NetScreen Messages--Text Only 
ScreenOS 5.2.0
P/N 093-1594-000, Rev. A

Addresses
Notification (00001)

Address <name_str> for { ip address <ip_addr | domain address <dom_name> } in zone <zone> has been { added | deleted | modified }

Address group <grp_name> has { added | deleted } member <mbr_name>

Address group <grp_name> has been { added | deleted | modified }


Admin
Alert (00027)

ScreenOS <version>.<version>.<version> Serial# <number>: Asset recovery performed

ScreenOS <version>.<version>.<version> Serial # <number>: Asset recovery has been aborted

System configuration has been erased

Multiple login failures occurred for user <usr_str> from IP address <ip_addr>:<port_num>
 
Multiple login failures occurred for user <usr_str>

Warning (00002)

Admin AUTH: Local instance of an external admin user’s privilege has been changed from <string> to <string>

Warning (00515)
 
Vsys admin user <usr_str> has logged { on | out } via { Telnet from <ip_addr>:<port_num> | SSH from <ip_addr>:<port_num> }
 
Vsys admin user <usr_str> has logged { on | out } via the console
 
Admin user <usr_str> has logged { on | out } via { Telnet from <ip_addr>:<port_num> | SSH from <ip_addr>:<port_num> }
 
Admin user <usr_str> has logged { on | out } via the console

Management session via { serial console | Telnet from <ip_addr>:<port_num> | SSH from <ip_addr>:<port_num> } for [ vsys ] admin <name_str> has timed out

Login attempt to system by admin <name_str> via { the console | Telnet from <ip_addr>:<port_num> | SSH from <ip_addr>:<port_num> } has failed <string>

Admin user <name_str> has been forced to log out of the serial console session.

Admin user <name_str> has been forced to log out of the SSH session on host <ip_addr>:<port_num>

Admin user <name_str> has been forced to log out of the Telnet session on host <ip_addr>:<port_num>

Admin user <name_str> has been forced to log out of the Web session on host <ip_addr>:<port_num>

Warning (00518)
 
Admin user <name_str> has been rejected via the <serv_name> server at <ip_addr>

Warning (00519)
 
Admin user <name_str> has been accepted via the <serv_name> server at <ip_addr>

Notification (00002)

Root admin access restriction through console only has been { enabled | disabled } by admin <name> 
 
Single use password restriction for read-write administrators has been { disabled | enabled } by admin <name_str>

Root admin password restriction of minimum <number> characters has been { enabled | disabled } by admin <name> 
 
Maximum failed login attempts from before administrative session disconnects has been modified from <number1> to <number2> by admin <name_str>
 
Admin user “<name_str>” logged in for Web ({ http | https }) management (port <port_num1>) from <ip_addr>:<port_num>.
 
Admin user “<name_str>” login attempt for Web ({ http | https }) management (port <port_num1>) from <ip_addr>:<port_num> failed.

Admin user “<name_str>” login attempt for Web ({ http | https }) management (port <port_num1>) from <ip_addr>:<port_num> failed due to an incorrect client ID.

Admin user “<name_str>” logged out for Web ({ http | https }) management (port <port_num1>) from <ip_addr>:<port_num>.

Notification (00003)
 
The console timeout value changed from <number1> to <number2> minutes.
 
The console page size changed from <number1> to <number2>
 
The serial console has been { enabled | disabled } by admin <name_str>
 
The console debug buffer has been {enabled | disabled }

Information (00002)
 
Admin name for account <name_str> has been modified to <name_str2>

Admin password for account <name_str> has been modified

Admin account created for <name_str>

Admin account deleted for <name_str>

Admin account modified for <name_str>

Management restriction for <ip_addr> subnet <mask> has been { added | removed }

Management restriction was removed from all IPs and subnets 

System IP has been changed from <ip_addr1> to <ip_addr2>

{ SSH | Telnet | HTTP } port has been changed from <port_num1> to <port_num2>

Web admin authentication idle timeout value has been changed from <number1> to <number2> minutes


ADSL
Notification (00555)
 
ADSL Line UP Fast and Interleave Channels.

ADSL Line Waiting for Activating.
 
ADSL Line Activating.

ADSL Line DOWN.
 
ADSL Line UP Fast Channel.

ADSL Line UP Interleaved Channel.

ADSL Line UP Fast Channel, change Utopia address to match it.

ADSL Line UP Interleaved Channel, change Utopia address to match it.

ADSL Line in an unknown state.


Antivirus
Error (00052)
 
AV: Suspicious client <ip_addr1>:<port_num1>-><ip_addr2>:<port_num2> used <number1> percent of AV resources, which exceeded the max of <number2> percent.

Error (00547)
 
AV: Exceeded max concurrent connections (<number>).

Error (00554)
 
SCAN-MGR: Cannot get { AltServer info | Version number | Path_GateLockCE info } from server.ini file.
 
SCAN-MGR: Per server.ini file, the AV pattern file size is zero.
 
SCAN-MGR: AV pattern file size is too large (<number> bytes).
 
SCAN-MGR: Alternate AV pattern file server URL is too long: <number1> bytes. Max: <number2> bytes.
 
SCAN-MGR: Cannot retrieve { server.ini | AV pattern } file from <ip_addr>:<port_num>. HTTP status code: <number>.

SCAN-MGR: Cannot write AV pattern file to { RAM | flash }.

SCAN-MGR: Cannot check AV pattern file. VSAPI code: <number>
 
SCAN-MGR: Internal error occurred while retrieving { server.ini | AV pattern } file.

SCAN-MGR: Internal error occurred when calling this function: <string>. [ Layer: <number>. | Limit: <number>. | Returned: <string> ] { Error: <number> | Returned a NULL VSC handler | cpapiErrCode: <number> }.

Warning (00547)
 
AV scan-mgr has been { attached to | detached from } policy ID <id_num>

AV: VIRUS FOUND: <ip_addr1>:<port_num1>-><ip_addr2>:<port_num2>, <string>

AV: Content from <ip_addr1>:<port_num1>-><ip_addr2>:<port_num2> was not scanned because max content size was exceeded.

AV: Content from <ip_addr1>:<port_num1>-><ip_addr2>:<port_num2> was not scanned because max content size was exceeded.

AV: Content from <ip_addr1>:<port_num1>-><ip_addr2>:<port_num2> was not scanned due to a scan engine error or constraint.

AV object scan-mgr <application> has been disabled.

AV object scan-mgr <application> timeout has been reset to its default value.

Notification (00547)
 
AV object scan-mgr <application> has been enabled [ with timeout <number> ].

Notification (00554)

SCAN-MGR: Number of decompression layers has been set to <number>.

SCAN-MGR: Maximum content size has been set to <number> KB.

SCAN-MGR: Maximum number of concurrent  s has been set to <number>.
 
SCAN-MGR: Fail mode has been set to { drop | pass } unexamined traffic if { content size | number of concurrent  s } exceeds max.

SCAN-MGR: URL for AV pattern update server has been set to <url_str>, and the update interval to <number> minutes.

SCAN-MGR: URL for AV pattern update server has been unset, and the update interval returned to its default.

SCAN-MGR: New AV pattern file has been updated. Version: <number1>; size: <number2> bytes.

SCAN-MGR: AV client has exceeded its resource allotment. Remaining available resources: <number>.

SCAN-MGR: <string>

SCAN-MGR: Attempted to load AV pattern file created <date1> after the AV subscription expired. (Exp: <date2>)


ARP
Critical (00031)

{ arp req | arp reply } detected an IP conflict (IP <ip_addr>, MAC <mac_addr>) on interface <interface>

Critical (00079)

{ arp req | arp reply } detected a duplicate VSD group master (IP <ip_addr>, MAC <mac_addr>) on interface <interface>

Notification (00031) 
 
ARP detected IP conflict: IP address <ip_addr> changed from interface <interface> to interface <interface>

Notification (00051)
 
Static ARP entry { added to | deleted from } interface <interface> with IP <ip_address> and MAC <mac_addr>

Notification (00053)

ARP always on destination enabled

Notification (00054)
 
ARP always on destination disabled


Attack Database
Notification (00767)
 
Attack database version <number> has been [ authenticated and ] saved to flash.

Cannot parse attack database [ header info ]

Cannot switch to attack database version <version>

Cannot save attack database version <version>

Cannot download attack database from <url_str> (error <error_code>)

Deep Inspection update key has expired.

Attack database version <number> was rejected because the authentication check failed.


Attacks
Emergency (00005)

SYN flood! From <src_ip>:<src_port> to <dst_ip>:<dst_port>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number> times.

Emergency (00006)
 
Teardrop attack! From <src_ip>:<src_port> to <dst_ip>:<dst_port>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Emergency (00007)

Ping of Death! From <src_ip> to <dst_ip>, proto 1 (zone <zone_name>, int <interface_name>). Occurred <number> times.

Alert (00004)

WinNuke attack! From <ip_addr1>:<port_num1> to <ip_addr2>:139, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number> times.

Alert (00008)
 
IP spoofing! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number> times.

Alert (00009)

Source Route IP option! From <src_ip>:<src_port> to <dst_ip>:<dst_port>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Alert (00010)
 
Land attack! From <ip_addr1>:<port_num> to <ip_addr2>:<port_num>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Alert (00011)

ICMP flood! From <ip_addr1> to <ip_addr2>, proto 1 (zone <zone_name>, int <interface_name>). Occurred <number> times.

Alert (00012)

UDP flood! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto UDP (zone <zone_name>, int <interface_name>). Occurred <number> times.

Alert (00016)
 
Port scan! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Alert (00017)
 
Address sweep! From <ip_addr1> to <ip_addr2>, proto 1 (zone <zone_name>, int <interface_name>). Occurred <number> times.

Critical (00032)

Malicious URL! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number> times.

Critical (00033)

Src IP session limit! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Critical (00412)
 
SYN fragment! From <ip_addr1>:<port_num> to <ip_addr2>:<port_num>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Critical (00413)

No TCP flag! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Critical (00414)
 
Unknown protocol! From <ip_addr1>:<port_num> to <ip_addr2>:<port_num>, proto <number1> (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Critical (00415)
 
Bad IP option! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Critical (00430)

Dst IP session limit! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Critical (00431)

ZIP file blocked! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Critical (00432)
 
Java applet blocked! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Critical (00433)
 
EXE file blocked! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Critical (00434)
 
ActiveX control blocked! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Critical (00435)
 
ICMP fragment! From <ip_addr1> to <ip_addr2>, proto 1 (zone <zone_name>, int <interface_name>). Occurred <number> times.

