These log messages refer to the SSLVPN category.
2.46.1. [ID: 1491] Allocated client IP
- Log Categories
- SSLVPN
- Log Message
- Allocated client IP.
- Default Log Severity
- Information
- Parameters
- ip, iface, matchkey
- Explanation
- The connected client was allocated an IP address from the pool.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.46.2. [ID: 1448] Client certificate verification failed
- Log Categories
- SSLVPN
- Log Message
- Client certificate verification failed.
- Default Log Severity
- Notice
- Parameters
- reason, certcn, iface, matchkey
- Explanation
- Verification of the client certificate certcn failed. The specific error is described by reason.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- None
2.46.3. [ID: 1459] Client certificate verification successful
- Log Categories
- SSLVPN
- Log Message
- Client certificate verification successful.
- Default Log Severity
- Information
- Parameters
- certcn, iface, matchkey
- Explanation
- The client certificate was successfully verified.
- Gateway Action
- Accept
- Action Description
- None
- Proposed Action
- None
2.46.4. [ID: 1471] Verification of client options failed
- Log Categories
- SSLVPN
- Log Message
- Verification of client options failed.
- Default Log Severity
- Notice
- Parameters
- reason, iface, matchkey
- Explanation
- The options the client sent during the key exchange did not match the allowed values.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- Reconfigure the client software.
2.46.5. [ID: 1461] Closed TLS session due to unacknowledged[...]
- Log Categories
- SSLVPN
- Log Message
- Closed TLS session due to unacknowledged message.
- Default Log Severity
- Notice
- Parameters
- keyid, iface, matchkey
- Explanation
- After several retries an outbound message was not acknowledged by peer, thus the TLS session was closed. A TLS session for
another Key ID might still be active.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- None
2.46.6. [ID: 1451] Connected SSLVPN client
- Log Categories
- SSLVPN
- Log Message
- Connected SSLVPN client.
- Default Log Severity
- Information
- Parameters
- iface, matchkey
- Explanation
- An client connected to the SSLVPN server.
- Gateway Action
- Accept
- Action Description
- None
- Proposed Action
- None
2.46.7. [ID: 1467] Could not allocate client IP
- Log Categories
- SSLVPN
- Log Message
- Could not allocate client IP.
- Default Log Severity
- Warning
- Parameters
- iface, matchkey
- Explanation
- Allocating an IP address to the client failed. The pool could be depleted.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- Try increasing size of pool.
2.46.8. [ID: 1457] Internal error when decrypting packet
- Log Categories
- SSLVPN
- Log Message
- Internal error when decrypting packet.
- Default Log Severity
- Error
- Parameters
- flow, user, userid
- Explanation
- There was an internal error while decrypting a packet on the data channel.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.46.9. [ID: 1465] Decryption failed for data channel packet
- Log Categories
- SSLVPN
- Log Message
- Decryption failed for data channel packet.
- Default Log Severity
- Notice
- Parameters
- flow, user, userid
- Explanation
- There was an error decrypting a data channel packet.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.46.10. [ID: 1443] Disconnected SSLVPN client
- Log Categories
- SSLVPN
- Log Message
- Disconnected SSLVPN client.
- Default Log Severity
- Information
- Parameters
- iface, matchkey
- Explanation
- A client disconnected from the SSLVPN server.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- None
2.46.11. [ID: 1496] Data packet before negotiated data channel
- Log Categories
- SSLVPN
- Log Message
- Data packet before negotiated data channel.
- Default Log Severity
- Notice
- Parameters
- flow, user, userid
- Explanation
- A client sent a data channel packet before the data channel was negotiated.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.46.12. [ID: 1464] Encryption failed for data channel packet
- Log Categories
- SSLVPN
- Log Message
- Encryption failed for data channel packet.
- Default Log Severity
- Error
- Parameters
- flow, user, userid
- Explanation
- Encryption failed for a packet on the data channel.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.46.13. [ID: 1455] Encrypted packet did not fit packet buffer
- Log Categories
- SSLVPN
- Log Message
- Encrypted packet did not fit packet buffer.
- Default Log Severity
- Error
- Parameters
- flow, user, userid
- Explanation
- After encryption and addition of SSL VPN headers, the packet was too big to fit the packet buffer.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.46.14. [ID: 1482] Failed to send packet to control plane
- Log Categories
- SSLVPN
- Log Message
- Failed to send packet to control plane.
