ScreenOS 5.4.0 Messages--Text Only
P/N 093-1823-000, Rev. A



Addresses
Alarm

SCAN-MGR: Cannot get {AltServer info | Version number | Path_GateLockCE info} from server.ini file.

Notification

Address <name_str> for domain address <dom_name> in zone <zone> {added | deleted | modified} <name_str>.

Address <name_str> for ip address <ip_addr> in zone <zone> {added | deleted | modified} <name_str>.

Address group <grp_name> {added | deleted | modified} <name_str>.

Address group <grp_name> {added | deleted} <member_name><name_str> session.

Address <name_str> for ip address <ip_addr> in zone <zone> {add | delete | modify} <name_str> session.


Admin
Alert

ScreenOS <version>.<version>.<version> Serial# <number>: Asset recovery performed

ScreenOS <version>.<version>.<version> Serial # <number>: Asset recovery has been aborted

System configuration has been erased

Critical

Multiple login failures occurred for user <usr_str> from IP address <ip_addr>:<port_num>

Multiple login failures occurred for user <usr_str>

Warning

ADMIN AUTH: Local instance of an external admin user's privilege has been changed from <string> to <string>

Vsys admin user <usr_str> has logged { on | out } via { Telnet from <ip_addr>:<port_num> | SSH from <ip_addr>:<port_num> }

Vsys admin user <usr_str> has logged { on | out } via the console

Admin user <usr_str> has logged { on | out } via { Telnet from <ip_addr>:<port_num> | SSH from <ip_addr>:<port_num> }

Admin user <usr_str> has logged { on | out } via the console

Management session via { serial console | Telnet from <ip_addr>:<port_num> | SSH from <ip_addr>:<port_num> } for [ vsys ] admin <name_str> has timed out

Login attempt to system by admin <name_str> via { the console | Telnet from <ip_addr>:<port_num> | SSH from <ip_addr>:<port_num> } has failed <string>

Admin user <name_str> has been forced to log out of the serial console session.

Admin user <name_str> has been forced to log out of the SSH session on host <ip_addr>:<port_num>

Admin user <name_str> has been forced to log out of the Telnet session on host <ip_addr>:<port_num>

Admin user <name_str> has been forced to log out of the Web session on host <ip_addr>:<port_num>

ADM: Local admin authentication failed for login name <name>: invalid login name

ADM: Local admin authentication failed for login name <name>: invalid password

Remotely authenticated Admin <name_str> demoted from ROOT privilege to RW privilege.

Remotely authenticated Admin <name_str> demoted from <string> privilege to <string> privilege.

Admin user <name_str> has been accepted via the <serv_name> server at <ip_addr>

Admin user <name_str> has been rejected via the <serv_name> server at <ip_addr>

Notification

Root admin access restriction through console only has been { enabled | disabled } by admin <name><changed_via> 

Single use password restriction for read-write administrators has been { disabled | enabled } by admin <name_str><changed_via>

Root admin password restriction of minimum <number> characters has been { enabled | disabled } by admin <name> <changed_via>

The console timeout value changed from <number1> to <number2> minutes

The console page size changed from <number1> to <number2>

The serial console has been { enabled | disabled } by admin <name_str>

The console debug buffer has been {enabled | disabled }

Maximum failed login attempts before administrative session disconnects has been modified from <number1> to <number2> by admin <name_str>

Information

Admin name for account <name_str1> has been modified to <name_str2> <name_str3>

Admin password for account <name_str1> has been modified <name_str2>

Admin account created for <name_str1> <name_str2>

Admin account deleted for <name_str1> <name_str2>

Admin account modified for <name_str1> <name_str2>

Extraneous exit is issued <changer>

Management restriction for <ip_addr> subnet <mask> has been { added | removed }


ADSL
Notification

ADSL<slot/0> Line Up.

ADSL<slot/0> Line Training.

ADSL<slot/0> Line Down.

ADSL<slot/0> SOC Firmware Startup Successful.

ADSL<slot/0> SOC Firmware Failed (Load Bootrom Failure).

ADSL<slot/0> SOC Firmware Failed (Load Image Failure).

ADSL<slot/0> SOC Firmware Failed (push configuration failure).

ADSL<slot/0> SOC Firmware Reboot (Keepalive timeout).

ADSL<slot/0> SOC Firmware Startup Failure (Wait Startup timeout).

ADSL<slot/0> SOC Firmware Reset.

ADSL Line UP Fast and Interleave Channels.

ADSL Line Waiting for Activating.

ADSL Line Activating.

ADSL Line Down.

ADSL Line UP Fast Channel.

ADSL Line UP Interleaved Channel.

ADSL Line UP Fast Channel, change Utopia address to match it.

ADSL Line UP Interleaved Channel, change Utopia address to match it.

ADSL Line in an unknown state.

ADSL line signal lost detected.

Adsl line suicide request received.

ADSL line closed.

ADSL line close rejected.

ADSL line opened (time).

ADSL Line Open Failed (Incompatible Line Conditions).

ADSL Line Open Failed (Unable to Lock with ATU-C).

ADSL Line Open Failed (Protocol Error).

ADSL Line Open Failed (Errored Message Received from ATU-C).

ADSL Line Open Failed (Spurious ATU Detected).

ADSL Line Open Failed (Forced Silence).

ADSL Line Open Failed (Unselectable Operation Mode).

ADSL line open failed (unknown error code).

ADSL line open rejected.


Anti-spam
Warning

Anti-Spam is attached to policy ID <number>.

Anti-Spam is detached from policy ID <number>.

Anti-Spam: SPAM FOUND ! <string>.

Anti-Spam: Exceeded maximum concurrent connections (<number>).

Notification

Anti-Spam key is expired (expiration date: <date>; current date: <date>.

Anti-Spam blacklist is changed.

Anti-Spam whitelist is changed.

Anti-Spam SBL server configured: <server name>.

Anti-Spam action changed.


Antivirus
Critical

SCAN-MGR: Check AV pattern file failed with error code: <string>.

SCAN-MGR: Cannot write AV pattern file to flash.

SCAN-MGR: Cannot retrieve AV pattern file from <ip_addr>:<port_num>. HTTP status code: <number>

SCAN-MGR: AV pattern file size is too large (<number> bytes).

WARNING: Current hardware configuration does not support embedded AV scanning. Please upgrade system memory.

SCAN-MGR: Cannot get { AltServer info | Version number | Path_GateLockCE info } from server.ini file.

SCAN-MGR: The AV pattern file size is zero in the server.ini file.

SCAN-MGR: Alternate AV pattern file server URL is too long: <number1> bytes. Max: <number2> bytes.

SCAN-MGR: Cannot retrieve server.ini file from <ip_addr>:<port_num>. HTTP status code: <number>.

SCAN-MGR: Cannot write AV pattern file to RAM.

SCAN-MGR: Internal error occurred while retrieving { server.ini | AV pattern } file.

SCAN-MGR: Internal error occurred when calling this function: <string>. [ Layer: <number>. | Limit: <number>. | Returned: <string> ] { Error: <number> | Returned a NULL VSC handler | cpapiErrCode: <number> }.

ICAP: Input file size is too large (<number> bytes).

Error 

APPPRY: Suspicious client <ip_addr1>:<port_num1>-><ip_addr2>:<port_num2> used <number1> percent of AV resources, which exceeded the max of <number2> percent.

SCAN-MGR: TmIntSetScanMethod failed. Scan Method: <number> Err: <number>.

AV scanner version is not v1.5 (number).

Warning 

APP session <ip_address1>(<port#>) -><ip_address2>(<port#>) is aborted due to <string> with code <number>.

APP session <ip_address1><port_number> -> <ip_address2><port_number> notification email failed due to <string> with code <number>.

AV scan-mgr has been { attached to | detached from } policy ID <id_num>

AV: VIRUS FOUND: <ip_addr1>:<port_num1>-><ip_addr2>:<port_num2>, <string1><string2>.64s<string3>file <string4> virus <string5>.

AV: Content from <ip_addr1>:<port_num1>-><ip_addr2>:<port_num2> is <passed | dropped> because maximum concurrent messages is exceeded.

AV: Content from <ip_addr1>:<port_num1>-><ip_addr2>:<port_num2> is <passed | dropped >because maximum content size is exceeded.

AV: Content from <ip_addr1>:<port_num1>-><ip_addr2>:<port_num2> is <passed | dropped > due to scan-engine error or constraint with code <number> for <string>.

AV <string> has been {attached | detached} to policy ID <id_number>

AV configures an Extension list <string1> with extensions <string2>.

AV removes extension list <string>.

AV configures MIME list <string1> with MIME <string2>.

AV removes MIME list <string>.

AV {creates | removes} a profile <string>.

AV profile <string1> {set | unset} protocol <string2><string3><string4> <string5><string6>

AV profile <profile_name> sets ICAP <req_url | resp_url> <server | server-group> to <string>.

AV profile <profile_name> unsets ICAP <req-url/resp-url><server/server-group>.

AV pattern type is changed from <string1> to <string2> due to increasing pattern file size and limited flash space.

AV: VIOLATION FOUND: <IP_addr1:port_num>-><IP_address2:port_num><string1><string2> .64s<string3> total <number1>, id <number2>: file <string4> violation <string5> action <string6>.

AV content from <IP_addr1:port_num>-><IP_address2:port_num> <string1>.64s<string2> is { passed | dropped } due to scan-engine error or constraint with code <number>for <string3>.

Notification 

SCAN-MGR: URL for AV pattern update server has been set to <string>, and the update interval to <number> minutes.

SCAN-MGR: URL for AV pattern update server has been unset, and the update interval returned to its default.

SCAN-MGR: New AV pattern file has been updated. Version: <number>; size: <number> bytes.

SCAN-MGR: Attempted to load AV pattern file created on <date1:time>after the AV license expired on <date2:time>.

SCAN-MGR: <ip_addr>

AV maximum content size is set to <number> KB.

AV maximum number of concurrent messages is set to <number>.

AV fail mode is set to {drop | pass} unexamined traffic if content size exceeds maximum.

AV fail mode is set to <string> unexamined traffic if any error occurs.

AV per client allowed resource is set to <number> percent.

AV HTTP turns <string> HTTP connection header close modification.

AV HTTP turns <string> HTTP webmail scanning.

AV HTTP sets webmail pattern <string1> <string2> <string3><string4>.

AV HTTP unsets webmail pattern <string1><string2>.

AV HTTP turns off HTTP trickling.

AV HTTP trickling setting to be trickling <number1> byte for every <number2> MB, if content length is larger than <number3> MB.

AV object <string1> <string2> is enabled with timeout <number>.

AV queue size is set to <number>.

SCAN-MGR: Number of decompression layers is set to <number>.

SCAN-MGR: Maximum content size is set to <number> KB.

SCAN-MGR: Maximum number of concurrent messages is set to <number>.

SCAN-MGR: Fail mode is set to { drop | pass } unexamined traffic if { content size | number of concurrent messages } exceeds max.

SCAN-MGR: AV pattern file does not load upon bootup.

SCAN-MGR: IP address for dump TFTP server is set to <ip_address>.

SCAN-MGR: AV client has exceeded its allowed resources. Remaining available resources: <number>.

SCAN-MGR: Out of FD.

ICAP server-group <group-name>is added.

ICAP server-group <group-name>is removed.

ICAP server <string1>is added to server-group <string2>.

ICAP server <string1>is removed from server-group <string2>.

ICAP server <string1>is set with host address <string2>and port <number>.

ICAP server <string> is removed.

ICAP server <string> is enabled.

ICAP server <string> is disabled.

ICAP server <string> probe interval is set to <number>.

ICAP server <string> probe URL is set to <url_string>.

ICAP server <string> has maximum connections set to <number>.

ICAP: Server <string> status changed from <string1> to <string2>.


ARP
Critical 

{ arp req | arp reply } detected an IP conflict (IP <ip_addr>, MAC <mac_addr>) on interface <interface>

{ arp req | arp reply } detected a duplicate VSD group master (IP <ip_addr>, MAC <mac_addr>) on interface <interface>

Notification 

ARP detected IP conflict: IP address <ip_addr> changed from interface <interface> to interface <interface>

Static ARP entry { added to | deleted from } interface <interface> with IP <ip_address> and MAC <mac_addr>

ARP always on destination enabled

ARP always on destination disabled


Attack Database
Critical

Attack database version <number> is rejected because the authentication check failed.

Notification

Attack database version <number> is <string> saved to flash.

Cannot parse attack database.

Cannot parse attack database header info.

Cannot switch to attack database version <number>.

Cannot save attack database version <number>.

Cannot download attack database from <server> (error <error_message>).

Deep Inspection update key is expired.

Attack database version <number> is rejected because the authentication check failed.

Attack <name_str1> is created <string> <name_str2>.

Attack <name_str1> is deleted <string> <name_str2>.

Attack <name_str_old> is changed to <name_str_new> <string> <name_str>.

Attack <name_str1> is added to attack group <grp_str> <string> <name_str2>.

Attack <name_str1> is removed from <grp_str> <string> <name_str2>.

Attack group <grp_str> is created <string> <name_str>.

Attack group <grp_str> is deleted <string> <name_str>.

Attack group <grp_str_old> is changed to <grp_str_new> <string> <name_str>.

Attack group <member_grp_name> is added to attack group <grp_str> <string> <name_str>.

Attack group <member_grp_name> is removed from attack group <grp_str><string><name_str>.


Attacks
Emergency

SYN flood! From <src_ip>:<src_port> to <dst_ip>:<dst_port>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number> times.

Teardrop attack! From <src_ip>:<src_port> to <dst_ip>:<dst_port>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Ping of Death! From <src_ip> to <dst_ip>, proto 1 (zone <zone_name>, int <interface_name>). Occurred <number> times.

Alert

WinNuke attack! From <ip_addr1>:<port_num1> to <ip_addr2>:139, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number> times.

IP spoofing! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number> times.

Source Route IP option! From <src_ip>:<src_port> to <dst_ip>:<dst_port>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Land attack! From <ip_addr1>:<port_num> to <ip_addr2>:<port_num>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number2> times.

ICMP flood! From <ip_addr1> to <ip_addr2>, proto 1 (zone <zone_name>, int <interface_name>). Occurred <number> times.

UDP flood! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto UDP (zone <zone_name>, int <interface_name>). Occurred <number> times.

Port scan! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Address sweep! From <ip_addr1> to <ip_addr2>, proto 1 (zone <zone_name>, int <interface_name>). Occurred <number> times.

Critical

<string> has overflowed.

Malicious URL! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number> times.

Src IP session limit! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto {TCP | UDP | <number1>} (zone <zone_name>, int <interface_name>). Occurred <number2> times.

SYN fragment! From <ip_addr1>:<port_num> to <ip_addr2>:<port_num>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number2> times.

No TCP flag! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Unknown protocol! From <ip_addr1>:<port_num> to <ip_addr2>:<port_num>, proto <number1> (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Bad IP option! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Dst IP session limit! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto {TCP | UDP | <number1>} (zone <zone_name>, int <interface_name>). Occurred <number2> times.

ZIP file blocked! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Java applet blocked! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto {TCP | UDP | <number1>} (zone <zone_name>, int <interface_name>). Occurred <number2> times.

EXE file blocked! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

ActiveX control blocked! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto {TCP | UDP | <number1>} (zone <zone_name>, int <interface_name>). Occurred <number2> times.

ICMP fragment! From <ip_addr1> to <ip_addr2>, proto 1 (zone <zone_name>, int <interface_name>). Occurred <number> times.

Large ICMP packet! From <ip_addr1> to <ip_addr2>, proto 1 (zone <zone_name>, int <interface_name>). Occurred <number> times.

SYN and FIN bits! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number2> times.

FIN but no ACK bit! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number2> times.

SYN-ACK-ACK Proxy DoS! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number> times.

Fragmented traffic! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

<name_str> attack! From <src_ip>:<src_port> to <dst_ip>:<dst_port>, proto {TCP | UDP}, through policy <id_num>. Occurred <number> times.

Notification

<string> is <action> <srv_dst_type> <srv_dst_name> <name_str>.

<string> is set to <number> for zone <srv_dst_type> <srv_dst_name>.

Malicious URL <name_str> is <action> for <srv_dst_type> <srv_dst_name>.