Critical (00436)

Large ICMP packet! From <ip_addr1> to <ip_addr2>, proto 1 (zone <zone_name>, int <interface_name>). Occurred <number> times.

Critical (00437)

SYN and FIN bits! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Critical (00438)

FIN but no ACK bit! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Critical (00439)

SYN-ACK-ACK Proxy DoS! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number> times.

Critical (00440)

Fragmented traffic! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.

Critical, Error, Warning, Notification, Information (00601)
 
<name_str> attack! From <src_ip>:<src_port> to <dst_ip>:<dst_port>, proto { TCP | UDP }, through policy <id_num>. Occurred <number> times.

Notification (00002)
 
<string> has been { enabled | disabled } on zone <name_str>

<string> has been set to <number> for zone <name_str>

Malicious URL <name_str> has been { added | deleted | modified } for zone <name_str>

{ Bypass-others-IPSec | Bypass non-IP traffic } option has been { enabled | disabled }

Logging of { dropped | IKE | SNMP | ICMP } traffic to self has been { enabled | disabled }

Logging of dropped traffic to self (excluding multicast) has been { enabled | disabled } on <zone> <name_str>

Notification (00767)

Attack <name_str> was { created | deleted }

Attack <name_str1> was changed to <name_str2>

Attack [ group ] <name_str1> was { added to | removed from } <name_str2>

Attack group <name_str> was { created | deleted }

Attack group <name_str1> was changed to <name_str2>


Auth
Warning (00518)

Authentication for user <usr_str> was denied (long username)

Authentication for user <usr_str> was denied (long password)

User <usr_str> at <ip_addr> has been rejected via the {RADIUS | SecurID | LDAP | Local } server at <ip_addr>

User <name_str> at <ip_addr> {RADIUS | SecurID | LDAP | Local } authentication attempt has timed out

User <name_str> at <ip_addr> has been challenged via the {RADIUS | SecurID | LDAP | Local } server at <ip_addr> (Rejected since challenge is not supported for Web)

User <name_str> at <ip_addr> has been challenged via the {RADIUS | SecurID | LDAP | Local } server at <ip_addr> (Rejected since challenge is not supported for FTP)

WebAuth user <name_str> at <ip_addr1> has been rejected/timed out via the {RADIUS | SecurID | LDAP | Local } server at <ip_addr2>

Local authentication for WebAuth user <usr_str> was denied 

Error in authentication for WebAuth user <usr_str>

Local authentication for user <usr_str> was denied

Warning (00519)

WebAuth user <name_str> at <ip_addr1> has been accepted via the {RADIUS | SecurID | LDAP | Local } server at <ip_addr2>

User <name_str> <grp_name> at <ip_addr> has been accepted via the {RADIUS | SecurID | LDAP | Local} server at <ip_addr>
 
Local authentication for WebAuth user <usr_str> was successful 
 
Local authentication for user <usr_str> was successful 

Warning (00520)

Trying primary server <serv_name>
 
Trying backup1 server <serv_name>
 
Trying backup2 server <serv_name>
 
Backup1 <serv_name>, backup2 <serv_name>, and primary <serv_name> servers failed

Backup2 <serv_name>, primary <serv_name>, and backup1 <serv_name> servers failed

Primary <serv_name>, backup1 <serv_name>, and backup2 <serv_name> servers failed

Notification (00015)

WebAuth is set to <serv_name>
 
Auth server <serv_name> server name has been unset

Auth server <serv_name> RADIUS secret has been unset

Auth server <serv_name> timeout has been unset to default <timeout>

Auth server <serv_name> RADIUS port has been unset to default <port_num>

Auth server <serv_name> type has been set to {RADIUS | SecurID | LDAP}

Auth server <serv_name1> server name has been set to <serv_name2>

Auth server <serv_name> RADIUS secret has been changed

Auth server <serv_name> SecurID server name has been set to <serv_name>

Auth server <serv_name> SecurID auth port has been set to <port_num>

Auth server <serv_name> SecurID use duress has been { enabled | disabled }

Auth server <serv_name> SecurID uses { DES | SDI } encryption 

Auth server <serv_name> SecurID timeout has been set to <number>

Auth server <serv_name> SecurID client retries has been set to <number>

Auth server <serv_name> SecurID backup1 server name has been set to <serv_name>

Auth server <serv_name> authentication timeout has been set to <number>

Auth server <serv_name> LDAP parameters have been set to server name: <ip_addr>, port: <port_num>, dn:<string>, cn:<string>

Auth server <serv_name> RADIUS port has been set to <port_num>

Auth server <serv_name> has been { created | modified }
 
Auth server <serv_name> type has been unset to default RADIUS

Auth server <serv_name> backup1 name has been unset

Auth server <serv_name> backup2 name has been unset

Auth server <serv_name> account type has been set to <account_type>
 
Auth server <serv_name> RADIUS retry timeout has been set to default of <number>

Auth server <serv_name> has been deleted
 
Auth server <serv_name> LDAP dn has been set to <string>
 
Auth server <serv_name> LDAP cn has been set to <string>
 
Auth server <serv_name> LDAP port number has been set to <port_num>
 
Auth server <serv_name1> backup1 server name has been set to <serv_name2>

Auth server <serv_name> backup2 server name has been set to <serv_name2>

Auth server <serv_name> id has been set to <id_num>

Default firewall authentication server has been changed to <serv_name>

Admin user <usr_str> attempted to verify the encrypted password <password>. Verification was successful.

Admin user <usr_str> attempted to verify the encrypted password <password>. Verification failed. 

Auth server <name_str> username separator character has been set to <string>, number of occurrences of separator character is <number>
 
Number of RADIUS retries for auth server <name_str> has been set to <number>

Auth server <name_str> fail-over revert interval has been set to <number> seconds.

Notification (00511)
 
FIPS: Attempt to set RADIUS shared secret with invalid length <number>

Notification (00525)

User <usr_str> at <ip_addr1> must enter “Next Code” for SecurID <ip_addr2>
 
User <usr_str> at <ip_addr1> must enter “New PIN” for SecurID <ip_addr2>
 
User <usr_str> at <ip_addr1> must make a  “New PIN”  choice for SecurID <ip_addr2>
 
User <usr_str> at <ip_addr1> has selected a system-generated PIN for authentication with SecurID <ip_addr2>

The new PIN for user <usr_str> at <ip_addr1> has been { accepted | rejected }  by SecurID <ip_addr2>.

Notification (00544)
 
Access for firewall user <usr_str> at <ip_addr> (accepted at <time> for duration <number> via the <serv_name> auth server) by policy id <pol_num> is now over

Access for firewall user <usr_str> at <ip_addr> (accepted at <time> for duration <number>) by policy id <pol_num> is now over
 
Access for WebAuth firewall user <usr_str> at <ip_addr> (accepted at <time> for duration <number> via the <serv_name> auth server) is now over

Access for WebAuth firewall user <usr_str> at <ip_addr> (accepted at <time> for duration <number>) is now over

Notification (00546)
 
User <usr_str> <grp_name> at <ip_addr> has been challenged by the { RADIUS | SecurID | LDAP | 
Local } server at <ip_addr>

Notification (00767)
 
The dictionary file version of the RADIUS server <string> does not match <string>
 
The device cannot send data to the SecurID server
 
User <usr_str> belongs to a different group in the RADIUS server than one allowed in the device
 
The device cannot contact the SecurID server

Cannot get route to SecurID server <ip_addr>


BGP
Critical (00206)
 
The total number of redistributed routes into BGP in vrouter (<vrouter>) exceeded system limit (<number>)

The total number of redistributed routes into BGP in vrouter <vrouter> exceeded system limit <number>

Notification (00039)

(Un)set virtual router <vrouter> with the BGP protocol <command name>

(Un)set virtual router <vrouter> with the configuration command <command name>

<configuration command>

Information (00542)
 
BGP instance created for virtual router <vrouter>

BGP instance deleted for virtual router <vrouter_name>
 
BGP peer <peer_ip_addr> changed to Established state.
 
BGP peer <peer_ip_addr> changed to Idle state

<notification_error><error_string>

<error_string> invalid error code from notification

BGP peer <peer_ip_addr> {created | removed}.
 
BGP peer <peer_ip_addr> enabled.

BGP peer <peer_ip_addr> disabled.
 
BGP of vr: <vrouter>, prefix adding: <ip_addr>/<number>, ribin overflow <overflow_count> times (max rib-in <ribin_count>)

BGP of vr: <vrouter>, failed to add prefix <ip_addr>/<mask> to FDB
 
BGP of vrouter: <vrouter>, failed to add prefix <ip_addr>/<mask> to FDB
 
BGP of vr: <vrouter>, closing the socket: exceeded maximum number of bgp peers allowed (number)

BGP of vr: <vrouter>, Route <ip_addr>/<mask> ignored, Path Attr len: <number> (greater than max. <number>)
 
BGP of vr: <vrouter>, Router <ip_addr>/<mask> ignored, Path Attr len: <number> (greater than max. <number>)


Device
Alert (00767)

Fatal error. The NetScreen device was unable to upgrade the file system, and the old file system is damaged.
 
Fatal error. The NetScreen device was unable to upgrade the loader, and the loader is damaged.

Critical (00020)

System memory is low (<number1> bytes allocated out of total <number2> bytes).

Critical (00022)
 
The NetScreen device was unable to upgrade the file system due to an internal conflict.
 
The NetScreen device was unable to upgrade the file system, but the old file system is intact.
 
The Netscreen device was unable to upgrade due to an internal conflict.

The NetScreen device was unable to upgrade the loader, but the loader is intact.

The { primary | secondary } power supply is now functioning properly.

The { primary | secondary } power supply is not functioning properly.

All power supplies are now functioning properly.
 
At least one power supply is not functioning properly.
 
All fans are now functioning properly.
 
At least one fan is not functioning properly.
 
Battery is now functioning properly.
 
Battery is not functioning properly.
 
