2.3. ALG

Home Prev	cOS Core 15.00.01 Log Reference Guide	Next

2.3.1. alg_session_open (ID: 00200001)

Default Severity: INFORMATIONAL
Log Message: ALG session opened
Explanation: A new ALG session has been opened.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.2. alg_session_closed (ID: 00200002)

Default Severity: INFORMATIONAL
Log Message: ALG session closed
Explanation: An ALG session has been closed.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID

2.3.3. max_line_length_exceeded (ID: 00200003)

Default Severity: ERROR
Log Message: Maximum line length <max> exceeded, got <len> characters. Closing connection
Explanation: The maximum length of an entered line was exceeded and the connection will be closed.
Firewall Action: close
Recommended Action: If the maximum line length is configued too low, increase it.
Revision: 1
Parameters: len
max
Context Parameters: ALG Module Name
ALG Session ID

2.3.4. alg_session_allocation_failure (ID: 00200009)

Default Severity: CRITICAL
Log Message: Failed to allocate ALG session
Explanation: The system failed to allocate an ALG session. The reason for this is either that the total number of concurrent ALG sessions has been reached or that the system has run out of memory.
Firewall Action: None
Recommended Action: Increase the number of ALG sessions on services configured with ALGs or try to free up some RAM depending on the situation.
Revision: 1

2.3.5. invalid_client_http_header_received (ID: 00200100)

Default Severity: WARNING
Log Message: HTTPALG: Invalid HTTP header was received from the client. Closing Connection. ALG name: <algname>.
Explanation: An invalid HTTP header was received from the client.
Firewall Action: close
Recommended Action: Research the source of this and try to find out why the client is sending an invalid header.
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.6. invalid_url_format (ID: 00200101)

Default Severity: ERROR
Log Message: HTTPALG: Failed to parse the URL requested by the client: <reason>. ALG name: <algname>.
Explanation: The unit failed parsing the requested URL. The reason for this is probably because the requested URL has an invalid format, or it contains invalid UTF8 formatted characters.
Firewall Action: close
Recommended Action: Make sure that the requested URL is formatted correctly.
Revision: 1
Parameters: reason
algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.7. allow_unknown_protocol (ID: 00200102)

Default Severity: NOTICE
Log Message: Allowing unknown protocol. ALG name: <algname>.
Explanation: Invalid protocol data received from the client. The connection will be allowed to pass through without inspection according to the configuration.
Firewall Action: allow
Recommended Action: If unknown protocols should be blocked, change the configuration.
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.8. allow_unknown_protocol (ID: 00200103)

Default Severity: NOTICE
Log Message: Allowing unknown protocol. ALG name: <algname>.
Explanation: Invalid protocol data received from the server. The connection will be allowed to pass through without inspection according to the configuration.
Firewall Action: allow
Recommended Action: If unknown protocols should be blocked, change the configuration.
Revision: 2
Parameters: algname
Context Parameters: Connection
ALG Module Name
ALG Session ID

2.3.9. wcf_srv_connection_error (ID: 00200104)

Default Severity: ERROR
Log Message: HTTPALG: HTTP request not validated by Web Content Filter and denied.
Explanation: The Web Content Filtering servers could not be contacted. The request has been denied since fail-mode parameter is in deny mode.
Firewall Action: deny
Recommended Action: Investigate why the Web Content Filtering servers cannot be reached.
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.10. unknown_client_data_received (ID: 00200105)

Default Severity: WARNING
Log Message: HTTPALG: Invalid client request - unexpected data received after the client request header. Closing connection. ALG name: <algname>.
Explanation: Data was received after the client request header, although the header specified that no such data should be sent.
Firewall Action: closing_connection
Recommended Action: Research the source of this and try to find out why the client is sending an invalid request.
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.11. suspicious_data_received (ID: 00200106)

Default Severity: WARNING
Log Message: HTTPALG: Too much suspicious data has been received from the server. Closing the connection. ALG name: <algname>.
Explanation: The unit is configured to do content blocking, but the data from the server contains too much suspicious data. The unit can not properly determin if this data is a valid or if it should be blocked.
Firewall Action: closing_connection
Recommended Action: Research the source of this and try to find out why the server is sending such large amounts of suspicious data.
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.12. invalid_chunked_encoding (ID: 00200107)

Default Severity: WARNING
Log Message: HTTPALG: The server sent invalid chunked encoding. Closing connection. ALG name: <algname>.
Explanation: The data received from the server was sent in chunked mode, but it was not properly formatted.
Firewall Action: closing_connection
Recommended Action: Research the source of this and try to find out why the server is sending invalid formatted chunked data.
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.13. invalid_server_http_header_received (ID: 00200108)

Default Severity: WARNING
Log Message: HTTPALG: An invalid HTTP header was received from the server. Closing connection. ALG name: <algname>.
Explanation: An invalid HTTP header was received from the server.
Firewall Action: closing_connection
Recommended Action: Research the source of this and try to find out why the server is sending an invalid header.
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.14. compressed_data_received (ID: 00200109)

Default Severity: ERROR
Log Message: HTTPALG: Compressed data was received from the server, although uncompressed was requested. Closing connection. ALG name: <algname>.
Explanation: The unit requested that no compressed data should be used, but the server ignored this and sent compressed data anyway. As content processing will not work if the data is compressed, the connection will be closed.
Firewall Action: close
Recommended Action: Research the source of this and try to find out why the server is sending compressed data.
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.15. max_http_sessions_reached (ID: 00200110)

Default Severity: WARNING
Log Message: HTTPALG: Maximum number of HTTP sessions (<max_sessions>) for service reached. Closing connection
Explanation: The maximum number of concurrent HTTP sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action: close
Recommended Action: If the maximum number of HTTP sessions is too low, increase it.
Revision: 1
Parameters: max_sessions
Context Parameters: ALG Module Name

2.3.16. failed_create_new_session (ID: 00200111)

Default Severity: CRITICAL
Log Message: HTTPALG: Failed to create new HTTPALG session (out of memory)
Explanation: An attempt to create a new HTTPALG session failed, because the unit is out of memory.
Firewall Action: close
Recommended Action: Decrease the maximum allowed HTTPALG sessions, or try to free some of the RAM used.
Revision: 2
Context Parameters: ALG Module Name

2.3.17. failure_connect_http_server (ID: 00200112)

Default Severity: ERROR
Log Message: HTTPALG: Failed to connect to the HTTP Server. Closing connection. ALG name: <algname>.
Explanation: The unit failed to connect to the HTTP Server, resulting in that the ALG session could not be successfully opened.
Firewall Action: close
Recommended Action: Verify that there is a listening HTTP Server on the specified address.
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.18. content_type_mismatch (ID: 00200113)

Default Severity: NOTICE
Log Message: HTTPALG: Content type mismatch in file <filename>. Identified filetype <filetype>
Explanation: The filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded.
Firewall Action: block_data
Recommended Action: None
Revision: 1
Parameters: filename
filetype
contenttype
Context Parameters: ALG Module Name
ALG Session ID

2.3.19. wcf_override_full (ID: 00200114)

Default Severity: ERROR
Log Message: HTTPALG: WCF override cache full
Explanation: The WCF override hash is full. The oldest least used value will be replaced.
Firewall Action: replace
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name

2.3.20. no_valid_license (ID: 00200115)

Default Severity: ERROR
Log Message: HTTPALG: Web Content Filtering disabled
Explanation: Web Content Filtering has been disabled due to license restriction.
Firewall Action: content_filtering_disabled
Recommended Action: Extend valid time for Content Filtering.
Revision: 3
Context Parameters: ALG Module Name

2.3.21. max_download_size_reached (ID: 00200116)

Default Severity: WARNING
Log Message: HTTPALG: The file <filename> with file size <filesize>kB exceeds the maximum allowed download size <max_download_size>kB. Closing connection
Explanation: The data received from the server exceeds the maximum allowed download file size, the request is rejected and the connection is closed.
Firewall Action: close
Recommended Action: If the configurable maximum download size is too low, increase it.
Revision: 2
Parameters: filename
filesize
max_download_size
Context Parameters: ALG Module Name
ALG Session ID

2.3.22. blocked_filetype (ID: 00200117)

Default Severity: NOTICE
Log Message: HTTPALG: Requested file:<filename> is blocked as this file is identified as type <filetype>, which is in block list.
Explanation: The file is present in the block list. It will be blocked as per configuration.
Firewall Action: block
Recommended Action: If this file should be allowed, update the ALLOW/BLOCK list.
Revision: 2
Parameters: filename
filetype
Context Parameters: ALG Module Name
ALG Session ID

2.3.23. out_of_memory (ID: 00200118)

Default Severity: CRITICAL
Log Message: HTTPALG: Failed to allocate memory
Explanation: The unit does not have enough available RAM. WCF could not allocate memory for override functionality.
Firewall Action: None
Recommended Action: Try to free up some RAM by changing configuration parameters.
Revision: 1
Context Parameters: ALG Module Name

2.3.24. wcf_servers_unreachable (ID: 00200119)

Default Severity: CRITICAL
Log Message: HTTPALG: Failed to connect to web content servers
Explanation: Web Content Filtering was unable to connect to the Web Content Filtering servers.
Firewall Action: None
Recommended Action: Verify that the unit has been configured with Internet access.
Revision: 2
Context Parameters: ALG Module Name

2.3.25. wcf_srv_connection_error (ID: 00200120)

Default Severity: ERROR
Log Message: HTTPALG: HTTP request not validated by Web Content Filter and allowed.
Explanation: The Web Content Filtering servers could not be contacted. The request has been allowed since fail-mode parameter is in allow mode.
Firewall Action: allow
Recommended Action: Investigate why the Web Content Filtering servers cannot be reached.
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.26. wcf_server_unreachable (ID: 00200121)

Default Severity: ERROR
Log Message: HTTPALG: Failed to connect to web content server <failedserver>
Explanation: Web Content Filtering was unable to connect to the Web Content Filtering server. The system will try to contact one of the backup servers.
Firewall Action: switching_server
Recommended Action: None
Revision: 1
Parameters: failedserver
Context Parameters: ALG Module Name

2.3.27. wcf_connecting (ID: 00200122)

Default Severity: INFORMATIONAL
Log Message: HTTPALG:Connecting to web content server <server>
Explanation: Connecting to Web Content Filtering server.
Firewall Action: connecting
Recommended Action: None
Revision: 1
Parameters: server
Context Parameters: ALG Module Name

2.3.28. wcf_server_connected (ID: 00200123)

Default Severity: INFORMATIONAL
Log Message: HTTPALG: Web content server <server> connected
Explanation: The connection with the Web Content server has been established.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: server
Context Parameters: ALG Module Name

2.3.29. wcf_primary_fallback (ID: 00200124)

Default Severity: INFORMATIONAL
Log Message: HTTPALG: Falling back from secondary servers to primary server
Explanation: Web Content Filtering falls back to primary server after 60 minutes or when a better server has been detected.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name

2.3.30. request_url (ID: 00200125)

Default Severity: NOTICE
Log Message: HTTPALG: Requesting URL <url>. Categories: <categories>. Audit: <audit>. Override: <override>. ALG name: <algname>.
Explanation: The URL has been requested.
Firewall Action: allow
Recommended Action: None
Revision: 2
Parameters: categories
audit
override
url
algname
Context Parameters: Connection
Connection
ALG Module Name
ALG Session ID

2.3.31. request_url (ID: 00200126)

Default Severity: NOTICE
Log Message: HTTPALG: Requesting URL <url>. Categories: <categories>. Audit: <audit>. Override: <override>. ALG name: <algname>.
Explanation: The URL has been requested.
Firewall Action: block
Recommended Action: None
Revision: 2
Parameters: categories
audit
override
url
algname
Context Parameters: Connection
Connection
ALG Module Name
ALG Session ID

2.3.32. wcf_server_auth_failed (ID: 00200127)

Default Severity: ERROR
Log Message: HTTPALG: Failed to authenticate with WCF server
Explanation: The WCF service could not authenticate with the WCF server.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: failedserver
Context Parameters: ALG Module Name

2.3.33. wcf_server_bad_reply (ID: 00200128)

Default Severity: ERROR
Log Message: HTTPALG: Failed to parse WCF server response
Explanation: The WCF service could not parse the server response. The WCF transmission queue is reset and a new server connection will be established.
Firewall Action: restarting
Recommended Action: None
Revision: 1
Parameters: failedserver
Context Parameters: ALG Module Name

2.3.34. request_url (ID: 00200129)

Default Severity: NOTICE
Log Message: HTTPALG: Requesting URL <url>. Categories: <categories>. Audit: <audit>. Override: <override>. ALG name: <algname>.
Explanation: The URL has been requested.
Firewall Action: allow_audit_mode
Recommended Action: None
Revision: 2
Parameters: categories
audit
override
url
algname
Context Parameters: Connection
Connection
ALG Module Name
ALG Session ID

2.3.35. out_of_memory (ID: 00200130)

Default Severity: CRITICAL
Log Message: HTTPALG: Failed to allocate memory
Explanation: The unit does not have enough available RAM.
Firewall Action: None
Recommended Action: Try to free up some RAM by changing configuration parameters.
Revision: 1
Context Parameters: ALG Module Name

2.3.36. wcf_bad_sync (ID: 00200131)

Default Severity: ERROR
Log Message: HTTPALG: WCF request out of sync
Explanation: The WCF response received from the server did not match the expected value. The requested URL is treaded as unknown category.
Firewall Action: compensating
Recommended Action: None
Revision: 1
Parameters: url_orig
url_req
url_reply
Context Parameters: ALG Module Name

2.3.37. restricted_site_notice (ID: 00200132)

Default Severity: WARNING
Log Message: HTTPALG: User requests the forbidden URL <url>, even though Restricted Site Notice was applied. ALG name: <algname>.
Explanation: The URL has been requested and the categories are forbidden. Restricted Site Notice was applied.
Firewall Action: allow
Recommended Action: Disable the RESTRICTED_SITE_NOTICE mode of parameter CATEGORIES for this ALG.
Revision: 3
Parameters: url
algname
Context Parameters: Connection
Connection
ALG Module Name
ALG Session ID

