cOS Stream 3.80.12 Log Reference Guide


Table of Contents

1. Introduction
1.1. Log Message Structure
1.2. Severity levels
2. Log Message Reference
2.1. APPCONTROL
2.1.1. [ID: 1643] Application changed
2.1.2. [ID: 1645] Application identified
2.1.3. [ID: 1021] Application Control license has just expired
2.2. ARP
2.2.1. [ID: 142] Allowed by access rule
2.2.2. [ID: 144] Hardware address changed
2.2.3. [ID: 279] Hardware address change disallowed
2.2.4. [ID: 638] Hardware address change detected
2.2.5. [ID: 123] IP conflict detected
2.2.6. [ID: 653] IP conflict detected
2.2.7. [ID: 534] Illegal ARP sender hardware address
2.2.8. [ID: 622] Out of memory initializing ARP
2.2.9. [ID: 240] Disallowed by access rule
2.2.10. [ID: 269] Mismatching hardware addresses
2.2.11. [ID: 618] Mismatching hardware addresses
2.2.12. [ID: 350] Unable to add ARP entry to cache due to no[...]
2.2.13. [ID: 377] ARP entry lost due to cache limit
2.2.14. [ID: 302] No sender IP
2.2.15. [ID: 626] No sender IP
2.2.16. [ID: 526] ARP resolve timeout
2.2.17. [ID: 106] ARP sender hardware address is broadcast[...]
2.2.18. [ID: 247] ARP sender hardware address is broadcast[...]
2.2.19. [ID: 262] ARP sender hardware address is multicast[...]
2.2.20. [ID: 117] ARP sender hardware address is multicast[...]
2.2.21. [ID: 308] ARP collides with static entry
2.2.22. [ID: 584] Unsolicited ARP reply received
2.2.23. [ID: 540] Unsolicited ARP reply received
2.3. AUTHSYS
2.3.1. [ID: 684] User is already logged in
2.3.2. [ID: 669] Failed to retrieve information from[...]
2.3.3. [ID: 690] Unknown user or invalid password
2.3.4. [ID: 679] Login prevented due to brute force attack[...]
2.3.5. [ID: 793] Invalid Charging characteristics attribute in[...]
2.3.6. [ID: 685] Received an invalid EAP packet
2.3.7. [ID: 774] Maximum number of user sessions for the[...]
2.3.8. [ID: 670] IMSI attribute missing in RADIUS Access-Accept
2.3.9. [ID: 810] MSISDN attribute missing in RADIUS[...]
2.3.10. [ID: 844] EAP type is not allowed by authentication[...]
2.3.11. [ID: 674] Out of memory while authenticating a user
2.3.12. [ID: 688] Denied access according to authentication[...]
2.3.13. [ID: 792] The authentication profile is still in[...]
2.3.14. [ID: 673] Received RADIUS Access-Accept message
2.3.15. [ID: 1666] Received RADIUS Access-Challenge message
2.3.16. [ID: 681] Received RADIUS Access-Reject message
2.3.17. [ID: 812] Challenges are not supported when using XAuth
2.3.18. [ID: 689] Internal RADIUS error
2.3.19. [ID: 665] User logged out due to session timeout
2.3.20. [ID: 809] Authentication source did not respond
2.3.21. [ID: 677] User belongs in too many groups
2.3.22. [ID: 676] User added
2.3.23. [ID: 761] User updated with new IP address
2.3.24. [ID: 760] Invalid user session found
2.3.25. [ID: 672] User logged in
2.3.26. [ID: 667] User logged out
2.3.27. [ID: 759] User updated with new username
2.3.28. [ID: 671] User replaced
2.3.29. [ID: 687] User table is full
2.4. BGP
2.4.1. [ID: 1311] Failed to lookup gateway of BGP route
2.4.2. [ID: 1687] Unable to enable BFD due to unroutable BGP[...]
2.4.3. [ID: 1316] BGP dynrouting event
2.4.4. [ID: 1315] BGP dynrouting event
2.4.5. [ID: 1318] BGP dynrouting event
2.4.6. [ID: 1310] Failed to add BGP route
2.4.7. [ID: 1313] Failed to remove BGP route
2.5. CLI
2.5.1. [ID: 272] Failed adding CLI command data resource
2.5.2. [ID: 443] All CLI commands could not be listed
2.5.3. [ID: 213] Failed allocating memory when starting CLI[...]
2.5.4. [ID: 1118] Attempt to access service command view
2.5.5. [ID: 1101] Service command view access granted
2.5.6. [ID: 1117] Maximum number of service command view access[...]
2.5.7. [ID: 765] Serial console CLI instance started
2.5.8. [ID: 769] Serial console CLI authentication failed
2.5.9. [ID: 767] Serial console CLI authentication succeeded
2.5.10. [ID: 773] Serial console CLI session ended
2.5.11. [ID: 764] Serial console CLI system error
2.5.12. [ID: 332] Resource Manager failed memory allocation[...]
2.5.13. [ID: 483] Resource Manager failed to read information[...]
2.6. CONFIG
2.6.1. [ID: 1071] Certificate created
2.6.2. [ID: 1070] Certificate is now revoked
2.6.3. [ID: 1069] Certificate has been updated
2.6.4. [ID: 512] Activating configuration changes
2.6.5. [ID: 105] Failed to establish bi-directional[...]
2.6.6. [ID: 1048] Configuration commit failed
2.6.7. [ID: 355] New configuration activated
2.6.8. [ID: 532] New configuration committed
2.6.9. [ID: 494] DCOS could not allocate memory when creating[...]
2.6.10. [ID: 216] DCOS could not allocate enough memory to[...]
2.6.11. [ID: 319] DCOS storage could not be initialized
2.6.12. [ID: 1080] An address object is dynamically updated
2.6.13. [ID: 251] Beginning system reconfigure
2.6.14. [ID: 593] Failed to reconfigure system
2.6.15. [ID: 594] Reconfigure completed successfully
2.6.16. [ID: 1408] Reconfigure is triggered by subsystem
2.7. DHCPCLIENT
2.7.1. [ID: 306] Interface has successfully acquired a lease
2.7.2. [ID: 191] Lease for the interface has expired
2.7.3. [ID: 1078] Lease for the interface was successfully[...]
2.7.4. [ID: 472] No DHCP offers were received by the DHCP[...]
2.7.5. [ID: 287] No valid DHCP offers were received
2.7.6. [ID: 1094] Interface received a lease where the offered[...]
2.7.7. [ID: 395] The lease was rejected by an address filter
2.7.8. [ID: 522] The lease was rejected by a server filter
2.7.9. [ID: 559] Interface received a lease which will cause[...]
2.7.10. [ID: 274] Interface received a lease with an offered IP[...]
2.7.11. [ID: 230] Interface received a lease with an invalid[...]
2.7.12. [ID: 435] Interface received a lease with an invalid[...]
2.7.13. [ID: 223] Interface received a lease with an invalid IP[...]
2.7.14. [ID: 325] Interface received a lease with an invalid[...]
2.7.15. [ID: 499] Interface received a lease with an invalid[...]
2.7.16. [ID: 481] The requested lease was rejected by the server
2.7.17. [ID: 222] Interface received a lease which will cause a[...]
2.7.18. [ID: 324] Too many DHCP offers received
2.8. DHCPSERVER
2.8.1. [ID: 1394] Invalid DHCP packet received
2.8.2. [ID: 892] All pools are depleted
2.8.3. [ID: 907] Blacklist item timed out
2.8.4. [ID: 888] Client accepted and bounded with IP
2.8.5. [ID: 884] Client renewed IP
2.8.6. [ID: 906] DHCP Server error
2.8.7. [ID: 905] Got decline for ip on wrong interface so[...]
2.8.8. [ID: 882] Client declined non offered IP
2.8.9. [ID: 898] Server identifier not specified in incoming[...]
2.8.10. [ID: 881] Server identifier in Decline message does not[...]
2.8.11. [ID: 886] Client declined IP
2.8.12. [ID: 883] Received DHCP packet is smaller than the[...]
2.8.13. [ID: 903] Got INFORM request from client
2.8.14. [ID: 1398] Received packet with invalid DHCP cookie
2.8.15. [ID: 921] Unable to load the lease database
2.8.16. [ID: 922] Lease database was successfully loaded
2.8.17. [ID: 924] Unable to auto save the lease database to disk
2.8.18. [ID: 923] Lease database was successfully auto saved to[...]
2.8.19. [ID: 896] Lease timed out
2.8.20. [ID: 889] Offer timed out
2.8.21. [ID: 887] The option section is too big
2.8.22. [ID: 948] All IPs in the pool are in use now
2.8.23. [ID: 890] All IPs in the pool are in use
2.8.24. [ID: 885] Got release for IP on wrong interface
2.8.25. [ID: 1043] The IP address the client tried to release is[...]
2.8.26. [ID: 1042] The IP address the client tried to release is[...]
2.8.27. [ID: 900] Client released IP
2.8.28. [ID: 901] Received a request from bounded client for[...]
2.8.29. [ID: 895] Received a request from bounded client for IP[...]
2.8.30. [ID: 899] Received a request from not-bounded client[...]
2.8.31. [ID: 904] Received a request from not-bounded client[...]
2.8.32. [ID: 891] Client requested non bound IP
2.8.33. [ID: 893] Client requested non offered IP
2.8.34. [ID: 894] Received request with bad UDP checksum
2.8.35. [ID: 902] Sending IP offer for received DISCOVER
2.8.36. [ID: 897] Failed to get buffer for sending
2.8.37. [ID: 919] The matching rule does not have useful lease[...]
2.8.38. [ID: 1399] Received DHCP option without message type
2.8.39. [ID: 920] The matching rule does not have useful lease[...]
2.8.40. [ID: 1392] Received DHCP message with unknown type
2.9. DNSALG
2.9.1. [ID: 1303] Failed to create new session
2.9.2. [ID: 1307] Flow failed
2.9.3. [ID: 1306] DNS packet rejected
2.9.4. [ID: 1308] Session closed
2.9.5. [ID: 1304] Session opened
2.9.6. [ID: 1302] Transaction closed
2.9.7. [ID: 1305] Transaction opened
2.10. DYNROUTE
2.10.1. [ID: 1319] Dynrouting message
2.10.2. [ID: 1312] Route lookup for dynrouting peer failed
2.11. ETHERNET
2.11.1. [ID: 357] Broadcast Ethernet source
2.11.2. [ID: 613] Broadcast Ethernet source
2.11.3. [ID: 615] Multicast Ethernet source
2.11.4. [ID: 428] Multicast Ethernet source
2.11.5. [ID: 132] Not for me
2.11.6. [ID: 327] Null Ethernet source
2.11.7. [ID: 537] Unicast MAC with broadcast IP
2.11.8. [ID: 490] Unicast MAC with broadcast IP
2.11.9. [ID: 229] Unicast MAC with multicast IP
2.11.10. [ID: 104] Unicast MAC with multicast IP
2.11.11. [ID: 548] Non matching IP and MAC multicast
2.11.12. [ID: 340] Non matching IP and MAC multicast
2.11.13. [ID: 627] Multicast MAC with unicast IP
2.11.14. [ID: 423] Multicast MAC with unicast IP
2.11.15. [ID: 1665] IPv6 broadcast packet
2.11.16. [ID: 219] Unicast MAC with multicast IP
2.11.17. [ID: 362] Unicast MAC with multicast IP
2.11.18. [ID: 192] Non matching IP and MAC multicast
2.11.19. [ID: 438] Non matching IP and MAC multicast
2.11.20. [ID: 595] Multicast MAC with unicast IP
2.11.21. [ID: 397] Multicast MAC with unicast IP
2.12. FLOW
2.12.1. [ID: 788] Flow HA sync failed due to ruleset lookup[...]
2.12.2. [ID: 333] The flow cannot be updated to comply with[...]
2.12.3. [ID: 1007] Flow closed by application control
2.12.4. [ID: 1127] Flow closed by an ALG
2.12.5. [ID: 460] Flow closed by admin
2.12.6. [ID: 1644] Flow closed by module
2.12.7. [ID: 341] Flow closed due to random replacement
2.12.8. [ID: 379] Flow closed due to timeout
2.12.9. [ID: 367] Flow closed due to reopen
2.12.10. [ID: 111] The matching flow cannot be used for the[...]
2.12.11. [ID: 500] Out of memory during flow maintenance
2.12.12. [ID: 400] Flow maintenance failed
2.12.13. [ID: 300] There is no flow for the packet anymore
2.12.14. [ID: 224] Packet not allowed to trigger maintenance of[...]
2.12.15. [ID: 424] The flow is not allowed anymore
2.12.16. [ID: 1062] Not security equivalent after route change
2.12.17. [ID: 372] Flow opened
2.12.18. [ID: 1014] Flow opened stateless
2.12.19. [ID: 1390] Out of memory when attempting to allocate[...]
2.12.20. [ID: 543] Reject flow opened
2.12.21. [ID: 1646] Failed to reopen flow
2.12.22. [ID: 122] Flow reopened
2.12.23. [ID: 790] Failed to setup flow due to ruleset lookup[...]
2.12.24. [ID: 521] Flow maintenance failed
2.12.25. [ID: 1314] Packet MD5 digest did not match packet data
2.12.26. [ID: 1320] Failed to insert MD5 digest to packet
2.12.27. [ID: 1317] Packet did not contain md5 digest
2.12.28. [ID: 1309] Packet is too small to contain MD5 digest
2.12.29. [ID: 1056] Same pipe used twice in same flow
2.12.30. [ID: 1389] Not enough ICMP data for protocol translation
2.12.31. [ID: 1397] Protocol translation was not applicable
2.12.32. [ID: 1391] Unsupported media header in protocol[...]
2.12.33. [ID: 1388] Unsupported transport header in protocol[...]
2.13. FQDN
2.13.1. [ID: 1400] Added FQDN IP to netobject
2.13.2. [ID: 1413] All IP addresses expired for FQDN in netobject
2.13.3. [ID: 1422] Could not resolve FQDN for netobject
2.13.4. [ID: 1423] IP expired from netobject
2.14. FRAG
2.14.1. [ID: 505] Fragment with invalid offset
2.14.2. [ID: 617] The fragment has an invalid IP data length
2.14.3. [ID: 495] Dropping stored fragments of disallowed packet
2.14.4. [ID: 389] Dropping duplicate fragment
2.14.5. [ID: 174] Duplicate fragment with different data[...]
2.14.6. [ID: 525] Duplicate fragment with different length[...]
2.14.7. [ID: 343] Dropping duplicate fragment of suspect packet
2.14.8. [ID: 528] Dropping extraneous fragments of completed[...]
2.14.9. [ID: 473] Fragment offset plus length not in range
2.14.10. [ID: 171] Dropping extraneous fragment of completed[...]
2.14.11. [ID: 100] Dropping fragment of disallowed packet
2.14.12. [ID: 383] Dropping fragment of disallowed suspect packet
2.14.13. [ID: 582] Dropping fragment of failed packet
2.14.14. [ID: 248] Dropping fragment of failed suspect packet
2.14.15. [ID: 336] Dropping fragment of illegal packet
2.14.16. [ID: 203] Fragmented ICMP error
2.14.17. [ID: 577] Fragments partially overlap
2.14.18. [ID: 570] Dropping fragments of illegal packet
2.14.19. [ID: 380] Fragment offset plus length is greater than[...]
2.14.20. [ID: 265] Out of reassembly resources
2.14.21. [ID: 414] Out of reassembly resources for suspect packet
2.14.22. [ID: 159] Fragment overlapping next fragment offset
2.14.23. [ID: 516] Dropping stored fragments of disallowed[...]
2.14.24. [ID: 289] Time out reassembling
2.14.25. [ID: 326] Time out reassembling suspect
2.14.26. [ID: 126] Fragmented ICMP error
2.15. FTPALG
2.15.1. [ID: 1146] CLNT command not allowed
2.15.2. [ID: 1163] Command rate limit exceeded on session
2.15.3. [ID: 1144] Data channel traffic direction restricted
2.15.4. [ID: 1116] Disallowed client IP
2.15.5. [ID: 1096] Client port outside configured range
2.15.6. [ID: 1149] Disallowed MODE argument
2.15.7. [ID: 1103] Disallowed OPTS argument
2.15.8. [ID: 1154] Mismatched data channel IP protocol
2.15.9. [ID: 1125] Disallowed server IP
2.15.10. [ID: 1104] Server port outside configured range
2.15.11. [ID: 1145] Command is illegal since EPSV ALL is in effect
2.15.12. [ID: 1095] Failed setting up data channel rule from[...]
2.15.13. [ID: 1108] Failed setting up data channel rule from[...]
2.15.14. [ID: 1135] Failed parsing EPRT command
2.15.15. [ID: 1157] Failed parsing EPSV command
2.15.16. [ID: 1132] Failed parsing EPSV response
2.15.17. [ID: 1143] Failed parsing PASV response
2.15.18. [ID: 1124] Failed parsing PORT command
2.15.19. [ID: 1086] Failed to create new session
2.15.20. [ID: 1100] Control channel failed
2.15.21. [ID: 1113] Illegal command received
2.15.22. [ID: 1110] Illegal multiline response from server
2.15.23. [ID: 1089] Illegal numeric reply from server
2.15.24. [ID: 1112] Invalid command from client
2.15.25. [ID: 1156] Invalid MODE argument
2.15.26. [ID: 1092] Invalid OPTS argument
2.15.27. [ID: 1102] Maximum line length exceeded
2.15.28. [ID: 1161] No data channel setup yet
2.15.29. [ID: 1140] Data channel dynamic PREPBR rule added
2.15.30. [ID: 1148] Data channel dynamic PREPBR rule removed
2.15.31. [ID: 1093] Invalid command from client
2.15.32. [ID: 1097] Data channel dynamic rule added
2.15.33. [ID: 1099] Data channel dynamic rule removed
2.15.34. [ID: 1119] Session closed
2.15.35. [ID: 1105] Session opened
2.15.36. [ID: 1153] SITE EXEC not allowed
2.15.37. [ID: 1114] Unexpected telnet control chars from client
2.15.38. [ID: 1106] Unexpected telnet control chars from server
2.15.39. [ID: 1090] Unknown command received
2.15.40. [ID: 1321] Unknown FEAT response from server
2.15.41. [ID: 1111] Unknown OPTS argument
2.15.42. [ID: 1131] Unsolicited extended passive mode response[...]
2.15.43. [ID: 1122] Unsolicited passive mode response from server
2.15.44. [ID: 1137] Unsupported encryption FEAT response from[...]
2.15.45. [ID: 1162] Unsupported encryption command rejected
2.15.46. [ID: 1155] Data in wrong direction on data channel
2.16. GRE
2.16.1. [ID: 1650] GRE packet without any payload after GRE[...]
2.16.2. [ID: 1651] Mismatch between the GRE payload protocol[...]
2.16.3. [ID: 1649] Failed to reassemble fragmented GRE packet
2.16.4. [ID: 1647] Unsupported GRE flags
2.16.5. [ID: 1652] Unsupported GRE payload protocol type
2.16.6. [ID: 1648] Unsupported GRE version
2.17. GTP
2.17.1. [ID: 971] Failed to activate PDP context
2.17.2. [ID: 776] Active PDP context negotiation
2.17.3. [ID: 757] Failed to allocate message
2.17.4. [ID: 717] Bad GTP header length
2.17.5. [ID: 950] Failed to connect to GGSN
2.17.6. [ID: 960] Connection closed
2.17.7. [ID: 964] Connection established
2.17.8. [ID: 710] Failed to establish connection
2.17.9. [ID: 957] Invalid connection action
2.17.10. [ID: 969] Failed to create lookup for APN
2.17.11. [ID: 697] DNS resolve failed
2.17.12. [ID: 721] DNS resolve successful
2.17.13. [ID: 926] Populating recovery file failed
2.17.14. [ID: 983] Failed to find MM context
2.17.15. [ID: 975] Found dangling PDP context in GGSN
2.17.16. [ID: 708] GGSN restarted
2.17.17. [ID: 976] All GGSNs for APN unreachable
2.17.18. [ID: 754] Failed to register GTP-U session
2.17.19. [ID: 970] Incorrect packet header type
2.17.20. [ID: 967] Incorrect GTP packet version
2.17.21. [ID: 783] Invalid length in information element
2.17.22. [ID: 705] Invalid mandatory information element
2.17.23. [ID: 965] Invalid optional information element
2.17.24. [ID: 949] Packet with invalid header
2.17.25. [ID: 953] Packet with invalid length
2.17.26. [ID: 956] Invalid TEID
2.17.27. [ID: 981] Lingering MM context with no PDP context
2.17.28. [ID: 977] Could not create MM context
2.17.29. [ID: 748] Maximum number of tunnels reached
2.17.30. [ID: 726] Missing mandatory information element
2.17.31. [ID: 973] Missing PDP context for reponse
2.17.32. [ID: 958] Failed open connection
2.17.33. [ID: 779] Out of bounds information element
2.17.34. [ID: 784] Out of sequence information element
2.17.35. [ID: 980] Could not create PDP context
2.17.36. [ID: 963] Packet with extension headers
2.17.37. [ID: 962] Packet with unknown extension header
2.17.38. [ID: 740] Path check failed
2.17.39. [ID: 979] Received message
2.17.40. [ID: 972] Received not supported message
2.17.41. [ID: 945] Received User Plane packet for non-existent[...]
2.17.42. [ID: 944] Failed to register PDP context from User Plane
2.17.43. [ID: 930] Failed to register PDP context
2.17.44. [ID: 939] Failed to register GTP User Plane session
2.17.45. [ID: 982] Removing connection
2.17.46. [ID: 936] Removing invalid request
2.17.47. [ID: 961] Failed to remove all previous User Plane GTP[...]
2.17.48. [ID: 955] Failed re-open connection
2.17.49. [ID: 951] Request was rejected
2.17.50. [ID: 932] Request response mismatch
2.17.51. [ID: 694] IE TEID in create PDP context message is[...]
2.17.52. [ID: 978] Query resolve APN
2.17.53. [ID: 966] Route lookup failed
2.17.54. [ID: 959] Failed to send message
2.17.55. [ID: 952] Failed sending packet to GGSN
2.17.56. [ID: 937] Sending to GGSN
2.17.57. [ID: 943] Send Control Plane packet to User Plane failed
2.17.58. [ID: 777] GTP statefile read error
2.17.59. [ID: 941] GTP statefile read success
2.17.60. [ID: 762] GTP statefile write error
2.17.61. [ID: 934] GTP statefile write success
2.17.62. [ID: 749] GTP tunnel deleted by GGSN
2.17.63. [ID: 747] GTP tunnel deleted by the stitched interface
2.17.64. [ID: 756] GTP tunnel deleted due to being invalid
2.17.65. [ID: 716] GTP tunnel established
2.17.66. [ID: 723] Unexpected GTP message type
2.17.67. [ID: 1593] Unexpected signaling message
2.17.68. [ID: 968] Control Plane unknown PDP context
2.17.69. [ID: 940] Control Plane unknown PDP context
2.17.70. [ID: 974] Unknown GTP version
2.17.71. [ID: 712] Unknown information element
2.17.72. [ID: 695] Unknown GTP tunnel endpoint identifier
2.17.73. [ID: 929] Unknown User Plane action
2.17.74. [ID: 927] Unknown User Plane action
2.17.75. [ID: 709] Unknown GTP version
2.17.76. [ID: 942] Failed to remove PDP context from User Plane
2.17.77. [ID: 938] Failed to unregister PDP context from User[...]
2.17.78. [ID: 933] Failed to remove User Plane GTP session
2.17.79. [ID: 778] Version not supported by GGSN
2.17.80. [ID: 780] Version not supported by TTG
2.18. GTPINSPECTION
2.18.1. [ID: 1519] GTP-U bearer creation completely rejected by[...]
2.18.2. [ID: 1536] GTP-U bearer creation rejected by endpoint
2.18.3. [ID: 1528] GTP-U bearer deletion completely rejected by[...]
2.18.4. [ID: 1512] GTP-U bearer deletion rejected by endpoint
2.18.5. [ID: 1522] GTP-U bearer modification completely rejected[...]
2.18.6. [ID: 1534] GTP-U bearer modification rejected by endpoint
2.18.7. [ID: 1521] G-PDU dropped due to empty T-PDU
2.18.8. [ID: 1538] Flow closed
2.18.9. [ID: 1524] Flow failed
2.18.10. [ID: 1523] Flow opened
2.18.11. [ID: 1567] Bearer ID does not exist
2.18.12. [ID: 1624] Bearer ID does not exist
2.18.13. [ID: 1561] Bearer lacks F-TEID
2.18.14. [ID: 1598] Bearer lacks F-TEID
2.18.15. [ID: 1565] TEID of bearer should not be zero
2.18.16. [ID: 1632] TEID of bearer should not be zero
2.18.17. [ID: 1564] Could not add proposed GTP-U bearer
2.18.18. [ID: 1634] Could not add proposed GTP-U bearer
2.18.19. [ID: 1573] Could not delete GTP-U bearer
2.18.20. [ID: 1600] Could not delete GTP-U bearer
2.18.21. [ID: 1559] Could not finalize GTP-U bearer
2.18.22. [ID: 1614] Could not finalize GTP-U bearer
2.18.23. [ID: 1552] Could not set proposed values on GTP-U bearer
2.18.24. [ID: 1606] Could not set proposed values on GTP-U bearer
2.18.25. [ID: 1585] Disallowed GTP version
2.18.26. [ID: 1566] Duplicate Bearer ID
2.18.27. [ID: 1616] Duplicate Bearer ID
2.18.28. [ID: 1587] Zero size extension header
2.18.29. [ID: 1580] Failed to read IE
2.18.30. [ID: 1602] Failed to read IE
2.18.31. [ID: 1562] Incorrect optional IEs
2.18.32. [ID: 1628] Incorrect optional IEs
2.18.33. [ID: 1636] Invalid Bearer ID
2.18.34. [ID: 1635] Invalid Bearer ID
2.18.35. [ID: 1584] Invalid extension header content
2.18.36. [ID: 1568] Invalid mandatory IE
2.18.37. [ID: 1612] Invalid mandatory IE
2.18.38. [ID: 1558] Invalid optional IE
2.18.39. [ID: 1604] Invalid optional IE
2.18.40. [ID: 1578] GTP-C sender IP is invalid
2.18.41. [ID: 1607] GTP-C sender IP is invalid
2.18.42. [ID: 1621] Main message blocked due to invalid piggyback
2.18.43. [ID: 1583] Message in wrong direction
2.18.44. [ID: 1597] Message in wrong direction
2.18.45. [ID: 1574] Message too short
2.18.46. [ID: 1625] Message too short
2.18.47. [ID: 1575] Missing Conditionally Present IE
2.18.48. [ID: 1618] Missing Conditionally Present IE
2.18.49. [ID: 1563] Missing mandatorily present IE
2.18.50. [ID: 1603] Missing mandatorily present IE
2.18.51. [ID: 1572] Needs both GTP-U IP and TEID
2.18.52. [ID: 1622] Needs both GTP-U IP and TEID
2.18.53. [ID: 1553] Did not find outstanding request for response[...]
2.18.54. [ID: 1601] Did not find outstanding request for response[...]
2.18.55. [ID: 1613] Unknown message type
2.18.56. [ID: 1555] Unknown message type
2.18.57. [ID: 1615] Unknown message type
2.18.58. [ID: 1570] Unsupported GTP version
2.18.59. [ID: 1586] Out of sequence IE
2.18.60. [ID: 1633] Out of sequence IE
2.18.61. [ID: 1551] Repeated IEs
2.18.62. [ID: 1623] Repeated IEs
2.18.63. [ID: 1533] GTP-C session created
2.18.64. [ID: 1532] GTP-C session deleted
2.18.65. [ID: 1638] TEID of session should not be zero
2.18.66. [ID: 1637] TEID of session should not be zero
2.18.67. [ID: 1527] GTP-C session updated
2.18.68. [ID: 1549] Message header should have sequence number
2.18.69. [ID: 1577] Message header should have TEID
2.18.70. [ID: 1608] Message header should have TEID
2.18.71. [ID: 1554] Message header should not have TEID
2.18.72. [ID: 1605] Message header should not have TEID
2.18.73. [ID: 1560] Too many bearers
2.18.74. [ID: 1599] Too many bearers
2.18.75. [ID: 1579] Too many piggy back messages
2.18.76. [ID: 1629] Too many piggy back messages
2.18.77. [ID: 1576] Too many sessions
2.18.78. [ID: 1591] Too many sessions per IP
2.18.79. [ID: 1620] Too many sessions per IP
2.18.80. [ID: 1619] Too many sessions
2.18.81. [ID: 1617] Unexpected IE
2.18.82. [ID: 1571] Unexpected IE
2.18.83. [ID: 1626] Unexpected IE
2.18.84. [ID: 1556] Unexpected GTP signaling message
2.18.85. [ID: 1630] Unexpected GTP signaling message
2.18.86. [ID: 1627] Unknown IE
2.18.87. [ID: 1581] Unknown IE
2.18.88. [ID: 1610] Unknown IE
2.18.89. [ID: 1582] Unknown GTP signaling message
2.18.90. [ID: 1611] Unknown GTP signaling message
2.18.91. [ID: 1550] Wrong packet version of piggy back message
2.18.92. [ID: 1631] Wrong packet version of piggy back message