Bypass-others-IPSec option is <action>.

Bypass non-IP traffic option is <action>.

Logging of dropped traffic to self has been <action>.

Logging of IKE traffic to self has been <action>.

Logging of SNMP traffic to self has been <action>.

Logging of ICMP traffic to self has been <action>.

Logging of dropped traffic to self (excluding multicast) has been <action>.

Screening of all attacks is <action> on <srv_dst_type> <srv_dst_name> <name_str>.

Attack <name_str> was { created | deleted }

Attack <name_str1> was changed to <name_str2>

Attack [ group ] <name_str1> was { added to | removed from } <name_str2>

Attack group <name_str> was { created | deleted }

Attack group <name_str1> was changed to <name_str2>

Information

<string> is cleared.


Auth
Critical 

Administrator's password minimum length is set to '<number>' by admin '<name_str>'.

Administrator's password complexity is set to scheme '<number>' by admin '<name_str>'.

Minimum length of Auth user's password is set to '<number>' by admin '<name_str>'.

Auth user's password complexity is set to scheme '<number>' by admin '<name_str>'.

Auth user '<name-str>' authorization failure: password does not comply with password policy.

Admin user '<name-str>' authorization failure: password does not comply with password policy.

Warning 

Authentication for user <usr_str> is denied, (long username).

Authentication for user <usr_str> is denied, (long password).

User <name_str> <grp_name> at <ip_addr> is accepted via the {RADIUS | SecurID | LDAP | Local} server at <ip_addr>.

User <usr_str> at <ip_addr> is rejected via the {RADIUS | SecurID | LDAP | Local } server at <ip_addr>.

User <name_str> at <ip_addr> {RADIUS | SecurID | LDAP | Local } authentication attempt has timed out.

Authentication for user <usr_str> was denied, (long username).

Authentication for user <usr_str> was denied, (long password).

User <name_str> <grp_name> at <ip_addr> is accepted via the {RADIUS | SecurID | LDAP | Local} server at <ip_addr>.

User <usr_str> at <ip_addr> is rejected through the {RADIUS | SecurID | LDAP | Local } server at <ip_addr>.

User <name_str> at <ip_addr> is challenged by the {RADIUS | SecurID | LDAP | Local } server at <ip_addr> (Rejected because challenge is not supported for FTP).

User <name_str> at <ip_addr> {RADIUS | SecurID | LDAP | Local } authentication attempt has timed out.

User <name_str> <grp_name> at <ip_addr> is accepted by the {RADIUS | SecurID | LDAP | Local} server at <ip_addr>.

User <usr_str> at <ip_addr> is rejected by the {RADIUS | SecurID | LDAP | Local } server at <ip_addr>.

User <name_str> at <ip_addr> is challenged by the {RADIUS | SecurID | LDAP | Local } server at <ip_addr> (Rejected because challenge is not supported for Web).

User <name_str> at <ip_addr> {RADIUS | SecurID | LDAP | Local } authentication attempt has timed out.

Trying primary server <serv_name>.

Trying backup1 server <serv_name>.

Trying backup2 server <serv_name>.

Backup1 <serv_name>, backup2 <serv_name>, and primary <serv_name> servers failed.

Backup2 <serv_name>, primary <serv_name>, and backup1 <serv_name> servers failed.

Primary <serv_name>, backup1 <serv_name>, and backup2 <serv_name> servers failed.

WebAuth user <name_str> at <ip_addr1> is accepted by the {RADIUS | SecurID | LDAP | Local } server at <ip_addr2>.

WebAuth user <name_str> at <ip_addr1> is rejected/timed out by the {RADIUS | SecurID | LDAP | Local } server at <ip_addr2>.

Local authentication for WebAuth user <usr_str> was denied <string>.

Local authentication for WebAuth user <usr_str> is successful.

Error in authentication for WebAuth user <usr_str>.

Local authentication for user <usr_str> is successful. 

Local authentication for user <usr_str> was denied.

Notification

The version of the RADIUS server <string> does not match <string>.

User <usr_str> belongs to a different group in the RADIUS server than that allowed in the device.

FIPS: Attempt to set RADIUS shared secret with invalid length <number>.

The device cannot send data to the SecurID server.

The device cannot contact the SecurID server.

Cannot get route to SecurID server <ip_addr>.

User <usr_str> <grp_name> at <ip_addr> is challenged by the { RADIUS | SecurID | LDAP | Local } server at <ip_addr>.

User <usr_str> at <ip_addr1> must enter "Next Code" for SecurID <ip_addr2>.

User <usr_str> at <ip_addr1> must enter "New PIN" for SecurID <ip_addr2>.

User <usr_str> at <ip_addr1> must make a "New PIN" choice for SecurID <ip_addr2>.

User <usr_str> at <ip_addr1> has selected a system-generated PIN for authentication with SecurID <ip_addr2>.

The new PIN for user <usr_str> at <ip_addr1> has been { accepted | rejected } by SecurID <ip_addr2>.

WebAuth is set to <serv_name>.

Access for firewall user <usr_str> at <ip_addr> (accepted at <time> for duration <number> through the <serv_name> auth server) by policy id <pol_num> is now over.

Access for firewall user <usr_str> at <ip_addr> (accepted at <time> for duration <number>) by policy id <pol_num> is now over.

Access for WebAuth firewall user <usr_str> at <ip_addr> (accepted at <time> for duration <number> through the <serv_name> auth server) is now over.

Access for WebAuth firewall user <usr_str> at <ip_addr> (accepted at <time> for duration <number>) is now over.

Access for firewall user <usr_str> at <ip_addr> (accepted at <date_time> for duration <number> via the <serv_name> auth server) by policy id <number> is now over due to forced timeout.

Access for firewall user <usr_str> at <ip_addr> (accepted at <date_time> for duration <number>) by policy id <number> is now over due to forced timeout.

Access for WebAuth firewall user <usr_str> at <ip_addr>(accepted at <date_time> for duration <number> via the <serv_name> auth server) is now over due to forced timeout.

Access for WebAuth firewall user <usr_str> at <ip_addr>(accepted at <date_time> for duration <number>) is now over due to forced timeout.

Auth server <serv_name> server name is disabled.

Auth server <serv_name> RADIUS secret is disabled.

Auth server <serv_name> timeout is unset to default <timeout>.

Auth server <serv_name> RADIUS port is unset to default <port_num>.

Auth server <serv_name> type is set to {RADIUS | SecurID | LDAP}.

Auth server <serv_name> server name is set to <serv_name_ip>

Auth server <serv_name> RADIUS secret is changed.

Auth server <serv_name> SecurID server name is set to <serv_name>.

Auth server <serv_name> SecurID auth port is set to <port_num>.

Auth server <serv_name> SecurID use duress is { enabled | disabled }

Auth server <serv_name>SecurID uses DES encryption.

Auth server <serv_name> SecurID uses SDI encryption.

Auth server <serv_name> SecurID timeout is set to <number>.

Auth server <serv_name> SecurID client retries is set to <number>.

Auth server <serv_name> SecurID backup1 server name is set to <serv_name>.

Auth server <serv_name> authentication timeout is set to <number>.

Auth server <serv_name> LDAP parameters are set to server name: <ip_addr>, port: <port_num>, dn:<string>, cn:<string>

Auth server <serv_name> RADIUS port is set to <port_num>

Auth server <serv_name> is { created | modified }.

Auth server <serv_name> type is unset to default RADIUS.

Auth server <serv_name> backup1 name is unset.

Auth server <serv_name> backup2 name is unset.

Auth server <serv_name> account type is set to <account_type>.

Auth server <serv_name> RADIUS retry timeout is set to default of <number>.

Auth server <serv_name> is deleted.

Auth server <serv_name> LDAP dn is set to <string>.

Auth server <serv_name> LDAP cn is set to <string>.

Auth server <serv_name> LDAP port number is set to <port_num>.

Auth server <serv_name1> backup1 server name is set to <serv_name2>.

Auth server <serv_name> backup2 server name is set to <serv_name2>.

Auth server <serv_name> id is set to <id_num>.

Default firewall authentication server is changed to <serv_name>.

Admin user <usr_str> attempted to verify the encrypted password <password>. Verification was successful.

Admin user <usr_str> attempted to verify the encrypted password <password>. Verification failed. 

Auth server <name_str> username character separator is set to <string>, number of occurrences of character separator is <number>.

Number of RADIUS retries for auth server <name_str> is set to <number>.

Auth server <name_str> fail-over revert interval is set to <number> seconds.

Forced timeout for Auth server <name_str>is unset to its default value, <number> minutes.

Forced timeout for Auth server <name_str>authentication is set to <number> minutes.

Host name for Infranet Controller <name_str>changed from <string> to <string>.

Timeout for Infranet Controller <name_str> changed from <number1> to <number2>seconds.

Password for Infranet Controller <name_str>changed.

Source interface for Infranet Controller <name_str> changed from <interface> to <interface>.

Certificate Authority index for Infranet Controller <name_str> changed.

Certificate subject for Infranet Controller <name_str> changed from <string> to <string>.

Infranet Controller <name_str> is deleted.

Infranet Controller <name_str> is created.

Port number for Infranet Controller <name_str> changed from <number> to <number>.

IP address for Infranet Controller <serv_name> changed from <ip_addr1> to <ip_addr2>.

Contact interval for Infranet settings changed from <number> to <number> seconds.

Timeout action for Infranet settings changed from <string> to <string>.

Infranet Enforcer is connected to Infranet Controller <name_str> (ip <ip_addr>).

Infranet Enforcer could not connect to the Infranet Controller <name_str> (ip <ip_addr>).

Infranet Enforcer did not receive a keepalive from the Infranet Controller(ip_addr) in the past <number> seconds. Cleaning up internal state.

Infranet Enforcer could not connect to the Infranet Controller because no IP address is set for the Controller.

Infranet Enforcer could not connect to the Infranet Controller because a socket is already connected.

Infranet Enforcer could not connect to the Infranet Controller because no password is set for the Controller.

Infranet Enforcer could not connect to the Infranet Controller because no certificate is set for the Controller.

Infranet Enforcer could not connect to the Infranet Controller because a socket could not be created.

Infranet Enforcer could not connect to the Infranet Controller because the <interface> interface could not be bound to the socket.

Infranet Enforcer could not connect to the Infranet Controller because the socket could not be bound.

Infranet Enforcer could not connect to the Infranet Controller because the socket could not be bound to SSL protocol.

Infranet Enforcer could not connect to the Infranet Controller because the Controller could not be reached on the network.

User <usr_str> at <ip_addr1> must enter "Next Code" for SecurID <ip_addr2>.

User <usr_str> at <ip_addr1> must enter "New PIN" for SecurID <ip_addr2>.

User <usr_str> at <ip_addr1> must make a "New PIN" choice for SecurID <ip_addr2>.

User <usr_str> at <ip_addr1> has selected a system-generated PIN for authentication with SecurID <ip_addr2>.

The new PIN for user <usr_str> at <ip_addr1> has been { accepted | rejected } by SecurID <ip_addr2>.


BGP
Critical

The total number of redistributed routes into BGP in vrouter (<vrouter>) exceeded system limit (<number>)

Notification

(Un)set virtual router <vrouter> with the BGP protocol <command name>

(Un)set virtual router <vrouter> with the configuration command <command name>

<configuration command>

Information

BGP instance created for virtual router <vrouter>

BGP instance deleted for virtual router <vrouter_name>

BGP peer <peer_ip_addr> changed to Established state.

BGP peer <peer_ip_addr> changed to Idle state

<notification_error><error_string>

<error_string> invalid error code from notification message.

BGP peer <peer_ip_addr> {created | removed}.

BGP peer <peer_ip_addr> enabled.

BGP peer <peer_ip_addr> disabled.

BGP of vr: <vrouter>, prefix adding: <ip_addr>/<number>, ribin overflow <overflow_count> times (max rib-in <ribin_count>)

BGP of vr: <vrouter>, failed to add prefix <ip_addr>/<mask> to FDB

BGP of vr: <vrouter>, closing the socket: exceeded maximum number of bgp peers allowed (number)

BGP of vr: <vrouter>, Route <ip_addr>/<mask> ignored, Path Attr len: <number> (greater than max. <number>)


Cisco-HDLC
Alert

Cisco-HDLC detected loop <number> times on interface <interface>

Notification

Set interface <interface> encap as cisco-hdlc.

unset interface <interface> encap from cisco-hdlc.

CISCO-HDLC keepalive is enabled on interface <interface>.

CISCO-HDLC keepalive interval was changed from <number> to <number> on interface <interface>.

CISCO-HDLC keepalive down count value was changed from <number> to <number> on interface <interface>.

CISCO-HDLC keepalive up count value was changed from <number> to <number> on interface <interface>.

CISCO-HDLC is <status> on interface <interface>.


Device
Alert

Fatal error. The device was unable to upgrade the file system, and the old file system is damaged.

Fatal error. The device was unable to upgrade the loader, and the loader is damaged.

Critical

The power supply <supply_number> is functioning properly.

The power supply <supply_number> is not functioning properly.

All power supplies are now functioning properly.

At least one power supply is not functioning properly.

All fans are now functioning properly.

At least one fan is not functioning properly.

The battery is now functioning properly.

The battery is not functioning properly.

The system temperature: (<number> Centigrade, <number> Fahrenheit) is severely high!

The system temperature (<number> Centigrade, <number> Fahrenheit) is too high!

The system temperature (<number1> Centigrade, <number2> Fahrenheit) is OK now.

System memory is low (<number> bytes allocated out of total <number> bytes).

The device was unable to upgrade the file system due to an internal conflict.

The device was unable to upgrade the file system, but the old file system is intact.

The device was unable to upgrade due to an internal conflict.

The device was unable to upgrade the loader, but the loader is intact.

Ethernet driver ran out of rx bd (port <number>)

Security Board <board_id> System Hanged

WAN card <slot_number> is not functioning properly and will be restarted.

Security Board <slot_number> CPU <cpu_number> Packet Drop counter <number>.

Switch error: <error information>.

Switch error: set <string> register <dev number, reg number, value number> fail.

Switch error: get <string> register <dev number, reg number> fail..

Error 

<slot>/<port> vid <vlan_id> HW vtable leak, total <number> entries.

Notification

Switch init: <information>.

Switch event: the status of ethernet port <port> changed to link <status>, duplex <type>, speed <number>.

Switch event: the status of ethernet interface <interface> changed to link <status>, duplex <type>, speed <number>.

bgroup setting: bind port <port> to interface <interface>.

bgroup setting: unbind port <port> from interface <interface>.

Switch setting: set interface <port> <string>.

Switch setting: set interface <interface> <string>.

Switch setting: <command>

Switch event: change interface <interface> from mii <string> to mii <string>.

switch install: install port <port> to interface <interface>.

bgroup event :<information>.

USB <attach/detach > successful.

The log file size of < filename > is over the MAX storage size.

LCD control keys have been locked.

LCD display has been turned on and the LCD control keys have been unlocked.

LCD display has been turned off and the LCD control keys have been locked.

LCD display has been turned on.

System configuration has been erased.

The device file system upgrade operation was successful.

The device file system is already upgraded.

The device was unable to complete the upgrade of the file system.

The device loader upgrade operation was successful.

The device loader is already upgraded.

The device was unable to complete the upgrade of the loader.

Modem <name_str> is connected. Phone number: <phone_number>, Account name: <name_str>, Status <string>

Modem <name_str> has been disconnected.

Failed to initialize modem <name_str>, <modem_token_str>

Modem <name_str> failed to dial <phone_number>, <modem_token_str>


DHCP
Alert

IP pool of DHCP server on interface <interface> is full. Unable to {commit | offer} IP address to client at <mac_addr>.

Critical

DHCP server set to OFF on <interface> (another server found on <ip_addr>).

Warning

IP pool of DHCP server on interface <interface> is more than 90% allocated.

Notification

DHCP server shared IP is {enabled | disabled}.

DHCP server is {enabled | disabled}.

DHCP server options are {changed | removed}.

DHCP server IP address pool is changed.

DHCP client is {enabled | disabled} on interface <interface>.

DHCP client server-update is {enabled | disabled}.

DHCP client auto-config is {enabled | disabled}.

DHCP client lease time is set to default value.

DHCP client lease time is set to <number> minutes.

DHCP client server IP address is reset.

