Using the SonicOS Log Event Reference Guide

(1)

Using the SonicOS Log Event

Reference Guide

This reference guide lists and describes SonicOS log event messages. Reference a log event mes-sage by using the alphabetical index of log event mesmes-sages.

This document contains the following sections:

• “SonicOS Log Event Messages Overview” on page 1 • “Configuring SonicOS ‘Log’ > ‘View’” on page 3

• “Referencing the SonicOS ‘Log’ > ‘View ’ Field Display” on page 5 • “Index of Log Event Messages” on page 6

• “Index of Syslog Tag Field Description” on page 53

SonicOS Log Event Messages Overview

During the operation of a SonicWALL security appliance, SonicOS software sends log event mes-sages to the ‘Log’ > ‘View’ page in the SonicWALL management interface.

In Figure 1, the ‘Log’ > ‘View’ page is displayed. Figure 1 SonicOS Enhanced ‘Log’ > ‘View’ page

Event logging automatically begins when the SonicWALL security appliance is powered on and con-figured. SonicOS supports a traffic log containing entries with multiple fields.

Log event messages provide operational informational and debugging information to help you diag-nose problems with communication lines, internal hardware, or your firmware configuration.

Note: For the SonicOS CLI console display, use the show log command to display log events. Refer to the SonicOS CLI Reference Guide located on the SonicWALL Web site:

(2)

Note: Not all log event messages indicate operational issues with your SonicWALL security appliance.

SonicOS Log Entries

Each log entry contains the date and time of the event and a brief message describing the event. The SonicWALL manages log events in the following manner:

• TCP, UDP, or ICMP packets dropped

When IP packets are dropped by the SonicWALL security appliance, dropped TCP, UDP and ICMP messages are displayed. The messages include the source and destination IP addresses of the packet. The TCP or UDP port number or the ICMP code follows the IP address. Log event messages usually include the name of the service in quotation marks.

• Web, FTP, Gopher, or Newsgroup blocked

When a computer attempts to connect to the blocked site or newsgroup, a log event is displayed. Blocked is defined as a Web site, connection, or event that is denied access from the SonicWALL security appliance. The computer’s IP address, Ethernet address, the name of the blocked Web site, and the Content Filter List Code is displayed. Code definitions for the 12 Content Filter List categories are shown below.

• ActiveX, Java, Cookie or Code Archive blocked

When ActiveX, Java or Web cookies are blocked, messages with the source and destination IP addresses of the connection attempt is displayed.

• Ping of Death, IP Spoof, and SYN Flood Attacks

The IP address of the machine under attack and the source of the attack is displayed. In most attacks, the source address shown is fake and does not reflect the real source of the attack.

SonicOS ‘Log View Settings’

The ‘Log View Settings’ section of the ‘Log’ > ‘View’ page provides you the filtering controls to filter log event messages based on your configured log filter logic. It also contains the following log manage-ment buttons:

• Refresh—Renews the ‘Log View’ table with current log event messages. • Clear Log—Empties the entries in the ‘Log View’ table.

• E-mail Log—E-mails log event messages to your configured SMTP server or list of e-mail addresses.

• Export Log—Exports the log into a plain .txt or .csv file format.

1. Violence 7. Cult

2. Intimate Apparel/Swim-suit

8. Drugs/Illegal Drugs

3. Nudism 9. Criminal Skills/Illegal Skills 4. Adult/Mature Content/

Pornography

10. Sex Education

5. Weapons 11. Gambling

(3)

SonicOS ‘Log View’ Display Format

The ‘Log’ > ‘View’ page displays log event messages in following format for alert notification: • Time—Displays the hour and minute the event occurred.

• Priority—Displays the level urgency for the event. • Category—Displays the event type.

• Message—Displays a description of the event.

• Source—Displays the source IP address of incoming IP packet.

• Destination—Displays the destination IP address of incoming IP packet.

• Note—Displays displays additional information specific to a particular event occurrence.

• Rule—Displays the source and destination zones for the access rule. This field provides a link to the access rule defined in the ‘Firewall’ > ‘Access Rules’ page.

The display fields for a log event message provides you with data to verify your configurations, trou-ble-shoot your security appliance, and track IP traffic.

Configuring SonicOS ‘Log’ > ‘View’

The ‘Log’ > ‘View” page in the Web-based SonicWALL management interface allows you to export log reports, e-mail log reports, and monitor real-time Syslog data. As soon as you power on your Son-icWALL security appliance, SonicOS software sends Syslog data to your log. In the SonSon-icWALL man-agement interface, you can navigate through the subcategories of the ‘Log’ setting for reporting and customizing log reports.

In Figure 2, the ‘Log’ > ‘View’ page is displayed.

Setting the Log Filter Logic

By default, the SonicOS filter logic is set to “Priority && Category && Source && Destination.” The double ampersand symbols (&&) indicate the boolean expression “and.” The default SonicOS filter logic displays all log events.

(4)

Applying Custom Log Event Message Filters

This section provides examples on using the ‘Log View Settings’ to filter log event messages dis-played in the ‘Log View’ page.

Configuration Example: Filtering Log Event Messages by Priority Value

To set the log filter logic to display only log event messages with a priority level of Emergency: 1. Select Emergency from the filter-Priority Value pull-down menu.

2. Click on the Apply Filters button.

Configuration Example: Filtering Log Event Messages by Category Value

To set the log filter logic to display only log event messages with a category event type of Attacks: 1. Select Attacks from the filter-Category Value pull-down menu.

Configuration Example: Filtering Log Event Messages by Source Value

To set the log filter logic to display only log event messages associated to a source IP address: 1. Enter the source IP address or select an interface from the filter-Source Value pull-down menu. 2. Click on the Apply Filters button.

Configuration Example: Filtering Log Event Messages by Destination Value

To set the log filter logic to display only log event messages associated to a destination IP address: 1. Enter the destination IP address or select an interface from the filter-Source Value pull-down

menu.

Using Group Filters

Use Group filters to change the default SonicOS filter logic (Priority && Category && Source && Des-tination) from double ampersand symbols (&&) to double pipe symbols (||) to indicate the boolean expression “or.” When using group filters, select two or more Group Filters checkboxes.

Note: If you select only one Group Filter checkbox, the filter logic will remain the same. Selecting only the Priority-Group Filter checkbox provides you with the following filter logic:

(Priority) && Category && Source && Destination

Configuration Example: Using the ‘Priority’ Group Filter and ‘Category Group’ Filter

To set the log filter logic to display log event messages with a priority level of Emergency or a category event type of Attack:

1. Select the ‘Priority’ group filter checkbox. 2. Select the ‘Category’ group filter checkbox.

(5)

(Priority || Category) && Source && Destination Figure 3 SonicOS Log Group Filters

A filter logic using the boolean expression “||” is less restrictive than the default filter logic using the boolean expression “&&”. With the boolean expression “||”, log event messages are displayed if they match either filter values. With the boolean expression “&&”, log event messages are displayed if they match both filter values.

