug INFO 892 ‐‐‐
TCP packet received without
mandatory ACK flag; TCP packet
dropped Network Network Debug DEBUG 890 ‐‐‐
TCP packet received without
mandatory SYN flag; TCP packet
dropped Network Network Debug DEBUG 889 ‐‐‐
TCP stateful inspection: Bad
header; TCP packet dropped Network Network Debug DEBUG 711 ‐‐‐
TCP stateful inspection: Invalid
flag; TCP packet dropped Network Network Debug INFO 710 ‐‐‐
TCP SYN received Intrusion Prevention Network Debug DEBUG 869 ‐‐‐
TCP Syn/Fin packet dropped Network Access Attacks ALERT 580 558
TCP Xmas Tree dropped Intrusion Prevention Attacks ALERT 267 547
Terminal Services agent is down
SSO Agent
Authentication User Activity ALERT 1150 ‐‐‐
Terminal Services agent is up
SSO Agent
Authentication User Activity ALERT 1151 ‐‐‐
The cache is full; %u open
connections; some will be
dropped Firewall Event System Errors ERROR 53 607
The current WAN interface is not
ready to route packets. Firewall Event System Errors ERROR 325 635
The High Availability monitoring
IP configuration of Interface %s is
incorrect. High Availability ‐‐‐ ERROR 1126 ‐‐‐
The loaded content URL List has
expired. Security Services System Errors ERROR 190 628
| 59
05
13
The network connection in use is
%s WAN Availability System Errors WARNING 307 639
The preferences file is too large
to be saved in available flash
memory Firewall Event System Errors WARNING 573 649
The stateful license of HA peer
firewall is not activated High Availability System Errors ALERT 1137 ‐‐‐
Thermal Red Firewall Hardware
System
Environment ALERT 578 104
Thermal Red Timer Exceeded Firewall Hardware
System
Environment ALERT 579 105
Thermal Yellow Firewall Hardware
System
Environment ALERT 577 103
Time of day settings for firewall
policies were not upgraded. Firewall Event
System
Maintenance INFO 742 ‐‐‐
Too many gratuitous ARPs
detected Network ‐‐‐ WARNING 815 ‐‐‐
Total firewall throughput is
greater than 50% of the
maximum rated tolerance for
more than 10 seconds. Firewall Hardware ‐‐‐ ALERT 1251 170
UDP checksum error; packet
dropped Network Access Dropped UDP NOTICE 885 ‐‐‐
UDP packet dropped Network Access Dropped UDP NOTICE 37 ‐‐‐
UDP packet from LAN dropped Network Access
Dropped LAN UDP
| Dropped LAN
TCP NOTICE 174 ‐‐‐
Unable to resolve dynamic
address object
Dynamic Address
Objects
System
Maintenance INFO 880 ‐‐‐
Unable to send message to dial‐
up task PPP Dial‐Up System Errors ERROR 1024 ‐‐‐
Unhandled link‐local or multicast
IPv6 packet dropped Multicast ‐‐‐ ALERT 1233 ‐‐‐
Unknown IPsec SPI VPN IPSec Attacks ERROR 66 507
Unknown protocol dropped Network Access Network Debug NOTICE 41 ‐‐‐
Unknown reason VPN PKI User Activity ERROR 275 ‐‐‐
Unprocessed email received from
MTA on Inbound SMTP port Anti‐Spam Service ‐‐‐ INFO 1095 138
60 |
Updated ES Cloud Address ‐ %s Anti‐Spam Service ‐‐‐ DEBUG 1147 ‐‐‐
User account '%s' expired and
disabled
Authenticated
Access User Activity INFO 1157 ‐‐‐
User account '%s' expired and
pruned
Authenticated
Access User Activity INFO 1158 ‐‐‐
User logged out
Authenticated
Access User Activity INFO 263 ‐‐‐
User logged out ‐ inactivity timer
expired
Authenticated
Access User Activity INFO 265 ‐‐‐
User logged out ‐ logout detected
by SSO
Authenticated
Access User Activity INFO 1008 ‐‐‐
User logged out ‐ logout reported
by Terminal Services agent
Authenticated
Access User Activity INFO 1124 ‐‐‐User logged out ‐ max session
time exceeded
Authenticated
Access User Activity INFO 264 ‐‐‐
User logged out ‐ user disconnect
detected (heartbeat timer
expired)
Authenticated
Access User Activity INFO 24 ‐‐‐
User login denied ‐ insufficient
access on LDAP server
Remote
Authentication User Activity WARNING 750 ‐‐‐
User login denied ‐ invalid
credentials on LDAP server
Remote
Authentication User Activity WARNING 749 ‐‐‐
User login denied ‐ LDAP
authentication failure
Remote
Authentication User Activity INFO 745 ‐‐‐
User login denied ‐ LDAP
communication problem
Remote
Authentication User Activity WARNING 748 ‐‐‐
User login denied ‐ LDAP
directory mismatch
Remote
Authentication User Activity WARNING 757 ‐‐‐
User login denied ‐ LDAP schema
mismatch
Remote
Authentication User Activity WARNING 751 ‐‐‐
User login denied ‐ LDAP server
certificate not valid
Remote
Authentication User Activity WARNING 755 ‐‐‐
User login denied ‐ LDAP server
down or misconfigured
Remote
Authentication User Activity WARNING 747 ‐‐‐
User login denied ‐ LDAP server
name resolution failed
Remote
Authentication User Activity WARNING 753 ‐‐‐