DHCP client server IP address is set to <ip_addr>.

DHCP client vendor identifier is reset.

DHCP client vendor identifier is set to "<string>".

DHCP relay agent settings on <interface> are {set | unset}.

DHCP client admin preference is set on <interface> as <number>.

DHCP client admin preference is unset on <interface> from <number>.

Information

IP address <ip_addr> is assigned to <mac_addr>.

IP address <ip_addr> is released from <mac_addr>.

DHCP server has assigned or released an IP address.

One or more IP addresses are expired.

MAC address <mac_addr> has declined address <ip_addr>.

DHCP server released an IP address.

System auto-config of file <filename> from TFTP server <ip_addr> is loaded successfully.

System auto-config of file <filename> from TFTP server <ip_addr> has failed.

DHCP client is unable to get IP address for interface <interface>.

DHCP client lease for <ip_addr> has expired.

DHCP server <ip_addr> assigned interface <interface> with IP address <ip_addr> (lease time <number> minutes).

An IP address conflict is detected and the DHCP client declined address <ip_addr>.

DHCP client IP address <ip_addr> for interface <interface> has been manually released.

DHCP client on interface <interface> was offered IP <ip_addr>/<mask> and did not proceed with DHCPREQUEST. Reason -- <string>

DHCP server on interface <interface> received DHCPDISCOVER from <mac_addr> requesting out-of-scope IP address <ip_addr>/<mask>.


DHCP6
Alert

IP pool of DHCP server on interface <interface> is full. Unable to {commit | offer} IP address to client at <mac_addr>.

Critical

DHCP server set to OFF on <interface> (another server found on <ip_addr>).

Warning

IP pool of DHCP server on interface <interface> is more than 90% allocated.

Notification

DHCP6 server shared IP is {enabled | disabled}.

DHCP6 server is {enabled | disabled}.

DHCP6 server options at <ip_addr> are {changed | removed}.

DHCP6 server IP address pool has changed.

DHCP6 client is {enabled | disabled} on interface <interface>.

DHCP client server-update has been {enabled | disabled}.

DHCP client auto-config has been {enabled | disabled}.

DHCP client lease time has been set to default value.

DHCP client lease time has been set to <number> minutes.

DHCP client server IP address has been reset.

DHCP client server IP address has been set to <ip_addr>.

DHCP client vendor identifier has been reset.

DHCP client vendor identifier has been set to "<string>".

DHCP relay agent settings on <interface> have been {set | unset}.

Information

DHCP6: Server send <dhcp_packet_type> from <interface> <ivp6_interface> to <dst_ipv6>, xid <xid_value> len <packet_len>.

DHCP6: Client send <dhcp6_packet_type> from <interface> <ipv6 interface> to <dst_ipv6>, xid <xid_value> len <packet_len>.

DHCP6: Server received <dhcp6_packet_type> from <src_ipv6>, xid <xid_value>.

DHCP6: Client received <dhcp6_packet_type> from <src_ipv6>, xid <xid_value>.

DHCP6: Client start at <interface>.

DHCP server has released an IP address.

System auto-config of file <filename> from TFTP server <ip_addr> has been loaded successfully.

System auto-config of file <filename> from TFTP server <ip_addr> has failed.

DHCP client is unable to get IP address for interface <interface>.

DHCP client lease for <ip_addr> has expired.

DHCP server <ip_addr> has assigned interface <interface> with IP address <ip_addr> (lease time <number> minutes).

An IP address conflict has been detected and the DHCP client declined address <ip_addr>.

DHCP client IP address <ip_addr> for interface <interface> has been manually released.

DHCP client on interface <interface> was offered IP <ip_addr>/<mask> Did not proceed with DHCPREQUEST. Reason -- <string>.

DHCP server on interface <interface> received DHCPDISCOVER from <mac_addr> requesting out-of-scope IP address <ip_addr>/<mask>.

DHCP6 client error, received <number> bits prefix with <number> bits in sla id.


DIP
Notification 

DIP IP pool <ip_addr1>-<ip_addr2> has been { added | modified | deleted }

DIP IP pool <id_num1> was removed from DIP group <id_num2> from { console | telnet | web }

DIP group <id_num> was { created | removed }

DIP pool <id_num1> was added into DIP group <id_num2>

DIP port-translation stickiness was [ enabled | disabled ]


DNS
Critical

DNS server is not configured.

Connection refused by the DNS server.

Unknown DNS error.

Notification

{ Primary | Secondary } DNS server IP has been changed.

DNS cache table has been cleared.

DNS entries have been refreshed as result of external event.

Daily DNS lookup has been disabled.

DNS Proxy module has been { enabled | disabled }.

DNS Proxy module has more concurrent client requests than allowed.

DNS Proxy server select table enties exceeded max limit

Proxy server select table added with domain <dom_name>, interface <interface>, primary-ip <ip_addr1>, secondary-ip <ip_addr2>, tertiary-ip <ip_addr3>, failover { enabled | disabled }

DNS Proxy server select table entry deleted with domain <dom_name>

Daily DNS lookup time has been changed to start at <hour>:<minutes> with an interval of <number> hours.

DNS has been refreshed.

DDNS module is { disabled | enabled }.

DDNS entry with id <id_num> is deleted.

DDNS module is { initialized | shut down }.

DDNS entry with id <id_num> is configured with server type "<string1>" name "<name_str>" refresh-interval <number1> hours minimum update interval <number2> minutes with { secure | clear-text } secure connection.

DDNS entry with id <id_num> is configured with user name "<name_str1>" agent "<name_str2>"

DDNS entry with id <id_num> is configured with interface "<interface>" host-name "<name_str>"

Hostname of DDNS entry with id <id_num> is cleared.

Source interface of DDNS entry with id <id_num> is cleared.

Agent of DDNS entry with id <id_num> is reset to its default value.

Username and password of DDNS entry with id <id_num> are cleared.

Updates for DDNS entry with id <id_num> are set to be sent in secure (https) mode.

Refresh interval of DDNS entry with id <id_num> is set to default value (168 hours).

Minimum update interval of DDNS entry with id <id_num> is set to default value (60 min)

Server of DDNS entry with id <id_num> is cleared.

No-Change response received for DDNS entry update for id <id_num> user "<name_str1>" domain "<dom_name>" server type "{ ddo | dyndns }", server name "<name_str2>"

Error response received for DDNS entry update for id <id_num> user "<name_str1>" domain "<dom_name>" server type "{ ddo | dyndns }", server name "<name_str2>"

DDNS server <name_str> returned incorrect ip <ip_addr1>, local-ip should be <ip_addr2>

Information

DNS entries have been { manually | automatically } refreshed.

DNS entries have been refreshed by HA.

DNS entries have been refreshed as a result of DNS server address change.


Entitlement
Alert

License key <key_num> is due to expire in a month.

License key <key_num> has expired.

License key <key_num> is due to expire in 2 months.

License key <key_num> is due to expire in 2 weeks.

License key <key_num> expired after 30-day grace period.

Request to retrieve license key failed to reach server by <string>. Server url: <url_str>

Request to register the device failed to reach the server by < string >. Server url: < url_str> 

Notification

<number> license keys were updated successfully by <string>

Received identical license key by <string>

No license key is available for retrieval by <string>

Register device succeeded and warranty key is installed.

Retrieve firmware list failed.

Retrieve firmware list succeeded: <number> firmware.


FIPS
Notification

FIPS error <reason> error code <number>.


Flow
Alert 

Shared to fair transition forced.

Shared to fair transition: utilization <utilization> >= threshold <threshold>.

Critical

Fair to shared transition: time limit exceeded.

Fair to shared transition: utilization <utilization> < threshold <threshold>.

Fair to shared transition forced.

Notification 

CPU limit <state>

Shared to fair threshold changed from <old threshold> to <new state>.

Shared to fair hold-down time changed from <old time> to <new time>.

Desired fair mode changed from <old fair mode> to <new fair mode>.

Fair to shared time changed from <old value> to <new value>.

Fair to shared threshold changed from <old value> to <new value>.

Fair to shared hold-down time changed from <old time> to <new time>.

Transparent virtual wire mode has been { enabled | disabled }

High watermark for early aging has been changed to the default (<number>).

Low watermark for early aging has been changed to the default (<number>).

The aggressive age-out value has been changed to the default (<number>).

High watermark for early aging has been changed from <number1> to <number2>

Low watermark for early aging has been changed from <number1> to <number2>

Aggressive age-out value has been changed from <number1> to <number2>.

IP action detected attack attempt <src ip> <src port>-><dst ip> <dst port> vsys: <vsys name> intf: <interface name> [dropping pkt].

Running in Infranet Test mode: Allow packet on Infranet authentication policy. Infranet Controller time-out occurred, timeout action was 'open'.

Running in Infranet Test mode: Allow packet. In Regular mode, would drop packet on Infranet authentication policy since Infranet Controller time-out occurred and timeout action was 'close'.

Running in Infranet Test mode: Infranet authentication succeeded, let the packet through.

Running in Infranet Test mode: Allow packet. In Regular mode, would drop packet on Infranet authentication policy because Infranet authentication table denied it.

Running in Infranet Test mode: Allow packet. In Regular mode, would drop packet on Infranet auth policy since there is no infranet auth table entry 


Frame Relay
Alert

[mlfr/lip]: <interface> detected loop <number> times.

[mlfr/lip]: the bid <string> in the ADD_LINK packet from link <link> is inconsistent with the received bid <string> on the bundle <interface>.

Notification

[fr/lmi]: <interface>: LMI link down due to errors over threshold (n392).

[fr/cfg]: <interface>: {DTE | DCE}.

[fr/cfg]: <interface> LMI : set to {enable | disable}.

[fr/cfg]: <interface> LMI: set <parameter> to <value>

[fr/lmi]: <interface>: {Set | Del the DLCI for the interface}.

[fr/lmi]: <interface> LMI status change to <status>.

[fr/lmi]: <interface> dlci<id> status change to {N(new) | D(delete) | A(active) | I(inactive)}.

[mlfr/cfg]: set interface <interface> encap as mlfr-uni-nni.

[mlfr/cfg]: unset interface <interface> encap from mlfr-uni-nni.

[mlfr/cfg]: set MLFR bundle-id as <bundle-id> for multilink interface <interface>.

[mlfr/cfg]: unset MLFR bundle-id as the name of multilink interface <interface>,

[mlfr/cfg]: set MLFR drop-timeout as <number> for multilink interface <interface>.

[mlfr/cfg]: unset MLFR drop-timeout to 0 (disable) for multilink interface <interface>.

[mlfr/cfg]: set MLFR minimum-links as <number> for multilink interface <interface>.

[mlfr/cfg]: unset MLFR minimum-links to default (1) for multilink interface <interface>.

[mlfr/cfg]: set lip hello-timer as <number>(s) for bundle link <interface>.

[mlfr/cfg]: unset lip hello-timer to default <number>(s) for bundle link <interface>.

[mlfr/cfg]: set lip fragment-threshold as <number> for bundle link <interface>.

[mlfr/cfg]: unset bundle link <interface> lip fragment-threshold to <mtu_value>.

[mlfr/cfg]: set lip acknowledge-retries as <number> for bundle link <interface>.

[mlfr/cfg]: unset lip acknowledge-retries to default <number> for bundle link <interface>.

[mlfr/cfg]: set lip acknowledge-timer as <number> for bundle link <interface>.

[mlfr/cfg]: unset lip acknowledge-timer to default <number> for bundle link <interface>.

[mlfr/cfg]: add link <name> to bundle <name>.

[mlfr/cfg]: delete link <name> from bundle <name>.

[mlfr/lip]: <link_name> LIP FSM: ( { Invalid state | Add_sent | Ack_rx | Add_rx | Up | Idle_pending | Idle | Down | Donw_idle } -> { Invalid state | Add_sent | Ack_rx | Add_rx | Up | Idle_pending | Idle | Down | Donw_idle } ) by event { Invalid event | ADD_LINK(valid) | ADD_LINK(invalid) | ADD_LINK_ACK | ADD_LINK_REJ | HELLO | HELLO_ACK | REMOVE_LINK | REMOVE_LINK_ACK | T_HELLO_EXP | T_ACK_EXP_Retry | T_ACK_EXP_no_Retry | PH_DEACTIVATE | PH_ACTIVATE | PH_DATA | BL_ACTIVATE | BL_DEACTIVATE | BL_

DATA }.

[mlfr/lip]: link interface <interface> LIP is up at bundle <name>.

[mlfr/lip]: link interface <interface> LIP is down at bundle <name>.

[mlfr/lip]: change bundle <name> physical status to up.

[mlfr/lip]: change bundle <name> physical status to down.


GTP
Notification

GTP unsets {min | max} message length; <admin>

GTP {stops | stops} logging for tunnel traffic counters; <admin>

GTP {starts | stops} logging for packet dump; <admin>

GTP {starts | stops} logging for IEs; <admin>

GTP { passes V0 | passes V1 | drops V0 | drops V1 } <gtp_message>; by admin

GTP sets { maximum message length | minimum message length } <number>; by admin

GTP initially allocated; trust_untrust

GTP deletes tunnel <tunnel_index> (teid <tunnel_id>), in <number_in_bytes> out <number_out_bytes>, duration: <number> seconds

<src_interface><src_ip><src_port><dst_interface><dst_ip><dst_port><message_length><packet_contexts><IE_values>{ pass | drop }

Trace <tunnel_index> <src_ip> <dst_ip> <tunnel_id> <dst_port> <message_length>

<packet_content>


H.323
Alert

The number of RAS request messages sent to the GK, <value> exceeds the threshold, <value>.

Notification

Concurrent H.323 calls exceeding maximum limit: <value>.

Failed to get NAT cookie. Too many concurrent H.323 calls: <value>.


HDLC
Notification

Dialup HDLC PPP failed to establish a session. No IP address assigned.

Dialup HDLC PPP session has been successfully established.

Dialup HDLC PPP failed to establish a session: <reason>.


High Availability
Critical

The NSRP configuration is out of synchronization between the local device and the peer device.

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Ineligible.

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Master.

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Backup.

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Primary Backup.

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Init.

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Inoperable.

The local device <device_id> in the Virtual Security Device group <vsd_group_id> sent a 2nd path request to the peer device <device_id>.

The local device <device_id> in the Virtual Security Device group <vsd_group_id> received a 2nd path request from peer device <device_id> to device <device_id>.

NSRP: <link_status>.

NSRP: <link_change_string>.

RTO mirror group <group_ip> with direction <direction> on peer device <device_id> changed from <old_state> to <new_state> state.

RTO mirror group <group_ip> with direction <direction> changed on the local device from <old state> to up state, it had peer device <device_id>.

RTO mirror group <group_ip> with direction <direction> on local device <device_id>, detected a duplicate direction on the peer device <device_id>.

Peer device <device_id> disappeared.

Peer device <device_id> was discovered.

Peer device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to <new_state>.

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to <new_state>.

Notification

The HA channel changed to interface <interface>.

NSRP cluster encryption password changed.

NSRP cluster authentication password changed.

Message <message_type_name> was dropped because it contained an invalid encryption password.

Virtual Security Device group <vsd_group_id> changed to preempt mode.

Virtual Security Device group <vsd_group_id> changed to non-preempt mode.

The heartbeat interval of all Virtual Security Device groups changed from <number> (milliseconds) to <number> (milliseconds).

Device <device_id> has joined NSRP cluster <cluster_id>.

Device <device_id> quit current NSRP cluster <cluster_id>.

Virtual Security Device group <vsd_group_id> was deleted. The total number of members in the group was <number>.

Virtual Security Device group <vsd_group_id> was created. The total number of members in the group is <number>.

Virtual Security Device group <vsd_group_id> priority changed from <old_priority> to <new_priority>.

The secondary HA path of the devices changed from <path1> to <path2>.

The secondary HA path of the devices was set to interface <interface_name>, with ifnum <interface_number>.

The interface <interface_name> with ifnum <interface_number> was removed from the secondary HA path of the devices.

NSRP: HA link probe enabled.

The probe that detects the status of High Availability link <link_name> was disabled.

The interval of the probe detecting the status of High Availability link <link_name> was set to <number> seconds.

The threshold of the probe detecting the status of High Availability link <link_name> was set to <threshold_value>.

