Professional Documents
Culture Documents
F Address Critical (00031) { arp req | arp reply }, detect IP conflict (<ip_addr>), mac <mac_addr> on inter face <interface>
Notification Level (00001) Address <mbr_name> for { ip address <ip_addr> | domain address <dom_name> } in z one <zone> has been { added | deleted | modified }
Address <name_str> for ip address <ip_addr> in zone <zone> has been { added | de leted | modified }
Admin Critical (00027) Device Reset (Asset Recovery) has been { performed | aborted }
Warning (00515) [ Vsys ] Admin User <name_str> has logged { on | out } via ( Telnet | SCS | cons ole }
Management session via { the console | Telnet from <ip_addr>:<port_num> | SCS fr om <ip_addr>:<port_num> } for [ vsys ] admin <name_str> timed out
Login attempt to system by admin <name_str> via { the console | Telnet from <ip_ addr>:<port_num> | SCS from <ip_addr>:<port_num> } has failed.
[ Vsys ] Admin User %s has logged out via (the console | Telnet from <ip_addr>:< port_num> | SCS from <ip_addr>:<port_num> }
The session limit threshold has been set to <number> on zone <zone>.
Admin user <name_str> login attempt for Web{ https | http } management (port <nu mber>) from <ip_addr>:<port_num> failed.
Admin user <name_str> attempt access to <name_str> illegal from Web{ https | htt p } management (port <number>) from <ip_addr>:<port_num>.
Warning (00541) ScreenOS <string> serial # <id_num>: Asset recovery has been aborted.
Management restriction for <ip_addr> subnet <mask> has been { added | removed }
Management restriction from all IPs and subnets has been removed
{ Root admin | Vsys admin } { password | name } has been changed by admin <name_ str>
Web Admin Authentication idle timeout value has been changed from <number1> to n umber2> minutes
Inclusion of traffic logs with e-mail notification of event alarms has been { en abled | disabled }.
LCD display has been turned off and the LCD control keys have been locked.
LCD display has been turned on and the LCD control keys have been unlocked.
Notification (00003) The console timeout value changed from <number1> to <number2> of minutes.
The system configuration was loaded from the slot by admin <name_str>
System Config load from <ip_addr> (file <filename>) to slot - <string> by admin <name_str>
Get new software from flash to slot (file: <filename>) by admin <name_str>
Save new software from slot (file: <filename>) to flash by admin <name_str>
Save new software from <ip_addr> (file: <filename>) to flash by admin <name_str>
Get new software from <ip_addr> (file: <filename1>) to slot (file: <filename2>) by admin <name_str>
System is operational.
System auto-config of file <name_str> from TFTP server <ip_addr> has been loaded successfully
System auto-config of file <name_str> from TFTP server <ip_addr> has failed.
Warning (00518) User <usr_str> at <ip_addr1> must enter Next Code for SecurID <ip_addr2>
Warning (00518, 00519) Local authentication for user <usr_str> was { denied | successful }.
WebAuth user <name_str> at <ip_addr1> has been { accepted | rejected/timedout } via the <string> server at <ip_addr2>
Admin user <name_str> has been { accepted | rejected } via the RADIUS server at <ip_addr>
Warning (00520) User <name_str> at <ip_addr> {RADIUS | SecurID | LDAP | Local } authentication a ttempt has timed out
Information (00525) User <usr_str> at <ip_addr1> must enter the New PIN for SecurID <ip_addr2>
New PIN
User <usr_str> at <ip_addr1> has selected a system-generated PIN for authentica tion with SecurID <ip_addr2>
The new PIN for user <usr_str> at <ip_addr1> has been { accepted | rejected } b y SecurID <ip_addr2>.
BGP Notification (000039) BGP instance in virtual router <vrouter> was removed from the device
Clock Notification (00008) System clock configurations have been changed by admin <name_str>
Device Critical (00022) At least one power supply is not functioning properly
The auxiliary board has been pulled out or otherwise made inactive
The board in slot <number>, has been pulled out or otherwise made inactive
Critical (00030) System CPU utilization is high (<number1> alarm threshold:<number2>) <number3> t imes in 1 minute
DHCP DHCP Server and Relay Agent Critical (00029) The DHCP process cannot open file <filename> to { read | write } data.
Information (00527) One or more DHCP-assigned IP addresses have been manually released.
A DHCP-assigned IP address <ip_addr> has been { assigned to <mac_addr1> | freed from <mac_addr2> }.
MAC address <mac_addr> has detected an IP conflict and has declined address <ip_ addr>.
DHCP Client Information (00530) DHCP client lease for <ip_addr> has expired
DHCP server <ip_addr> has assigned the untrust interface <interface> with lease <number>.