User login denied ‐ LDAP server
timeout
Remote
Authentication User Activity WARNING 746 ‐‐‐
| 61
User login denied ‐ Mail
Address(From/to) or SMTP
Server is not configured
Authenticated
Access User Activity INFO 1118 ‐‐‐
User login denied ‐ No name
received from Terminal Services
agent
Authenticated
Access User Activity WARNING 1122 ‐‐‐
User login denied ‐ not allowed
by policy rule
Authenticated
Access User Activity INFO 986 ‐‐‐
User login denied ‐ not found
locally
Authenticated
Access User Activity INFO 987 ‐‐‐
User login denied ‐ password
doesn't meet constraints
Authenticated
Access ‐‐‐ INFO 1048 ‐‐‐
User login denied ‐ password
expired
Authenticated
Access User Activity INFO 1035 ‐‐‐
User login denied ‐ RADIUS
authentication failure
Remote
Authentication User Activity INFO 243 ‐‐‐
User login denied ‐ RADIUS
communication problem
Remote
Authentication User Activity WARNING 744 ‐‐‐
User login denied ‐ RADIUS
configuration error
Remote
Authentication User Activity WARNING 245 ‐‐‐
User login denied ‐ RADIUS
server name resolution failed
Remote
Authentication User Activity WARNING 754 ‐‐‐
User login denied ‐ RADIUS
server timeout
Remote
Authentication User Activity WARNING 244 ‐‐‐
User login denied ‐ SSO agent
communication problem
Authenticated
Access User Activity WARNING 990 ‐‐‐
User login denied ‐ SSO agent
configuration error
Authenticated
Access User Activity WARNING 989 ‐‐‐
User login denied ‐ SSO agent
name resolution failed
Authenticated
Access User Activity WARNING 991 ‐‐‐
User login denied ‐ SSO agent
timeout
Authenticated
Access User Activity WARNING 988 ‐‐‐
User login denied ‐ SSO probe
failed
Authenticated
Access User Activity WARNING 1117 ‐‐‐
User login denied ‐ Terminal
Services agent communication
problem
Authenticated
Access User Activity WARNING 1123 ‐‐‐
User login denied ‐ Terminal
Services agent name resolution
failed
Authenticated
Access User Activity WARNING 1121 ‐‐‐
62 |
User login denied ‐ Terminal
Services agent timeout
Authenticated
Access User Activity WARNING 1120 ‐‐‐
User login denied ‐ TLS or local
certificate problem
Remote
Authentication User Activity WARNING 756 ‐‐‐
User login denied ‐ user already
logged in
Authenticated
Access User Activity INFO 759 ‐‐‐
User login denied ‐ User has no
privileges for guest service
Authenticated
Access User Activity INFO 486 ‐‐‐
User login denied ‐ User has no
privileges for login from that
location
Authenticated
Access User Activity INFO 246 ‐‐‐
User login denied due to bad
credentials
Authenticated
Access User Activity INFO 32 ‐‐‐
User login denied due to bad
credentials
Authenticated
Access User Activity INFO 33 ‐‐‐
User login disabled from %s
Authenticated
Access Attacks ERROR 583 559
User login Failed ‐ An error has
occurred while sending your one‐
time password
Authenticated
Access User Activity INFO 1243 ‐‐‐
User login failed ‐ Guest service
limit reached
Authenticated
Access User Activity INFO 549 ‐‐‐
User login failure rate exceeded ‐
logins from user IP address
denied
Authenticated
Access Attacks ERROR 329 561
User login from an internal zone
allowed
Authenticated
Access User Activity INFO 31 ‐‐‐
Using LDAP without TLS ‐ highly
insecure
Remote
Authentication System Errors ALERT 1010 ‐‐‐
Virtual Access Point is disabled SonicPoint
802.11
Management INFO 731 ‐‐‐
Virtual Access Point is enabled SonicPoint
802.11
Management INFO 730 ‐‐‐
VoIP %s Endpoint added VoIP
Expanded – VoIP
Activity DEBUG 637 ‐‐‐
VoIP %s Endpoint not added ‐
configured 'public' endpoint limit
reached VoIP
Expanded – VoIP
Activity WARNING 639 ‐‐‐
VoIP %s Endpoint removed VoIP
Expanded – VoIP
Activity DEBUG 638 ‐‐‐
VoIP Call Connected VoIP
Expanded – VoIP
Activity INFO 622 ‐‐‐
| 63
03
04
02
01
VoIP Call Disconnected VoIP
Expanded – VoIP
Activity INFO 623 ‐‐‐
Voltages Out of Tolerance Firewall Hardware
System
Environment ERROR 575 101
VPN Cleanup: Dynamic network
settings change VPN User Activity INFO 471 ‐‐‐
VPN Client Policy Provisioning VPN Client User Activity INFO 371 ‐‐‐
VPN disabled by administrator
Authenticated
Access
System
Maintenance INFO 506 ‐‐‐
VPN enabled by administrator
Authenticated
Access
System
Maintenance INFO 507 ‐‐‐
VPN Log Debug VPN IKE Network Debug INFO 172 ‐‐‐
VPN Policy Added VPN ‐‐‐ INFO 1050 ‐‐‐
VPN policy count received
exceeds the limit; %s VPN System Errors ERROR 719 ‐‐‐
VPN Policy Deleted VPN ‐‐‐ INFO 1051 ‐‐‐
VPN Policy Modified VPN ‐‐‐ INFO 1052 ‐‐‐
VPN TCP FIN VPN
Syslog Only – VPN
Statistics INFO 195 ‐‐‐