2.3.38. url_reclassification_request (ID: 00200133)

Default Severity: WARNING
Log Message: HTTPALG: Reclassification request for URL <url>. New Category <newcat>. ALG name: <algname>.
Explanation: The user has requested a category reclassification for the URL.
Firewall Action: allow
Recommended Action: Disable the ALLOW_RECLASSIFICATION mode of parameter CATEGORIES for this ALG.
Revision: 2
Parameters: newcat
url
algname
Context Parameters: Connection
Connection
ALG Module Name
ALG Session ID

2.3.39. wcf_server_disconnected (ID: 00200134)

Default Severity: INFORMATIONAL
Log Message: HTTPALG: Web content server <server> disconnected
Explanation: The Web Content server has closed the connection.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: server
Context Parameters: ALG Module Name

2.3.40. request_url (ID: 00200135)

Default Severity: NOTICE
Log Message: HTTPALG: Requesting URL <url>. Categories: <categories>. User: <user>. Audit: <audit>. Override: <override>. ALG name: <algname>.
Explanation: The URL has been requested.
Firewall Action: allow
Recommended Action: None
Revision: 2
Parameters: categories
audit
override
url
user
algname
Context Parameters: Connection
Connection
ALG Module Name
ALG Session ID

2.3.41. request_url (ID: 00200136)

Default Severity: NOTICE
Log Message: HTTPALG: Requesting URL <url>. Categories: <categories>. User: <user>. Audit: <audit>. Override: <override>. ALG name: <algname>.
Explanation: The URL has been requested.
Firewall Action: allow_audit_mode
Recommended Action: None
Revision: 3
Parameters: categories
audit
override
url
user
algname
Context Parameters: Connection
Connection
ALG Module Name
ALG Session ID

2.3.42. request_url (ID: 00200137)

Default Severity: NOTICE
Log Message: HTTPALG: Requesting URL <url>. Categories: <categories>. User: <user>. Audit: <audit>. Override: <override>. ALG name: <algname>.
Explanation: The URL has been requested.
Firewall Action: block
Recommended Action: None
Revision: 3
Parameters: categories
audit
override
url
user
algname
Context Parameters: Connection
Connection
ALG Module Name
ALG Session ID

2.3.43. restricted_site_notice (ID: 00200138)

Default Severity: WARNING
Log Message: HTTPALG: User requests the forbidden URL <url>, even though Restricted Site Notice was applied. User: <user>. ALG name: <algname>.
Explanation: The URL has been requested and the categories are forbidden. Restricted Site Notice was applied.
Firewall Action: allow
Recommended Action: Disable the RESTRICTED_SITE_NOTICE mode of parameter CATEGORIES for this ALG.
Revision: 4
Parameters: url
user
algname
Context Parameters: Connection
Connection
ALG Module Name
ALG Session ID

2.3.44. url_reclassification_request (ID: 00200139)

Default Severity: WARNING
Log Message: HTTPALG: Reclassification request for URL <url>. New Category <newcat>. User: <user>. ALG name: <algname>.
Explanation: The user has requested a category reclassification for the URL.
Firewall Action: allow
Recommended Action: Disable the ALLOW_RECLASSIFICATION mode of parameter CATEGORIES for this ALG.
Revision: 3
Parameters: newcat
url
user
algname
Context Parameters: Connection
Connection
ALG Module Name
ALG Session ID

2.3.45. wcf_mem_optimized (ID: 00200140)

Default Severity: DEBUG
Log Message: HTTPALG: Optimizing WCF memory usage
Explanation: The Web Content Filtering subsystem has optimized its memory usage and freed up some memory. This is a normal condition and does not affect functionality nor performance.
Firewall Action: optimizing
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name

2.3.46. out_of_memory (ID: 00200141)

Default Severity: CRITICAL
Log Message: HTTPALG: Failed to allocate memory
Explanation: The system failed to allocate memory and the HTTP session will be closed.
Firewall Action: close
Recommended Action: Decrease the maximum allowed HTTPALG sessions, or try to free some of the RAM used.
Revision: 1
Context Parameters: ALG Module Name

2.3.47. wcf_performance_notice (ID: 00200142)

Default Severity: INFORMATIONAL
Log Message: HTTPALG: WCF Performance notice
Explanation: Information about the current WCF performance.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: cache_size
cache_repl_per_sec
trans_per_sec
queue_len
in_transit
rtt
queue_delta_per_sec
server
srv_prec
Context Parameters: ALG Module Name

2.3.48. wcf_server_timeout (ID: 00200143)

Default Severity: ERROR
Log Message: HTTPALG: WCF request timeout
Explanation: The WCF server took too long time to reply. A new connection attempt is in progress.
Firewall Action: reconnecting
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name

2.3.49. invalid_http_syntax (ID: 00200144)

Default Severity: ERROR
Log Message: HTTPALG: Invalid HTTP syntax seen in <type>.
Explanation: The HTTPALG received malformed HTTP syntax and closed the connection.
Firewall Action: close
Recommended Action: Investigate why malformed HTTP syntax was received.
Revision: 1
Parameters: type
reason
algname
Context Parameters: Connection
ALG Module Name
ALG Session ID

2.3.50. intercept_page_failed (ID: 00200145)

Default Severity: DEBUG
Log Message: HTTPALG: Failed to send interception page to client
Explanation: The HTTPALG failed to send an interception page to the client.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: pagetype
send
algname
Context Parameters: Connection
ALG Module Name
ALG Session ID

2.3.51. disallowed_user_agent (ID: 00200146)

Default Severity: WARNING
Log Message: HTTPALG: Disallowed user-agent <ua>.
Explanation: The HTTPALG blocked access for a browser with a disallowed user-agent string.
Firewall Action: close
Recommended Action: If this user-agent string should be allowed, add it to the list of allowed user-agent strings in the ALG configuration.
Revision: 1
Parameters: ua
algname
Context Parameters: Connection
ALG Module Name
ALG Session ID

2.3.52. http_pipeline_full (ID: 00200147)

Default Severity: ERROR
Log Message: HTTPALG: Maximum number of pipelinined requests per session reached.
Explanation: The maximum number of unanswered pipelined HTTP requests has been reached. This can be a malicious attempt to drain the firewall of resources. The connection is closed.
Firewall Action: close
Recommended Action: Investigate which client and software that sends this many pipelinied requests and see if they can be reconfigured.
Revision: 2
Parameters: count
algname
Context Parameters: Connection
Connection
ALG Module Name
ALG Session ID

2.3.53. protocol_upgrade_denied (ID: 00200148)

Default Severity: WARNING
Log Message: HTTPALG: Protocol upgrade denied
Explanation: The HTTPALG blocked a socket upgrade e.g. websocket. The connection is no longer allowed.
Firewall Action: close
Recommended Action: Modify the configuration is socket upgrades should be allowed.
Revision: 1
Parameters: type
algname
Context Parameters: Connection
ALG Module Name
ALG Session ID

2.3.54. protocol_upgrade (ID: 00200149)

Default Severity: NOTICE
Log Message: HTTPALG: Protocol Upgrade
Explanation: The HTTPALG allowed a socket upgrade e.g. websocket. No more content inspection will be made on this connection.
Firewall Action: allow
Recommended Action: Modify the configuration if socket upgrades should not be allowed.
Revision: 1
Parameters: type
algname
Context Parameters: Connection
ALG Module Name
ALG Session ID

2.3.55. max_smtp_sessions_reached (ID: 00200150)

Default Severity: WARNING
Log Message: SMTPALG: Maximum number of SMTP sessions (<max_sessions>) for service reached. Closing connection
Explanation: The maximum number of concurrent SMTP sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action: close
Recommended Action: If the maximum number of SMTP sessions is too low, increase it.
Revision: 1
Parameters: max_sessions
Context Parameters: ALG Module Name

2.3.56. maximum_email_per_minute_reached (ID: 00200151)

Default Severity: WARNING
Log Message: SMTPALG: Maximum number of emails per client and minute reached.
Explanation: Client is trying to send emails at a rate higher than the configured value.
Firewall Action: session_rejected
Recommended Action: This can be a possible DoS attack.
Revision: 3
Parameters: sender_email_address
Context Parameters: ALG Module Name
ALG Session ID

2.3.57. failed_create_new_session (ID: 00200152)

Default Severity: CRITICAL
Log Message: SMTPALG: Failed to create new SMTPALG session (out of memory)
Explanation: An attempt to create a new SMTPALG session failed. The unit has run out of memory.
Firewall Action: close
Recommended Action: Decrease the maximum allowed SMTPALG sessions, or try to free some of the RAM used.
Revision: 2
Context Parameters: ALG Module Name

2.3.58. failed_connect_smtp_server (ID: 00200153)

Default Severity: ERROR
Log Message: SMTPALG: Failed to connect to the SMTP Server. Closing the connection.
Explanation: The SMTP ALG could not connect to the receiving SMTP server, resulting in that the ALG session could not be successfully opened.
Firewall Action: close
Recommended Action: None
Revision: 3
Context Parameters: ALG Module Name
ALG Session ID

2.3.59. invalid_server_response (ID: 00200155)

Default Severity: ERROR
Log Message: SMTPALG: Could not parse server response code
Explanation: The SMTP ALG failed to parse the SMTP response code from server.
Firewall Action: close
Recommended Action: If possible, verify response codes sent from server.
Revision: 3
Context Parameters: Connection
ALG Module Name
ALG Session ID

2.3.60. sender_email_id_mismatched (ID: 00200156)

Default Severity: WARNING
Log Message: SMTPALG: Mismatching sender address
Explanation: The SMTP "MAIL FROM:" command does not match the "From:" header. The e-mail will be tagged as spam.
Firewall Action: spam tag
Recommended Action: Disable the Verify E-Mail Sender ID setting if you experience that valid e-mails are being wrongly tagged.
Revision: 3
Parameters: sender_email_address
recipient_email_addresses
data_sender_address
Context Parameters: ALG Module Name
ALG Session ID

2.3.61. sender_email_id_mismatched (ID: 00200157)

Default Severity: WARNING
Log Message: SMTPALG: Mismatching sender address
Explanation: The SMTP "MAIL FROM:" command does not match the "From:" header. The transaction will be denied.
Firewall Action: reject
Recommended Action: Disable the Verify E-Mail Sender ID setting if you experience that valid e-mails are being wrongly blocked.
Revision: 3
Parameters: sender_email_address
recipient_email_addresses
data_sender_address
Context Parameters: ALG Module Name
ALG Session ID

2.3.62. sender_email_id_is_in_blacklist (ID: 00200158)

Default Severity: WARNING
Log Message: SMTPALG: Sender e-mail address is in Black List
Explanation: Since "MAIL FROM:" Email Id is in Black List, SMTP ALG rejected the Client request.
Firewall Action: reject
Recommended Action: None
Revision: 1
Parameters: sender_email_address
Context Parameters: ALG Module Name
ALG Session ID

2.3.63. recipient_email_id_in_blacklist (ID: 00200159)

Default Severity: WARNING
Log Message: SMTPALG: Recipient e-mail address is in Black List
Explanation: Since "RCPT TO:" e-mail address is in Black List, SMTP ALG rejected the client request.
Firewall Action: reject
Recommended Action: None
Revision: 1
Parameters: sender_email_address
recipient_email_addresses
Context Parameters: ALG Module Name
ALG Session ID

2.3.64. some_recipient_email_ids_are_in_blocklist (ID: 00200160)

Default Severity: WARNING
Log Message: SMTPALG: Some recipients email id are in Black List
Explanation: Since some "RCPT TO:" Email ids are in Black List, SMTP ALG has blocked mail to those recipients.
Firewall Action: reject
Recommended Action: Emails can be forwarded only to the Non-Black List users.
Revision: 1
Parameters: sender_email_address
recipient_email_addresses
Context Parameters: ALG Module Name
ALG Session ID

2.3.65. base64_decode_failed (ID: 00200164)

Default Severity: ERROR
Log Message: SMTPALG: Base 64 decode failed. Attachment blocked
Explanation: The base64 encoded attachment could not be decoded. This can occur if the email sender sends incorrectly formatted data. The attachment has been blocked.
Firewall Action: block_allow
Recommended Action: Research how the sender is encoding the data.
Revision: 2
Parameters: filename
filetype
sender_email_address
recipient_email_addresses
Context Parameters: ALG Module Name
ALG Session ID

2.3.66. base64_decode_failed (ID: 00200165)

Default Severity: ERROR
Log Message: SMTPALG: Base 64 decode failed. Attachment is allowed
Explanation: The data sent to Base64 decoding failed. This can occur if the email sender sends incorrectly formatted data. Fail-mode is set to allow so date will be forwared.
Firewall Action: allow_block
Recommended Action: Research how the sender is encoding the data.
Revision: 2
Parameters: filename
filetype
sender_email_address
recipient_email_addresses
Context Parameters: ALG Module Name
ALG Session ID

2.3.67. blocked_filetype (ID: 00200166)

Default Severity: NOTICE
Log Message: SMTPALG: Requested file:<filename> is blocked as this file is identified as type <filetype>, which is in block list.
Explanation: The file is present in the block list. It will be blocked as per configuration.
Firewall Action: block
Recommended Action: If this file should be allowed, update the ALLOW/BLOCK list.
Revision: 2
Parameters: filename
filetype
sender_email_address
recipient_email_addresses
Context Parameters: ALG Module Name
ALG Session ID

2.3.68. content_type_mismatch (ID: 00200167)

Default Severity: WARNING
Log Message: SMTPALG: Content type mismatch in file <filename>. Identified filetype <filetype>
Explanation: The filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded.
Firewall Action: block_data
Recommended Action: None
Revision: 4
Parameters: filename
filetype
sender_email_address
recipient_email_addresses
Context Parameters: ALG Module Name
ALG Session ID

2.3.69. max_email_size_reached (ID: 00200170)