System’s temperature: (<number1> Centigrade, <number2> Fahrenheit) is severely high!

System temperature (<number1> Centigrade, <number2> Fahrenheit) is too high!
 
System's temperature (<number1> Centigrade, <number2> Fahrenheit) is OK now.

Critical (00034)
 
Ethernet driver ran out of rx bd (port <number>)

Notification (00002)

LCD control keys have been locked.
 
LCD display has been turned off and the LCD control keys have been locked.

LCD display has been turned on.

LCD display has been turned on and the LCD control keys have been unlocked.

Notification (00022)
 
The NetScreen device file system upgrade operation was successful.

The NetScreen device file system is already upgraded.
 
The NetScreen device was unable to complete the upgrade of the file system.

The NetScreen device loader upgrade operation was successful.

The NetScreen device loader is already upgraded.

The NetScreen device was unable to complete the upgrade of the loader.

Notification (00545)
 
Modem <name_str> is connected. Phone number: <phone_number>, Account name: <name_str>, Status <string>
 
Modem <name_str> has been disconnected.

Failed to initialize modem <name_str>, <modem_token_str>

Modem <name_str> failed to dial <phone_number>, <modem_token_str>


DHCP
Alert (00029)
 
IP pool of DHCP server on interface <interface> is full. Unable to { commit | offer } IP address to client at <mac_addr>

Critical (00029)
 
DHCP server set to OFF on <interface> (another server found on <ip_addr>).

Warning (00527)

IP pool of DHCP server on interface <interface> is more than 90% allocated.

Notification (00009)
 
DHCP client has been { enabled | disabled } on interface <interface>

Notification (00024)
 
DHCP server shared IP has been { enabled | disabled }
 
DHCP server has been { enabled | disabled }

DHCP server options have been been { changed | removed }

DHCP server IP address pool has changed.

DHCP relay agent settings on <interface> have been { set | unset }

Notification (00027)
 
DHCP client server-update has been { enabled | disabled }
 
DHCP client auto-config has been { enabled | disabled }

DHCP client lease time has been set to default value.
 
DHCP client lease time has been set to <number> minutes.
 
DHCP client server IP address has been reset.
 
DHCP client server IP address has been set to <ip_addr>

DHCP client vendor identifier has been reset.

DHCP client vendor identifier has been set to "<string>"

Information (00527)

IP address <ip_addr> has been assigned to <mac_addr>
 
IP address <ip_addr> has been released from <mac_addr>

DHCP server has assigned or released an IP address.

One or more IP addresses have expired.

MAC address <mac_addr> has declined address <ip_addr>

DHCP server has released an IP address.

DHCP server on interface <interface> received DHCPDISCOVER from <mac_addr> requesting out-of-scope IP address <ip_addr>/<mask>

Information (00530)

DHCP client is unable to get IP address for interface <interface>

DHCP client lease for <ip_addr> has expired.

DHCP server <ip_addr> has assigned interface <interface> with IP address <ip_addr> (lease time <number> minutes).

An IP address conflict has been detected and the DHCP client has declined address <ip_addr>
 
DHCP client IP address <ip_addr> for interface <interface> has been manually released.

DHCP client on interface <interface> was offered IP <ip_addr>/<mask> Did not proceed with DHCPREQUEST. Reason -- <string>

Information (00767)

System auto-config of file <filename> from TFTP server <ip_addr> has been loaded successfully.

System auto-config of file <filename> from TFTP server <ip_addr> has failed.


DIP
Notification (00021)

DIP IP pool <ip_addr1>-<ip_addr2> has been { added | modified | deleted }

DIP IP pool <id_num1> was removed from DIP group <id_num2> from { console | telnet | web }

DIP group <id_num> was removed

DIP group <id_num> was created

DIP pool <id_num1> was added into DIP group <id_num2>

DIP port-translation stickiness was [ enabled | disabled ]


DNS
Critical (00021)
 
DNS server is not configured.

Connection refused by the DNS server.

Unknown DNS error.

Notification (00004)
 
{ Primary | Secondary } DNS server IP has been changed.
 
DNS cache table has been cleared.
 
DNS cache table entries have been refreshed as result of external event.
 
Daily DNS lookup has been disabled.
 
DNS Proxy module has been { enabled | disabled }.

DNS Proxy module has more concurrent client requests than allowed.

DNS Proxy server select table entries exceeded maximum limit.
 
Proxy server select table added with domain <dom_name>, interface <interface>, primary-ip <ip_addr1>, secondary-ip <ip_addr2>, tertiary-ip <ip_addr3>, failover { enabled | disabled }

DNS Proxy server select table entry deleted with domain <dom_name>
 
Daily DNS lookup time has been changed to start at <hour>:<minutes> with an interval of <number> hours.

Notification (00029)
 
DNS has been refreshed.

Notification (00059)

DDNS module is { disabled | enabled }.
 
DDNS entry with id <id_num> is deleted.

DDNS module is { initialized | shut down }.

DDNS entry with id <id_num> is configured with server type "<string1>" name "<name_str>" refresh-interval <number1> hours minimum update interval <number2> minutes with { secure | clear-text } secure connection.

DDNS entry with id <id_num> is configured with user name "<name_str1>" agent "<name_str2>"

DDNS entry with id <id_num> is configured with interface "<interface>" host-name "<name_str>"

Hostname of DDNS entry with id <id_num> is cleared.

Source interface of DDNS entry with id <id_num> is cleared.

Agent of DDNS entry with id <id_num> is reset to its default value.
 
Username and password of DDNS entry with id <id_num> are cleared.

Updates for DDNS entry with id <id_num> are set to be sent in secure (https) mode.

Refresh interval of DDNS entry with id <id_num> is set to default value (168 hours).
 
Minimum update interval of DDNS entry with id <id_num> is set to default value (60 min)
 
Server of DDNS entry with id <id_num> is cleared.
 
No-Change response received for DDNS entry update for id <id_num> user "<name_str1>" domain "<dom_name>" server type "{ ddo | dyndns }", server name "<name_str2>"

Error response received for DDNS entry update for id <id_num> user "<name_str1>" domain "<dom_name>" server type "{ ddo | dyndns }", server name "<name_str2>"

DDNS server <name_str> returned incorrect ip <ip_addr1>, local-ip should be <ip_addr2>

Information (00004)

DNS entries have been { manually | automatically } refreshed.
 
DNS entries have been refreshed by HA.

DNS entries have been refreshed as a result of DNS server address change.


Entitlement
Alert (00027)
 
License key <key_num> is due to expire in a month.

License key <key_num> has expired.

License key <key_num> is due to expire in 2 months.

License key <key_num> is due to expire in 2 weeks.

License key <key_num> expired after 30-day grace period.

Request to retrieve license key failed to reach server by <string>. Server url: <url_str>

Notification (00036)

<number> license keys were updated successfully by <string>

Received identical license key by <string>
 
No license key is available for retrieval by <string>


Flow
Notification (00002)

Transparent virtual wire mode has been { enabled | disabled }

Notification (00047)
 
High watermark for early aging has been changed to the default (<number>).
 
Low watermark for early aging has been changed to the default (<number>).

The aggressive ageout value has been changed to the default (<number>).

High watermark for early aging has been changed from <number1> to <number2>

Low watermark for early aging has been changed from <number1> to <number2>
 
Aggressive ageout value has been changed from <number1> to <number2>


High Availability
Critical (00015)
 
The NSRP configuration is out of synchronization between the local device and the peer device.

NSRP: <ha_link_state>

NSRP link channel <channel_name>changed to link channel <new channel>

RTO mirror group <group_ip> with direction <direction> on peer device <device_id> changed from <old_state> to <new_state> state.

RTO mirror group <group_ip> with direction <direction> changed on the local device from <old state> to up state, it had peer device <device_id>

RTO mirror group <group_ip> with direction <direction> on local device <device_id>, detected a duplicate direction on the peer device <device_id>

Peer device <device_id> { disappeared | was discovered }.

The { local | peer } device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to <new_state>

NSRP: nsrp control channel change to <interf_name>

Critical (00070)

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Init

Critical (00071)
 
The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Master

Critical (00072)

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Primary Backup

Critical (00073)

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Backup

Critical (00074)

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Ineligible

Critical (00075)
 
The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Inoperable

Critical (00076)

The local device <device_id> in the Virtual Security Device group <vsd_group_id> sent a 2nd path request to the peer device <device_id>

Critical (00077)
 
The local device <device_id> in the Virtual Security Device group <vsd_group_id> received a 2nd path request from peer device <device_id> to device <device_id>

Notification (00007)

The HA channel changed to interface <interface>

NSRP cluster encryption password changed.
 
NSRP cluster authentication password changed.

< _type_name> was dropped because it contained an invalid encryption password.

Virtual Security Device group <vsd_group_id> changed to { preempt | non-preempt } mode.

The heartbeat interval of all Virtual Security Device groups changed from <number> (milliseconds) to <number> (milliseconds).

Device <device_id> { has joined | quit current } NSRP cluster <cluster_id> 

Virtual Security Device group <vsd_group_id> was deleted. The total number of members in the group was <number>
 
Virtual Security Device group <vsd_group_id> was created. The total number of members in the group is <number>

Virtual Security Device group <vsd_group_id> priority changed from <old_priority> to <new_priority>
 
The secondary HA path of the devices changed from <path1> to <path2>

The secondary HA path of the devices was set to interface <interface_name> with ifnum <interface_number>

The interface <interface_name> with ifnum <interface_number> was removed from the secondary HA path of the devices.
 
The probe that detects the status of High Availability link <link_name> was disabled

The interval of the probe detecting the status of High Availability link <link_name> was set to <number> seconds.
 
The threshold of the probe detecting the status of High Availability link <link_name> was set to <threshold_value>
 
A request by device <device_id> for session synchronization(s) was accepted.

The current session synchronization by device <device_id> completed.
 
Run Time Object mirror group <mirror_group_id> direction was set to <direction>
 
Run Time Object mirror group <mirror_group_id> was set.
 
Run Time Object mirror group <mirror_group_id> with direction <direction> was unset.
 
RTO mirror group <mirror_group_id> was unset.