An IP conflict has been detected and the DHCP client has declined address <ip_ad dr>.
DHCP client IP <ip_addr> for the interface <interface> has been manually release d.
Information (00767) System auto-config of file <filename> from TFTP server <ip_addr> has { been load ed successfully | failed }.
DIP Notification (00021) IP pool <name_str> with range <ip_addr1>-<ip_addr2> has been { created | modifie d | deleted }
DNS Notification (00004) Daily DNS lookup time has been changed.
Firewall Emergency (00005) SYN flood has been detected! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num 2>, using protocol TCP, on interface <interface>. [ The attack occurred <number> times. ]
Emergency (00006) Teardrop attack has been detected! From <ip_addr1>:<port_num1> to <ip_addr2>:<po rt_num2>, using protocol { TCP | UDP | <number1> }, on interface <interface>. [ The attack occurred <number2> times. ]
Emergency (00007) Ping of Death has been detected! From <ip_addr1> to <ip_addr2>, using protocol 1 , on interface <interface>. [ The attack occurred <number> times. ]
Alert (00004) WinNuke attack has been detected! From <ip_addr1>:<port_num1> to <ip_addr2>:139, using protocol TCP, on interface <interface>. [ The attack occurred <number> ti mes. ]
Alert (00008) IP spoof has been detected! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2 >, using protocol { TCP | UDP | <number1> }, on interface <interface>. [ The att ack occurred <number2> times. ]
Alert (00009) IP Source Route has been detected! From <ip_addr1>:<port_num1> to <ip_addr2>:<po rt_num2>, using protocol { TCP | UDP | <number1> }, on interface <interface>. [ The attack occurred <number2> times. ]
Alert (00010) Land attack has been detected! From <ip_addr1>:<port_num> to <ip_addr2>:<port_nu m>, using protocol TCP, on interface <interface>. [ The attack occurred <number> times. ]
Alert (00011) ICMP flood has been detected! From <ip_addr1> to <ip_addr2>, using protocol 1, o n interface <interface>. [ The attack occurred <number> times. ]
Alert (00012) UDP flood has been detected! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num 2>, using protocol UDP, on interface <interface>. [ The attack occurred <number> times. ]
Alert (00016) Port scan has been detected! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num 2>, using protocol { TCP | UDP | <number1> }, on interface <interface>. [ The at tack occurred <number2> times. ]
Alert (00017) Address sweep has been detected! From <ip_addr1> to <ip_addr2>, using protocol 1 , on interface <interface>. [ The attack occurred <number> times. ]
Critical (00032) Malicious URL has been detected! From <ip_addr1>:<port_num1> to <ip_addr2>:<port _num2>, using protocol TCP, on interface <interface>. [ The attack occurred <num ber> times. ]
Critical (00033) Session threshold has been detected! From <ip_addr1>:<port_num1>, to <ip_addr2>: <port_num2>, using protocol { TCP | UDP | <number> }, and arriving at interface <interface>. [ The attack occurred <number> times. ]
Critical (00413) No tcp flag has been detected! From <ip_addr1>:<port_num1>, to <ip_addr2>:<port_ num2>, using protocol { TCP | UDP | <number> }, and arriving at interface <inter face>. [ The attack occurred <number> times. ]
Critical (00415) IP bad option has been detected! From <ip_addr1>:<port_num1>, to <ip_addr2>:<por t_num2>, using protocol { TCP | UDP | <number> }, and arriving at interface <int erface>. [ The attack occurred <number> times. ]
Critical (00437) SYN and FIN set has been detected! From <ip_addr1>:<port_num1>, to <ip_addr2>:<p ort_num2>, using protocol { TCP | UDP | <number> }, and arriving at interface <i nterface>. [ The attack occurred <number> times. ]
Critical (00438) FIN without ACK has been detected! From <ip_addr1>:<port_num1>, to <ip_addr2>:<p ort_num2>, using protocol { TCP | UDP | <number> }, and arriving at interface <i nterface>. [ The attack occurred <number> times. ]
Critical (00440)
ip fragment, From <ip_addr1>:<port_num1>, to <ip_addr2>:<port_num2>, using proto col { TCP | UDP | <number> }, and arriving at interface <interface>. [ The attac k occurred <number> times. ]
SYN flood { alarm threshold | packet queue size | timeout value | attack thresho ld | same source IP threshold } is set to <number>.
Logging of { dropped | IKE | SNMP | ICMP } traffic to self has been { enabled | disabled }.
The SYN flood { alarm threshold | packet queue size | timeout value | attack thr eshold | same source IP threshold } has been set to <number> on <zone> <name_str >.
SYN flood { same destination ip | same source ip } threshold has been set to <nu mber> on <zone> <name_str>.