Default Severity: WARNING
Log Message: SMTPALG: Maximum email size limit <max_email_size>kb reached
Explanation: Email body and all attachments size of email has crossed the limitation.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: sender_email_address
recipient_email_addresses
max_email_size
Context Parameters: ALG Module Name
ALG Session ID

2.3.70. content_type_mismatch_mimecheck_disabled (ID: 00200171)

Default Severity: NOTICE
Log Message: SMTPALG: Content type mismatch found for the file <filename>. It is identified as type <filetype> file
Explanation: Received type of data in the packet and its actual type do not match. As there is a mismatch and mime type check is disabled, the data will be allowed.
Firewall Action: allow
Recommended Action: Content type should be matched.
Revision: 3
Parameters: filename
filetype
sender_email_address
recipient_email_addresses
Context Parameters: ALG Module Name
ALG Session ID

2.3.71. all_recipient_email_ids_are_in_blocklist (ID: 00200172)

Default Severity: WARNING
Log Message: SMTPALG: All recipients e-mail addresses are in Black List
Explanation: Since "RCPT TO:" email ids are in Black List, SMTP ALG rejected the client request.
Firewall Action: reject
Recommended Action: None
Revision: 1
Parameters: sender_email_address
recipient_email_addresses
Context Parameters: ALG Module Name
ALG Session ID

2.3.72. out_of_memory (ID: 00200175)

Default Severity: ALERT
Log Message: SMTPALG: Failed to allocate memory (out of memory)
Explanation: An attempt to allocate memory failed.
Firewall Action: close
Recommended Action: Try to free up unwanted memory.
Revision: 3
Context Parameters: ALG Module Name
ALG Session ID

2.3.73. invalid_end_of_mail (ID: 00200176)

Default Severity: WARNING
Log Message: SMTPALG: Invalid end of mail "\\n.\\n" received.
Explanation: The client is sending invalid end of mail. Transaction will be terminated.
Firewall Action: block
Recommended Action: Research how the client is sending invalid end of mail.
Revision: 1
Parameters: sender_email_address
recipient_email_addresses
Context Parameters: ALG Module Name
ALG Session ID

2.3.74. dnsbl_init_error (ID: 00200177)

Default Severity: ERROR
Log Message: DNSbl internal error
Explanation: The email could not be checked for spam. Email will be processed without spam checks.
Firewall Action: None
Recommended Action: None
Revision: 2
Context Parameters: ALG Module Name
ALG Session ID

2.3.75. cmd_too_long (ID: 00200179)

Default Severity: ERROR
Log Message: SMTPALG: Command line too long
Explanation: The SMTP Command line exceeds the maximum command length of 712 characters. (RFC 2821 Ch. 4.5.3.1 says 512).
Firewall Action: reject
Recommended Action: None
Revision: 2
Context Parameters: ALG Module Name
ALG Session ID

2.3.76. failed_send_reply_code (ID: 00200181)

Default Severity: ERROR
Log Message: SMTPALG: Could not send error code to client
Explanation: The SMTP ALG failed to send an error response code to the client.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID

2.3.77. smtp_no_header (ID: 00200184)

Default Severity: WARNING
Log Message: SMTPALG: Email without SMTP headers received
Explanation: The SMTP ALG received an email without headers.
Firewall Action: allow
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID

2.3.78. unsupported_extension (ID: 00200185)

Default Severity: INFORMATIONAL
Log Message: SMTPALG: Removed capability <capa> from EHLO response
Explanation: The SMTP ALG removed the [capa] capability from the EHLO response since the ALG does not support the specified extension.
Firewall Action: capability_removed
Recommended Action: None
Revision: 1
Parameters: capa
Context Parameters: ALG Module Name
ALG Session ID

2.3.79. cmd_pipelined (ID: 00200186)

Default Severity: ERROR
Log Message: SMTPALG: Received pipelined request.
Explanation: The SMTP ALG does not support pipelined requests. The appearance of this log message indicates that the client used PIPELINING even though it was removed from capability list.
Firewall Action: reject
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID

2.3.80. smtp_state_violation (ID: 00200190)

Default Severity: WARNING
Log Message: SMTPALG: State violation: <violation>.
Explanation: The client sent an invalid sequence of commands. The protocol violation is explained by the [violation] parameter.
Firewall Action: reject
Recommended Action: None
Revision: 1
Parameters: violation
Context Parameters: Connection
ALG Module Name
ALG Session ID

2.3.81. sender_email_dnsbl_spam_mark_removed_by_whitelist (ID: 00200195)

Default Severity: WARNING
Log Message: SMTPALG: Whitelist override DNSBL result for Email.
Explanation: Email was marked as SPAM by DNSBL. As Email Id was matched in whitelist, this mark is removed.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: sender_email_address
Context Parameters: ALG Module Name
ALG Session ID

2.3.82. request_url_redirected (ID: 00200200)

Default Severity: NOTICE
Log Message: HTTPALG: Requesting URL <url> redirected to <redirect>. ALG name: <algname>.
Explanation: The request has been redirected.
Firewall Action: allow
Recommended Action: None
Revision: 1
Parameters: redirect
url
user
algname
Context Parameters: Connection
Connection
ALG Module Name
ALG Session ID

2.3.83. illegal_data_direction (ID: 00200202)

Default Severity: ERROR
Log Message: FTPALG: TCP data from <peer> not allowed in this direction. Closing connection
Explanation: TCP Data was sent in an invalid direction and the connection will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: peer
Context Parameters: ALG Module Name
ALG Session ID
Rule Information
Connection

2.3.84. hybrid_data (ID: 00200206)

Default Severity: INFORMATIONAL
Log Message: FTPALG: Hybrid connection made
Explanation: A hybrid connection was successfully created.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID
Rule Information
Connection

2.3.85. hybrid_data (ID: 00200209)

Default Severity: INFORMATIONAL
Log Message: FTPALG: Hybrid data channel closed
Explanation: A hybrid data channel was closed.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID
Rule Information
Connection

2.3.86. illegal_chars (ID: 00200210)

Default Severity: WARNING
Log Message: FTPALG: 8 bit characters in control channel from <peer> not allowed. Closing connection
Explanation: 8 bit characters were discovered in the control channel. This is not allowed according to the FTPALG configuration and the connection will be closed.
Firewall Action: close
Recommended Action: If 8 bit characters should be allowed, modify the FTPALG configuration.
Revision: 1
Parameters: peer
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.87. control_chars (ID: 00200211)

Default Severity: WARNING
Log Message: FTPALG: Unexpected telnet control chars in control channel from <peer>. Closing connection
Explanation: Unexpected telnet control characters were discovered in the control channel. This is not allowed according to the FTPALG configuration and the connection will be closed.
Firewall Action: close
Recommended Action: If unknown commands should be allowed, modify the FTPALG configuration.
Revision: 1
Parameters: peer
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.88. illegal_command (ID: 00200212)

Default Severity: WARNING
Log Message: FTPALG: Failed to parse command from <peer> as a FTP command. String=<string>. Closing connection
Explanation: An invalid command was received on the control channel. This is not allowed and the connection will be closed.
Firewall Action: close
Recommended Action: If unknown commands should be allowed, modify the FTPALG configuration.
Revision: 1
Parameters: peer
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.89. illegal_command (ID: 00200213)

Default Severity: WARNING
Log Message: FTPALG: Failed to parse command from <peer> as a FTP command. String=<string>. Rejecting command
Explanation: An invalid command was received on the control channel. This is allowed, but the command will be rejected as it is not understood.
Firewall Action: rejecting_command
Recommended Action: If unknown commands should not be allowed, modify the FTPALG configuration.
Revision: 1
Parameters: peer
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.90. port_command_disabled (ID: 00200214)

Default Severity: WARNING
Log Message: FTPALG: PORT command not allowed from <peer>. Rejecting command
Explanation: The client tried to issue a "PORT" command, which is not valid since the client is not allowed to do active FTP. The command will be rejected.
Firewall Action: rejecting_command
Recommended Action: If the client should be allowed to do active FTP, modify the FTPALG configuration.
Revision: 1
Parameters: peer
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.91. illegal_command (ID: 00200215)

Default Severity: WARNING
Log Message: FTPALG: Failed to parse PORT parameters from <peer>. String=<string>. Closing connection
Explanation: Invalid parameters to the "PORT" command were received. The connection will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: peer
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.92. illegal_ip_address (ID: 00200216)

Default Severity: CRITICAL
Log Message: FTPALG: Illegal PORT command from <peer>, bad IP address <ip4addr>. String=<string>. Rejecting command
Explanation: An illegal "PORT" command was received from the client. Connecting to an IP that is not the server IP is not allowed and the command will be rejected.
Firewall Action: rejecting_command
Recommended Action: The FTP client could be compromised and should not be trusted.
Revision: 2
Parameters: peer
ip4addr
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.93. illegal_port_number (ID: 00200217)

Default Severity: CRITICAL
Log Message: FTPALG: Illegal PORT command from <peer>, port <port> not allowed. String=<string>. Rejecting command
Explanation: An illegal "PORT" command was received from the client. It requests that the server should connect to a port which is out of range. This is not allowed and the command will be rejected.
Firewall Action: rejecting_command
Recommended Action: The FTP client could be compromised and should not be trusted.
Revision: 1
Parameters: peer
port
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.94. failed_to_create_connection1 (ID: 00200218)

Default Severity: ERROR
Log Message: FTPALG: Failed to create connection(1). Connection: <connection>. String=<string>
Explanation: An error occured when creating a data connection from the server to client. This could possibly be a result of lack of memory.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: peer
connection
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.95. illegal_command (ID: 00200219)

Default Severity: WARNING
Log Message: FTPALG: SITE EXEC from <peer> not allowed, rejecting command
Explanation: The client tried to issue a "SITE EXEC" command, which is not valid since the client is not allowed to do this. The command will be rejected.
Firewall Action: rejecting_command
Recommended Action: If the client should be allowed to do issue "SITE EXEC" commands, modify the FTPALG configuration.
Revision: 1
Parameters: peer
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.96. illegal_direction1 (ID: 00200220)

Default Severity: WARNING
Log Message: FTPALG: Illegal direction for command(1), peer=<peer>. Closing connection.
Explanation: A command was sent in an invalid direction and the connection will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: peer
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.97. illegal_direction2 (ID: 00200221)

Default Severity: WARNING
Log Message: FTPALG: Illegal direction for command(2), peer=<peer>. Closing connection.
Explanation: A command was sent in an invalid direction and the connection will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: peer
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.98. illegal_option (ID: 00200222)

Default Severity: WARNING
Log Message: FTPALG: Invalid OPTS argument from <peer>. String=<string>. Rejecting command.
Explanation: An invalid OPTS argument was received. The argument does not start with an alphabetic letter and the command will be rejected.
Firewall Action: rejecting_command
Recommended Action: None
Revision: 1
Parameters: peer
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.99. illegal_option (ID: 00200223)

Default Severity: WARNING
Log Message: FTPALG: Disallowed OPTS argument from <peer>. String:<string>. Rejecting command.
Explanation: A disallowed OPTS argument was received and the command will be rejected.
Firewall Action: rejecting_command
Recommended Action: None
Revision: 1
Parameters: peer
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.100. unknown_option (ID: 00200224)

Default Severity: WARNING
Log Message: FTPALG: Unknown OPTS argument from <peer>. String=<string>. Rejecting command.
Explanation: An unknown OPTS argument was received and the command will be rejected.
Firewall Action: rejecting_command
Recommended Action: If unknown commands should be allowed, modify the FTPALG configuration.
Revision: 1
Parameters: peer
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.101. illegal_command (ID: 00200225)

Default Severity: WARNING
Log Message: FTPALG: Illegal command from <peer>. String=<string>. Rejecting command.
Explanation: An illegal command was received and the command will be rejected.
Firewall Action: rejecting_command
Recommended Action: None
Revision: 1
Parameters: peer
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.102. unknown_command (ID: 00200226)

Default Severity: WARNING
Log Message: FTPALG: Unknown command from <peer>. String=<string>. Rejecting command.
Explanation: An unknown command was received and the command will be rejected.
Firewall Action: rejecting_command
Recommended Action: If unknown commands should be allowed, modify the FTPALG configuration.
Revision: 1
Parameters: peer
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.103. illegal_reply (ID: 00200228)

Default Severity: WARNING
Log Message: FTPALG: Illegal numerical reply (<reply>) from <peer>. String=<string>. Closing connection.
Explanation: An illegal numerical reply was received from server and the connection will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: peer
reply
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.104. illegal_reply (ID: 00200230)

Default Severity: WARNING
Log Message: FTPALG: Illegal multiline response (<reply>) from <peer>. String=<string>. Closing connection.
Explanation: An illegal multiline response was received from server and the connection will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: peer
reply
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.105. illegal_reply (ID: 00200231)

Default Severity: WARNING
Log Message: FTPALG: Unsolicted 227 (passive mode) response from <peer>. String=<string>. Closing connection.
Explanation: An illegal response was received from the server and the connection is closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: peer
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.106. illegal_reply (ID: 00200232)

Default Severity: WARNING
Log Message: FTPALG: Reply 229 (extended passive mode) from <peer> is not allowed. String=<string>. Closing connection.
Explanation: An illegal response was received from the server and the connection is closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: peer
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.107. bad_port (ID: 00200233)

Default Severity: CRITICAL
Log Message: FTPALG: Bad port <port> from <peer>, should be within the range (<range>). String=<string>. Closing connection.
Explanation: An illegal "PORT" command was received from the server. It requests that the client should connect to a port which is out of range. This is not allowed and the connection will be closed.
Firewall Action: close
Recommended Action: The FTP server could be compromised and should not be trusted.
Revision: 1
Parameters: peer
port
range
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.108. bad_ip (ID: 00200234)

Default Severity: CRITICAL
Log Message: FTPALG: Invalid IP <ip4addr>, Server IP is <ip4addr_server>. String=<string>. Closing connection.
Explanation: The FTP Server requests that the client should connect to another IP than its own. This is not allowed and the connection will be closed.
Firewall Action: close
Recommended Action: The FTP server could be compromised and should not be trusted.
Revision: 1
Parameters: peer
ip4addr
ip4addr_server
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.109. failed_to_create_connection2 (ID: 00200235)