Exporting the Logs to a File

This section provides instructions to export your log to a file. To export the log to a file:

1. Click on the Export Log button. You will be prompted to select a export file format type as illustrated in Figure 4.

Figure 4 SonicOS Export Log

2. Select a file format:

Plain text format used in log and alert e-mail—Saves the log file as plain text, which can be used for alert e-mails.

Comma-Separated Value (CSV) format—Saves the log file for importing into Microsoft Excel or other presentation development application.

3. Click on the Export button.

4. Save the exported log file to a location on your personal computer’s hard drive.

Note: You can export a log to a file with applied filter settings.

Referencing the SonicOS ‘Log’ > ‘View ’

Field Display

(6)

Figure 5 SonicOS ‘Log’ > ‘View’ Field Display

Referencing the SonicWALL Firmware ‘Log’ > ‘View Log’ Field Display

SonicWALL Firmware 6.6.0.0 release and greater provide the SonicWALL Firmware ‘Log’ > ‘View Log’ field display.

Index of Log Event Messages

This section contains a list of log event messages for all SonicWALL Firmware and SonicOS Software Releases, ordered alphabetically. Use your web browser’s Find function to search for a command. Log Event Message Symbols Key

TCP IP Layered-Data Packet Processing and SonicOS Log Event Handling

In specific cases of multi-layer packet processing, a TCP connection initially logged as "open," will be rejected by a deeper layer of packet processing. In these cases, the connection request has not been forwarded by the SonicWALL security appliance, and the initial Connection Open SonicOS log event message should be ignored in favor of the TCP Connection Dropped log event message.

Each log event message described in the following table provides the following log event details: • SonicOS Category—Displays the SonicOS Software category event type.

• Legacy Category—Displays the SonicWALL Firmware Software category event type. • Priority Level—Displays the level of urgency of the log event message.

• Log Message ID Number—Displays the ID number of the log event message. • SNMP Trap Type—Displays the SNMP Trap ID number of the log event message.

Log Event Message Symbol Description Context

%s Ethernet Port Down Represents a character string. [WAN | LAN | DMZ] Ethernet Port

Down The cache is full; %u open

connections; some will be dropped

Represents a numerical string. The cache is full; [40,000] open connections; some will be dropped

Log Event Messages SonicOS Category Legacy Category Priority Level Log Messa ge ID Numb er SNMP TrapT ype

Log Event Type

"As per Diagnostic Auto-restart configuration request, restarting system"

Firewall Event --- Info 1047 --- Simple

#Web site hit Network Traffic Connection Traffic

(7)

%s Auto-dial failed: Current Connection Model is configured as Ethernet Only

PPP Dial Up System Error Alert 1028 --- Simple Message String

%s Ethernet Port Down Firewall Event System Error Error 333 641 Simple Message String

%s Ethernet Port Up Firewall Event System Error Warning 332 640 Simple Message String

Dumped to email at None --- Debug 1 --- Unused

*** Alert from SonicWALL ***

None --- Debug 3 --- Unused

SonicWALL Registration Update Needed: Restore your existing security service subscriptions by clicking here.

Security Services

Maintenance Warning 496 --- Simple

802.11b Management Wireless 80211bmgmt Info 518 --- Simple Destination A prior version of

preferences was loaded because the most recent preferences file was inaccessible

Firewall Event System Error Warning 572 648 Simple

A SonicOS Standard to Enhanced Upgrade was performed

Firewall Event Maintenance Info 611 --- Simple

Access attempt from host out of compliance with GSC policy

Security Services

Maintenance Info 761 --- Standard

Access attempt from host without Anti-Virus agent installed

Security Services

Maintenance Info 123 --- Standard

Access attempt from host without GSC installed

Security Services

Maintenance Info 763 8627 Standard Access rule added Firewall Rule User Activity Info 440 --- Simple Rule Access rule deleted Firewall Rule User Activity Info 442 --- Simple Rule

String Access rule modified Firewall Rule User Activity Info 441 --- Simple Rule Access rules restored to

defaults

Firewall Rule User Activity Info 443 --- Unused Access to proxy server

denied

Network Access

Blocked Sites Notice 60 705 Standard Note Blocked Active Backup detects

Active Primary: Backup going Idle

High Availability

Maintenance Info 154 --- Unused

ActiveX access denied Network Access

Blocked Code Notice 18 --- Standard Note Blocked ActiveX or Java archive

access denied

Network Access

Blocked Code Notice 20 --- Standard Note Blocked AD Connector %s

response timed-out; applying caching policy

Microsoft Active Directory

--- Error 769 --- Standard

(8)

Added host entry to dynamic address object

Dynamic Address Objects

Maintenance Info 911 --- Standard Destination Adding dynamic entry for

bound MAC address

Network --- Info 813 --- Standard Note

Ethernet Network Adding L2TP IP pool

address object Failed.

L2TP Server System Error Error 603 661 Simple Adding to multicast policy

list , interface : %s

Multicast --- Debug 697 --- Standard

Message String Adding to Multicast policy

list , VPN SPI : %s

Message String Administrator logged out Authentication

Access

User Activity Info 261 --- Standard Note String

Administrator logged out - inactivity timer expired

Authentication Access

User Activity Info 262 --- Standard Administrator login

allowed

User Activity Info 29 --- Standard String Service

Administrator login denied due to bad credentials

Attack Alert 30 560 Standard String Service

Administrator login denied from %s; logins disabled from this interface

Attack Alert 35 506 Standard Message String

Administrator name changed

Maintenance Info 328 --- Standard Agent returned no user

name

CIA User Activity Warning 1008 --- Standard String Service

All DDNS associations have been deleted

DDNS Maintenance Info 783 --- Simple All preference values

have been set to factory default values

Firewall Event System Error Warning 574 650 Simple

Allowed LDAP server certificate with wrong host name

RADIUS User Activity Warning 752 --- Standard Note String

Anti-Spyware detection alert: %s

Intrusion Detection

Attack Alert 795 6438 Standard As Message String Anti-Spyware prevention

alert: %s

Intrusion Detection

Attack Alert 794 6437 Standard As Message String Anti-Spyware service

expired

Security Services

Maintenance Warning 796 8631 Simple Anti-Virus agent

out-of-date on host

Security Services

Maintenance Info 124 --- Standard Anti-Virus licenses

exceeded

Security Services

Maintenance Info 408 --- Standard Application Filter

detection Alert: %s

Intrusion Detection

Attack Alert 650 --- Standard Message String Application filters block

alert: %s

Intrusion Detection

Attack Alert 649 --- Standard Message String Application firewall alert:

%s

Network Access

(9)