Interface <interface_name> was removed from the monitoring list <monitoring_list_name>
 
Interface <interface_name> with weight <weight_value> was added to or updated on the monitoring list <monitoring_list_name>
 
Zone <zone_name> was removed from the monitoring list <monitoring_list_name>

Zone <zone_name> with weight <weight_value> was added to or updated on the monitoring list <monitoring_list_name>

The monitoring threshold was modified to <threshold_value> on <monitoring_list_name>

The NSRP encryption key was changed.

NSRP data forwarding was {enabled | disabled}.

NSRP black hole prevention enabled. Master(s) of Virtual Security Device groups always exists.
 
NSRP black hole prevention disabled. Master(s) of Virtual Security Device groups may not exist.
 
NSRP Run Time Object synchronization between devices was {enabled | disabled}
 
NSRP transparent Active-Active mode was enabled. 

NSRP transparent Active-Active mode was disabled.
 
NSRP: nsrp link probe enable on <interf_name>

Information (00767)
 
HA: Synchronization file(s) { <filename> | all } sent to backup device in cluster.

Critical (00062)
 
Track IP IP address <IP_address> {failed | succeeded}.
 
Track IP failure reaches threshold.
 
Device cannot create Track IP object list.
 
Device cannot create Track IP list.
 
No interface/route enables the Track IP IP address <IP_address> to be transmitted.
 
Track IP IP address <IP_address> added with an interval of <seconds> seconds, a threshold of <threshold>, a weight of <weight> on interface <interface_name> using method <method_name>

Notification (00050)
 
Track IP IP address <IP_address> removed.
 
Track IP <ip_address> interval changed from <seconds1> to <seconds2>
 
Track IP <ip_address> threshold value changed from <threshold1> to <threshold2>
 
Track IP <ip_address> weight changed from <weight1> to <weight2>
 
Track IP <ip_address> interface changed from <interface_number1> to <interface_number2>
 
Track IP <ip_address> method changed from method name <method_name1> to <method_name2>
 
Track_IP <ip_address> gateway was changed from { the interface default gateway | gateway IP address <gateway1_IP_address> } to {<gateway2_IP_address> | the interface default gateway } 
 
Track IP default gateway updated.
 
Track IP default gateway { enabled | disabled }.
 
Track ip failed because it exceeded the threshold set to <number>.
 
Track IP threshold disabled.
 
Track IP object <track_ip_object_name> failed because the Track IP weight value <number> was exceeded.
 
Track IP object <track_ip_object_name> failed because the Track IP default weight value was exceeded.


HDLC
Notification (00539)
 
Dialup HDLC PPP failed to establish a session. No IP address assigned.
 
Dialup HDLC PPP session has been successfully established.
 
Dialup HDLC PPP failed to establish a session: <string>.


IGMP
Notification (00055)

IGMP host instance was { created | deleted } on interface <interface>.
 
IGMP router instance was { created | deleted } on interface <interface>.
 
IGMP function was { enabled | disabled } on interface <interface>.
 
IGMP will not do same subnet check on interface <interface>.
 
IGMP will do same subnet check on interface <interface>.
 
IGMP will not do router alert IP option check on interface <interface>.
 
IGMP will do router alert IP option check on interface <interface>.
 
IGMP version was changed to <number> on interface <interface>
 
IGMP query interval was changed to <number> seconds on interface <interface>
 
IGMP query max response time was changed to <number> seconds on interface <interface>.
 
IGMP leave interval was changed to <number> seconds on interface <interface>.
 
IGMP last member query interval was changed to <number> seconds on interface <interface>.
 
IGMP routers accept list ID was changed to <id_num> on interface <interface>.
 
IGMP hosts accept list ID was changed to <id_num> on interface <interface>.
 
IGMP groups accept list ID was changed to <id_num> on interface <interface>.
 
IGMP group <mcast_addr> static flag was removed on interface <interface>.
 
IGMP all groups static flag was removed on interface <interface>.
 
IGMP static group <mcast_addr> was added on interface <interface>
 
IGMP group <mcast_addr> static flag was added on interface <interface>
 
IGMP proxy was { enabled | disabled } on interface <interface>.
 
IGMP proxy always is disabled on interface <interface>.
 
IGMP proxy always is enabled on interface <interface>.


IKE
Alert (00026)
 
IKE <ip_addr>: Policy Manager's default CA is used by peer to establish an IPSec VPN.
 
IPSec tunnel on int <interface> with tunnel ID <id_num> received a packet with a bad SPI. <src_ip_addr>-><dst_ip_addr>/<pckt_len>, { ESP | AH }, SPI <number1>, SEQ <number2>

Critical (00042)

Replay packet detected on IPSec tunnel on <interface> with tunnel ID <number>! From <src_ip_addr> to <dst_ip_addr>/<pckt_len>, { ESP | AH }, SPI <number1>, SEQ <number2>.

Notification (00017)
 
Gateway <name_str> at <ip_addr> in { Main | Aggressive } mode with ID <string> has been { added | modified | deleted }
 
P1 proposal <name_str> with { Preshared | RSA-sig | DSA-sig }, DH group { 0 | 1 | 2 | 5 }, ESP { NULL | DES | 3DES | AES128 | AES192 | AES256 }, auth { NULL | MD5 | SHA-1 }, and lifetime <number> has been { added | modified | deleted }.
 
P2 proposal <name_str> with DH group { 0 | 1 | 2 | 5 }, { AH | ESP }, enc { NULL | DES | 3DES | AES128 | AES192 | AES256 }, auth { NULL | MD5 | SHA-1 }, and lifetime (<number> sec/<number> KB) has been { added | modified | deleted }.

Information (00536)
 
IKE <ip_addr1> >> <ip_addr2> Phase 1: Initiated negotiations in { Aggressive | Main } mode.
 
IKE <ip_addr> Phase 1: Responder starts { Main | Aggressive } mode negotiations.
 
IKE <ip_addr>: The initial contact task is already in the task list. 
 
IKE <ip_addr> Phase 1: Completed { Aggressive | Main } mode negotiations with a <number>-second lifetime.
 
IKE <ip_addr> Phase 1: Completed for user <name_str>.
 
IKE <ip_addr> Phase 1: Discarded a second initial packet, which arrived within 5 seconds after the first.
 
IKE <ip_addr> Phase 1: Discarded peer’s P1 request because there are currently <number1> sessions--max is <number2>.
 
IKE <ip_addr> Phase 2: Initiated negotiations.
 
IKE <ip_addr> Phase 2 msg ID <id_num>: Responded to the peer’s first   [ from user <name_str> ].
 
IKE <ip_addr>: Added the initial contact task to the task list.
 
IKE <ip_addr>: Phase 2 negotiation request is already in the task list. 
 
IKE <ip_addr>: Added Phase 2 session tasks to the task list. 
 
IKE <ip_addr> Phase 2 msg ID <number>: Completed negotiations with SPI <number1>, tunnel ID <number2>, and lifetime <number3> sec/<number> KB.
 
IKE <ip_addr> Phase 2 msg ID <number>: Completed for user <name_str>.
 
IKE <ip_addr>: Received a TRNXTN_XCHG packet with payload type <number>.
 
Received an IKE packet on <interface> from <ip_addr1:port_num1> to <ip_addr2:port_num2>. Cookies: <string1>, <string2>.
 
Rejected an IKE packet on <interface> from <src_ip_addr>:<src_port> to <dst_ip_addr>:<dst_port>, with cookies <string1> and <string2> because <reason>
where the  <reason>  that the NetScreen device rejected the IKE packet is one of the following:
 
IKE: User <name_str> with ID <number> requested a connection.
 
IKE <ip_addr> Phase 1: { Aggressive | Main } mode negotiations have failed.
 
IKE <ip_addr> Phase 1: Negotiations have failed for user <name_str>.
 
IKE <ip_addr> Phase { 1 | 2 }: Rejected proposals from peer. Negotiations failed.
 
IKE <ip_addr> Phase 1: Cannot use a preshared key because the peer gateway <ip_addr> has a dynamic IP address and negotiations are in Main mode.
 
IKE <ip_addr> Phase 1: Retransmission limit has been reached.
 
IKE <ip_addr> Phase { 1 | 2 }: Aborted negotiations because the time limit has elapsed. { (<p1_state_mask/p1_state>) | (<p1_state_mask/p1_state>, session ID <id_num>) }
 
IKE <ip_addr>: Phase 1 SA (my cookie: <number>) was removed due to a simultaneous rekey.
 
IKE <ip_addr> Phase 2 msg ID <number>: Negotiations have failed.
 
IKE <ip_addr> Phase 2 msg ID <number>: Negotiations have failed for user <name_str>.
 
IKE <ip_addr> Phase 2: Received DH group <number1> instead of expected group <number2> for PFS.
 
IKE <ip_addr>: Dropped packet because remote gateway <name_str> is not used in any VPN tunnel configurations.
 
IKE <ip_addr>: Received incorrect ID payload: ID type mismatch.
 
IKE <ip_addr>: Received incorrect ID payload: (IP address <ip_addr1> | FQDN <string1> | UFQDN <string2> | ASN1_DN <string3>), expecting (IP address <ip_addr2> | FQDN <string4> | UFQDN <string5> | ASN1_DN <string6>).
 
IKE <ip_addr> Phase 1: Cert received has a different { IP address | FQDN | UFQDN } SubAltName than expected.
 
IKE <ip_addr> Phase 1: Cert received has a subject name that does not match the ID payload.
 
IKE <ip_addr>: Sent initial contact notification to peer to use a new SA.
 
IKE <ip_addr>: Sent an initial contact notification   because of a bad SPI. 
 
IKE <ip_addr>: Received a notification   for DOI <doi_number> <type_value> <msg_text>.
 
IKE <ip_addr> Phase 2 msg ID <number1>: Received responder lifetime notification. (<number2> sec/<number> KB)
 
IKE <ip_addr>: Received initial contact notification and removed Phase { 1 | 2 } SAs.
 
IKE <ip_addr>: Removed Phase 2 SAs after receiving a notification.
 
IKE <ip_addr> Phase 1: IKE { initiator | responder } has detected NAT in front of the { local | remote } device.
 
IKE <ip_addr>: Dropped a packet from the peer because no policy permits it.
 
IKE <ip_addr> Phase 2: Received a   but did not check a policy because id-mode was set to IP or policy-checking was disabled.
 