2.18.93. [ID: 1588] GTP-U bearer created
2.18.94. [ID: 1589] GTP-U bearer deleted
2.18.95. [ID: 1537] GTP-U bearer modified
2.18.96. [ID: 1518] Message received after GTP-U End Marker
2.18.97. [ID: 1511] Failed to validate GTP-U message
2.18.98. [ID: 1641] Missing mandatorily present IE
2.18.99. [ID: 1546] GTP-U message should have sequence number
2.18.100. [ID: 1642] Out of sequence IE
2.18.101. [ID: 1595] Repeated GTP-U IEs
2.18.102. [ID: 1539] GTP traffic inside a GTP tunnel detected
2.18.103. [ID: 1513] GTP traffic inside a GTP tunnel detected
2.18.104. [ID: 1545] Message is dropped due to internal error
2.18.105. [ID: 1540] Invalid GTP header
2.18.106. [ID: 1514] Invalid Recovery IE value
2.18.107. [ID: 1526] Invalid GTP-U message type
2.18.108. [ID: 1529] Invalid GTP-U message type
2.18.109. [ID: 1520] Invalid GTP version
2.18.110. [ID: 1542] No matching GTP-U bearer
2.18.111. [ID: 1531] GTP packet dropped
2.18.112. [ID: 1609] GTP packet dropped
2.18.113. [ID: 1547] GTP packet notice
2.18.114. [ID: 1517] GTP-C session update rejected by endpoint
2.18.115. [ID: 1515] GTP-C session creation rejected by endpoint
2.18.116. [ID: 1541] GTP-C session deletion rejected by endpoint
2.18.117. [ID: 1530] GTP-C session update rejected by endpoint
2.18.118. [ID: 1590] Unexpected GTP-U IE type
2.18.119. [ID: 1596] Unexpected GTP-U IE type
2.18.120. [ID: 1594] Unknown GTP-U IE type
2.18.121. [ID: 1592] Unknown GTP-U IE type
2.19. HA
2.19.1. [ID: 259] HA sync message reassembly failed
2.19.2. [ID: 398] HA sync message reassembly failed due to lack[...]
2.19.3. [ID: 597] HA sync message reassembly failed due to[...]
2.19.4. [ID: 364] Received invalid HA sync message fragment
2.19.5. [ID: 609] Received unexpected HA sync message fragment
2.19.6. [ID: 1044] Active-active scenario detected
2.19.7. [ID: 1047] Active-active scenario detected
2.19.8. [ID: 1049] Config in sync
2.19.9. [ID: 1051] Config not in sync
2.19.10. [ID: 580] Failed to establish sync connection
2.19.11. [ID: 546] Failure indication cleared
2.19.12. [ID: 605] Scheduling HA initiated system restart
2.19.13. [ID: 281] Failure indication set
2.19.14. [ID: 237] Going HA ACTIVE since HA peer is dead
2.19.15. [ID: 317] Going HA ACTIVE since outranking peer
2.19.16. [ID: 275] Going HA ACTIVE due to user request
2.19.17. [ID: 130] Going HA INACTIVE due to being outranked by[...]
2.19.18. [ID: 146] Going HA INACTIVE due to user request
2.19.19. [ID: 663] HA bidir heart-beat communication over[...]
2.19.20. [ID: 177] HA interface offline
2.19.21. [ID: 475] HA interface online
2.19.22. [ID: 1046] Inactive-inactive situation detected
2.19.23. [ID: 1045] Inactive-inactive situation detected
2.19.24. [ID: 629] Scheduling HA initiated system restart to[...]
2.19.25. [ID: 1509] No matching HA interface id found during HA[...]
2.19.26. [ID: 378] HA peer offline
2.19.27. [ID: 403] HA peer have an incompatible HA version
2.19.28. [ID: 1510] Invalid peer MAC received during HA Peer MAC[...]
2.19.29. [ID: 1507] HA Peer MAC learning successful
2.19.30. [ID: 1508] HA Peer MAC learning incomplete
2.19.31. [ID: 114] HA peer online
2.19.32. [ID: 630] Dataplane shutting down
2.19.33. [ID: 808] Main resynchronization aborted
2.19.34. [ID: 323] Main resynchronization done
2.19.35. [ID: 285] Commencing main resynchronization
2.19.36. [ID: 206] Sync connection established
2.19.37. [ID: 436] Sync connection failed
2.19.38. [ID: 1425] System versions not equal
2.19.39. [ID: 636] All flows closed due to HA activation or[...]
2.20. HWMON
2.20.1. [ID: 1081] Sensor value above monitor threshold
2.20.2. [ID: 1079] Sensor value below monitor threshold
2.20.3. [ID: 1082] Sensor returned to normal
2.21. ICMP
2.21.1. [ID: 204] Bad ICMP message checksum
2.21.2. [ID: 387] Bad ICMP message checksum
2.21.3. [ID: 365] ICMP error with embedded trailer
2.21.4. [ID: 328] Length of embedded header in ICMP error is[...]
2.21.5. [ID: 450] ICMP error with incompatible IP version
2.21.6. [ID: 134] ICMP error with incompatible IP version
2.21.7. [ID: 600] ICMP error to fragment
2.21.8. [ID: 296] Truncated embedded IP header in ICMPv4
2.21.9. [ID: 476] Dropped ICMP error message
2.21.10. [ID: 221] ICMP error to ICMP error
2.21.11. [ID: 376] Data in request differs from last request
2.21.12. [ID: 286] Data in request differs from last request
2.21.13. [ID: 426] Invalid ICMP type
2.21.14. [ID: 496] Mismatching ICMP reply data
2.21.15. [ID: 555] Mismatching ICMP reply data
2.21.16. [ID: 1504] ICMP error response to multicast
2.21.17. [ID: 1503] ICMP error response to multicast
2.21.18. [ID: 301] Sequence number in reply is outside expected[...]
2.21.19. [ID: 273] Sequence number in reply is outside expected[...]
2.21.20. [ID: 288] Problem pointer outside of data
2.21.21. [ID: 507] Problem pointer outside of data
2.21.22. [ID: 612] Header length parameter problem
2.21.23. [ID: 164] IP header version parameter problem
2.21.24. [ID: 807] Failed to allocate reassembly buffer
2.21.25. [ID: 805] Reassembled packet exceeds allowed size
2.21.26. [ID: 806] Failed to reassemble packet
2.21.27. [ID: 533] Received ICMP error message
2.21.28. [ID: 553] Sequence number in reply is above expected[...]
2.21.29. [ID: 422] Sequence number in reply is above expected[...]
2.21.30. [ID: 513] Sequence number in request is decreasing
2.21.31. [ID: 143] Sequence number in request is decreasing
2.21.32. [ID: 232] Truncated ICMPv4 payload
2.21.33. [ID: 497] Truncated ICMPv6 payload
2.21.34. [ID: 536] ICMP error with truncated payload
2.22. IFACE
2.22.1. [ID: 795] Ethernet interface is blocked
2.22.2. [ID: 662] Ethernet interface is flooded
2.22.3. [ID: 661] Ethernet interface is still flooded
2.22.4. [ID: 1054] Ethernet link down
2.22.5. [ID: 1055] Ethernet link up
2.23. IKE
2.23.1. [ID: 1061] Half open IKE SA limit exceeded
2.23.2. [ID: 813] IKE Max SA Warning
2.23.3. [ID: 642] IKE negotiation failed
2.23.4. [ID: 419] Failed to establish IKE SA
2.23.5. [ID: 530] Successfully established IKE SA
2.23.6. [ID: 590] Successfully deleted IKE SA
2.23.7. [ID: 161] Failed to rekey IKE SA
2.23.8. [ID: 616] Successfully rekeyed IKE SA
2.23.9. [ID: 556] Failed to create IPsec SA
2.23.10. [ID: 155] Successfully created IPsec SA
2.23.11. [ID: 183] Successfully deleted IPsec SA
2.23.12. [ID: 172] Failed to rekey IPsec SA
2.23.13. [ID: 628] Successfully rekeyed IPsec SA
2.23.14. [ID: 1060] Job limit exceeded
2.23.15. [ID: 803] Peer is dead
2.23.16. [ID: 1059] Peer too aggressive
2.23.17. [ID: 1655] Failed to re-initialize dynamic rules
2.23.18. [ID: 1664] Failed to re-insert IKE rule
2.23.19. [ID: 770] IKE thread watchdog triggered
2.23.20. [ID: 737] User logged out
2.24. IPPOOL
2.24.1. [ID: 909] Pool has reached the maximum allowed number[...]
2.24.2. [ID: 915] No offers received
2.24.3. [ID: 917] Received Offer not valid
2.24.4. [ID: 916] Request received from Subsystem
2.24.5. [ID: 918] Client Bound
2.24.6. [ID: 911] Handed address no longer available
2.24.7. [ID: 914] Address is returned back to IPPool system
2.24.8. [ID: 908] The lease is rejected as it already exists in[...]
2.24.9. [ID: 910] Pool has run out of prefetch
2.24.10. [ID: 913] Request to acquire an address from the IPPool[...]
2.24.11. [ID: 1077] Request to acquire an address is pending
2.24.12. [ID: 912] Acquired address
2.25. IPS
2.25.1. [ID: 1403] Threat detected based on custom signature
2.25.2. [ID: 1415] Threat prevented based on custom signature
2.25.3. [ID: 1405] Failed to scan data
2.25.4. [ID: 1406] Failed to scan data
2.25.5. [ID: 1420] Failed to read current signature files
2.25.6. [ID: 1418] Failed to read new signature files
2.25.7. [ID: 1402] Failed to parse HTTP URL
2.25.8. [ID: 1424] Failed to parse HTTP URL
2.25.9. [ID: 1407] IPS license is going to expire
2.25.10. [ID: 1426] IPS license has expired
2.25.11. [ID: 1414] Max signatures match limit exceeded
2.25.12. [ID: 1401] Max signatures match limit exceeded
2.25.13. [ID: 1419] No signature loaded
2.25.14. [ID: 1421] IPS Notice
2.25.15. [ID: 1417] IPS Notice
2.25.16. [ID: 1412] Failed to scan data
2.25.17. [ID: 1410] Failed to scan data
2.25.18. [ID: 1409] Scan detected
2.25.19. [ID: 1411] Scan detected
2.25.20. [ID: 1404] Threat detected
2.25.21. [ID: 1427] Threat prevented
2.26. IPSEC
2.26.1. [ID: 278] Anti-replay check failed
2.26.2. [ID: 606] Bad ciphertext length
2.26.3. [ID: 254] Bad IP version
2.26.4. [ID: 464] Bad next header
2.26.5. [ID: 604] Bad padding
2.26.6. [ID: 282] Decryption failed
2.26.7. [ID: 768] ECN codepoint mismatch
2.26.8. [ID: 766] ECN codepoint mismatch
2.26.9. [ID: 572] Encryption failed
2.26.10. [ID: 1057] Failed to generate IV
2.26.11. [ID: 611] Integrity check failed
2.26.12. [ID: 413] Failed to allocate reassembly buffer
2.26.13. [ID: 133] Reassembled packet exceeds allowed size
2.26.14. [ID: 487] Failed to reassemble packet
2.26.15. [ID: 579] Failed to resize buffer
2.26.16. [ID: 264] Packet too small
2.26.17. [ID: 135] Payload too small
2.26.18. [ID: 632] Low memory initializing SAD
2.26.19. [ID: 633] Out of memory initializing SAD
2.26.20. [ID: 339] Sequence number overflow
2.27. IPV4
2.27.1. [ID: 466] Invalid IP header checksum
2.27.2. [ID: 518] Invalid header length
2.27.3. [ID: 166] Bad IP version
2.27.4. [ID: 136] Non-zero IP Reserved Field
2.27.5. [ID: 568] Non-zero IP Reserved Field
2.27.6. [ID: 228] Non-zero IP Reserved Field
2.27.7. [ID: 140] Option too large for option space
2.27.8. [ID: 141] Invalid option length
2.27.9. [ID: 509] Received unknown IP option
2.27.10. [ID: 587] Received unknown IP option
2.27.11. [ID: 331] IP data is larger than the maximum allowed[...]
2.27.12. [ID: 1015] Packet too big
2.27.13. [ID: 1016] Packet too big
2.27.14. [ID: 371] Received RA IP option
2.27.15. [ID: 334] Invalid RA option length
2.27.16. [ID: 205] Received RA IP option
2.27.17. [ID: 549] Packet too small for ip header
2.27.18. [ID: 234] Received Source Route IP option
2.27.19. [ID: 108] Invalid SR option length
2.27.20. [ID: 176] Invalid SR pointer
2.27.21. [ID: 517] Received Source Route IP option
2.27.22. [ID: 196] Multiple source or return routes in SR IP[...]
2.27.23. [ID: 469] Non-zero IP TOS field
2.27.24. [ID: 149] Non-zero IP TOS field
2.27.25. [ID: 467] Non-zero IP TOS field
2.27.26. [ID: 175] Received TS IP option
2.27.27. [ID: 354] Invalid TS option length
2.27.28. [ID: 198] Invalid TS pointer
2.27.29. [ID: 589] Invalid TS pointer with overflow
2.27.30. [ID: 557] Received TS IP option
2.27.31. [ID: 233] Multiple time stamps in TS IP option
2.27.32. [ID: 442] TTL is zero
2.27.33. [ID: 298] TTL expired
2.27.34. [ID: 503] TTL expired
2.27.35. [ID: 405] TTL too low
2.27.36. [ID: 185] TTL too low
2.27.37. [ID: 409] TTL too low
2.27.38. [ID: 131] Packet too small for L4 header
2.27.39. [ID: 156] IP length is larger than packet
2.28. IPV6
2.28.1. [ID: 115] Max IPv6 options per extension header reached
2.28.2. [ID: 492] Max IPv6 options per extension header reached
2.28.3. [ID: 477] Order of extension headers is invalid
2.28.4. [ID: 304] Bad IP version
2.28.5. [ID: 401] Received unknown extension header
2.28.6. [ID: 263] Non-zero IP Flow Label
2.28.7. [ID: 486] Non-zero IP Flow Label
2.28.8. [ID: 621] Non-zero IP Flow Label
2.28.9. [ID: 804] Illegal sender address
2.28.10. [ID: 470] IPv6 extension header size limit reached
2.28.11. [ID: 249] IPv6 extension header size limit reached
2.28.12. [ID: 220] Non-zero IPv6 PADN data
2.28.13. [ID: 575] Non-zero IPv6 PADN data
2.28.14. [ID: 268] Non-zero IPv6 PADN data
2.28.15. [ID: 347] Fragment header in non-fragment
2.28.16. [ID: 283] Fragment header in non-fragment
2.28.17. [ID: 260] Received fragmented jumbogram
2.28.18. [ID: 128] Received fragmented jumbogram
2.28.19. [ID: 157] Received Home Address option
2.28.20. [ID: 150] Received Home Address option
2.28.21. [ID: 535] Multicast Home Address option
2.28.22. [ID: 457] Received Home Address option
2.28.23. [ID: 412] Received Home Address option
2.28.24. [ID: 121] IP6 option with invalid size
2.28.25. [ID: 458] Received Jumbogram option
2.28.26. [ID: 586] Received Jumbogram option
2.28.27. [ID: 101] Received Jumbogram option
2.28.28. [ID: 417] Received malformed Jumbogram
2.28.29. [ID: 603] Received malformed Jumbogram
2.28.30. [ID: 407] Received unknown option
2.28.31. [ID: 197] Received unknown option
2.28.32. [ID: 314] Processed unknown option
2.28.33. [ID: 280] Processed unknown option
2.28.34. [ID: 154] Processed unknown option
2.28.35. [ID: 344] Processed unknown option
2.28.36. [ID: 356] Processed unknown option
2.28.37. [ID: 563] Received Router Alert option
2.28.38. [ID: 396] Received Router Alert option
2.28.39. [ID: 214] Received Router Alert option
2.28.40. [ID: 178] Received Routing Header option
2.28.41. [ID: 531] Received Routing Header option
2.28.42. [ID: 363] Received Routing Header option
2.28.43. [ID: 578] IPv6 option extension header overflow
2.28.44. [ID: 562] IPv6 option extension header overflow
2.28.45. [ID: 439] IP data is larger than the maximum allowed[...]
2.28.46. [ID: 1012] Packet too big
2.28.47. [ID: 1013] Packet too big
2.28.48. [ID: 656] Reserved bits in fragment header are non-zero
2.28.49. [ID: 660] Reserved bits in fragment header are non-zero
2.28.50. [ID: 650] Reserved bits in fragment header are non-zero
2.28.51. [ID: 658] Reserved field in fragment header is non-zero
2.28.52. [ID: 648] Reserved field in fragment header is non-zero
2.28.53. [ID: 645] Reserved field in fragment header is non-zero
2.28.54. [ID: 508] Fragment truncated at L3 header
2.28.55. [ID: 358] Packet truncated at L3 header
2.28.56. [ID: 158] Non-zero IP Traffic Class field
2.28.57. [ID: 585] Non-zero IP Traffic Class field
2.28.58. [ID: 284] Non-zero IP Traffic Class field
2.28.59. [ID: 489] Hop Limit is zero
2.28.60. [ID: 408] HopLimit reached
2.28.61. [ID: 295] HopLimit reached
2.28.62. [ID: 148] Hop Limit too low
2.28.63. [ID: 402] Hop Limit too low
2.28.64. [ID: 453] Hop Limit too low
2.28.65. [ID: 118] Fragment truncated at L4 header
2.28.66. [ID: 125] Header payload in fragment is truncated
2.28.67. [ID: 294] Header payload is truncated
2.28.68. [ID: 415] Packet truncated at L4 header
2.28.69. [ID: 523] IPv6 payload is truncated
2.28.70. [ID: 1025] Unrecognized IPv6 next header
2.28.71. [ID: 1024] Unrecognized IPv6 next header
2.28.72. [ID: 511] Adjacent PAD option
2.28.73. [ID: 598] Unaligned IPv6 option
2.28.74. [ID: 277] Fragment with invalid extension header
2.28.75. [ID: 610] Out of scope option
2.28.76. [ID: 110] Repeated extension header
2.28.77. [ID: 311] Repeated option
2.28.78. [ID: 567] IPv6 Too large PADN
2.29. LICENSE
2.29.1. [ID: 1083] Remaining demo period
2.29.2. [ID: 1084] Demo license expired
2.29.3. [ID: 623] Failed to activate license
2.29.4. [ID: 506] A new license has been activated
2.29.5. [ID: 564] Lockdown is in effect due to invalid license
2.29.6. [ID: 310] Failed to remove license
2.29.7. [ID: 151] The license has been removed
2.30. MANAGEMENT
2.30.1. [ID: 1676] Centralized management control re-enabled
2.30.2. [ID: 1672] Centralized management control being disabled[...]
2.30.3. [ID: 1001] Centralized management control has been[...]
2.30.4. [ID: 1000] Centralized management control has been[...]
2.31. NATPOOL
2.31.1. [ID: 1091] Deterministic NATPool found no free ports for[...]
2.31.2. [ID: 1120] Deterministic NATPool current configuration
2.31.3. [ID: 1109] Deterministic NATPool deleted
2.31.4. [ID: 1087] Deterministic NATPool denied translation
2.31.5. [ID: 1098] Deterministic NATPool dynamic release
2.31.6. [ID: 1121] Deterministic NATPool dynamic assignment
2.31.7. [ID: 984] Failed to map peer NAT flow translation on[...]
2.31.8. [ID: 985] Out of memory loading NAT Pool
2.31.9. [ID: 1152] Unable to re-map flow translation in the new[...]
2.31.10. [ID: 989] Max NATPool states reached replacing active
2.31.11. [ID: 988] Max NATPool states reached replacing lingering
2.31.12. [ID: 986] Out of memory while allocating state in pool
2.32. NDP
2.32.1. [ID: 165] Advertisement delayed
2.32.2. [ID: 184] Advertisement for static entry
2.32.3. [ID: 179] Unknown ICMP code
2.32.4. [ID: 569] Illegal option size
2.32.5. [ID: 276] Forged reply
2.32.6. [ID: 226] DAD reply delayed
2.32.7. [ID: 153] Received DAD probe
2.32.8. [ID: 462] Duplicated option
2.32.9. [ID: 430] Duplicated option
2.32.10. [ID: 552] ND hop limit reached
2.32.11. [ID: 434] Linklayer option contains multicast address
2.32.12. [ID: 454] Dead peer probe answered with multicast[...]
2.32.13. [ID: 619] Multicast target
2.32.14. [ID: 574] Neighbor cache updated with new HW address
2.32.15. [ID: 330] New HW address advertised for resolved IP
2.32.16. [ID: 418] New HW address advertised for resolved IP
2.32.17. [ID: 211] Advertisement from the Unknown Address
2.32.18. [ID: 195] No target route for packet
2.32.19. [ID: 599] No source route for packet
2.32.20. [ID: 107] Reply without target link-layer option
2.32.21. [ID: 309] Linklayer option does not match HW sender
2.32.22. [ID: 120] Linklayer option does not match HW sender
2.32.23. [ID: 180] Neighbor entry lost
2.32.24. [ID: 163] Probe from unknown host
2.32.25. [ID: 303] Dead Peer probe delayed
2.32.26. [ID: 266] Reply to Dead Peer probe delayed
2.32.27. [ID: 338] NDP resolve timeout
2.32.28. [ID: 445] Packet truncated at L4 header
2.32.29. [ID: 519] Option is truncated
2.32.30. [ID: 348] ND message allowed by access rule
2.32.31. [ID: 127] ND message disallowed by access rule
2.32.32. [ID: 1657] ND message disallowed by route to source IP
2.32.33. [ID: 212] Solicitation delayed
2.32.34. [ID: 625] Solicitation from unknown host
2.32.35. [ID: 316] Spoofed HW sender
2.32.36. [ID: 239] Dead peer probe answered from unknown HW[...]
2.32.37. [ID: 315] Spoofed IP sender
2.32.38. [ID: 271] Spoofed source linklayer option
2.32.39. [ID: 446] Spoofed IP target
2.32.40. [ID: 1160] IPv6 DNS was discovered
2.32.41. [ID: 1136] IPv6 DNS has expired
2.32.42. [ID: 1139] Generated IPv6 address appear to be occupied
2.32.43. [ID: 1134] No routers were discovered
2.32.44. [ID: 1159] IPv6 prefix was discovered
2.32.45. [ID: 1151] IPv6 prefix has expired
2.32.46. [ID: 1284] IPv6 prefix preferred lifetime exceeds valid[...]
2.32.47. [ID: 1138] Router was discovered
2.32.48. [ID: 1142] IPv6 router has expired
2.33. OSPF
2.33.1. [ID: 848] Unable to send ACK
2.33.2. [ID: 870] Failed to add route
2.33.3. [ID: 861] Bad area
2.33.4. [ID: 867] Authentication failed due to bad crypto digest
2.33.5. [ID: 851] Authentication failed due to bad crypto key[...]
2.33.6. [ID: 824] Bad authentication password
2.33.7. [ID: 814] Authentication failed since received crypto[...]
2.33.8. [ID: 854] Authentication type mismatch with neighbor[...]
2.33.9. [ID: 855] Received OSPF packet with bad length
2.33.10. [ID: 868] Checksum error
2.33.11. [ID: 836] Neighbor implied AS-EXT on stub area
2.33.12. [ID: 856] Received LSA with bad max-age value
2.33.13. [ID: 876] Received LSA with bad sequence number
2.33.14. [ID: 826] Neighbor replied with unexpected sequence[...]
2.33.15. [ID: 837] Neighbor DD packet has too high MTU
2.33.16. [ID: 825] Neighbor sent non-duplicate in wrong state
2.33.17. [ID: 871] Neighbor changed options during exchange phase
2.33.18. [ID: 815] Unknown LSA type
2.33.19. [ID: 835] Neighbor misused the I-flag
2.33.20. [ID: 845] Neighbor M-MS mismatch
2.33.21. [ID: 853] Generic event
2.33.22. [ID: 830] Generic event
2.33.23. [ID: 874] Cannot map PTP neighbor to local IP
2.33.24. [ID: 823] Generic event
2.33.25. [ID: 817] Hello packet E-flag mismatch
2.33.26. [ID: 832] Hello packet N-flag and E-flags are both set[...]
2.33.27. [ID: 872] Hello packet interval mismatch
2.33.28. [ID: 834] Hello packet N-flag mismatch
2.33.29. [ID: 839] Hello packet netmask mismatch
2.33.30. [ID: 875] Hello packet router dead interval mismatch
2.33.31. [ID: 852] LSA internal checksum error
2.33.32. [ID: 865] Got ACK for mismatched LSA
2.33.33. [ID: 864] Received AS-EXT LSA on stub
2.33.34. [ID: 843] Received LSA with bad checksum
2.33.35. [ID: 840] Bad LSA sequence number
2.33.36. [ID: 846] Bad LSA sequence number
2.33.37. [ID: 819] Generic event
2.33.38. [ID: 857] Failed to prepare replacement LSA
2.33.39. [ID: 863] Received LSA is older then DB copy
2.33.40. [ID: 827] REQ packet LSA size mismatch
2.33.41. [ID: 842] ACK packet LSA size mismatch
2.33.42. [ID: 821] Requested LSA size too large
2.33.43. [ID: 828] Received selforiginated LSA for unknown type
2.33.44. [ID: 858] UPD packet LSA size mismatch
2.33.45. [ID: 1442] Received malformed packet
2.33.46. [ID: 822] Unable to find VLINK transport area
2.33.47. [ID: 831] Neighbor died
2.33.48. [ID: 820] AS disabled due to failed memory allocation
2.33.49. [ID: 850] Unable to allocate memory for LSA
2.33.50. [ID: 866] Unable to allocate memory for LSA link states
2.33.51. [ID: 841] Unable to allocate memory for LSA shell states
2.33.52. [ID: 873] Unable to allocate memory for router neighbor[...]
2.33.53. [ID: 829] Unable to allocate memory for SPF vertex[...]
2.33.54. [ID: 818] Generic event
2.33.55. [ID: 859] Generic event
2.33.56. [ID: 1053] Received Router LSA which contains mismatched[...]
2.33.57. [ID: 838] Generic event
2.33.58. [ID: 833] Unable to send data on interface
2.33.59. [ID: 849] Sender source IP not in interface range
2.33.60. [ID: 869] Too many neighbors on interface
2.33.61. [ID: 862] Unknown LSA type
2.33.62. [ID: 860] Unknown neighbor
2.33.63. [ID: 816] Unknown OSPF packet type
2.33.64. [ID: 847] Packet version is not OSPFv2
2.34. PIPES
2.34.1. [ID: 1393] Out of non-uniform memory
2.34.2. [ID: 1396] No longer out of non-uniform memory
2.34.3. [ID: 1416] Pipe memory limit reached
2.35. PORTMGR
2.35.1. [ID: 410] Failed to allocate dynamic port
2.35.2. [ID: 167] Switching to High Load Mode
2.35.3. [ID: 170] Switching to Low Load Mode
2.35.4. [ID: 421] Out of memory when allocating dynamic port
2.35.5. [ID: 451] Out of memory while switching to High Load[...]
2.35.6. [ID: 432] Out of memory initializing port manager
2.36. RADIUS
2.36.1. [ID: 666] Access-Accept packet received from RADIUS[...]
2.36.2. [ID: 1667] Access-Challenge packet received from RADIUS[...]
2.36.3. [ID: 678] Access-Reject packet received from RADIUS[...]
2.36.4. [ID: 691] Access-Request packet sent to RADIUS server
2.36.5. [ID: 771] RADIUS challenge expired
2.36.6. [ID: 675] Non-responding RADIUS server
2.36.7. [ID: 1075] Failed to initiate connection with RADIUS[...]
2.36.8. [ID: 664] Failed to parse incoming RADIUS packet
2.36.9. [ID: 791] Access-Request packet could not be created
2.36.10. [ID: 683] Access-Request packet could not be sent to[...]
2.37. ROUTE
2.37.1. [ID: 1064] Monitored host treated as reachable due to[...]
2.37.2. [ID: 1067] Monitored host treated as unreachable due to[...]
2.37.3. [ID: 1063] Monitored host reachable
2.37.4. [ID: 1066] Monitored host unreachable
2.37.5. [ID: 1068] Monitored route disabled
2.37.6. [ID: 1065] Monitored route enabled
2.37.7. [ID: 652] Dynamic route added
2.37.8. [ID: 654] Dynamic route removed
2.38. RULE
2.38.1. [ID: 1230] IPC error managing dynamic rules
2.38.2. [ID: 1240] Dynamic rules leaked
2.38.3. [ID: 1133] Blacklist rule added
2.38.4. [ID: 1164] Blacklist rule table size set to
2.38.5. [ID: 1141] Blacklist rule removed
2.38.6. [ID: 1165] Blacklist rule replaced
2.38.7. [ID: 649] Flow HA sync disallowed by access rule
2.38.8. [ID: 643] Flow HA sync failed due to address[...]
2.38.9. [ID: 1150] Flow HA sync disallowed by blacklist rule
2.38.10. [ID: 1662] Source IP not routed on receive interface
2.38.11. [ID: 647] Flow HA sync failed due to no route to[...]
2.38.12. [ID: 659] Flow HA sync failed due to no route to source
2.38.13. [ID: 1395] Source address matches translation prefix
2.38.14. [ID: 1088] Max sessions reached on ALG
2.38.15. [ID: 109] Packet received open
2.38.16. [ID: 431] Packet received reject
2.38.17. [ID: 1209] Unsupported protocol combination for ALG
2.38.18. [ID: 238] Allowed by access rule
2.38.19. [ID: 242] Disallowed by access rule
2.38.20. [ID: 1661] Source IP not routed on receive interface
2.38.21. [ID: 1653] Receive sub interface id mismatch with route[...]
2.38.22. [ID: 394] Local Undelivered