ARP request packet received

Ethernet Network ARP request packet sent Network --- Info 715 --- Standard Note

Ethernet Network ARP response packet

received

Ethernet Network ARP response packet

sent

Ethernet Network

ARP timeout Network Debug Debug 45 --- Standard

ARP unused/spare Network --- Debug 816 --- Unused

ARS unused/spare Unused --- Debug 843 --- Unused

Association Flood from WLAN station

WLAN IDS WLAN IDs Alert 548 903 Simple Destination Authentication timeout during Remotely Triggered Dial-out session Authentication Access

User Activity Info 821 --- Simple

AV unused/spare Unused --- Debug 126 --- Unused

Back orifice attack dropped

Intrusion Detection

Attack Alert 73 512 Standard Backup active High

Availability

System Error Info 825 --- Simple Backup firewall being

preempted by Primary

High Availability

System Error Error 152 619 Simple Backup firewall has

transitioned to Active

High Availability

Maintenance Info 145 --- Simple Backup firewall has

transitioned to Idle

High Availability

Maintenance Info 147 --- Simple Backup firewall rebooting

itself as it transitioned from Active to Idle while Preempt

High Availability

--- Info 1059 --- Simple

Backup going active in preempt mode after reboot

High Availability

System Error Error 170 622 Simple

Backup missed

heartbeats from Primary High Availability

System Error Error 149 616 Simple Backup received error

signal from Primary

High Availability

System Error Error 151 618 Simple Backup received

heartbeat from wrong source

High Availability

Maintenance Info 161 --- Unused

Backup received reboot signal from Primary

High Availability

System Error Error 672 666 Simple Backup shut down

because license is expired

High Availability

System Error Error 824 --- Simple

Backup WAN link down, Primary going Active

High Availability

System Error Error 219 633 Unused Backup will be shut down

in %s minutes

High Availability

(10)

Bad CRL format VPN PKI User Activity Alert 277 --- Simple Destination Bind to LDAP server

failed

RADIUS System Error Error 1009 --- Simple Note String

Blocked Quick Mode for Client using Default Key ID

VPN Client System Error Error 505 660 Standard

BOOTP Client IP address on LAN conflicts with remote device IP, deleting IP address from remote table

BOOTP Maintenance Info 619 --- Standard Destination

BOOTP reply relayed to local device

BOOTP Maintenance Info 620 --- Standard Destination BOOTP Request

received from remote device

BOOTP Debug Debug 621 --- Standard

Destination BOOTP server response

relayed to remote device

BOOTP Debug Debug 618 --- Standard

Destination Broadcast packet

dropped

Network Access

Debug Debug 46 --- Standard Note Protocol Cannot connect to the

CRL server

VPN PKI User Activity Alert 274 --- Simple Destination Cannot Validate Issuer

Path

VPN PKI User Activity Alert 878 --- Simple Destination

Category: None --- Debug 485 --- Unused

Certificate on Revoked list(CRL)

VPN PKI User Activity Alert 279 --- Simple Destination CFL auto-download

disabled, time problem detected

Security Services

Maintenance Info 268 --- Simple

Chat %s PPP Dial Up User Activity Info 1022 --- Standard Message String Chat completed PPP Dial Up User Activity Info 1020 --- Standard

Message String Chat failed: %s PPP Dial Up User Activity Info 1023 --- Standard

Message String Chat started PPP Dial Up User Activity Info 1019 --- Standard

Message String Chat started by '%s' PPP Dial Up User Activity Info 1032 --- Standard

Message String Chat wrote '%s' PPP Dial Up User Activity Info 1021 --- Standard

Message String CLI administrator logged

out

User Activity Info 520 --- Simple CLI administrator login

allowed

CLI administrator login denied due to bad credentials

User Activity Warning 200 --- Standard Note String

Code: None --- Debug 54 --- Unused

Computed hash does not match hash received from peer; preshared key mismatch

(11)

Configuration mode administration session ended

User Activity Info 995 --- Standard Note String Configuration mode administration session started Authentication Access

Connection closed Network Traffic Connection Traffic

Info 537 --- Standard Traffic Report

Connection opened Network Traffic Connection Info 98 --- Standard Note Protocol Connection timed out VPN PKI User Activity Alert 273 --- Simple

Destination Content filter subscription

expired.

Security Services

System Error Error 197 631 Unused Cookie removed Network

Access

Blocked Code Notice 21 --- Standard String Service

CRL has expired VPN PKI User Activity Alert 874 --- Simple Destination CRL loaded from VPN PKI User Activity Info 270 --- Simple

Destination CRL missing - Issuer

requires CRL checking.

VPN PKI User Activity Alert 876 --- Simple Destination CRL validation failure for

Root Certificate

VPN PKI User Activity Alert 877 --- Simple Destination Crypto DES test failed Crypto Test Maintenance Error 360 --- Simple Crypto DH test failed Crypto Test Maintenance Error 361 --- Simple Crypto hardware 3DES

test failed

Crypto Test Maintenance Error 367 --- Simple Crypto hardware 3DES

with SHA test failed

Crypto Test Maintenance Error 369 --- Simple Crypto hardware AES

test failed

Crypto Test Maintenance Error 610 --- Standard Crypto hardware DES

test failed

Crypto Test Maintenance Error 366 --- Simple Crypto hardware DES

with SHA test failed

Crypto Test Maintenance Error 368 --- Simple Crypto Hmac-MD5 fest

failed

Crypto Test Maintenance Error 362 --- Simple Crypto Hmac-Sha1 test

failed

Crypto Test Maintenance Error 363 --- Simple Crypto MD5 test failed Crypto Test Maintenance Error 370 --- Simple Crypto RSA test failed Crypto Test Maintenance Error 364 --- Simple Crypto SHA1 based

DRNG KAT test failed

Crypto Test --- Error 1060 --- Simple Crypto Sha1 test failed Crypto Test Maintenance Error 365 --- Simple DDNS association %s

disabled

DDNS Maintenance Info 781 --- Simple Message String

DDNS association %s enabled

DDNS association %s added

DDNS association %s deactivated

DDNS association %s deleted

(12)

DDNS Association %s put on line

DDNS association %s taken Offline locally

DDNS failure: provider %s

DDNS System Error Error 774 --- Simple Message String

DDNS failure: Provider %s

DDNS update success for domain %s

DDNS Maintenance Info 776 --- Standard Message String DDNS warning: Provider

%s

DDNS System Error Warning 777 --- Simple Message String

Deleting from Multicast policy list, interface: %s

Message String Deleting from multicast

policy list, VPN SPI: %s

Message String Deleting IPsec SA VPN IKE User Activity Info 92 --- Standard Note

SPI Deleting IPsec SA for

destination

VPN IKE User Activity Info 91 --- Unused Destination IP address

connection status: %s

Firewall Event --- Info 735 --- Standard Message String

Destination: None --- Debug 57 --- Unused

DHCP client enabled but not ready

DHCP Client Maintenance Info 504 --- Simple DHCP Client did not get

DHCP ACK.