The SYN-ACK-ACK proxy threshold value has been set to <number> on <interface> <n ame_str>.
SYN flood drop pak in xparent mode when receiving unknown dst mac has been enabl ed on <zone> <name_str>.
{ IP sweep | Port scan | UDP flood | ICMP flood | } threshold has been set to <n umber> on <zone> <name_str>.
The session limit threshold has been set to <number> on <zone> <name_str>.
Global Critical (00028) An intruted has attempted to connect to the NetScreen-Global PRO port! From <ip_ addr1>:<port_num1> to <ip_addr2>:15400, using protocol { TCP | UDP | <number> }, at interface <interface>. [ The attack occurred <number> times. ]
Notification (00033) <name_str> { primary | secondary } host has been set to { dom_name | IP_addr }.
User-defined service <serv_name> has been { added | removed } from <name_str> di stribution.
Reporting of { the <name_str1> table | <name_str2> alarms | <name_str3> logs } t o <name_str4> has been { enabled | disabled }.
Device has connected to the <name_str> { primary | secondary } data collector at <ip_addr>.
High Availability HA and NSRP Critical (00015) Configuration out of sync between local unit and remote unit
nterface>)
Critical (00070) NSRP: local unit=<id_num1> of VSD group (<id_num2>) change state from inoperable to init
NSRP: local unit=<id_num1> of VSD group (<id_num2>) change state from ineligible to init
NSRP: local unit=<id_num1> of VSD group (<id_num2>) change state from { master | primary backup | backup | ineligible | inoperable } to init, force command.
Critical (00071) NSRP: local unit=<id_num1> of VSD group (<id_num2>) change state from init to ma ster, missing master
NSRP: local unit=<id_num1> of VSD group (<id_num2>) change state from backup to master, missing master
NSRP: local unit=<id_num1> of VSD group (<id_num2>) change state from primary ba ckup to master, missing master
NSRP: local unit=<id_num1> of VSD group (<id_num2>) change state from { primary backup | backup | ineligible | inoperable } to master, force command.
Critical (00072) NSRP: local unit=<id_num1> of VSD group (<id_num2>) change state from init to pr imary backup, missing primary backup
NSRP: local unit=<id_num1> of VSD group (<id_num2>) change state from backup to primary backup, missing primary backup
NSRP: local unit=<id_num1> of VSD group (<id_num2>) change state from { backup | ineligible | inoperable } to primary backup, force command.
Critical (00073) NSRP: local unit=<id_num1> of VSD group (<id_num2>) change state from init to ba ckup, elected
NSRP: local unit=<id_num1> of VSD group (<id_num2>) change state from master to backup, { duplicate master | preempt by primary backup }
NSRP: local unit=<id_num1> of VSD group (<id_num2>) change state from primary ba ckup to backup, duplicate primary backup
NSRP: local unit=<id_num1> of VSD group (<id_num2>) change state from { primary backup | ineligible | inoperable } to backup, force command
Critical (00074) NSRP: local unit=<id_num1> of VSD group (<id_num2>) change state from { master | primary backup | backup | ineligible | inoperable | init } to ineligible
Critical (00075) NSRP: local unit=<id_num1> of VSD group (<id_num2>) change state from { master | primary backup | backup | ineligible | inoperable | init } to inoperable
Critical (00076) NSRP: local unit=<id_num1> of VSD group (<id_num2>) send 2nd path request to uni t=<id_num3>
Critical (00077) NSRP: local unit=<id_num1> of VSD group (<id_num2>) receive 2nd path request fro m unit=<id_num3> to unit=<id_num4>
Critical (00079) ARP req, detect duplicate VSD group master <ip_addr> <mac_addr> on interface <in terface>
RTO mirror group id=<id_num> direction={ in | out } peer=<id_num> from { undefin ed | set | active } to { undefined | set | active } state, { missed heartbeat | group detached }
RTO mirror group id=<id_num1> direction={ in | out } local unit=<id_num2>, dupli cate from unit=<id_num3>
vsd group <id_num> local unit priority changed from <number1> to <number2>
HA Slave is { up | down }
HA: Elected slave, { lower priority | MAC value is larger | master already exist s | detect new master with higher priority | detect new master with smaller MAC value }
HA: Promoted master, command issued from original master to change state
HA: Change to master, command issued from original master to change state
HA { encryption password | authentication password | encryption key | authentica tion key } changed.
HA linkdown
Critical (00064) track ip fail reaches threshold, system may fail over!
IKE Alert (00026) IKE <ip_addr> Policy Manager's default CA is used by peer to establish IPSEC VPN .
P1 proposal <name_str> with { Preshared | RSA-sig | DSA-sig }, DH group { 0 | 1 | 2 | 5 }, ESP { NULL | DES | 3DES | AES128 | AES192 | AES256 }, auth { NULL | M D5 | SHA-1 }, and lifetime <number> has been { added | modified | deleted }.