IKE <ip_addr> Phase 2: Negotiations have failed. Policy-checking has been disabled but multiple VPN policies to the peer exist.
 
IKE <ip_addr> Phase 2: No policy exists for the proxy ID received: local ID (<ip_addr>/<mask>, <protocol>, <port_num>) remote ID (<ip_addr>/<mask>, <protocol>, <port_num>).
 
IKE <ip_addr> Phase 1: Received an invalid RSA signature.
 
IKE <ip_addr> Phase 1: No private key exists to sign packets.
 
IKE <ip_addr> Phase 1: Received an incorrect public key authentication method.
 
IKE <ip_addr> Phase 1: Cannot verify { RSA | DSA } signature.
 
IKE <ip_addr>: Missing heartbeats have exceeded the threshold. All Phase 1 and 2 SAs have been removed.
 
IKE <ip_addr>: Heartbeats have been lost <number> times. 
 
IKE <ip_addr>: Changed heartbeat interval to <number>.
 
IKE <ip_addr>: Heartbeats have been disabled because the peer is not sending them.
 
IKE gateway <name_str> has been enabled. The peer address <hostname[.dom_name]> has been resolved to <ip_addr>.
 
IKE gateway <name_str> has been disabled. The peer address< hostname[.dom_name]> cannot be resolved to an IP address.
 
IKE gateway< name> has been disabled because the peer IP address <ip_addr> is already in use by another IKE gateway on interface <interface>.
 
IKE <ip_addr>: XAuth login { was passed | was aborted | failed } for gateway <name_str>, username <name_str>, retry: <number> [ timeout <number>]
 
IKE <ip_addr1>: XAuth login expired and was terminated for username <name_str> at <ip_addr2>.
 
IKE <ip_addr1>: XAuth login was refreshed for username <name_str> at <ip_addr2>.
 
IKE <ip_addr1>: XAuth login was terminated because the user logged in again. Previous gateway: <ip_addr3>. Username: <name_str> at <ip_addr2>.
 
IKE <ip_addr>: New SA for VPN ID <tun_id_num1> is up. In policy ID <pol_id_num>, switch to VPN ID <tun_id_num2>
 
 IKE <ip_addr>: An SA for VPN ID <tun_id_num1> with a higher weight replaced the SA for VPN ID <tun_id_num2> in policy ID <pol_id_num>


Interface
Critical (00090)

Failover to secondary untrust interface occurred.
 
Recovery to primary untrust interface occurred.

Notification (00009)

Interface <interface> IP address { cannot | can } be used to manage the NetScreen device.
 
Interface <interface> holddown time interval has been set to <number>
 
Interface <interface> has been { added to | removed from } redundant interface <interface>
 
Interface <interface> has been { added to | removed from } aggregate interface <interface>
 
Interface <interface> has been { added to | removed from} shared interface <interface>
 
Interface <interface> IP has been changed from <ip_addr1> to <ip_addr2>
 
Interface <interface> netmask has been changed from <mask1> to <mask2>
 
Interface <interface> gateway IP has been changed from <ip_addr1> to <ip_addr2>
 
Interface <interface> operational mode has been changed to [ NAT | Route ]
 
Interface <interface> management IP has been changed from <ip_addr> to <ip_addr>
 
{ Global-PRO | Ident-reset | Ping | SCS | SNMP | SSL | Telnet | Web } has been { enabled | disabled } on interface <interface>
 
Interface <interface> in [ <vsys> | root ] with IP <ip_addr> mask <mask> tag <id_num> was created.
 
Interface <interface> in [ <vsys> | root ] with IP <ip_addr> mask <mask> was created.
 
Interface <interface> in [ <vsys> | root ] was removed.
 
Interface <interface> was unbound from zone <zone>
 
Interface <interface> was bound to zone <zone>
 
Maximum bandwidth <number1> kbps on interface <interface> is less than total guaranteed bandwidth <number2> kbps.
 
Interface <interface> bandwidth has been changed to <number> kbps.
 
Interface <interface> 802.1Q tag has been removed
 
interface <interface> 802.1Q tag has been changed to <number> 
 
Interface <interface> 802.1Q VLAN trunking has been turned { ON | OFF }
 
802.1Q VLAN tag <number> has been { created | removed }.
 
Interface <interface> has been changed from local to VSI.
 
Interface <interface> has been changed from VSI to local.
 
Route between secondary IP addresses on interface <interface> has been { disabled | enabled }.
 
Secondary IP address <ip_addr>/<mask> has been { added to | deleted from } interface <interface>
 
Interface <interface> MTU has been changed to <number>

Notification (00513)
 
The physical state of interface <interface> has changed to [ up | down ]L2TP

Alert (00043)

rcv StopCCN_msg, remove l2tp tunnel (<ip_addr1 - <ip_addr2>), Result code <id_num> (<string>)

Alert (00044)

rcv StopCCN_msg, remove l2tp tunnel (<ip_addr1 - <ip_addr2>), Result code <number> (<string>), Error code <id_num> (<string>)

Alert (00045)

rcv CDN_msg, remove l2tp call, id = <number>, user = <usr_str>, assigned ip = <ip_addr>, Result code <number> (<string>)

Alert (00046)

rcv CDN_msg, remove l2tp call, id = <number>, user = <usr_str>, assigned ip = <ip_addr>, Result code <number> (<string>), Error code <id_num> (<string>)

Notification (00017)
 
L2TP ippool is unset to default.
 
L2TP { primary | secondary } { DNS | WINS } server is unset to default.
 
L2TP RADIUS server is unset to default.
 
L2TP RADIUS secret is unset to default.
 
L2TP RADIUS port changed to <port_num>
 
L2TP default ippool changed from “<name_str1>” to “<name_str2>”
 
L2TP default { primary | secondary } { DNS | WINS } server changed from <ip_addr1> to <ip_addr2>
 
L2TP default auth type changed to <string>
 
L2TP default PPP auth type changed to { PAP | CHAP | ALL }.
 
L2TP default RADIUS server changed to <serv_name>
 
L2TP default RADIUS secret changed to “<secret>”
 
L2TP default RADUIS port changed to <port_num>
 
L2TP “<name_str>”, all-L2TP-users secret “<secret>” keepalive <number> has been { modified | added }
 
L2TP “<name_str>”, { <user_name> | <grp_name> } ID <id_num> secret “<secret>” keepalive <number> has been { modified | added }

Information (00536)
 
L2TP tunnel <name_str> created between <ip_addr1>:<port_num1> and <ip_addr1>:<port_num2>
 
Incorrect L2TP secret in tunnel auth for L2TP (<ip_addr>).
 
L2TP (<ip_addr1>/<port_num1> - <ip_addr2>/<port_num2>), user authentication passed. IP address <ip_addr3> assigned to user.
 
L2TP at <ip_addr> PPP failed, error ID <id_num>
 
Retry time-out interval expired. L2TP call (peer at <ip_addr1>, local at <ip_addr2>) removed, tunnel ID <id_num1>, call ID <id_num2>
 
Retry time-out interval expired. L2TP tunnel removed (peer at <ip_addr1>, local at <ip_addr2>), tunnel ID <id_num>

Logging
Critical (00020)
 
System memory is low (<number1> allocated out of <number2> ) <number3> times in 1 minute

Critical (00024)

{Traffic log | Alarm log | Event log | Self log | Asset Recovery log } has overflowed

Critical (00030)

System CPU utilization is high (<number1> > alarm threshold: <number2>) <number3> times in 1 minute

Warning (00002)
 
Cannot connect to e-mail server <serv_name>.
 
Mail server is not configured.

Mail recipients were not configured.
 
Unexpected error from e-mail server (state=<id_num>): <string>

Notification (00002)

E-mail notification has been { enabled | disabled }.
 
Mail server { IP address | domain name } has been changed.
 
E-mail address { 1 | 2 } has been changed.
 
Inclusion of traffic logs with e-mail notification of event alarms has been { enabled | disabled }.

Notification (00019) 

VPN management tunnel has been enabled.

Notification (00022)
 
VPN management tunnel has been disabled.

Notification (00767)
 
All logged events or alarms were cleared by admin <name_str>.
 
Log setting was modified to { enable | disable } <level> level by admin <name>
 
{ Alarm | Traffic | Event | Asset-recovery | Self | System } log was reviewed by admin <name>.
 
Log buffer was full and remaining  s were sent to external destination. <number> packets were dropped. 
 
All {self logs | traffic logs } were cleared by admin <name>.

Information (00534)

{ Traffic log | Event log } has been cleared


MIP
Notification (00021)
 
Mapped IP <ip_addr1> - <ip_addr2> has been { added | modified | deleted }


Multicast
Alert (00601)
 
Error in initializing multicast.
 
Failure in initializing Multicast route task.
 
Failure in initializing Multicast data handler task
 
Failure in shutting down Multicast route task.
 
Failure in registering for multicast data packet.
 
System wide multicast cachemiss node limit reached, not added from last exceed - <number>.

Critical (00601)

System wide multicast route limit exceeded, mroute add failed
 
System wide multicast route limit reached, routes not added from last exceed - <number>.
 
<vrouter>: virtual router multicast route limit exceeded, mroute add failed.
 
<vrouter>: virtual router multicast route maximum routes not added from last exceed - <number>
 
Failure adding output interface to multicast route list due to exceed system max. Total exceed - <number>

Notification (00056)

Remove multicast policy from <src-zone> <mcast_addr> to <dst-zone> <mcast_addr> 
 
Add multicast policy from <src-zone> <mcast_addr> to <dst-zone> <mcast_addr>

Notification (00057)

<vrouter>: static multicast route src=<ip_addr>, grp=<mcast_addr> input ifp = <interface1> output ifp = <interface2> added
 
<vrouter>: static multicast route src=<ip_addr>, grp=<mcast_addr> ifp = <interface> deleted.
 
<vrouter>: maximum multicast routes limit removed.
 
<vrouter>: maximum multicast routes limit configured to <number>.
 
<vrouter>: multicast negative cache routes feature { configured | removed }.
 
<vrouter>: multicast negative cache routes timer configured to <number> seconds.
 
<vrouter>: multicast negative cache routes timer configured to default


NSM
Notification (00033)
 
NSM has been { enabled | disabled }.
 