2.38.23. [ID: 471] No route to destination
2.38.24. [ID: 129] No route to source
2.38.25. [ID: 514] Packet dropped by the ruleset
2.38.26. [ID: 384] Non-NATable IP protocol
2.38.27. [ID: 520] Could not allocate NAT port
2.38.28. [ID: 987] Could not allocate NAT IP from NATPool
2.38.29. [ID: 1158] Whitelist prevents blacklist action from[...]
2.39. SCTP
2.39.1. [ID: 1335] IP address outside IP rule filter
2.39.2. [ID: 1350] IP address outside IP rule filter
2.39.3. [ID: 1371] ABORT bundled with DATA chunk
2.39.4. [ID: 1216] Advertised receiver window credit too low
2.39.5. [ID: 1324] Association abort
2.39.6. [ID: 1361] Established association exists
2.39.7. [ID: 1367] Association established
2.39.8. [ID: 1658] Association establishment clash
2.39.9. [ID: 1689] Association no longer allowed
2.39.10. [ID: 1362] Association closed due to idle timeout
2.39.11. [ID: 1359] Handshake random replace
2.39.12. [ID: 1326] Association handshake timeout
2.39.13. [ID: 1332] Association handshake initiated
2.39.14. [ID: 1639] Association handshake restart
2.39.15. [ID: 1659] Association restart clash
2.39.16. [ID: 1329] Association restart initiated
2.39.17. [ID: 1384] Association restart initiated
2.39.18. [ID: 1339] Association restarted
2.39.19. [ID: 1347] Association random replace
2.39.20. [ID: 1327] Association timeout on shutdown
2.39.21. [ID: 1358] Association closed
2.39.22. [ID: 1343] Association shutdown received
2.39.23. [ID: 1640] Association linger timeout
2.39.24. [ID: 1357] PPID blacklisted
2.39.25. [ID: 1239] Bundled singular chunk type
2.39.26. [ID: 1377] Unexpected cookie ack from initiator of[...]
2.39.27. [ID: 1375] Unexpected cookie echo from responder of[...]
2.39.28. [ID: 1298] Chunk length includes padding at end
2.39.29. [ID: 1660] Cookie echoed
2.39.30. [ID: 1439] Stripped DATA chunk from packet containing[...]
2.39.31. [ID: 1363] Destination port mismatch
2.39.32. [ID: 1369] Unexpected DATA from shutdown initiator
2.39.33. [ID: 1352] Initial vtag changed
2.39.34. [ID: 1345] No init seen
2.39.35. [ID: 1386] Restart changed initiator IP address number
2.39.36. [ID: 1376] Restart added initiator IP address
2.39.37. [ID: 1383] Restart added responder IP address
2.39.38. [ID: 1387] Restart changed responder IP address number
2.39.39. [ID: 1338] Wrong association restart state
2.39.40. [ID: 1368] Shutdown during establishment
2.39.41. [ID: 1355] Expired restart period
2.39.42. [ID: 1333] Too many shutdown requests
2.39.43. [ID: 1346] Unexpected COOKIE ACK
2.39.44. [ID: 1331] Unexpected COOKIE ECHO
2.39.45. [ID: 1656] Unexpected DATA from initiator
2.39.46. [ID: 1654] Unexpected DATA from responder
2.39.47. [ID: 1342] Unexpected shutdown chunk
2.39.48. [ID: 1288] Empty state cookie parameter found
2.39.49. [ID: 1686] Clash
2.39.50. [ID: 1685] Clash
2.39.51. [ID: 1684] Disallowed
2.39.52. [ID: 1170] Host name address detected
2.39.53. [ID: 1189] Host name address detected
2.39.54. [ID: 1374] Host name address detected
2.39.55. [ID: 1381] Wrong initiator primary IP
2.39.56. [ID: 1379] Wrong responder primary IP
2.39.57. [ID: 1373] IP address inside IP rule filter
2.39.58. [ID: 1198] IP address outside IP rule filter
2.39.59. [ID: 1177] IP address outside IP rule filter
2.39.60. [ID: 1348] Source IP disallowed by association
2.39.61. [ID: 1385] IP disallowed by initiator of restart
2.39.62. [ID: 1336] Destination IP disallowed by association
2.39.63. [ID: 1378] IP disallowed by responder of restart
2.39.64. [ID: 1294] SCTP padding with illegal length
2.39.65. [ID: 1271] SCTP mis-aligned by padding
2.39.66. [ID: 1277] SCTP chunk end mis-aligned by padding
2.39.67. [ID: 1291] Address type illegal with Host Name Address[...]
2.39.68. [ID: 1663] Init-ack seen
2.39.69. [ID: 1382] Association restart from initiator failed
2.39.70. [ID: 1366] Initiator vtag mismatch
2.39.71. [ID: 1176] Invalid SCTP checksum
2.39.72. [ID: 1242] Invalid SCTP checksum
2.39.73. [ID: 1178] Invalid SCTP chunk length
2.39.74. [ID: 1174] Invalid SCTP destination port
2.39.75. [ID: 1337] Invalid destination route
2.39.76. [ID: 1194] Invalid SCTP error cause length
2.39.77. [ID: 1273] Invalid SCTP heartbeat information
2.39.78. [ID: 1187] Invalid Host Name address format
2.39.79. [ID: 1353] Invalid stream ID
2.39.80. [ID: 1258] Illegal initiate tag
2.39.81. [ID: 1257] Invalid number of streams
2.39.82. [ID: 1188] Invalid number of mandatory SCTP parameters
2.39.83. [ID: 1325] Invalid stream ID
2.39.84. [ID: 1296] Invalid pad parameter inside chunk
2.39.85. [ID: 1195] Invalid SCTP chunk parameter length
2.39.86. [ID: 1354] Invalid source interface
2.39.87. [ID: 1167] Invalid SCTP source port
2.39.88. [ID: 1181] Invalid SCTP verification tag
2.39.89. [ID: 1301] Chunk length includes the padding of the last[...]
2.39.90. [ID: 1340] Max IP addresses exceeded
2.39.91. [ID: 1370] Max control chunks exceeded
2.39.92. [ID: 1364] Max DATA chunks exceeded
2.39.93. [ID: 1360] Max inbound streams adjusted
2.39.94. [ID: 1356] Max outbound streams adjusted
2.39.95. [ID: 1299] Missing SCTP chunk padding
2.39.96. [ID: 1285] Missing mandatory SCTP parameter from a chunk
2.39.97. [ID: 1168] Missing SCTP cookie
2.39.98. [ID: 1330] No association found
2.39.99. [ID: 1688] No valid association found
2.39.100. [ID: 1341] No whitelisted PPIDs
2.39.101. [ID: 1349] No possible association restart
2.39.102. [ID: 1292] Non-zero SCTP chunk padding inside chunk
2.39.103. [ID: 1297] Non-zero SCTP chunk padding inside chunk
2.39.104. [ID: 1289] Non-zero SCTP chunk padding inside chunk
2.39.105. [ID: 1197] SCTP chunk padding inside chunk
2.39.106. [ID: 1290] SCTP chunk padding inside chunk
2.39.107. [ID: 1282] SCTP chunk padding inside chunk
2.39.108. [ID: 1281] SCTP chunk padding inside chunk
2.39.109. [ID: 1190] Non-zero SCTP chunk padding
2.39.110. [ID: 1278] Non-zero SCTP chunk padding
2.39.111. [ID: 1279] Non-zero SCTP chunk padding
2.39.112. [ID: 1173] Non-zero reserved field in SCTP error cause
2.39.113. [ID: 1269] Non-zero SCTP chunk parameter padding
2.39.114. [ID: 1268] Non-zero SCTP chunk parameter padding
2.39.115. [ID: 1196] Non-zero SCTP chunk parameter padding
2.39.116. [ID: 1344] Non-first SCTP cookie ack
2.39.117. [ID: 1295] Non-first SCTP cookie
2.39.118. [ID: 1365] PPID not whitelisted
2.39.119. [ID: 1441] SCTP padding chunk
2.39.120. [ID: 1438] SCTP padding chunk
2.39.121. [ID: 1440] SCTP padding chunk
2.39.122. [ID: 1437] SCTP padding chunk
2.39.123. [ID: 1380] Association restart from responder failed
2.39.124. [ID: 1328] Responder vtag mismatch
2.39.125. [ID: 1351] Source port mismatch
2.39.126. [ID: 1270] Stateful SCTP is not supported
2.39.127. [ID: 1283] Too many occurrences of SCTP parameter
2.39.128. [ID: 1334] Unexpected state cookie
2.39.129. [ID: 1280] Unknown mandatory chunk type
2.39.130. [ID: 1184] Unknown mandatory chunk type
2.39.131. [ID: 1193] Unknown mandatory chunk type
2.39.132. [ID: 1191] Unknown mandatory chunk type
2.39.133. [ID: 1236] Unknown mandatory parameter type
2.39.134. [ID: 1171] Unknown mandatory parameter type
2.39.135. [ID: 1166] Unknown mandatory parameter type
2.39.136. [ID: 1186] Unknown mandatory parameter type
2.39.137. [ID: 1248] Unknown optional chunk type
2.39.138. [ID: 1180] Unknown optional chunk type
2.39.139. [ID: 1172] Unknown optional chunk type
2.39.140. [ID: 1175] Unknown optional chunk type
2.39.141. [ID: 1214] Unknown optional parameter type
2.39.142. [ID: 1185] Unknown optional parameter type
2.39.143. [ID: 1182] Unknown optional parameter type
2.39.144. [ID: 1192] Unknown optional parameter type
2.39.145. [ID: 1169] Unknown supported address type
2.39.146. [ID: 1286] Unknown supported address type
2.39.147. [ID: 1179] Unknown supported address type
2.39.148. [ID: 1183] Unkown SCTP error cause
2.39.149. [ID: 1208] Not supported address type
2.39.150. [ID: 1372] PPID whitelisted
2.39.151. [ID: 1300] State cookie parameter has zero for value
2.40. SIPALG
2.40.1. [ID: 1206] SIP ALG call leg deleted
2.40.2. [ID: 1229] SIP ALG call leg state updated
2.40.3. [ID: 1260] Failed to create call leg
2.40.4. [ID: 1266] Failed to create new transaction
2.40.5. [ID: 1267] Failed to do dns resolve
2.40.6. [ID: 1247] Failed to create SIP ALG session
2.40.7. [ID: 1262] Failed to find SIP ALG session
2.40.8. [ID: 1259] Unsuccessful registration
2.40.9. [ID: 1221] Failed unregistration
2.40.10. [ID: 1210] Failed to find call leg
2.40.11. [ID: 1219] Failed to find role
2.40.12. [ID: 1202] Failed to find transaction
2.40.13. [ID: 1213] Flow failed
2.40.14. [ID: 1224] Failed to get free NAT port pair for the[...]
2.40.15. [ID: 1322] Failed to install HA synced object
2.40.16. [ID: 1323] Failed to apply HA update to object
2.40.17. [ID: 1205] Invalid SIP UDP packet received
2.40.18. [ID: 1211] Invalid session state change
2.40.19. [ID: 1237] Maximum number of transaction per session has[...]
2.40.20. [ID: 1203] Maximum number of sessions per SIP URI has[...]
2.40.21. [ID: 1220] Maximum number of sessions per Service has[...]
2.40.22. [ID: 1223] Failed to parse media
2.40.23. [ID: 1274] Media stream rules created
2.40.24. [ID: 1272] Failed to create media stream rules
2.40.25. [ID: 1204] Out of memory
2.40.26. [ID: 1245] Expire value modified in registration request
2.40.27. [ID: 1199] Failed to modify contact tag in message
2.40.28. [ID: 1235] Failed to modify FROM tag in message
2.40.29. [ID: 1263] Failed to modify request URI in message
2.40.30. [ID: 1200] Failed to modify the request
2.40.31. [ID: 1251] Failed to modify the response
2.40.32. [ID: 1231] Failed to modify SDP message
2.40.33. [ID: 1238] Failed to modify the SAT request
2.40.34. [ID: 1207] Call leg created
2.40.35. [ID: 1232] New SIP ALG session created
2.40.36. [ID: 1234] New transaction created
2.40.37. [ID: 1261] Failed to find route for given host
2.40.38. [ID: 1256] General Error
2.40.39. [ID: 1217] Registration hijack attempt detected
2.40.40. [ID: 1246] Successful Registration
2.40.41. [ID: 1264] SDP message parsing failed
2.40.42. [ID: 1243] SDP message validation failed
2.40.43. [ID: 1227] SIP ALG packet reception error
2.40.44. [ID: 1265] SIP message parsing failed
2.40.45. [ID: 1254] SIP message validation failed due to[...]
2.40.46. [ID: 1212] SIP request-response timeout
2.40.47. [ID: 1255] SIP signal timeout
2.40.48. [ID: 1233] SIP ALG session deleted
2.40.49. [ID: 1201] SIP ALG session state updated
2.40.50. [ID: 1250] Block third party SIP request
2.40.51. [ID: 1244] Transaction state updated
2.40.52. [ID: 1253] SIP ALG transaction deleted
2.40.53. [ID: 1226] Invalid transaction state change
2.40.54. [ID: 1252] Successful unregistration
2.40.55. [ID: 1222] Method not supported
2.40.56. [ID: 1249] Failed to update call leg
2.40.57. [ID: 1225] Failed to update contact
2.40.58. [ID: 1241] Failed to update port information
2.40.59. [ID: 1228] Registration entry not found
2.40.60. [ID: 1215] Failed to modify via in message
2.41. SNMP
2.41.1. [ID: 478] SNMP access
2.41.2. [ID: 1506] SNMP authentication failure
2.41.3. [ID: 1505] Max restart counter
2.41.4. [ID: 1680] SNMP not in time window
2.41.5. [ID: 763] SNMP unexpected version
2.41.6. [ID: 1681] SNMP unknown engine ID
2.42. SSHD
2.42.1. [ID: 370] Administrative user logged in
2.42.2. [ID: 297] Incorrect user name or insufficient[...]
2.42.3. [ID: 186] Administrative user failed to login because[...]
2.42.4. [ID: 455] Administrative user logged out
2.42.5. [ID: 1287] Fatal sshd error
2.42.6. [ID: 877] Failed to get traffic parameters from[...]
2.42.7. [ID: 474] SSH session inactivity time limit has been[...]
2.42.8. [ID: 448] Username change
2.42.9. [ID: 256] Invalid service request received
2.42.10. [ID: 576] Username change
2.42.11. [ID: 425] SSH Login grace timeout expired
2.42.12. [ID: 554] Maximum number of authentication retries[...]
2.42.13. [ID: 225] The maximum number of simultaneously[...]
2.42.14. [ID: 406] The maximum number of connection attempts[...]
2.42.15. [ID: 640] Incompatible encryption
2.42.16. [ID: 1293] Incompatible key exchange algorithm
2.42.17. [ID: 639] Incompatible mac
2.42.18. [ID: 996] Request to copy file
2.42.19. [ID: 995] Request to copy file failed
2.42.20. [ID: 994] Request to copy file successful
2.42.21. [ID: 624] SSH connection is no longer valid
2.42.22. [ID: 997] Closing session for subsystem
2.42.23. [ID: 993] Creating session for subsystem request
2.43. SSLINSPECTION
2.43.1. [ID: 1460] Abnormal close
2.43.2. [ID: 1462] Error accepting client connection
2.43.3. [ID: 1480] Session allocation failure
2.43.4. [ID: 1485] Certificate error
2.43.5. [ID: 1495] Client cipher suites mismatch
2.43.6. [ID: 1500] Client TLS version error
2.43.7. [ID: 1466] Error connecting to server
2.43.8. [ID: 1498] Flow failed
2.43.9. [ID: 1447] Failed to forward SNI
2.43.10. [ID: 1502] Handshake timeout with
2.43.11. [ID: 1490] IPS protection closed connection
2.43.12. [ID: 1474] No server matched SNI
2.43.13. [ID: 1483] Error reading data from client
2.43.14. [ID: 1450] Error reading data from server
2.43.15. [ID: 1492] Received SNI from client
2.43.16. [ID: 1484] Server cipher suites mismatch
2.43.17. [ID: 1481] Server TLS version error
2.43.18. [ID: 1487] Session closed
2.43.19. [ID: 1456] Connection established
2.43.20. [ID: 1494] Session opened
2.43.21. [ID: 1444] Error writing data to client
2.43.22. [ID: 1499] Error writing data to client
2.44. SSLVPN
2.44.1. [ID: 1491] Allocated client IP
2.44.2. [ID: 1448] Client certificate verification failed
2.44.3. [ID: 1459] Client certificate verification successful
2.44.4. [ID: 1471] Verification of client options failed
2.44.5. [ID: 1461] Closed TLS session due to unacknowledged[...]
2.44.6. [ID: 1451] Connected SSLVPN client
2.44.7. [ID: 1467] Could not allocate client IP
2.44.8. [ID: 1457] Internal error when decrypting packet
2.44.9. [ID: 1465] Decryption failed for data channel packet
2.44.10. [ID: 1443] Disconnected SSLVPN client
2.44.11. [ID: 1496] Data packet before negotiated data channel
2.44.12. [ID: 1464] Encryption failed for data channel packet
2.44.13. [ID: 1455] Encrypted packet did not fit packet buffer
2.44.14. [ID: 1482] Failed to send packet to control plane
2.44.15. [ID: 1486] Failed to set encryption key for packet
2.44.16. [ID: 1473] Failed to write encrypted packet
2.44.17. [ID: 1668] Failed to get server
2.44.18. [ID: 1669] Failed to get session
2.44.19. [ID: 1678] Failed to get user session
2.44.20. [ID: 1463] TLS handshake timed out
2.44.21. [ID: 1478] Integrity check failed during decryption
2.44.22. [ID: 1472] Maximum number of authenticated SSLVPN[...]
2.44.23. [ID: 1446] Number of authenticated SSLVPN sessions[...]
2.44.24. [ID: 1453] Malformed packet on data channel
2.44.25. [ID: 1673] Failed to read challenge text from[...]
2.44.26. [ID: 1679] Peer did not send client certificate
2.44.27. [ID: 1674] Failed to find server configuration
2.44.28. [ID: 1476] Non active key ID on data channel
2.44.29. [ID: 1470] Verification of client peer info failed
2.44.30. [ID: 1493] Rate limit exceeded
2.44.31. [ID: 1469] Released client IP
2.44.32. [ID: 1452] Key renegotiation failed
2.44.33. [ID: 1475] Key renegotiation successful
2.44.34. [ID: 1449] Replay check failed on data channel
2.44.35. [ID: 1670] Failed to send challenge to client
2.44.36. [ID: 1677] Failed to send challenge response
2.44.37. [ID: 1489] Server reset from client
2.44.38. [ID: 1477] TLS handshake error
2.44.39. [ID: 1497] Too short packet payload
2.44.40. [ID: 1501] Unacknowledged control channel message
2.44.41. [ID: 1488] Received ACK for unknown packet id
2.44.42. [ID: 1479] Unknown protocol opcode
2.44.43. [ID: 1671] Unprintable characters in challenge text
2.44.44. [ID: 1454] Unsupported key exchange method v1
2.44.45. [ID: 1445] User failed to log in to SSLVPN
2.44.46. [ID: 1458] User logged in to SSLVPN
2.44.47. [ID: 1468] User logged out from SSLVPN by authentication[...]
2.44.48. [ID: 1675] Username not allowed to change
2.45. STATISTICS
2.45.1. [ID: 1432] Failed to add statistical values for BGP peer
2.45.2. [ID: 1428] Failed to remove statistical values of BGP[...]
2.45.3. [ID: 1436] Failed to create AgentX talker thread
2.45.4. [ID: 1431] Failed to parse AgentX message
2.45.5. [ID: 1433] No support for IPv6 peer identifiers
2.45.6. [ID: 1429] AgentX session closed
2.45.7. [ID: 1434] AgentX session opened
2.45.8. [ID: 1430] Failed to setup listening socket
2.45.9. [ID: 1435] Update of statistics value failed
2.46. SYSTEM
2.46.1. [ID: 641] A new kernel exception report was generated
2.46.2. [ID: 235] Out of memory initializing data plane[...]
2.46.3. [ID: 583] All systems shutdown
2.46.4. [ID: 313] Aborted shutdown of all systems
2.46.5. [ID: 231] All systems shutdown notice
2.46.6. [ID: 392] Failed to create backup file
2.46.7. [ID: 193] Backup file created
2.46.8. [ID: 1073] Leaving Daylight Saving Time
2.46.9. [ID: 1074] Entering Daylight Saving Time
2.46.10. [ID: 390] Exception report generated
2.46.11. [ID: 1072] System time set
2.46.12. [ID: 404] PKG file was successfully applied
2.46.13. [ID: 244] Failed to apply PKG file
2.46.14. [ID: 190] Failed to validate PKG file
2.46.15. [ID: 786] Process exited with non-zero status code
2.46.16. [ID: 785] Process exited because of signal
2.46.17. [ID: 794] Generating crashdump report
2.46.18. [ID: 800] Killing process that did not exit in time
2.46.19. [ID: 798] Process is not responding
2.46.20. [ID: 799] Removing unresponsive process
2.46.21. [ID: 797] Restarting process
2.46.22. [ID: 796] Process did not exit in time
2.46.23. [ID: 1058] Process exited unexpectedly
2.46.24. [ID: 990] Configuration has been reset to factory[...]
2.46.25. [ID: 991] System has been reset to factory default
2.46.26. [ID: 459] Revert has been applied
2.46.27. [ID: 558] Failed to revert
2.46.28. [ID: 361] System shutting down
2.46.29. [ID: 1023] Preparing to shut down
2.46.30. [ID: 427] System started
2.46.31. [ID: 1002] System could not be rebooted using the[...]
2.46.32. [ID: 992] System could not be reconfigured using the[...]
2.46.33. [ID: 1003] System was successfully upgraded
2.46.34. [ID: 382] Out of memory setting up virtual system
2.46.35. [ID: 290] Module was restarted
2.46.36. [ID: 318] Failed to start module
2.47. TCP
2.47.1. [ID: 102] Ambiguous MSS announcement
2.47.2. [ID: 189] TCP MSS too high
2.47.3. [ID: 393] TCP MSS too low
2.47.4. [ID: 591] Oversized TCP window
2.47.5. [ID: 416] Ambiguous SACK permission announced
2.47.6. [ID: 307] Ambiguous SACK permission announced
2.47.7. [ID: 246] Ambiguous window scale negotiation
2.47.8. [ID: 551] Ambiguous window scale negotiation
2.47.9. [ID: 565] SACK block with invalid range
2.47.10. [ID: 411] Resent SYN with mismatching window scale[...]
2.47.11. [ID: 545] Disallowed flag set
2.47.12. [ID: 202] Bad TCP option length
2.47.13. [ID: 596] TCP segment exceeds previous FIN
2.47.14. [ID: 547] TCP FIN flag set without the ACK flag
2.47.15. [ID: 113] Disallowed flag combination
2.47.16. [ID: 388] Invalid TCP checksum
2.47.17. [ID: 359] Invalid TCP option length
2.47.18. [ID: 139] Invalid reset sequence number in state SYN[...]
2.47.19. [ID: 187] TCP MSS too high
2.47.20. [ID: 312] TCP MSS too low
2.47.21. [ID: 571] New acknowledgment in ICMP message
2.47.22. [ID: 375] Not forwarded sequence number in ICMP message
2.47.23. [ID: 456] Non-zero header padding
2.47.24. [ID: 493] SACK block announced data not sent
2.47.25. [ID: 447] TCP NULL packet
2.47.26. [ID: 449] Non-first SACK block announced acknowledged[...]
2.47.27. [ID: 437] Disallowed TCP option
2.47.28. [ID: 173] SYN only option in non-SYN segment
2.47.29. [ID: 373] TCP option length missing
2.47.30. [ID: 182] Oversized TCP segment
2.47.31. [ID: 369] Oversized TCP window in ICMP message
2.47.32. [ID: 227] TCP option does not fit in the header
2.47.33. [ID: 200] Too high TCP sequence number
2.47.34. [ID: 463] Too low FIN sequence number
2.47.35. [ID: 168] Too low TCP sequence number
2.47.36. [ID: 103] Too low sequence number in ICMP message
2.47.37. [ID: 145] Truncated TCP header encapsulated in ICMP[...]
2.47.38. [ID: 210] Too high TCP acknowledgment
2.47.39. [ID: 444] Unacceptable initial TCP acknowledgment
2.47.40. [ID: 217] Unused non-zero ACK
2.47.41. [ID: 527] Unused non-zero urgent pointer
2.47.42. [ID: 538] Fragmented TCP header encapsulated in ICMP[...]
2.47.43. [ID: 267] TCP header length exceeds IP payload length
2.47.44. [ID: 299] Ambiguous MSS announcement
2.47.45. [ID: 258] Unexpected invalid FIN
2.47.46. [ID: 561] Invalid TCP header length
2.47.47. [ID: 399] Window scale shift count exceeds 14
2.47.48. [ID: 342] Suspicious flag set
2.47.49. [ID: 320] TCP segment exceeds previous FIN
2.47.50. [ID: 468] TCP FIN flag set without the ACK flag
2.47.51. [ID: 504] Suspicious flag combination
2.47.52. [ID: 218] TCP MSS exceeds log level
2.47.53. [ID: 270] Invalid TCP checksum
2.47.54. [ID: 147] Invalid reset sequence number in state SYN[...]
2.47.55. [ID: 209] TCP MSS too high
2.47.56. [ID: 215] TCP MSS too low
2.47.57. [ID: 592] New acknowledgment in ICMP message
2.47.58. [ID: 353] Not forwarded sequence number in ICMP message
2.47.59. [ID: 169] Non-zero header padding
2.47.60. [ID: 484] SACK block announced data not sent
2.47.61. [ID: 257] TCP NULL packet
2.47.62. [ID: 345] Non-first SACK block announced acknowledged[...]
2.47.63. [ID: 614] TCP option
2.47.64. [ID: 366] SYN only option in non-SYN segment
2.47.65. [ID: 181] Oversized TCP segment
2.47.66. [ID: 199] Oversized TCP window
2.47.67. [ID: 461] Too high TCP sequence number
2.47.68. [ID: 207] Too low FIN sequence number
2.47.69. [ID: 420] Too low TCP sequence number
2.47.70. [ID: 601] Too low sequence number in ICMP message
2.47.71. [ID: 560] Truncated TCP header encapsulated in ICMP[...]
2.47.72. [ID: 498] Too high TCP acknowledgment
2.47.73. [ID: 479] Unacceptable initial TCP acknowledgment
2.47.74. [ID: 541] Unused non-zero ACK
2.47.75. [ID: 337] Unused non-zero urgent pointer
2.47.76. [ID: 335] Multiple TCP options of the same kind
2.47.77. [ID: 250] No new flow for this packet
2.47.78. [ID: 252] TCP option not negotiated
2.47.79. [ID: 381] SACK option without the ACK flag set
2.47.80. [ID: 1011] New TCP flow denied
2.47.81. [ID: 208] Disallowed flag set
2.47.82. [ID: 491] Bad TCP option length
2.47.83. [ID: 322] Disallowed flag combination
2.47.84. [ID: 329] Invalid TCP option length
2.47.85. [ID: 241] Non-zero header padding
2.47.86. [ID: 352] SACK block announced data not sent
2.47.87. [ID: 581] Non-first SACK block announced acknowledged[...]
2.47.88. [ID: 253] Disallowed TCP option
2.47.89. [ID: 391] SYN only option in non-SYN segment
2.47.90. [ID: 194] TCP option length missing
2.47.91. [ID: 351] TCP option does not fit in the header
2.47.92. [ID: 429] Unused non-zero ACK
2.47.93. [ID: 245] Unused non-zero urgent pointer
2.47.94. [ID: 188] Unexpected TCP flags
2.47.95. [ID: 433] Unexpected SYN packet
2.47.96. [ID: 510] TCP state tracking requires stricter[...]
2.47.97. [ID: 293] TCP window shrinking
2.48. THRESHOLD
2.48.1. [ID: 1115] Threshold notice
2.48.2. [ID: 1085] Threshold blacklist
2.48.3. [ID: 1128] Threshold block flow
2.48.4. [ID: 1147] Threshold reject flow
2.48.5. [ID: 1123] Threshold tag flow
2.48.6. [ID: 1126] Threshold is no longer exceeded
2.48.7. [ID: 1107] Threshold is exceeded
2.48.8. [ID: 1130] Random group replacement
2.49. TIMESYNC
2.49.1. [ID: 772] An internal error has occurred
2.49.2. [ID: 634] Time synchronization prevented due to[...]
2.49.3. [ID: 635] Time synchronization prevented due to[...]
2.49.4. [ID: 386] Communication with server has failed
2.49.5. [ID: 524] Time synchronization is currently impossible
2.49.6. [ID: 385] The clock has drifted so much that it is not[...]
2.49.7. [ID: 529] Time has been synchronized
2.50. UDP
2.50.1. [ID: 482] Mismatching UDP IP payload length
2.50.2. [ID: 573] Bad UDP checksum
2.50.3. [ID: 119] Bad UDP checksum
2.50.4. [ID: 602] Bad UDP checksum
2.50.5. [ID: 1076] Bad UDP checksum
2.50.6. [ID: 374] Invalid jumbogram UDP header length
2.50.7. [ID: 292] Truncated UDP header
2.51. VLAN
2.51.1. [ID: 879] VLAN packet with CFI set
2.51.2. [ID: 880] Packet is too small to contain VLAN header
2.51.3. [ID: 878] VLAN packet with unknown VLAN id