VPN TCP PSH VPN
Syslog Only – VPN
Statistics INFO 196 ‐‐‐
VPN TCP SYN VPN
Syslog Only – VPN
Statistics INFO 194 ‐‐‐
VPN zone administrator login
allowed
Authenticated
Access User Activity INFO 235 ‐‐‐
VPN zone remote user login
allowed
Authenticated
Access User Activity INFO 237 ‐‐‐
WAN Acceleration device %s
found WAN Acceleration ‐‐‐ INFO 1169 ‐‐‐
WAN Acceleration device %s is
being used WAN Acceleration ‐‐‐ ALERT 1172 160
WAN Acceleration device %s is
no longer being used WAN Acceleration ‐‐‐ ALERT 1173 160
WAN Acceleration device %s is
no longer operational WAN Acceleration ‐‐‐ ALERT 1171 160
WAN Acceleration device %s is
operational WAN Acceleration ‐‐‐ ALERT 1170 160
WAN DHCPC IP Changed Firewall Event System Errors WARNING 1129 ‐‐‐
64 |
WAN Interface not setup Firewall Event
System
Maintenance INFO 498 ‐‐‐
Wan IP Changed Firewall Event System Errors WARNING 138 636
WAN node exceeded:
Connection dropped because too
many IP addresses are in use on
your LAN Firewall Event System Errors ERROR 812 ‐‐‐
WAN not ready Firewall Event
System
Maintenance INFO 502 ‐‐‐
WAN zone administrator login
allowed
Authenticated
Access User Activity INFO 236 ‐‐‐
WAN zone remote user login
allowed
Authenticated
Access User Activity INFO 238 ‐‐‐
WARNING: Central Gateway does
not have a Relay IP Address.
DHCP message dropped. DHCP Relay
System
Maintenance INFO 472 ‐‐‐
WARNING: DHCP lease relayed
from Central Gateway conflicts
with IP in Static Devices list DHCP Relay
System
Maintenance INFO 227 ‐‐‐
Web access request dropped Network Access Dropped TCP NOTICE 524 ‐‐‐
Web management request
allowed Network Access User Activity NOTICE 526 ‐‐‐
Web site access allowed Network Access Blocked Web Sites NOTICE 16 703
Web site access denied Network Access Blocked Web Sites ERROR 14 701
WiFiSec Enforcement disabled by
administrator
Authenticated
Access
System
Maintenance INFO 510 ‐‐‐
WiFiSec Enforcement enabled by
administrator
Authenticated
Access
System
Maintenance INFO 511 ‐‐‐
Wireless MAC Filter List disabled
by administrator
Authenticated
Access
System
Maintenance INFO 513 ‐‐‐
Wireless MAC Filter List enabled
by administrator
Authenticated
Access
System
Maintenance INFO 512 ‐‐‐
WLAN client null probing WLAN IDS
Expanded ‐ WLAN
IDS Activity WARNING 615 904
WLAN DHCPC IP Changed Firewall Event System Errors WARNING 1130 ‐‐‐
WLAN disabled by administrator
Authenticated
Access
System
Maintenance INFO 508 ‐‐‐
| 65
WLAN disabled by schedule
Authenticated
Access
System
Maintenance INFO 728 ‐‐‐
WLAN enabled by administrator
Authenticated
Access
System
Maintenance INFO 509 ‐‐‐
WLAN enabled by schedule
Authenticated
Access
System
Maintenance INFO 729 ‐‐‐
WLAN firmware image has been
updated Wireless
System
Maintenance INFO 487 ‐‐‐
WLAN HTTP traffic not being sent
to WXA WebCache; zone conflict. WAN Acceleration ‐‐‐ INFO 1264 ‐‐‐
WLAN max concurrent users
reached already Network Access ‐‐‐ INFO 726 ‐‐‐
WLAN not in AP mode, DHCP
server will not provide lease to
clients on WLAN Wireless
System
Maintenance INFO 617 ‐‐‐
WLAN radio frequency threat
detected RF Monitoring ‐‐‐ WARNING 879 ‐‐‐
WLAN Reboot Firewall Hardware System Errors ERROR 517 642
WLAN recovery Wireless
System
Maintenance INFO 519 ‐‐‐
WLAN sequence number out of
order. WLAN IDS
Expanded ‐ WLAN
IDS Activity WARNING 547 902
WLB Failback initiated by %s. WAN Availability System Errors ALERT 435 652
WLB Failover in progress. WAN Availability System Errors ALERT 584 651
WLB Resource failed. WAN Availability System Errors ALERT 586 654
WLB Resource is now available. WAN Availability System Errors ALERT 585 653
WLB Spill‐over started,
configured threshold exceeded. WAN Availability
System
Maintenance WARNING 581 ‐‐‐
WLB Spill‐over stopped. WAN Availability
System
Maintenance WARNING 582 ‐‐‐
WPA MIC Failure. Wireless
802.11
Management WARNING 663 ‐‐‐
WPA RADIUS Server Timeout. Wireless
802.11
Management INFO 664 ‐‐‐
XAUTH Failed with VPN client,
Authentication failure. VPN Client User Activity ERROR 140 ‐‐‐
66 |
07
05
Log > SyslogIn addition to the standard event log, the Dell SonicWALL security appliance can send a detailed log to an external Syslog server. The Dell SonicWALL Syslog captures all log activity and includes every connection source and destination IP address, IP service, and number of bytes transferred. Syslog Analyzers such as Dell SonicWALL ViewPoint, Analyzer, or WebTrends Firewall Suite can be used to sort, analyze, and graph the Syslog data.