DHCP Client Maintenance Info 109 --- Standard DHCP Client failed to

verify and lease has expired. Go to INIT state.

DHCP Client Maintenance Info 119 --- Standard

DHCP Client failed to verify and lease is still valid. Go to BOUND state.

DHCP Client Maintenance Info 120 --- Unused

DHCP Client got a new IP address lease.

DHCP Client Maintenance Info 121 --- Standard Destination DHCP Client got ACK

from server.

DHCP Client Maintenance Info 111 --- Standard Destination DHCP Client got NACK. DHCP Client Maintenance Info 110 --- Standard DHCP Client is declining

address offered by the server.

DHCP Client Maintenance Info 112 --- Standard Destination DHCP Client sending

REQUEST and going to REBIND state.

DHCP Client Maintenance Info 113 --- Standard Destination DHCP Client sending

REQUEST and going to RENEW state.

DHCP Client Maintenance Info 114 --- Standard Destination DHCP DECLINE

received from remote device

(13)

DHCP DISCOVER received from local device

DHCP Relay Debug Info 479 --- Unused

DHCP DISCOVER received from remote device

DHCP Relay Debug Info 474 --- Standard Destination DHCP lease dropped.

Lease from Central Gateway conflicts with Relay IP

DHCP Relay Maintenance Warning 228 --- Standard Destination

DHCP lease dropped. Lease from Central Gateway conflicts with Remote Management IP

DHCP Relay Maintenance Warning 484 --- Standard Destination

DHCP lease file in the flash is corrupted; read failed

Firewall Event System Error Warning 833 --- Simple

DHCP lease relayed to local device

DHCP Relay Maintenance Info 223 --- Standard Destination DHCP lease relayed to

remote device

DHCP Relay Debug Info 225 --- Standard Destination DHCP lease to LAN

device conflicts with remote device, deleting remote IP entry

DHCP Relay Maintenance Info 226 --- Standard Destination

DHCP leases written to flash

Firewall Event Maintenance Info 835 --- Simple DHCP NACK received

from server

DHCP Relay Debug Info 477 --- Standard Destination DHCP OFFER received

from server

DHCP Relay Debug Info 476 --- Standard Destination DHCP Ranges altered

automatically due to change in network settings for interface %s

Firewall Event --- Info 832 --- Simple Message String

DHCP RELEASE received from remote device

DHCP Relay Debug Info 224 --- Standard Destination DHCP RELEASE relayed

to Central Gateway

DHCP Relay Maintenance Info 222 --- Standard Destination DHCP REQUEST

received from local device

DHCP Relay Debug Info 480 --- Unused

DHCP REQUEST received from remote device

DHCP Relay Debug Info 473 --- Standard Destination DHCP Server not

available. Did not get any DHCP OFFER.

DHCP Client Maintenance Info 106 --- Standard

DHCP Server: IP conflict detected

Firewall Event --- Alert 1040 --- Standard Destination DHCP Server: Received

DHCP decline from client

Firewall Event --- Alert 1041 --- Standard Destination Diagnostic Auto-restart

canceled

(14)

Diagnostic Auto-restart scheduled for %s minutes from now

Firewall Event --- Info 1045 --- Simple Message String

Diagnostic Code A Firewall Hardware

System Error Error 93 611 Simple Note String Diagnostic Code B Firewall

Hardware

System Error Error 94 612 Simple Note String Diagnostic Code C Firewall

Hardware

System Error Error 95 613 Simple Note String Diagnostic Code D Firewall

Hardware

System Error Error 64 61--- Standard Note Code

Diagnostic Code E VPN IPsec System Error Error 61 609 Standard Note Code

Diagnostic Code F Firewall Hardware

System Error Error 164 621 Simple Note String Diagnostic Code G Firewall

Hardware

System Error Error 599 655 Simple Note String Diagnostic Code H Firewall

Hardware

System Error Error 600 656 Simple Note String Diagnostic Code I Firewall

Hardware

System Error Error 601 657 Simple Note String Diagnostic Code J Firewall

Hardware

System Error Error 1025 5423 Simple Note String Dial-up: Session initiated

by data packet

PPP Dial Up --- Info 1039 --- Standard Service Dial-up: Traffic generated

by '%s'

PPP Dial Up --- Info 1038 --- Standard Message String Disconnecting L2TP

Tunnel due to traffic timeout

L2TP Client Maintenance Info 215 --- Simple

Disconnecting PPPoE due to traffic timeout

PPPoE Maintenance Info 168 --- Simple Disconnecting PPTP

Tunnel due to traffic timeout

PPTP Maintenance Info 389 --- Simple

Discovered HA %s Firewall

High Availability

--- Info 1044 --- Simple Message String

Discovered HA Backup Firewall

High Availability

Maintenance Info 156 --- Simple DNS packet allowed Network

Access

Debug Info 602 --- Standard Policy Drop WLAN traffic from

non-SonicPoint devices

Intrusion Detection

Attack Error 662 6434 Standard Duplicate packet dropped Network

Access

Debug Debug 51 --- Unused

Dynamic IPsec client connected

VPN IPsec User Activity Info 62 --- Standard Destination EIGRP packet dropped Network

Access

Debug Notice 714 --- Standard Note String

E-Mail fragment dropped Intrusion Detection

Attack Error 437 550 Standard Entering FIPS ERROR

state

Crypto Test Maintenance Error 359 --- Unused Entering FIPS Error

State.

(15)

Error initializing Hardware acceleration for VPN

Firewall Hardware

Maintenance Error 374 --- Simple Error Rebooting HA Peer

Firewall

High Availability

System Error Error 669 663 Simple Error setting the IP

address of the backup, please manually set to backup LAN IP

High Availability

System Error Error 191 629 Simple

Error synchronizing HA peer firewall (%s)

High Availability

System Error Error 158 662 Simple Message String

Error updating HA peer configuration

High Availability

System Error Error 192 630 Unused ERROR: DHCP over

VPN policy is not defined. Cannot start IKE.