Chapter 1: Introduction

[Note] Note: This document is also available in other formats

A PDF version of this document along with all current and older documentation in PDF format can be found at https://my.clavister.com.

It also available in a framed HTML version.

This guide is a reference for all log messages generated by the Clavister cOS Stream. It is designed to be a valuable information source for both management and troubleshooting.

1.1. Log Message Structure

All log messages have a common design with attributes that include category, severity and recommended actions. These attributes enable the easy filtering of log messages, either within the system prior to sending them to a log receiver, or as part of analysis that takes place after the logging and storage of messages on an external log server.

The following information is provided for each specific log message:

Name

The name of the log message, which is the message's main category followed by "_" followed by a short string in which each new word begins with a capital letter.

ID

The ID is a string of digits which uniquely identifies the log message.

[Note] Note
The Name and the ID of the log message form the title of the section describing the log message.

Log Categories

Log messages belong to categories, where each category maps to a specific subsystem. For instance, the IPSEC category includes some hundreds of log messages, all related to IPSec VPN activities. A log message can belong to more than one category and each message has a main category.

In this guide, categories are listed as sections in Chapter 2, Log Message Reference and each section includes log messages with that category as their main category.

Log Message
A brief explanation of the event that took place.
Default Log Severity

The default severity level for this log message. For a list of severity levels, please see section Section 1.2, Severity levels.

SNMP Trap Category

The category of an associated SNMP Trap.

SNMP Trap MIB Name

The name of an associated SNMP Trap in the trap MIB.

SNMP Trap MIB OID

The OID of an associated SNMP Trap in the trap MIB.

Parameters

The parameter values that are included in the log message.

Explanation

A detailed explanation of the event.

Note that this information is only featured in this reference guide, and is never actually included in the log message.

Gateway Action

A short string, 1-3 words separated by _, of what action the system will take. If the log message is purely informative, this is set to "None".

Action Description

Describes what is actually meant by the specified gateway action. Note that this piece of information is only featured in this reference guide, and is never actually included in the log message.

Proposed Action

A detailed proposal of what the administrator can do if this log message is received. If the log message is purely informative, this is set to "None".

Note that this information is only featured in this reference guide, and is never actually included in the log message.

1.2. Severity levels

An event has a default severity level, based on how serious the event is. The following eight severity levels are possible, as defined by the Syslog protocol:

0 - Emergency
Emergency conditions, which most likely led to the system being unusable.
1 - Alert
Alert conditions, which affected the functionality of the unit. Needs attention immediately.
2 - Critical
Critical conditions, which affected the functionality of the unit. Action should be taken as soon as possible.
3 - Error
Error conditions, which probably affected the functionality of the unit.
4 - Warning
Warning conditions, which could affect the functionality of the unit.
5 - Notice
Normal, but significant, conditions.
6 - Informational
Informational conditions.
7 - Debug
Debug level events.

The Dynamic Severity

There is an additional severity type called Dynamic which does not fit into the progressive severity list given above. A severity of Dynamic means that the severity of the log event can change. There are two uses for this severity type:

  • The system can set the severity of the event to a specific level to indicate that the triggering condition has not been dealt with.
  • The severity of the event can be explicitly set by the administrator.

Priority in Syslog Messages

In Syslog messages the priority is indicated by the parameter prio=nn.

Excluding Logged Messages

The Clavister cOS Stream allows the exclusion from logging of entire catageories of log messages or just specific log messages. It is also possible to change the severity level of log messages so that a specific category or a specific message has the severity reset to a particular level when it is sent. These features are documented further in the separate Clavister cOS Stream Administrators Guide.

Chapter 2: Log Message Reference

This chapter lists all the log event messages that can be generated by cOS Stream. The messages are grouped by category and the ID of each message is unique.

[Note] Sort Order
All log messages are sorted by their category and then by their ID number.

2.1. APPCONTROL

These log messages refer to the APPCONTROL category.

2.1.1. [ID: 1643] Application changed

Log Categories
APPCONTROL
Log Message
Application changed.
Default Log Severity
Information
Parameters
flow, flowusage, app, user, userid
Explanation
Application control has identified that the application of the flow has changed.
Gateway Action
None
Action Description
None
Proposed Action
None

2.1.2. [ID: 1645] Application identified

Log Categories
APPCONTROL
Log Message
Application identified.
Default Log Severity
Information
Parameters
flow, flowusage, app, user, userid
Explanation
Application control has identified the application of the flow.
Gateway Action
None
Action Description
None
Proposed Action
None

2.1.3. [ID: 1021] Application Control license has just expired

Log Categories
APPCONTROL
Log Message
Application Control license has just expired. Application Control will not work until subscription is renewed.
Default Log Severity
Critical
Parameters
 
Explanation
The Application Control part of the license has just expired.
Gateway Action
None
Action Description
None
Proposed Action
Renew the subscription.

2.2. ARP

These log messages refer to the ARP category.

2.2.1. [ID: 142] Allowed by access rule

Log Categories
ARP
Log Message
Allowed by access rule.
Default Log Severity
Notice
Parameters
srchw, srcip, destip, recviface, rule
Explanation
The ARP sender IP address was verified and accepted by an access rule in the access section.
Gateway Action
Allow
Action Description
None
Proposed Action
Modify the access rule accordingly, if the sender should not be allowed.

2.2.2. [ID: 144] Hardware address changed

Log Categories
ARP
Log Message
Hardware address changed.
Default Log Severity
Notice
Parameters
knownip, knownhw, newhw
Explanation
The received ARP packet has a different hardware address compared to the previously known dynamic entry.
Gateway Action
Allow
Action Description
None
Proposed Action
If this is not the wanted behavior, change the setting ARPTableSettings:ARPChanges.

2.2.3. [ID: 279] Hardware address change disallowed

Log Categories
ARP
Log Message
Hardware address change disallowed.
Default Log Severity
Notice
Parameters
knownip, knownhw, newhw, pkt
Explanation
The received ARP packet has a different hardware address compared to the previously known dynamic entry.
Gateway Action
Drop
Action Description
None
Proposed Action
If this is not the wanted behavior, change the setting ARPTableSettings:ARPChanges.

2.2.4. [ID: 638] Hardware address change detected

Log Categories
ARP
Log Message
Hardware address change detected.
Default Log Severity
Warning
Parameters
knownip, knownhw, newhw, pkt
Explanation
The received ARP packet has a different hardware address compared to the previously known dynamic entry. The address will not be updated since ARPTableSettings:ARPRequests setting does not allow updates from requests.
Gateway Action
Ignore
Action Description
None
Proposed Action
If hardware address changes should be allowed, both ARPTableSettings:ARPRequests and ARPTableSettings:ARPChanges must be set to allow.

2.2.5. [ID: 123] IP conflict detected

Log Categories
ARP
Log Message
IP conflict detected.
Default Log Severity
Warning
Parameters
srcip, srchw, iface, pkt
Explanation
A host/device using one the firewall interfaces IPs as source address were detected which could lead to connectivity problems.
Gateway Action
Reject
Action Description
Attempted to resolve the conflict by broadcasting ARP (gratuitous) ownership updates
Proposed Action
Check the network for incorrectly configured devices/hosts.

2.2.6. [ID: 653] IP conflict detected

Log Categories
ARP
Log Message
IP conflict detected.
Default Log Severity
Warning
Parameters
srcip, srchw, iface, pkt
Explanation
A host/device using one the firewall interfaces IPs as source address were detected which could lead to connectivity problems.
Gateway Action
Drop
Action Description
None
Proposed Action
Check the network for incorrectly configured devices/hosts.

2.2.7. [ID: 534] Illegal ARP sender hardware address

Log Categories
ARP,VALIDATE
Log Message
Illegal ARP sender hardware address.
Default Log Severity
Warning
Parameters
srchw, pkt
Explanation
A host in the network is using an illegal Ethernet sender address.
Gateway Action
Drop
Action Description
None
Proposed Action
Trace down the host and verify that it is not faulty/compromised.

2.2.8. [ID: 622] Out of memory initializing ARP

Log Categories
ARP,SYSTEM
Log Message
Out of memory initializing ARP.
Default Log Severity
Critical
Parameters
 
Explanation
The ARP subsystem could not be initialized due to insufficient free memory.
Gateway Action
Abort
Action Description
None
Proposed Action
Review system wide settings and try to tweak memory consuming features to use less memory.

2.2.9. [ID: 240] Disallowed by access rule

Log Categories
ARP,VALIDATE
Log Message
Disallowed by access rule.
Default Log Severity
Warning
Parameters
srchw, srcip, destip, recviface, pkt, rule
Explanation
The sender IP is not allowed according to the access rules and/or routing table.
Gateway Action
Drop
Action Description
None
Proposed Action
If the address should be allowed modify the access rule and/or routing table accordingly.

2.2.10. [ID: 269] Mismatching hardware addresses

Log Categories
ARP,VALIDATE
Log Message
Mismatching hardware addresses.
Default Log Severity
Notice
Parameters
hwaddr, arphw, pkt
Explanation
The hardware sender address specified in the ARP data does not match the Ethernet hardware sender address.
Gateway Action
Allow
Action Description
None
Proposed Action
If this is not the wanted behavior, change the setting ARPTableSettings:ARPMatchEnetSender.

2.2.11. [ID: 618] Mismatching hardware addresses

Log Categories
ARP,VALIDATE
Log Message
Mismatching hardware addresses.
Default Log Severity
Notice
Parameters
hwaddr, arphw, pkt
Explanation
The hardware sender address specified in the ARP data does not match the Ethernet hardware sender address.
Gateway Action
Drop
Action Description
None
Proposed Action
If this is not the wanted behavior, change the setting ARPTableSettings:ARPMatchEnetSender.

2.2.12. [ID: 350] Unable to add ARP entry to cache due to no[...]

Log Categories
ARP
Log Message
Unable to add ARP entry to cache due to no free entries.
Default Log Severity
Error
Parameters
hwaddr, ip, iface, pkt
Explanation
Unable to store ARP cache entry due exhaustion.
Gateway Action
Drop
Action Description
None
Proposed Action
If the number of communication devices/hosts is as expected the setting ARPTableSettings:ARPCacheSize might need to be increased.

2.2.13. [ID: 377] ARP entry lost due to cache limit

Log Categories
ARP,STATEFUL
Log Message
ARP entry lost due to cache limit.
Default Log Severity
Warning
Parameters
ip, knownhw, iface
Explanation
The firewall need to resolve an IP address, but the current virtual system is out of free ARP entries. The ARP entry for IP ip at interface iface has been freed in order to continue.
Gateway Action
Discard
Action Description
The firewall has been forced to discard one existing ARP entry in use
Proposed Action
This log is commonly seen during some denial-of-service attacks. If you think that the system should be able to handle this amount of dynamic ARP entries, review the ARPTableSettings:ARPCacheSize setting and consider increasing it. Whether to log this event is controlled by the ARPTableSettings:LogARPOutOfEntries setting.

2.2.14. [ID: 302] No sender IP

Log Categories
ARP,VALIDATE
Log Message
No sender IP.
Default Log Severity
Notice
Parameters
pkt
Explanation
The source IP address of an ARP query is 0.0.0.0 which may introduce problems.
Gateway Action
Allow
Action Description
None
Proposed Action
If this is not the wanted behavior, change the setting ARPTableSettings:ARPQueryNoSenderIP.

2.2.15. [ID: 626] No sender IP

Log Categories
ARP,VALIDATE
Log Message
No sender IP.
Default Log Severity
Notice
Parameters
pkt
Explanation
The source IP address of an ARP query is 0.0.0.0 which may introduce problems.
Gateway Action
Drop
Action Description
None
Proposed Action
If this is not the wanted behavior, change the setting ARPTableSettings:ARPQueryNoSenderIP.

2.2.16. [ID: 526] ARP resolve timeout

Log Categories
ARP,STATEFUL
Log Message
ARP resolve timeout.
Default Log Severity
Notice
Parameters
localip, ip, iface, flow, user, userid
Explanation
The firewall failed to resolve IP ip at interface iface. The IP is not reachable via the local network; traffic to and from this address will be dropped.
Gateway Action
Drop
Action Description
None
Proposed Action
The "arpsnoop" feature will allow realtime examination of the ARP traffic at interface iface; use this to pinpoint the problem. Review the route configuration and the access rules, especially when seemingly valid ARP replies are discarded. Verify whether is possible to route bidirectional traffic to and from IP ip at interface iface. Whether to log this event is controlled by the ARPTableSettings:LogARPResolveFailure setting.

2.2.17. [ID: 106] ARP sender hardware address is broadcast[...]

Log Categories
ARP,VALIDATE
Log Message
ARP sender hardware address is broadcast address.
Default Log Severity
Notice
Parameters
pkt
Explanation
The sender address specified in the ARP data matches the broadcast address which may introduce problems.
Gateway Action
Allow
Action Description
None
Proposed Action
If this is not the wanted behavior, change the setting ARPTableSettings:ARPBroadcast.

2.2.18. [ID: 247] ARP sender hardware address is broadcast[...]

Log Categories
ARP,VALIDATE
Log Message
ARP sender hardware address is broadcast address.
Default Log Severity
Warning
Parameters
pkt
Explanation
The sender address specified in the ARP data matches the broadcast address which may introduce problems.
Gateway Action
Drop
Action Description
None
Proposed Action
If this is not the wanted behavior, change the setting ARPTableSettings:ARPBroadcast.

2.2.19. [ID: 262] ARP sender hardware address is multicast[...]

Log Categories
ARP,VALIDATE
Log Message
ARP sender hardware address is multicast address.
Default Log Severity
Notice
Parameters
 
Explanation
The sender address specified in the ARP data matches the multicast address range which may introduce problems.
Gateway Action
Allow
Action Description
None
Proposed Action
If this is not the wanted behavior, change the setting ARPTableSettings:ARPMulticast.

2.2.20. [ID: 117] ARP sender hardware address is multicast[...]

Log Categories
ARP,VALIDATE
Log Message
ARP sender hardware address is multicast address.
Default Log Severity
Notice
Parameters
pkt
Explanation
The sender address specified in the ARP data matches the multicast address range which may introduce problems.
Gateway Action
Drop
Action Description
None
Proposed Action
If this is not the wanted behavior, change the setting ARPTableSettings:ARPMulticast.

2.2.21. [ID: 308] ARP collides with static entry

Log Categories
ARP
Log Message
ARP collides with static entry.
Default Log Severity
Warning
Parameters
knowntype, knownip, knownhw, pkt
Explanation
The hardware sender address does not match the static entry in the ARP table and static ARP changes are not allowed.
Gateway Action
Drop
Action Description
None
Proposed Action
If the new address is correct, update the static ARP entry.

2.2.22. [ID: 584] Unsolicited ARP reply received

Log Categories
ARP
Log Message
Unsolicited ARP reply received.
Default Log Severity
Notice
Parameters
pkt
Explanation
An ARP reply was received even though no reply was currently expected for this IP.
Gateway Action
Allow
Action Description
The ARP reply was accepted and local ARP cache updated
Proposed Action
If this is not the wanted behavior, change the setting ARPTableSettings:UnsolicitedARPReplies.

2.2.23. [ID: 540] Unsolicited ARP reply received

Log Categories
ARP
Log Message
Unsolicited ARP reply received.
Default Log Severity
Notice
Parameters
pkt
Explanation
An ARP reply was received even though no reply was currently expected for this IP.
Gateway Action
Drop
Action Description
The ARP reply was dropped
Proposed Action
If this is not the wanted behavior, change the setting ARPTableSettings:UnsolicitedARPReplies.

2.3. AUTHSYS

These log messages refer to the AUTHSYS category.

2.3.1. [ID: 684] User is already logged in

Log Categories
AUTHSYS
Log Message
User is already logged in.
Default Log Severity
Warning
Parameters
userid, user, ip, profile, agent
Explanation
A user with the same username as an already authenticated user tried to log in and was rejected.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.2. [ID: 669] Failed to retrieve information from[...]

Log Categories
AUTHSYS
Log Message
Failed to retrieve information from authentication source.
Default Log Severity
Warning
Parameters
userid, user, ip, profile, agent, userdb
Explanation
Information regarding a user session could not be retrieved from the source database.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.3. [ID: 690] Unknown user or invalid password

Log Categories
AUTHSYS
Log Message
Unknown user or invalid password.
Default Log Severity
Notice
Parameters
userid, user, ip, profile, agent
Explanation
A user failed to log in. The entered username or password was invalid.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.4. [ID: 679] Login prevented due to brute force attack[...]

Log Categories
AUTHSYS
Log Message
Login prevented due to brute force attack prevention.
Default Log Severity
Warning
Parameters
userid, user, ip, profile, agent
Explanation
A login attempt was prevented due to quick repeated failures when validating user credentials.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.5. [ID: 793] Invalid Charging characteristics attribute in[...]

Log Categories
AUTHSYS
Log Message
Invalid Charging characteristics attribute in RADIUS Access-Accept.
Default Log Severity
Warning
Parameters
userid, user, ip, profile, agent, userdb
Explanation
The RADIUS server sent a Charging Characteristics attribute which could not be interpreted.
Gateway Action
None
Action Description
None
Proposed Action
Verify that the Charging Characteristics attribute on the RADIUS server is configured correctly.

2.3.6. [ID: 685] Received an invalid EAP packet

Log Categories
AUTHSYS
Log Message
Received an invalid EAP packet.
Default Log Severity
Warning
Parameters
userid, user, ip, profile, agent, userdb
Explanation
Received an invalid EAP packet from an authentication source.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.7. [ID: 774] Maximum number of user sessions for the[...]

Log Categories
AUTHSYS
Log Message
Maximum number of user sessions for the username has been reached.
Default Log Severity
Warning
Parameters
user, profile, agent
Explanation
The maximum allowed number of simultaneous session for a user has been reached and the new session is rejected.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.8. [ID: 670] IMSI attribute missing in RADIUS Access-Accept

Log Categories
AUTHSYS
Log Message
IMSI attribute missing in RADIUS Access-Accept.
Default Log Severity
Warning
Parameters
userid, user, ip, profile, agent, userdb
Explanation
No IMSI could be extracted from the user identity (IDi) or fetched from the RADIUS server.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.9. [ID: 810] MSISDN attribute missing in RADIUS[...]

Log Categories
AUTHSYS
Log Message
MSISDN attribute missing in RADIUS Access-Accept.
Default Log Severity
Notice
Parameters
userid, user, ip, profile, agent, userdb
Explanation
The MSISDN attribute (Callback-Number) was missing in the Access-Accept message.
Gateway Action
None
Action Description
None
Proposed Action
Check the RADIUS server's user configuration.

2.3.10. [ID: 844] EAP type is not allowed by authentication[...]

Log Categories
AUTHSYS
Log Message
EAP type is not allowed by authentication profile.
Default Log Severity
Warning
Parameters
userid, user, ip, profile, agent, type
Explanation
A user and server used an EAP type that was not allowed by the authentication profile.
Gateway Action
None
Action Description
None
Proposed Action
Check the authentication profile configuration if the EAP type should be allowed.

2.3.11. [ID: 674] Out of memory while authenticating a user

Log Categories
AUTHSYS
Log Message
Out of memory while authenticating a user.
Default Log Severity
Alert
Parameters
userid, user, ip, profile, agent
Explanation
The unit failed to allocate and is out of memory.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.12. [ID: 688] Denied access according to authentication[...]

Log Categories
AUTHSYS
Log Message
Denied access according to authentication profile.
Default Log Severity
Warning
Parameters
 
Explanation
A user is not allowed to authenticate according to the authentication profile settings.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.13. [ID: 792] The authentication profile is still in[...]

Log Categories
AUTHSYS
Log Message
The authentication profile is still in initialization process.
Default Log Severity
Warning
Parameters
profile, agent
Explanation
A user requesting login was rejected as the authentication profile has not been fully initialized yet.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.14. [ID: 673] Received RADIUS Access-Accept message

Log Categories
AUTHSYS
Log Message
Received RADIUS Access-Accept message.
Default Log Severity
Notice
Parameters
userid, user, ip, profile, agent, userdb
Explanation
Access-Accept message received from RADIUS server.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.15. [ID: 1666] Received RADIUS Access-Challenge message

Log Categories
AUTHSYS
Log Message
Received RADIUS Access-Challenge message.
Default Log Severity
Information
Parameters
userid, user, ip, profile, agent, userdb
Explanation
Access-Challenge message received from RADIUS server.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.16. [ID: 681] Received RADIUS Access-Reject message

Log Categories
AUTHSYS
Log Message
Received RADIUS Access-Reject message.
Default Log Severity
Warning
Parameters
userid, user, ip, profile, agent, userdb
Explanation
Access-Reject message received from RADIUS server.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.17. [ID: 812] Challenges are not supported when using XAuth

Log Categories
AUTHSYS
Log Message
Challenges are not supported when using XAuth.
Default Log Severity
Warning
Parameters
userid, user, ip, profile, agent, userdb
Explanation
The XAuth agent does not support the challenge-and-response method.
Gateway Action
None
Action Description
None
Proposed Action
Disable the challenge-and-response feature in the RADIUS server, and use password verification instead.

2.3.18. [ID: 689] Internal RADIUS error

Log Categories
AUTHSYS
Log Message
Internal RADIUS error.
Default Log Severity
Warning
Parameters
userid, user, ip, profile, agent, userdb
Explanation
An internal error occurred within the RADIUS client.
Gateway Action
None
Action Description
None
Proposed Action
Check RADIUS logs for details.

2.3.19. [ID: 665] User logged out due to session timeout

Log Categories
AUTHSYS
Log Message
User logged out due to session timeout.
Default Log Severity
Notice
Parameters
userid, user, ip, profile, agent
Explanation
A user was logged out due to session timeout.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.20. [ID: 809] Authentication source did not respond

Log Categories
AUTHSYS
Log Message
Authentication source did not respond.
Default Log Severity
Warning
Parameters
userid, user, ip, profile, agent, userdb
Explanation
A request that was sent for a user did not receive a response in time from an authentication source.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.21. [ID: 677] User belongs in too many groups

Log Categories
AUTHSYS
Log Message
User belongs in too many groups. Keeping the 32 first.
Default Log Severity
Warning
Parameters
userid, user, ip, profile, agent
Explanation
A user can only be a member of a maximum of 32 groups. This user is a member of too many groups, and only the 32 first groups will be used.
Gateway Action
None
Action Description
None
Proposed Action
Lower the number of groups that this user belongs to.

2.3.22. [ID: 676] User added

Log Categories
AUTHSYS
Log Message
User added.
Default Log Severity
Notice
Parameters
userid, user, ip, profile, agent
Explanation
A user was added and is now awaiting confirmation.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.23. [ID: 761] User updated with new IP address

Log Categories
AUTHSYS
Log Message
User updated with new IP address.
Default Log Severity
Notice
Parameters
userid, user, ip, profile, agent, old
Explanation
The authenticated IP address for a logged in user was changed.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.24. [ID: 760] Invalid user session found

Log Categories
AUTHSYS
Log Message
Invalid user session found.
Default Log Severity
Warning
Parameters
userid, user, ip, profile, agent
Explanation
An invalid user session has been found and will be removed.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.25. [ID: 672] User logged in

Log Categories
AUTHSYS
Log Message
User logged in.
Default Log Severity
Notice
Parameters
userid, user, ip, profile, agent, userdb, usergroups
Explanation
A user logged in and has been granted access, according to the group membership or user name information.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.26. [ID: 667] User logged out

Log Categories
AUTHSYS
Log Message
User logged out.
Default Log Severity
Notice
Parameters
userid, user, ip, profile, agent
Explanation
A user logged out and is no longer authenticated.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.27. [ID: 759] User updated with new username

Log Categories
AUTHSYS
Log Message
User updated with new username.
Default Log Severity
Notice
Parameters
userid, user, ip, profile, agent, old
Explanation
A user logged in with a pseudonym and its username was changed to its full username.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.28. [ID: 671] User replaced

Log Categories
AUTHSYS
Log Message
User replaced.
Default Log Severity
Notice
Parameters
userid, user, ip, profile, agent
Explanation
An old user session was replaced with a new one.
Gateway Action
None
Action Description
None
Proposed Action
None

2.3.29. [ID: 687] User table is full

Log Categories
AUTHSYS
Log Message
User table is full.
Default Log Severity
Warning
Parameters
 
Explanation
Maximum number of allowed logged in users has been reached.
Gateway Action
None
Action Description
None
Proposed Action
None

2.4. BGP

These log messages refer to the BGP category.

2.4.1. [ID: 1311] Failed to lookup gateway of BGP route

Log Categories
BGP,DYNROUTE
Log Message
Failed to lookup gateway of BGP route.
Default Log Severity
Error
Parameters
gwip, iprange, table
Explanation
BGP was unable to export the route due to route-lookup failure of the gateway IP.
Gateway Action
Discard
Action Description
Route is discarded
Proposed Action
Update the referred routing table so that the gateway IP becomes routable.

2.4.2. [ID: 1687] Unable to enable BFD due to unroutable BGP[...]

Log Categories
BGP,BFD
Log Message
Unable to enable BFD due to unroutable BGP neighbor.
Default Log Severity
Warning
Parameters
neighborip, table
Explanation
A BFD session cannot be created for the BGP neighbor due to missing route.
Gateway Action
Disable
Action Description
None
Proposed Action
Make sure the BGP peer IP has route coverage in the routing table used when communicating with the peer.

2.4.3. [ID: 1316] BGP dynrouting event

Log Categories
BGP,DYNROUTE
Log Message
BGP dynrouting event.
Default Log Severity
Error
Parameters
msg
Explanation
This is a generic message for BGP classified as erroneous.
Gateway Action
Inconclusive
Action Description
None
Proposed Action
Investigate the nature of the error message and how it affects the system.

2.4.4. [ID: 1315] BGP dynrouting event

Log Categories
BGP,DYNROUTE
Log Message
BGP dynrouting event.
Default Log Severity
Information
Parameters
msg
Explanation
This is a generic message for BGP classified as informational.
Gateway Action
None
Action Description
None
Proposed Action
None

2.4.5. [ID: 1318] BGP dynrouting event

Log Categories
BGP,DYNROUTE
Log Message
BGP dynrouting event.
Default Log Severity
Warning
Parameters
msg
Explanation
This is a generic message for BGP classified as warning.
Gateway Action
None
Action Description
None
Proposed Action
Investigate the nature of the warning message and how it affects the system.

2.4.6. [ID: 1310] Failed to add BGP route

Log Categories
BGP,DYNROUTE
Log Message
Failed to add BGP route.
Default Log Severity
Error
Parameters
iprange, gwip, table
Explanation
BGP was unable to add the route to the routing table for unknown reasons.
Gateway Action
Discard
Action Description
None
Proposed Action
Contact customer support.

2.4.7. [ID: 1313] Failed to remove BGP route

Log Categories
BGP,DYNROUTE
Log Message
Failed to remove BGP route.
Default Log Severity
Error
Parameters
iprange, gwip, table
Explanation
BGP was unable to remove the route to the routing table for unknown reasons.
Gateway Action
Discard
Action Description
None
Proposed Action
Contact customer support.

2.5. CLI

These log messages refer to the CLI category.

2.5.1. [ID: 272] Failed adding CLI command data resource

Log Categories
CLI
Log Message
Failed adding CLI command data resource.
Default Log Severity
Critical
Parameters
 
Explanation
A CLI command data resource could not be added.
Gateway Action
None
Action Description
None
Proposed Action
Verify that the system has sufficient memory available.

2.5.2. [ID: 443] All CLI commands could not be listed

Log Categories
CLI
Log Message
All CLI commands could not be listed.
Default Log Severity
Critical
Parameters
 
Explanation
All CLI commands could not be listed by the CLI during the initiation phase. This could result in that some commands are unavailable.
Gateway Action
None
Action Description
None
Proposed Action
Verify that the disk media is intact and functions correctly.

2.5.3. [ID: 213] Failed allocating memory when starting CLI[...]

Log Categories
CLI,SYSTEM
Log Message
Failed allocating memory when starting CLI command.
Default Log Severity
Alert
Parameters
 
Explanation
The CLI failed to allocate the amount of memory needed to start the command.
Gateway Action
None
Action Description
None
Proposed Action
Verify that the system has a sufficient amount of free memory.

2.5.4. [ID: 1118] Attempt to access service command view

Log Categories
CLI,SYSTEM
Log Message
Attempt to access service command view.
Default Log Severity
Information
Parameters
user, userid, count, max
Explanation
User tried to access to "service" command view.
Gateway Action
Deny
Action Description
None
Proposed Action
None

2.5.5. [ID: 1101] Service command view access granted

Log Categories
CLI,SYSTEM
Log Message
Service command view access granted.
Default Log Severity
Information
Parameters
user, userid
Explanation
Access to "service" command view was granted to user.
Gateway Action
Allow
Action Description
None
Proposed Action
None

2.5.6. [ID: 1117] Maximum number of service command view access[...]

Log Categories
CLI,SYSTEM
Log Message
Maximum number of service command view access attempts reached.
Default Log Severity
Information
Parameters
user, userid
Explanation
Maximum number of "service" command view access attempts was reached. Access to "service" command view was rejected and new challenge is generated.
Gateway Action
Deny
Action Description
None
Proposed Action
None

2.5.7. [ID: 765] Serial console CLI instance started

Log Categories
CLI
Log Message
Serial console CLI instance started.
Default Log Severity
Notice
Parameters
user, accesslevel, profile
Explanation
A serial console CLI session was started.
Gateway Action
None
Action Description
None
Proposed Action
None

2.5.8. [ID: 769] Serial console CLI authentication failed

Log Categories
CLI
Log Message
Serial console CLI authentication failed.
Default Log Severity
Notice
Parameters
user, profile
Explanation
A serial console login attempt failed since the supplied username and password could not be verified towards the correct authentication group.
Gateway Action
None
Action Description
None
Proposed Action
Verify that the user exists with the specified password. Make sure that the user has the appropriate access group(s) (Administrators and/or Auditor) set.