P2 proposal <name_str> with DH group { 0 | 1 | 2 | 5 }, { AH | ESP }, enc { NULL | DES | 3DES | AES128 | AES192 | AES256 }, auth { NULL | MD5 | SHA-1 }, and lif etime (sec <number>) (kb <number>) has been { added | modified | deleted }.
Information (00536) IKE <ip_addr>: Missing heartbeats have exceeded the threshold. All Phase 1 and 2 SAs have been removed.
IKE <ip_addr> Phase 1: Cert received has a different { IP address | FQDN | UFQDN } SubAltName than expected.
IKE <ip_addr> Phase 1: Cert received has a subject name that does not match the ID payload.
IKE <ip_addr> Phase 1: Cannot use a preshared key because the peer gateway <ip_a ddr> has a dynamic IP address and negotiations are in Main mode.
IKE <ip_addr> Phase 1: Main mode packet has arrived with ID type { IP address | FQDN | UFQDN | ASN1_DN }, but no user configuration was found for that ID.
IKE <ip_addr> Phase 1: Completed { Aggressive | Main } mode negotiations with a <number>-second lifetime.
IKE <ip_addr> Phase 1: Discarded a second initial packet, which arrived within 5 seconds after the first.
IKE <ip_addr1> >> <ip_addr2> Phase 1: Initiated negotiations in { Aggressive | M ain } mode.
IKE <ip_addr> Phase 1: { RSA | DSA } private key is needed to sign packets.
IKE <ip_addr> Phase 1: IKE { initiator | responder } has detected NAT in front o f the { local | remote } device.
IKE <ip_addr> Phase { 1 | 2 }: Aborted negotiations because the time limit has e lapsed.
IKE <ip_addr> Phase 2: Received a message but did not check a policy because idmode is set to IP or policy-checking is disabled.
IKE <ip_addr> Phase 2: No policy exists for the proxy ID received: local ID (<ip _addr>/<mask>, <protocol>, <port_num>) remote ID (<ip_addr>/<mask>, <protocol>, <port_num>).
IKE <ip_addr> Phase 2: Received DH group <value1> instead of expected group <val ue2> for PFS.
IKE <ip_addr> Phase 2: Negotiations have failed. Policy-checking has been disabl ed but multiple VPN policies to the peer exist.
IKE <ip_addr> Phase 2 msg-id <number>: Responded to the first peer message.
IKE <ip_addr> Phase 2 msg-id <number>: Completed negotiations with SPI <number1> , tunnel ID <number2>, and lifetime <number3> seconds/<number> KB.
IKE <ip_addr>: Dropped packet because remote gateway <name_str> is not used in a ny VPN tunnel configurations.
IKE <ip_addr> rcv incorrect ID payload: (IP address <ip_addr> | FQDN <string1> | UFQDN <string2> | ASN1_DN <string3>), expecting (IP address <ip_addr> | FQDN <s tring4> | UFQDN <string5> | ASN1_DN <string6>).
IKE <ip_addr>: Sent initial contact notification to peer to use new sa.
IKE <ip_addr>: Rejected an initial Phase 1 packet from an unrecognized peer gate way.
IKE <ip_addr>: Received notify message for DOI <number1> <number2> <string>.
IKE <ip_addr>: Received a bad SPI <spi_num> [ from unknown peer | after rebootin g | <number> times ].
IKE <ip_addr>: Added the initial contact task to the task list.
Gateway <name_str> at <ip_addr> in { main | aggressive } mode with ID: { <string > | [none] } has been { added | deleted | modified }.
IKE <ip_addr>: Received initial contact notification and removed Phase { 1 | 2 } SAs.
IKE <ip_addr> Dropped peer packet because no policy uses the peer configuration.
IKE <ip_addr> Heartbeats have been disabled because the peer is not sending them .
Attempt to set tunnel (<name_str>) without IP address at both end points! Check outgoing interface.
IKE <ip_addr> new sa <tun_id_num1> is up, try to switch policy <pol_id_num> from <tun_id_num2>
IKE <ip_addr>: A sa <tun_id_num1> with a higher weight replaced the sa <tun_id_n um2> in policy <pol_id_num>.
Interface Notification (00009) IP for interface <interface> has been changed from <ip_addr1> to <ip_addr2>.
Netmask for interface <interface> has been changed from <mask1> to <mask2>.
Manage IP for interface <interface> has been changed from <ip_addr1> to <ip_addr 2>.
Gateway IP for interface <interface> has been changed from <ip_addr1> to <ip_add r2>.