DHCP Relay Maintenance Info 478 --- Unused

Exceeded Max multicast address limit

Multicast --- Warning 703 --- Standard Failed payload validation VPN IKE User Activity Warning 405 --- Standard Note

String Failed payload

verification after decryption; possible preshared key mismatch

VPN IKE User Activity Warning 404 --- Standard Note String

Failed to find certificate VPN PKI User Activity Alert 875 --- Simple Destination Failed to get CRL from VPN PKI User Activity Alert 271 --- Simple

Destination Failed to Process CRL

from

VPN PKI User Activity Alert 276 --- Simple Destination Failed to resolve name Network Maintenance Info 84 --- Simple

Destination Failed to synchronize

license information with Licensing Server. Please see HTTP:// help.mySonicWALL.com/ licsyncfail.html (code: %s) Security Services

Maintenance Warning 766 8628 Simple Message String

Failed to synchronize Relay IP Table

DHCP Relay System Error Warning 234 632 Standard Failed to write DHCP

leases to flash

Firewall Event System Error Warning 834 --- Simple Failure to add data

channel

Unused Debug Debug 49 --- Standard

Failure to reach Interface %s probe

High Availability

Fan Failure Firewall Hardware

System Environment

Alert 576 102 Simple FIN Flood Blacklist on IF

%s continues

Intrusion Detection

Debug Warning 902 --- Simple Message String

FIN-Flooding machine %s blacklisted

Intrusion Detection

Debug Alert 901 --- Simple Message String

Forbidden E-Mail attachment deleted

Intrusion Detection

(16)

Forbidden E-Mail attachment disabled

Intrusion Detection

Attack Alert 165 527 Standard Destination Found Rogue Access

Point

WLAN IDS WLAN IDs Alert 546 901 Simple Destination Found Rogue Access

Point

WLAN IDS WLAN IDs Alert 556 10804 Simple Destination Fragmented packet

dropped

Network TCP | UDP | ICMP

Notice 28 --- Standard Note Protocol Fraudulent Microsoft

certificate found; access denied

Intrusion Detection

Attack Error 193 532 Standard

FTP: Data connection from non default port dropped

Network Access

Attack Alert 538 557 Standard

FTP: PASV response bounce attack dropped.

Intrusion Detection

Attack Alert 528 556 Standard Note String

FTP: PASV response spoof attack dropped

Intrusion Detection

Attack Error 446 551 Standard FTP: PORT bounce

attack dropped.

Intrusion Detection

Attack Alert 527 555 Standard Note String

Gateway Anti-Virus Alert: %s

Security Services

Attack Alert 809 8632 Standard Message String Gateway Anti-Virus

Service expired

Security Services

Maintenance Warning 810 8633 Simple Global VPN Client

connection is not allowed. Appliance is not

registered.

VPN Client System Error Info 529 643 Standard

Global VPN Client License Exceeded: Connection denied.

VPN Client System Error Info 494 658 Standard

Global VPN Client version cannot enforce personal firewall. Minimum Version required is 2.1

VPN Client User Activity Info 604 --- Standard Destination

Got DHCP OFFER. Selecting.

DHCP Client Maintenance Info 107 --- Standard Destination GSC policy out-of-date

on host

Security Services

Maintenance Info 762 --- Standard Guest account '%s'

created

User Activity Info 558 --- Standard Message String Guest account '%s'

deleted

disabled

pruned

re-enabled

re-generated

(17)

Guest login denied. Guest '%s' is already logged in. Please try again later.

User Activity Info 557 --- Standard Message String

GUI administration session ended

H.323/H.225 Connect VOIP VOIP Debug 634 --- Standard Note String

H.323/H.225 Setup VOIP VOIP Debug 633 --- Standard Note String

H.323/H.245 Address VOIP VOIP Debug 635 --- Standard Note String

H.323/H.245 End Session

VOIP VOIP Debug 636 --- Standard Note

String H.323/RAS Admission

Confirm

Reject

Request

String H.323/RAS Bandwidth

Reject

String H.323/RAS Disengage

Confirm

String H.323/RAS Disengage

Reject

String H.323/RAS Gatekeeper

Reject

String H.323/RAS Location

Confirm

String H.323/RAS Location

Reject

String H.323/RAS Registration

Reject

String H.323/RAS Unknown

Message Response

String H.323/RAS

Unregistration Reject

String HA packet processing

error

High Availability

Maintenance Info 162 --- Simple HA Peer Firewall

Rebooted

High Availability

Maintenance Info 668 --- Simple HA Peer Firewall

Synchronized

High Availability

Maintenance Info 157 --- Simple Hardware Failover

settings were not upgraded.

Header verification failed VPN IKE User Activity Warning 587 --- Standard Heartbeat received from

incompatible source

High Availability

Maintenance Info 163 --- Unused HTTP management port

has changed

Firewall Event Maintenance Info 340 --- Simple Note String HTTP method detected;

examining stream for host header

Network Access

(18)

HTTPS management port has changed

Firewall Event Maintenance Info 341 --- Simple Note String ICMP checksum error Network

Access

UDP Notice 886 --- Standard

ICMP packet allowed Network Access

Debug Info 597 --- Standard Policy ICMP packet dropped

due to policy

Network Access

ICMP Notice 38 --- Standard Policy ICMP packet dropped no

match

Network Access

ICMP Notice 523 --- Standard ICMP Service

ICMP packet from LAN allowed

Network Access

Debug Info 598 --- Standard ICMP Service

ICMP packet from LAN dropped

Network Access

LAN ICMP | LAN TCP

Notice 175 --- Standard ICMP Service

If not already enabled, enabling NTP is recommended

Firewall Hardware

System Error Warning 540 645 Simple

IGMP packet dropped, wrong checksum received on interface %s

Multicast --- Notice 683 --- Standard Message String IGMP Leave group

message Received on interface %s

Multicast --- Info 682 --- Standard

Message String IGMP packet dropped,

decoding error

Multicast --- Notice 686 --- Standard IGMP Packet Not

handled. Packet type : %s

Multicast --- Notice 687 --- Standard Message String IGMP querier Router

detected on interface %s

Message String IGMP querier Router

detected on VPN tunnel , SPI %S

Message String IGMP state table entry

time out, deleting interface : %s for multicast address : %s

Message String

IGMP state table entry time out, deleting VPN SPI :%s for Multicast address : %s

Message String

IGMP V2 client joined multicast Group : %s

Message String IGMP V2 Membership

report received from interface %s

Message String IGMP V3 client joined

multicast Group : %s

Message String IGMP V3 Membership

report received from interface %s

Message String IGMP V3 packet

dropped, unsupported Record type : %s

(19)

IGMP V3 record type : %s not Handled

Message String IKE Initiator drop: VPN

tunnel end point does not match configured VPN Policy Bound to scope

VPN IKE User Activity Info 544 --- Standard

IKE Initiator: Accepting IPsec proposal (Phase 2)

VPN IKE User Activity Info 372 --- Standard Note String

IKE Initiator: Accepting peer lifetime. (Phase 1)

VPN IKE User Activity Info 445 --- Standard Destination IKE Initiator: Aggressive

Mode complete (Phase 1).

IKE Initiator: IKE proposal does not match (Phase 1)

IKE Initiator: Main Mode complete (Phase 1)

IKE Initiator: Proposed IKE ID mismatch

IKE Initiator: Remote party timeout - Retransmitting IKE request.