For more information on configuring the Log > Syslog page, refer to the SonicOS Administrator’s Guide.
XAUTH Failed with VPN client,
Cannot Contact RADIUS Server. VPN Client User Activity INFO 141 ‐‐‐
XAUTH Succeeded with VPN
client. VPN Client User Activity INFO 139 ‐‐‐
Your WAN Acceleration Service
subscription has expired. WAN Acceleration ‐‐‐ ALERT 1176 160
Your Active/Active Clustering
subscription has expired. High Availability ‐‐‐ WARNING 1149 ‐‐‐
Your Anti‐Spam Service
subscription has expired. Anti‐Spam Service ‐‐‐ WARNING 1086 138
YouTube for school enforced. Network Access ‐‐‐ DEBUG 1262 ‐‐‐
| 67
Index of Syslog Tag Field DescriptionsThis section provides an alphabetical listing of Syslog tags and the associated field descrip-tion. For more information about the “pri” Syslog Tag, see Table 3: Priority Leve on page 83. The value here is taken from the “Priority Level” column of the Index of Log Event Messages on page 2. For more information about the “c” Syslog Tag, see Legacy Category on page 79. Note that the following table also includes Syslog information for ArcSight, which is supported on SonicOS 5.9.
Tag Tags for ArcSight
(5.9.0 only)
Field Description Versions
<ddd> Syslog message prefix
The beginning of each syslog message has a string of the form <ddd> where ddd is a decimal number indicating facility and priority of the message
5.8.15.9.06.0.16.1
af_polid Application Filter
Displays the Application Filter Policy ID
5.8.15.9.06.0.16.1
af_policy Application Filter
Displays the Application Policy name
5.8.15.9.06.0.16.1
af_type Application Filter
Displays the Application Policy type such as:SMTP Client RequestHTTP Client RequestHTTP Server ResponseFTP Client RequestFTP Client Upload FileFTP Client Download FilePOP3 Client RequestPOP3 Server ResponseFTP Data TransferIPS ContentApp Control ContentCustom Policy TypeCFS
5.8.15.9.06.0.16.1
af_service Application Filter
Displays the Application Policy service name
5.8.15.9.06.0.16.1
68 |
af_action Application Filter
Displays the Application Policy action such as: HTTP Block PageHTTP Redirect,Bandwidth ManagementDisable E-Mail AttachmentFTP Notification ReplyReset/DropBlock SMTP E-MailBypass DPICFS Block PagePacket Monitor
5.8.15.9.06.0.16.1
Af_object Application policy object name
Displays the custom Application Policy object name
5.8.15.9.06.0.16.1
ai Active Interface via GMS heartbeat
Displays the Active WAN Interface. Normally it is Primary WAN but in a failover, it displays the value of the failover default outbound WAN interface, if there’s more than one WAN. When there is only one WAN interface, it is always Primary WAN regardless of the link state
5.8.15.9.06.0.16.1
app app Numeric application ID
Indicates the application for the applied syslog. Only displays when Flow Reporting is enabled
5.8.15.9.06.1
appcat appcat Application Control
Display the application category when Application Control is enabled
5.8.15.9.06.0.16.1
appid appid Application ID
Display the application ID when Application Control is enabled
5.8.15.9.06.0.16.1
arg arg URL Used to render a URL: arg represents the URL path name part
5.8.15.9.06.0.16.1
bcastRx bcastRx Interface statistics report
Displays the broadcast packets received
5.8.15.9.06.0.16.1
| 69
bcastTx bcastTx Interface statistics report
Displays the broadcast packets transmitted
5.8.15.9.06.0.16.1
bytesRx bytesRx Interface statistics report
Displays the bytes received 5.8.15.9.06.0.16.1
bytesTx bytesTx Interface statistics report
Displays the bytes transmitted 5.8.15.9.06.0.16.1
c cat Message category (legacy only)
Indicates the legacy category number (Note: We are not currently sending new category information.)
5.8.15.9.06.0.16.1
category category Blocking code description
Applicable only when CFS is enabled, indicates the category of the blocked content such as “Gambling”. This works in conjunction with “code” Blocking code.