Maximum bandwidth <number1> kbps on interface <interface> is less than total gua ranteed bandwidth <number2> kbps.
The configured bandwidth on the interface <interface> has been changed to <numbe r> kbps.
{ Global PRO | Ident-reset | Ping | SCS | SNMP | SSL | Telnet | Web } has been { enabled | disabled } on interface <interface>
The operational mode for interface <interface> has been changed to { Route | NAT }.
L2TP Information (00539) Cannot allocate IP addr from Pool <name_str> for user <usr_str>
Link Status Notification (00513) The physical state of the interface <interface> has changed to { up | down }.
Information (00767) { Alarm | Traffic | Event | Asset recovery | Self } log was reviewed by admin <n ame>.
Log buffer was full and remaining messages were sent to external destination. [ <number> packets were dropped. ]
MIP Notification (00010) Mapped IP <ip_addr1> <ip_addr2> has been { added | modified | deleted }.
NACN Notification (00033) The NACN protocol has been { enabled | disabled }
NACN Policy Manager { 1 | 2 } s outgoing interface, used to report NACN to Policy Manager { 1 | 2 }, has not been specified.
NACN Policy Manager {1 | 2 } s port field has been reset to the default value.
NACN Policy Manager {1 | 2 } s outgoing-interface field has been set to <interface >.
Information (00538) NACN failed to register to Policy Manager <name_str> because of { wrong password | the device does not exist | an invalid IP address | an unknown error }.
NACN failed to register to Policy Manager <name_str> because the connection time d out or aborted unexpectedly.
The NACN protocol has started for Policy Manager { 1 | 2 } on hostname <name_str > IP address <ip_addr> port <port_num>.
OSPF Critical (00202) <id_num> hello-packet flood from neighbor (ip = <ip_addr>, router-id = <id_num2> ) on interface <interface>, packet is dropped
Critical (00203) <id_num> lsa flood on interface <interface> has dropped a packet.
Notification (00041) A route-map entry with sequence number <number1> in route map <name_str> in virt ual router <vrouter> has been removed
A route-map entry with sequence-number <number> in route-map <name_str> in virtu al router <vrouter> has been created
Notification (00044) access list <id_num> sequence number <number> permit | deny ip <ip_addr>/<mask> deleted in vrouter <vrouter>
access list <id_num> sequence number <number> permit | deny ip <ip_addr>/<mask> created in vrouter <vrouter>
Information (00541) <id_num1> NBR change, rtid <id_num2> <ip_addr> state = <string>
PKI Critical (00025) PKI: The current device failed to save the { certificate authority configuration | key }.
PKI: The device cannot load the X.509 object into the flash file <filename>.
PKI: The device has no memory to load PKI objects, filename <filename>.
PKI: The device cannot load X.509 {certificate | CRL}, filename <filename>.
PKI: The device failed to generate the certificate request file in PKCS10 format .
PKI: The device failed to send the PKCS10 certificate request file via email.
PKI: The device failed to send an X.509 certificate request in PKCS10 format.
PKI: The device has detected zero DSA/RSA key length input. Use 1024 bits defaul t.
PKI: The device cannot generate a certificate request because there is no contro
l data.
PKI: The device cannot locate the keypair with id <id_num> to generate certifica te request.
PKI: The device cannot find the RSA/DSA key pair to generate certificate request .
PKI: The device cannot find the subject DN to generate certificate request.
PKI: The device cannot decode the public key of certificate <name_str>.
PKI: A configurable item DN s { Name | phone | e-mail | country | state | county/lo cality | organization | unit/department | IP address | e-mail to } field has chan ged from { <string1> to none | none to <string2> | <string1> to <string2> }.
to
disabled |
PKI: A configurable item default certificate validation level field has changed fr om { full to partial | partial to full }.
PKI: A configurable item certificate FQDN field has changed from 2> .
<string1>
to <string
PKI: A configurable item default LDAP server name field has changed from { 1> to <ip_addr2> | <dom_name1> to <dom_name2> }.
<ip_addr
PKI: A configurable item e-mail address to send certificate request ged from <number1> to <number2> .
<numb
PKI: A configurable item SCEP s { CA IDENT | challenge password } from <name_str1> to <name_str2> .
to
1 |
PKI: NSRP sync received cold sync item <number1> out of order, expect <number2> of <total_number>.
PKI: NSRP sync received cold sync item <number> without first item.
PKI: The X.509 { certificate | certificate revocation list } cannot be loaded du ring NSRP synchronization.
PKI: The certificate revocation list has expired, issued by certificate authorit y <name_str>.
PKI: The { file name | friendly name of a certificate | vsys name } is too long <number1> to do NSRP synchronization, allowed <number2>.
PKI: The device failed to coldsync the PKI object at <number> attempt.