User-defined service <svc_name> has been { added to | removed from } protocol distribution.
 
Reporting of protocol distribution table to NSM has been { enabled | disabled }.
 
Reporting of ethernet statistics table to NSM has been { enabled | disabled }.
 
Reporting of attack statistics table to NSM has been { enabled | disabled }.
 
Reporting of flow statistics table to NSM has been { enabled | disabled }.
 
Reporting of policy table to NSM has been { enabled | disabled }.
 
Reporting of traffic alarms to NSM has been { enabled | disabled }.
 
Reporting of attack alarms to NSM has been { enabled | disabled }.
 
Reporting of miscellaneous alarms to NSM has been { enabled | disabled }.
 
Reporting of configuration logs to NSM has been { enabled | disabled }.
 
Reporting of information logs to NSM has been { enabled | disabled }.
 
Reporting of self management logs to NSM has been { enabled | disabled }.
 
Reporting of traffic logs to NSM has been { enabled | disabled }.
 
Reporting of deep inspection alarms to NSM has been { enabled | disabled }.
 
NSM device ID was { set to <string> | unset }.
 
NSM one-time-password was { set | unset }.
 
NSM installer name [ (<string>) ] and password were { set | unset }.
 
NSM { primary | secondary } server with name <serv_name> was set: addr <ip_addr>, port <port_num>
 
NSM { primary | secondary } server with name <serv_name> was unset.
 
NSM keys were deleted.

Information (00538)

NSM: Connection to NSM server at <ip_addr> is down
 
NSM: Connected to NSM server at <ip_addr> (<number> connect attempt(s))
 
NSM: Cannot connect to NSM server at <ip_addr>. Reason: <string> (<number> connect attempt(s))
 
NSM: Sent <number>  


NSRD
Error (00551)

Error <id_num> occurred during configlet file processing.

Warning (00551)
 
Error <id_num> occurred, causing failure to establish secure management with Management System.
 
Configlet file authentication failed.
 
Configlet file decryption failed.

Information (00551)

Secure management established successfully with remote server.
 
Rapid Deployment cannot start because gateway has undergone configuration changes.


NTP
Notification (00531)

Administrator <admin_name> changed the Network Time Protocol maximum adjustment value from <number> to <number> seconds 
 
Administrator <admin_name> changed the Network Time Protocol authentication mode <mode> 
 
Network Time Protocol settings changed.
 
Network Time Protocol adjustment of <numbert> ms from NTP server <server_name> exceeds the allowed adjustment of <number1> ms. 

An error occurred in setting the system clock.
 
The NetScreen device is attempting to contact the primary NTP server <server_name>
 
The NetScreen device is attempting to contact the primary backup NTP server <server_name>
 
The NetScreen device is attempting to contact the secondary backup NTP server <server_name>
 
Authentication failed for Network Time Protocol server <server_type> <server_name> because <failure_reason>
 
NTP request cannot be sent. No key ID found for Network Time Protocol server <server_type> <server_name>
 
NTP request cannot be sent. No key found for server <server_type> <server_name>
 
<server_type> NTP server <server_name> could not be contacted.
 
No NTP server could be contacted.
 
An acceptable time could not be obtained from <server_type> NTP server <server_name>
 
No acceptable time could be obtained from any NTP server.
 
An administrator aborted the NTP time update.


OSPF
Critical (00206)
 
LSA flood in OSPF with router-id <router_id> on interface <interface> forced the interface to drop a packet.
 
OSPF instance with router-id <router_id> received a Hello packet flood from neighbor (IP address <ip_addr>, router ID <neighbor_router_id>) on interface <interface> forcing the interface to drop the packet.
 
Link State Advertisement Id <lsa_id>, router ID <router_ID>, type <type> cannot be deleted from the real-time database in area <area>
 
The total number of redistributed routes into OSPF in vrouter (<vrouter>) exceeded system limit (<number>)
 
Reject second OSPF neighbor (<neighbor_ip_addr>) on interface (<interface>) since it’s configured as point-to-point interface

Notification (00038)

{ Set | Unset } virtual router <virtual_router> with the OSPF protocol <command>
 
{ Set | Unset } virtual router <virtual_router> with the configuration command <command>

<configuration_command>

OSPF virtual routing instance in virtual router <virtual_router> {created | deleted}.

Information (00541)

Neighbor routerID - <neighbor_router_ID> IpAddress - <neighbor_router_ip_address> changed its state to state <state>
 
Link State Advertisement in Area -<area> with Id -<lsa_id> Router-Id <router_id> Type -<type> in OSPF aged out
 
The system killed OSPF neighbor because the current router could not see itself in hello packet. Neighbor changed state from <previous_state> to Init state, (neighbor router-id <neighbor_router_id>, ip-address <neighbor_ip_address>)
 
The system killed OSPF neighbor because of elapsed Hello time <hello_interval> sec (neighbor router-id <router_id>, ip-address <router_IP_address>)
 
Delaying killing OSPF neighbor <neighbor> by <seconds> seconds, last hello packet received time <time> ms and last processed hello packet occurring at <time> ms.
 
OSPF neighbor <neighbor> timeout, with last Hello packet received at time <time> ms, and last processed Hello packet occurring at time <time> ms current sys-up-sec <seconds> 
 
OSPF interface <interface> has become inactive, kill neighbor (IpAddress <ip_addr> RouterId <id>) on this interface
 
OSPF packet retransmit counter exceeeds limit, kill neighbor (IpAddress <ip_addr> RouterId <id>)


PIM
Alert (00602)

PIMSM Error in initializing interface state change
 
PIMSM Error in initializing interface delete handler
 
PIMSM Error in initializing vrouter delete handler
 
PIMSM Error in initializing zone delete handler
 
PIMSM Error in initializing IP change handler
 
PIMSM Error in initializing packet copy handler
 
PIMSM Error in initializing MCAST policy change handler
 
PIMSM Error in initializing drp vsi elect change handler
 
PIMSM Error in initializing nsrp state change handler.
 
PIMSM Error in initializing access-list change handler.

Notification (00058)

PIMSM protocol configured on interface <interface>
 
PIMSM protocol enabled on interface <interface>
 
PIMSM interface <interface>'s DR priority set to <number>
 
PIMSM interface <interface> Join-Prune Interval set to <number> seconds
 
PIMSM interface <interface>'s Hello Interval set to <number> seconds

PIMSM interface <interface> accept neighbors access list <id_num> configured

PIMSM interface <interface> configured as boot-strap border

PIMSM interface <interface> hello holdtime set to <number> seconds

PIMSM protocol unconfigured on interface <interface>

PIMSM protocol disabled on interface <interface>

PIMSM interface <interface> neighbor access list removed. 

PIMSM interface <interface> BSR border removed.
 
PIMSM protocol disabled in vrouter <vrouter>
 
Vrouter <vrouter> PIMSM SPT threshold set to <number> packets per second
 
Vrouter <vrouter> PIMSM source access list for multicast group <mcast_addr> removed
 
Vrouter <vrouter> PIMSM Rendezvous point access list for multicast group <mcast_addr> removed
 
Vrouter <vrouter> PIMSM multicast group access list removed
 
Vrouter <vrouter>: PIMSM RP <ip_addr> removed from zone <zone>
 
Vrouter <vrouter> PIMSM RP Candidate removed from zone <zone>
 
Vrouter <vrouter> PIMSM RP Proxy removed from zone <zone>  
PIMSM protocol enabled in vrouter <vrouter> 
 
Vrouter <vrouter>: PIMSM SPT threshold set to infinity
 
Vrouter <vrouter> PIMSM multicast group <mcast_addr> has been configured with source access list <id_num>
 
Vrouter <vrouter> PIMSM multicast group <mcast_addr> has been configured with RP access list <id_num>
 
Vrouter <vrouter> PIMSM multicast group access-list <id_num> has been configured 
 
Vrouter <vrouter> PIMSM zone <zone> configured as RP Proxy.
 
Vrouter <vrouter>: PIMSM RP address <ip_addr> configured for multicast group access list <id_num> in zone <zone> 

Vrouter <vrouter>: PIMSM RP candidate on interface <interface> configured for multicast group access list <id_num> in zone <zone> with priority <number> and holdtime <number> 

PIMSM protocol configured in vrouter <vrouter>
 
PIMSM protocol removed from vrouter <vrouter>

Notification (00555) 

Vrouter <vrouter> PIMSM cannot process non-multicast address <mcast_addr> 

PKI
Notification (00002)
 
PKI: The device failed to generate the certificate request file in PKCS #10 format.

Notification (00535)

PKI: Verified cert with subject name <name_str>
 
PKI: Unable to get issuer cert for cert with subject name <name_str>
 
PKI: Failed to obtain CRL for CA issuing cert with subject name <name_str>
 
PKI: Unable to decrypt signature of cert with subject name <name_str>
 
PKI: Unable to decrypt signature of CRL for cert with subject name <name_str>
 
PKI: Unable to decode issuer’s public key for cert with subject name <name_str>
 
PKI: Unable to authenticate cert with subject name <name_str>
 
PKI: CRL has bad signature for cert with subject name <name_str>
 
PKI: Cert is not yet valid (subject name <name_str>)
 
PKI: Cert has expired (subject name <name_str>)
 
PKI: CRL is not yet valid for cert with subject name <name_str>
 
PKI: CRL has expired for cert with subject name <name_str>
 
PKI: Format error in the { notBefore | notAfter } field of cert with subject name <name_str>
 
PKI: Format error in CRL { lastUpdate | nextUpdate } field for cert with subject name <name_str>
 
PKI: Out of memory. Cannot process cert with subject name <name_str>
 
PKI: Received a self-signed cert with subject name <name_str>
 
PKI: Received a self-signed cert in a certificate chain for cert with subject name <name_str>
 
PKI: Unable to get local issuer cert for cert with subject name <name_str>
 
PKI: Unable to verify first cert in a certificate chain (subject name <name_str>)
 
PKI: Certificate chain is too long for cert with subject name <name_str>
 
PKI: Cannot return to the original certificate chain. Cookies: (<id_num1>) (<id_num2>) (<id_num3>) (<id_num4>)
 
PKI: Internal configuration error. Cannot verify cert with subject name <name_str>
 
PKI: No revocation check, per config, for cert with subject name <name_str>
 
PKI: Cannot decrypt public key of cert with subject name <name_str>
 
PKI: Top cert of chain for peer’s cert was wrong. Config required <name_str>, but derived <name_str>.