IKE Initiator: Start Aggressive Mode negotiation (Phase 1)

IKE Initiator: Start Main Mode negotiation (Phase 1)

IKE Initiator: Start Quick Mode (Phase 2).

VPN IKE User Activity Info 346 0 Standard Note String

IKE Initiator: Using secondary gateway to negotiate

VPN IKE User Activity Info 543 --- Standard Destination IKE negotiation aborted

due to timeout

IKE negotiation complete. Adding IPsec SA. (Phase 2)

IKE Responder drop: VPN tunnel end point does not match configured VPN Policy Bound to scope

VPN IKE User Activity Info 545 --- Standard

IKE Responder: %s policy does not allow static IP for Virtual Adapter.

VPN Client System Error Error 660 --- Standard Message String

IKE Responder: Accepting IPsec proposal (Phase 2)

IKE Responder: Aggressive Mode complete (Phase 1)

(20)

IKE Responder: AH authentication algorithm does not match

IKE Responder: AH authentication key length does not match

IKE Responder: AH authentication key rounds does not match

IKE Responder: AH Perfect Forward Secrecy mismatch

VPN IKE User Activity Warning 258 544 Standard Note String

IKE Responder: Algorithms and/or keys do not match

IKE Responder: Client Policy has no VPN Access Networks assigned. Check Configuration.

VPN IKE System Error Error 965 --- Standard Note String

IKE Responder: Default LAN gateway is not set but peer is proposing to use this SA as a default route

VPN IKE Attack Error 516 553 Standard Note String

IKE Responder: Default LAN gateway is set but peer is not proposing to use this SA as a default route

IKE Responder: ESP authentication algorithm does not match

IKE Responder: ESP authentication key length does not match

IKE Responder: ESP authentication key rounds does not match

IKE Responder: ESP encryption algorithm does not match

IKE Responder: ESP encryption key length does not match

IKE Responder: ESP encryption key rounds does not match

IKE Responder: ESP Perfect Forward Secrecy mismatch

IKE Responder: IKE Phase 1 exchange does not match

(21)

IKE Responder: IKE proposal does not match (Phase 1)

IKE Responder: IP Address already exists in the DHCP relay table. Client traffic not allowed.

VPN Client System Error Error 659 --- Standard Note String

IKE Responder: IP Compression algorithm does not match

IKE Responder: IPsec proposal does not match (Phase 2)

IKE Responder: IPsec protocol mismatch

IKE Responder: Main Mode complete (Phase 1)

IKE Responder: Mode %d - not transport mode. Xauth is required but not supported by peer.

VPN IKE Debug Warning 342 --- Standard

Message Number

IKE Responder: Mode %d - not tunnel mode

VPN IKE User Activity Warning 249 535 Standard

Message Number IKE Responder: No

match for proposed remote network address

IKE Responder: No matching Phase 1 ID found for proposed remote network

IKE Responder: Peer's destination network does not match VPN policy's Local Network

IKE Responder: Peer's local network does not match VPN policy's Destination Network

IKE Responder: Phase 1 Authentication Method does not match

IKE Responder: Phase 1 DH Group does not match

IKE Responder: Phase 1 encryption algorithm does not match

IKE Responder: Phase 1 encryption algorithm key length does not match

IKE Responder: Phase 1 hash algorithm does not match

(22)

IKE Responder: Phase 1 XAUTH required but policy has no user name

IKE Responder: Phase 1 XAUTH required but policy has no user password

IKE Responder: Proposed IKE ID mismatch

VPN IKE System Error Warning 658 --- Standard Note String

IKE Responder:

Proposed local network is 0.0.0.0 but SA has no LAN Default Gateway

IKE Responder:

Proposed remote network is 0.0.0.0 but not DHCP relay nor default route

IKE Responder: Received Aggressive Mode request (Phase 1)

IKE Responder: Received Main Mode request (Phase 1)

IKE Responder: Received Quick Mode Request (Phase 2)

IKE Responder: Remote party timeout -

Retransmitting IKE request.

IKE Responder: Route table overrides VPN policy

IKE Responder: Tunnel terminates inside firewall but proposed local network is not inside firewall

IKE Responder: Tunnel terminates on DMZ but proposed local network is on LAN

IKE Responder: Tunnel terminates on LAN but proposed local network is on DMZ

IKE Responder: Tunnel terminates outside firewall but proposed local network is not NAT public address

(23)

IKE Responder: Tunnel terminates outside firewall but proposed remote network is not NAT public address

IKE SA lifetime expired. VPN IKE User Activity Info 350 --- Standard Note String

IKEv2 Accept IKE SA Proposal

IKEv2 Accept IPsec SA Proposal

IKEv2 Authentication successful

IKEv2 Decrypt packet failed

IKEv2 Function sendto() failed to transmit packet.

VPN IKE User Activity Error 979 --- Standard Note String

IKEv2 IKE attribute not found

IKEv2 IKE proposal does not match

IKEv2 Initiator:

Negotiations failed. Extra payloads present.

IKEv2 Initiator: Negotiations failed. Invalid input state.

IKEv2 Initiator: Negotiations failed. Invalid output state.

IKEv2 Initiator: Negotiations failed. Missing required payloads.

IKEv2 Initiator: Proposed IKE ID mismatch

IKEv2 Initiator: Received CREATE CHILD SA response

IKEv2 Initiator: Received IKE AUTH response

IKEv2 Initiator: Received IKE SA INT response

IKEv2 Initiator: Remote party timeout -

Retransmitting IKEv2 request.

IKEv2 Initiator: Send CREATE CHILD SA request

IKEv2 Initiator: Send IKE AUTH request

IKEv2 Initiator: Send IKE SA INIT request

(24)

IKEv2 Invalid SPI size VPN IKE User Activity Warning 966 --- Standard Note String

IKEv2 Invalid state VPN IKE User Activity Warning 964 --- Standard Note String

IKEv2 IPsec attribute not found

IKEv2 IPsec proposal does not match

IKEv2 NAT device detected between negotiating peers

IKEv2 negotiation complete

IKEv2 No NAT device detected between negotiating peers

IKEv2 Out of memory VPN IKE User Activity Warning 961 --- Standard Note String

IKEv2 Payload processing error

IKEv2 Payload validation failed.

IKEv2 Peer is not responding. Negotiation aborted.