PKI: The device completed the coldsync of the PKI object at <%d> attempt.
PKI: A configurable item SCEP mode has changed [ from <string1> to <string2> | f rom none to <string1> | from <string1> to none ].
PKI: X.509 { certificate | CRL } file has been loaded successfully, filename <fi lename>.
PKI: The RSA key length has changed from { 512 | 768 | 1024 | 2048 } to { 512 | 768 | 1024 | 2048 }.
PKI: The X.509 certificate for the ScreenOS image authentication is invalid.
PKI: The device failed to decode the public key of the image s signer certificate.
PKI: The public key of image s signer has been loaded successfully, for future ima ge authentication.
PKI: The device successfully generated a new { RSA | DSA } key pair.
PKI: The device could not generate { RSA | DSA } key pair.
PKI: The device cannot load the CA certificate received through SCEP.
PKI: The device cannot load the X.509 local certificate received through SCEP.
PKI: The device cannot load the X.509 { certificate | certificate revocation lis t } during boot.
PKI: The device cannot extract the X.509 certificate revocation list.
PKI: The device detected an invalid digital signature algorithm (DSA) key.
PKI: The device failed to save the certificate authority related configuration.
PKI: The device has detected an invalid X.509 object attribute <number>.
PKI: The device cannot find the PKI object <id_num> during cold sync.
PKI: The device failed to remove existing authority configuration when nsrp sync .
PKI: The device cannot load the X.509 certificate revocation list during boot.
PKI: The device cannot load the X.509 certificate revocation list (CRL) from the file.
PKI: The device cannot extract the X.509 certificate revocation list [ (CRL) ].
PKI: The device cannot load X.509 certificate onto the device, certificate <name _str>.
PKI: The device failed to synchronize DSA/RSA key pair to NSRP peer.
PKI: The device failed to synchronize new DSA/RSA key pair to NSRP peer.
PKI: The device cannot load an X.509 certificate revocation list (CRL).
Information (00535) PKI: The current device cannot retrieve the certificate revocation list using th e HTTP protocol.
PKI: The current device cannot successfully enroll a certificate using the SCEP & HTTP protocol.
PKI: The device cannot create the X.509 object database table.
PKI: The number of the X.509 object entries exceeds the limit for the platform. The maximum allowed is <number>.
PKI: The size of the CRL is too big to save to flash. Maximum <number> bytes.
PKI: When building a certificate chain, the certificate at the top of the untrus ted chain is not issued by the designated certificate authority.
PKI: The device has changed the SCEP renewal interval to <number> days
PKI: The device has changed the SCEP polling interval from <number1> to <number2 >.
PKI: The device cannot allocate memory for the challenge password during a certi ficate request.
PKI: The device cannot allocate memory for X.509 extensions during a certificate request.
PKI: The device cannot allocate memory to store keypair in certificate request.
Need X509_REQ.
PKI: The device failed to convert the certificate request into a DER formatted f ile.
PKI: The device failed to encode the certificate request into DER format.
PKI: The device has no memory to store PKCS7 content data when requesting a cert ificate.
PKI: The device has no memory to store the certificate issuer name.
PKI: The device has no memory to store PKCS7 content data when requesting a cert ificate.
PKI: The device failed to add a signature to the PKCS7 outer envelope.
PKI: The device cannot encrypt the SCEP content data in an inner PKCS7 envelope.
PKI: The device failed to set the type of inner PKCS7 envelope.
PKI: The device cannot sign the SCEP request in outer PKCS7 envelope.
PKI: The device cannot encrypt the data in outer PKCS7 envelope.
PKI: The device cannot decode SCEP content data in PKCS7 envelope.
PKI: The device cannot decode an outer PKCS7 envelope of SCEP content data.
PKI: The device cannot decrypt SCEP data in outer PKCS7 envelope.
PKI: The device cannot verify the signature on CRL. Accept the CRL anyway as con figured.
PKI: The device found the X.509 certificate in the local trust store, abort cert ificate request.