5.8.15.9.06.0.16.1
catid Rule category
Indicates the category id of the rule
5.9.06.0.16.1
cdur cn3Label Connection Duration
Displays the connection duration 5.9.0
change SWGMSchangeUrl
Configuration change webpage
Displays the basename of the firewall web page that performed the last configuration change
5.8.15.9.06.0.16.1
code reason Blocking code
Indicates the CFS block code category
5.8.15.9.06.0.16.1
icmpCode cn2 ICMP type and code
Indicates the ICMP code 5.9.06.1
conns Firewall status report via GMS heartbeat
Indicates the number of connections in use
5.8.15.9.06.0.16.1
70 |
contentObject
Firewall Indicates rule name 5.9.06.0.16.1
cs4 Interface Statistics
Display interface statistics 5.9.0
deviceInboundInterface
Interface Indicates interface on which the packet leaves the device
5.9.0
deviceInboundInterface
Interface Indicates interface on which the packet enters the device
5.9.0
dpt Port Display destination port 5.9.0
dnpt NAT’ed Port Display NAT’ed destination port 5.9.0
dst dst Destination Destination IP address, and optionally, port, network interface, and resolved name.
5.8.15.9.06.0.16.1
dstV6 dst Destination Destination IPv6 address, and optionally, port, network interface, and resolved name.
5.9.06.1
dstname dst URL Displays the URL of web site hit and other legacy destination strings such as the URL of the host
5.8.15.9.06.0.16.1
dur request Numeric, session duration in seconds
Indicates the duration in units of seconds that a session is connected
5.8.15.9.06.1
dyn cs6Label Firewall status report via GMS heartbeat
Displays the HA and dialup connection state (rendered as “h.d” where “h” is “n” (not enabled), “b” (backup), or “p” (primary) and “d” is “1” (enabled) or “0” (disabled))
5.8.15.9.06.0.16.1
f flowType Numeric flow type
Indicates the flow type when Flow Reporting is disabled
5.8.15.9.06.1
fw Firewall WAN IP
Indicates the WAN IP Address 5.8.15.9.06.0.16.1
| 71
fwlan Firewall status report via GMS heartbeat
Indicates the LAN zone IP address
5.8.15.9.06.0.16.1
gcat gcat Group category
Display event group category when using Enhanced Syslog
5.9.0
goodRxBytes goodRxBytes SonicPoint statistics report
Indicates the well formed bytes received
5.8.15.9.06.0.16.1
goodTxBytes goodTxBytes SonicPoint statistics report
Indicates the well formed bytes transmitted
5.8.15.9.06.0.16.1
i Firewall status report via GMS heartbeat
Displays the GMS message interval in seconds
5.8.15.9.06.0.16.1
id=firewall WebTrends prefix
Syntactic sugar for WebTrends (and GMS by habit)
5.8.15.9.06.0.16.1
if if Interface statistics report
Displays the interface on which statistics are reported
5.8.15.9.06.0.16.1
ipscat ipscat IPS message Displays the IPS category 5.8.15.9.06.0.16.1
ipspri ipspri IPS message Displays the IPS priority 5.8.15.9.06.0.16.1
lic Firewall status report via GMS heartbeat
Indicates the number of licenses for firewalls with limited modes
5.8.15.9.06.0.16.1
m Message ID Provides the message ID number
5.8.15.9.06.0.16.1
72 |
mac smac or dmac
MAC address
Provides the source or destination MAC address
5.8.15.9.06.0.16.1
mailFrom Email sender Originator of the email 5.9.06.0.16.1
msg msg Message Displays the message which is composed of either or both a predefined message and a dynamic message containing a string %s or numeric %d argument
5.8.15.9.06.0.16.1
n cnt Message count
Indicates the number of times event occurs
5.8.15.9.06.0.16.1
natDst cs2Label NAT destination IP
Displays the NAT’ed destination IP address
5.9.0
natDstV6 cs2Label NAT destination IPv6
Displays the NAT’ed destination IPv6 address
5.9.0
natSrc cs1Label NAT source IP
Displays the NAT’ed source IP address
5.9.0
natSrcV6 cs1Label NAT source IPv6
Displays the NAT’ed source IPv6 address
5.9.0
note cs6 Additional Information
Additional information that is application-dependent
5.8.15.9.06.0.16.1
npcs cs5 URL Applicable only when Network Packet Capture System (NPCS Solera) is enabled, displays URL of an NPCS object
5.8.15.9.06.0.16.1
op requestMethod
HTTP OP code
Displays the HTTP operation (GET, POST, etc.) of web site hit
5.8.15.9.06.0.16.1
| 73
pri Message priority
Displays the event priority level (0=emergency..7=debug)
5.8.15.9.06.0.16.1
proto proto Protocol and service
Displays the protocol information (rendered as “proto=[protocol]” or just “[proto]/[service]”)
5.8.15.9.06.0.16.1
pt Firewall status report via GMS heartbeat
Displays the HTTP/HTTPS management port (rendered as “hhh.sss”)
5.8.15.9.06.0.16.1
radio radio SonicPoint statistics report
Displays the SonicPoint radio on which event occurred
5.8.15.9.06.0.16.1
rcptTo recipient Indicates the email recipient 6.0.16.1
rcvd in Bytes received
Indicates the number of bytes received within connection
5.8.15.9.06.0.16.1
result outcome HTTP Result code
Displays the HTTP result code (200, 403, etc.) of web site hit
5.8.15.9.06.0.16.1
rpkt cn1Label Packet received
Display the number of packet received
5.9.0
rule cs1 Rule ID Displays the Access Rule number causing packet drop. The policy index includes Address Object names
5.8.15.9.06.0.16.1
sent out Bytes sent Displays the number of bytes sent within connection
5.8.15.9.06.0.16.1
sess cs5Label Pre-defined string indicating session type
Applies to syslogs with an associated user session being tracked by the UTM
5.8.15.9.06.1
74 |
sid sid IPS or Anti-Spyware message
Provides either IPS or Anti-Spyware signature ID
5.8.15.9.06.0.16.1
sn Firewall serial number
Indicates the device serial number
5.8.15.9.06.0.16.1
spkt cn2Label Packet sent Display the number of packets sent
5.9.0
spt Port Displays source port 5.9.0
spycat spycat Anti-Spyware message
Displays the Anti-Spyware category
5.8.15.9.06.0.16.1
spypri spypri Anti-Spyware message
Displays the Anti-Spyware priority
5.8.15.9.06.0.16.1
snpt NAT source port
Display NAT’ed source port 5.9.0
src src Source Indicates the source IP address, and optionally, port, network interface, and resolved name.