IKEv2 Process Message queue failed

IKEv2 Received delete IKE SA request

IKEv2 Received delete IKE SA response

IKEv2 Received delete IPsec SA request

IKEv2 Received delete IPsec SA response

IKEv2 Received notify error payload

IKEv2 Received notify status payload

IKEv2 Responder: Peer's destination network does not match VPN policy's Local Network

IKEv2 Responder: Peer's local network does not match VPN policy's Destination Network

IKEv2 Responder: Policy for remote IKE ID not found

VPN IKE User Activity Error 962 --- Standard Note String

IKEv2 Responder: Received CREATE CHILD SA request

(25)

IKEv2 Responder: Received IKE AUTH request

IKEv2 Responder: Received IKE SA INIT request

IKEv2 Responder: Send CREATE CHILD SA response

IKEv2 Responder: Send IKE AUTH response

IKEv2 Responder: Send IKE SA INIT response

IKEv2 Send delete IKE SA request

IKEv2 Send delete IKE SA response

IKEv2 Send delete IPsec SA request

IKEv2 Send delete IPsec SA response

IKEv2 Unable to find IKE SA

IKEv2 VPN Policy not found

Illegal IPsec SPI VPN IPsec User Activity Info 65 --- Standard Destination Imported HA hardware ID

did not match this firewall High Availability

Maintenance Info 155 --- Unused Imported VPN SA is

invalid - disabled

Firewall Event Maintenance Warning 348 --- Standard Note String

Inbound connection from RBL-listed SMTP server dropped

RBL --- Notice 798 --- Standard

Incoming call received for Remotely Triggered Dial-out session

Incompatible IPsec Security Association

VPN IPsec User Activity Info 69 --- Standard Destination Incorrect authentication

received for Remotely Triggered Dial-out

Ini Killer attack dropped Intrusion Detection

Attack Alert 80 519 Standard Interface %s Link Is

Down

Firewall Event System Error Error 566 647 Simple Message String

Interface %s Link Is Up Firewall Event System Error Warning 565 646 Simple Message String

Interface IP Assignment : Binding and initializing %s

Firewall Event Maintenance Info 568 --- Simple Message String

Interface IP Assignment changed: Shutting down %s

(26)

Interface statistics report GMS --- Info 805 --- Simple Interface Stats

Internet Access restricted to authorized users. Dropped packet received in the clear.

Wireless TCP | UDP | ICMP

Warning 532 --- Unused

Invalid Product Code Upgrade request received: %s

Firewall Event --- Error 704 --- Standard Message String Invalid VLAN packet

dropped

Network --- Alert 836 --- Standard Note

String IP address conflict

detected from Ethernet address %s

Network Maintenance Warning 847 --- Standard Message String IP Header checksum

error

Network Access

TCP|UDP Notice 883 --- Standard IP spoof detected on

packet to Central

Gateway, packet dropped

DHCP Relay Attack Error 229 533 Standard Note Ethernet Network IP spoof dropped Intrusion

Detection

Attack Alert 23 502 Standard Note Ethernet Network IP type %s packet dropped Network Access LAN UDP | LAN TCP Notice 590 --- Standard Message String IP Comp connection interrupt

IP Comp Debug Debug 651 --- Standard

IP Comp packet dropped IP Comp TCP | UDP | ICMP

Notice 652 --- Standard Note String

IP Comp packet dropped; waiting for pending IP Comp connection

IP Comp Debug Debug 653 --- Standard

IPS Detection Alert: %s Intrusion Detection

Attack Alert 608 569 Standard IDP Message String IPS Detection Alert: %s Intrusion

Detection

Attack Alert 789 6435 Standard Message String IPS Prevention Alert: %s Intrusion

Detection

Attack Alert 609 570 Standard IDP Message String IPS Prevention Alert: %s Intrusion

Detection

Attack Alert 790 6436 Standard Message String IPsec (AH) packet

dropped

VPN IPsec TCP | UDP | ICMP

IPsec (AH) packet dropped; waiting for pending IPsec connection

VPN IPsec Debug Debug 536 --- Standard

IPsec (ESP) packet dropped

VPN IPsec TCP | UDP | ICMP

IPsec (ESP) packet dropped; waiting for pending IPsec connection

VPN IPsec Debug Debug 535 --- Standard

IPsec Authentication Failed

VPN IPsec Attack Error 67 508 Standard Destination IPsec connection

interrupt

Network Access

Debug Debug 43 --- Standard

(27)

IPsec packet dropped Network Access

TCP | UDP | ICMP

Notice 40 --- Standard IPsec packet dropped;

waiting for pending IPsec connection

Network Access

Debug Debug 42 --- Standard

IPsec packet from an illegal host

VPN IPsec Maintenance Info 247 --- Standard Destination IPsec packet from or to

an illegal host

VPN IPsec Attack Error 70 510 Standard Destination IPsec Replay Detected VPN IPsec Attack Alert 180 531 Standard Note

String IPsec SA lifetime expired. VPN IPsec User Activity Info 349 --- Unused IPsec Tunnel status

changed

VPN VPN Tunnel

Status

Info 427 801 Simple ISDN Driver Firmware

successfully updated

Firewall Event Maintenance Info 493 --- Simple Issuer match failed VPN PKI User Activity Alert 278 --- Simple

Destination Java access denied Network

Access

Blocked Code Notice 19 --- Standard Note Blocked L2TP Connect Initiated

by the User

L2TP Client Maintenance Info 216 --- Unused L2TP Disconnect Initiated

by the User

L2TP Client Maintenance Info 214 --- Unused L2TP enabled but not

ready

Unused Maintenance Info 500 --- Simple L2TP LCP Down L2TP Client Maintenance Info 209 --- Unused L2TP LCP Up L2TP Client Maintenance Info 213 --- Unused L2TP Max

Retransmission Exceeded

L2TP Client Maintenance Info 203 --- Simple

L2TP PPP Authentication Failed

L2TP Client Maintenance Info 212 --- Simple L2TP PPP Down L2TP Client Maintenance Info 211 --- Simple L2TP PPP link down L2TP Client Maintenance Info 217 --- Simple L2TP PPP Negotiation

Started

L2TP Client Maintenance Info 208 --- Simple L2TP PPP Session Up L2TP Client Maintenance Info 210 --- Simple L2TP Server: Access

from L2TP VPN Client Privilege not enabled for RADIUS Users.

L2TP Server Maintenance Info 343 --- Unused

L2TP Server : Deleting the L2TP active Session

L2TP Server Maintenance Info 337 --- Standard Destination L2TP Server: Deleting

the Tunnel

L2TP Server Maintenance Info 336 --- Standard Destination L2TP Server: L2TP PPP

Session Established.

L2TP Server Maintenance Info 310 --- Unused L2TP Server: L2TP

Session Established.

L2TP Server Maintenance Info 309 --- Standard Destination L2TP Server: L2TP

Tunnel Established.

L2TP Server Maintenance Info 308 --- Standard Destination L2TP Server :

Retransmission Timeout,

(28)

L2TP Server: User Name authentication Failure locally.

L2TP Server Maintenance Info 344 --- Standard Destination L2TP Server: Keep alive

Failure. Closing Tunnel

L2TP Server Maintenance Info 320 --- Unused L2TP Server: L2TP

Remote terminated the PPP session

L2TP Server: L2TP Session Disconnect from the Remote.