Default Severity: ERROR
Log Message: FTPALG: Failed to create connection(2) Peer=<peer> Connection=<connection>. String=<string>.
Explanation: An error occured when creating a data connection from the client to server. This could possibly be a result of lack of memory.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: peer
connection
string
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.110. failed_to_create_server_data_connection (ID: 00200236)

Default Severity: ERROR
Log Message: FTPALG: Failed to create server data connection. Peer=<peer> Connection=<connection>
Explanation: An error occured when creating server data connection.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: peer
connection
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.111. failed_to_send_port (ID: 00200237)

Default Severity: WARNING
Log Message: FTPALG: Failed to send port. Peer=<peer>
Explanation: An error occured when trying to send the "PORT" command to the server.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: peer
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.112. failed_to_register_rawconn (ID: 00200238)

Default Severity: ERROR
Log Message: FTPALG: Internal Error - failed to register eventhandler. Closing connection
Explanation: An internal error occured when registering an eventhandler and the connection will be closed.
Firewall Action: close
Recommended Action: Contact the support.
Revision: 1
Context Parameters: ALG Module Name

2.3.113. failed_to_merge_conns (ID: 00200239)

Default Severity: ERROR
Log Message: FTPALG: Internal Error - failed to merge conns. Closing connection
Explanation: An internal error occured when two connections were being merged into one and the connection will be closed.
Firewall Action: close
Recommended Action: Contact the support.
Revision: 1
Context Parameters: ALG Module Name

2.3.114. max_ftp_sessions_reached (ID: 00200241)

Default Severity: WARNING
Log Message: FTPALG: Maximum number of FTP sessions (<max_sessions>) for service reached. Closing connection
Explanation: The maximum number of concurrent FTP sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action: close
Recommended Action: If the maximum number of FTP sessions is too low, increase it.
Revision: 1
Parameters: max_sessions
Context Parameters: ALG Module Name

2.3.115. failed_create_new_session (ID: 00200242)

Default Severity: ERROR
Log Message: FTPALG: Failed to create new FTPALG session (out of memory)
Explanation: An attempt to create a new FTPALG session failed, because the unit is out of memory.
Firewall Action: close
Recommended Action: Decrease the maximum allowed FTPALG sessions, or try to free some of the RAM used.
Revision: 1
Context Parameters: ALG Module Name

2.3.116. failure_connect_ftp_server (ID: 00200243)

Default Severity: ERROR
Log Message: FTPALG: Failed to connect to the FTP Server. Closing connection
Explanation: The unit failed to connect to the FTP Server, resulting in that the ALG session could not be successfully opened.
Firewall Action: close
Recommended Action: Verify that there is a listening FTP Server on the specified address.
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID

2.3.117. content_type_mismatch (ID: 00200250)

Default Severity: NOTICE
Log Message: FTPALG: Content type mismatch in file <filename>. Identified filetype <filetype>
Explanation: The filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded.
Firewall Action: data_blocked_control_and_data_channel_closed
Recommended Action: None
Revision: 1
Parameters: filename
filetype
Context Parameters: ALG Module Name
ALG Session ID

2.3.118. failed_to_send_command (ID: 00200251)

Default Severity: NOTICE
Log Message: FTPALG:Failed to send the command.
Explanation: The command sent by the ALG to the server could not be sent.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name

2.3.119. resumed_compressed_file_transfer (ID: 00200252)

Default Severity: WARNING
Log Message: FTPALG: The file <filename> (File type: <filetype> ) cannot be sent to antivirus scan engine.
Explanation: The data cannot be sent to AVSE for scanning since file transfer begins from within the middle of the file. The scanning process will fail for compressed files.
Firewall Action: data_blocked_control_and_data_channel_closed
Recommended Action: Change fail mode setting to allow, if resumed file transfers of compressed files should be allowed.
Revision: 2
Parameters: filename
filetype
Context Parameters: ALG Module Name
ALG Session ID

2.3.120. blocked_filetype (ID: 00200253)

Default Severity: NOTICE
Log Message: FTPALG: Requested file:<filename> is blocked as this file is identified as type <filetype>, which is in block list.
Explanation: The file is present in the block list. It will be blocked as per configuration.
Firewall Action: data_blocked_control_and_data_channel_closed
Recommended Action: If this file should be allowed, update the ALLOW/BLOCK list.
Revision: 2
Parameters: filename
filetype
Context Parameters: ALG Module Name
ALG Session ID

2.3.121. resumed_compressed_file_transfer (ID: 00200254)

Default Severity: WARNING
Log Message: FTPALG: The file <filename> (File type: <filetype> ) cannot be sent to antivirus scan engine.
Explanation: Decompression module cannot decompress a file that has been resumed. The file is allowed without any further scanning since Fail Mode is Allow.
Firewall Action: allow_data_without_scan
Recommended Action: Update Fail-Mode parameter if the file should be blocked.
Revision: 2
Parameters: filename
filetype
Context Parameters: ALG Module Name
ALG Session ID

2.3.122. failed_to_send_response_code (ID: 00200255)

Default Severity: NOTICE
Log Message: FTPALG:Failed to send the response code.
Explanation: The FTP ALG could not send the correct response code to the client.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name

2.3.123. request_url_redirected (ID: 00200260)

Default Severity: NOTICE
Log Message: HTTPALG: Requesting URL <url> redirected to <redirect>. ALG name: <algname>.
Explanation: The request has been redirected.
Firewall Action: allow
Recommended Action: None
Revision: 1
Parameters: redirect
url
algname
Context Parameters: Connection
Connection
ALG Module Name
ALG Session ID

2.3.124. redirect_page_failed (ID: 00200261)

Default Severity: DEBUG
Log Message: HTTPALG: Failed to send redirect page to client
Explanation: The HTTPALG failed to send a redirect page to the client.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: pagetype
location
send
algname
Context Parameters: Connection
ALG Module Name
ALG Session ID

2.3.125. illegal_command (ID: 00200267)

Default Severity: WARNING
Log Message: FTPALG: REST from <peer> not allowed, rejecting command
Explanation: The client tried to issue a "REST" command, which is not valid since the client is not allowed to do this. The command will be rejected.
Firewall Action: rejecting_command
Recommended Action: If the client should be allowed to do issue "REST" commands, modify the FTPALG configuration.
Revision: 1
Parameters: filename
peer
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.126. https_not_allowed (ID: 00200270)

Default Severity: ERROR
Log Message: HTTPS protocol is not allowed.
Explanation: Policy does not allow the HTTPS protocol.
Firewall Action: block
Recommended Action: Reconfigure the service to allow HTTPS if it should be allowed.
Revision: 2
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.127. http_not_allowed (ID: 00200271)

Default Severity: ERROR
Log Message: HTTP protocol is not allowed.
Explanation: Policy does not allow the HTTP protocol.
Firewall Action: block
Recommended Action: Reconfigure the service to allow HTTP if it should be allowed.
Revision: 2
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.128. clienthello_server_name (ID: 00200272)

Default Severity: INFORMATIONAL
Log Message: HTTPALG: HTTPS (c) Found server DNS name <hostname> in ClientHello datagram
Explanation: Found DNS server DNS name in ClientHello datagram.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: hostname
algname
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.129. invalid_clienthello (ID: 00200273)

Default Severity: ERROR
Log Message: HTTPALG: HTTPS Failed to parse ClientHello datagram (<cause>).
Explanation: Failed to parse ClientHello datagram.
Firewall Action: None
Recommended Action: None
Revision: 2
Parameters: cause
algname
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.130. invalid_clienthello (ID: 00200274)

Default Severity: ERROR
Log Message: HTTPALG: HTTPS Failed to parse ClientHello datagram.
Explanation: Failed to parse ClientHello datagram.
Firewall Action: None
Recommended Action: None
Revision: 2
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.131. invalid_clienthello_server_name (ID: 00200275)

Default Severity: ERROR
Log Message: HTTPALG: HTTPS Failed to parse SNI server name from ClientHello SNI extension (<cause>).
Explanation: Failed to parse SNI server name from ClientHello SNI extension.
Firewall Action: None
Recommended Action: None
Revision: 3
Parameters: cause
algname
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.132. invalid_clienthello_server_name (ID: 00200276)

Default Severity: ERROR
Log Message: HTTPALG: HTTPS Failed to parse SNI server name from ClientHello SNI extension.
Explanation: Failed to parse SNI server name from ClientHello SNI extension.
Firewall Action: None
Recommended Action: None
Revision: 3
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.133. certificate_server_name (ID: 00200277)

Default Severity: INFORMATIONAL
Log Message: HTTPALG: HTTPS (s) Found server DNS name <hostname> in Certificate datagram
Explanation: Found server DNS name in Certificate datagram.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: hostname
algname
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.134. invalid_certificate (ID: 00200278)

Default Severity: ERROR
Log Message: HTTPALG: HTTPS (s) Failed to parse Certificate datagram (<cause>).
Explanation: Failed to parse Certificate datagram.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: cause
algname
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.135. invalid_certificate (ID: 00200279)

Default Severity: ERROR
Log Message: HTTPALG: HTTPS (s) Failed to parse Certificate datagram.
Explanation: Failed to parse Certificate datagram.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.136. blacklisted_url_blocked (ID: 00200280)

Default Severity: NOTICE
Log Message: HTTPALG: HTTPS (c) Blacklisted URL <hostname> blocked
Explanation: Connection to blaclisted URL closed.
Firewall Action: close
Recommended Action: If the connection is to be allowed, update the URL filter to include the hostname as whilelisted.
Revision: 1
Parameters: hostname
algname
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.137. unknown_state (ID: 00200300)

Default Severity: WARNING
Log Message: H323ALG: H.225 parser is in unknown state
Explanation: The H.225 parser failed to parse the H.225 message. The ALG session will be closed.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: peer
state
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.138. invalid_message (ID: 00200301)

Default Severity: WARNING
Log Message: H323ALG: An invalid message was received from peer
Explanation: An invalid message was received from the peer. The ALG session will be closed.
Firewall Action: closing_session
Recommended Action: None
Revision: 2
Parameters: peer
message
state
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.139. decode_failed (ID: 00200302)

Default Severity: WARNING
Log Message: H323ALG: Decoding of message from peer failed. Closing session
Explanation: The H.225 parser failed to decode the H.225 message. The ALG session will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: peer
message_type
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.140. encode_failed (ID: 00200303)

Default Severity: WARNING
Log Message: H323ALG: Encoding of message from peer failed. Closing session
Explanation: The ASN.1 encoder failed to encode the message. The ALG session will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: peer
message_type
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.141. encode_failed (ID: 00200304)

Default Severity: WARNING
Log Message: H323ALG: Failed before encoding message from peer. Closing session
Explanation: The ASN.1 encoder failed to allocate memory used for encoding of the message. The ALG session will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: peer
message_type
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.142. encode_failed (ID: 00200305)

Default Severity: WARNING
Log Message: H323ALG: Failed after encoding message from peer. Closing session
Explanation: The ASN.1 encoder failed to encode the message properly. The ALG session will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: peer
message_type
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.143. decode_failed (ID: 00200306)

Default Severity: WARNING
Log Message: H323ALG: Failed before encoding H.245 message. Closing connection
Explanation: The H.245 encoder failed to allocate memory used for encoding of the message. The ALG session will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: peer
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.144. encode_failed (ID: 00200307)

Default Severity: WARNING
Log Message: H323ALG: Failed after encoding H.245 message. Closing connection
Explanation: The H.245 encoder failed to encode the message. The ALG session will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: peer
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.145. max_tcp_data_connections_exceeded (ID: 00200308)

Default Severity: WARNING
Log Message: H323ALG: Maximum number of TCP data channels exceeded
Explanation: The maximum number of concurrent TCP data channels has been reached for this session.
Firewall Action: None
Recommended Action: If the maximum number of TCP data channels per session is too low, increase it.
Revision: 1
Parameters: max_channels
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.146. max_connections_per_call_exceeded (ID: 00200309)

Default Severity: WARNING
Log Message: H323ALG: No more connections allowed for this call
Explanation: The maximum number of concurrent logical channels (calls) has been reached for this session.
Firewall Action: None
Recommended Action: If the maximum number of concurrent logical channels (calls) per session is too low, increase it.
Revision: 1
Parameters: max_connections
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.147. ignoring_channel (ID: 00200310)

Default Severity: WARNING
Log Message: H323ALG: Ignoring mediaChannel info in openLogicalChannel
Explanation: Media channel information in the openLogicalChannel message is not handled.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: peer
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.148. com_mode_response_message_not_translated (ID: 00200311)

Default Severity: WARNING
Log Message: H323ALG: CommunicationModeResponse not translated.
Explanation: The H.245 Communication Mode Response message is not translated.
Firewall Action: None
Recommended Action: None
Revision: 2
Parameters: peer
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.149. max_h323_session_reached (ID: 00200312)

Default Severity: WARNING
Log Message: H323ALG: Maximum number of H.323 sessions (<max_sessions>) for service reached. Closing connection.
Explanation: The maximum number of concurrent H.323 sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action: close
Recommended Action: If the maximum number of H.323 session is too low, increase it.
Revision: 1
Parameters: max_sessions
Context Parameters: ALG Module Name

2.3.150. failed_create_new_session (ID: 00200313)

Default Severity: WARNING
Log Message: H323ALG: Failed to create new H.323 session (out of memory)
Explanation: Could not create a new H.323 session due to lack of memory. No more sessions can be created unless the system increases the amount of free memory.
Firewall Action: close
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name

2.3.151. max_h323_gk_sessions_reached (ID: 00200314)

Default Severity: WARNING
Log Message: H323ALG: Maximum number of H.323 gatekeeper sessions for service reached
Explanation: The maximum number of concurrent H.323 gatekeeper sessions has been reached for this service. Connection will be closed.
Firewall Action: close
Recommended Action: If the maximum number of concurrent H.323 gatekeeper sessions is too low, increase it.
Revision: 1
Parameters: max_sessions
Context Parameters: ALG Module Name