PKI: CRL has expired. (CA <name_str>)
 
PKI: CRL will be refreshed as configured on the interupdate refresh setting. (CA <name_str>)
 
PKI: The CRL has a bad timestamp. (CA <name_str>)
 
PKI: Unable to verify the validity of cert with subject name <name_str>
 
PKI: An incoming certificate is broken.
 
PKI: Per config, accepted cert even though CRL has a bad signature. (subject name <name_str>)
 
PKI: CRL is not issued by the CA that signed the cert with subject name <name_str>
 
PKI: Invalid certificate (subject name <name_str>)
 
PKI: Certificate has been revoked (subject name <name_str>)
 
PKI: Per config, accepted cert even though revocation check was inconclusive (subject name <name_str>)
 
PKI: Cannot build certificate chain for cert with subject name <name_str>
 
PKI: Cannot load CRL for cert with subject name <name_str>
 
PKI: Cannot load item from flash. Reason: { erroneous input | insufficient memory | cannot read file | cannot decode | lost in RAM | reason unknown } , type: { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER PKI OBJECT}, DN: <name_str>
 
PKI: Loaded a flash file with PKI data in an earlier format (version 0).
 
PKI: Saved PKI objects to flash.
 
PKI: PKI storage file is empty.
 
PKI item in flash is incorrect. Type (CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER PKI OBJECT), length (<number>).
 
PKI: No response for status inquiry for cert with subject name <name_str>
 
PKI: LDAP bind operation timed out for cert with subject name <name_str>
 
PKI: LDAP operation timed out for cert with subject name <name_str>
 
PKI: Cannot connect to LDAP server { <ip_addr> | <dom_name> }:<port_num> through <interface>
 
PKI: LDAP cannot search for DN (<name_str>) using filter (<string>)
 
PKI: Cannot contact HTTP server at URL <url_str>
 
PKI: Received bad LDAP response for cert with subject name <name_str>
 
PKI: Cannot save CA config (CA cert subject name <name_str>)
 
PKI: Cannot store config for CA with cert subject name <name_str>
 
PKI: Saved CA config (CA cert subject name <name_str>)
 
PKI: A configurable item ‘DN’s { Name | phone | e-mail | country | state | county/locality | organization | unit/department | IP address | e-mail to }’ field has changed from { ‘<string1>’ to none | none to ‘<string2>’ | ‘<string1>’ to ‘<string2>’ }.
 
PKI: A configurable item (raw CN setting) field has changed from { (enabled) to (disabled) | (disabled) to (enabled) }.
 
PKI: A configurable item (default certificate validation level) field has changed from { (full) to (partial) | (partial) to (full) }.
 
PKI: A configurable item (certificate FQDN) field has changed from (<string1>) to (<string2>).
 
PKI: A configurable item (default LDAP server name) field has changed from { (<ip_addr1>) to (<ip_addr2>) | (<dom_name1>) to (<dom_name2>) }.
 
PKI: A configurable item (default LDAP server CRL URL) field has changed from (<string1>) to (<string2>).
 
PKI: A configurable item (e-mail address to send certificate request) field has changed from (<number1>) to (<number2>).
 
PKI: A configurable item (default CRL Refresh Frequency) field has changed from (<number1>) to (<number2>).
 
PKI: A configurable item (SCEP’s { CA | RA } CGI URL) field has changed from (<string1>) to (<string2>).
 
PKI: A configurable item (SCEP’s { CA IDENT | challenge password }) field has changed from (<name_str1>) to (<name_str2>).
 
PKI: A configurable item (CRL’s signature verification) field has changed from { (0) to (1) | (1) to (0) }.
 
PKI: A configurable item SCEP mode has changed { from (auto) to (manual) | from (manual) to (auto) }
 
PKI: { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER } has been deleted. (subject name <name_str>)
 
Cannot save the key-pair object for cert with subject name <name_str>
 
Cannot { locate | delete } the key-pair object for cert with subject name <name_str>
 
PKI: Incorrect fingerprint for CA cert with subject name <name_str>
 
Cannot save the { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER } with subject name <name_str>
 
PKI: Cannot load <filename> file.
 
PKI: Cannot obtain object ID (<hex_id_num>) (dec_id_num)
 
PKI: Saved { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER PKI OBJECT} with subject name <name_str>
 
PKI: Number of PKI objects exceeds storage maximum (<number>)
 
PKI: Cannot compose HTTP packet to send to URL <url_str>
 
PKI: Cannot sync data to NSRP peer. (command <id_num>)
 
PKI: Cannot sync { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER PKI OBJECT} to NSRP peer. (command <id_num>)
 
PKI: Received CA cert with bad fingerprint (CA cert subject name <name_str>)
 
PKI: Cannot wrap SCEP request. Error: <string>, for cert request with subject name <name_str>
 
PKI: Cannot generate SCEP data. Cmd: <id_num>, error: { input | no memory | encode cert req | encode issuer-subject | reason unknown }, for cert request with subject name <name_str>
 
PKI: Cannot extract SCEP SUCCESS response. Error: { input | no memory | no selfsign CA | bad inner p7 | bad outer p7 [ data ] | dec outer p7 data | bad content | reason unknown }, for cert request with subject name <name_str>
 
PKI: Received a SCEP FAILURE   for cert request with subject name <name_str>
 
PKI: PKI: Cannot initiate SCEP request with subject name <name_str>
 
PKI: Cannot locate key pair with ID <id_num> for SCEP.
 
PKI: Completed SCEP cert request.
 
PKI: SCEP error: { bad subject dn | no cert | rm old cer | rm old key | private key | nsrp sync | reason unknown }, for cert with subject name <name_str>
 
PKI: Renewing cert through SCEP (subject name <name_str>)
 
PKI: Cannot verify cert for ScreenOS image authentication.
 
PKI: Successfully loaded image signer's public key. 
 
PKI: Cannot generate PKCS #10 file for certificate request.
 
PKI: Cannot send PKCS #10 cert request to e-mail address <e-mail_addr>.
 
PKI: Adjusted key pair length from 0 to 1024 bits.
 
PKI: Cannot generate { RSA | DSA } key pair with subject name <name_str>
 
PKI: Cannot generate cert request. Reason: <string> (subject name <name_str>)
 
PKI: NSRP cold start sync for <number> items.
 
PKI: NSRP cold start sync. Received item <number1> out of order, expecting <number2> of <total_number>.
 
PKI: NSRP cold start sync. Received item <number> before first item.
 
PKI: NSRP cold start sync session interrupted by normal sync item.
 
PKI: NSRP cold start sync session cannot locate item <id_num>
 
PKI: NSRP cold start sync attempt <number> failed.
 
PKI: NSRP cold start sync failed.
 
PKI: Completed NSRP cold start sync after <number> attempts.
 
PKI: Cannot locate config for CA with ID <id_num>
 
PKI: Updated config for CA with ID <id_num> from a global CA config.
 
PKI: Cannot retrieve the { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER PKI OBJECT} for cert with subject name <name_str>
 
PKI: PKI objects exceeded maximum capacity (<number>).
 
PKI: CRL is too big (<number>) to save to flash. Max: <number>, CA: <name_str>
 
PKI: Cannot decode CRL data.
 
PKI: CRL is too big (<number>) to load. Max: <number>, CA: <name_str>
 
PKI: CRL cannot be saved to flash, issuer (<name_str>)
 
PKI: Cannot save new item to flash. Max: (<number1>), item: (<number1>).
 
PKI: System automatically generated a self-signed certificate.
 
PKI: Auto-generated self-signed cert was deleted.
 
PKI: Cannot auto generate a self-signed cert.
 
PKI: Cert requested already exists for subject name <name_str>
 
PKI: Cannot access OCSP server to get revocation status for cert with subject name <name_str>
 
PKI: Cannot verify signature on OCSP response for cert with subject name <name_str>
 
PKI: OCSP response was inconclusive for cert with subject name <name_str>
 
PKI: Cannot verify OCSP responder cert with subject name <name_str>
 
PKI: Cannot send HTTP packet through socket to URL <url_str>
 
PKI: Cannot create a socket to URL <url_str>


Policies
Notification (00018)
 
Policy (<id_num>, global, <src_addr> -> <dst_addr>, <svc_name>, { permit | deny | tunnel }) was added
 
Default policy of the device has been changed to { permit | deny }
 
Policy (<id_num>, { <zone1> -> <zone2> | global }, <src_addr> -> <dst_addr>, <svc_name>, { permit | deny | tunnel }) was { added | modified | deleted | enabled | disabled } by admin <name_str>
 
Policy <id_num1> has been moved { before | after } <id_num2> <name_str>
 
cell_obj_name was { added | deleted } policy <id_num> cell_name
 
Policy <id_num> attack was modified
 
Policy <id_num> application was modified to <string>
 
Policy <id_num> attack severity was modified


PPP
Notification (00017)

IP address pool <name_str> with range <ip_addr1> - <ip_addr2> has been created
 
IP address pool <name> with range <ip_addr1> - <ip_addr2> was removed

Notification (00539)

No IP pool has been assigned. You cannot allocate an IP address.
 
Cannot allocate IP address from pool <name_str> for user <user_name>PPPoA

Notification (00055)
 
PPPoA is enabled on <interface> interface.
 
PPPoA is disabled on <interface> interface.

Notification (00556)
 
PPPoA <name> has started negotiation.
 
PPPoA <name> connected successfully.
 
PPPoA <name> connection attempt failed <reason>.
 
PPPoA <name> idle timeout.
 
PPPoA <name> shutdown.
 
PPPoA <name> failed to modify the IP for the interface.
 
PPPoA <name> failed to negotiate IP for the interface.
 
PPPoA <name> failed to modify the gateway for the interface.


PPPoE
Notification (00034)
 
PPPoE is { enabled | disabled } on <interface> interface.
 
Point-to-Point Protocol over Ethernet (PPPoE) settings changed.
 
Point-to-Point Protocol over Ethernet (PPPoE) connection failed to establish a session. Timeout { PADI | PADR }
 
PPPoE session shut down, PPPoE disabled.
 