- Default Log Severity
- Notice
- Parameters
- flow, user, userid
- Explanation
- The system failed to forward a control channel packet to the submodule in control plane.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.46.15. [ID: 1486] Failed to set encryption key for packet
- Log Categories
- SSLVPN
- Log Message
- Failed to set encryption key for packet.
- Default Log Severity
- Error
- Parameters
- flow, user, userid
- Explanation
- There was an internal error when setting the key used for encrypting the data channel packet.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.46.16. [ID: 1473] Failed to write encrypted packet
- Log Categories
- SSLVPN
- Log Message
- Failed to write encrypted packet.
- Default Log Severity
- Error
- Parameters
- flow, user, userid
- Explanation
- There was an internal error when writing the encrypted data channel packet to the packet buffer.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.46.17. [ID: 1668] Failed to get server
- Log Categories
- SSLVPN
- Log Message
- Failed to get server.
- Default Log Severity
- Error
- Parameters
- user, profile, crstate, iface, matchkey
- Explanation
- No SSLVPN server session could be found for a client request.
- Gateway Action
- Deny
- Action Description
- None
- Proposed Action
- None
2.46.18. [ID: 1669] Failed to get session
- Log Categories
- SSLVPN
- Log Message
- Failed to get session.
- Default Log Severity
- Error
- Parameters
- user, profile, crstate, iface, matchkey
- Explanation
- No SSLVPN session could be found for a client request.
- Gateway Action
- Deny
- Action Description
- None
- Proposed Action
- None
2.46.19. [ID: 1678] Failed to get user session
- Log Categories
- SSLVPN
- Log Message
- Failed to get user session.
- Default Log Severity
- Error
- Parameters
- user, profile, crstate, iface, matchkey
- Explanation
- No user session could be found for a client request.
- Gateway Action
- Deny
- Action Description
- None
- Proposed Action
- None
2.46.20. [ID: 1463] TLS handshake timed out
- Log Categories
- SSLVPN
- Log Message
- TLS handshake timed out.
- Default Log Severity
- Notice
- Parameters
- keyid, iface, matchkey
- Explanation
- The handshake with the client timed out.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- None
2.46.21. [ID: 1478] Integrity check failed during decryption
- Log Categories
- SSLVPN
- Log Message
- Integrity check failed during decryption.
- Default Log Severity
- Notice
- Parameters
- flow, user, userid
- Explanation
- The integrity check failed when decrypting a packet on the data channel. This might be due to data corruption or due to deliberate
tampering with the packet.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.46.22. [ID: 1472] Maximum number of authenticated SSLVPN[...]
- Log Categories
- SSLVPN
- Log Message
- Maximum number of authenticated SSLVPN sessions allowed by license exceeded.
- Default Log Severity
- Warning
- Parameters
- maxsessions
- Explanation
- Incoming SSLVPN requests exceeded license limitation for maximum number of allowed concurrent SSLVPN sessions.
- Gateway Action
- Deny
- Action Description
- None
- Proposed Action
- Add more hardware devices or extend your license to support more SSLVPN sessions to secure that all incoming SSLVPN requests
can be properly established.
2.46.23. [ID: 1446] Number of authenticated SSLVPN sessions[...]
- Log Categories
- SSLVPN
- Log Message
- Number of authenticated SSLVPN sessions reached 90 percent of max SSLVPN sessions allowed by license.
- Default Log Severity
- Warning
- Parameters
- sessions, maxsessions
- Explanation
- Incoming SSLVPN requests exceeded 90 percent of the allowed number of concurrent SSLVPN sessions (license limitation).
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- Add more hardware devices or extend your license to support more SSLVPN sessions to secure that all incoming SSLVPN requests
can be properly established.
2.46.24. [ID: 1453] Malformed packet on data channel
- Log Categories
- SSLVPN
- Log Message
- Malformed packet on data channel.
- Default Log Severity
- Notice
- Parameters
- flow, user, userid
- Explanation
- The system failed to parse a packet on the data channel.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.46.25. [ID: 1673] Failed to read challenge text from[...]