L2TP Server: L2TP Tunnel Disconnect from the Remote.

L2TP Server: Local Authentication Failure

L2TP Server Maintenance Info 312 --- Standard Destination L2TP Server: Local

Authentication Success.

L2TP Server Maintenance Info 318 --- Standard Destination L2TP Server: No IP

address available in the Local IP Pool

L2TP Server: RADIUS/ LDAP Authentication Success

L2TP Server Maintenance Info 319 --- Standard Destination L2TP Server: RADIUS/

LDAP reports

Authentication Failure

L2TP Server Maintenance Info 311 --- Standard Destination L2TP Server: RADIUS/

LDAP server not assigned IP address

L2TP Server Maintenance Info 313 --- Standard Destination L2TP Server: Call

Disconnect from Remote.

L2TP Server Maintenance Info 334 --- Standard Destination L2TP Server: Tunnel

Disconnect from Remote.

L2TP Server Maintenance Info 335 --- Standard Destination L2TP Session Disconnect

from Remote

L2TP Client Maintenance Info 207 --- Simple L2TP Session

Established

L2TP Client Maintenance Info 206 --- Simple L2TP Session

Negotiation Started

L2TP Client Maintenance Info 202 --- Simple L2TP Tunnel Disconnect

from Remote

L2TP Client Maintenance Info 205 --- Simple L2TP Tunnel Established L2TP Client Maintenance Info 204 --- Simple L2TP Tunnel Negotiation

Started

L2TP Client Maintenance Info 201 --- Simple LAN Subnet

configurations were not upgraded.

Land attack dropped Intrusion Detection

Attack Alert 27 505 Standard LDAP server does not

allow CHAP

(29)

LDAP using non-administrative account - VPN client user will not be able to change passwords

RADIUS System Error Warning 1011 --- Simple Note String

License exceeded: Connection dropped because too many IP addresses are in use on your LAN

Firewall Event System Error Error 58 608 Standard

License of HA pair doesn't match: %s

High Availability

local range: None --- Debug 85 --- Unused

Local user login allowed Authentication Access

Local user login denied - user already logged in

Local user login denied due to bad credentials

Locked-out user logins allowed - lockout period expired

Locked-out user logins allowed by administrator

Log (part None --- Debug 0 --- Unused

Log Cleared Firewall Logging

Maintenance Info 5 --- Simple Log Debug Firewall Event Debug Error 142 --- Simple String Log file from SonicWALL None --- Debug 2 --- Unused Log full; deactivating

SonicWALL

Firewall Logging

System Error Error 7 601 Unused Log successfully sent via

email

Firewall Logging

Maintenance Info 6 --- Simple Login screen timed out Authentication

Access

MAC address collides with Static ARP Entry with Bound MAC address; packet dropped

Network --- Notice 814 --- Standard Note

Ethernet Network

Machine %s removed from FIN flood blacklist

Intrusion Detection

Machine %s removed from RST flood blacklist

Intrusion Detection

Machine %s removed from SYN flood blacklist

Intrusion Detection

Malformed or unhandled IP packet dropped

Network Access

Debug Alert 522 554 Standard Destination Maximum events per

second threshold exceeded

Firewall Logging

(30)

Maximum number of Bandwidth Managed rules exceeded upon upgrade to this version. Some Bandwidth settings ignored.

Firewall Event Maintenance Notice 541 --- Unused

Maximum sequential failed dial attempts (10) to a single dial-up number: %s

PPP Dial Up Attack Error 591 566 Standard Message String

Maximum syslog data per second threshold

exceeded

Firewall Logging

System Error Critical 655 --- Simple

MTU: None --- Debug 189 --- Unused

Multicast application %s not supported

Message String Multicast packet dropped,

Invalid src IP received on interface : %s

Multicast --- Alert 685 --- Standard

Message String Multicast packet dropped,

wrong MAC address received on interface : %s

Multicast --- Alert 684 --- Standard

Message String Multicast TCP packet

dropped

Multicast --- Notice 691 --- Standard Multicast UDP packet

dropped, no state entry

Multicast --- Notice 690 --- Standard Multicast UDP packet

dropped, RTCP stateful failed

Multicast --- Warning 695 --- Standard

Multicast UDP packet dropped, RTP stateful failed

Multicast --- Warning 694 --- Standard

NAT could not remap incoming packet

Unused System Error Error 44 606 Unused NAT device may not

support IPsec AH passthrough

VPN IPsec Maintenance Info 266 --- Simple

NAT Discovery : No NAT/ NAPT device detected between IPsec Security gateways

NAT Discovery : Local IPsec Security Gateway behind a NAT/NAPT Device

NAT Discovery : Peer IPsec Security Gateway behind a NAT/NAPT Device

NAT Discovery : Peer IPsec Security Gateway doesn't support VPN NAT Traversal

(31)

NAT translated packet exceeds size limit, packet dropped

Network Debug Debug 339 --- Standard

Net Spy attack dropped Intrusion Detection

Attack Alert 74 513 Standard NetBIOS settings were

not upgraded. Use Network>IP Helper to configure NetBIOS support

NetBus attack dropped Intrusion Detection

Attack Alert 72 511 Standard Network for interface %s

overlaps with another interface.

Firewall Event Maintenance Info 569 --- Simple Message String

Network Modem Mode Disabled: re-enabling NAT

PPP Dial Up Maintenance Info 531 --- Simple

Network Modem Mode Enabled: turning off NAT

PPP Dial Up Maintenance Info 530 --- Simple Network Monitor: Host

%s is offline

Firewall Event Connection Alert 706 --- Simple Message String

Network Monitor: Host %s is online

Firewall Event Connection Alert 707 --- Simple Message String

New firmware available. Firewall Event Maintenance Info 198 --- Unused New URL List loaded Security

Services

Maintenance Info 8 --- Simple Newsgroup access

allowed

Network Access

Blocked Sites Notice 17 704 Standard Note Blocked Newsgroup access

denied

Network Access

Blocked Sites Notice 15 702 Standard Note Blocked No Certificate for VPN PKI User Activity Alert 280 --- Simple

Destination No HOST tag found in

HTTP request

Network Access

Debug Debug 52 --- Unused

No ICMP redirect sent Unused Debug Debug 47 --- Unused No new URL List

available

Security Services

Maintenance Info 9 --- Simple No response from ISP

Disconnecting PPPoE.

PPPoE Maintenance Info 169 --- Simple No response from PPTP

server to call requests

PPTP Maintenance Info 431 --- Simple No response from PPTP

server to control connection requests

No response from server to Echo Requests, disconnecting PPTP Tunnel

No valid DNS server specified for RBL lookups

RBL --- Error 800 --- Simple

Non-config mode GUI administration session started