2.5.9. [ID: 767] Serial console CLI authentication succeeded

Log Categories
CLI
Log Message
Serial console CLI authentication succeeded.
Default Log Severity
Notice
Parameters
user, profile
Explanation
A serial console login authentication succeeded towards the authentication profile.
Gateway Action
None
Action Description
None
Proposed Action
None

2.5.10. [ID: 773] Serial console CLI session ended

Log Categories
CLI
Log Message
Serial console CLI session ended.
Default Log Severity
Notice
Parameters
user, profile
Explanation
None
Gateway Action
None
Action Description
None
Proposed Action
None

2.5.11. [ID: 764] Serial console CLI system error

Log Categories
CLI,SYSTEM
Log Message
Serial console CLI system error.
Default Log Severity
Alert
Parameters
 
Explanation
The configuration and authentication of the serial console access is not available. As a result, and for debugging purposes the serial console CLI is started with administrator privileges.
Gateway Action
None
Action Description
None
Proposed Action
Verify the serial console configuration and restart the system.

2.5.12. [ID: 332] Resource Manager failed memory allocation[...]

Log Categories
CLI,SYSTEM
Log Message
Resource Manager failed memory allocation when adding data resources.
Default Log Severity
Alert
Parameters
 
Explanation
Additional memory could not be allocated when adding data resources.
Gateway Action
None
Action Description
None
Proposed Action
Verify that the system has a sufficient amount of free memory available.

2.5.13. [ID: 483] Resource Manager failed to read information[...]

Log Categories
CLI
Log Message
Resource Manager failed to read information from resource files.
Default Log Severity
Critical
Parameters
 
Explanation
The management system data resources could not be fully updated. This could result in that management systems such as the CLI no longer functions correctly.
Gateway Action
None
Action Description
None
Proposed Action
Verify that the system has sufficient amount of resources, e.g. free memory. Verify that the storage media is intact.

2.6. CONFIG

These log messages refer to the CONFIG category.

2.6.1. [ID: 1071] Certificate created

Log Categories
CONFIG
Log Message
Certificate created.
Default Log Severity
Notice
Parameters
name
Explanation
Certificate name has been created.
Gateway Action
Accept
Action Description
None
Proposed Action
None

2.6.2. [ID: 1070] Certificate is now revoked

Log Categories
CONFIG
Log Message
Certificate is now revoked.
Default Log Severity
Notice
Parameters
name
Explanation
Certificate name has been revoked and is no longer valid.
Gateway Action
Accept
Action Description
None
Proposed Action
None

2.6.3. [ID: 1069] Certificate has been updated

Log Categories
CONFIG
Log Message
Certificate has been updated.
Default Log Severity
Notice
Parameters
name
Explanation
Certificate name has been updated.
Gateway Action
Accept
Action Description
None
Proposed Action
None

2.6.4. [ID: 512] Activating configuration changes

Log Categories
CONFIG
Log Message
Activating configuration changes.
Default Log Severity
Notice
Parameters
cfgver, mgmtsys, clientip, user, userid
Explanation
A new configuration will be activated.
Gateway Action
None
Action Description
None
Proposed Action
None

2.6.5. [ID: 105] Failed to establish bi-directional[...]

Log Categories
CONFIG
Log Message
Failed to establish bi-directional communication with peer.
Default Log Severity
Critical
Parameters
 
Explanation
The system failed to establish a connection back to peer, using the new configuration.
Gateway Action
None
Action Description
The system will revert to the previous configuration
Proposed Action
Verify that the new configuration file does not contain errors that would cause bi-directional communication failure.

2.6.6. [ID: 1048] Configuration commit failed

Log Categories
CONFIG
Log Message
Configuration commit failed.
Default Log Severity
Error
Parameters
cfgver, mgmtsys, clientip, user, userid
Explanation
The configuration could not be commited.
Gateway Action
None
Action Description
None
Proposed Action
This could be due to lack of storage space. Try freeing up allocated disk space.

2.6.7. [ID: 355] New configuration activated

Log Categories
CONFIG
Log Message
New configuration activated.
Default Log Severity
Notice
SNMP Trap Category
STARTUP
SNMP Trap MIB name
warmStart
SNMP Trap MIB OID
1.3.6.1.6.3.1.1.5.2   (SNMPv2-MIB, RFC3418)
Parameters
cfgver, mgmtsys, clientip, user, userid
Explanation
The firewall is up and running using the new configuration.
Gateway Action
None
Action Description
None
Proposed Action
None

2.6.8. [ID: 532] New configuration committed

Log Categories
CONFIG
Log Message
New configuration committed.
Default Log Severity
Notice
Parameters
cfgver, mgmtsys, clientip, user, userid
Explanation
The firewall has written a new version of the configuration to permanent storage.
Gateway Action
None
Action Description
None
Proposed Action
None

2.6.9. [ID: 494] DCOS could not allocate memory when creating[...]

Log Categories
CONFIG,SYSTEM
Log Message
DCOS could not allocate memory when creating new netobject.
Default Log Severity
Critical
Parameters
 
Explanation
DCOS could not allocate the amount of memory needed to create a new netobject. DCOS and netobject functionality might not be fully functional.
Gateway Action
None
Action Description
None
Proposed Action
Verify that there is enough free memory within the system.

2.6.10. [ID: 216] DCOS could not allocate enough memory to[...]

Log Categories
CONFIG,SYSTEM
Log Message
DCOS could not allocate enough memory to execute the netobjects CLI command.
Default Log Severity
Critical
Parameters
 
Explanation
The system does not have enough free memory to execute the netobjects command with the given parameters.
Gateway Action
None
Action Description
None
Proposed Action
Verify the amount of free memory and/or try executing the netobjects command with another parameter combination.

2.6.11. [ID: 319] DCOS storage could not be initialized

Log Categories
CONFIG
Log Message
DCOS storage could not be initialized.
Default Log Severity
Critical
Parameters
 
Explanation
DCOS could not re-initialize properly during the reconfigure phase. All netobject functionality will be unavailable.
Gateway Action
None
Action Description
None
Proposed Action
Verify that there is enough free memory within the system.

2.6.12. [ID: 1080] An address object is dynamically updated

Log Categories
CONFIG
Log Message
An address object is dynamically updated.
Default Log Severity
Notice
Parameters
module, name, value
Explanation
 
Gateway Action
None
Action Description
None
Proposed Action
None

2.6.13. [ID: 251] Beginning system reconfigure

Log Categories
CONFIG,SYSTEM
Log Message
Beginning system reconfigure.
Default Log Severity
Notice
Parameters
type, reason
Explanation
The firewall will load a new configuration, or reload the running configuration.
Gateway Action
None
Action Description
None
Proposed Action
None

2.6.14. [ID: 593] Failed to reconfigure system

Log Categories
CONFIG,SYSTEM
Log Message
Failed to reconfigure system.
Default Log Severity
Error
Parameters
user, userid
Explanation
Failed to load configuration.
Gateway Action
None
Action Description
None
Proposed Action
None

2.6.15. [ID: 594] Reconfigure completed successfully

Log Categories
CONFIG,SYSTEM
Log Message
Reconfigure completed successfully.
Default Log Severity
Notice
Parameters
user, userid
Explanation
The system has finished loading configuration.
Gateway Action
None
Action Description
None
Proposed Action
None

2.6.16. [ID: 1408] Reconfigure is triggered by subsystem

Log Categories
CONFIG,SYSTEM
Log Message
Reconfigure is triggered by subsystem.
Default Log Severity
Notice
Parameters
module, reason
Explanation
Reconfigure is triggered by subsystem.
Gateway Action
None
Action Description
None
Proposed Action
None

2.7. DHCPCLIENT

These log messages refer to the DHCPCLIENT category.

2.7.1. [ID: 306] Interface has successfully acquired a lease

Log Categories
DHCPCLIENT
Log Message
Interface has successfully acquired a lease.
Default Log Severity
Notice
Parameters
clientip, netmask, bcastip, gwip, serverip, iface
Explanation
An interface has successfully acquired a lease.
Gateway Action
None
Action Description
None
Proposed Action
None

2.7.2. [ID: 191] Lease for the interface has expired

Log Categories
DHCPCLIENT
Log Message
Lease for the interface has expired.
Default Log Severity
Warning
Parameters
iface
Explanation
A lease has expired and the IP data for this interface is no longer valid.
Gateway Action
None
Action Description
None
Proposed Action
Check connection and DHCP server reachability.

2.7.3. [ID: 1078] Lease for the interface was successfully[...]

Log Categories
DHCPCLIENT
Log Message
Lease for the interface was successfully updated.
Default Log Severity
Notice
Parameters
clientip, netmask, bcastip, gwip, serverip, iface
Explanation
An interface has successfully updated its lease.
Gateway Action
None
Action Description
None
Proposed Action
None

2.7.4. [ID: 472] No DHCP offers were received by the DHCP[...]

Log Categories
DHCPCLIENT
Log Message
No DHCP offers were received by the DHCP service.
Default Log Severity
Warning
Parameters
iface
Explanation
No DHCP offers were received from DHCP servers.
Gateway Action
None
Action Description
None
Proposed Action
Check if selected DHCP servers are available and configured properly.

2.7.5. [ID: 287] No valid DHCP offers were received

Log Categories
DHCPCLIENT
Log Message
No valid DHCP offers were received.
Default Log Severity
Warning
Parameters
iface
Explanation
No valid DHCP offers were received from DHCP servers.
Gateway Action
None
Action Description
None
Proposed Action
Check if DHCP client filters are properly configured.

2.7.6. [ID: 1094] Interface received a lease where the offered[...]

Log Categories
DHCPCLIENT
Log Message
Interface received a lease where the offered broadcast address equals the offered gateway.
Default Log Severity
Warning
Parameters
bcastip, iface
Explanation
An interface received a lease where the offered broadcast address equals the offered gateway address.
Gateway Action
Reject
Action Description
None
Proposed Action
Check DHCP server configuration.

2.7.7. [ID: 395] The lease was rejected by an address filter

Log Categories
DHCPCLIENT
Log Message
The lease was rejected by an address filter.
Default Log Severity
Notice
Parameters
clientip, iface
Explanation
The lease was rejected due to an address filter.
Gateway Action
Reject
Action Description
None
Proposed Action
Change DHCP client address filter to allow lease.

2.7.8. [ID: 522] The lease was rejected by a server filter

Log Categories
DHCPCLIENT
Log Message
The lease was rejected by a server filter.
Default Log Severity
Notice
Parameters
serverip, iface
Explanation
The lease was rejected due to a server filter.
Gateway Action
Reject
Action Description
None
Proposed Action
Change DHCP client server filter to allow lease.

2.7.9. [ID: 559] Interface received a lease which will cause[...]

Log Categories
DHCPCLIENT
Log Message
Interface received a lease which will cause an IP collision with a configured route.
Default Log Severity
Warning
Parameters
clientip, iface
Explanation
An interface received a lease which will cause an IP collision with a configured route.
Gateway Action
Reject
Action Description
None
Proposed Action
Check DHCP server configuration and system interface configuration.

2.7.10. [ID: 274] Interface received a lease with an offered IP[...]

Log Categories
DHCPCLIENT
Log Message
Interface received a lease with an offered IP that appear to be occupied.
Default Log Severity
Warning
Parameters
clientip, iface
Explanation
An interface received a lease which appears to be in use by someone else.
Gateway Action
Reject
Action Description
None
Proposed Action
Check network for statically configured hosts or incorrectly proxy ARPed routes.

2.7.11. [ID: 230] Interface received a lease with an invalid[...]

Log Categories
DHCPCLIENT
Log Message
Interface received a lease with an invalid broadcast address.
Default Log Severity
Warning
Parameters
bcastip, iface
Explanation
An interface received a lease with an invalid broadcast address.
Gateway Action
Reject
Action Description
None
Proposed Action
Check DHCP server configuration.

2.7.12. [ID: 435] Interface received a lease with an invalid[...]

Log Categories
DHCPCLIENT
Log Message
Interface received a lease with an invalid gateway address.
Default Log Severity
Warning
Parameters
gwip, iface
Explanation
An interface received a lease with an invalid gateway address.
Gateway Action
Reject
Action Description
None
Proposed Action
Check DHCP server configuration.

2.7.13. [ID: 223] Interface received a lease with an invalid IP[...]

Log Categories
DHCPCLIENT
Log Message
Interface received a lease with an invalid IP address.
Default Log Severity
Warning
Parameters
clientip, iface
Explanation
An interface received a lease with an invalid offered IP address.
Gateway Action
Reject
Action Description
None
Proposed Action
Check DHCP server configuration.

2.7.14. [ID: 325] Interface received a lease with an invalid[...]

Log Categories
DHCPCLIENT
Log Message
Interface received a lease with an invalid netmask address.
Default Log Severity
Warning
Parameters
netmask, iface
Explanation
An interface received a lease with an invalid netmask.
Gateway Action
Reject
Action Description
None
Proposed Action
Check DHCP server configuration.

2.7.15. [ID: 499] Interface received a lease with an invalid[...]

Log Categories
DHCPCLIENT
Log Message
Interface received a lease with an invalid DHCP server address.
Default Log Severity
Warning
Parameters
serverip, iface
Explanation
An interface received an invalid DHCP server address.
Gateway Action
Reject
Action Description
None
Proposed Action
Check DHCP server configuration.

2.7.16. [ID: 481] The requested lease was rejected by the server

Log Categories
DHCPCLIENT
Log Message
The requested lease was rejected by the server.
Default Log Severity
Warning
Parameters
clientip, serverip, iface
Explanation
A requested lease was rejected by a DHCP server.
Gateway Action
Reject
Action Description
None
Proposed Action
Check if client has moved to new subnet or if client's lease has expired.

2.7.17. [ID: 222] Interface received a lease which will cause a[...]

Log Categories
DHCPCLIENT
Log Message
Interface received a lease which will cause a route collision with a configured route.
Default Log Severity
Warning
Parameters
clientip, iface
Explanation
An interface received a lease which will cause a route collision with a configured route.
Gateway Action
Reject
Action Description
None
Proposed Action
Check DHCP server configuration and system interface configuration.

2.7.18. [ID: 324] Too many DHCP offers received

Log Categories
DHCPCLIENT
Log Message
Too many DHCP offers received.
Default Log Severity
Warning
Parameters
iface
Explanation
To many DHCP offers received for the interface.
Gateway Action
Ignore
Action Description
This and subsequent offers will be ignored
Proposed Action
Change DHCP client configuration to filter leases.

2.8. DHCPSERVER

These log messages refer to the DHCPSERVER category.

2.8.1. [ID: 1394] Invalid DHCP packet received

Log Categories
DHCPSERVER,DHCPCLIENT
Log Message
Invalid DHCP packet received.
Default Log Severity
Warning
Parameters
len, iface
Explanation
The system received a DHCP packet that was too short to process.
Gateway Action
Drop
Action Description
 
Proposed Action
Investigate why broken DHCP packets are sent on the network.

2.8.2. [ID: 892] All pools are depleted

Log Categories
DHCPSERVER
Log Message
All pools are depleted. Unable to handle request. Ignoring.
Default Log Severity
Warning
Parameters
 
Explanation
All pools have depleted.
Gateway Action
None
Action Description
None
Proposed Action
Extend the pools to support more clients.

2.8.3. [ID: 907] Blacklist item timed out

Log Categories
DHCPSERVER
Log Message
Blacklist item timed out. IP is.
Default Log Severity
Notice
Parameters
clientip
Explanation
Blacklisted ip automatically timeout.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.4. [ID: 888] Client accepted and bounded with IP

Log Categories
DHCPSERVER
Log Message
Client accepted and bounded with IP.
Default Log Severity
Notice
Parameters
srchw, clientip
Explanation
Client accepted the IP address and are now bound.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.5. [ID: 884] Client renewed IP

Log Categories
DHCPSERVER
Log Message
Client renewed IP.
Default Log Severity
Notice
Parameters
srchw, clientip
Explanation
Client successfully renewed its lease.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.6. [ID: 906] DHCP Server error

Log Categories
DHCPSERVER
Log Message
DHCP Server error.
Default Log Severity
Warning
Parameters
value, code, option
Explanation
DHCP Server error.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.7. [ID: 905] Got decline for ip on wrong interface so[...]

Log Categories
DHCPSERVER
Log Message
Got decline for ip on wrong interface so ignored it.
Default Log Severity
Notice
Parameters
srchw, clientip, iface, recviface
Explanation
Got decline from a client on the wrong interface.
Gateway Action
None
Action Description
None
Proposed Action
Check network for inconsistent routes.

2.8.8. [ID: 882] Client declined non offered IP

Log Categories
DHCPSERVER
Log Message
Client declined non offered IP. Decline is ignored.
Default Log Severity
Notice
Parameters
srchw
Explanation
Client rejected non a offered IP.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.9. [ID: 898] Server identifier not specified in incoming[...]

Log Categories
DHCPSERVER
Log Message
Server identifier not specified in incoming Decline message.
Default Log Severity
Notice
Parameters
 
Explanation
Server identifier not specified in incoming Decline message.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.10. [ID: 881] Server identifier in Decline message does not[...]

Log Categories
DHCPSERVER
Log Message
Server identifier in Decline message does not match this server.
Default Log Severity
Notice
Parameters
 
Explanation
Server identifier in Decline message does not match this server.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.11. [ID: 886] Client declined IP

Log Categories
DHCPSERVER
Log Message
Client declined IP. Blacklisted it.
Default Log Severity
Warning
Parameters
srchw, clientip
Explanation
A client declined (indicated that the IP is already in use someone else) offered IP.
Gateway Action
None
Action Description
None
Proposed Action
Check network for statically configured hosts or incorrectly proxy ARPed routes.

2.8.12. [ID: 883] Received DHCP packet is smaller than the[...]

Log Categories
DHCPSERVER
Log Message
Received DHCP packet is smaller than the minimum allowed 300 bytes. Dropping.
Default Log Severity
Warning
Parameters
 
Explanation
Received a DHCP packet which is smaller than the minimum allowed 300 bytes.
Gateway Action
Drop
Action Description
None
Proposed Action
Investigate what client implementation is being used.

2.8.13. [ID: 903] Got INFORM request from client

Log Categories
DHCPSERVER
Log Message
Got INFORM request from client. Acknowledging.
Default Log Severity
Notice
Parameters
srchw, clientip
Explanation
Got an inform (client already got an IP and asks for configuration parameters) request from a client.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.14. [ID: 1398] Received packet with invalid DHCP cookie

Log Categories
DHCPSERVER
Log Message
Received packet with invalid DHCP cookie. Dropping.
Default Log Severity
Warning
Parameters
 
Explanation
The system received a DHCP packet without the proper DHCP cookie.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.8.15. [ID: 921] Unable to load the lease database

Log Categories
DHCPSERVER
Log Message
Unable to load the lease database.
Default Log Severity
Error
Parameters
 
Explanation
Unable to load the lease database.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.16. [ID: 922] Lease database was successfully loaded

Log Categories
DHCPSERVER
Log Message
Lease database was successfully loaded.
Default Log Severity
Notice
Parameters
 
Explanation
Lease database was successfully loaded.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.17. [ID: 924] Unable to auto save the lease database to disk

Log Categories
DHCPSERVER
Log Message
Unable to auto save the lease database to disk.
Default Log Severity
Error
Parameters
 
Explanation
Unable to auto save the lease database to disk.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.18. [ID: 923] Lease database was successfully auto saved to[...]

Log Categories
DHCPSERVER
Log Message
Lease database was successfully auto saved to disk.
Default Log Severity
Notice
Parameters
 
Explanation
Lease database was successfully auto saved to disk.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.19. [ID: 896] Lease timed out

Log Categories
DHCPSERVER
Log Message
Lease timed out. Was bound to client.
Default Log Severity
Notice
Parameters
clientip, srchw
Explanation
A client lease wasn't renewed and timed out.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.20. [ID: 889] Offer timed out

Log Categories
DHCPSERVER
Log Message
Offer timed out. Was bound to client.
Default Log Severity
Notice
Parameters
clientip, srchw
Explanation
An offer to a client was never accepted and timed out.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.21. [ID: 887] The option section is too big

Log Categories
DHCPSERVER
Log Message
The option section is too big. Unable to reply. Dropping.
Default Log Severity
Warning
Parameters
 
Explanation
Unable to send reply since the DHCP option section is too big.
Gateway Action
Drop
Action Description
None
Proposed Action
Reduce the number of used DHCP options.

2.8.22. [ID: 948] All IPs in the pool are in use now

Log Categories
DHCPSERVER
Log Message
All IPs in the pool are in use now.
Default Log Severity
Notice
Parameters
 
Explanation
There is no address left in the pool for fulfilling the next DHCPDISCOVER.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.23. [ID: 890] All IPs in the pool are in use

Log Categories
DHCPSERVER
Log Message
All IPs in the pool are in use. Discover cannot be fulfilled.
Default Log Severity
Notice
Parameters
 
Explanation
A DISCOVER cannot be fulfilled since all pools are in use.
Gateway Action
None
Action Description
None
Proposed Action
Extend the pools to support more clients.

2.8.24. [ID: 885] Got release for IP on wrong interface

Log Categories
DHCPSERVER
Log Message
Got release for IP on wrong interface. Release is ignored.
Default Log Severity
Warning
Parameters
srchw, clientip, recviface, iface
Explanation
Got release from a client on the wrong interface.
Gateway Action
None
Action Description
None
Proposed Action
Check network for inconsistent routes.

2.8.25. [ID: 1043] The IP address the client tried to release is[...]

Log Categories
DHCPSERVER
Log Message
The IP address the client tried to release is not associated with the offered client identifier. Dropping.
Default Log Severity
Notice
Parameters
id, ip, knownip
Explanation
The IP address the client tried to release is not associated with the offered client identifier. Dropping. Argument id is client identifier of the lease.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.8.26. [ID: 1042] The IP address the client tried to release is[...]

Log Categories
DHCPSERVER
Log Message
The IP address the client tried to release is not associated with the offered MAC address. Dropping.
Default Log Severity
Notice
Parameters
srchw, ip, knownip
Explanation
The IP address the client tried to release is not associated with the offered client identifier. Dropping.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.8.27. [ID: 900] Client released IP

Log Categories
DHCPSERVER
Log Message
Client released IP.
Default Log Severity
Notice
Parameters
srchw, clientip
Explanation
A client released (prematurely ended) its lease.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.28. [ID: 901] Received a request from bounded client for[...]

Log Categories
DHCPSERVER
Log Message
Received a request from bounded client for not known IP with correct serverident. Ignoring.
Default Log Severity
Warning
Parameters
srchw, clientip
Explanation
Received a request from bounded client for not known IP with correct serverident. Ignoring.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.29. [ID: 895] Received a request from bounded client for IP[...]

Log Categories
DHCPSERVER
Log Message
Received a request from bounded client for IP with incorrect serverident. Rejecting.
Default Log Severity
Warning
Parameters
srchw, clientip
Explanation
Received a request from bounded client for IP with incorrect serverident. Rejecting.
Gateway Action
Reject
Action Description
None
Proposed Action
None

2.8.30. [ID: 899] Received a request from not-bounded client[...]

Log Categories
DHCPSERVER
Log Message
Received a request from not-bounded client for not known IP with correct serverident. Ignoring.
Default Log Severity
Warning
Parameters
srchw, newip
Explanation
Received a request from not-bounded client for not known IP with correct serverident. Ignoring.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.31. [ID: 904] Received a request from not-bounded client[...]

Log Categories
DHCPSERVER
Log Message
Received a request from not-bounded client for IP with incorrect serverident. Rejecting.
Default Log Severity
Warning
Parameters
srchw, newip
Explanation
Received a request from not-bounded client for IP with incorrect serverident. Rejecting.
Gateway Action
Reject
Action Description
None
Proposed Action
None

2.8.32. [ID: 891] Client requested non bound IP

Log Categories
DHCPSERVER
Log Message
Client requested non bound IP. Rejecting.
Default Log Severity
Warning
Parameters
srchw, ip, knownip
Explanation
Client sent a request for a non bound IP.
Gateway Action
Reject
Action Description
None
Proposed Action
None

2.8.33. [ID: 893] Client requested non offered IP

Log Categories
DHCPSERVER
Log Message
Client requested non offered IP. Rejecting.
Default Log Severity
Warning
Parameters
srchw, ip, knownip
Explanation
Client requested a non bound IP.
Gateway Action
Reject
Action Description
None
Proposed Action
None

2.8.34. [ID: 894] Received request with bad UDP checksum

Log Categories
DHCPSERVER
Log Message
Received request with bad UDP checksum. Dropping.
Default Log Severity
Warning
Parameters
 
Explanation
Received request with bad UDP checksum.
Gateway Action
Drop
Action Description
None
Proposed Action
Check network equipment for errors.

2.8.35. [ID: 902] Sending IP offer for received DISCOVER

Log Categories
DHCPSERVER
Log Message
Sending IP offer for received DISCOVER.
Default Log Severity
Notice
Parameters
srchw, knownip
Explanation
Received discover (initial IP query) from a client.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.36. [ID: 897] Failed to get buffer for sending

Log Categories
DHCPSERVER
Log Message
Failed to get buffer for sending. Unable to reply.
Default Log Severity
Warning
Parameters
 
Explanation
Unable to get a buffer for sending.
Gateway Action
None
Action Description
None
Proposed Action
Check buffer consumption.

2.8.37. [ID: 919] The matching rule does not have useful lease[...]

Log Categories
DHCPSERVER
Log Message
The matching rule does not have useful lease and allows further matching. Rematching with the next rule.
Default Log Severity
Notice
Parameters
 
Explanation
The matching rule does not have useful lease and allows further matching. Rematching with the next rule.
Gateway Action
None
Action Description
None
Proposed Action
None

2.8.38. [ID: 1399] Received DHCP option without message type

Log Categories
DHCPSERVER
Log Message
Received DHCP option without message type. Dropping.
Default Log Severity
Warning
Parameters
 
Explanation
The system received a DHCP message with an option without type.
Gateway Action
Drop
Action Description
None
Proposed Action
Investigate why broken DHCP packets are sent on the network.

2.8.39. [ID: 920] The matching rule does not have useful lease[...]

Log Categories
DHCPSERVER
Log Message
The matching rule does not have useful lease and does not allow further matching. Dropping.
Default Log Severity
Notice
Parameters
 
Explanation
The matching rule does not have useful lease and does not allow further matching. Dropping.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.8.40. [ID: 1392] Received DHCP message with unknown type

Log Categories
DHCPSERVER
Log Message
Received DHCP message with unknown type. Dropping.
Default Log Severity
Warning
Parameters
type
Explanation
The system received a DHCP message with an unknown DHCP type.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.9. DNSALG

These log messages refer to the DNSALG category.

2.9.1. [ID: 1303] Failed to create new session

Log Categories
DNSALG
Log Message
Failed to create new session.
Default Log Severity
Error
Parameters
 
Explanation
An attempt to create a new DNSALG session failed, because the unit is out of memory.
Gateway Action
Close
Action Description
None
Proposed Action
Decrease the maximum allowed DNSALG session, or try to free some of the RAM used.

2.9.2. [ID: 1307] Flow failed

Log Categories
DNSALG
Log Message
Flow failed.
Default Log Severity
Notice
Parameters
reason, originator, sessionid, flow, rule
Explanation
An error occurred that caused the DNS flow to be aborted.
Gateway Action
Abort
Action Description
None
Proposed Action
None

2.9.3. [ID: 1306] DNS packet rejected

Log Categories
DNSALG
Log Message
DNS packet rejected.
Default Log Severity
Information
Parameters
sessionid, profile, reason, flow
Explanation
A DNS packet was rejected by the ALG.
Gateway Action
Drop
Action Description
None
Proposed Action
Verify that the DNS clients are correctly configured.

2.9.4. [ID: 1308] Session closed

Log Categories
DNSALG
Log Message
Session closed.
Default Log Severity
Information
Parameters
sessionid, profile, flow
Explanation
A session using the DNS ALG was closed.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.9.5. [ID: 1304] Session opened

Log Categories
DNSALG
Log Message
Session opened.
Default Log Severity
Information
Parameters
sessionid, profile, flow
Explanation
A session using the DNS ALG was opened.
Gateway Action
Open
Action Description
None
Proposed Action
None

2.9.6. [ID: 1302] Transaction closed

Log Categories
DNSALG
Log Message
Transaction closed.
Default Log Severity
Information
Parameters
sessionid, profile, transactionid, flow
Explanation
A transaction using the DNS ALG was closed.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.9.7. [ID: 1305] Transaction opened

Log Categories
DNSALG
Log Message
Transaction opened.
Default Log Severity
Information
Parameters
sessionid, profile, transactionid, flow
Explanation
A transaction using the DNS ALG was opened.
Gateway Action
Open
Action Description
None
Proposed Action
None

2.10. DYNROUTE

These log messages refer to the DYNROUTE category.

2.10.1. [ID: 1319] Dynrouting message

Log Categories
DYNROUTE
Log Message
Dynrouting message.
Default Log Severity
Error
Parameters
module, msg
Explanation
This is a generic warning/error message from a dynroute module.
Gateway Action
None
Action Description
None
Proposed Action
Contact customer support.

2.10.2. [ID: 1312] Route lookup for dynrouting peer failed

Log Categories
DYNROUTE
Log Message
Route lookup for dynrouting peer failed.
Default Log Severity
Error
Parameters
remoteip, destport, table
Explanation
Unable to perform a route lookup for the dynrouting peer.
Gateway Action
Drop
Action Description
None
Proposed Action
Update the referred routing table so that the peer IP becomes routable.