A request by device <device_id> for session synchronization(s) was accepted.

The current session synchronization by device <device_id> completed.

Run Time Object mirror group <mirror_group_id> direction was set to <direction>.

Run Time Object mirror group <mirror_group_id> was set.

Run Time Object mirror group <mirror_group_id> with direction <direction> was unset.

RTO mirror group <mirror_group_id> was unset.

Interface <interface_name> was removed from the monitoring list for <monitoring_list_name>.

Interface <interface_name> with weight <weight_value> was added to or updated on the monitoring list for <monitoring_list_name>.

Zone <zone_name> was removed from the monitoring list for <monitoring_list_name>.

Zone <zone_name> with weight <weight_value> was added to or updated on the monitoring list for <monitoring_list_name>.

The monitoring threshold was modified to <threshold_value> for <monitoring_list_name>.

The NSRP encryption key was changed.

NSRP data forwarding was enabled.

NSRP data forwarding was disabled.

NSRP black hole prevention enabled. Master(s) of Virtual Security Device groups always exists.

NSRP black hole prevention disabled. Master(s) of Virtual Security Device groups might not exist.

NSRP transparent Active-Active mode was enabled.

NSRP transparent Active-Active mode was disabled.

NSRP Run Time Object synchronization between devices was enabled.

NSRP Run Time Object synchronization between devices was disabled.

Information

HA: Synchronization file(s) <filename> sent to backup device in cluster.

Critical

Track IP IP address <IP_address> failed.

Track IP IP address <IP_address> succeeded.

Track IP failure reached threshold.

Device cannot create Track IP object list.

Device cannot create Track IP list.

No interface/route enables the Track IP IP address <IP_address> to be transmitted.

Notification

Track IP IP address <IP_address> added with an interval of <seconds> seconds, a threshold of <threshold>, a weight of <weight> on interface <interface_name> using method <method_name>.

Track IP IP address <IP_address> removed.

Track IP <ip_address> interval changed from <seconds1> to <seconds2>.

Track IP <ip_address> threshold value changed from <threshold1> to <threshold2>.

Track IP <ip_address> weight changed from <weight1> to <weight2>.

Track IP <ip_address> interface changed from <interface_number1> to <interface_number2>.

Track IP <ip_address> method changed from method name <method_name1> to <method_name2>

Track IP <ip_address> gateway was changed from gateway IP address <ip_address> to <ip_address>.

Track IP <ip_address> gateway was changed from gateway IP address <ip_address> to the interface default gateway.

Track IP <ip_address> gateway was changed from the interface default gateway to gateway IP address <ip_address>.

Track IP <information>.

Track IP default gateway updated.

Track IP default gateway enabled.

Track IP default gateway disabled.

Track IP threshold set to <number>.

Track IP threshold set to default.

Track IP object <name> weight value set to <number>.

Track IP object <name> weight value set to default.


IGMP
Notification 

IGMP host instance was { created | deleted } on interface <interface>.

IGMP router instance was { created | deleted } on interface <interface>.

IGMP function was { enabled | disabled } on interface <interface>.

IGMP will not do same subnet check on interface <interface>.

IGMP will do same subnet check on interface <interface>.

IGMP will not do router alert IP option check on interface <interface>.

IGMP will do router alert IP option check on interface <interface>.

IGMP version was changed to <number> on interface <interface>.

IGMP query interval was changed to <number> seconds on interface <interface>.

IGMP query max response time was changed to <number> seconds on interface <interface>.

IGMP leave interval was changed to <number> seconds on interface <interface>.

IGMP last member query interval was changed to <number> seconds on interface <interface>.

IGMP routers accept list ID was changed to <id_num> on interface <interface>.

IGMP hosts accept list ID was changed to <id_num> on interface <interface>.

IGMP groups accept list ID was changed to <id_num> on interface <interface>.

IGMP group <id_num> static flag was removed on interface <interface>. The IGMP group is no longer static.

IGMP all groups static flag was removed on interface <interface>. The IGMP groups are no longer static.

IGMP static group <id_num> was added on interface <interface>.

IGMP group <id_num> static flag was added on interface <interface>.

IGMP proxy was disabled on interface <interface>.

IGMP proxy was enabled on interface <interface>.

IGMP proxy always is disabled on interface <interface>.

IGMP proxy always is enabled on interface <interface>.

IGMP group <mcast_addr> static flag was removed on interface <interface>.

IGMP all groups static flag was removed on interface <interface>.

IGMP static group <mcast_addr> was added on interface <interface>.


IKE
Alert

IKE <ip_addr>: Policy Manager's default CA is used by peer to establish an IPSec VPN.

IPSec tunnel on int <interface> with tunnel ID <id_num> received a packet with a bad SPI. <src_ip_addr>-><dst_ip_addr>/<pckt_len>, { ESP | AH }, SPI <number1>, SEQ <number2>

Critical

Replay packet detected on IPSec tunnel on <interface> with tunnel ID <number>! From <src_ip_addr> to <dst_ip_addr>/<pckt_len>, { ESP | AH }, SPI <number1>, SEQ <number2>.

Number of IAS exceeds configured maximum <number>.

Number of IAS crossed configured upper threshold <number>.

Number of IAS crossed configured lower threshold <number>.

IAS for peer <ip_addr> has IKE error: <id_num>

Attack alarm: IKE ID enumeration attack on interface <interface> from src_ip <ip_addr>.

Notification

Gateway <name_str> at <ip_addr> in { Main | Aggressive } mode with ID <string> has been { added | modified | deleted }

P1 proposal <name_str> with { Preshared | RSA-sig | DSA-sig }, DH group { 0 | 1 | 2 | 5 }, ESP { NULL | DES | 3DES | AES128 | AES192 | AES256 }, auth { NULL | MD5 | SHA-1 }, and lifetime <number> has been { added | modified | deleted }.

P2 proposal <name_str> with DH group { 0 | 1 | 2 | 5 }, { AH | ESP }, enc { NULL | DES | 3DES | AES128 | AES192 | AES256 }, auth { NULL | MD5 | SHA-1 }, and lifetime (<number> sec/<number> KB) has been { added | modified | deleted }.

Information

IKE <ip_addr1> >> <ip_addr2> Phase 1: Initiated negotiations in { Aggressive | Main } mode.

IKE <ip_addr> Phase 1: Responder starts { Main | Aggressive } mode negotiations.

IKE<ip_addr>: The initial contact task is already in the task list.

IKE <ip_addr> Phase 1: Completed { Aggressive | Main } mode negotiations with a <number>-second lifetime.

IKE <ip_addr> Phase 1: Completed for user <name_str>.

IKE <ip_addr> Phase 1: Discarded a second initial packet, which arrived within 5 seconds after the first.

IKE <ip_addr> Phase 1: Discarded peer's P1 request because there are currently <number1> sessions--max is <number2>.

IKE <ip_addr> Phase 2: Initiated negotiations.

IKE <ip_addr> Phase 2 msg ID <id_num>: Responded to the peer's first message [ from user <name_str> ].

IKE <ip_addr>: Added the initial contact task to the task list.

IKE <ip_addr>: Phase 2 negotiation request is already in the task list. 

IKE <ip_addr>: Added Phase 2 session tasks to the task list. 

IKE <ip_addr> Phase 2 msg ID <number>: Completed negotiations with SPI <number1>, tunnel ID <number2>, and lifetime <number3> sec/<number> KB.

IKE<ip_addr> Phase 2 msg-id <number>: Completed for user <name_str>.

IKE <ip_addr>: Received a TRNXTN_XCHG packet with payload type <number>.

Received an IKE packet on <interface> from <ip_addr1:port_num1> to <ip_addr2:port_num2>. Cookies: <string1>, <string2>.

Rejected an IKE packet on <interface> from <src_ip_addr>:<src_port> to <dst_ip_addr>:<dst_port>, with cookies <string1> and <string2> because <reason> 

IKE: User <name_str> with ID <number> requested a connection.

IKE <ip_addr> Phase 1: { Aggressive | Main } mode negotiations have failed.

IKE <ip_addr> Phase 1: Negotiations have failed for user <name_str>.

IKE <ip_addr> Phase 1: Cannot use a preshared key because the peer gateway <ip_addr> has a dynamic IP address and negotiations are in Main mode.

IKE <ip_addr> Phase 1: Retransmission limit has been reached.

IKE <ip_addr>: Phase 1 SA (my cookie: <number>) was removed due to a simultaneous rekey.

IKE<ip_addr>: User <name_str> has exceeded the configured share-limit of <number>.

IKE <ip_addr> Phase 2 msg ID <number>: Negotiations have failed.

IKE <ip_addr> Phase 2 msg ID <number>: Negotiations have failed for user <name_str>.

There were no acceptable Phase 2 proposals.

IKE <ip_addr> Phase { 1 | 2 }: Aborted negotiations because the time limit has elapsed. { (<p1_state_mask/p1_state>) | (<p1_state_mask/p1_state>, session ID <id_num>) }

IKE <ip_addr> Phase 2: Received DH group <number1> instead of expected group <number2> for PFS.

IKE <ip_addr> Phase 1: Cert received has a different { IP address | FQDN | UFQDN } SubAltName than expected.

IKE <ip_addr> Phase 1: Cert received has a subject name that does not match the ID payload.

IKE <ip_addr>: Sent initial contact notification to peer to use a new SA.

IKE <ip_addr>: Sent an initial contact notification message because of a bad SPI. 

IKE <ip_addr>: Received a notification message for DOI <doi_number> <type_value> <msg_text>.

IKE <ip_addr> Phase 2 msg ID <number1>: Received responder lifetime notification. (<number2> sec/<number> KB)

IKE <ip_addr>: Received initial contact notification and removed Phase { 1 | 2 } SAs.

IKE <ip_addr>: Removed Phase 2 SAs after receiving a notification message.

IKE DPD found peer at <ip_addr> not responding.

IKE DPD configuration changed, <string>

IKE <ip_addr>: Dropped a packet from the peer because no policy permits it.

IKE <ip_addr> Phase 2: Received a message but did not check a policy because id-mode was set to IP or policy-checking was disabled.

IKE <ip_addr> Phase 2: Negotiations have failed. Policy-checking has been disabled but multiple VPN policies to the peer exist.

IKE <ip_addr> Phase 2: No policy exists for the proxy ID received: local ID (<ip_addr>/<mask>, <protocol>, <port_num>) remote ID (<ip_addr>/<mask>, <protocol>, <port_num>).

IKE <ip_addr> Phase 1: Received an invalid RSA signature.

IKE <ip_addr> Phase 1: No private key exists to sign packets.

IKE <ip_addr> Phase 1: Received an incorrect public key authentication method.

IKE <ip_addr> Phase 1: Cannot verify { RSA | DSA } signature.

IKE <ip_addr>: Missing heartbeats have exceeded the threshold. All Phase 1 and 2 SAs have been removed.

IKE <ip_addr>: Heartbeats have been lost <number> times. 

IKE <ip_addr>: Changed heartbeat interval to <number>.

IKE <ip_addr>: Heartbeats have been disabled because the peer is not sending them.

IKE gateway <name_str> has been enabled. The peer address <hostname[.dom_name]> has been resolved to <ip_addr>.

IKE gateway <name_str> has been disabled. The peer address< hostname[.dom_name]> cannot be resolved to an IP address.

IKE gateway< name> has been disabled because the peer IP address <ip_addr> is already in use by another IKE gateway on interface <interface>.

IKE <ip_addr>: XAuth login { was passed | was aborted | failed } for gateway <name_str>, username <name_str>, retry: <number> [ timeout <number>]

IKE <ip_addr1>: XAuth login expired and was terminated for username <name_str> at <ip_addr2>.

IKE <ip_addr1>: XAuth login was refreshed for username <name_str> at <ip_addr2>.

IKE <ip_addr1>: XAuth login was terminated because the user logged in again. Previous gateway: <ip_addr3>. Username: <name_str> at <ip_addr2>.

IKE: XAuth assign prefix <ip_addr>/<number> to interface <interface>.

IKE: XAuth assign prefix <ip_addr>/<number> to interface <interface> failed.

IKE: XAuth assign DNS <interface>.

IKE: XAuth assign dns1 <ip_addr1> dns2 <ip_addr2> wins1 <ip_addr3> wins2 <ip_addr4>.

IKE: XAuth no more IP addresses in IP pool < pool name >.

IKE: XAuth IP pool < pool name >not configured.

IKE <ip_addr>: New SA (ID <id_num> is up. Switch policy ID <id_num1> from SA <id_num2>.

IKE <ip_addr>: An SA for VPN ID <tun_id_num1> with a higher weight replaced the SA for VPN ID <tun_id_num2> in policy ID <pol_id_num>

IAS for peer <ip_addr> and XAUTH user <name_str> activated.

IAS for peer <ip_addr> and XAUTH user <name_str> terminated by <string>.

IAS for peer <peer_IP> and XAUTH user <username> activated.

IAS for peer <peer_IP> and XAUTH user <username> terminated by <term_cause>.

IKE <ip_addr> Phase 1: IKE {initiator | responder} has detected NAT in front of the local device.

IKE <ip_addr> Phase 1: IKE {initiator | responder} has detected NAT in front of the {local | remote} device.


Interface
Critical

Failover to secondary untrust interface occurred.

Recovery to primary untrust interface occurred.

L3 backup failover from interface <primary_interface> to interface <backup_interface>.

L3 backup recover from interface <backup_interface> to interface <primary_interface>.

Notification

Interface <interface> IP address cannot be used to manage the device.

Interface <interface> IP address can be used to manage the device.

Interface <interface> holddown time interval has been set to <number>.

Interface <interface> has been added to redundant interface <interface>.

Interface <interface> has been removed from redundant interface <interface>.

Interface <interface> has been added to aggregate interface <interface>.

Interface <interface> has been removed from aggregate interface <interface>.

Interface <interface> has been added to shared interface <interface>.

Interface <interface> has been removed from shared interface <interface>.

Interface <interface> IP has been changed from <ip_addr1> to <ip_addr2> <change_string>.

Interface <interface> netmask has been changed from <mask1> to <mask2> <change_string>.

Interface <interface> gateway IP has been changed from <ip_addr1> to <ip_addr2> <change_string>.

Interface <interface> operational mode has been changed to {NAT | Route} <change_string>.

Interface <interface> management IP has been changed from <ip_addr> to <ip_addr> <change_string>.

Interface <interface> in <vsys> with IP <ip_addr> mask <mask> tag <id_num> was created <change_string>.

Interface <interface> in <vsys> with IP <ip_addr> mask <mask> was created <change_string>.

Interface <interface> in <vsys> was removed <change_string>.

Interface <interface> was unbound from zone <zone> <change_string>.

Interface <interface> was bound to zone <zone> <change_string>.

Maximum bandwidth <number1> Kbps on interface <interface> is less than total guaranteed bandwidth <number2> Kbps.

Interface <interface> bandwidth has been changed to <number> Kbps.

Interface <interface> 802.1Q tag has been removed <change_string>.

Interface <interface> 802.1Q tag has been changed to <number> <change_string>.

Interface <interface> 802.1Q VLAN trunking has been turned ON <change_string>.

Interface <interface> 802.1Q VLAN trunking has been turned OFF <change_string>.

802.1Q VLAN tag <number> has been created.

802.1Q VLAN tag <number> has been removed.

Interface <interface> has been changed from local to VSI.

Interface <interface> has been changed from VSI to local.

Route between secondary IP addresses on interface <interface> has been disabled.

Route between secondary IP addresses on interface <interface> has been enabled.

Secondary IP address <ip_addr>/<mask> has been added to interface <interface>.

Secondary IP address <ip_addr>/<mask> has been deleted from interface <interface>.

MTU for interface <interface> has been changed to <number>.

Interface <interface1> was removed from the monitoring list of <interface2>.

Interface <interface> with weight <weight> was added to the monitoring list of <interface2>.

Zone <zone> was removed from the monitoring list of <interface>.

Zone <zone> with weight <weight> was added to the monitoring list of <interface>.

Monitoring threshold was modified to <threshold> of <interface>.

Mtrace has been { enabled | disabled } on interface <interface> <change_string>.

NSGP <IPSec> has been {enabled | disabled} on interface <interface> <change_string>.

DNS proxy was {enabled | disabled} on interface <interface>.