2.3.152. failed_create_new_session (ID: 00200315)

Default Severity: WARNING
Log Message: H323ALG: Failed to create new gatekeeper session (out of memory)
Explanation: Could not create a new H.323 gatekeeper session due to lack of memory. No more sessions can be created unless the system increases the amount of free memory.
Firewall Action: close
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name

2.3.153. failure_connect_h323_server (ID: 00200316)

Default Severity: ERROR
Log Message: H323ALG: Failed to connect to the H.323 Server. Closing connection
Explanation: The unit failed to connect to the H.323 Server, resulting in that the ALG session could not open successfully.
Firewall Action: close
Recommended Action: Verify that there is a listening H.323 Server on the specified address.
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID

2.3.154. com_mode_command_message_not_translated (ID: 00200317)

Default Severity: WARNING
Log Message: H323ALG: CommunicationModeCommand not translated.
Explanation: The H.245 Communication Mode Command message is not translated.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: peer
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.155. packet_failed_initial_test (ID: 00200350)

Default Severity: WARNING
Log Message: TFTPALG: Packet failed initial test (Invalid TFTP packet). Packet length <packet_length>
Explanation: An invalid TFTP packet was received. Refusing connection.
Firewall Action: reject
Recommended Action: None
Revision: 1
Parameters: packet_length
Context Parameters: ALG Module Name
Connection

2.3.156. packet_failed_traversal_test (ID: 00200351)

Default Severity: WARNING
Log Message: TFTPALG: Filename <filename> failed test for directory traversal
Explanation: Filename failed test for directory traversal (contains invalid characters). Closing connection.
Firewall Action: reject
Recommended Action: If all characters in filenames should be allowed modify the TFTP Alg configuration.
Revision: 1
Parameters: filename
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.157. command_not_allowed (ID: 00200353)

Default Severity: WARNING
Log Message: TFTPALG: <command> command not allowed
Explanation: Command (GET or PUT) not allowed. Closing connection.
Firewall Action: reject
Recommended Action: If command should be allowed modify the TFTP Alg configuration.
Revision: 1
Parameters: command
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.158. option_value_invalid (ID: 00200354)

Default Severity: WARNING
Log Message: TFTPALG: Option <option> contained invalid value <value>
Explanation: Option contained invalid value. Closing connection.
Firewall Action: reject
Recommended Action: None
Revision: 1
Parameters: option
value
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.159. option_value_invalid (ID: 00200355)

Default Severity: WARNING
Log Message: TFTPALG: Option <option> contained no readable value
Explanation: Option contained no readable value. Closing connection.
Firewall Action: reject
Recommended Action: None
Revision: 1
Parameters: option
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.160. option_tsize_invalid (ID: 00200356)

Default Severity: WARNING
Log Message: TFTPALG: Option tsize value <value> exceeding allowed max value <maxvalue>
Explanation: Option tsize value exceeding allowed value. Closing connection.
Firewall Action: reject
Recommended Action: If connection should be allowed modify the filetransfersize of the TFTP Alg configuration .
Revision: 1
Parameters: value
maxvalue
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.161. unknown_option_blocked (ID: 00200357)

Default Severity: WARNING
Log Message: TFTPALG: Request contained unknown option <option>
Explanation: Request contained unknown option. Closing connection.
Firewall Action: reject
Recommended Action: If connection should be allowed modify the TFTP Alg configuration .
Revision: 1
Parameters: option
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.162. option_tsize_invalid (ID: 00200358)

Default Severity: WARNING
Log Message: TFTPALG: Option tsize value <value> exceeding allowed value <maxvalue>
Explanation: Option tsize value exceeding allowed value. Closing connection.
Firewall Action: close
Recommended Action: If connection should be allowed modify the filetransfersize of the TFTP Alg configuration .
Revision: 1
Parameters: value
maxvalue
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.163. unknown_option_blocked (ID: 00200359)

Default Severity: WARNING
Log Message: TFTPALG: Request contained unknown option <option>
Explanation: Request contained unknown option. Closing connection.
Firewall Action: close
Recommended Action: If connection should be allowed modify the TFTP Alg configuration .
Revision: 1
Parameters: option
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.164. option_not_sent (ID: 00200360)

Default Severity: WARNING
Log Message: TFTPALG: The received option <option> was not sent
Explanation: The received option was not sent. Closing connection.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: option
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.165. option_value_invalid (ID: 00200361)

Default Severity: WARNING
Log Message: TFTPALG: Option <option> contained invalid value <value> or option not sent
Explanation: Option contained invalid value or option not sent. Closing connection.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: option
value
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.166. option_value_invalid (ID: 00200362)

Default Severity: WARNING
Log Message: TFTPALG: Option <option> contained no readable value
Explanation: Option contained no readable value. Closing connection.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: option
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.167. blksize_out_of_range (ID: 00200363)

Default Severity: WARNING
Log Message: TFTPALG: Option blksize value <old_blksize> exceeding allowed value. Rewriting to <new_blksize>
Explanation: Option blksize value exceeding allowed value.Rewriting value.
Firewall Action: rewrite
Recommended Action: If the value should be allowed modify the TFTP Alg configuration.
Revision: 1
Parameters: old_blksize
new_blksize
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.168. max_tftp_sessions_reached (ID: 00200364)

Default Severity: WARNING
Log Message: FTPALG: Maximum number of TFTP sessions (<max_sessions>) for service reached. Closing connection
Explanation: The maximum number of concurrent TFTP sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action: close
Recommended Action: If the maximum number of TFTP sessions is too low, increase it.
Revision: 1
Parameters: max_sessions
Context Parameters: ALG Module Name

2.3.169. failed_create_new_session (ID: 00200365)

Default Severity: ERROR
Log Message: TFTPALG: Failed to create new TFTPALG session (out of memory)
Explanation: An attempt to create a new TFTPALG session failed, because the unit is out of memory.
Firewall Action: close
Recommended Action: Decrease the maximum allowed TFTPALG sessions, or try to free some of the RAM used.
Revision: 1
Context Parameters: ALG Module Name

2.3.170. invalid_packet_received (ID: 00200366)

Default Severity: WARNING
Log Message: TFTPALG: Received invalid packet Opcode <opcode> Packet length <packet_length>
Explanation: Received invalid packet. Closing connection.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: opcode
packet_length
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.171. failed_create_connection (ID: 00200367)

Default Severity: ERROR
Log Message: TFTPALG: Failed to create listening connection,internal error(<error_code>). Closing session
Explanation: The unit failed to create listening connection, resulting in that the ALG session could not be successfully opened.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: error_code
Context Parameters: ALG Module Name
ALG Session ID

2.3.172. invalid_packet_received_reopen (ID: 00200368)

Default Severity: WARNING
Log Message: TFTPALG: Received invalid packet Opcode <opcode> Packet length <packet_length>
Explanation: Received invalid packet. Closing listening connection and opening new instead.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: opcode
packet_length
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.173. packet_out_of_sequence (ID: 00200369)

Default Severity: WARNING
Log Message: TFTPALG: Received packet out of sequence opcode <opcode> packet length <packet_length>
Explanation: Received packet out of sequence. Closing connection.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: opcode
packet_length
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.174. transfer_size_exceeded (ID: 00200370)

Default Severity: WARNING
Log Message: TFTPALG: Received bytes <received> exceeding allowed max value <maxvalue>
Explanation: Transferred bytes exceeding allowed value. Closing connection.
Firewall Action: close
Recommended Action: If connection should be allowed modify the filetransfersize option of the TFTP Alg configuration .
Revision: 1
Parameters: received
maxvalue
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.175. options_removed (ID: 00200371)

Default Severity: WARNING
Log Message: TFTPALG: Options not allowed. Stripping options from packet
Explanation: Options not allowed. Stripping options from packet.
Firewall Action: rewrite
Recommended Action: If options should be allowed modify the TFTP Alg configuration.
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.176. failed_strip_option (ID: 00200372)

Default Severity: ERROR
Log Message: TFTPALG: Failed to strip options , (internal error)
Explanation: An attempt to send request packet without options failed because of an internal error.
Firewall Action: close
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name

2.3.177. failed_create_connection (ID: 00200373)

Default Severity: ERROR
Log Message: TFTPALG: Failed to create listening connection,internal error(<error_code>). Closing session
Explanation: The unit failed to create listening connection, resulting in that the ALG session could not be successfully opened.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: error_code
Context Parameters: ALG Module Name

2.3.178. invalid_error_message_received (ID: 00200374)

Default Severity: WARNING
Log Message: TFTPALG: Received invalid error message Opcode <opcode> Packet length <packet_length>
Explanation: Received invalid error message. Closing connection.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: opcode
packet_length
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.179. max_pop3_sessions_reached (ID: 00200380)

Default Severity: WARNING
Log Message: POP3ALG: Maximum number of POP3 sessions (<max_sessions>) for service reached. Closing connection
Explanation: The maximum number of concurrent POP3 sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action: close
Recommended Action: If the maximum number of POP3 sessions is too low, increase it.
Revision: 1
Parameters: max_sessions
Context Parameters: ALG Module Name

2.3.180. failed_create_new_session (ID: 00200381)

Default Severity: WARNING
Log Message: POP3ALG: Failed to create new POP3ALG session (out of memory)
Explanation: An attempt to create a new POP3ALG session failed, because the unit is out of memory.
Firewall Action: close
Recommended Action: Decrease the maximum allowed POP3ALG sessions, or try to free some of the RAM used.
Revision: 1
Context Parameters: ALG Module Name

2.3.181. failed_connect_pop3_server (ID: 00200382)

Default Severity: ERROR
Log Message: POP3ALG: Failed to connect to the POP3 Server. Closing the connection.
Explanation: The unit failed to connect to the remote POP3 Server, resulting in that the ALG session could not be successfully opened.
Firewall Action: close
Recommended Action: Verify that there is a listening POP3 Server on the specified address.
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID

2.3.182. out_of_memory (ID: 00200383)

Default Severity: ERROR
Log Message: POP3ALG: Failed to allocate memory (out of memory)
Explanation: An attempt to allocate memory failed.
Firewall Action: close
Recommended Action: Try to free up unwanted memory.
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID

2.3.183. blocked_filetype (ID: 00200384)

Default Severity: NOTICE
Log Message: POP3ALG: Requested file:<filename> is blocked as this file is identified as type <filetype>, which is in block list.
Explanation: The file is present in the block list. It will be blocked as per configuration.
Firewall Action: block
Recommended Action: If this file should be allowed, update the ALLOW/BLOCK list.
Revision: 1
Parameters: filename
filetype
sender_email_address
Context Parameters: ALG Module Name
ALG Session ID

2.3.184. response_blocked_unknown (ID: 00200385)

Default Severity: WARNING
Log Message: POP3ALG: Response blocked.Invalid response=<response>
Explanation: The server is sending unknown response. The response will be blocked.
Firewall Action: block
Recommended Action: None
Revision: 1
Parameters: command"
response
Context Parameters: ALG Module Name
ALG Session ID

2.3.185. base64_decode_failed (ID: 00200386)

Default Severity: ERROR
Log Message: POP3ALG: Base 64 decode failed. Attachment blocked
Explanation: The data sent to Base64 decoding failed. This can occur if the email sender sends incorrectly formatted data. The attachment has been blocked.
Firewall Action: block_data
Recommended Action: Research how the sender is encoding the data.
Revision: 1
Parameters: filename
filetype
sender_email_address
Context Parameters: ALG Module Name
ALG Session ID

2.3.186. possible_invalid_mail_end (ID: 00200387)

Default Severity: WARNING
Log Message: POP3ALG: Possible invalid end of mail "\\n.\\n" received.
Explanation: The client is sending possible invalid end of mail.
Firewall Action: allow
Recommended Action: Research how the client is sending possible invalid end of mail.
Revision: 1
Parameters: sender_email_address
Context Parameters: ALG Module Name
ALG Session ID

2.3.187. command_blocked_invalid_len (ID: 00200388)

Default Severity: WARNING
Log Message: POP3ALG: Command line blocked,line begins with linebegin. Invalid line length <len>
Explanation: The client is sending command with invalid command length. The command will be blocked.
Firewall Action: block
Recommended Action: None
Revision: 1
Parameters: len
linebegin"
Context Parameters: ALG Module Name
ALG Session ID

2.3.188. response_blocked_invalid_len (ID: 00200389)

Default Severity: WARNING
Log Message: POP3ALG: Response blocked.Invalid response length <len>
Explanation: The server is sending response with invalid response length. The response will be blocked.
Firewall Action: block
Recommended Action: None
Revision: 1
Parameters: command"
len
Context Parameters: ALG Module Name
ALG Session ID

2.3.189. content_type_mismatch (ID: 00200390)

Default Severity: NOTICE
Log Message: POP3ALG: Content type mismatch in file <filename>. Identified filetype <filetype>
Explanation: The filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded.
Firewall Action: block_data
Recommended Action: None
Revision: 1
Parameters: filename
filetype
sender_email_address
Context Parameters: ALG Module Name

2.3.190. content_type_mismatch_mimecheck_disabled (ID: 00200391)

Default Severity: NOTICE
Log Message: POP3ALG: Content type mismatch found for the file <filename>. It is identified as type <filetype> file
Explanation: Received type of data in the packet and its actual type do not match. As there is a mismatch and mime type check is disabled, the data will be allowed.
Firewall Action: allow
Recommended Action: Content type should be matched.
Revision: 2
Parameters: filename
filetype
sender_email_address
Context Parameters: ALG Module Name

2.3.191. command_blocked_invalid_argument (ID: 00200392)

Default Severity: WARNING
Log Message: POP3ALG: Command blocked.Invalid argument <argument> given
Explanation: The client is sending command with invalid argument. The command will be blocked.
Firewall Action: block
Recommended Action: None
Revision: 1
Parameters: command"
argument
Context Parameters: ALG Module Name
ALG Session ID

2.3.192. command_blocked (ID: 00200393)