2.11. ETHERNET

These log messages refer to the ETHERNET category.

2.11.1. [ID: 357] Broadcast Ethernet source

Log Categories
ETHERNET,STATELESS,VALIDATE
Log Message
Broadcast Ethernet source.
Default Log Severity
Warning
Parameters
srchw, pkt
Explanation
An Ethernet packet with the sender address set to the broadcast address was received.
Gateway Action
Allow
Action Description
None
Proposed Action
Legal uses for network packets with a broadcast Ethernet sender are rare. Consider adjusting the TransparencySettings:BroadcastEnetSender setting to drop these kind of packets.

2.11.2. [ID: 613] Broadcast Ethernet source

Log Categories
ETHERNET,STATELESS,VALIDATE
Log Message
Broadcast Ethernet source.
Default Log Severity
Warning
Parameters
srchw, pkt
Explanation
An Ethernet packet with the sender address set to the broadcast address was received.
Gateway Action
Drop
Action Description
None
Proposed Action
Legal uses for network packets with a broadcast Ethernet sender are rare. The TransparencySettings:BroadcastEnetSender setting can be changed to allow these kind of packets.

2.11.3. [ID: 615] Multicast Ethernet source

Log Categories
ETHERNET,STATELESS,VALIDATE
Log Message
Multicast Ethernet source.
Default Log Severity
Warning
Parameters
srchw, pkt
Explanation
An Ethernet packet with the sender address set to a multicast address was received.
Gateway Action
Allow
Action Description
None
Proposed Action
Legal uses for network packets with a multicast Ethernet sender are rare. Consider adjusting the TransparencySettings:MulticastEnetSender setting to drop these kind of packets.

2.11.4. [ID: 428] Multicast Ethernet source

Log Categories
ETHERNET,STATELESS,VALIDATE
Log Message
Multicast Ethernet source.
Default Log Severity
Warning
Parameters
srchw, pkt
Explanation
An Ethernet packet with the sender address set to a multicast address was received.
Gateway Action
Drop
Action Description
None
Proposed Action
Legal uses for network packets with a multicast Ethernet sender are rare. The TransparencySettings:MulticastEnetSender setting can be changed to allow these kind of packets.

2.11.5. [ID: 132] Not for me

Log Categories
ETHERNET,STATELESS,VALIDATE
Log Message
Not for me.
Default Log Severity
Debug
Parameters
srchw, desthw, recviface, pkt
Explanation
A unicast Ethernet packet has been received by interface recviface, but was dropped because the Ethernet destination of the packet was not that of this interface.
Gateway Action
Drop
Action Description
None
Proposed Action
This message can be turned off using the setting MiscSettings:NotLocalEnetDest.

2.11.6. [ID: 327] Null Ethernet source

Log Categories
ETHERNET,STATELESS,VALIDATE
Log Message
Null Ethernet source.
Default Log Severity
Warning
Parameters
pkt
Explanation
An Ethernet packet with a sender address consisting of all zeroes was dropped.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the TransparencySettings:NullEnetSender advanced setting to modify the logging Ethernet packets with a zero sender address.

2.11.7. [ID: 537] Unicast MAC with broadcast IP

Log Categories
ETHERNET,IPV4,STATELESS,VALIDATE
Log Message
Unicast MAC with broadcast IP.
Default Log Severity
Warning
Parameters
destip, desthw, pkt
Explanation
The Ethernet destination is unicast, but the IP destination is broadcast.
Gateway Action
Drop
Action Description
None
Proposed Action
The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where the Ethernet and the IP destination do not match.

2.11.8. [ID: 490] Unicast MAC with broadcast IP

Log Categories
ETHERNET,IPV4,STATELESS,VALIDATE
Log Message
Unicast MAC with broadcast IP.
Default Log Severity
Warning
Parameters
destip, desthw, pkt
Explanation
The Ethernet destination is unicast, but the IP destination is broadcast.
Gateway Action
None
Action Description
None
Proposed Action
The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where the Ethernet and the IP destination do not match. The recommended action is to drop these packets.

2.11.9. [ID: 229] Unicast MAC with multicast IP

Log Categories
ETHERNET,IPV4,STATELESS,VALIDATE
Log Message
Unicast MAC with multicast IP.
Default Log Severity
Warning
Parameters
destip, desthw, pkt
Explanation
The Ethernet destination is unicast, but the IP destination is multicast. This is a known exploit against some multicast protocol.
Gateway Action
Drop
Action Description
None
Proposed Action
The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where the Ethernet and the IP destination do not match.

2.11.10. [ID: 104] Unicast MAC with multicast IP

Log Categories
ETHERNET,IPV4,STATELESS,VALIDATE
Log Message
Unicast MAC with multicast IP.
Default Log Severity
Warning
Parameters
destip, desthw, pkt
Explanation
The Ethernet destination is unicast, but the IP destination is multicast. This is a known exploit against some multicast protocol.
Gateway Action
None
Action Description
None
Proposed Action
The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where the Ethernet and the IP destination do not match. The recommended action is to drop these packets.

2.11.11. [ID: 548] Non matching IP and MAC multicast

Log Categories
ETHERNET,IPV4,STATELESS,VALIDATE
Log Message
Non matching IP and MAC multicast.
Default Log Severity
Warning
Parameters
destip, desthw, pkt
Explanation
The Ethernet multicast destination does not match that of the IP multicast destination.
Gateway Action
Drop
Action Description
None
Proposed Action
The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where the Ethernet and the IP destination do not match.

2.11.12. [ID: 340] Non matching IP and MAC multicast

Log Categories
ETHERNET,IPV4,STATELESS,VALIDATE
Log Message
Non matching IP and MAC multicast.
Default Log Severity
Warning
Parameters
destip, desthw, pkt
Explanation
The Ethernet multicast destination does not match that of the IP multicast destination.
Gateway Action
None
Action Description
None
Proposed Action
The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where the Ethernet and the IP destination do not match. The recommended action is to drop these packets.

2.11.13. [ID: 627] Multicast MAC with unicast IP

Log Categories
ETHERNET,IPV4,STATELESS,VALIDATE
Log Message
Multicast MAC with unicast IP.
Default Log Severity
Warning
Parameters
destip, desthw, pkt
Explanation
The Ethernet destination is multicast, but the IP destination is not multicast.
Gateway Action
Drop
Action Description
None
Proposed Action
The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where the Ethernet and the IP destination do not match.

2.11.14. [ID: 423] Multicast MAC with unicast IP

Log Categories
ETHERNET,IPV4,STATELESS,VALIDATE
Log Message
Multicast MAC with unicast IP.
Default Log Severity
Warning
Parameters
destip, desthw, pkt
Explanation
The Ethernet destination is multicast, but the IP destination is not multicast.
Gateway Action
None
Action Description
None
Proposed Action
The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where the Ethernet and the IP destination do not match. The recommended action is to drop these packets.

2.11.15. [ID: 1665] IPv6 broadcast packet

Log Categories
ETHERNET,IPV6,STATELESS,VALIDATE
Log Message
IPv6 broadcast packet.
Default Log Severity
Warning
Parameters
srchw, desthw, recviface, pkt
Explanation
A multicast IPv6 packet, using a broadcast (or possibly some other type of non-conformal multicast) Ethernet destination, was received. This is not supported by the IPv6 standard, and most appliances will ignore such traffic.
Gateway Action
Drop
Action Description
None
Proposed Action
Investigate why these packets appear; identify, isolate and optionally update the source of the packets. As this type of messages are illegal to use in IPv6 networks, yet are universally supported by all Ethernet II capable devices, there is still a possibility that some network appliances will act in unexpected ways on the traffic. This in turn makes it a possible attack vector against IPv6 multicast services such as, but not limited to, ND (neighbour discovery) and MLD. This log message can be disabled by the IPSettings:LogNonIP4 setting.

2.11.16. [ID: 219] Unicast MAC with multicast IP

Log Categories
ETHERNET,IPV6,STATELESS,VALIDATE
Log Message
Unicast MAC with multicast IP.
Default Log Severity
Warning
Parameters
destip, desthw, pkt
Explanation
The Ethernet destination is unicast, but the IP destination is multicast. This is a known exploit against some multicast protocol.
Gateway Action
Drop
Action Description
None
Proposed Action
The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where the Ethernet and the IP destination do not match.
Proposed Action
The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where the Ethernet and the IP destination do not match.

2.11.17. [ID: 362] Unicast MAC with multicast IP

Log Categories
ETHERNET,IPV6,STATELESS,VALIDATE
Log Message
Unicast MAC with multicast IP.
Default Log Severity
Warning
Parameters
destip, desthw, pkt
Explanation
The Ethernet destination is unicast, but the IP destination is multicast. This is a known exploit against some multicast protocol.
Gateway Action
None
Action Description
None
Proposed Action
The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where the Ethernet and the IP destination do not match. The recommended action is to drop these packets.
Proposed Action
The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where the Ethernet and the IP destination do not match. The recommended action is to drop these packets.

2.11.18. [ID: 192] Non matching IP and MAC multicast

Log Categories
ETHERNET,IPV6,STATELESS,VALIDATE
Log Message
Non matching IP and MAC multicast.
Default Log Severity
Notice
Parameters
destip, desthw, pkt
Explanation
The Ethernet multicast destination does not match that of the IP multicast destination.
Gateway Action
Drop
Action Description
None
Proposed Action
The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where the Ethernet and the IP destination do not match.

2.11.19. [ID: 438] Non matching IP and MAC multicast

Log Categories
ETHERNET,IPV6,STATELESS,VALIDATE
Log Message
Non matching IP and MAC multicast.
Default Log Severity
Notice
Parameters
destip, desthw, pkt
Explanation
The Ethernet multicast destination does not match that of the IP multicast destination.
Gateway Action
None
Action Description
None
Proposed Action
The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where the Ethernet and the IP destination do not match. The recommended action is to drop these packets.

2.11.20. [ID: 595] Multicast MAC with unicast IP

Log Categories
ETHERNET,IPV6,STATELESS,VALIDATE
Log Message
Multicast MAC with unicast IP.
Default Log Severity
Warning
Parameters
destip, desthw, pkt
Explanation
The Ethernet destination is multicast, but the IP destination is not multicast.
Gateway Action
Drop
Action Description
None
Proposed Action
The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where the Ethernet and the IP destination do not match.

2.11.21. [ID: 397] Multicast MAC with unicast IP

Log Categories
ETHERNET,IPV6,STATELESS,VALIDATE
Log Message
Multicast MAC with unicast IP.
Default Log Severity
Warning
Parameters
destip, desthw, pkt
Explanation
The Ethernet destination is multicast, but the IP destination is not multicast.
Gateway Action
None
Action Description
None
Proposed Action
The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where the Ethernet and the IP destination do not match. The recommended action is to drop these packets.

2.12. FLOW

These log messages refer to the FLOW category.

2.12.1. [ID: 788] Flow HA sync failed due to ruleset lookup[...]

Log Categories
FLOW
Log Message
Flow HA sync failed due to ruleset lookup failure.
Default Log Severity
Error
Parameters
matchkey
Explanation
The flow could not be installed on the inactive node since the ruleset lookup on the inactive node failed.
Gateway Action
Skip
Action Description
None
Proposed Action
Make sure that logging is enabled on the rules that matches the traffic and look for other logs that could reveal the actual cause of the ruleset lookup failure. Could, for instance, be related to resources (memory, port allocation, etc) or configuration.

2.12.2. [ID: 333] The flow cannot be updated to comply with[...]

Log Categories
FLOW
Log Message
The flow cannot be updated to comply with rule changes.
Default Log Severity
Notice
Parameters
conflictrule, flow, flowusage, app, rule, ruletype, ruleorigin, user, userid
Explanation
The rules had been changed in such a way that the flow state could not be updated to comply. Packets with the same traffic parameters would still be able to setup new, slightly different, flow states but this flow state had to be closed.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.12.3. [ID: 1007] Flow closed by application control

Log Categories
FLOW
Log Message
Flow closed by application control.
Default Log Severity
Information
Parameters
flow, flowusage, user, userid
Explanation
The flow was closed by the application control function.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.12.4. [ID: 1127] Flow closed by an ALG

Log Categories
FLOW
Log Message
Flow closed by an ALG.
Default Log Severity
Information
Parameters
flow, flowusage, geoip, app, rule, ruletype, ruleorigin, user, userid
Explanation
A flow was closed by an ALG.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.12.5. [ID: 460] Flow closed by admin

Log Categories
FLOW
Log Message
Flow closed by admin.
Default Log Severity
Notice
Parameters
flow, flowusage, geoip, app, user, userid
Explanation
The flow was closed by request of the administrator.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.12.6. [ID: 1644] Flow closed by module

Log Categories
FLOW
Log Message
Flow closed by module.
Default Log Severity
Information
Parameters
module, reason, flow, flowusage, geoip, app, user, userid
Explanation
A module in the system closed the flow, due to error condition or rule violation.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.12.7. [ID: 341] Flow closed due to random replacement

Log Categories
FLOW
Log Message
Flow closed due to random replacement.
Default Log Severity
Warning
Parameters
flow, flowusage, geoip, app, user, userid
Explanation
There was a shortage of free flows and therefore, one randomly selected active flow or flow-pair was removed. This only happens when someone is trying to open more flows than the system has been configured to support. For instance, a distributed denial-of-service attack might trigger this event.
Gateway Action
Close
Action Description
None
Proposed Action
Configure the system to support more simultaneous flows, or try to track down the host(s) that overloads the network.

2.12.8. [ID: 379] Flow closed due to timeout

Log Categories
FLOW
Log Message
Flow closed due to timeout.
Default Log Severity
Information
Parameters
flow, flowusage, geoip, app, rule, ruletype, ruleorigin, user, userid
Explanation
The flow or flow-pair was closed since it had exceeded its idle lifetime.
Gateway Action
Close
Action Description
None
Proposed Action
The idle lifetime can be increased or decreased per protocol type or service.

2.12.9. [ID: 367] Flow closed due to reopen

Log Categories
FLOW
Log Message
Flow closed due to reopen.
Default Log Severity
Information
Parameters
flow, flowusage, app, user, userid
Explanation
A received packet belonged to another logical connection than the one represented by the flow state that matched the packet. The flow state was closed so that a new flow state could be opened for the packet. Currently, this applies when receiving a TCP SYN that does not match the state of the existing flow state.
Gateway Action
Close
Action Description
None
Proposed Action
If a new TCP SYN is allowed to close an existing flow state and create a new flow state is controlled by the setting TCPSettings:TCPAllowReopen.

2.12.10. [ID: 111] The matching flow cannot be used for the[...]

Log Categories
FLOW
Log Message
The matching flow cannot be used for the packet anymore.
Default Log Severity
Debug
Parameters
pkt
Explanation
The flow that matched the packet was changed, that is, updated or closed and opened up again, while the packet was processed by the gateway. The changes in the flow made it impossible to continue processing the packet so the packet had to be dropped.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.12.11. [ID: 500] Out of memory during flow maintenance

Log Categories
FLOW,SYSTEM
Log Message
Out of memory during flow maintenance.
Default Log Severity
Emergency
Parameters
 
Explanation
A memory allocation attempt failed while allocating memory needed for flow maintenance. Normal operation cannot be guaranteed.
Gateway Action
Abort
Action Description
None
Proposed Action
Investigate why the system is low on RAM. Review the configuration and try to free more RAM.

2.12.12. [ID: 400] Flow maintenance failed

Log Categories
FLOW
Log Message
Flow maintenance failed.
Default Log Severity
Error
Parameters
error, flow, flowusage, app, rule, ruletype, ruleorigin, user, userid
Explanation
The device failed to update a flow and had to close it. This can be a sign of a system-wide problem, for instance, low on memory.
Gateway Action
Close
Action Description
None
Proposed Action
Search for other logs that can provide more information.

2.12.13. [ID: 300] There is no flow for the packet anymore

Log Categories
FLOW
Log Message
There is no flow for the packet anymore.
Default Log Severity
Debug
Parameters
pkt
Explanation
The flow that matched the packet was closed while the packet was processed by the gateway. Since the packet was partially processed it could not safely be used to setup a new flow so the packet had to be dropped.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.12.14. [ID: 224] Packet not allowed to trigger maintenance of[...]

Log Categories
FLOW
Log Message
Packet not allowed to trigger maintenance of the flow state.
Default Log Severity
Warning
Parameters
flow, pkt, user, userid
Explanation
When trying to process a packet using a flow state, the flow state was found to be outdated. This packet could not be used to update the flow state so the packet was dropped. There are several reasons why a packet cannot be used to trigger an update of a flow state, for instance, that the packet has been partially processed or that the packet is related to the flow state rather than belonging to the connection that the flow state represents. One example of related packets is ICMP errors.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.12.15. [ID: 424] The flow is not allowed anymore

Log Categories
FLOW
Log Message
The flow is not allowed anymore.
Default Log Severity
Notice
Parameters
conflictrule, flow, flowusage, app, rule, ruletype, ruleorigin, user, userid
Explanation
The rules had been changed so that the flow was not allowed anymore.
Gateway Action
Close
Action Description
None
Proposed Action
If this flow should be allowed then verify that recent configuration changes are correct.

2.12.16. [ID: 1062] Not security equivalent after route change

Log Categories
FLOW
Log Message
Not security equivalent after route change.
Default Log Severity
Notice
Parameters
conflictrule, flow, flowusage, app, rule, ruletype, ruleorigin, user, userid
Explanation
The routes had been changed in such a way that the flow state would have been routed through interfaces that were not security equivalent with the ones originally used. Packets with the same traffic parameters would still be able to setup new, slightly different, flow states but this flow state had to be closed.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.12.17. [ID: 372] Flow opened

Log Categories
FLOW
Log Message
Flow opened.
Default Log Severity
Information
Parameters
trafficshaping, route, sessionid, ipsrule, flow, geoip, app, rule, ruletype, ruleorigin, user, userid
Explanation
A packet was received that triggered a new stateful flow to be created.
Gateway Action
Open
Action Description
None
Proposed Action
None

2.12.18. [ID: 1014] Flow opened stateless

Log Categories
FLOW
Log Message
Flow opened stateless.
Default Log Severity
Information
Parameters
trafficshaping, route, sessionid, ipsrule, flow, geoip, rule, ruletype, ruleorigin, user, userid
Explanation
A packet was received that triggered a new stateless flow to be created. Packets forwarded on stateless flows are only subject for stateless packet validation.
Gateway Action
Open
Action Description
None
Proposed Action
None

2.12.19. [ID: 1390] Out of memory when attempting to allocate[...]

Log Categories
FLOW,SYSTEM
Log Message
Out of memory when attempting to allocate flow data.
Default Log Severity
Emergency
Parameters
matchkey
Explanation
The system was out of memory and failed to allocate a new flow. All new traffic may have been completely locked out.
Gateway Action
Discard
Action Description
The system was unable to open a flow, even though policy allowed it
Proposed Action
Investigate why the system is low on RAM. Contact technical support if the cause is not obvious.

2.12.20. [ID: 543] Reject flow opened

Log Categories
FLOW
Log Message
Reject flow opened.
Default Log Severity
Warning
Parameters
trafficshaping, route, flow, geoip, rule, user, userid
Explanation
A packet matched a reject rule and a corresponding reject flow was created. A reject flow is a flow with the purpose of rejecting future packets matching the same parameters as the original packet.
Gateway Action
Open
Action Description
None
Proposed Action
None

2.12.21. [ID: 1646] Failed to reopen flow

Log Categories
FLOW
Log Message
Failed to reopen flow.
Default Log Severity
Error
Parameters
error, flow, rule, ruletype, ruleorigin, user, userid
Explanation
The system failed to reopen the flow. The flow will remain closed and the packet will be dropped.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.12.22. [ID: 122] Flow reopened

Log Categories
FLOW
Log Message
Flow reopened.
Default Log Severity
Information
Parameters
flow, app, user, userid
Explanation
A packet was received that triggered a new stateful flow to be created.
Gateway Action
Open
Action Description
None
Proposed Action
None

2.12.23. [ID: 790] Failed to setup flow due to ruleset lookup[...]

Log Categories
FLOW
Log Message
Failed to setup flow due to ruleset lookup failure.
Default Log Severity
Error
Parameters
pkt
Explanation
A flow could not be opened for the packet since the ruleset lookup failed. The packet was dropped.
Gateway Action
Drop
Action Description
None
Proposed Action
Make sure that logging is enabled on the rules that matches the traffic and look for other logs that could reveal the actual cause of the ruleset lookup failure. Could, for instance, be related to resources (memory, port allocation, etc) or configuration.

2.12.24. [ID: 521] Flow maintenance failed

Log Categories
FLOW
Log Message
Flow maintenance failed.
Default Log Severity
Notice
Parameters
error, flow, flowusage, app, rule, ruletype, ruleorigin, user, userid
Explanation
The device failed to update a flow and had to close it. This can be a sign of a problem related to this particular flow but it can also be sign of a system-wide problem, for instance, out of memory.
Gateway Action
Close
Action Description
None
Proposed Action
Search for other logs that can provide more information.

2.12.25. [ID: 1314] Packet MD5 digest did not match packet data

Log Categories
FLOW,TCP,BGP
Log Message
Packet MD5 digest did not match packet data.
Default Log Severity
Error
Parameters
pkt
Explanation
MD5 digest included in packet did not match rest of the packet data.
Gateway Action
Drop
Action Description
None
Proposed Action
Check BGP neighbor configuration.

2.12.26. [ID: 1320] Failed to insert MD5 digest to packet

Log Categories
FLOW,TCP,BGP
Log Message
Failed to insert MD5 digest to packet.
Default Log Severity
Error
Parameters
pkt
Explanation
System was unable to add MD5 digest to packet.
Gateway Action
Drop
Action Description
None
Proposed Action
Contact customer support.

2.12.27. [ID: 1317] Packet did not contain md5 digest

Log Categories
FLOW,TCP,BGP
Log Message
Packet did not contain md5 digest.
Default Log Severity
Error
Parameters
pkt
Explanation
Packet did not contain any MD5 digest.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.12.28. [ID: 1309] Packet is too small to contain MD5 digest

Log Categories
FLOW,TCP,BGP
Log Message
Packet is too small to contain MD5 digest.
Default Log Severity
Error
Parameters
pkt
Explanation
Packet is too small to contain MD5 digest.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.12.29. [ID: 1056] Same pipe used twice in same flow

Log Categories
FLOW,PIPES
Log Message
Same pipe used twice in same flow.
Default Log Severity
Warning
Parameters
pipe, conflictrule, rule
Explanation
The same pipe object pipe has been applied twice to the same flow by two different rules (rule and conflictrule). The effect of this is probably undesirable. Whether to log this event is controlled by the MiscSettings:PipeDupLog setting.
Gateway Action
Ignore
Action Description
None
Proposed Action
Review the configuration and consider re-arranging rules and traffic profiles so that no pipe object can be added by different rules matching the same traffic.

2.12.30. [ID: 1389] Not enough ICMP data for protocol translation

Log Categories
FLOW,NAT64
Log Message
Not enough ICMP data for protocol translation.
Default Log Severity
Notice
Parameters
pkt
Explanation
An ICMP error was dropped because its payload was not large enough for protocol translation.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.12.31. [ID: 1397] Protocol translation was not applicable

Log Categories
FLOW,NAT64
Log Message
Protocol translation was not applicable.
Default Log Severity
Notice
Parameters
pkt
Explanation
An ICMP message was dropped because there was no applicable protocol translation.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.12.32. [ID: 1391] Unsupported media header in protocol[...]

Log Categories
FLOW,NAT64
Log Message
Unsupported media header in protocol translation.
Default Log Severity
Notice
Parameters
pkt
Explanation
A packet with an unsupported media header was dropped when attempting protocol translation.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.12.33. [ID: 1388] Unsupported transport header in protocol[...]

Log Categories
FLOW,NAT64
Log Message
Unsupported transport header in protocol translation.
Default Log Severity
Notice
Parameters
pkt
Explanation
A packet with an unsupported transport header was dropped when attempting protocol translation.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.13. FQDN

These log messages refer to the FQDN category.

2.13.1. [ID: 1400] Added FQDN IP to netobject

Log Categories
FQDN
Log Message
Added FQDN IP to netobject.
Default Log Severity
Information
Parameters
name, fqdn, ip
Explanation
A new IP address has been resolved and added for a FQDN set on a netobject.
Gateway Action
None
Action Description
None
Proposed Action
None

2.13.2. [ID: 1413] All IP addresses expired for FQDN in netobject

Log Categories
FQDN
Log Message
All IP addresses expired for FQDN in netobject.
Default Log Severity
Warning
Parameters
name, fqdn
Explanation
All IP addresses for a FQDN in a netobject has expired. This might mean that the DNS server is no longer reachable.
Gateway Action
None
Action Description
None
Proposed Action
Check the DNS server.

2.13.3. [ID: 1422] Could not resolve FQDN for netobject

Log Categories
FQDN
Log Message
Could not resolve FQDN for netobject.
Default Log Severity
Warning
Parameters
name, fqdn, type
Explanation
It was not possible to resolve a FQDN set on a netobject. Either the FQDN does not exist, or it was not possible to reach DNS server.
Gateway Action
None
Action Description
None
Proposed Action
Check the FQDN for spelling mistakes, and that the DNS server is reachable.

2.13.4. [ID: 1423] IP expired from netobject

Log Categories
FQDN
Log Message
IP expired from netobject.
Default Log Severity
Notice
Parameters
name, fqdn, ip
Explanation
An IP address reached the time it is valid after TTL has expired, and was removed from netobject.
Gateway Action
None
Action Description
None
Proposed Action
Increase the FQDNValidAfterTTL if it is necessary to keep IP addresses longer after the TTL has expired.

2.14. FRAG

These log messages refer to the FRAG category.

2.14.1. [ID: 505] Fragment with invalid offset

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Fragment with invalid offset.
Default Log Severity
Error
Parameters
pkt
Explanation
A fragment with invalid offset was received.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:IllegalFrags setting to modify the handling of illegal fragments.

2.14.2. [ID: 617] The fragment has an invalid IP data length

Log Categories
FRAG,VALIDATE,STATELESS
Log Message
The fragment has an invalid IP data length.
Default Log Severity
Error
Parameters
datalen, pkt
Explanation
The partly reassembled IP packet has an invalid IP data length.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:IllegalFrags setting to modify the handling of illegal fragments.

2.14.3. [ID: 495] Dropping stored fragments of disallowed packet

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Dropping stored fragments of disallowed packet.
Default Log Severity
Warning
Parameters
count, srcip, destip, ipproto, fragid, state, value
Explanation
The fragments of a disallowed IP packet were dropped. The count parameter displays the number of freed fragments while the value parameter contains fragment offset and IP length for the freed fragments.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:DroppedFrags setting to modify the logging of dropped fragments.

2.14.4. [ID: 389] Dropping duplicate fragment

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Dropping duplicate fragment.
Default Log Severity
Warning
Parameters
pkt
Explanation
A duplicate fragment of an IP packet was received.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:DuplicateFrags setting to modify the logging of duplicate fragments.

2.14.5. [ID: 174] Duplicate fragment with different data[...]

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Duplicate fragment with different data received.
Default Log Severity
Error
Parameters
pkt
Explanation
The fragment was a duplicate of an already received fragment, but the fragment data differed.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:IllegalFrags setting to modify the handling of illegal fragments.

2.14.6. [ID: 525] Duplicate fragment with different length[...]

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Duplicate fragment with different length received.
Default Log Severity
Error
Parameters
pkt
Explanation
The fragment was a duplicate of an already received fragment, but the fragment lengths differed.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:IllegalFrags setting to modify the handling of illegal fragments.

2.14.7. [ID: 343] Dropping duplicate fragment of suspect packet

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Dropping duplicate fragment of suspect packet.
Default Log Severity
Warning
Parameters
pkt
Explanation
A duplicate fragment of a suspect IP packet was received.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:DuplicateFrags setting to modify the logging of duplicate fragments.

2.14.8. [ID: 528] Dropping extraneous fragments of completed[...]

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Dropping extraneous fragments of completed packet.
Default Log Severity
Warning
Parameters
count, srcip, destip, ipproto, fragid, state, value
Explanation
A completed reassembled IP packet contained extraneous fragments, which were dropped. The count parameter displays the number of freed fragments while the value parameter contains fragment offset and IP length for the freed fragments.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:IllegalFrags setting to modify the handling of illegal fragments.

2.14.9. [ID: 473] Fragment offset plus length not in range

Log Categories
FRAG,VALIDATE,STATELESS
Log Message
Fragment offset plus length not in range.
Default Log Severity
Error
Parameters
minlen, maxlen, pkt
Explanation
The fragment offset and length would be outside of the allowed IP size range.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the LengthLimSettings:LogOversizedPackets setting to modify the logging of over sized packets.

2.14.10. [ID: 171] Dropping extraneous fragment of completed[...]

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Dropping extraneous fragment of completed packet.
Default Log Severity
Warning
Parameters
pkt
Explanation
A completed reassembled IP packet contained an extraneous fragment, which was dropped.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:IllegalFrags setting to modify the handling of illegal fragments.

2.14.11. [ID: 100] Dropping fragment of disallowed packet

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Dropping fragment of disallowed packet.
Default Log Severity
Warning
Parameters
pkt
Explanation
A fragment of a disallowed IP packet was dropped.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:DroppedFrags setting to modify the logging of dropped fragments.