- Log Categories
- SSLVPN
- Log Message
- Failed to read challenge text from configuration.
- Default Log Severity
- Error
- Parameters
- user, profile, crstate, iface, matchkey
- Explanation
- No challenge text could be found for a client request.
- Gateway Action
- Deny
- Action Description
- None
- Proposed Action
- None
2.46.26. [ID: 1679] Peer did not send client certificate
- Log Categories
- SSLVPN
- Log Message
- Peer did not send client certificate.
- Default Log Severity
- Information
- Parameters
- iface, matchkey
- Explanation
- The peer did not send a client certificate.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- None
2.46.27. [ID: 1674] Failed to find server configuration
- Log Categories
- SSLVPN
- Log Message
- Failed to find server configuration.
- Default Log Severity
- Error
- Parameters
- user, profile, crstate, iface, matchkey
- Explanation
- No SSLVPN server configuration could be found for a client request.
- Gateway Action
- Deny
- Action Description
- None
- Proposed Action
- None
2.46.28. [ID: 1476] Non active key ID on data channel
- Log Categories
- SSLVPN
- Log Message
- Non active key ID on data channel.
- Default Log Severity
- Notice
- Parameters
- keyid, flow, user, userid
- Explanation
- A packet was received on data channel using a key id that had not been negotiated.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.46.29. [ID: 1470] Verification of client peer info failed
- Log Categories
- SSLVPN
- Log Message
- Verification of client peer info failed.
- Default Log Severity
- Notice
- Parameters
- reason, iface, matchkey
- Explanation
- The peer info the client sent during the key exchange did not match the allowed values.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- Reconfigure the client software or upgrade to newer version.
2.46.30. [ID: 1493] Rate limit exceeded
- Log Categories
- SSLVPN
- Log Message
- Rate limit exceeded.
- Default Log Severity
- Warning
- Parameters
- flow, user, userid
- Explanation
- The rate limit of control channel messages was exceeded on the flow.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- Investigate if system is under attack.
2.46.31. [ID: 1469] Released client IP
- Log Categories
- SSLVPN
- Log Message
- Released client IP.
- Default Log Severity
- Information
- Parameters
- ip, iface, matchkey
- Explanation
- The client IP address was released back to the pool.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.46.32. [ID: 1452] Key renegotiation failed
- Log Categories
- SSLVPN
- Log Message
- Key renegotiation failed.
- Default Log Severity
- Notice
- Parameters
- keyid, iface, matchkey
- Explanation
- Key renegotiation for the data channel failed.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- None
2.46.33. [ID: 1475] Key renegotiation successful
- Log Categories
- SSLVPN
- Log Message
- Key renegotiation successful.
- Default Log Severity
- Information
- Parameters
- keyid, iface, matchkey
- Explanation
- Key renegotiation for the data channel was successful.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.46.34. [ID: 1449] Replay check failed on data channel
- Log Categories
- SSLVPN
- Log Message
- Replay check failed on data channel.
- Default Log Severity
- Warning
- Parameters
- keyid, packetid, flow, user, userid
- Explanation
- A packet was dropped due to failed packet replay check. Either the packet was seen before or it is older than the packet replay
window allows.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- Investigate if the session is under attack.
2.46.35. [ID: 1670] Failed to send challenge to client
- Log Categories
- SSLVPN
- Log Message
- Failed to send challenge to client.
- Default Log Severity
- Error
- Parameters
- user, profile, crstate, iface, matchkey
- Explanation
- The system could not forward a challenge request from the authentication source to the SSLVPN client.
- Gateway Action
- Deny
- Action Description
- None
- Proposed Action
- None
2.46.36. [ID: 1677] Failed to send challenge response
- Log Categories
- SSLVPN
- Log Message
- Failed to send challenge response.
- Default Log Severity
- Error
- Parameters
- user, profile, crstate, iface, matchkey
- Explanation
- The system could not forward a challenge response from the SSLVPN client to the authentication source.
- Gateway Action
- Deny
- Action Description
- None
- Proposed Action
- None
2.46.37. [ID: 1489] Server reset from client
- Log Categories
- SSLVPN
- Log Message
- Server reset from client.