Default Severity: WARNING
Log Message: POP3ALG: Command <command> blocked.
Explanation: The client is sending command that are not allowed. The command will be blocked.
Firewall Action: block
Recommended Action: If the command are to be allowed change the Alg configuration.Note: The STLS command is allways blocked!.
Revision: 1
Parameters: command
Context Parameters: ALG Module Name
ALG Session ID

2.3.193. unknown_command_blocked (ID: 00200394)

Default Severity: WARNING
Log Message: POP3ALG: Unknown command blocked.
Explanation: The client is sending unknown command. The command will be blocked.
Firewall Action: block
Recommended Action: If the command are to be allowed change the Alg configuration.
Revision: 1
Parameters: command"
Context Parameters: ALG Module Name
ALG Session ID

2.3.194. unexpected_mail_end (ID: 00200396)

Default Severity: WARNING
Log Message: POP3ALG: Unexpected end of mail received while parsing mail content.
Explanation: Unexpected end of mail received while parsing mail content..
Firewall Action: block
Recommended Action: Research if mail is not complete.
Revision: 1
Parameters: sender_email_address
len
retrigs
Context Parameters: ALG Module Name
ALG Session ID

2.3.195. invalid_line_endings (ID: 00200397)

Default Severity: WARNING
Log Message: POP3ALG: Mail contains invalid line endings.
Explanation: Mail contains invalid line endings.
Firewall Action: block
Recommended Action: Research why mail contains invalid line endings.
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID

2.3.196. top_mail_end_blocked (ID: 00200398)

Default Severity: WARNING
Log Message: POP3ALG: The last part of mail retreived with TOP command blocked.
Explanation: Only part of mail retrieved using TOP command was received. The last part was therefore blocked by the firewall.
Firewall Action: block
Recommended Action: None
Revision: 1
Parameters: len
retrigs
Context Parameters: ALG Module Name
ALG Session ID

2.3.197. max_syslog_sessions_reached (ID: 00200400)

Default Severity: WARNING
Log Message: SyslogALG: Maximum number of sessions (<max_sessions>) for service reached. Closing connection
Explanation: The maximum number of concurrent syslog ALG sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action: close
Recommended Action: If the maximum number of syslog sessions is too low, increase it.
Revision: 1
Parameters: max_sessions
Context Parameters: ALG Module Name

2.3.198. out_of_memory (ID: 00200401)

Default Severity: CRITICAL
Log Message: SYSLOGALG: Failed to allocate memory
Explanation: The unit does not have enough available RAM.
Firewall Action: None
Recommended Action: Try to free up some RAM by changing configuration parameters.
Revision: 1
Context Parameters: ALG Module Name
Connection

2.3.199. unauthenticated_syslog_detected (ID: 00200402)

Default Severity: ERROR
Log Message: SYSLOGALG: Unauthenticated session
Explanation: Syslog packet rejected due to unauthenticated connection.
Firewall Action: drop
Recommended Action: Investigate the reason to the unauthenticated syslog packets or change the configuration to allow unauthenticated packets.
Revision: 1
Context Parameters: ALG Module Name
Connection

2.3.200. reverse_syslog_data (ID: 00200403)

Default Severity: ERROR
Log Message: SYSLOGALG: Reverse traffic detected on syslog connection
Explanation: The SYSLOG ALG detected data packets send in the reverse direction i.e from the server towards the client. The session is closed. .
Firewall Action: close
Recommended Action: Investigate why the packets are sent in the reverse direction of the syslog connection.
Revision: 1
Context Parameters: ALG Module Name
Connection

2.3.201. large_syslog_received (ID: 00200404)

Default Severity: ERROR
Log Message: SYSLOGALG: Too large syslog packet received <size>
Explanation: Syslog packet rejected due to being larger than the configuration allows.
Firewall Action: drop
Recommended Action: If required, change the configuration to allow syslog packets with this size.
Revision: 1
Parameters: size
limit
Context Parameters: ALG Module Name
Connection

2.3.202. prohibited_text_detected (ID: 00200405)

Default Severity: ERROR
Log Message: SYSLOGALG: Prohibited text <text> detected
Explanation: Syslog packet rejected due to presence of prohibited text.
Firewall Action: drop
Recommended Action: Change the configuration to allow syslog packets with this text.
Revision: 1
Parameters: text
Context Parameters: ALG Module Name
Connection

2.3.203. internal_buffer_error (ID: 00200406)

Default Severity: ERROR
Log Message: SYSLOGALG: Internal buffer error
Explanation: Crafted syslog packet grew too large for internal buffer.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name
Connection

2.3.204. max_tls_sessions_reached (ID: 00200450)

Default Severity: WARNING
Log Message: TLSALG: Maximum number of TLS sessions (<max_sessions>) for service reached. Closing connection
Explanation: The maximum number of concurrent TLS sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action: close
Recommended Action: If the maximum number of TLS sessions is too low, increase it.
Revision: 1
Parameters: max_sessions
Context Parameters: ALG Module Name

2.3.205. failed_create_new_session (ID: 00200451)

Default Severity: WARNING
Log Message: TLSALG: Failed to create new TLSALG session (out of memory)
Explanation: An attempt to create a new TLSALG session failed, because the unit is out of memory.
Firewall Action: close
Recommended Action: Decrease the maximum allowed TLSALG sessions, or try to free some of the RAM used.
Revision: 1
Context Parameters: ALG Module Name

2.3.206. failure_connect_http_server (ID: 00200452)

Default Severity: ERROR
Log Message: TLSALG: Failed to connect to the HTTP Server. Closing connection. ALG name: <algname>.
Explanation: The unit failed to connect to the HTTP Server, resulting in that the ALG session could not be successfully opened.
Firewall Action: close
Recommended Action: Verify that there is a listening HTTP Server on the specified address.
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.207. tls_alert_received (ID: 00200453)

Default Severity: ERROR
Log Message: TLSALG: Received TLS <alert> alert from peer.
Explanation: A TLS alert was received. The TLS ALG session will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: alert
level
algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.208. tls_renegotiation_attempted (ID: 00200454)

Default Severity: WARNING
Log Message: TLSALG: TLS renegotiation attempted but not supported.
Explanation: The TLS peer initiated a renegotiation. Renegotiation is however not supported so an alert was sent to let the peer know that there will be no renegotiation.
Firewall Action: tls_alert_sent
Recommended Action: None
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.209. tls_alert_sent (ID: 00200455)

Default Severity: ERROR
Log Message: TLSALG: Sent TLS <alert> alert to peer.
Explanation: A TLS error has occured that caused an alert to be sent to the peer. The TLS ALG session will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: alert
level
algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.210. ssl_renegotiation_attempted (ID: 00200457)

Default Severity: ERROR
Log Message: TLSALG: SSL renegotiation attempted but not supported.
Explanation: The SSL peer initiated a renegotiation. Renegotiation is however not supported so the TLS ALG session will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.211. tls_disallowed_key_exchange (ID: 00200458)

Default Severity: WARNING
Log Message: TLSALG: Disallowed key exchange.
Explanation: The TLS ALG session will be closed because there are not enough resources to process any TLS key exchanges at the moment. This could be a result of TLS handshake message flooding. This action is triggered by a system that monitors the amount of resources that is spent on key exchanges. This system is controlled by the advanced setting SSL_ProcessingPriority.
Firewall Action: close
Recommended Action: Investigate the source of this and try to find out if it is a part of a possible attack, or normal traffic.
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.212. tls_invalid_message (ID: 00200459)

Default Severity: ERROR
Log Message: TLSALG: Invalid TLS <message_type> message received.
Explanation: A badly formatted TLS message has been received. The TLS ALG session will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: message_type
algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.213. tls_bad_message_order (ID: 00200460)

Default Severity: ERROR
Log Message: TLSALG: Bad TLS handshake message order.
Explanation: A TLS handshake message of a type that is not expected in the current state of the handshake was received. The TLS ALG session will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.214. tls_no_shared_cipher_suites (ID: 00200461)

Default Severity: WARNING
Log Message: TLSALG: No shared cipher suites.
Explanation: A connecting TLS peer does not share any cipher suites with the unit. The TLS ALG session will be closed.
Firewall Action: close
Recommended Action: Make sure that the client and the unit share atleast one cipher suite.
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.215. tls_out_of_memory (ID: 00200462)

Default Severity: ERROR
Log Message: TLSALG: Out of memory.
Explanation: The unit was unable to allocate the memory required to process the TLS connection of a TLS ALG session. The TLS ALG session will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.216. tls_failed_to_verify_finished (ID: 00200463)

Default Severity: ERROR
Log Message: TLSALG: Failed to verify finished message.
Explanation: The unit failed to verify the TLS finished message. The finished message is used to verify that the key exchange and authentication processes were successful. The TLS ALG session will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.217. unknown_tls_error (ID: 00200464)

Default Severity: ERROR
Log Message: TLSALG: Unknown TLS error.
Explanation: An unknown TLS error has occured. The TLS ALG session will be closed.
Firewall Action: close
Recommended Action: None
Revision: 1
Parameters: algname
Context Parameters: ALG Module Name
ALG Session ID

2.3.218. sdp_message_parsing_failed (ID: 00200501)

Default Severity: ERROR
Log Message: SIPALG: SDP message parsing failed
Explanation: SDP part of message failed parsing due to malformed message. Reason: [reason].
Firewall Action: drop
Recommended Action: Examine why client or server is sending a malformed SDP message.
Revision: 2
Parameters: reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.219. sdp_message_validation_failed (ID: 00200502)

Default Severity: ERROR
Log Message: SIPALG: SDP message validation failed
Explanation: SDP part of message failed validation due to malformed message. Reason: [reason].
Firewall Action: drop
Recommended Action: Examine why client or server is sending a malformed SDP message.
Revision: 2
Parameters: reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.220. sip_message_parsing_failed (ID: 00200503)

Default Severity: ERROR
Log Message: SIPALG: SIP message parsing failed
Explanation: SIP part of message failed parsing due to malformed message. Reason: [reason].
Firewall Action: drop
Recommended Action: Examine why client or server is sending a malformed SIP message.
Revision: 2
Parameters: reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.221. sip_message_validation_failed (ID: 00200504)

Default Severity: ERROR
Log Message: SIPALG: SIP message validation failed due to malformed message
Explanation: SIP part of message failed validation due to malformed message. Reason: [reason].
Firewall Action: drop
Recommended Action: Examine why client or server is sending a malformed SIP message.
Revision: 2
Parameters: reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.222. max_sessions_per_uri_reached (ID: 00200505)

Default Severity: WARNING
Log Message: SIPALG: Maximum number of sessions per SIP URI has been reached
Explanation: The configured maximum number of concurrent SIP sessions [max_ses_per_id] per SIP URI has been reached.
Firewall Action: close
Recommended Action: If the maximum number of SIPALG sessions per SIP URI is too low, increase it.
Revision: 2
Parameters: max_ses_per_id
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.223. registration_hijack_detected (ID: 00200506)

Default Severity: ALERT
Log Message: Registration hijack attempt detected
Explanation: The number of registration attempts [reg_hijack_count] has been exceeded.
Firewall Action: drop
Recommended Action: Check with the user, why he is using false authentication to register.
Revision: 2
Parameters: reg_hijack_count
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.224. sip_signal_timeout (ID: 00200507)

Default Severity: WARNING
Log Message: SIPALG: SIP signal timeout
Explanation: SIP signal timeout for session [method]. The session will be deleted.
Firewall Action: close
Recommended Action: If the configured SIP signal timeout value is too low, increase it.
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.225. sip_request_response_timeout (ID: 00200508)

Default Severity: WARNING
Log Message: SIPALG: SIP request-response timeout
Explanation: SIP request-response timeout for the session [method]. The session will be deleted.
Firewall Action: close
Recommended Action: If the configured SIP Request-Response timeout value is too low, increase it.
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.226. registration_time_modified (ID: 00200509)

Default Severity: NOTICE
Log Message: SIPALG: Expire value modified in registration request
Explanation: The SIP-ALG modified the requested registration time since it exceeds the configured maximum registration time value [cfg_registration_time].
Firewall Action: allow
Recommended Action: None
Revision: 2
Parameters: cfg_registration_time
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.227. unsuccessful_registration (ID: 00200510)

Default Severity: WARNING
Log Message: SIPALG: Unsuccessful registration
Explanation: The user failed to register. Reason: [reason].
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.228. unsuccessful_unregistration (ID: 00200511)

Default Severity: NOTICE
Log Message: SIPALG: Failed unregistration
Explanation: The user failed to unregister. Reason: [reason].
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name
ALG Session ID

2.3.229. unsuccessful_search_in_registration_table (ID: 00200512)

Default Severity: WARNING
Log Message: SIPALG: Registration entry not found
Explanation: The specified user could not be found in the register table. Reason: [reason].
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.230. sipalg_session_created (ID: 00200513)

Default Severity: NOTICE
Log Message: SIPALG: New SIP-ALG session created
Explanation: New SIP-ALG session for [method] request created.
Firewall Action: allow
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.231. failed_to_create_session (ID: 00200514)

Default Severity: ERROR
Log Message: SIPALG: Failed to create sipalg session
Explanation: A new SIP-ALG session for [method] request could not be created.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.232. failed_to_find_session (ID: 00200515)

Default Severity: ERROR
Log Message: SIPALG: Failed to find sipalg session
Explanation: Failed to find sipalg session. Reason: [reason].
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.233. sipalg_session_deleted (ID: 00200516)

Default Severity: INFORMATIONAL
Log Message: SIPALG: SIP-ALG session deleted
Explanation: SIP-ALG session deleted for [method] request.
Firewall Action: close
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.234. sipalg_session_state_updated (ID: 00200517)

Default Severity: DEBUG
Log Message: SIPALG: SIP-ALG session state updated
Explanation: The SIP-ALG session state updated to [session_state] state.
Firewall Action: allow
Recommended Action: None
Revision: 2
Parameters: session_state
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.235. sipalg_transaction_created (ID: 00200520)