2.14.12. [ID: 383] Dropping fragment of disallowed suspect packet

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Dropping fragment of disallowed suspect packet.
Default Log Severity
Warning
Parameters
pkt
Explanation
A fragment of a disallowed suspect IP packet was dropped.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:DroppedFrags setting to modify the logging of dropped fragments.

2.14.13. [ID: 582] Dropping fragment of failed packet

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Dropping fragment of failed packet.
Default Log Severity
Warning
Parameters
pkt
Explanation
A fragment of a failed IP packet was dropped.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:FragReassemblyFail setting to modify the logging of failed packet reassembly attempts.

2.14.14. [ID: 248] Dropping fragment of failed suspect packet

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Dropping fragment of failed suspect packet.
Default Log Severity
Warning
Parameters
pkt
Explanation
A fragment of a failed suspect IP packet was dropped.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:FragReassemblyFail setting to modify the logging of failed packet reassembly attempts.

2.14.15. [ID: 336] Dropping fragment of illegal packet

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Dropping fragment of illegal packet.
Default Log Severity
Warning
Parameters
pkt
Explanation
A fragment of an illegal IP packet was dropped.
Gateway Action
Drop
Action Description
None
Proposed Action
FRAG_DropIllegal

2.14.16. [ID: 203] Fragmented ICMP error

Log Categories
FRAG,VALIDATE,STATELESS
Log Message
Fragmented ICMP error.
Default Log Severity
Warning
Parameters
type, pkt
Explanation
A disallowed fragmented ICMP error message was received. Only "Echo" and "EchoReply" are allowed to be fragmented.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:FragmentedICMP setting to modify the handling of fragmented ICMP error messages.

2.14.17. [ID: 577] Fragments partially overlap

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Fragments partially overlap.
Default Log Severity
Error
Parameters
pkt
Explanation
Two fragments partially overlap.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:IllegalFrags setting to modify the handling of illegal fragments.

2.14.18. [ID: 570] Dropping fragments of illegal packet

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Dropping fragments of illegal packet.
Default Log Severity
Warning
Parameters
count, srcip, destip, ipproto, fragid, state, value
Explanation
The fragments of an illegal IP packet were dropped. The count parameter displays the number of freed fragments while the value parameter contains fragment offset and IP length for the freed fragments.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:IllegalFrags setting to modify the handling of illegal fragments.

2.14.19. [ID: 380] Fragment offset plus length is greater than[...]

Log Categories
FRAG,VALIDATE,STATELESS
Log Message
Fragment offset plus length is greater than the configured maximum.
Default Log Severity
Error
Parameters
max, pkt
Explanation
The fragment offset plus length would result in a greater length than the configured maximum length of an IP packet.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the LengthLimSettings:LogOversizedPackets setting to modify the logging of over sized packets.

2.14.20. [ID: 265] Out of reassembly resources

Log Categories
FRAG,VALIDATE,STATELESS
Log Message
Out of reassembly resources.
Default Log Severity
Critical
Parameters
count, srcip, destip, ipproto, fragid, state, value
Explanation
Out of fragmentation reassembly resources when processing the IP packet. Dropping packet and freeing resources. The count parameter displays the number of freed fragments while the value parameter contains fragment offset and IP length for the freed fragments.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:FragReassemblyFail setting to modify the logging of failed packet reassembly attempts.

2.14.21. [ID: 414] Out of reassembly resources for suspect packet

Log Categories
FRAG,VALIDATE,STATELESS
Log Message
Out of reassembly resources for suspect packet.
Default Log Severity
Critical
Parameters
count, srcip, destip, ipproto, fragid, state, value
Explanation
Out of fragmentation reassembly resources when processing the suspect IP packet. Dropping packet and freeing resources. The count parameter displays the number of freed fragments while the value parameter contains fragment offset and IP length for the freed fragments.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:FragReassemblyFail setting to modify the logging of failed packet reassembly attempts.

2.14.22. [ID: 159] Fragment overlapping next fragment offset

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Fragment overlapping next fragment offset.
Default Log Severity
Error
Parameters
pkt
Explanation
This fragment would overlap the next fragment offset.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:IllegalFrags setting to modify the handling of illegal fragments.

2.14.23. [ID: 516] Dropping stored fragments of disallowed[...]

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Dropping stored fragments of disallowed suspect packet.
Default Log Severity
Warning
Parameters
count, srcip, destip, ipproto, fragid, state, value
Explanation
The fragments of a disallowed suspect IP packet were dropped. The count parameter displays the number of freed fragments while the value parameter contains fragment offset and IP length for the freed fragments.
Gateway Action
Drop
Action Description
None
Proposed Action
FRAG_DropDisallowed

2.14.24. [ID: 289] Time out reassembling

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Time out reassembling.
Default Log Severity
Critical
Parameters
count, srcip, destip, ipproto, fragid, state, value
Explanation
Timed out when reassembling a fragmented IP packet. Dropping packet. The count parameter displays the number of freed fragments while the value parameter contains fragment offset and IP length for the freed fragments.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:FragReassemblyFail setting to modify the logging of failed packet reassembly attempts.

2.14.25. [ID: 326] Time out reassembling suspect

Log Categories
FRAG,VALIDATE,STATEFUL
Log Message
Time out reassembling suspect.
Default Log Severity
Critical
Parameters
count, srcip, destip, ipproto, fragid, state, value
Explanation
Timed out when reassembling a fragmented suspect IP packet. The count parameter displays the number of freed fragments while the value parameter contains fragment offset and IP length for the freed fragments.
Gateway Action
Drop
Action Description
None
Proposed Action
Change the FragSettings:FragReassemblyFail setting to modify the logging of failed packet reassembly attempts.

2.14.26. [ID: 126] Fragmented ICMP error

Log Categories
FRAG,VALIDATE,STATELESS
Log Message
Fragmented ICMP error.
Default Log Severity
Warning
Parameters
type, pkt
Explanation
A disallowed fragmented ICMP error message was received. Only "Echo" and "EchoReply" are allowed to be fragmented.
Gateway Action
Allow
Action Description
None
Proposed Action
Change the FragSettings:FragmentedICMP setting to modify the handling of fragmented ICMP error messages.

2.15. FTPALG

These log messages refer to the FTPALG category.

2.15.1. [ID: 1146] CLNT command not allowed

Log Categories
FTPALG
Log Message
CLNT command not allowed.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
The client tried to issue a "CLNT" command, which is not valid since the client is not allowed to do this. The command will be rejected.
Gateway Action
Reject
Action Description
None
Proposed Action
If the client should be allowed to issue "CLNT" commands, modify the FTP profile configuration.

2.15.2. [ID: 1163] Command rate limit exceeded on session

Log Categories
FTPALG
Log Message
Command rate limit exceeded on session.
Default Log Severity
Warning
Parameters
sessionid, profile, max, flow
Explanation
The configured command rate limit was exceeded on a session.
Gateway Action
None
Action Description
None
Proposed Action
If this occurs during normal usage, consider increasing the limit configured on the FTP profile.

2.15.3. [ID: 1144] Data channel traffic direction restricted

Log Categories
FTPALG
Log Message
Data channel traffic direction restricted.
Default Log Severity
Information
Parameters
profile, sessionid, command, alloweddir
Explanation
Traffic on the data channel should only flow in one direction depending on which FTP command was issued. As the rule allowing the data channel is created before the direction is known, it is modified to restrict the direction once the allowed direction is learned.
Gateway Action
None
Action Description
None
Proposed Action
None

2.15.4. [ID: 1116] Disallowed client IP

Log Categories
FTPALG
Log Message
Disallowed client IP.
Default Log Severity
Warning
Parameters
sessionid, profile, ip, flow
Explanation
The client want the server to connect the data channel to an IP which is not the clients own IP.
Gateway Action
Deny
Action Description
None
Proposed Action
None

2.15.5. [ID: 1096] Client port outside configured range

Log Categories
FTPALG
Log Message
Client port outside configured range.
Default Log Severity
Warning
Parameters
sessionid, profile, port, portrange, flow
Explanation
The client tried to use a port for the data channel which is disallowed by the ClientPorts setting in the FTPAlgProfile used.
Gateway Action
Deny
Action Description
None
Proposed Action
None

2.15.6. [ID: 1149] Disallowed MODE argument

Log Categories
FTPALG
Log Message
Disallowed MODE argument.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
The client has tried to issue a MODE command to use block mode or compressed mode, which is disallowed. Command is rejected.
Gateway Action
Reject
Action Description
None
Proposed Action
None

2.15.7. [ID: 1103] Disallowed OPTS argument

Log Categories
FTPALG
Log Message
Disallowed OPTS argument.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
A disallowed OPTS argument was received, and the command will be rejected.
Gateway Action
Reject
Action Description
None
Proposed Action
None

2.15.8. [ID: 1154] Mismatched data channel IP protocol

Log Categories
FTPALG
Log Message
Mismatched data channel IP protocol.
Default Log Severity
Warning
Parameters
sessionid, profile, ipver, flow
Explanation
The client has tried to negotiate a different IP protocol for the data channel than the protocol it is using to connect to the ftp server on the control channel.
Gateway Action
Deny
Action Description
None
Proposed Action
None

2.15.9. [ID: 1125] Disallowed server IP

Log Categories
FTPALG
Log Message
Disallowed server IP.
Default Log Severity
Warning
Parameters
sessionid, profile, ip, flow
Explanation
The server wants the client to connect the data channel to an IP which is not the servers own IP.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.15.10. [ID: 1104] Server port outside configured range

Log Categories
FTPALG
Log Message
Server port outside configured range.
Default Log Severity
Warning
Parameters
sessionid, profile, port, portrange, flow
Explanation
The server tried to use a port for the data channel which is disallowed by the ServerPorts setting in the FTPAlgProfile used.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.15.11. [ID: 1145] Command is illegal since EPSV ALL is in effect

Log Categories
FTPALG
Log Message
Command is illegal since EPSV ALL is in effect.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
The client has already issued an "EPSV ALL" command and may no longer use any of the commands PORT, PASV or EPRT.
Gateway Action
Reject
Action Description
None
Proposed Action
None

2.15.12. [ID: 1095] Failed setting up data channel rule from[...]

Log Categories
FTPALG
Log Message
Failed setting up data channel rule from server to client.
Default Log Severity
Error
Parameters
sessionid, profile, srcip, destip, srcport, destport, flow
Explanation
An error occurred when creating a data connection from the server to client. This could possibly be a result of lack of memory.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.15.13. [ID: 1108] Failed setting up data channel rule from[...]

Log Categories
FTPALG
Log Message
Failed setting up data channel rule from client to server.
Default Log Severity
Error
Parameters
sessionid, profile, srcip, destip, srcport, destport, flow
Explanation
An error occurred when creating a data connection from the client to server. This could possibly be a result of lack of memory.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.15.14. [ID: 1135] Failed parsing EPRT command

Log Categories
FTPALG
Log Message
Failed parsing EPRT command.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
Invalid parameters to the "EPRT" command were received. The connection will be closed.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.15.15. [ID: 1157] Failed parsing EPSV command

Log Categories
FTPALG
Log Message
Failed parsing EPSV command.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
Invalid parameters to the "EPSV" command were received. The command was rejected with an error message to the client.
Gateway Action
Reject
Action Description
None
Proposed Action
None

2.15.16. [ID: 1132] Failed parsing EPSV response

Log Categories
FTPALG
Log Message
Failed parsing EPSV response.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
The response to the "EPSV" command was not formatted according to the standard. The connection will be closed.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.15.17. [ID: 1143] Failed parsing PASV response

Log Categories
FTPALG
Log Message
Failed parsing PASV response.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
The response to the "PASV" command was not formatted according to the standard. The connection will be closed.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.15.18. [ID: 1124] Failed parsing PORT command

Log Categories
FTPALG
Log Message
Failed parsing PORT command.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
Invalid parameters to the "PORT" command were received. The connection will be closed.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.15.19. [ID: 1086] Failed to create new session

Log Categories
FTPALG
Log Message
Failed to create new session.
Default Log Severity
Error
Parameters
 
Explanation
An attempt to create a new FTPALG session failed, because the unit is out of memory.
Gateway Action
Close
Action Description
None
Proposed Action
Decrease the maximum allowed FTPALG sessions, or try to free some of the RAM used.

2.15.20. [ID: 1100] Control channel failed

Log Categories
FTPALG
Log Message
Control channel failed.
Default Log Severity
Notice
Parameters
reason, originator, sessionid, flow, rule
Explanation
An error occurred that caused the FTP control channel to be aborted.
Gateway Action
Abort
Action Description
None
Proposed Action
None

2.15.21. [ID: 1113] Illegal command received

Log Categories
FTPALG
Log Message
Illegal command received.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
An illegal command was received, and the command will be rejected.
Gateway Action
Reject
Action Description
None
Proposed Action
None

2.15.22. [ID: 1110] Illegal multiline response from server

Log Categories
FTPALG
Log Message
Illegal multiline response from server.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
An illegal multiline response was received from server, and the connection will be closed.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.15.23. [ID: 1089] Illegal numeric reply from server

Log Categories
FTPALG
Log Message
Illegal numeric reply from server.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
An illegal numerical reply was received from server, and the connection will be closed.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.15.24. [ID: 1112] Invalid command from client

Log Categories
FTPALG
Log Message
Invalid command from client.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
An invalid command was received on the control channel. This is not allowed, and the connection will be closed.
Gateway Action
Close
Action Description
None
Proposed Action
If unknown commands should be allowed, modify the FTP profile configuration.

2.15.25. [ID: 1156] Invalid MODE argument

Log Categories
FTPALG
Log Message
Invalid MODE argument.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
The client has issued a MODE command with an invalid argument. Command is rejected.
Gateway Action
Reject
Action Description
None
Proposed Action
None

2.15.26. [ID: 1092] Invalid OPTS argument

Log Categories
FTPALG
Log Message
Invalid OPTS argument.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
An invalid OPTS argument was received. The argument does not start with an alphabetic letter, and the command will be rejected.
Gateway Action
Reject
Action Description
None
Proposed Action
None

2.15.27. [ID: 1102] Maximum line length exceeded

Log Categories
FTPALG
Log Message
Maximum line length exceeded.
Default Log Severity
Error
Parameters
maxlen, len, originator, sessionid, profile, flow, rule
Explanation
The maximum length of a text line sent over the control channel was exceeded, and the session will be closed. Note that the len parameter may or may not contain the full length of the violating line, it may contain the length of a partial line that exceeds the limit.
Gateway Action
Abort
Action Description
None
Proposed Action
Sending long lines might be an attempt to attack software that fails to handle lines above a certain length. If this incident is unlikely to be an attack then consider increasing the limit. The maximum line length is a configuration property of the FTP profile object.

2.15.28. [ID: 1161] No data channel setup yet

Log Categories
FTPALG
Log Message
No data channel setup yet.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
A command which requires a data channel was issued without first having setup a data channel. The command is rejected.
Gateway Action
Reject
Action Description
None
Proposed Action
None

2.15.29. [ID: 1140] Data channel dynamic PREPBR rule added

Log Categories
FTPALG
Log Message
Data channel dynamic PREPBR rule added.
Default Log Severity
Information
Parameters
profile, sessionid, command, srcip, destip, srcport, destport, srciface
Explanation
To ensure that the data channel always uses the same routing tables as the control channel, a PREPBR rule has been added to the system.
Gateway Action
None
Action Description
None
Proposed Action
None

2.15.30. [ID: 1148] Data channel dynamic PREPBR rule removed

Log Categories
FTPALG
Log Message
Data channel dynamic PREPBR rule removed.
Default Log Severity
Information
Parameters
profile, sessionid, command, srcip, destip, srcport, destport, srciface
Explanation
A PREPBR rule, which was added to ensure that the data channel always uses the same routing tables as the control channel, has now been removed.
Gateway Action
None
Action Description
None
Proposed Action
None

2.15.31. [ID: 1093] Invalid command from client

Log Categories
FTPALG
Log Message
Invalid command from client.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
An invalid command was received on the control channel. This is allowed, but the command will be rejected as it is not understood.
Gateway Action
Reject
Action Description
None
Proposed Action
If unknown commands should not be allowed, modify the FTP profile configuration.

2.15.32. [ID: 1097] Data channel dynamic rule added

Log Categories
FTPALG
Log Message
Data channel dynamic rule added.
Default Log Severity
Information
Parameters
profile, sessionid, command, srcip, destip, srcport, destport, srciface, destiface
Explanation
FTPALG has added a dynamic rule to allow the data channel for FTP.
Gateway Action
None
Action Description
None
Proposed Action
None

2.15.33. [ID: 1099] Data channel dynamic rule removed

Log Categories
FTPALG
Log Message
Data channel dynamic rule removed.
Default Log Severity
Information
Parameters
profile, sessionid, command, srcip, destip, srcport, destport, srciface, destiface
Explanation
FTPALG has removed a dynamic rule it added previously to allow the data channel for FTP.
Gateway Action
None
Action Description
None
Proposed Action
None

2.15.34. [ID: 1119] Session closed

Log Categories
FTPALG
Log Message
Session closed.
Default Log Severity
Information
Parameters
sessionid, profile, flow
Explanation
A session using the FTP ALG was closed.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.15.35. [ID: 1105] Session opened

Log Categories
FTPALG
Log Message
Session opened.
Default Log Severity
Information
Parameters
sessionid, profile, flow
Explanation
A session using the FTP ALG was opened.
Gateway Action
Open
Action Description
None
Proposed Action
None

2.15.36. [ID: 1153] SITE EXEC not allowed

Log Categories
FTPALG
Log Message
SITE EXEC not allowed.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
The client tried to issue a "SITE EXEC" command, which is not valid since the client is not allowed to do this. The command will be rejected.
Gateway Action
Reject
Action Description
None
Proposed Action
If the client should be allowed to issue "SITE EXEC" commands, modify the FTP profile configuration.

2.15.37. [ID: 1114] Unexpected telnet control chars from client

Log Categories
FTPALG
Log Message
Unexpected telnet control chars from client.
Default Log Severity
Warning
Parameters
sessionid, profile, flow
Explanation
Unexpected telnet control characters were discovered in the control channel. This is not allowed according to the FTPALG profile configuration, and the connection will be closed.
Gateway Action
Close
Action Description
None
Proposed Action
If unknown commands should be allowed, modify the FTP profile configuration.

2.15.38. [ID: 1106] Unexpected telnet control chars from server

Log Categories
FTPALG
Log Message
Unexpected telnet control chars from server.
Default Log Severity
Warning
Parameters
sessionid, profile, flow
Explanation
Unexpected telnet control characters were discovered in the control channel. This is not allowed according to the FTP profile configuration, and the connection will be closed.
Gateway Action
Close
Action Description
None
Proposed Action
If unknown commands should be allowed, modify the FTP profile configuration.

2.15.39. [ID: 1090] Unknown command received

Log Categories
FTPALG
Log Message
Unknown command received.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
An unknown command was received, and the command will be rejected.
Gateway Action
Reject
Action Description
None
Proposed Action
If unknown commands should be allowed, modify the FTP profile configuration.

2.15.40. [ID: 1321] Unknown FEAT response from server

Log Categories
FTPALG
Log Message
Unknown FEAT response from server.
Default Log Severity
Information
Parameters
sessionid, profile, cmdline, flow
Explanation
An unknown FEAT response was received from server and was stripped.
Gateway Action
Strip
Action Description
None
Proposed Action
If the FEAT response the server sent is needed, change the FTP profile to allow unknown commands.

2.15.41. [ID: 1111] Unknown OPTS argument

Log Categories
FTPALG
Log Message
Unknown OPTS argument.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
An unknown OPTS argument was received, and the command will be rejected.
Gateway Action
Reject
Action Description
None
Proposed Action
If unknown commands should be allowed, modify the FTP profile configuration.

2.15.42. [ID: 1131] Unsolicited extended passive mode response[...]

Log Categories
FTPALG
Log Message
Unsolicited extended passive mode response from server.
Default Log Severity
Warning
Parameters
sessionid, profile, flow
Explanation
An illegal response was received from the server, and the connection is closed.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.15.43. [ID: 1122] Unsolicited passive mode response from server

Log Categories
FTPALG
Log Message
Unsolicited passive mode response from server.
Default Log Severity
Warning
Parameters
sessionid, profile, flow
Explanation
An illegal response was received from the server, and the connection is closed.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.15.44. [ID: 1137] Unsupported encryption FEAT response from[...]

Log Categories
FTPALG
Log Message
Unsupported encryption FEAT response from server.
Default Log Severity
Information
Parameters
sessionid, profile, cmdline, flow
Explanation
A feature response from the server announcing support for encryption unsupported by the FTPALG has been stripped from the response.
Gateway Action
Strip
Action Description
None
Proposed Action
None

2.15.45. [ID: 1162] Unsupported encryption command rejected

Log Categories
FTPALG
Log Message
Unsupported encryption command rejected.
Default Log Severity
Warning
Parameters
sessionid, profile, cmdline, flow
Explanation
An FTP command related to encryption, that is not supported by the FTPALG, has been rejected.
Gateway Action
Reject
Action Description
None
Proposed Action
None

2.15.46. [ID: 1155] Data in wrong direction on data channel

Log Categories
FTPALG
Log Message
Data in wrong direction on data channel.
Default Log Severity
Warning
Parameters
sessionid, profile, command, alloweddir, flow, user, userid
Explanation
Data has been sent on the data channel in a direction not expected according to the command issued to retrieve or store file. The control channel and data channel will be closed.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.16. GRE

These log messages refer to the GRE category.

2.16.1. [ID: 1650] GRE packet without any payload after GRE[...]

Log Categories
GRE
Log Message
GRE packet without any payload after GRE header.
Default Log Severity
Warning
Parameters
flow, pkt, user, userid
Explanation
Received a GRE packet without any payload after the GRE header.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.16.2. [ID: 1651] Mismatch between the GRE payload protocol[...]

Log Categories
GRE
Log Message
Mismatch between the GRE payload protocol type and the payload IP version.
Default Log Severity
Warning
Parameters
proto, ipver, flow, pkt, user, userid
Explanation
Received a GRE packet with header protocol type and payload IP version mismatch.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.16.3. [ID: 1649] Failed to reassemble fragmented GRE packet

Log Categories
GRE,FRAG
Log Message
Failed to reassemble fragmented GRE packet.
Default Log Severity
Warning
Parameters
pktlen, flow, pkt, user, userid
Explanation
The packet was fragmented and could not be reassembled.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.16.4. [ID: 1647] Unsupported GRE flags

Log Categories
GRE
Log Message
Unsupported GRE flags.
Default Log Severity
Warning
Parameters
flags, flow, pkt, user, userid
Explanation
Received a GRE packet with unsupported flags. Only support "checksum present", "key present", "sequence number present" flags.
Gateway Action
Drop
Action Description
None
Proposed Action
Check GRE endpoint configuration.

2.16.5. [ID: 1652] Unsupported GRE payload protocol type

Log Categories
GRE
Log Message
Unsupported GRE payload protocol type.
Default Log Severity
Warning
Parameters
proto, flow, pkt, user, userid
Explanation
Received a GRE packet with unsupported payload protocol type. Only IPv4 (0x0800) and IPv6 (0x86DD) are supported.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.16.6. [ID: 1648] Unsupported GRE version

Log Categories
GRE
Log Message
Unsupported GRE version.
Default Log Severity
Warning
Parameters
version, flow, pkt, user, userid
Explanation
Received a GRE packet with unsupported version. Only version 0 is supported.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.17. GTP

These log messages refer to the GTP category.

2.17.1. [ID: 971] Failed to activate PDP context

Log Categories
GTP
Log Message
Failed to activate PDP context.
Default Log Severity
Warning
Parameters
imsi, msisdn, eua, teiddi, iface
Explanation
The system received a PDP context response, and a GTP tunnel negotiation was almost finished, when it was interrupted.
Gateway Action
Close
Action Description
None
Proposed Action
Verify that the GGSN is correctly configured.

2.17.2. [ID: 776] Active PDP context negotiation

Log Categories
GTP
Log Message
Active PDP context negotiation.
Default Log Severity
Notice
Parameters
imsi, msisdn, eua, teiddi, type, iface
Explanation
A PDP context negotiation is active.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.3. [ID: 757] Failed to allocate message

Log Categories
GTP
Log Message
Failed to allocate message.
Default Log Severity
Error
Parameters
localip, remoteip, scope, iface
Explanation
The system could not allocate a message buffer.
Gateway Action
Abort
Action Description
None
Proposed Action
None

2.17.4. [ID: 717] Bad GTP header length

Log Categories
GTP
Log Message
Bad GTP header length.
Default Log Severity
Notice
Parameters
pkt
Explanation
Received GTP packet with a bad length.
Gateway Action
Drop
Action Description
None
Proposed Action
Verify the integrity of the sending device.

2.17.5. [ID: 950] Failed to connect to GGSN

Log Categories
GTP
Log Message
Failed to connect to GGSN.
Default Log Severity
Warning
Parameters
imsi, msisdn, eua, teiddi, iface
Explanation
The system could not create a connection to the GGSN by preforming a APN lookup to the DNS server.
Gateway Action
Abort
Action Description
None
Proposed Action
Verify that the APN can be resolved by a DNS server lookup.

2.17.6. [ID: 960] Connection closed

Log Categories
GTP
Log Message
Connection closed.
Default Log Severity
Notice
Parameters
localip, remoteip, scope, iface
Explanation
A GTP connection to a GGSN has been closed.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.17.7. [ID: 964] Connection established

Log Categories
GTP
Log Message
Connection established.
Default Log Severity
Information
Parameters
localip, remoteip, scope, iface
Explanation
A new GTP connection to a GGSN has been established.
Gateway Action
Open
Action Description
None
Proposed Action
None

2.17.8. [ID: 710] Failed to establish connection

Log Categories
GTP
Log Message
Failed to establish connection.
Default Log Severity
Warning
Parameters
localip, remoteip, scope, iface
Explanation
A connection to a GGSN could not be established.
Gateway Action
Abort
Action Description
None
Proposed Action
None

2.17.9. [ID: 957] Invalid connection action

Log Categories
GTP
Log Message
Invalid connection action.
Default Log Severity
Warning
Parameters
localip, remoteip, scope, type, iface
Explanation
A GGSN connection has been closed, but still receives GTP-C traffic.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.17.10. [ID: 969] Failed to create lookup for APN

Log Categories
GTP
Log Message
Failed to create lookup for APN.
Default Log Severity
Error
Parameters
fqdn, iface
Explanation
The system tried unsuccessfully to resolve the APN for a remote gateway.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.11. [ID: 697] DNS resolve failed

Log Categories
GTP
Log Message
DNS resolve failed.
Default Log Severity
Warning
Parameters
fqdn, iface
Explanation
The IP address for the APN could not be resolved.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.12. [ID: 721] DNS resolve successful

Log Categories
GTP
Log Message
DNS resolve successful.
Default Log Severity
Information
Parameters
fqdn, iface
Explanation
The IP address for the APN was resolved successfully.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.13. [ID: 926] Populating recovery file failed

Log Categories
GTP
Log Message
Populating recovery file failed.
Default Log Severity
Warning
Parameters
file
Explanation
Recovery values were not successfully retrieved from the persistent storage file.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.14. [ID: 983] Failed to find MM context

Log Categories
GTP
Log Message
Failed to find MM context.
Default Log Severity
Notice
Parameters
imsi, msisdn, eua, teiddi, iface
Explanation
A MM context and its PDP context were in inconsistent states.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.15. [ID: 975] Found dangling PDP context in GGSN

Log Categories
GTP
Log Message
Found dangling PDP context in GGSN.
Default Log Severity
Warning
Parameters
imsi, msisdn, eua, teiddi, iface
Explanation
The TTG determined that the GGSN had a dangling PDP context with non matching TEID.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.17.16. [ID: 708] GGSN restarted

Log Categories
GTP
Log Message
GGSN restarted.
Default Log Severity
Warning
Parameters
localip, remoteip, scope, iface
Explanation
The remote GGSN has restarted and the current tunnels connected to that host is invalid.
Gateway Action
Close
Action Description
The tunnels that are connected to the specified GGSN will be deleted
Proposed Action
None

2.17.17. [ID: 976] All GGSNs for APN unreachable

Log Categories
GTP
Log Message
All GGSNs for APN unreachable.
Default Log Severity
Error
Parameters
localip, remoteip, scope, iface
Explanation
No GGSN responded on any of the IP addresses for which the APN resolved.
Gateway Action
None
Action Description
None
Proposed Action
Verify that GGSNs are reachable from the TTG using the IP associated with the APN.

2.17.18. [ID: 754] Failed to register GTP-U session

Log Categories
GTP
Log Message
Failed to register GTP-U session.
Default Log Severity
Critical
Parameters
remoteip, teiddi, iface
Explanation
GTP failed to initialize Control plane to User plane communication.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.19. [ID: 970] Incorrect packet header type

Log Categories
GTP
Log Message
Incorrect packet header type.
Default Log Severity
Warning
Parameters
localip, remoteip, scope, messagetype, version, iface
Explanation
The TTG received a messagetype packet using a GTP header version.
Gateway Action
Drop
Action Description
None
Proposed Action
Verify that the GGSN uses GTPv1.

2.17.20. [ID: 967] Incorrect GTP packet version

Log Categories
GTP
Log Message
Incorrect GTP packet version.
Default Log Severity
Warning
Parameters
imsi, msisdn, eua, teiddi, messagetype, iface
Explanation
The TTG received a non GTPv1 packet of messagetype.
Gateway Action
None
Action Description
None
Proposed Action
Verify that the GGSN uses GTPv1.