- Default Log Severity
- Notice
- Parameters
- flow, user, userid
- Explanation
- A client sent a packet to the service that is only sent from server to client.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.46.38. [ID: 1477] TLS handshake error
- Log Categories
- SSLVPN
- Log Message
- TLS handshake error.
- Default Log Severity
- Notice
- Parameters
- reason, certcn, iface, matchkey
- Explanation
- TLS handshake with the client was aborted due to an error, and the TLS session is closed. The specific error is described
by reason.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- None
2.46.39. [ID: 1497] Too short packet payload
- Log Categories
- SSLVPN
- Log Message
- Too short packet payload.
- Default Log Severity
- Notice
- Parameters
- paylen, flow, user, userid
- Explanation
- A client sent a packet with a too short payload.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.46.40. [ID: 1501] Unacknowledged control channel message
- Log Categories
- SSLVPN
- Log Message
- Unacknowledged control channel message.
- Default Log Severity
- Notice
- Parameters
- packetid, keyid, iface, matchkey
- Explanation
- An outbound message to peer was not acknowledged after several retries, and was thus dropped.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.46.41. [ID: 1488] Received ACK for unknown packet id
- Log Categories
- SSLVPN
- Log Message
- Received ACK for unknown packet id.
- Default Log Severity
- Notice
- Parameters
- packetid, keyid, iface, matchkey
- Explanation
- The peer sent an ACK for a packet ID the system never sent out, or a packet ID that was already acknowledged. The ACK was
ignored.
- Gateway Action
- Discard
- Action Description
- None
- Proposed Action
- None
2.46.42. [ID: 1479] Unknown protocol opcode
- Log Categories
- SSLVPN
- Log Message
- Unknown protocol opcode.
- Default Log Severity
- Notice
- Parameters
- code, flow, user, userid
- Explanation
- A client sent a protocol message containing an unknown opcode.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.46.43. [ID: 1671] Unprintable characters in challenge text
- Log Categories
- SSLVPN
- Log Message
- Unprintable characters in challenge text.
- Default Log Severity
- Warning
- Parameters
- user, profile, crstate, iface, matchkey
- Explanation
- The challenge text for an SSLVPN session contained unprintable characters, which is not allowed.
- Gateway Action
- Deny
- Action Description
- None
- Proposed Action
- Change the challenge text on the authentication source or the overriden value in the local configuration.
2.46.44. [ID: 1454] Unsupported key exchange method v1
- Log Categories
- SSLVPN
- Log Message
- Unsupported key exchange method v1.
- Default Log Severity
- Notice
- Parameters
- flow, user, userid
- Explanation
- A client sent a client reset using key exchange method 1, which is unsupported.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- Upgrade client software to more recent version.
2.46.45. [ID: 1445] User failed to log in to SSLVPN
- Log Categories
- SSLVPN
- Log Message
- User failed to log in to SSLVPN.
- Default Log Severity
- Warning
- Parameters
- user, profile, crstate, iface, matchkey
- Explanation
- The client failed authentication trying to log in.
- Gateway Action
- Deny
- Action Description
- None
- Proposed Action
- None
2.46.46. [ID: 1458] User logged in to SSLVPN
- Log Categories
- SSLVPN
- Log Message
- User logged in to SSLVPN.
- Default Log Severity
- Information
- Parameters
- user, profile, crstate, iface, matchkey
- Explanation
- The client was successfully logged in.
- Gateway Action
- Accept
- Action Description
- None
- Proposed Action
- None
2.46.47. [ID: 1468] User logged out from SSLVPN by authentication[...]
- Log Categories
- SSLVPN
- Log Message
- User logged out from SSLVPN by authentication system.
- Default Log Severity
- Notice
- Parameters
- user, iface, matchkey
- Explanation
- The user connected to the SSLVPN server was logged out through the authentication system, and thus the session was closed.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- None
2.46.48. [ID: 1675] Username not allowed to change
- Log Categories
- SSLVPN
- Log Message
- Username not allowed to change.
- Default Log Severity
- Warning
- Parameters
- user, profile, crstate, iface, matchkey
- Explanation
- The user name for an SSLVPN session changed, which is not allowed.
- Gateway Action
- Deny
- Action Description
- None
- Proposed Action
- Change the configuration of the SSLVPN client to use the same user name throughout the entire session.
cOS Stream 4.00.03 Log Reference Guide