Default Severity: NOTICE
Log Message: SIPALG: Transaction created
Explanation: SIP-ALG transaction created for [method] request.
Firewall Action: allow
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.236. failed_to_create_new_transaction (ID: 00200521)

Default Severity: ERROR
Log Message: SIPALG: Failed to create transaction
Explanation: The SIP-ALG failed to create transaction for [method] request.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.237. failed_to_find_transaction (ID: 00200522)

Default Severity: WARNING
Log Message: SIPALG: Failed to find transaction
Explanation: Failed to find transaction for [method] request.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.238. sipalg_transaction_deleted (ID: 00200523)

Default Severity: NOTICE
Log Message: SIPALG: sipalg transaction deleted
Explanation: The transaction for [method] request is deleted.
Firewall Action: close
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name
ALG Session ID

2.3.239. sipalg_transaction_state_updated (ID: 00200524)

Default Severity: DEBUG
Log Message: SIPALG: Transaction state updated
Explanation: A SIP-ALG transaction state has been updated to [transaction_state] state.
Firewall Action: allow
Recommended Action: None
Revision: 2
Parameters: transaction_state
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.240. no_route_found (ID: 00200526)

Default Severity: ERROR
Log Message: SIPALG: Failed to find route for given host
Explanation: No route information found for the given host. Reason: [reason].
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.241. failed_to_get_free_port (ID: 00200527)

Default Severity: CRITICAL
Log Message: SIPALG: Failed to get free NAT port pair for the given host
Explanation: Failed to get free port for the given host. Reason: [reason].
Firewall Action: drop
Recommended Action: The system is unstable and might require a reboot.
Revision: 2
Parameters: reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.242. failed_to_find_role (ID: 00200528)

Default Severity: ERROR
Log Message: SIPALG: Failed to find role
Explanation: SIPALG: Failed to find role for [method] request.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.243. failed_to_update_port (ID: 00200529)

Default Severity: ERROR
Log Message: SIPALG: Failed to update port information
Explanation: Failed to update port into session for [method] request.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.244. failed_to_update_contact (ID: 00200530)

Default Severity: ERROR
Log Message: SIPALG: Failed to update contact
Explanation: Failed to update contact into session for [method] request.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.245. failed_to_modify_sdp_message (ID: 00200531)

Default Severity: ERROR
Log Message: SIPALG: Failed to modify SDP message
Explanation: Failed to modify SDP part of message. Reason: [reason].
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.246. failed_to_modify_via (ID: 00200532)

Default Severity: ERROR
Log Message: SIPALG: Failed to modify via in message
Explanation: Failed to modify the via header in message for [method] request.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.247. failed_to_modify_from (ID: 00200533)

Default Severity: ERROR
Log Message: SIPALG: Failed to modify FROM tag in message
Explanation: Failed to modify the FROM tag in message for [method] request.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.248. failed_to_modify_request_uri (ID: 00200534)

Default Severity: ERROR
Log Message: SIPALG: Failed to modify request URI in message
Explanation: Failed to modify the request URI in message for [method] request.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.249. failed_to_modify_request (ID: 00200535)

Default Severity: ERROR
Log Message: SIPALG: Failed to modify the request
Explanation: Failed to modify the topology info in the [method] request.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.250. method_not_supported (ID: 00200536)

Default Severity: WARNING
Log Message: SIPALG: Method not supported
Explanation: The method [method] is not supported.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.251. general_error (ID: 00200537)

Default Severity: WARNING
Log Message: SIPALG: General Error
Explanation: General error while processing message. Reason: [reason].
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.252. third_party_call_control (ID: 00200538)

Default Severity: WARNING
Log Message: SIPALG: Block third party SIP request
Explanation: The SIP-ALG has detected a SIP/SDP message involving third party IP address. Reason: [reason]. The request will be dropped.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.253. out_of_memory (ID: 00200539)

Default Severity: EMERGENCY
Log Message: SIPALG: Out of memory
Explanation: Memory allocation failed while processing SIP message.
Firewall Action: drop
Recommended Action: Change configuration to free up more RAM.
Revision: 1
Parameters: message

2.3.254. null_sip_message_received (ID: 00200540)

Default Severity: ERROR
Log Message: SIPALG: SIP packet reception error. Reason:<reason>
Explanation: Packet without data received.
Firewall Action: drop
Recommended Action: Research how SIPALG received NULL SIP packet.
Revision: 1
Parameters: reason
Context Parameters: ALG Module Name

2.3.255. user_registered (ID: 00200541)

Default Severity: NOTICE
Log Message: SIPALG: Successful Registration
Explanation: User [user_name] registered.
Firewall Action: None
Recommended Action: None
Revision: 2
Parameters: user_name
contact
Context Parameters: ALG Module Name

2.3.256. user_unregistered (ID: 00200542)

Default Severity: NOTICE
Log Message: SIPALG: Successful unregistration
Explanation: User [user_name] unregistered successfully.
Firewall Action: allow
Recommended Action: None
Revision: 1
Parameters: user_name
contact
Context Parameters: ALG Module Name

2.3.257. dns_resolution_failed (ID: 00200545)

Default Severity: CRITICAL
Log Message: Failed to do dns resolve
Explanation: An attempt to resolve dns failed. Reason: [reason].
Firewall Action: drop
Recommended Action: Check if the dns servers are configured.
Revision: 1
Parameters: reason
Context Parameters: ALG Module Name

2.3.258. failed_to_modify_contact (ID: 00200547)

Default Severity: ERROR
Log Message: SIPALG: Failed to modify contact tag in message
Explanation: Failed to modify the contact tag in SIP message. Reason: [reason].
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.259. invalid_udp_packet (ID: 00200548)

Default Severity: ERROR
Log Message: SIPALG: Invalid SIP UDP packet received
Explanation: The SIP ALG received an invalid UDP packet. The packet will be dropped.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name

2.3.260. failed_to_parse_media (ID: 00200549)

Default Severity: ERROR
Log Message: SIPALG: Failed to parse media
Explanation: Failed to parse media for the request [method].
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.261. max_session_per_service_reached (ID: 00200550)

Default Severity: WARNING
Log Message: SIPALG: Maximum number of transaction per session has been reached
Explanation: The configured maximum number of concurrent SIP sessions [max_ses_per_service] per SIP SERVICE has been reached.
Firewall Action: close
Recommended Action: If the maximum number of SIPALG sessions per SIP service is too low, increase it.
Revision: 2
Parameters: max_ses_per_service
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.262. max_tsxn_per_session_reached (ID: 00200551)

Default Severity: WARNING
Log Message: SIPALG: Maximum number of sessions per Service has been reached
Explanation: The configured maximum number of transaction [max_tsxn_per_session] per SIP SESSION has been reached.
Firewall Action: close
Recommended Action: None
Revision: 2
Parameters: max_tsxn_per_session
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.263. invalid_transaction_state (ID: 00200552)

Default Severity: ERROR
Log Message: SIPALG: Invalid transaction state change
Explanation: Invalid transaction state found [tsxn_invalid_state].
Firewall Action: close
Recommended Action: None
Revision: 2
Parameters: tsxn_invalid_state
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.264. invalid_session_state (ID: 00200553)

Default Severity: ERROR
Log Message: SIPALG: Invalid session state change
Explanation: Invalid session state found [session_invalid_state].
Firewall Action: close
Recommended Action: None
Revision: 2
Parameters: session_invalid_state
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.265. sipalg_callleg_created (ID: 00200554)

Default Severity: NOTICE
Log Message: SIPALG: CallLeg created
Explanation: SIP-ALG callleg created for [method] request.
Firewall Action: allow
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.266. failed_to_create_new_callleg (ID: 00200555)

Default Severity: ERROR
Log Message: SIPALG: Failed to create callleg
Explanation: The SIP-ALG failed to create callleg for [method] request.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.267. failed_to_find_callleg (ID: 00200556)

Default Severity: WARNING
Log Message: SIPALG: Failed to find callleg
Explanation: Failed to find callleg for [method] request.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.268. failed_to_update_callleg (ID: 00200557)

Default Severity: WARNING
Log Message: SIPALG: Failed to update callleg
Explanation: Failed to update callleg for [method] request.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.269. sipalg_callleg_deleted (ID: 00200558)

Default Severity: NOTICE
Log Message: SIPALG: sipalg callleg deleted
Explanation: The callleg for [method] request is deleted.
Firewall Action: close
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name
ALG Session ID

2.3.270. failed_to_modify_response (ID: 00200559)

Default Severity: ERROR
Log Message: SIPALG: Failed to modify the response
Explanation: Failed to modify the topology info in the [method] response.
Firewall Action: drop
Recommended Action: None
Revision: 2
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.271. sipalg_callleg_state_updated (ID: 00200560)

Default Severity: DEBUG
Log Message: SIPALG: SIP-ALG callleg state updated
Explanation: The SIP-ALG callleg state updated to [callleg_state] state.
Firewall Action: allow
Recommended Action: None
Revision: 2
Parameters: callleg_state
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.272. failed_to_modify_sat_request (ID: 00200561)

Default Severity: ERROR
Log Message: SIPALG: Failed to modify the SAT request
Explanation: Failed to modify requst ip to SAT destination IP in the [method] request.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters: ALG Module Name

2.3.273. max_pptp_sessions_reached (ID: 00200601)

Default Severity: WARNING
Log Message: PPTPALG: Maximum number of PPTP sessions (<max_sessions>) for service reached. Closing connection
Explanation: The maximum number of concurrent PPTP sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action: close
Recommended Action: If the maximum number of PPTP sessions is too low, increase it.
Revision: 1
Parameters: max_sessions
Context Parameters: ALG Module Name

2.3.274. failed_create_new_session (ID: 00200602)

Default Severity: CRITICAL
Log Message: PPTPALG: Failed to create new PPTPALG session (out of memory)
Explanation: An attempt to create a new PPTPALG session failed. The unit has run out of memory.
Firewall Action: close
Recommended Action: Decrease the maximum allowed PPTPALG sessions, or try to free some of the RAM used.
Revision: 1
Context Parameters: ALG Module Name

2.3.275. failed_connect_pptp_server (ID: 00200603)

Default Severity: ERROR
Log Message: PPTPALG: Failed to connect to the PPTP Server. Closing the connection.
Explanation: The PPTP ALG could not connect to the receiving PPTP server, resulting in that the ALG session could not be successfully opened.
Firewall Action: close
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID

2.3.276. pptp_tunnel_established_client (ID: 00200604)

Default Severity: NOTICE
Log Message: PPTPALG: PPTP tunnel established from client
Explanation: A PPTP tunnel has been established between PPTP client and firewall.
Firewall Action: None
Recommended Action: None
Revision: 2
Context Parameters: ALG Session ID
ALG Module Name

2.3.277. pptp_tunnel_removed_client (ID: 00200605)

Default Severity: NOTICE
Log Message: PPTPALG: PPTP tunnel between client and firewall removed
Explanation: A PPTP tunnel has been removed between the PPTP client and the PPTP-ALG.
Firewall Action: None
Recommended Action: None
Revision: 2
Context Parameters: ALG Session ID
ALG Module Name

2.3.278. pptp_tunnel_removed_server (ID: 00200606)

Default Severity: NOTICE
Log Message: PPTPALG: PPTP tunnel between server and firewall removed
Explanation: A PPTP tunnel has been removed betweem the PPTP server and the PPTP-ALG.
Firewall Action: None
Recommended Action: None
Revision: 2
Context Parameters: ALG Session ID
ALG Module Name

2.3.279. pptp_session_established (ID: 00200607)

Default Severity: NOTICE
Log Message: PPTPALG: PPTP session established
Explanation: A PPTP session has been established.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: ALG Session ID
ALG Module Name

2.3.280. pptp_session_removed (ID: 00200608)

Default Severity: NOTICE
Log Message: PPTPALG: PPTP session removed
Explanation: A PPTP session has been removed.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: ALG Session ID
ALG Module Name

2.3.281. pptp_malformed_packet (ID: 00200609)

Default Severity: WARNING
Log Message: Malformed packet received from <remotegw> on <iface>
Explanation: A malformed packet was received by the PPTP-ALG.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: iface
remotegw

2.3.282. pptp_tunnel_established_server (ID: 00200610)

Default Severity: NOTICE
Log Message: PPTPALG: PPTP tunnel established from server
Explanation: A PPTP tunnel has been established between PPTP server and firewall.
Firewall Action: None
Recommended Action: None
Revision: 2
Context Parameters: ALG Session ID
ALG Module Name

2.3.283. max_imap_sessions_reached (ID: 00200650)

Default Severity: WARNING
Log Message: IMAPALG: Maximum number of IMAP sessions (<max_sessions>) for service reached. Closing connection
Explanation: The maximum number of concurrent IMAP sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action: close
Recommended Action: If the maximum number of IMAP sessions is too low, increase it.
Revision: 1
Parameters: max_sessions
Context Parameters: ALG Module Name

2.3.284. failed_create_new_session (ID: 00200651)

Default Severity: WARNING
Log Message: IMAPALG: Failed to create new IMAP ALG session (out of memory)
Explanation: An attempt to create a new IMAP ALG session failed, because the unit is out of memory.
Firewall Action: close
Recommended Action: Decrease the maximum allowed IMAP ALG sessions, or try to free some of the RAM used.
Revision: 1
Context Parameters: ALG Module Name

2.3.285. failed_connect_imap_server (ID: 00200652)

Default Severity: ERROR
Log Message: IMAPALG: Failed to connect to the IMAP Server. Closing the connection.
Explanation: The unit failed to connect to the remote IMAP Server, resulting in that the ALG session could not be successfully opened.
Firewall Action: close
Recommended Action: Verify that there is a listening IMAP Server on the specified address.
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID

2.3.286. out_of_memory (ID: 00200656)

Default Severity: ERROR
Log Message: IMAPALG: Failed to allocate memory (out of memory)
Explanation: An attempt to allocate memory failed.
Firewall Action: close
Recommended Action: Try to free up unwanted memory.
Revision: 2
Context Parameters: ALG Module Name
ALG Session ID