5.8.15.9.06.0.16.1
station station SonicPoint statistics report
Displays the client (station) on which event occurred
5.8.15.9.06.0.16.1
SWSPstats SonicPoint statistics report
Display SonicPoint statistics 5.9.0
time Time Reports the time of event 5.8.15.9.06.0.16.1
type cn1 ICMP type and code
Indicates the ICMP type 5.8.15.9.06.0.16.1
| 75
ucastRx ucastRx Interface statistics report
Displays the unicast packets received
5.8.15.9.06.0.16.1
ucastTx ucastTx Interface statistics report
Displays the unicast packets transmitted
5.8.15.9.06.0.16.1
unsynched Firewall status report via GMS heartbeat
Reports the time since last local change in seconds
5.8.15.9.06.0.16.1
usestandbysa
Firewall status report via GMS heartbeat
Displays whether standby SA is in use (“1” or “0”) for GMS management
5.8.15.9.06.0.16.1
usr (or user) susr User Displays the user name (“user” is the tag used by WebTrends)
5.8.15.9.06.0.16.1
vpnpolicy cs2 (source) orcs3 (destination)
Source VPN policy name
Displays the source VPN policy name of event
5.8.15.9.06.0.16.1
vpnpolicyDst cs2 (source) orcs3 (destination)
Destination VPN policy name
Displays the destination VPN policy name of event
5.9.06.1
dstZone cs3Label (source)cs4Label (destination)
Destination zone name
Displays destination zone 5.9.0
srcZone cs3Label (source)cs4Label (destination)
Source zone name
Displays source zone 5.9.0
76 |
Examples of Standard Syslogs
The following examples show the content of the Syslog packet. This type of message can be viewed on the Syslog server or any packet analyzer application. Note that this is the Default Syslog Format.
id=firewall123 sn=0017C5991784 time="2013-03-20 11:56:53" fw=10.0.203.108 pri=6 c=1024 m=97 n=1 src=1.2.3.4:5432:X0 dst=4.3.2.1:2345:X1 proto=tcp/2345 op=1 sent=9876 rcvd=6789 result=403 dstname=http: arg=//www.gui.log.eng.sonicwall.com code=20 Category="Online Banking"
id=firewall123 sn=0017C5991784 time="2013-03-20 11:57:04" fw=10.0.203.108 pri=6 c=262144 m=98 msg="Connection Opened" n=1437 usr="admin" src=192.168.168.1:61505:X0 dst=192.168.168.168:443:X0 proto=tcp/https sent=52
id=firewall123 sn=0017C5991784 time="2013-03-20 11:57:06" fw=10.0.203.108 pri=6 c=1024 m=537 msg="Connection Closed" n=3683 usr="admin" src=192.168.168.1:61505:X0 dst=192.168.168.168:443:X0 proto=tcp/https sent=1519 rcvd=951 spkt=7 rpkt=8 cdur=2133
id=firewall123 sn=0017C5991784 time="2013-03-20 11:56:53" fw=10.0.203.108 pri=1 c=32 m=609 msg="IPS Prevention Alert: P2P BitTorrent -- Peer Sync" sid=1994 ipscat=P2P ipspri=3 P2P BitTorrent -- Peer Sync, SID: 1994, Priority: Low n=1 src=1.2.3.4:5432:X0 dst=4.3.2.1:2345:X1
id=firewall123 sn=0017C5991784 time="2013-01-29 23:38:24" bid=1 fw=10.8.70.22 pri=1 c=16 m=793 msg="App Rules Alert" af_polid=1 af_policy="test" af_type="SMTP Client Request" af_service="SMTP (Send E-Mail)" af_action="No Action" n=0 src=10.10.10.245:50613:X0 dst=10.8.41.228:25:X1"
id=firewall123 sn=0017C5991784 mgmtip=10.0.203.108 time="2013-03-20 20:14:30 UTC" fw=10.0.203.108 m=96 n=25 i=60 lic=0 unsynched=893 pt=80.443 usestandbysa=0 dyn=n.n ai=1 fwlan=192.168.168.168 conns=0
| 77
Examples of ArcSight Syslog
The following examples show the content of the Syslog packet. This type of message can be viewed on the Syslog server or any packet analyzer application.
MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|97|Syslog Website Accessed|4|cat=1024 gcat=2 src=1.2.3.4 spt=5432 deviceInboundInterface=X0 cs1Label=1.2.4.5 snpt=1 dst=4.3.2.1 dpt=2345 deviceOutboundInterface=X1 cs2Label=5.4.3.2 dnpt=2 proto=tcp/2345 out=9876 in=6789 requestMethod=1 outcome=403 request=http://www.gui.log.eng.sonicwall.com reason=20 Category-"Online Banking"
MAR 20 2013 19:07:49 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|98|Syslog Connection Logged|4|cat=262144 gcat=2 src=192.168.168.1 spt=61693 deviceInboundInterface=X0 dst=192.168.168.168 dpt=443 deviceOutboundInterface=X0 susr="admin" proto=tcp/https out=52 cnt=1570
MAR 20 2013 19:07:52 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|537|Syslog Close|4|cat=1024 gcat=2 smac=00:00:c5:b3:6b:e5 src=192.168.168.1 spt=61693 deviceInboundInterface=X0 cs3Label=Trusted dst=192.168.168.168 dpt=443 deviceOutboundInterface=X0 cs4Label=Trusted susr="admin" proto=tcp/https out=1519 in=967 cn2Label=7 cn1Label=8 cn3Label=2333 cnt=3815
MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|609|IDP Prevention Alert|9|cat=32 gcat=3 src=1.2.3.4 spt=5432 deviceInboundInterface=X0 cs1Label=1.2.4.5 snpt=1 dst=4.3.2.1 dpt=2345 deviceOutboundInterface=X1 cs2Label=5.4.3.2 dnpt=2 msg="IPS Prevention Alert: P2P BitTorrent -- Peer Sync, SID: 1994, Priority: Low" cnt=3
MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|793|Application Firewall Alert|9|cat=16 gcat=10 src=1.2.3.4 spt=5432 deviceInboundInterface=X0 dst=4.3.2.1 dpt=2345 deviceOutboundInterface=X1 msg="Application Firewall Alert: Policy: foobar, Action Type: Block SMTP E-Mail - Send Error Reply, Mail From: an unknown string of unknown length" cnt=3
78 |
Table of ValuesThis section can be used as a reference for understanding different categories and their descriptions.
Legacy Categories
The following table describes the Legacy categories shared in the SonicOS 5.8.1, 6.0.1, and 6.1 releases.
Table 1 Legacy Category
ID (used in Syslog) Name Description
0 Event is not Legacy Category, not backward compatible.
1 System Maintenance Logs general system activity, such as system activations.
2 System Errors Logs problems with DNS or Email.
4 Blocked Web Sites Logs Web sites or news groups blocked by the Content Filter List or by customized filtering.
8 Blocked Java Etc Logs Java, ActiveX, and Cookies blocked by the Dell SonicWALL security appliance.
16 User Activity Logs successful and unsuccessful log in attempts.
32 Attacks Logs messages showing Denial of Service attacks, such as SYN Flood, Ping of Death, and IP Spoofing.
64 Dropped TCP Logs blocked incoming TCP connections.
128 Dropped UDP Logs blocked incoming UDP packets.
256 Dropped ICMP Logs blocked incoming ICMP packets.
512 Network Debug Logs NetBIOS broadcasts, ARP resolution problems, and NAT resolution problems. Also, detailed messages for VPN connections are displayed to assist the network administrator with troubleshooting problems with active VPN tunnels. Network Debug information is intended for experienced network administrators.
1024 Syslog Only — For Traffic Reporting
Used for Syslog only to report HTTP connections opened and closed, and bytes transferred.
| 79
Expanded Categories
The following table displays expanded category information, also known as the SonicOS Category, for all firmware releases and platforms.
Table 2 Expanded Categories
2048 Dropped LAN TCP Used for Syslog only to report that the TCP packet is dropped due to LAN management policy.
4096 Dropped LAN UDP Used for Syslog only to report that the UDP packet is dropped due to LAN management policy.
8192 Dropped LAN ICMP Used for Syslog only to report that the ICMP packet is dropped due to LAN management policy.
32768 Modem Debug Logs Modem Debug activity.
65536 VPN Tunnel Status Logs status information on VPN tunnels.
131072 802.11 Management Logs WLAN IEEE 802.11 connections.
262144 Syslog Only — For Traffic Reporting
Used for Syslog only to report that the Network Traffic is logged when connection is opened.
524288 System Environment Logs system environment activity.
2097152 Expanded — WLAN IDS Activity
Used for Syslog only to log WLAN IDS activity.