2.17.21. [ID: 783] Invalid length in information element

Log Categories
GTP
Log Message
Invalid length in information element.
Default Log Severity
Error
Parameters
imsi, msisdn, eua, teiddi, messagetype, iface
Explanation
An information element specified a bad length in a GTP packet.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.22. [ID: 705] Invalid mandatory information element

Log Categories
GTP
Log Message
Invalid mandatory information element.
Default Log Severity
Warning
Parameters
localip, remoteip, scope, messagetype, ie, iface
Explanation
Invalid mandatory information element in received message.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.23. [ID: 965] Invalid optional information element

Log Categories
GTP
Log Message
Invalid optional information element.
Default Log Severity
Warning
Parameters
localip, remoteip, scope, messagetype, ie, iface
Explanation
Invalid optional information element in received message.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.24. [ID: 949] Packet with invalid header

Log Categories
GTP
Log Message
Packet with invalid header.
Default Log Severity
Warning
Parameters
localip, remoteip, scope, messagetype, iface
Explanation
Invalid header in received message.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.17.25. [ID: 953] Packet with invalid length

Log Categories
GTP
Log Message
Packet with invalid length.
Default Log Severity
Notice
Parameters
localip, remoteip, len, minlen
Explanation
Received a GTP-C packet with invalid length.
Gateway Action
Drop
Action Description
None
Proposed Action
Verify the integrity of the sending device.

2.17.26. [ID: 956] Invalid TEID

Log Categories
GTP
Log Message
Invalid TEID.
Default Log Severity
Warning
Parameters
imsi, msisdn, eua, teiddi, messagetype, iface
Explanation
The TTG received a message using a reserved TEID.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.27. [ID: 981] Lingering MM context with no PDP context

Log Categories
GTP
Log Message
Lingering MM context with no PDP context.
Default Log Severity
Warning
Parameters
imsi, msisdn, iface
Explanation
A MM context without associated PDP context lingered in the TTG.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.28. [ID: 977] Could not create MM context

Log Categories
GTP
Log Message
Could not create MM context.
Default Log Severity
Error
Parameters
imsi, msisdn, iface
Explanation
A client tried to connect but a MM context could not be created, possibly because of an invalid configuration.
Gateway Action
Abort
Action Description
None
Proposed Action
None

2.17.29. [ID: 748] Maximum number of tunnels reached

Log Categories
GTP
Log Message
Maximum number of tunnels reached.
Default Log Severity
Warning
Parameters
max, iface
Explanation
Maximum number of allowed tunnels has been established, no more clients can connect.
Gateway Action
Abort
Action Description
None
Proposed Action
Increase tunnel limit in configuration.

2.17.30. [ID: 726] Missing mandatory information element

Log Categories
GTP
Log Message
Missing mandatory information element.
Default Log Severity
Warning
Parameters
localip, remoteip, scope, messagetype, ie, iface
Explanation
A message that is missing a mandatory information element was received.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.31. [ID: 973] Missing PDP context for reponse

Log Categories
GTP
Log Message
Missing PDP context for reponse.
Default Log Severity
Warning
Parameters
imsi, msisdn, eua, teiddi, messagetype, iface
Explanation
The TTG received a GGSN response but no PDP context existed in the TTG with TEID teiddi.
Gateway Action
Drop
Action Description
None
Proposed Action
Make sure that the correct GGSN is configured to the TTG.

2.17.32. [ID: 958] Failed open connection

Log Categories
GTP
Log Message
Failed open connection.
Default Log Severity
Warning
Parameters
localip, remoteip, scope, iface
Explanation
The TTG was unable to initialize a control plane connection to the GGSN.
Gateway Action
Abort
Action Description
None
Proposed Action
None

2.17.33. [ID: 779] Out of bounds information element

Log Categories
GTP
Log Message
Out of bounds information element.
Default Log Severity
Error
Parameters
imsi, msisdn, eua, teiddi, messagetype, iface
Explanation
The GTP implementation does not have enough space to extract the number of information elements present in the packet.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.17.34. [ID: 784] Out of sequence information element

Log Categories
GTP
Log Message
Out of sequence information element.
Default Log Severity
Error
Parameters
imsi, msisdn, eua, teiddi, messagetype, iface
Explanation
The information elements in a GTP packet were out of sequence.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.17.35. [ID: 980] Could not create PDP context

Log Categories
GTP
Log Message
Could not create PDP context.
Default Log Severity
Error
Parameters
imsi, msisdn, type, iface
Explanation
A client tried to connect but a PDP context could not be created, possibly because of an invalid configuration.
Gateway Action
Abort
Action Description
None
Proposed Action
None

2.17.36. [ID: 963] Packet with extension headers

Log Categories
GTP
Log Message
Packet with extension headers.
Default Log Severity
Notice
Parameters
localip, remoteip, scope, type, iface
Explanation
The TTG received a GTP-C packet containing extension headers which was dropped.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.17.37. [ID: 962] Packet with unknown extension header

Log Categories
GTP
Log Message
Packet with unknown extension header.
Default Log Severity
Warning
Parameters
localip, remoteip, scope, type, iface
Explanation
The TTG received a GTP-U packet with unknown extension headers.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.17.38. [ID: 740] Path check failed

Log Categories
GTP
Log Message
Path check failed.
Default Log Severity
Warning
Parameters
localip, remoteip, scope, iface
Explanation
A GGSN did not respond to echo requests in time and is considered as unreachable.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.17.39. [ID: 979] Received message

Log Categories
GTP
Log Message
Received message.
Default Log Severity
Notice
Parameters
localip, remoteip, scope, messagetype, iface
Explanation
The TTG received a messagetype message for scope .
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.40. [ID: 972] Received not supported message

Log Categories
GTP
Log Message
Received not supported message.
Default Log Severity
Notice
Parameters
localip, remoteip, scope, messagetype, iface
Explanation
The TTG received an unknown control plane message of messagetype .
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.41. [ID: 945] Received User Plane packet for non-existent[...]

Log Categories
GTP
Log Message
Received User Plane packet for non-existent interface.
Default Log Severity
Notice
Parameters
srcip, destip, messagetype, iface
Explanation
Received User Plane packet addressed for a non-existent GTP interface.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.42. [ID: 944] Failed to register PDP context from User Plane

Log Categories
GTP
Log Message
Failed to register PDP context from User Plane.
Default Log Severity
Warning
Parameters
teiddi, srcip, destip, iface
Explanation
Failed to register PDP context from User Plane .
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.43. [ID: 930] Failed to register PDP context

Log Categories
GTP
Log Message
Failed to register PDP context.
Default Log Severity
Notice
Parameters
teiddi, type, code, iface
Explanation
GTP failed to register a PDP context with the User plane.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.44. [ID: 939] Failed to register GTP User Plane session

Log Categories
GTP
Log Message
Failed to register GTP User Plane session.
Default Log Severity
Notice
Parameters
code, iface
Explanation
Failed to register GTP User Plane session.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.45. [ID: 982] Removing connection

Log Categories
GTP
Log Message
Removing connection.
Default Log Severity
Information
Parameters
localip, remoteip, scope, reason, iface
Explanation
The TTG tried to close down a scope connection because of reason.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.17.46. [ID: 936] Removing invalid request

Log Categories
GTP
Log Message
Removing invalid request.
Default Log Severity
Notice
Parameters
localip, remoteip, imsi, msisdn, eua, teiddi, seqno, type, scope, iface
Explanation
A remaining GTP message was detected intended for a no longer existing PDP context.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.47. [ID: 961] Failed to remove all previous User Plane GTP[...]

Log Categories
GTP
Log Message
Failed to remove all previous User Plane GTP sessions.
Default Log Severity
Notice
Parameters
 
Explanation
Failed to remove all previous User Plane GTP sessions.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.48. [ID: 955] Failed re-open connection

Log Categories
GTP
Log Message
Failed re-open connection.
Default Log Severity
Warning
Parameters
iface
Explanation
A previous opened and then closed connection could not be re-openend.
Gateway Action
Abort
Action Description
None
Proposed Action
Verify that the GGSN can be reached.

2.17.49. [ID: 951] Request was rejected

Log Categories
GTP
Log Message
Request was rejected.
Default Log Severity
Warning
Parameters
imsi, msisdn, eua, teiddi, messagetype, cause, iface
Explanation
The TTG sent a request to the GGSN. The GGSN rejected the messagetype request for reason cause.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.50. [ID: 932] Request response mismatch

Log Categories
GTP
Log Message
Request response mismatch.
Default Log Severity
Notice
Parameters
localip, remoteip, imsi, msisdn, eua, teiddi, seqno, type, scope, iface
Explanation
The received message and the expected message differ.
Gateway Action
Drop
Action Description
None
Proposed Action
Verify that the firewall is connected to the correct GGSN.

2.17.51. [ID: 694] IE TEID in create PDP context message is[...]

Log Categories
GTP
Log Message
IE TEID in create PDP context message is reserved.
Default Log Severity
Warning
Parameters
 
Explanation
The received create PDP context message contained the reserved value (0) in the TEID information element.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.17.52. [ID: 978] Query resolve APN

Log Categories
GTP
Log Message
Query resolve APN.
Default Log Severity
Notice
Parameters
fqdn, state, iface
Explanation
The TTG issued a query to preform a DNS resolve for the APN fqdn, and is currently state.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.53. [ID: 966] Route lookup failed

Log Categories
GTP
Log Message
Route lookup failed.
Default Log Severity
Warning
Parameters
remoteip, reason
Explanation
The TTG could not find a route table when preforming a route lookup.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.17.54. [ID: 959] Failed to send message

Log Categories
GTP
Log Message
Failed to send message.
Default Log Severity
Warning
Parameters
localip, remoteip, scope, iface
Explanation
The TTG tried to send scope traffic to the GGSN, but failed to do so.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.17.55. [ID: 952] Failed sending packet to GGSN

Log Categories
GTP
Log Message
Failed sending packet to GGSN.
Default Log Severity
Warning
Parameters
localip, remoteip, scope, messagetype, iface
Explanation
The TTG tried unsuccessfully to send a response of messagetypeto a GGSN .
Gateway Action
None
Action Description
None
Proposed Action
Verify that the GGSN can be reached from the TTG.

2.17.56. [ID: 937] Sending to GGSN

Log Categories
GTP
Log Message
Sending to GGSN.
Default Log Severity
Notice
Parameters
localip, remoteip, imsi, msisdn, eua, teiddi, seqno, type, scope, iface
Explanation
GTP informational sending message to a GGSN.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.57. [ID: 943] Send Control Plane packet to User Plane failed

Log Categories
GTP
Log Message
Send Control Plane packet to User Plane failed.
Default Log Severity
Notice
Parameters
srcip, destip, iface
Explanation
Communication by sending a packet to User Plane failed.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.58. [ID: 777] GTP statefile read error

Log Categories
GTP
Log Message
GTP statefile read error.
Default Log Severity
Notice
Parameters
file
Explanation
The state file for GTP containing connection information for GTP tunnels could not be retrieved from storage.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.59. [ID: 941] GTP statefile read success

Log Categories
GTP
Log Message
GTP statefile read success.
Default Log Severity
Information
Parameters
file
Explanation
Recovery values were successfully retrieved from the persistent storage file containing them.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.60. [ID: 762] GTP statefile write error

Log Categories
GTP
Log Message
GTP statefile write error.
Default Log Severity
Warning
Parameters
file
Explanation
The state file for GTP containing connection information for GTP tunnels could not be stored.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.61. [ID: 934] GTP statefile write success

Log Categories
GTP
Log Message
GTP statefile write success.
Default Log Severity
Notice
Parameters
file
Explanation
Recovery values were successfully stored to the persistent storage file.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.62. [ID: 749] GTP tunnel deleted by GGSN

Log Categories
GTP
Log Message
GTP tunnel deleted by GGSN.
Default Log Severity
Notice
Parameters
imsi, msisdn, eua, teiddi, iface
Explanation
A GTP tunnel was deleted due a delete PDP context request from the GGSN.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.17.63. [ID: 747] GTP tunnel deleted by the stitched interface

Log Categories
GTP
Log Message
GTP tunnel deleted by the stitched interface.
Default Log Severity
Notice
Parameters
imsi, msisdn, eua, teiddi, iface
Explanation
A GTP tunnel was deleted upon a request from the stitched interface.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.17.64. [ID: 756] GTP tunnel deleted due to being invalid

Log Categories
GTP
Log Message
GTP tunnel deleted due to being invalid.
Default Log Severity
Notice
Parameters
imsi, msisdn, eua, teiddi, iface
Explanation
A GTP tunnel was deleted because the TEID was unknown to the GGSN.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.17.65. [ID: 716] GTP tunnel established

Log Categories
GTP
Log Message
GTP tunnel established.
Default Log Severity
Information
Parameters
imsi, msisdn, eua, teiddi, iface
Explanation
A new GTP tunnel has been established for a client. The client has been assigned eua as its IP address.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.66. [ID: 723] Unexpected GTP message type

Log Categories
GTP
Log Message
Unexpected GTP message type.
Default Log Severity
Warning
Parameters
type
Explanation
A GTP message with an unexpected and unhandled type was received.
Gateway Action
Drop
Action Description
None
Proposed Action
Check the logs for other types of erroneous events that might result in this scenario.

2.17.67. [ID: 1593] Unexpected signaling message

Log Categories
GTP
Log Message
Unexpected signaling message.
Default Log Severity
Notice
Parameters
localip, remoteip, scope, messagetype, iface
Explanation
 
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.68. [ID: 968] Control Plane unknown PDP context

Log Categories
GTP
Log Message
Control Plane unknown PDP context.
Default Log Severity
Notice
Parameters
localip, remoteip, teiddi
Explanation
Received a GTP-C packet with an unknown tunnel endpoint identifier.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.69. [ID: 940] Control Plane unknown PDP context

Log Categories
GTP
Log Message
Control Plane unknown PDP context.
Default Log Severity
Notice
Parameters
teiddi, type, code, iface
Explanation
A PDP context unknown to the Control plane was registered with the User Plane.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.70. [ID: 974] Unknown GTP version

Log Categories
GTP
Log Message
Unknown GTP version.
Default Log Severity
Warning
Parameters
localip, remoteip, scope, messagetype, iface
Explanation
The TTG detected use of an unknown GTP version.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.71. [ID: 712] Unknown information element

Log Categories
GTP
Log Message
Unknown information element.
Default Log Severity
Notice
Parameters
imsi, msisdn, eua, teiddi, messagetype, iface
Explanation
An unknown or unsupported information element was found in a GTP packet.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.72. [ID: 695] Unknown GTP tunnel endpoint identifier

Log Categories
GTP
Log Message
Unknown GTP tunnel endpoint identifier.
Default Log Severity
Notice
Parameters
id, direction
Explanation
Received a GTP G-PDU packet with an unknown tunnel endpoint identifier. direction refers to the direction of the GTP packet, in or out of the GTP-tunnel.
Gateway Action
Drop
Action Description
None
Proposed Action
Check the logs for other types of erroneous events that might result in this scenario.

2.17.73. [ID: 929] Unknown User Plane action

Log Categories
GTP
Log Message
Unknown User Plane action.
Default Log Severity
Notice
Parameters
srcip, destip, type, iface
Explanation
GTP received a User Plane message with an associated action that didn't make sense in that context.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.74. [ID: 927] Unknown User Plane action

Log Categories
GTP
Log Message
Unknown User Plane action.
Default Log Severity
Warning
Parameters
teiddi, type, code, iface
Explanation
The Control plane received an unknown response message from User plane.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.75. [ID: 709] Unknown GTP version

Log Categories
GTP
Log Message
Unknown GTP version.
Default Log Severity
Notice
Parameters
version
Explanation
Received a GTP packet with a unknown or unsupported version.
Gateway Action
Drop
Action Description
None
Proposed Action
Reconfigure the sender to use a supported GTP version.

2.17.76. [ID: 942] Failed to remove PDP context from User Plane

Log Categories
GTP
Log Message
Failed to remove PDP context from User Plane.
Default Log Severity
Notice
Parameters
teiddi, iface
Explanation
Failed to remove PDP context from User Plane.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.77. [ID: 938] Failed to unregister PDP context from User[...]

Log Categories
GTP
Log Message
Failed to unregister PDP context from User Plane.
Default Log Severity
Notice
Parameters
teiddi, type, code, iface
Explanation
Failed to unregister PDP context from User Plane.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.78. [ID: 933] Failed to remove User Plane GTP session

Log Categories
GTP
Log Message
Failed to remove User Plane GTP session.
Default Log Severity
Warning
Parameters
iface
Explanation
Failed to remove a previous User Plane GTP session .
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.79. [ID: 778] Version not supported by GGSN

Log Categories
GTP
Log Message
Version not supported by GGSN.
Default Log Severity
Critical
Parameters
localip, remoteip, scope, version, iface
Explanation
The peer does not support the GTP version currently used. version indicates the latest supported version.
Gateway Action
None
Action Description
None
Proposed Action
None

2.17.80. [ID: 780] Version not supported by TTG

Log Categories
GTP
Log Message
Version not supported by TTG.
Default Log Severity
Notice
Parameters
localip, remoteip, scope, messagetype, version, iface
Explanation
The peer does not support the GTP version currently used. version indicates the latest supported version.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18. GTPINSPECTION

These log messages refer to the GTPINSPECTION category.

2.18.1. [ID: 1519] GTP-U bearer creation completely rejected by[...]

Log Categories
GTPINSPECTION
Log Message
GTP-U bearer creation completely rejected by endpoint.
Default Log Severity
Notice
Parameters
sessionid, cause, flow
Explanation
All of the request to create GTP-U bearer was rejected by endpoint.
Gateway Action
Discard
Action Description
None
Proposed Action
None

2.18.2. [ID: 1536] GTP-U bearer creation rejected by endpoint

Log Categories
GTPINSPECTION
Log Message
GTP-U bearer creation rejected by endpoint.
Default Log Severity
Notice
Parameters
sessionid, bearerid, cause, flow
Explanation
The other endpoint rejected the request to create GTP-U bearer.
Gateway Action
Discard
Action Description
None
Proposed Action
None

2.18.3. [ID: 1528] GTP-U bearer deletion completely rejected by[...]

Log Categories
GTPINSPECTION
Log Message
GTP-U bearer deletion completely rejected by endpoint.
Default Log Severity
Notice
Parameters
sessionid, cause, flow
Explanation
All of the request to delete GTP-U bearer was rejected by endpoint.
Gateway Action
Discard
Action Description
None
Proposed Action
None

2.18.4. [ID: 1512] GTP-U bearer deletion rejected by endpoint

Log Categories
GTPINSPECTION
Log Message
GTP-U bearer deletion rejected by endpoint.
Default Log Severity
Notice
Parameters
sessionid, bearerid, cause, flow
Explanation
The other endpoint rejected the request to delete GTP-U bearer.
Gateway Action
Discard
Action Description
None
Proposed Action
None

2.18.5. [ID: 1522] GTP-U bearer modification completely rejected[...]

Log Categories
GTPINSPECTION
Log Message
GTP-U bearer modification completely rejected by endpoint.
Default Log Severity
Notice
Parameters
sessionid, cause, flow
Explanation
All of the request to modify GTP-U bearer was rejected by endpoint.
Gateway Action
Discard
Action Description
None
Proposed Action
None

2.18.6. [ID: 1534] GTP-U bearer modification rejected by endpoint

Log Categories
GTPINSPECTION
Log Message
GTP-U bearer modification rejected by endpoint.
Default Log Severity
Notice
Parameters
sessionid, bearerid, cause, flow
Explanation
The other endpoint rejected the request to modify GTP-U bearer.
Gateway Action
Discard
Action Description
None
Proposed Action
None

2.18.7. [ID: 1521] G-PDU dropped due to empty T-PDU

Log Categories
GTPINSPECTION,VALIDATE
Log Message
G-PDU dropped due to empty T-PDU.
Default Log Severity
Notice
Parameters
flow, user, userid
Explanation
G-PDU message dropped due to empty T-PDU.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.8. [ID: 1538] Flow closed

Log Categories
GTPINSPECTION
Log Message
Flow closed.
Default Log Severity
Information
Parameters
flow
Explanation
A flow using GTP inspection was closed.
Gateway Action
Close
Action Description
None
Proposed Action
None

2.18.9. [ID: 1524] Flow failed

Log Categories
GTPINSPECTION
Log Message
Flow failed.
Default Log Severity
Notice
Parameters
reason, originator, flow, rule
Explanation
An error occurred that caused the GTP inspection flow to be aborted.
Gateway Action
Abort
Action Description
None
Proposed Action
None

2.18.10. [ID: 1523] Flow opened

Log Categories
GTPINSPECTION
Log Message
Flow opened.
Default Log Severity
Information
Parameters
flow
Explanation
A flow using GTP inspection was opened.
Gateway Action
Open
Action Description
None
Proposed Action
None

2.18.11. [ID: 1567] Bearer ID does not exist

Log Categories
GTPINSPECTION
Log Message
Bearer ID does not exist.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The received GTP-C message containing a NSAPI/EPS bearer ID for which no GTP-U bearer exist.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.12. [ID: 1624] Bearer ID does not exist

Log Categories
GTPINSPECTION
Log Message
Bearer ID does not exist.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The received GTP-C message containing a NSAPI/EPS bearer ID for which no GTP-U bearer exist.
Gateway Action
Strippiggyback
Action Description
None
Proposed Action
None

2.18.13. [ID: 1561] Bearer lacks F-TEID

Log Categories
GTPINSPECTION
Log Message
Bearer lacks F-TEID.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The GTP-C message does not contain a F-TEID for a GTP-U bearer.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.14. [ID: 1598] Bearer lacks F-TEID

Log Categories
GTPINSPECTION
Log Message
Bearer lacks F-TEID.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The GTP-C message does not contain a F-TEID for a GTP-U bearer.
Gateway Action
Strippiggyback
Action Description
None
Proposed Action
None

2.18.15. [ID: 1565] TEID of bearer should not be zero

Log Categories
GTPINSPECTION
Log Message
TEID of bearer should not be zero.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The GTP-C message contained a zero F-TEID for a GTP-U bearer.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.16. [ID: 1632] TEID of bearer should not be zero

Log Categories
GTPINSPECTION
Log Message
TEID of bearer should not be zero.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The GTP-C message contained a zero F-TEID for a GTP-U bearer.
Gateway Action
Strippiggyback
Action Description
None
Proposed Action
None

2.18.17. [ID: 1564] Could not add proposed GTP-U bearer

Log Categories
GTPINSPECTION
Log Message
Could not add proposed GTP-U bearer.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The system could not create a new GTP-U bearer.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.18. [ID: 1634] Could not add proposed GTP-U bearer

Log Categories
GTPINSPECTION
Log Message
Could not add proposed GTP-U bearer.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The system could not create a new GTP-U bearer.
Gateway Action
Strippiggyback
Action Description
None
Proposed Action
None

2.18.19. [ID: 1573] Could not delete GTP-U bearer

Log Categories
GTPINSPECTION
Log Message
Could not delete GTP-U bearer.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The system could not delete a GTP-U bearer.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.20. [ID: 1600] Could not delete GTP-U bearer

Log Categories
GTPINSPECTION
Log Message
Could not delete GTP-U bearer.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The system could not delete a GTP-U bearer.
Gateway Action
Strippiggyback
Action Description
None
Proposed Action
None

2.18.21. [ID: 1559] Could not finalize GTP-U bearer

Log Categories
GTPINSPECTION
Log Message
Could not finalize GTP-U bearer.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The system could not finalize the creation of a new GTP-U bearer.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.22. [ID: 1614] Could not finalize GTP-U bearer

Log Categories
GTPINSPECTION
Log Message
Could not finalize GTP-U bearer.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The system could not finalize the creation of a new GTP-U bearer.
Gateway Action
Strippiggyback
Action Description
None
Proposed Action
None

2.18.23. [ID: 1552] Could not set proposed values on GTP-U bearer

Log Categories
GTPINSPECTION
Log Message
Could not set proposed values on GTP-U bearer.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The GTP-U bearer could not be updated with the values in the received GTP-C message.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.24. [ID: 1606] Could not set proposed values on GTP-U bearer

Log Categories
GTPINSPECTION
Log Message
Could not set proposed values on GTP-U bearer.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The GTP-U bearer could not be updated with the values in the received GTP-C message.
Gateway Action
Strippiggyback
Action Description
None
Proposed Action
None

2.18.25. [ID: 1585] Disallowed GTP version

Log Categories
GTPINSPECTION
Log Message
Disallowed GTP version.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, flow
Explanation
The GTP-C message with a version that is not allowed by the configuration.
Gateway Action
Drop
Action Description
None
Proposed Action
Reconfigure the sender to use a supported GTP version.

2.18.26. [ID: 1566] Duplicate Bearer ID

Log Categories
GTPINSPECTION
Log Message
Duplicate Bearer ID.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The received GTP-C message contained a NSAPI/EPS bearer ID for which a GPT-U bearer already exist.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.27. [ID: 1616] Duplicate Bearer ID

Log Categories
GTPINSPECTION
Log Message
Duplicate Bearer ID.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The received GTP-C message contained a NSAPI/EPS bearer ID for which a GPT-U bearer already exist.
Gateway Action
Strippiggyback
Action Description
None
Proposed Action
None

2.18.28. [ID: 1587] Zero size extension header

Log Categories
GTPINSPECTION
Log Message
Zero size extension header.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The received GTP-C message contained an empty extension header.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.29. [ID: 1580] Failed to read IE

Log Categories
GTPINSPECTION
Log Message
Failed to read IE.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, ie, flow
Explanation
The system could not read an information element from the received GTP-C message.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.30. [ID: 1602] Failed to read IE

Log Categories
GTPINSPECTION
Log Message
Failed to read IE.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, ie, flow
Explanation
The system could not read an information element from the received GTP-C message.
Gateway Action
Strippiggyback
Action Description
None
Proposed Action
None

2.18.31. [ID: 1562] Incorrect optional IEs

Log Categories
GTPINSPECTION
Log Message
Incorrect optional IEs.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The received GTP-C message contained an incorrect optional information element.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.32. [ID: 1628] Incorrect optional IEs

Log Categories
GTPINSPECTION
Log Message
Incorrect optional IEs.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The received GTP-C message contained an incorrect optional information element.
Gateway Action
Strippiggyback
Action Description
None
Proposed Action
None

2.18.33. [ID: 1636] Invalid Bearer ID

Log Categories
GTPINSPECTION
Log Message
Invalid Bearer ID.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The received GTP-C message contained an invalid EPS bearer ID, due to spare bits being non-zero.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.34. [ID: 1635] Invalid Bearer ID

Log Categories
GTPINSPECTION
Log Message
Invalid Bearer ID.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The received GTP-C message contained an invalid EPS bearer ID, due to spare bits being non-zero.
Gateway Action
Strippiggyback
Action Description
None
Proposed Action
None

2.18.35. [ID: 1584] Invalid extension header content

Log Categories
GTPINSPECTION
Log Message
Invalid extension header content.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The received GTP-C message contained an extension header with invalid data.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.36. [ID: 1568] Invalid mandatory IE

Log Categories
GTPINSPECTION
Log Message
Invalid mandatory IE.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The received GTP-C message contained an invalid mandatory information element.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.37. [ID: 1612] Invalid mandatory IE

Log Categories
GTPINSPECTION
Log Message
Invalid mandatory IE.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The received GTP-C message contained an invalid mandatory information element.
Gateway Action
Strippiggyback
Action Description
None
Proposed Action
None

2.18.38. [ID: 1558] Invalid optional IE

Log Categories
GTPINSPECTION
Log Message
Invalid optional IE.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The received GTP-C message contained an invalid optional information element.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.39. [ID: 1604] Invalid optional IE

Log Categories
GTPINSPECTION
Log Message
Invalid optional IE.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The received GTP-C message contained an invalid optional information element.
Gateway Action
Strippiggyback
Action Description
None
Proposed Action
None

2.18.40. [ID: 1578] GTP-C sender IP is invalid

Log Categories
GTPINSPECTION
Log Message
GTP-C sender IP is invalid.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
GTP-C sender IP address was invalid.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.41. [ID: 1607] GTP-C sender IP is invalid

Log Categories
GTPINSPECTION
Log Message
GTP-C sender IP is invalid.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
GTP-C sender IP address was invalid.
Gateway Action
Strippiggyback
Action Description
None
Proposed Action
None

2.18.42. [ID: 1621] Main message blocked due to invalid piggyback

Log Categories
GTPINSPECTION
Log Message
Main message blocked due to invalid piggyback.
Default Log Severity
Notice
Parameters
sessionid, flow
Explanation
According to setting the piggy back message was dropped, and with it the main message was blocked.
Gateway Action
Block
Action Description
None
Proposed Action
None

2.18.43. [ID: 1583] Message in wrong direction

Log Categories
GTPINSPECTION
Log Message
Message in wrong direction.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The receive GTP-C message was sent in the wrong direction.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.44. [ID: 1597] Message in wrong direction

Log Categories
GTPINSPECTION
Log Message
Message in wrong direction.
Default Log Severity
Notice
Parameters
sessionid, version, messagetype, teid, flow
Explanation
The receive GTP-C message was sent in the wrong direction.
Gateway Action
Strippiggyback
Action Description
None
Proposed Action
None

2.18.45. [ID: 1574] Message too short

Log Categories
GTPINSPECTION
Log Message
Message too short.
Default Log Severity
Notice
Parameters
sessionid, paylen, flow
Explanation
The received GTP-C message was too short.
Gateway Action
Drop
Action Description
None
Proposed Action
None

2.18.46. [ID: 1625] Message too short

Log Categories
GTPINSPECTION
Log Message
Message too short.
Default Log Severity
Notice
Parameters
sessionid, paylen, flow
Explanation
The received GTP-C message was too short.