2.3.287. blocked_filetype (ID: 00200657)

Default Severity: NOTICE
Log Message: IMAPALG: Requested file:<filename> is blocked as this file is identified as type <filetype>, which is in block list.
Explanation: The file is present in the block list. It will be blocked as per configuration.
Firewall Action: block
Recommended Action: If this file should be allowed, update the ALLOW/BLOCK list.
Revision: 2
Parameters: imap_userid
imap_mailbox
imap_msg_uid
imap_msg_sequence_number
imap_mail_size
filename
filetype
sender_email_address
Context Parameters: ALG Module Name
ALG Session ID

2.3.288. base64_decode_failed (ID: 00200658)

Default Severity: ERROR
Log Message: IMAPALG: Base 64 decode failed. Attachment blocked
Explanation: The data sent to Base64 decoding failed. This can occur if the email sender sends incorrectly formatted data. The attachment has been blocked.
Firewall Action: block_data
Recommended Action: Research how the sender is encoding the data.
Revision: 2
Parameters: imap_userid
imap_mailbox
imap_msg_uid
imap_msg_sequence_number
imap_mail_size
filename
filetype
sender_email_address
Context Parameters: ALG Module Name
ALG Session ID

2.3.289. command_blocked (ID: 00200659)

Default Severity: WARNING
Log Message: IMAPALG: Command <imap_command> blocked.
Explanation: The client is sending command that are not allowed. The command will be blocked.
Firewall Action: block
Recommended Action: If the command are to be allowed change the Alg configuration.Note: The STLS command is allways blocked!.
Revision: 2
Parameters: imap_userid
imap_command
Context Parameters: ALG Module Name
ALG Session ID

2.3.290. unknown_command_blocked (ID: 00200660)

Default Severity: WARNING
Log Message: IMAPALG: Unknown command blocked.
Explanation: The client is sending unknown command. The command will be blocked.
Firewall Action: block
Recommended Action: If the command are to be allowed change the Alg configuration.
Revision: 2
Parameters: imap_userid
imap_command
Context Parameters: ALG Module Name
ALG Session ID

2.3.291. command_invalid (ID: 00200661)

Default Severity: WARNING
Log Message: IMAP_ALG: Command <imap_command> invalid.
Explanation: The client is sending command that is not a valid command. The command will be blocked.
Firewall Action: block
Recommended Action: If the command are to be allowed change the Alg configuration.
Revision: 2
Parameters: imap_userid
imap_command
Context Parameters: ALG Module Name
ALG Session ID

2.3.292. response_blocked_unknown (ID: 00200662)

Default Severity: WARNING
Log Message: IMAP_ALG: Response blocked. Invalid response.
Explanation: The server is sending unknown response for command [imap_command]. The response will be blocked.
Firewall Action: block
Recommended Action: None
Revision: 2
Parameters: imap_userid
imap_command
Context Parameters: ALG Module Name
ALG Session ID

2.3.293. content_type_mismatch (ID: 00200663)

Default Severity: NOTICE
Log Message: IMAPALG: Content type mismatch in file <filename>. Identified filetype <filetype>
Explanation: The filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded.
Firewall Action: block_data
Recommended Action: None
Revision: 2
Parameters: imap_userid
imap_mailbox
imap_msg_uid
imap_msg_sequence_number
imap_mail_size
filename
filetype
sender_email_address
Context Parameters: ALG Module Name

2.3.294. plain_auth_blocked (ID: 00200664)

Default Severity: WARNING
Log Message: IMAPALG: Plain text authentication attempt blocked.
Explanation: The client is sending plain text authentication request. It will be blocked.
Firewall Action: block
Recommended Action: If this is not desired, allow plain text authentication in relative email profile.
Revision: 2
Parameters: imap_userid
imap_command
Context Parameters: ALG Module Name
ALG Session ID

2.3.295. unknown_imap_syntax (ID: 00200665)

Default Severity: NOTICE
Log Message: IMAPALG: Unknown IMAP syntax in response
Explanation: Unknown IMAP syntax in response, content will be passed through without scanning.
Firewall Action: allow_response
Recommended Action: None
Revision: 1
Parameters: imap_userid
imap_mailbox
imap_msg_uid
imap_msg_sequence_number
Context Parameters: ALG Module Name
ALG Session ID

2.3.296. unknown_mail_syntax (ID: 00200666)

Default Severity: NOTICE
Log Message: IMAPALG: Unknown syntax in mail header
Explanation: Unknown syntax in mail header, content will be passed through without scanning.
Firewall Action: allow_mail
Recommended Action: None
Revision: 1
Parameters: imap_userid
imap_mailbox
imap_msg_uid
imap_msg_sequence_number
imap_mail_size
Context Parameters: ALG Module Name
ALG Session ID

2.3.297. unknown_mail_body_syntax (ID: 00200667)

Default Severity: NOTICE
Log Message: IMAPALG: Unknown syntax in mail content
Explanation: Unknown syntax in mail content, content will be passed through without scanning.
Firewall Action: allow_mail_content
Recommended Action: None
Revision: 1
Parameters: sourceip
from
to
profile
imap_userid
imap_mailbox
imap_msg_uid
imap_msg_sequence_number
imap_mail_size
Context Parameters: ALG Module Name
ALG Session ID

2.3.298. imap_session_statistics (ID: 00200670)

Default Severity: DEBUG
Log Message: IMAPALG: Statistics for closing IMAP session
Explanation: Statistics for IMAP session.
Firewall Action: None
Recommended Action: None
Revision: 3
Parameters: imap_userid
mail_scanned
mail_spam_detected
mail_virus_detected
blocked_attachments
unknown_syntax_imap
unknown_syntax_mail_header
unknown_syntax_mail_body
incomplete_mail_header
incomplete_mail_body
section_size_mail_header
section_size_mail_body
Context Parameters: ALG Module Name
ALG Session ID

2.3.299. max_dnscontrol_session_reached (ID: 00200680)

Default Severity: WARNING
Log Message: DNS Control: Maximum number of DNS Control sessions (<max_sessions>) for service reached. Closing connection.
Explanation: The maximum number of concurrent DNS Control sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action: close
Recommended Action: If the maximum number of DNS Control session is too low, increase it.
Revision: 1
Parameters: max_sessions
Context Parameters: ALG Module Name

2.3.300. failed_create_new_session (ID: 00200681)

Default Severity: WARNING
Log Message: DNS Control: Failed to create new DNS Control session (out of memory)
Explanation: Could not create a new DNS Control session due to lack of memory. No more sessions can be created unless the system increases the amount of free memory.
Firewall Action: close
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name

2.3.301. failure_connect_dns_server (ID: 00200682)

Default Severity: INFORMATIONAL
Log Message: DNS Control: Failed to connect to DNS Server. Closing connection
Explanation: The unit failed to connect to DNS Server, resulting in that the ALG session could not open successfully.
Firewall Action: close
Recommended Action: Verify that there is a listening DNS Server on the specified address.
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID

2.3.302. dns_packet_rejected (ID: 00200683)

Default Severity: WARNING
Log Message: DNS Control: DNS packet rejected. Packet: <packet> TransactionID: <transactionid> payload_length: <payload_length>
Explanation: DNS packet rejected, dropping.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: transactionid
reason
packet
payload_length
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.303. dns_transaction_opened (ID: 00200684)

Default Severity: INFORMATIONAL
Log Message: DNS Profile: Transaction opened.
Explanation: DNS Transaction opened.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: transactionid
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.304. dns_transaction_closed (ID: 00200685)

Default Severity: INFORMATIONAL
Log Message: DNS Profile: Transaction closed.
Explanation: DNS Transaction closed.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: transactionid
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.305. dns_resolving_address (ID: 00200690)

Default Severity: NOTICE
Log Message: DNS Profile: Resolving.
Explanation: DNS resolving address.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: transactionid
query-type
address
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.306. dns_resolved_address (ID: 00200692)

Default Severity: NOTICE
Log Message: DNS Profile: Resolved.
Explanation: DNS resolved address.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: transactionid
domain
query-type
pref
addresses
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.307. dns_resolved_address (ID: 00200693)

Default Severity: NOTICE
Log Message: DNS Profile: Resolved.
Explanation: DNS resolved address.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: transactionid
domain
query-type
addresses
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.308. dns_policy_violation (ID: 00200694)

Default Severity: WARNING
Log Message: DNS Profile: DNS packet rejected due to policy violation. Packet: <packet> TransactionID: <transactionid> Violation value <value>
Explanation: DNS packet rejected due to policy violation, dropping.
Firewall Action: drop
Recommended Action: Modify the DNS Profile if the packet should be allowed.
Revision: 1
Parameters: transactionid
reason
packet
value
Context Parameters: ALG Module Name
ALG Session ID
Connection

2.3.309. max_revproxy_sessions_reached (ID: 00200700)

Default Severity: WARNING
Log Message: REVPROXY: Maximum number of Reverse Proxy sessions for service reached. Closing connection.
Explanation: The maximum number of concurrent Reverse Proxy sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action: close
Recommended Action: If the maximum number of Reverse Proxy sessions is too low, increase it.
Revision: 1
Context Parameters: Rule Name
ALG Module Name

2.3.310. failed_create_new_session (ID: 00200701)

Default Severity: ERROR
Log Message: REVERSEPROXY: Failed to create new Reverse Proxy session (out of memory).
Explanation: An attempt to create a new Reverse Proxy session failed, because the unit is out of memory.
Firewall Action: close
Recommended Action: Decrease the maximum allowed Reverse Proxy sessions, or try to free some of the RAM used.
Revision: 1
Context Parameters: Rule Name
ALG Module Name

2.3.311. failed_parsing_HTTP (ID: 00200702)

Default Severity: WARNING
Log Message: REVERSEPROXY: Error while parsing HTTP packet.
Explanation: When attempting to parse an HTTP packet an error was detected.
Firewall Action: close
Recommended Action: Verify that HTTP packets are valid and well formed.
Revision: 1
Context Parameters: Rule Name
ALG Module Name
Connection

2.3.312. failed_parsing_HTTPS (ID: 00200703)

Default Severity: WARNING
Log Message: REVERSEPROXY: Error while parsing HTTPS packet.
Explanation: When attempting to parse an HTTPS packet an error was detected.
Firewall Action: close
Recommended Action: Verify that HTTPS packets are valid and well formed.
Revision: 1
Context Parameters: Rule Name
ALG Module Name
Connection

2.3.313. failed_to_reach_server (ID: 00200704)

Default Severity: WARNING
Log Message: REVERSEPROXY: Could not reach the destination server.
Explanation: While attempting to setup a connection the destination server could not be reached.
Firewall Action: close
Recommended Action: Verify that the destination server is operational and reacheable from the firewall.
Revision: 1
Context Parameters: Rule Name
ALG Module Name
Connection

2.3.314. no_SNI_info (ID: 00200705)

Default Severity: WARNING
Log Message: REVERSEPROXY: No SNI info received or invalid.
Explanation: A Client Hello packet was received but it's missing SNI information or it's invalid.
Firewall Action: close
Recommended Action: Verify that the sender is actually attempting to connect using SNI info.
Revision: 1
Context Parameters: Rule Name
ALG Module Name
Connection

2.3.315. invalid_SSL_handshake (ID: 00200706)

Default Severity: WARNING
Log Message: REVERSEPROXY: Invalid SSL handshake.
Explanation: An attempt on setting a secure connection failed due to invalid SSL handshake data.
Firewall Action: close
Recommended Action: Verify that the SSL handshake data sent by the client is valid.
Revision: 1
Context Parameters: Rule Name
ALG Module Name
Connection

2.3.316. failed_to_connect_https (ID: 00200707)

Default Severity: WARNING
Log Message: REVERSEPROXY: Could not accept HTTPS connection attempt.
Explanation: An HTTPS connection with the client was not possible due to a certificate error (invalid or missing).
Firewall Action: close
Recommended Action: Verify that the certificate in use is valid and exists in the configuration.
Revision: 1
Context Parameters: Rule Name
ALG Module Name
Connection

2.3.317. no_map_for_connection (ID: 00200711)

Default Severity: WARNING
Log Message: REVERSEPROXY: Could not find map for connection.
Explanation: A connection was accepted by the policy, but no map to the destination server was found.
Firewall Action: close
Recommended Action: Verify if the destination server is a valid one and if so, create a map for the scenario.
Revision: 1
Context Parameters: Rule Name
ALG Module Name
Connection

2.3.318. conn_denied_by_map (ID: 00200712)

Default Severity: INFORMATIONAL
Log Message: REVERSEPROXY: Current map is denying the URI connection request.
Explanation: The intended connection attempt contains one URI denied by the policy map.
Firewall Action: close
Recommended Action: Verify that the map is correctly set. Register access attempt for future reference.
Revision: 1
Context Parameters: Rule Name
ALG Module Name
Connection

2.3.319. no_peer_to_connect (ID: 00200713)

Default Severity: WARNING
Log Message: REVERSEPROXY: Failed to establish connection with peer.
Explanation: When attempting a connection the other peer could not be reached.
Firewall Action: close
Recommended Action: Verify network reachability for the intended peer.
Revision: 1
Context Parameters: Rule Name
ALG Module Name
Connection

2.3.320. license_failure (ID: 00200714)

Default Severity: WARNING
Log Message: REVERSEPROXY: No valid Reverse Proxy License exists.
Explanation: A Reverse Proxy Policy triggered but a valid license is missing.
Firewall Action: drop
Recommended Action: The current license doesn't allow Reverse Proxy functionality. A license update is necessary.
Revision: 1
Context Parameters: Rule Name
ALG Module Name
Connection

2.3.321. invalid_session (ID: 00200715)

Default Severity: WARNING
Log Message: REVERSEPROXY: Closing session due to configuration changes (invalid session).
Explanation: The session was closed after a reconfiguration event changed the associated reverse proxy map and/or policy or session limit.
Firewall Action: close
Recommended Action: Verify the changes done to map/policy.
Revision: 1
Context Parameters: Rule Name
ALG Module Name