Interface <interface> switching to auto-negotiating mode.

Interface <interface> switching to G.Lite mode.

Interface <interface> switching to ANSI T1.413 Issue 2 mode.

Interface <interface> switching to ITU G.992.1 mode.

Interface <interface> switching to loopback mode.

IPv4 Path-MTU has been {enabled | disabled} on interface <interface> <change_string>.

IPv6 Path-MTU has been {enabled | disabled} on interface <interface> <change_string>.

<phy_name> for interface <interface> has been changed to <new_value>.

Admin status for interface <interface> has been changed to <value>.

Primary interface <interface1> set backup interface <interface2>, type is <type>.

Primary interface <interface1> unset backup interface <interface2>.

Activation delay for interface <primary_interface> has been changed to <number>.

Deactivation delay for interface <primary_interface> has been changed to <number>.

Auto-failover for interface <primary_interface> has been changed to <state>.

Interface <adsl_interface> switching to ITU G.992.3 mode.

Interface <adsl_interface> switching to ITU G.992.5 mode.

Interface <adsl_interface> switching to ITU G.992.3 del test mode.

Interface <adsl_interface> switching to ITU G.992.5 del test mode.

The physical state of interface <interface> has changed to {up | down}.

A dialer CLI is configured: <CLI string>

Interface <interface name>dialed out at channel <channel>.

Interface <interface name> is connected at channel <channel>.

Interface <interface name> is disconnecting at channel <channel>.

Interface <interface name> disconnects at channel <channel>.

Interface <interface name> idle timer expired.

Interface <interface name> traffic (bps) increased (greater than load-threshold).

Interface <interface name> traffic (bps) decreased (less than load-threshold).

Ping has been {enabled | disabled} on interface <interface> <change_string>.

Telnet has been {enabled | disabled} on interface <interface><change_string>.

SCS has been {enabled | disabled} on interface <interface> <change_string>.

SNMP has been {enabled | disabled} on interface <interface> <change_string>.

Global-PRO has been {enabled | disabled} on interface <interface> <change_string>.

Web has been {enabled | disabled} on interface <interface> <change_string>.

SSL has been {enabled | disabled} on interface <interface> <change_string>.

Ident-reset has been {enabled | disabled} on interface <interface> <change_string>.


Interface6
Critical

DAD detected duplicates for IPv6 address <IPv6_addr> on interface <interface>

Notification

Initalized IPv6 address <IPv6_addr> on interface <interface>

DAD completed for IPv6 address <IPv6_addr> on interface <interface>

IPv6 Router advertisement transmission {enabled | disabled } on interface <interface>

IPv6 Router advertisement reception {enabled | disabled } on interface <interface>


ISDN
Notification

[isdn] Interface <interface_name> is configured for leased-line <number>.

[isdn] Leased-line is removed for interface <interface_name>.

[isdn] Interface <interface_name> is configured to work with switch type <string> (after reboot).

[isdn] Interface <interface_name> is set for TEI negotiation at <string>.

[isdn] The calling number for interface <interface_name> is set to <string>.

[isdn] Interface <interface_name> will send \"Sending Complete\" in SETUP message.

[isdn] Interface %s will not send \"Sending Complete\" in SETUP message.

[isdn] SPID1 for interface <interface_name> is set to <string>.

[isdn] SPID2 for interface <interface_name> is set to <string>.

[isdn] The T310 value for interface <interface_name> is changed from <number> to <number>.

[isdn] Layer2 is { up | down } on D channel <number>.

[isdn] Interface <number> connected on B channel <channel_number>.

[isdn] Interface <number> disconnected on B channel <channel_number>.


L2TP
Alert

Receive StopCCN_msg, remove l2tp tunnel (<ip_addr1 - <ip_addr2>), Result code <id_num> (<string>).

Receive StopCCN_msg, remove l2tp tunnel (<ip_addr1 - <ip_addr2>), Result code <number> (<string>), Error code <id_num> (<string>).

Receive CDN_msg, remove l2tp call, id = <number>, user = <usr_str>, assigned ip = <ip_addr>, Result code <number> (<string>).

Receive CDN_msg, remove l2tp call, id = <number>, user = <usr_str>, assigned ip = <ip_addr>, Result code <number> (<string>), Error code <id_num> (<string>).

Notification

L2TP ippool is unset to default.

L2TP { primary | secondary } { DNS | WINS } server is unset to default.

L2TP RADIUS server is unset to default.

L2TP RADIUS secret is unset to default.

L2TP RADIUS port changed to <port_num>

L2TP default ippool changed from "<name_str1>" to "<name_str2>"

L2TP default { primary | secondary } { DNS | WINS } server changed from <ip_addr1> to <ip_addr2>

L2TP default auth type changed to <string>

L2TP default PPP auth type changed to { PAP | CHAP | ALL }.

L2TP default RADIUS server changed to <serv_name>

L2TP default RADIUS secret changed to "<secret>"

L2TP default RADUIS port changed to <port_num>

L2TP "<name_str>", all-L2TP-users secret "<secret>" keepalive <number> has been { modified | added }

L2TP "<name_str>", { <user_name> | <grp_name> } ID <id_num> secret "<secret>" keepalive <number> has been { modified | added }

Information

L2TP tunnel <name_str> created between <ip_addr1>:<port_num1> and <ip_addr1>:<port_num2>

Incorrect L2TP secret in tunnel authentication for L2TP (<ip_addr>).

Incorrect L2TP secret in tunnel auth for L2TP (<ip_addr>).

L2TP (<ip_addr1>/<port_num1> - <ip_addr2>/<port_num2>), user authentication passed. IP address <ip_addr3> assigned to user.

L2TP at <ip_addr> PPP failed, Failure in <peer_ip< <error code><failure_str>

Retry time-out interval expired. L2TP call (peer at <ip_addr1>, local at <ip_addr2>) removed, tunnel ID <id_num>, call ID <id_num>

Retry time-out interval expired. L2TP tunnel removed (peer at <ip_addr1>, local at <ip_addr2>), tunnel ID <id_num>


Logging
Critical

System memory is low (<number1> allocated out of <number2> ) <number3> times in 1 minute

System CPU utilization is high (<number1> > alarm threshold: <number2>) <number3> times in 1 minute

{Traffic log | Alarm log | Event log | Self log | Asset Recovery log } has overflowed

Warning

Cannot connect to e-mail server <serv_name>.

Mail server is not configured.

Mail recipients were not configured.

Unexpected error from e-mail server (state=<id_num>): <string>

Notification

E-mail notification has been { enabled | disabled }.

Mail server { IP address | domain name } has been changed.

E-mail address { 1 | 2 } has been changed.

Inclusion of traffic logs with e-mail notification of event alarms has been { enabled | disabled }.

VPN management tunnel has been disabled.

VPN management tunnel has been enabled.

CLI logging has been enabled by < admin_name >.

CLI logging has been disabled by < admin_name >.

CLI logging has been set to < number > bytes by < admin_name >.

All logged events or alarms were cleared

Log setting was modified to { enable | disable } <level> level 

{ Alarm | Traffic | Event | Asset-recovery | Self | System } log was reviewed.

All {self logs | traffic logs } were cleared.

Information

Log buffer was full and remaining messages were sent to external destination. <number> packets were dropped. 


MGCP
Alert

The device cannot initialize memory for MGCP.

The device cannot unregister MGCP ALG handler.

The device cannot register the Network Address Translation vector for the MGCP ALG request.

The device cannot register MGCP UA Port.

The device cannot delete MGCP UA ALG Port.

The device cannot register MGCP CA Port.

The device cannot delete MGCP CA Port.

The device cannot register the MGCP ALG request to RM.

The device does not have MGCP ALG client id with RM.

The device failed in unregistering MGCP client with RM.


MIP
Notification

Mapped IP <ip_addr1> - <ip_addr2> has been { added | modified | deleted }


Multicast
Alert

Error in initializing multicast

Failure in initializing multicast route task.

Failure in initializing multicast data handler task.

Failure in shutting down multicast route task.

Failure in registering for multicast data packet.

System-wide multicast cachemiss node limit reached, <number>nodes not added since limit exceeded.

Critical

System wide multicast route limit exceeded, mroute add failed

System wide multicast route limit reached, <number> routes not added since limit exceeded.

<vrouter>: virtual router multicast route limit exceeded, mroute addition failed.

<vrouter>: virtual router multicast route maximum, routes not added since limit exceeded - <number>

Failure adding output interface to multicast route list due to exceeding system max. <number> interfaces not added since limit exceeded.

Notification

Remove multicast policy from <src-zone> <mcast_addr> to <dst-zone> <mcast_addr> 

Add multicast policy from <src-zone> <mcast_addr> to <dst-zone> <mcast_addr>

<vrouter>: static multicast route src=<ip_addr>, grp=<mcast_addr> input ifp = <interface1> output ifp = <interface2> added.

<vrouter>: static multicast route src=<ip_addr>, grp=<mcast_addr> ifp = <interface> deleted.

<vrouter>: maximum multicast routes limit removed.

<vrouter>: maximum multicast routes limit configured to <number>.

<vrouter>: multicast negative cache routes feature { configured | removed }.

<vrouter>: multicast negative cache routes timer configured to <number> seconds.

<vrouter>: multicast negative cache routes timer configured to default.


NSM
Notification

NSM has been { enabled | disabled }.

User-defined service <svc_name> has been { added to | removed from } protocol distribution.

Reporting of protocol distribution table to NSM has been { enabled | disabled }.

Reporting of ethernet statistics table to NSM has been { enabled | disabled }.

Reporting of attack statistics table to NSM has been { enabled | disabled }.

Reporting of flow statistics table to NSM has been { enabled | disabled }.

Reporting of policy table to NSM has been { enabled | disabled }.

Reporting of traffic alarms to NSM has been { enabled | disabled }.

Reporting of attack alarms to NSM has been { enabled | disabled }.

Reporting of miscellaneous alarms to NSM has been { enabled | disabled }.

Reporting of configuration logs to NSM has been { enabled | disabled }.

Reporting of information logs to NSM has been { enabled | disabled }.

Reporting of self management logs to NSM has been { enabled | disabled }.

Reporting of traffic logs to NSM has been { enabled | disabled }.

Reporting of deep inspection alarms to NSM has been { enabled | disabled }.

NSM device ID was { set to <string> | unset }.

NSM one-time-password was { set | unset }.

NSM installer name [ (<string>) ] and password were { set | unset }.

NSM { primary | secondary } server with name <serv_name> was set: addr <ip_addr>, port <port_num>

NSM { primary | secondary } server with name <serv_name> was unset.

Information

NSM keys were deleted.

NSM: Connection to NSM server at <ip_addr> is down

NSM: Connected to NSM server at <ip_addr> (<number> connect attempt(s))

NSM: Cannot connect to NSM server at <ip_addr>. Reason: <string> (<number> connect attempt(s))

NSM: Sent <number> message


NSRD
Error 

Error <id_num> occurred during configlet file processing.

Warning

Error <id_num> occurred, causing failure to establish secure management with Management System.

Configlet file authentication failed.

Configlet file decryption failed.

Information

Secure management established successfully with remote server.

Rapid Deployment cannot start because gateway has undergone configuration changes.


NTP
Notification

Administrator <admin_name> changed the Network Time Protocol maximum adjustment value from <number> to <number> seconds 

Administrator <admin_name> changed the Network Time Protocol authentication mode <mode> 

Network Time Protocol settings changed.

Network Time Protocol adjustment of <number> ms from NTP server <server_name> exceeds the allowed adjustment of <number1> ms.

An error occurred in setting the system clock.

The security device is attempting to contact the primary NTP server <server_name>

The security device is attempting to contact the primary backup NTP server <server_name>

The security device is attempting to contact the secondary backup NTP server <server_name>

Authentication failed for Network Time Protocol server <server_type> <server_name> because <failure_reason>

NTP request cannot be sent. No key ID found for Network Time Protocol server <server_type> <server_name>

NTP request cannot be sent. No key found for server <server_type> <server_name>

<server_type> NTP server <server_name> could not be contacted.

No NTP server could be contacted.

An acceptable time could not be obtained from <server_type> NTP server <server_name>

No acceptable time could be obtained from any NTP server.

An administrator aborted the NTP time update.


OSPF
Critical

LSA flood in OSPF with router ID <router_id> on interface <interface> forced the interface to drop a packet.

OSPF instance with router ID <router_id> received a Hello packet flood from neighbor (IP address <ip_addr>, router ID <neighbor_router_id>) on interface <interface> forcing the interface to drop the packet.

LSA ID<lsa_id>, router ID <router_ID>, type <type> cannot be deleted from the real-time database in area <area>

The total number of redistributed routes into OSPF in vrouter (<vrouter>) exceeded system limit (<number>)

Reject second OSPF neighbor (<neighbor_ip_addr>) on interface (<interface>) since it's configured as point-to-point interface

Notification

{ set | unset } virtual router <virtual_router> with the OSPF protocol <command>

{ set | unset } virtual router <virtual_router> with the configuration command <command>

<configuration_command>

OSPF virtual routing instance in virtual router <virtual_router> {created | deleted}.

Information

Neighbor router ID - <neighbor_router_ID> IP address - <neighbor_router_ip_address> changed its state to <state>.

LSA in following area aged out: LSA area ID <area> LSA ID <lsa_id>, router ID <router_id>, type <type> in OSPF.

The system killed OSPF neighbor because the current router could not see itself in the hello packet. Neighbor changed state from <previous_state> to Init state, (neighbor router-id <neighbor_router_id>, ip-address <neighbor_ip_address>).

The system killed OSPF neighbor because of elapsed Hello time <hello_interval> sec (neighbor router-id <router_id>, ip-address <router_IP_address>)

Killing of OSPF neighbor <neighbor> delayed by <seconds> seconds, last hello packet received time <time> ms and last processed hello packet occurring at <time> ms.

OSPF neighbor <neighbor> timeout, with last hello packet received at time <time> ms, and last processed hello packet occurring at time <time> ms, current elapsed time in seconds <seconds>.

OSPF interface <interface> has become inactive, kill neighbor (IP address <ip_addr> router ID <id>) on this interface.

OSPF packet retransmit counter exceeds limit, killing neighbor (IP address <ip_addr> router ID <id>).


PBR
Critical

Unable to add PBR policy \"<policy_name>\" in virtual router \"<router_name>\". Exceeded maximum number of policies (<maximum_policies>).

Error in rebuilding the PBR policy lookup tree for \"<policy_name>\" in virtual router \"<router_name>\".

Notification

PBR policy \"<policy_name>\" is added to virtual router \"<router_name>\". Total policies in vr: <total_policies>.

PBR policy \"<policy_name>\" is deleted to virtual router \"<router_name>\". Total policies in vr: <total_policies>.

Information

PBR policy \"<policy_name>\" lookup tree rebuild event posted for virtual router \"<router_name>\"

PBR policy \"<policy_name>\" lookup tree is rebuilt successfully in virtual router \"<router_name>\"


PIM
Alert

PIMSM Error in initializing interface state change

PIMSM Error in initializing interface delete handler

PIMSM Error in initializing vrouter delete handler

PIMSM Error in initializing zone delete handler

PIMSM Error in initializing IP change handler

PIMSM Error in initializing packet copy handler

PIMSM Error in initializing MCAST policy change handler.

PIMSM Error in initializing drp vsi elect change handler

PIMSM Error in initializing nsrp state change handler.

PIMSM Error in initializing access-list change handler.

Notification

PIMSM protocol configured on interface <interface>

PIMSM protocol enabled on interface <interface>

PIMSM interface <interface> DR priority set to <number>

PIMSM interface <interface> Join-Prune Interval set to <number> seconds

PIMSM interface <interface>'s Hello Interval set to <number> seconds

PIMSM interface <interface> accept neighbors access list <id_num> configured

PIMSM interface <interface> configured as boot-strap border

PIMSM interface <interface> hello holdtime set to <number> seconds

PIMSM protocol unconfigured on interface <interface>

PIMSM protocol disabled on interface <interface>

PIMSM interface <interface> neighbor access list removed.

PIMSM interface <interface> BSR border removed.