The point-to-point over Ethernet (PPPoE) connection failed to establish a sessio n: {PADI | PADR} timeout
The Point-to-Point over Ethernet (PPPoE) connection failed to establish a sessio n: no IP address assigned
PPPoE failed to establish a session: { Service Name Error Tag | AC System Error Tag | Generic Error Tag } received
The point-to-point over Ethernet (PPPoE) connection failed to establish a sessio n: <string> received
Policies Notification (00018) Policy (<id_num>, { <zone1> -> <zone2> | global }, <src_addr> -> <dst_addr>, <sv c_name>, { permit | deny | tunnel }) was { added | modified | deleted | enabled | disabled } by admin <name_str>
Policy <id_num1> has been moved { before | after } <id_num2> by admin <name_str>
Policy (<id_num>, global, <src_addr> -> <dst_addr>, <svc_name>, { permit | deny | tunnel }) was added
Device s default policy has been changed from { enabled | disabled } to { disabled | enabled } by admin <name_str>
Routes Critical (00200) A new route cannot be added to the device because the maximum number of system r oute entries <number> has been exceeded
Critical (00201) A route <ip_addr>/<mask> cannot be added to the virtual router <vrouter> because the number of route entries in the virtual router exceeds the maximum number of
Notification (00011) Route(s) in virtual router <vrouter> with an IP address <ip_addr>/<mask> and gat eway <ip_addr> has been deleted
A route in virtual router <vrouter> that has IP address <ip_addr>/<mask> through interface <interface> and gateway <ip_addr> with metric <number> has been creat ed
A route has been created in virtual router <vrouter1> with an IP address <ip_add r>/<mask> and next-hop as virtual router <vrouter2>
An import | export rule in virtual router <vrouter1> to virtual router <vrouter2 > with IP-prefix <<ip_addr>/<mask> has been created | removed
An import | export rule in virtual router <vrouter1> to virtual router <vrouter2 > with route-map <id_num> and protocol <name_str> has been created | removed
A sharable virtual router using name <vrouter> and id <id_num> has been created
The maximum number of routes that can be created in virtual router <vrouter> is <number>
The router-id that can be used by OSPF, BGP routing instances in virtual router <vrouter> has been set to <id_num>
The routing preference for protocol <name_str> in virtual router <vrouter> has b
The virtual router <vrouter> has been made default virtual router for virtual sy stem <name_str>
The system default-route through virtual router <vrouter1> has been added in vir tual router <vrouter2>
The maximum routes limit in virtual router <vrouter> has been removed
The router-id of virtual router <vrouter> used by OSPF, BGP routing instances id has been uninitialized
The routing preference for protocol <name_str> in virtual router <vrouter> has b een reset
A virtual router with name <vrouter> and id <id_num> has been removed
Schedule Notification (00020) Schedule <name_str> has been { added | modified | deleted }.
SCS Critical (00034) SCS: NetScreen device failed to identify itself to the SSH client at <ip_addr>:< port_num>.
SCS: NetScreen device failed to authenticate the SSH client at <ip_addr>:<port_n um>.
SCS: Incompatible SSH version <version_string> has been received from the SSH cl ient at <ip_addr>:<port_num>.
SCS: Failed to retrieve PKA key bound to SSH user <user_name>. (Key ID=<id_num>)
SCS: Failed to { bind | unbind } PKA key { to | from } SSH user <user_name>. (Ke y ID=<id_num>)
SCS: NetScreen device failed to generate a PKA RSA challenge for SSH user <user_ name> at <ip_addr>:<port_num>. (Key ID=<id_num>)
Error (00034) SCS: Unsupported cipher type <name_str> requested from: <ip_addr>:<port_num>
SCS: Maximum number for SCS sessions <number> has been reached. Connection reque st from SSH user at <ip_addr>:<port_num> has been denied.
SCS: SSH client at <ip_addr>:<port_num> has failed to make an SCS connection to vsys <name_str> because SCS cannot generate the host and server keys before timi ng out.
SCS: SSH user <user_name> at <ip_addr>:<port_num> has failed the PKA RSA challen ge.
Warning (00034) SCS: SCS has been { enabled | disabled } for <name_str> with <number> existing P KA keys already bound to <number> SSH users.
SCS: SSH user <name> at <ip_addr>:<port_num> has requested password authenticati on, which is not enabled for that user.
SCS: SSH user <name> at <ip_addr>:<port_num> has requested PKA RSA authenticatio
SCS: SSH user <name> at <ip_addr>:<port_num> has unsuccessfully attempted to log in via SCS to <name_str> using the shared untrusted interface because SCS is di sabled on that interface.
SCS: Max <number> sessions reached, unabel to accept connection : <ip_addr>:<por t_num>
SCS: Disabled for <name_str>. Attempted connection failed from <ip_addr>:<port_n um>
SCS: SSH user <user_name> at <ip_addr>:<port_num> cannot log in via SCS to <name _str> using the shared untrusted interface because SCS is disabled.
SCS: SSH client at <ip_addr1> has attempted to make an SCS connection to interfa ce <interface> with IP <ip_addr2> but failed because SCS is not enabled for that interface.
SCS: SSH client at <ip_addr>:<port_num> has attempted to make an SCS connection to vsys <name_str> but failed because SCS was not completely initialized for tha t system.
Notification (00026) SCS: Host client has requested NO cipher from <name_str>
SCS: SCS has been { enabled | disabled } for { <name_str> | root system }.