1048576 Expanded — VOIP Activity Used for Syslog only to log VoIP H.323/RAS, H.323/H.225, and H.323/H.245 activity.
4194304 Expanded — SonicPoint Activity
Used for Syslog only to log SonicPoint activity.
ID (used in Syslog) Name Description
Category Description
802.11 Management Logs 802.11 management activity
Advanced Routing Logs Advanced Routing activity
Advanced Switching Logs Advanced Switching activity
Anti-Spam Service Logs the Anti-Spam service
App Flow Server Logs App Flow Server activity
App Rules Logs App Rules activity
Application Control Logs Application Control activity
Attacks Logs messages showing Denial of Service attacks, such as SYN Flood, Ping of Death, and IP Spoofing.
Authenticated Access Logs Authenticated Access activity
WAN Acceleration Logs the WAN Acceleration activity
80 |
Blocked Java Etc Logs Java, ActiveX, and Cookies blocked
Blocked WebSites Logs Websites blocked
BOOTP Logs Bootstrap Protocol (BOOTP) activity
Botnet Blocking Logs the Botnet Blocking activity
SSO Agent Authentication Logs the SSO Agent Authentication activity
Crypto Test Logs Crypto Test activity
DDNS Logs Dynamic Domain Name System (DDNS) activity
Denied LAN IP Logs LAN IP denied activity
DHCP Client Logs DHCP Client activity
DHCP Relay Logs DHCP Relay activity
DHCP Server Logs DHCP Server activity
DPI-SSL Logs the Deep Packet Inspection of Secure Socket Layer (DPI-SSL) activity
Dropped ICMP Logs blocked incoming Internet Control Message Protocol (ICMP) packet activity
Dropped TCP Logs blocked incoming Transmission Control Protocol (TCP) connection activity
Dropped UDP Logs blocked incoming User Datagram Protocol (UDP) packet activity
DSL Logs DSL activity
Dynamic Address Objects Logs Dynamic Address Object activity
E1-T1 Logs E1-T1 activity
Firewall Event Logs Firewall Event alerts and activity
Firewall Hardware Logs Firewall Hardware alerts and activity
Firewall Logging Logs other Firewall-related activity
Firewall Rule Logs Firewall Rule alerts and activity
FTP Logs File Transfer Protocol (FTP) activity
Geolocation Logs the Geolocation service activity
GMS Logs Dell SonicWALL Global Management System (GMS) activity
High Availability Logs High Availability activity
Intrusion Prevention Logs Intrusion Prevention activity
IPComp Logs IP Compression (IPComp) activity
IPNet Logs IPNet activity
IPv6 Tunnel Logs IPv6 activity
L2TP Client Logs Layer 2 Tunnel Protocol (L2TP) client activity
L2TP Server Logs Layer 2 Tunnel Protocol (L2TP) server activity
MAC-IP Anti-Spoof Logs the MAC-IP Spoofing activity
Modem Logs the Modem activity
| 81
Modem Debug Logs the Modem Debug activity
MSAD Logs Microsoft Active Directory (MSAD) activity
Multicast Logs Multicast activity
Network Logs Network activity
Network Debug Logs NetBios broadcasts, ARP resolution problems, and NAT resolution problems.
Network Access Logs successful and unsuccessful Network Access activity
Network Monitor Logs Network Monitor activity
Network Traffic Logs Network Traffic activity
PPP Logs Point-to-Point Protocol (PPP) activity
PPP Dial-Up Logs Point-to-Point Protocol (PPP) Dial-Up activity
PPPoE Logs Point-to-Point Protocol over Ethernet (PPPoE) activity
PPTP Logs Point-to-Point Tunneling Protocol (PPTP) activity
Remote Authentication Logs Remote Authentication activity
RBL Logs Realtime Black List (RBL) activity
RF Monitoring Logs RF Monitoring activity
RIP Logs Routing Information Protocol (RIP) activity
Security Services Logs Security Services activity
SNMP Logs the Simple Network Management Protocol (SNMP) activity
SonicPoint Logs the SonicPoint activity
SonicPointN Logs the SonicPointN activity
SSLVPN Logs Secure Socket Layer Virtual Private Network (SSLVPN) activity
System Environment Logs System Environment activity
System Errors Logs System Errors activity
System Maintenance Logs System Maintenance activity
User Activity Logs successful and unsuccessful log in attempts
VOIP Logs Voice over IP (VOIP) activity
VPN Logs Virtual Private Network (VPN) activity
VPN Tunnel Status Logs VPN Tunnel Status activity
VPN Client Logs VPN Client activity
VPN IKE Logs VPN IKE activity
VPN IPSec Logs VPN IP Security activity
WAN Availability Logs WAN Availability activity
82 |
Priority Level
The following table displays the Priority Number and Name for Syslog Tags. The value here is taken from the “Priority Level” column of the Index of Log Event Messages on page 2, or the “pri” tag in Index of Syslog Tag Field Descriptions on page 68. For example, a tag with “pri=0” means Emergency Priority.
Table 3 Priority Leve
Wireless Logs Wireless activity
WLAN IDS Logs Wireless LAN Intrusion Detection System (IDS) activity
Priority Number Priority Name
0 Emergency
1 Alert
2 Critical
3 Error
4 Warning
5 Notice
6 Info
7 Debug
| 83