PIMSM protocol disabled in vrouter <vrouter>

Vrouter <vrouter> PIMSM SPT threshold set to <number> packets per second

Vrouter <vrouter> PIMSM source access list for multicast group <mcast_addr> removed

Vrouter <vrouter> PIMSM Rendezvous point access list for multicast group <mcast_addr> removed

Vrouter <vrouter> PIMSM multicast group access list removed

Vrouter <vrouter> PIMSM RP <ip_addr> removed from zone <zone>

Vrouter <vrouter> PIMSM RP Candidate removed from zone <zone>

Vrouter <vrouter> PIMSM RP Proxy removed from zone <zone> 

PIMSM protocol enabled in vrouter <vrouter> 

Vrouter <vrouter> PIMSM SPT threshold set to infinity

Vrouter <vrouter> PIMSM multicast group <mcast_addr> has been configured with source access list <id_num>

Vrouter <vrouter> PIMSM multicast group <mcast_addr> has been configured with RP access list <id_num>

Vrouter <vrouter> PIMSM multicast group access-list <id_num> has been configured 

Vrouter <vrouter> PIMSM zone <zone> configured as RP Proxy.

Vrouter <vrouter> PIMSM RP address <ip_addr> configured for multicast group access list <id_num> in zone <zone>

Vrouter <vrouter> PIMSM RP candidate on interface <interface> configured for multicast group access list <id_num> in zone <zone> with priority <number> and holdtime <number>

PIMSM protocol configured in vrouter <vrouter>

PIMSM protocol removed from vrouter <vrouter>

Vrouter <vrouter> PIMSM cannot process non-multicast address <mcast_addr> 


PKI
Notification

PKI: The device failed to generate the certificate request file in PKCS #10 format.

PKI: Verified cert with subject name <name_str>

PKI: Unable to get issuer cert for cert with subject name <name_str>

PKI: Failed to obtain CRL for CA issuing cert with subject name <name_str>

PKI: Unable to decrypt signature of cert with subject name <name_str>

PKI: Unable to decrypt signature of CRL for cert with subject name <name_str>

PKI: Unable to decode issuer's public key for cert with subject name <name_str>

PKI: Unable to authenticate cert with subject name <name_str>

PKI: CRL has bad signature for cert with subject name <name_str>

PKI: Cert is not yet valid (subject name <name_str>)

PKI: Cert has expired (subject name <name_str>)

PKI: CRL is not yet valid for cert with subject name <name_str>

PKI: CRL has expired for cert with subject name <name_str>

PKI: Format error in the { notBefore | notAfter } field of cert with subject name <name_str>

PKI: Format error in CRL { lastUpdate | nextUpdate } field for cert with subject name <name_str>

PKI: Out of memory. Cannot process cert with subject name <string>

PKI: Received a self-signed cert with subject name <string>

PKI: Received a self-signed cert in a certificate chain for cert with subject name <name_str>

PKI: Unable to get local issuer cert for cert with subject name <name_str>

PKI: Unable to verify first cert in a certificate chain (subject name <name_str>)

PKI: Certificate chain is too long for cert with subject name <name_str>

PKI: Cannot return to the original certificate chain. Cookies: (<id_num1>) (<id_num2>) (<id_num3>) (<id_num4>)

PKI: Internal configuration error. Cannot verify cert with subject name <name_str>

PKI: No revocation check, per config, for cert with subject name <name_str>

PKI: Cannot decrypt public key of cert with subject name <name_str>

PKI: Top cert of chain for peer's cert was wrong. Config required <name_str>, but derived <name_str>.

PKI: CRL has expired. (CA <name_str>)

PKI: CRL will be refreshed as configured on the interupdate refresh setting. (CA <name_str>)

PKI: The CRL has a bad timestamp. (CA <name_str>)

PKI: Unable to verify the validity of cert with subject name <name_str>

PKI: An incoming certificate is broken.

PKI: Per config, accepted cert even though CRL has a bad signature. (subject name <name_str>)

PKI: CRL is not issued by the CA that signed the cert with subject name <name_str>

PKI: Invalid certificate (subject name <name_str>)

PKI: Certificate has been revoked (subject name <name_str>)

PKI: Per config, accepted cert even though revocation check was inconclusive (subject name <name_str>)

PKI: Cannot build certificate chain for cert with subject name <name_str>

PKI: Cannot load CRL for cert with subject name <name_str>

PKI: Cannot load item from flash. Reason: { erroneous input | insufficient memory | cannot read file | cannot decode | lost in RAM | reason unknown } , type: { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER PKI OBJECT}, DN: <name_str>

PKI: Loaded a flash file with PKI data in an earlier format (version 0).

PKI: Saved PKI objects to flash.

PKI: PKI storage file is empty.

PKI item in flash is incorrect. Type (CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER PKI OBJECT), length (<number>).

PKI: No response for status inquiry for cert with subject name <name_str>

PKI: LDAP bind operation timed out for cert with subject name <name_str>

PKI: LDAP operation timed out for cert with subject name <name_str>

PKI: Cannot connect to LDAP server { <ip_addr> | <dom_name> }:<port_num> through <interface>

PKI: LDAP cannot search for DN (<name_str>) using filter (<string>)

PKI: LDAP modify { add | delete } is not supported.

PKI: Cannot contact HTTP server at URL <url_str>

PKI: Received bad LDAP response for cert with subject name <name_str>

PKI: Cannot save CA config (CA cert subject name <name_str>)

PKI: Cannot store config for CA with cert subject name <name_str>

PKI: Saved CA config (CA cert subject name <name_str>)

PKI: Cannot save CA configuration (CA cert subject name <string>)

PKI: A configurable item `DN's { Name | phone | e-mail | country | state | county/locality | organization | unit/department | IP address | e-mail to }' field has changed from { `<string1>' to none | none to `<string2>' | `<string1>' to `<string2>' }.

PKI: A configurable item (raw CN setting) field has changed from { (enabled) to (disabled) | (disabled) to (enabled) }.

PKI: A configurable item (default certificate validation level) field has changed from { (full) to (partial) | (partial) to (full) }.

PKI: A configurable item (certificate FQDN) field has changed from (<string1>) to (<string2>).

PKI: A configurable item (default LDAP server name) field has changed from { (<ip_addr1>) to (<ip_addr2>) | (<dom_name1>) to (<dom_name2>) }.

PKI: A configurable item (default LDAP server CRL URL) field has changed from (<string1>) to (<string2>).

PKI: A configurable item (e-mail address to send certificate request) field has changed from (<number1>) to (<number2>).

PKI: A configurable item (default CRL Refresh Frequency) field has changed from (<number1>) to (<number2>).

PKI: A configurable item (SCEP's { CA | RA } CGI URL) field has changed from (<string1>) to (<string2>).

PKI: A configurable item (SCEP's { CA IDENT | challenge password }) field has changed from (<name_str1>) to (<name_str2>).

PKI: A configurable item (CRL's signature verification) field has changed from { (0) to (1) | (1) to (0) }.

PKI: A configurable item SCEP mode has changed { from (auto) to (manual) | from (manual) to (auto) }

PKI: { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER } has been deleted. (subject name <name_str>)

PKI: Cannot save the key-pair object for cert with subject name <name_str>

PKI: Cannot { locate | delete } the key-pair object for cert with subject name <name_str>

PKI: Incorrect fingerprint for CA cert with subject name <name_str>

Cannot save the { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER } with subject name <name_str>

PKI: Cannot load <filename> file.

PKI: Failed to obtain object ID (<hex_id_num>) (dec_id_num).

PKI: Saved { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER PKI OBJECT} with subject name <name_str>

PKI: Number of PKI objects exceeds storage maximum (<number>)

PKI: Cannot compose HTTP packet to send to URL <url_str>

PKI: Cannot sync data to NSRP peer. (command <id_num>)

PKI: Cannot sync { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER PKI OBJECT} to NSRP peer. (command <id_num>)

PKI: Received CA cert with bad fingerprint (CA cert subject name <name_str>)

PKI: Cannot wrap SCEP request. Error: <string>, for cert request with subject name <name_str>

PKI: Cannot generate SCEP data. Cmd: <id_num>, error: { input | no memory | encode cert req | encode issuer-subject | reason unknown }, for cert request with subject name <name_str>

PKI: Cannot extract SCEP SUCCESS response. Error: { input | no memory | no selfsign CA | bad inner p7 | bad outer p7 [ data ] | dec outer p7 data | bad content | reason unknown }, for cert request with subject name <name_str>

PKI: Received a SCEP FAILURE message for cert request with subject name <name_str>

PKI: Cannot initiate SCEP request with subject name <name_str>

PKI: Cannot locate key pair with ID <id_num> for SCEP.

PKI: Completed SCEP cert request.

PKI: SCEP error: { bad subject dn | no cert | rm old cer | rm old key | private key | nsrp sync | reason unknown }, for cert with subject name <name_str>

PKI: Renewing cert through SCEP (subject name <name_str>)

PKI: Cannot verify cert for ScreenOS image authentication.

PKI: Successfully loaded image signer's public key. 

PKI: Cannot generate PKCS #10 file for certificate request.

PKI: Cannot send PKCS #10 cert request to e-mail address <e-mail_addr>.

PKI: Adjusted key pair length from 0 to 1024 bits.

PKI: Cannot generate { RSA | DSA } key pair with subject name <name_str>

PKI: Cannot generate cert request. Reason: <string> (subject name <name_str>)

PKI: NSRP cold start sync for <number> items.

PKI: NSRP cold start sync. Received item <number1> out of order, expecting <number2> of <total_number>.

PKI: NSRP cold start sync. Received item <number> before first item.

PKI: NSRP cold start sync session interrupted by normal sync item.

PKI: NSRP cold start sync session cannot locate item <id_num>

PKI: NSRP cold start sync attempt <number> failed.

PKI: NSRP cold start sync failed.

PKI: Completed NSRP cold start sync after <number> attempts.

PKI: request NSRP cold start sync at <number> seconds.

PKI: Cannot locate config for CA with ID <id_num>

PKI: Updated config for CA with ID <id_num> from a global CA config.

PKI: Cannot retrieve the { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER PKI OBJECT} for cert with subject name <name_str>

PKI: PKI objects exceeded maximum capacity (<number>).

PKI: CRL is too big (<number>) to save to flash. Max: <number>, CA: <name_str>

PKI: Cannot decode CRL data.

PKI: CRL is too big (<number>) to load. Max: <number>, CA: <name_str>

PKI: CRL cannot be saved to flash, issuer (<name_str>)

PKI: Cannot save new item to flash. Max: (<number1>), item: (<number1>).

PKI: System auto generated a self-signed cert.

PKI: Auto-generated self-signed cert was deleted.

PKI: Cannot auto generate a self-signed cert.

PKI: Cert requested already exists for subject name <name_str>

PKI: Cannot access OCSP server to get revocation status for cert with subject name <name_str>

PKI: Cannot verify signature on OCSP response for cert with subject name <name_str>

PKI: OCSP response was inconclusive for cert with subject name <name_str>

PKI: Cannot verify OCSP responder cert with subject name <name_str>

PKI: Cannot send HTTP packet through socket to URL <url_str>

PKI: Cannot create a socket to URL <url_str>

PKI: CRL server closed LDAP socket when verifying cert with subject name <name_str>

PKI: <string> has been deleted. (subject name <name_str>)


Policy
Notification

Policy (<id_num>, <zone1> -> <zone2>, <src_addr> -> <dst_addr>, <svc_name>, <policy_nat><action>) was added <name_str>.

Policy (<id_num>, global, <src_addr> -> <dst_addr>, <svc_name>, <action>) was added <name_str>.

Policy (<id_num>, <zone1> -> <zone2>,<src_addr> -> <dst_addr>, <svc_name>, <action>) was deleted <name_str>.

Policy (<id_num>, <zone1> -> <zone2>,<src_addr> -> <dst_addr>, <svc_name>, <action>) was modified <name_str>.

Policy (<id_num>, <zone1> -> <zone2>,<src_addr> -> <dst_addr>, <svc_name>, <action>) was {enabled | disabled} <name_str>.

Default policy of the device has been changed to {permit | deny} <name_str>.

Policy <src_pol_id> has been moved before <dst_pol_id><name_str>.

Policy <src_pol_id> has been moved after <dst_pol_id><name_str>.

<cell_name><cell_obj_name> was {added | deleted} policy ID <id_num><name_str>.

In policy <id_num>, the DI attack component was modified <name_str>.

In policy <id_num>, the application was modified to <application_name><name_str>.

In policy <id_num>, the attack severity was modified <name_str>.


PPP
Alert

No IP pool has been assigned. You cannot allocate an IP address.

Cannot allocate IP address from pool <name_str> for user <user_name>.

Notification

IP address pool <name_str> with range <ip_addr1> - <ip_addr2> was created <name_str>.

IP address pool <name_str> was removed <name_str>.

Range <ip_addr1> - <ip_addr2> was added to IP pool <name_str1> <name_str2>.

Range <ip_addr1> - <ip_addr2> was removed from IP pool <name_str1> <name_str2>.

PPP control packet queue on <interface> takes on {too many | normal number} packets.

PPP on <interface> detects loopback.

PPP profile <profile_name> is {created | deleted}.

PPP profile <profile_name> changes authentication type to c{hap | pap | chap pap | any | none}.

PPP profile <profile_name> changes local-name to "<string>".

PPP profile <profile_name> changes secret to "<string>"

PPP profile <profile_name> {enable | disable} passive mode CHAP.

PPP profile <profile_name> sets [not] to use static IP.

PPP profile <profile_name> sets netmask <ip_addr>.

PPP {set | unset} encapsulation {ppp | mlppp} for interface <interface>.

PPP {bind | unbind} profile <profile_name> for interface <interface>.

PPP {enable | disable} short sequence number for interface <interface>.

PPP set MRRU <number> for interface <interface>.

PPP {add | delete} interface <interface> {into | from} bundle <interface>.

PPP protocol on interface <interface> is {up | down}, local IP: <ip_addr1>, peer IP: <ip_addr2>.

PPP updates interface <interface>'s L3 MTU to <number>.

PPP updates interface <interface>'s IP to <ip_addr>.

PPP on <interface> resets LCP for <reason>.

PPP member <interface>joins bundle <interface> successfully.

PPP member <interface> fails to join bundle <interface> for <reason>.

PPP bundle <interface> is {up | down} and then brings {up | down} bundle NCP.

PPP LCP on interface <interface> is {up | down}.

PPP authentication state on interface <interface>: <state>.

PPP on interface <interface> is terminated by missing too many echo replies.

PPP on interface <interface> is terminated by receiving Terminate-Request.

PPP on interface <interface> finds possible loopback.


PPPoA
Notification

PPPoA is enabled on <interface> interface.

PPPoA is disabled on <interface> interface.

PPPoA <name> started negotiation.

PPPoA <name> connected successfully.

PPPoA <name> connection attempt failed <reason>.

PPPoA <name> idle timeout.

PPPoA <name> shutdown.

PPPoA <name> failed to modify the IP for the interface.

PPPoA <name> failed to negotiate IP for the interface.

PPPoA <name> failed to modify the gateway for the interface.


PPPoE
Notification

PPPoE is enabled on <interface> interface.

PPPoE is disabled on <interface> interface.

Point-to-Point Protocol over Ethernet (PPPoE) settings changed.

Point-to-Point Protocol over Ethernet (PPPoE) connection failed to establish a session. Timeout <reason>.

PPPoE session shut down, PPPoE disabled.

PPPoE session started negotiations.

Point-to-Point Protocol over Ethernet (PPPoE) connection failed to establish a session. <string> received.

PPPoE session shut down. Idle timeout.

PPPoE session shuts down for <pppoe_instance_name> instance due to system reset.

PPPoE session shut down by user.

Failed to set PPPoE interface IP address.

Point-to-Point Protocol over Ethernet (PPPoE) connection failed to establish a session. No IP address assigned.

Failed to set PPPoE interface gateway.

PPPoE session was successfully established.

PPPoE session termination or failure during: <reason>

PPPoE session closed by AC.

AC <url_str> is advertising URL <url_str>.

Message from AC <name_str>: <message>.

Point-to-Point Protocol over Ethernet (PPPoE) connection failed to establish a session. No IPv6 address assigned.

Failed to set PPPoE IPv6 interface gateway.


RIP
Critical

Virtual router <vrouter_name> that received an update packet flood from neighbor <neighbor_ip_address> on interface <interface_name> dropped a packet.