SCS: Key regeneration interval has been changed from <number1> to <number2>.
SCS: SSH user <usr_str> has been authenticated using password from <ip_addr>:<po rt_num>.
SCS: SSH user <usr_str> has been authenticated using PKA RSA from <ip_addr>:<por t_num>. (key-ID=<key_id_num>
SCS: PKA key has been { bound to | unbound from } admin user <user_name>. (Key I D = <id_num>)
SCS: Connection has been terminated for admin user <name_str> at <ip_addr>:<port _num>
Services Notification (00012) Service <serv_name> has been { added | modified | deleted }
SNMP Critical (00027) SNMP listen port has been restored from <port_num> to default port 161. This cha nge goes into effect in three seconds.
SNMP listen port has been changed from <port_num1> to <port_num2>. This change g
Notification (00002) SNMP trap port has been changed from <port_num1> to port <port_num2>. This chang e goes into effect in three seconds.
SNMP listen port has been restored from <port_num> to default port 161. This cha nge goes into effect in three seconds.
SNMP listen port has been changed from <port_num1> to <port_num2>. This change g oes into effect in three seconds.
SNMP trap port has been restored from <port_num> to default port 162.
SNMP community <name_str> attributes write access, { yes | no }; receive traps, { yes | no }; receive traffic alarms, { yes | no } have been modified.
SNMP host <ip_addr> has been { added to | removed from } SNMP community <name_st r>.
Information (00524) SNMP request from <ip_addr1>:<port_num> to <ip_addr2>:<port_num> has been receiv ed, but the SNMP version type is incorrect.
Response to SNMP request from <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2> h as failed due to a coding error.
SNMP request from an unknown SNMP community <name_str> at <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2> has been received.
NetScreen device at <ip_addr1>:<port_num1> has responded successfully to SNMP re quest from <ip_addr2>:<port_num2>.
SNMP community <name_str> cannot be added because the community list is full.
SNMP host <ip_addr> cannot be added to community <name_str> because of an IP add ress conflict.
SNMP host <ip_addr> cannot be removed from community <name_str> because host can not be found.
SNMP request has been received from an unknown host in SNMP community <name_str> at <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>.
SNMP request has been received from host <ip_addr1>:<port_num1> with read-only p rivileges to <ip_addr2>:<port_num2>.
SNMP request has been received from host <ip_addr1>:<port_num1> without read pri vileges to <ip_addr2>:<port_num2>.
SNMP request has been received, but no SNMP community has been configured.
Software Key Notification (00036) An optional ScreenOS feature has been activated via a software key.
SSL Notification (00035) SSL No ssl context. Not ready for connections.
SSL - cipher type <string> is not allowed in export or firewall only system
SSL no ssl ca
SSL CA changed
Syslog Notification (00019) Attempt to enable { syslog | traffic logging via syslog } has failed because sys log settings have not yet been configured.
Syslog host { IP | domain name | port number } has been changed to { <ip_addr> | <domain_name> | <port_num> }.
Syslog { facility | security facility } has been changed to { local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | auth/sec }.
WebTrends Notification (00019) Attempt to enable WebTrends has failed because WebTrends settings have not yet b een configured.
WebTrends host { IP | domain name | port number } has been changed to { <ip_addr > | <dom_name> | <port_num> }.
System Critical (00020) System memory is low: <number1> bytes allocated out of <number2> bytes total.
System memory is low (<number1> allocated out of <number2>) <number3> times in 1 minute
Users Information (00526) The user limit has been exceeded and <ip_addr> cannot be added.
Notification (00016) Address VIP (<ip_addr1>) for <ip_addr2> has been { added | modified | deleted }.
NSRP VSD group ID for vsys <name_str> has been changed from <id_num1> to <id_num 2>
VLANs Notification (00009) VLAN tag <number> has been { created | deleted }
The 802.1Q tag for interface <interface> has been changed to <number> from <numb er>
802.1Q VLAN trunking for interface <interface> has been turned { on | off }
VPNs Critical (00026) Replay packets have been detected! From <ip_addr>:<port_num> to <ip_addr>:<port_ num>, using protocol { 50 | 51 }, on interface <interface>. [ The attack occurre d <number> times.]
The DF-BIT for VPN <name_str> has been set to { clear | set | copy }.
VPN <name_str> with gateway <name_str2>, { no-rekey | rekey }, and p2-proposal < name> has been { added | modified | deleted }.
VPN <name_str> with gateway <ip_addr> and SPI <hex_num1>/<hex_num2> has been { a dded | modified | deleted }.
Information (00536) Receive UDP packets from <ip_addr1>/<port_num1> on interface <interface> <ip_add r2>/<port_num2>
Zones Notification (00037) New zone <zone> (id: <id_num>) was created.