System wide RIP route limit exceeded, RIP route dropped.

<number> RIP routes dropped from last system wide RIP route limit exceed.

RIP database size limit exceeded for <vrouter>, RIP route dropped.

<number> RIP routes dropped, RIP database size exceeded in vr <vrouter>.

Notification

RIP instance in virtual router <vrouter_name> was {created | removed}.

{set | unset} vrouter <vrouter_name> protocol RIP received configuration command <command>

{set | unset} virtual router <vrouter_name> with the configuration command <command>

<command>

Information

RIP neighbor <neighbor_ip_address> in virtual router <vrouter_name> added

RIP neighbor <neighbor_ip_address> in virtual router <vrouter_name> removed


Route
Critical

A new route cannot be added to the device because the maximum number of system route entries (<maximum_route_number>) has been exceeded

An error occurred on virtual router <vrouter> while removing route <route_address>/<subnetwork_mask> from virtual router route table.

A route <route_address>/<subnetwork_mask> cannot be added to the virtual router "<vrouter>" because the number of route entries in the virtual router exceeds the maximum number of routes (<number>) allowed

Error occurred while adding route <route_address>/<subnetwork_mask> to virtual router <vrouter_name> route table because the db_insert function failed.

Error occurred while adding route <route_address>/<subnetwork_mask> to virtual router <vrouter_name> route table because the prefix add function failed.

Notification

Route(s) in virtual router "<vrouter>" with an IP address <ip_address>/<subnetwork_mask> and gateway <gateway_address> has been deleted

Route in virtual router "<vrouter>" that has IP address <ip_address>/<subnetwork_mask> through interface <interface> and gateway <gateway_address> with metric <metric> created.

Route in virtual router "<vrouter_name>" with IP address <ip_address>/<subnetwork_mask> and next-hop as virtual router "<vrouter_name>" created.

Source route(s) in virtual router <vrouter> with route addresses of <route_address>/<subnetwork_mask> and a default gateway address of <gateway_address> removed.

Source route(s) in virtual router <vrouter> with route addresses of <route_address>/<subnetwork_mask> through interface <interface> and a default gateway address <address> with metric <metric> created.

SIBR route(s) in virtual router "<vrouter>" for interface <interface> with an IP address <ip_addr>/<subnetwork_mask> and gateway <ip_addr> removed.

SIBR route in virtual router "<vrouter>" for interface <interface> that has IP address <ip_addr>/<subnetwork_mask> through interface <interface> and gateway <gateway_ip_addr> with metric <route_metric> created.

Source route in virtual router "<vrouter>" with an IPaddress <ip_addr>/<subnet_mask> and next-hop as virtual router "<vrouter>" created.

An SIBR route in virtual router "<vrouter>" with an IP address <ip_addr>/<subnet_mask>and next-hop as virtual router "<vrouter>" created.

Route entry with sequence number <sequence_number> in route map <route_map_name>, virtual router <vrouter_name> was removed. 

Route map <route_map_name> in virtual router <vrouter_name> was removed.

Route map entry with sequence number <number> in route map <name_str> in virtual router <vrouter> was created.

An { import | export } rule applied to a connection between virtual router <virtual_router1> and virtual router <virtual_router2> with IP prefix <prefix/subnetwork_mask> was { created | deleted }

An { import | export } rule in virtual router <vrouter> to virtual router <vrouter> with route map <route_map> and protocol <protocol> was { created | deleted }

Access list entry <access_list_id> with a sequence number <sequence_number> that {permits | denies} IP address <IP_address>/<subnetwork_mask> was removed from virtual router <vrouter>

Access list entry <access_list_name> was {added to | removed from} from virtual router <vrouter_name>

Access list entry <access_list_id> with sequence number <sequence_number> with an action of { permit | deny } with an IP address and subnetwork mask of <ip_address>/<subnetwork_mask> was created on virtual router <virtual_router>


SCCP
Alert

The device cannot initialize memory for SCCP.

The device cannot delete SCCP ALG Port.

The device cannot unregister SCCP ALG handler.

The device cannot register the Network Address Translation vector for the SCCP ALG request.

The device cannot register SCCP port.

The device cannot register the SCCP ALG request to RM.

The device does not have the SCCP ALG client id with RM.

The device failed in unregistering SCCP client with RM.

The device failed in handling SCCP call since number of calls exceeded the system limit.

SCCP call <IP address> dropped due to out-bound call rate exceed from that client.

The device failed in registering SCCP client with VSIP.

SCCP ALG maximum call environment value <value> invalid, maximum call number set to <value>.

SCCP ALG enabled on the device.

SCCP ALG disabled on the device.

SCCP ALG protection against call flood is enabled.

SCCP ALG protection against call flood is disabled.

SCCP ALG call flood rate threshold set to <value> calls per minute.

SCCP ALG call flood rate threshold set to default of <value> per minute.

SCCP ALG will not drop the unknown messages in NAT mode.

SCCP ALG will drop the unknown messages in NAT mode.

SCCP ALG will not drop the unknown messages in route mode.

SCCP ALG will drop the unknown messages in route mode.

SCCP ALG inactive media timeout configured to default <value> seconds.

SCCP ALG inactive media timeout configured to <value> seconds.

SCCP ALG registered line break to <type>.

The device cannot allocate sufficient memory for the SCCP ALG request.


Schedule
Notification

Schedule <name_str> { added | modified | deleted } <name_str>.


Service
Notification

Service <serv_name> {added | modified | deleted} <name_str>.

Service group <grp_name> {added | deleted | modified} <name_str>.

Service group <grp_name> {added member | deleted member} <member_name><name_str>.

NSM {primary | secondary} host has been set to {<hostname> | <ip_addr>}.

NSM {primary | secondary} host has been disabled.

NSM has been {disabled | enabled}.

User-defined service <service> has been {added to | removed from} NSM protocol distribution.

Reporting of protocol distribution table to NSM has been {enabled | disabled}.

Reporting of ethernet statistics table to NSM has been {enabled | disabled}.

Reporting of attack statistics table to NSM has been {enabled | disabled}.

Reporting of flow statistics table to NSM has been disabled.

Reporting of policy table to NSM has been {enabled | disabled}.

Reporting of traffic alarms to NSM has been {enabled | disabled}.

Reporting of attack alarms to NSM has been {enabled | disabled}.

Reporting of miscellaneous alarms to NSM has been {enabled | disabled}.

Reporting of configuration logs to NSM has been {enabled | disabled}.

Reporting of information logs to NSM has been {enabled | disabled}.

Reporting of self management logs to NSM has been {enabled | disabled}.

Reporting of traffic logs to NSM has been {enabled | disabled}.

Reporting of deep inspection alarms to NSM has been {enabled | disabled}

NSM Device ID was {unset | set to <ID>}.

NSM one-time-password was {set | unset}.

NSM installer name (<filename>) and password were set.

NSM installer name and password were unset.

NSM {primary | secondary} server with name <hostname> was set: addr <ip_addr>, port <port_number><interface>

NSM {primary | secondary} server with name <hostname> was unset.

NSM keys were deleted.

Information

NSM: Connection to NSM server at {<ip_addr> | <hostname>} is down. Reason: <cause_id>, <desc>

NSM: Connected to NSM server at <ip_addr> (<tries> connect attempt(s))

NSM: Cannot connect to NSM server at {<ip_addr> | <hostname>}. Reason: <cause_id>, <desc> (<tries> connect attempt(s))

NSM: Sent {1B | 2B} message

NSM request may fail due to low memory (malloc failed) 


SIP
Notification

An administrator set the media inactivity timeout value to its default value of <seconds> seconds.

An administrator set the SIP invite time-out value to its default value of <seconds> seconds.

An administrator set the SIP trying time-out value to its default value of <seconds> seconds.

An administrator set the SIP ringing time-out value to its default value of <seconds> seconds.

An administrator set the SIP signaling inactivity time-out value to its default value of <seconds> seconds.

An administrator set the SIP media inactivity time-out value to <seconds> seconds.

An administrator set the SIP invite time-out value to <seconds> seconds.

An administrator set the SIP trying time-out value to <seconds> seconds.

An administrator set the SIP ringing time-out value to <seconds> seconds.

An administrator set the SIP signaling inactivity time-out value to <seconds> seconds.

An administrator disables SIP ALG.

An administrator enables SIP ALG.

An administrator sets SIP T1 interval to <value> msec.

An administrator sets SIP T4 interval to <value> seconds.

An administrator sets SIP C timeout to <value> minutes.

An administrator permits SIP unknown messges in route mode.

An administrator sets SIP unknown messages permission to default.

An administrator sets SIP unknown messges permission to default.

An administrator sets SIP unknown messges permission to default.

An administrator set SIP IP denial timeout to default.

An administrator unsets SIP IP denial protection.

An administrator sets SIP T1 interval to default value.

An administrator sets SIP T4 interval to default value.

An administrator sets SIP C timeout to default value.

An administrator unsets SIP IP denial protection for IP <IP address>.

An administrator sets SIP IP denial timeout to <value>.

An administrator enables SIP IP denial protection for all servers.

An administrator sets SIP IP denial protection for IP <IP address>.

The device cannot allocate sufficient memory for the SIP ALG request.

The device cannot register the Network Address Translation vector for the SIP ALG request.

The device cannot register the SIP ALG request to RM.

SIP parser error <error_name>.

NetScreen devices do not support multiple IP addresses <ip_addresses> or ports <port_numbers> in SIP headers <header_field>.

NetScreen devices do not support multicast IP addresses <ip_addresses> in SIP <sip_values>.

Too many call segments.

Transaction data is too long.

SIP structure corrupted.

Too many call segments for response.

Transaction data too long for response.

Cannot allocate SIP call because device fielding too many calls.

SIP call information data is too long.

SIP ALG is unregistered by RM.

The device cannot register SIP ALG port.

The device failed to remove the NAT vector.

The device cannot remove SIP ALG port.

The device cannot initialize memory pool.

The device cannot initialize SIP endpoint.

The device cannot initialize SIP endpoint listener.


SNMP
Notification

SNMP listen port has been changed from <port_num1> to <port_num2>. 

SNMP system location has been changed to <loc_str>.

SNMP system contact has been changed to <name_str>.

SNMP system name has been changed to <name_str>.

Information

SNMP request from <ip_addr1>:<port_num> has been received, but the SNMP version type is incorrect.

SNMP request from an unknown SNMP community <name_str> at <ip_addr1>:<port_num1> has been received.

SNMP request has been received from an unknown host in SNMP community <name_str> at <ip_addr1>:<port_num1>.

SNMP request has been received from host <ip_addr1>:<port_num1> without read privileges.

SNMP request has been received from host <ip_addr1>:<port_num1> with read-only privileges.

SNMP response to the SNMP request from <ip_addr1>:<port_num1> has failed due to a coding error.

SNMP: NetScreen device has responded successfully to the SNMP request from <ip_addr>:<port_num>.


SSHv1
Critical

SSH: Security device failed to generate a PKA RSA challenge for SSH user <name_str> at <ip_addr> (Key ID <key_num>).

SSH: FIPS self test failed.

SSH: Unable to perform FIPS self test.

Error 

SSH: Security device failed to identify itself to the SSH client at <ip_addr>.

SSH: Maximum number of SSH sessions (<number>) exceeded. Connect request from SSH user <name_str> at <ip_addr> denied.

SSH: Incompatible SSH version string has been received from SSH client at <ip_addr>.

SSH: Unable to validate cookie from the SSH client at <ip_addr>.

SSH: Failed to send identification string to client host at <ip_addr>.

Warning

SSH: Unsupported cipher type `<name_str>' requested from <ip_addr>.

SSH: Host client has requested NO cipher from <name_str>.

SSH: Disabled for <name_str>. Attempted connection failed from <ip_addr>:<port_num>.

SSH: SSH user <name_str> at <ip_addr> tried unsuccessfully to log in to <vsys> using the shared untrusted interface. SSH disabled on that interface.

SSH: SSH client at <remote_ip_addr> tried unsuccessfully to establish an SSH connection to interface <interface> with IP <local_ip_addr> SSH disabled on that interface.

SSH: SSH client at <remote_ip_addr> tried unsuccessfully to make an SSH connection to interface <interface> with IP <local_ip_addr> SSH not enabled on that interface.

SSH: SSH client <ip_addr> unsuccessfully attempted to make an SSH connection to <vsys> SSH was not completely initialized for that system.

Information

SSH: SSH enabled for <vsys>.

SSH: SSH disabled for <vsys>.

SSH: Key regeneration interval has been changed from <number1> to <number2>.

SSH: SSH user <name_str> has been authenticated using password from <ip_addr>.

SSH: SSH user <name_str> at <ip_addr> has requested password authentication, which is not enabled for that user.

SSH: SSH user <name_str> at <ip_addr> has requested PKA RSA authentication which is not supported for that user.

SSH: SSH has been enabled for <vsys> with <number1> existing PKA key(s) bound to <number2> SSH user(s).

SSH: SSH has been disabled for <vsys> with <number1> existing PKA key(s) bound to <number2> SSH user(s).

SSH: Connection has been terminated for admin user <name_str> at <ip_addr>.

SSH: SSH user <name_str> has been authenticated using PKA RSA from <ip_addr> (Key ID <id_num>).


SSHv2
Critical

SSH: Failed to retrieve PKA key bound to SSH user <user_name> (Key ID <id_num>).

SSH: Error processing packet from host <ip_addr> (Code <id_num>).

SCP: Admin user '<user_name>' attempted to transfer file {to | from} the device with insufficient privilege.

Error 

SSH: Device failed to send initialization string to client at <ip_addr>

SSH: Failed to unbind PKA key from admin user '<user_name>' (Key ID <id_num>).

SSH: Attempt to bind duplicate PKA key to admin user '<user_name>' (Key ID <id_num>).

SSH: Maximum number of PKA keys (<number>) has been bound to user '<user_name>' Key not bound. (Key ID <id_num>).

SSH: Failed to bind PKA key from admin user '<user_name>' (Key ID <id_num>).

SSH: Client at <ip_addr> attempted to connect with invalid version string.

SSH: Failed to negotiate encryption algorithm with host <ip_addr>.

SSH: Failed to negotiate MAC algorithm with host <ip_addr>.

SSH: Failed to negotiate key exchange algorithm with host <ip_addr>.

SSH: Failed to negotiate host key algorithm with host <ip_addr>.

Warning

SSH: Disabled for '<vsys>'. Attempted connection failed from <ip_addr>:<port_num>.

SSH: Password authentication failed for admin user '<user_name>' at host <ip_addr>.

SSH: PKA authentication failed for admin user '<user_name>' at host <ip_addr>.

SSH: Password authentication successful for admin user '<user_name>' at host <ip_addr>.

SSH: PKA authentication successful for admin user '<user_name>' at host <ip_addr>.

SSH: Admin user <user_name> at host <ip_addr> requested unsupported authentication method <string>

SSH: Admin user '<user_name>' at host <ip_addr> requested unsupported PKA algorithm <string>

SSH: Admin '<user_name>' at host <ip_addr> attempted to be authenticated with no authentication methods enabled.

SCP: Admin '<user_name>' at host <ip_addr> executed invalid scp command: '<string>'.

SCP: Disabled for '<user_name>'. Attempted file transfer failed from host <ip_addr>.

SCP: Admin user '<usr_name>' requested unknown file '<filename>'.

Notification

SCP: Admin user '<user_name>' transferred file '<filename>' to device from host <ip_addr>

SCP: Admin user '<user_name>' transferred file '<filename>' from device to host <host_name>.

Information

SSH: SSH enabled for <vsys>.

SSH: SSH disabled for <vsys>.

SSH: Host key deleted for <vsys>.

SSH: PKA key has been unbound from admin user <user_name> (Key ID <id_num>).

SSH: PKA key has been bound to admin user <user_name> (Key ID <id_num>).

SSH: Upgrade performed (to version <version_num>).

SSH: SCP enabled for <vsys>.

SSH: SCP disabled for <vsys>.


SSL
Warning

Admin user <username> logged in for Web(<protocol>) management (port <port>) from <ipv6>:<ip_addr>: <source_port>

Admin user <username> login attempt for Web(<protocol>) management (port <port_number>) from <ipv6>:<ip_addr>: <source_port> failed.

Admin user <username> logged out for Web(<protocol>) management (port <port_number>) from <ipv6>:<ip_addr>: <source_port>

Admin user <username> login attempt for Web(<protocol>) management (port <port_number>) from <ipv6>:<ip_addr>: <source_port> failed due to an incorrect client ID.

Notification

<name_str> SSL Certificate Authority changed to none <string>.

<name_str> SSL CA changed to none <string>.

<name_str> SSL cipher name changed from <cipher_name1> to <cipher_name2> <change_string>.

<name_str1> SSL certificate changed to <name_str2>.

<name_str> SSL Certificate Authority name IS changed to <name_str2>.

Information

Web SSL port changed from <port_num1> to <port_num2>.

Web SSL has been {enabled | disabled}.

No context exists for the SSL connection. The device is not ready for an SSL connection.

Firewall-only system does not allow "<ssl_connection_name>" SSL cipher type <ssl_cipher_type>.

The subject field of the SSL certificate reports a mismatch with subject name (<subject_name> received while expecting subject name <subject_name>).

User <username> clicked Get Tech on WebUI

User <username> clicked Get Tech on WebUI, but response may not complete due to resource problem


Syslog and WebTrends
Syslog

Warning

Syslog cannot connect to the TCP server <serv_name>; the connection is closed.

Notification

Syslog has been { enabled | disabled }.

Syslog VPN encryption has been { enabled | disabled }.

Syslog server <serv_name> was { added | removed }.

All syslog servers were removed.

Syslog { facility | security facility } for {<ip_addr> | <name_str>} has been changed to { local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | auth/sec }

Syslog server <serv_name> host port number has been changed to <port_num>

Traffic logging for syslog server <serv_name> has been { enabled | disabled }.

Event logging for syslog server <serv_name> has been { enabled | disabled }.

Syslog server <serv_name1> hostname has been changed to <serv_name2>.

Socket cannot be assigned for syslog.

All syslog message levels have been cleared.

Syslog source interface has been changed to <interface>

Syslog source interface was removed.

Transport protocol for syslog server <serv_name> was changed to { tcp | udp }


WebTrends
Notification

Attempt to enable WebTrends has failed because WebTrends settings have not yet been configured.

WebTrends has been { enabled | disabled }

WebTrends VPN encryption has been { enabled | disabled }

Socket cannot be assigned for WebTrends

WebTrends host { domain name | port number } has been changed to { <dom_name> | <port_num> }


System Authentication
Notification

[1X] 802.1X session run out of memory.

[1X] 802.1X interface <interface> link status changed to down.

[1X] 802.1X interface <interface> link status changed to up.

[1X] host <name> started authentication on interface <interface> with 802.1X session id <id>.

[1X] host <name> passed authentication on interface <interface> with 802.1X session id <id>.

[1X] host <name> failed authentication on interface <interface> with 802.1X session id <id>.

[1X] host <name> started re-authentication on interface <interface> with 802.1X session id <id>.

[1X] host <name> logged off interface <interface> with 802.1X session id <id>.


System
Critical

New config includes invalid settings. System rolled back to LKG config.

<reset_log_string>

Session utilization has reached <number>, which is <percent> of the system capacity!

Session utilization has dropped below <number>, which is <percent> of the system capacity!

Session limit alarm has been set for vsys < vsys name >(current <current sessions>, alarm threshold <alarm sessions>)

Session limit alarm has been cleared for vsys <vsys name> (current <current sessions>, dropped packets <number>)

Cannot create DI pool with a size of <number> bytes.

Cannot allocate <number> bytes of memory.

Error 

Can only do set alg _all as unset alg _all command has issued.

Notification

Session threshold has been changed to percentage <percent>

Hostname set to "<hostname>"

Domain set to <domain_name>

An optional ScreenOS feature has been activated via a software key.

System clock configurations have been changed by admin <name_str>

System clock was changed manually from <previous value>.

System up time is shifted by <number> seconds.

System configuration has been erased.

Register device succeeded and warranty key is installed

Retrieve firmware list failed

Retrieve firmware list succeeded: <number> firmware

Session utilization has reached <number>, which is <percent> of the system capacity.

The user limit has been exceeded and <ip_addr> cannot be added.

Invalid config size (<number>)

Trial keys are available to download to enable advanced features. To find out, please visit <url_str>.

System is operational.

System was reset at <date><time>

Unsupported command <command>

Administrator <administrator_name> issued command <command> to redirect output.

Session (<id_num> <protocol>, <string>) cleared

Information

Environment variable <variable_name> changed to <string>

Environment variable <variable_name> unset.

Environment variable <variable_name> set to <variable_name>

System configuration saved <string> by <name_str>

All system configurations saved to <string> by <usr_name>

Save configuration to IP address <ip_address> under filename <filename> by administrator <administrator_name>

The system configuration was loaded from <ip_address> under the filename <filename> to slot <filename> by administrator <administrator_name>

The system configuration was loaded from IP address <ip_address> under filename <filename> by administrator <administrator_name>

The system configuration was loaded from slot <filename>

The system configuration was loaded from flash memory to slot <filename> by administrator <name_str>

The system configuration was not saved <string> by administrator <name_str>. It was locked by administrator <name_str>

Send new software to IP address <ip_addr> under filename <filename> by administrator <name_str>

Send new software from IP address <ip_addr> under filename <filename> to slot <filename> by administrator <name_str>

Save new software from <ip_addr> under filename <filename> to flash memory by admin <name_str>

Save new software from slot filename <filename> to flash memory by administrator <administrator_name>

Send new software from flash memory to slot filename <filename> by administrator <name_str>

The system configuration was loaded from usb <USB filename> by administrator <string>.

The system configuration was loaded from flash memory to <USB filename> by administrator <string>.

Save new software from usb filename <filename> to flash memory by administrator <string>.

Send new software from flash memory to usb filename <filename> by administrator <admin>.

Send new software from flash memory to usb filename <filename> by administrator <admin>.

The system configuration was loaded from <ip addr> under the filename <filename> to usb <USB filename> by administrator <admin>

Send new software from IP address <ip addr> under filename <filename> to usb <USB filename>by administrator <admin.

Send new image from ip address <ip_addr> under the filename <filename> to usb <filename> by administrator <string>.

Save file <filename> from flash to usb <filename> by administrator <string>.

Load file from usb<filename> to flash <filename> by administrator <string>.

Lock configuration started by task <task_name>, with a timeout value of <minutes> minutes.

Lock configuration aborted explicitly by task <task_name>

Lock configuration aborted because <minutes> minutes timeout was exceeded.

Lock configuration ended by task <task_name>

Invalid configuration size <config size limit>.

New GMT zone ahead or behind by <number> seconds.

Daylight Saving Time { has started | ended ).

Timer reset from NSRP Peer by admin <usr_str>


Traffic Shaping

Notification

Traffic shaping is turned { on | off | auto }

Traffic shaping clearing DSCP selector is turned { on | off } 


User
Notification

The user <usr_str><action><name_str>.

The user group <grp_name><action><name_str>.


VIP
Critical 

VIP server <ip_addr> cannot be contacted.

Utilization of DIP pool <id_num> in vsys <vsys> hits raise threshold <number>.

Utilization of DIP pool <id_num> in vsys <vsys> hits clear threshold <number>.

Notification 

DIP IP pool %d was removed from DIP group %d %s

VIP multi-port was { enabled | disabled }

VIP (<ip_addr>:<port_num1> <svc_num> <port_num2>) has been { added | modified | deleted }

VIP server <ip_addr> is now alive.

VIP server <ip_addr> is now in manual mode.

Tunnel zone <zone1> was bound to out zone <zone2>

Intra-zone block for zone <zone> was set to { on | off }

Zone <zone> was changed to { shared | non-shared }.

IP/TCP reassembly for ALG was { enabled | disabled } on zone <zone>

Asymmetric vpn was{ enabled | disabled } on zone <zone> 


Virtual Router
Notification

A <virtual_router_type> virtual router using name <vrouter> and id <id_num> has been created

A virtual router with name "<vrouter>" and ID <id_num> has been removed

The auto-route-export feature in virtual router "<vrouter>" has been { enabled | disabled }

The maximum number of routes that can be created in virtual router "<vrouter>" is <number>

The router-id that can be used by OSPF, BGP routing instances in virtual router "<vrouter>" has been set to <id_num>

The routing preference for protocol <name_str> in virtual router "<vrouter>" has been set to <number>

The virtual router "<vrouter>" has been made default virtual router for virtual system (<vsys_name>)

The virtual router "<vrouter>" has been made { sharable | unsharable }

The system default-route through virtual router "<vrouter1>" has been added in virtual router "<vrouter2>"

The maximum routes limit in virtual router <vrouter> has been removed.

The router-id of virtual router "<vrouter>" used by OSPF, BGP routing instances id has been uninitialized.

The routing preference for protocol <name_str> in virtual router "<vrouter>" has been reset.

The system default-route in virtual router (<vrouter>) has been removed.

Source-based routing enabled in virtual router <vrouter>

Source-based routing disabled in virtual router (<vrouter>)

SNMP trap made private in virtual router <vrouter>

SNMP trap made public in virtual router <vrouter>

Fast route lookup was { enabled | disabled } in virtual router <vrouter>

Routes defined on inactive interfaces { will | will not } be exported into other virtual routers, protocols in virtual router (<vrouter>)

The subnetwork conflict checking feature for interfaces in virtual router <vrouter> was removed.

Subnetwork conflict checking for interfaces in virtual router (<vrouter>) has been enabled.

Route-lookup preference changed to <route_lookup_method_name> (<preference_value>) => <route_lookup_method_name> (<preference_value>) => <route_lookup_method_name> (<preference_value>) in virtual router (<vrouter>).

SIBR routing { disabled |enabled } in virtual router <vrouter>


VPNs
Critical

VPN <name_str> [ for <usr_name> ] from <ip_addr> is up.

VPN <name_str> [ for <usr_name> ] from <ip_addr> is down.

Notification

VPN <name_str> has been bound to tunnel { interface <interface> | zone <zone> }.

VPN <name_str> has been unbound from tunnel zone <zone>.

VPN monitoring interval has been unset.

VPN monitoring threshold has been unset.

VPN monitoring interval has been set to <number> seconds.

VPN monitoring threshold has been set to <number>.

VPN monitoring for VPN <name_str> has been enabled (src int <interface>, dst IP <ip_addr>, rekeying { enabled | disabled }, scalability optimization { enabled | disabled }).

VPN monitoring for VPN <name_str> has been disabled.

IPSec NAT-T for VPN <name_str> has been { enabled | disabled }.

The DF-BIT for VPN <name_str> has been set to { clear | set | copy }.

VPN <name_str> with gateway <name_str2> and P2 proposal <name> has been { added | modified | deleted }

VPN <name_str> with gateway <ip_addr> and SPI <hex_num1>/<hex_num2> has been { added | modified | deleted }

Information

A Manual Key VPN tunnel using AES encryption is not allowed for 

SSH.

IKE <ip_addr>: IP address of local int has been changed to 0.0.0.0, and VPNs cannot terminate at it.

IKE <ip_addr>: IP address of local int has been changed from 0.0.0.0 to <ip_addr>.

IKE <ip_addr>: Policy ID <id_num> failed over from SA <id_num1> to SA <id_num2>.

IKE <ip_addr>: VPN ID number cannot be assigned.

VPN monitoring for VPN <name_str> has deactivated the SA with ID <number>.

Phase 2 SA for tunnel ID <id_num> has been idle too long. Deactivated P2 SA and sent a Delete msg to peer.


Vsys
Notification

Vsys with profile<name_str> has been { created | removed } by < name_str >.

Vsys <vsys_name> profile has been changed from <old_vys_profile_name> to <new_vsys_profile_name>.

Vsys profile <profile> created with default vsys limits.

Vsys profile <profile> limit <limit_name> has been set to {min | max} <limit_max_value> <limit_reserved_name> <limit_reserved_value>.

Vsys profile <profile_name> deleted.

Vsys <name_str> has been changed to <name_str> by configuration change <command>

ID for vsys <vsys_name > has been changed from < vsys_id_1 > to < vsys_id_2 > by configuration change <command>

NSRP VSD group ID for vsys <name_str> has been changed from <id_num1> to <id_num2> by configuration change <command>

IP classification has been { enabled | disabled } for zone <zone>

IP classification object { net <ip_addr1>/<mask> | range <ip_addr2>-<ip_addr3> } has been { added | deleted } for zone <zone>

IP classification mode has been changed to <mode>.

IP classification for not classified traffic has been changed to <policy>.

Vsys admin user <username> has logged on via the console.

Vsys admin user <username> has logged on via Telnet from remote IP address <ip_addr> using port <port>


Web Filtering
Alert

Communication error with { Websense | SurfControl } server { ip_addr }: SrvErr (error_code ), SockErr (error_code), Valid (string),Connected (string)

Error 

UF-MGR: Failed to process a request. Reason: <string>.

UF-MGR: Failed to abort a transaction. Reason: <string>.

UF-MGR: UF Key Expired (expiration date: <date>; current date: <date> ).

UF-MGR: Failed to { enable | disable } cache.

UF-MGR: Internal Error: <string>

Warning

UF-MGR: URL BLOCKED: ip_addr (%d) -> ip_addr (%d), <string> action: <string>, category: <string>, reason <string>

UF-MGR: URL FILTER ERR: ip_addr (%d) -> ip_addr (%d), host: <string> page: <string> code: <string> reason: <string>.

Notification

Web-filtering server name is changed to <name_str>.

Web-filtering server port is changed to <port_num>.

Web-filtering fail mode is changed to { fail-permit | fail-block }.

Web-filtering timeout is changed to <number>.

Web-filtering message is changed.

Web-filtering message type is changed to { Juniper | Websense | SurfControl }.

Web filtering socket count is changed to <number>.

Web filtering is { <enabled | disabled> } for vsys <vsys>

Web filtering source interface is changed to <interface>.

Web-filtering server account name is changed to < name_str >.

Web filtering received an error from { Websense | SurfControl } (error <id_num>).

Web filtering successfully connected { Websense | SurfControl } server (connections <number>).

Web filtering received an error from { Websense | SurfControl } (error <id_num>, flag < error_flag >, cmd < command >)

UF-MGR: Cache size is changed to <number>(K).

UF-MGR: Cache timeout is changed to <number> (hours).

UF-MGR: Category update interval is changed to <number> (weeks).

UF-MGR: Cache { enabled | disabled }.

UF-MGR: Primary CPA server changed to <serv_name>.

UF-MGR: <server name>CPA server host changed to <server name>.

UF-MGR: <server name> CPA server port changed to <port_num>.

UF-MGR: SurfControl web filtering { enabled | disabled }. 

UF-MGR: The url <url_str> was added to category <name>.

UF-MGR: The url <url_str> is removed from category <name>.

UF-MGR: The category <name> is { created | removed }.

UF-MGR: The profile <name> is { created | removed }.

UF-MGR: The category <name> is added into profile <name> with action <string>.

UF-MGR: The category <name> is set in profile <name> as the { black | white } list.

UF-MGR: The category <name> is removed from profile <name> with action <string>.

UF-MGR: The action for other in profile <name> is set to <string>.

UF-MGR: The action for <name> in profile <name> is changed to <string>.

UF-MGR: The profile <name> { white list | black list } is removed.

UF-MGR: The category list from the CPA server is updated on the device.


WLAN
Alert

Wireless AP re-initiated: <reason >.

Error 

Wireless AP re-activated with error: <CLI sequence > Error index: < index > Error code: < code >.

Notification

Wireless AP in <mode_string > mode.

Wireless CLI updated: < command_string >.

Wireless station event: < event_string >.

Wireless RADIUS event: < event_string >.


Zone
Notification

New zone <zone> (ID <id_num>) was created.

Zone <zone> (ID <id_num>) was deleted.

Zone <zone> was bound to virtual router <vrouter>

Zone <zone> was unbound from virtual router <vrouter>

Tunnel zone <zone1> was bound to out zone <zone2>

Intra-zone block for zone <zone> was set to { on | off }

Zone <zone> was changed to { shared | non-shared }.

IP/TCP reassembly for ALG was { enabled | disabled } on zone <zone>

Asymmetric vpn was { enabled | disabled } on zone <zone>