PPPoE session started negotiations.
 
Point-to-Point Protocol over Ethernet (PPPoE) connection failed to establish a session. <string> received.
 
PPPoE session shut down. Idle timeout.
 
PPPoE session shuts down for <interface> instance due to system reset.
 
PPPoE session shut down by user.
 
Failed to set PPPoE interface IP address.
 
Point-to-Point Protocol over Ethernet (PPPoE) connection failed to establish a session. No IP address assigned.
 
Failed to set PPPoE interface gateway.
 
PPPoE session was successfully established.
 
PPPoE session termination or failure during: <string>
 
PPPoE session closed by AC.
 
AC <name_str> is advertising URL <url_str>
 
Message from AC <name_str>: <string>


RIP
Critical (00207)
 
Virtual router <vrouter_name> that received an update packet flood from neighbor <neighbor_ip_address> on interface <interface_name> dropped a packet.

System wide RIP route limit exceeded, RIP route dropped.
 
<number> RIP routes dropped from last system wide RIP route limit exceed.
 
RIP database size limit exceeded for <vrouter>, RIP route dropped.
 
<number> RIP routes dropped from the last database size exceed in vr <vrouter>.

Notification (00045)
 
RIP instance in virtual router <vrouter_name> was {created | removed}.
 
<vrouter_name> vrouter <protocol> protocol RIP received configuration command <command>
 
{set | unset} virtual router <vrouter_name> with the configuration command <command>
 
<command>

Information (00544)
 
RIP neighbor <neighbor_ip_address> in virtual router <vrouter_name> was added
 
RIP neighbor <neighbor_ip_address> in virtual router <vrouter_name> was removed.


Route
Critical (00200)

A new route cannot be added to the device because the maximum number of system route entries (<maximum_route_number>) has been exceeded
 
An error occurred on virtual router <vrouter> while removing route <route_address>/<subnetwork_mask> from virtual router route table. 

A route <route_address>/<subnetwork_mask> cannot be added to the virtual router <vrouter> because the number of route entries in the virtual router exceeds the maximum number of routes (<number>) allowed
 
Error occurred while adding route <route_address>/<subnetwork_mask> to virtual router <vrouter_name> route table because the db_insert function failed.
 
Error occurred while adding route <route_address>/<subnetwork_mask> to virtual router <vrouter_name> route table because the prefix add function failed.

Notification (00011)
 
Route(s) in virtual router “<vrouter>” with an IP address <ip_address>/<subnetwork_mask> and gateway <gateway_address> has been deleted
 
A route in virtual router “<vrouter>” that has IP address <ip_address>/<subnetwork_mask> through interface <interface> and gateway <gateway_address> with metric <metric> has been created.
 
A route has been created in virtual router “<vrouter_name>” with an IP address <ip_address>/<subnetwork_mask> and next-hop as virtual router “<vrouter_name>”
 
Source route(s) in virtual router <vrouter> with route addresses of <route_address>/<subnetwork_mask> and a default gateway address of <gateway_address> was removed.
 
Source route(s) in virtual router <vrouter> with route addresses of <route_address>/<subnetwork_mask> through interface <interface> and a default gateway address <address> with metric <metric> was created.
 
SIBR route(s) in virtual router “<vrouter>” for interface <interface> with an IP address 
<ip_addr>/<subnetwork_mask> and gateway <ip_addr>/<subnetwork_mask> has been removed

SIBR route in virtual router “<vrouter>” for interface <interface> that has IP address <ip_addr>/<subnetwork_mask> through interface <interface> and gateway <gateway_ip_addr> with metric <route_metric> was created

Notification (00048)

Route entry with sequence number <sequence_number> in route map <route_map_name>, virtual router <vrouter_name> was removed. 
 
Route map <route_map_name> in virtual router <vrouter_name> was removed.
 
Route map entry with sequence number <number> in route map <name_str> in virtual router <vrouter> was created.
 
An { import | export } rule applied to a connection between virtual router <virtual_router1> and virtual router <virtual_router2> with IP prefix <prefix/subnetwork_mask> was { created | deleted }
 
An { import | export } rule in virtual router <vrouter> to virtual router <vrouter> with route map <route_map> and protocol <protocol> was { created | deleted }
 
Access list entry <access_list_id> with a sequence number <sequence_number> that {permits | denies} IP address <IP_address>/<subnetwork_mask> was removed from virtual router <vrouter>
 
Access list entry <access_list_name> was {added to | removed from} from virtual router <vrouter_name>
 
Access list entry <access_list_id> with sequence number <sequence_number> with an action of { permit | deny } with an IP address and subnetwork mask of <ip_address>/<subnetwork_mask> was created on virtual router <virtual_router>


Schedule
Notification (00020)
 
Schedule <name_str> has been { added | modified | deleted }.


Service
Notification (00012)

Service <serv_name> has been { added | modified | deleted }
 
Service group <grp_name> has been { added | deleted | modified }
 
Service group <grp_name> has { added member | deleted member } <serv_name>


SIP
Notification (00047)
 
An administrator set the media inactivity timeout value to its default value of <seconds> seconds.
 
An administrator set the SIP invite timeout value to its default value of <seconds> seconds.
 
An administrator set the SIP trying timeout value to its default value of <seconds> seconds.
 
An administrator set the SIP ringing timeout value to its default value of <seconds> seconds.
 
An administrator set the SIP signaling inactivity timeout value to its default value of <seconds> seconds.
 
An administrator set the SIP media inactivity timeout value to <seconds> seconds.
 
An administrator set the SIP invite timeout value to <seconds> seconds.
 
An administrator set the SIP trying timeout value to <seconds> seconds.
 
An administrator set the SIP ringing timeout value to <seconds> seconds.
 
An administrator set the SIP signaling inactivity timeout value to <seconds> seconds.

Notification (00511)
 
The device cannot allocate sufficient memory for the SIP ALG request.
 
The device cannot register the Network Address Translation vector for the SIP ALG request.
 
The device cannot register the SIP ALG request to RM.
 
SIP parser error <error_name>
 
NetScreen devices do not support multiple IP addresses <ip_addresses> or ports <port_numbers> in SIP headers <header_field>
 
NetScreen devices do not support multicast IP addresses <ip_addresses> in SIP <sip_values>
 
Too many call segments.
 
Transaction data is too long.
 
SIP structure corrupted.
 
Too many call segments for response.
 
Transaction data too long for response.
 
Cannot allocate SIP call because device fielding too many calls.
 
SIP call information data is too long.
 
SIP ALG is unregistered by RM.


SNMP
Notification (00002)
 
SNMP listen port has been changed from <port_num1> to <port_num2>. 

Notification (00031)
 
SNMP system location has been changed to <loc_str>.
 
SNMP system contact has been changed to <name_str>.
 
SNMP system name has been changed to <name_str>.

Information (00524)
 
SNMP request from <ip_addr1>:<port_num> has been received, but the SNMP version type is incorrect.
 
SNMP request from an unknown SNMP community <name_str> at <ip_addr1>:<port_num1> has been received.
 
SNMP request has been received from an unknown host in SNMP community <name_str> at <ip_addr1>:<port_num1>.
 
SNMP request has been received from host <ip_addr1>:<port_num1> with read-only privileges.
 
SNMP request has been received from host <ip_addr1>:<port_num1> without read privileges.
 
SNMP: NetScreen device at <ip_addr>:<port_num> has responded successfully to the SNMP request.
 
SNMP: NetScreen device has responded successfully to the SNMP request from <ip_addr>:<port_num>.
 
SNMP response to the SNMP request from <ip_addr1>:<port_num1> has failed due to a coding error.


SSHv1
Critical (00528)
 
SSH: Unable to validate cookie from the SSH client at <ip_addr>.
 
SSH: NetScreen device failed to generate a PKA RSA challenge for SSH user <name_str> at <ip_addr> (Key ID <key_num>).
 
SSH: FIPS self test failed.
 
SSH: Unable to perform FIPS self test.

Error (00034)
 
SSH: Maximum number of SSH sessions (<number>) exceeded. Connection request from SSH user <name_str> at <ip_addr> denied.

Error (00528)
 
SSH: NetScreen device failed to identify itself to the SSH client at <ip_addr>
 
SSH: Incompatible SSH version string has been received from SSH client at <ip_addr>
 
SSH: Failed to send identification string to client host at <ip_addr>

Warning (00528)
 
SSH: Unsupported cipher type <name_str> requested from <ip_addr>
 
SSH: Host client has requested NO cipher from <name_str>
 
SSH: Disabled for <name_str> Attempted connection failed from <ip_addr>:<port_num>
 
SSH: SSH user <name> at <ip_addr> tried unsuccessfully to log in to <vsys> using the shared untrusted interface. SSH disabled on that interface.
 
SSH: SSH client at <ip_addr> tried unsuccessfully to establish an SSH connection to interface <interface> with IP <ip_addr> SSH disabled on that interface.
 
SSH: SSH client at <ip_addr> tried unsuccessfully to make an SSH connection to interface <interface> with IP <ip_addr> SSH not enabled on that interface.
 
SSH: SSH client <name_str> unsuccessfully attempted to make an SSH connection to <vsys> SSH was not completely initialized for that system.

Information (00026)
 
SSH: SSH { enabled | disabled } for <vsys>

Information (00528)
 
SSH: Key regeneration interval has been changed from <number1> to <number2>
 
SSH: SSH user <name_str> has been authenticated using password from <ip_addr>
 
SSH: SSH user <user_name> at <ip_addr> has requested password authentication, which is not enabled for that user.
 
SSH: SSH user <user_name> at <ip_addr> has requested PKA RSA authentication which is not supported for that user.
 
SSH: SSH has been { enabled | disabled } for <vsys> with <number1> existing PKA key(s) bound to <number2> SSH user(s).
 
SSH: Connection has been terminated for admin user <user_name> at <ip_addr>.
 
SSH: SSH user <user_name> has been authenticated using PKA RSA from <ip_addr> (Key ID <id_num>)
 
SSH: SSH user <user_name> at <ip_addr> failed the PKA RSA challenge. (Key ID <id_num>)


SSHv2
Critical (00034)
 
SSH: Failed to retrieve PKA key bound to SSH user <user_name> (Key ID <id_num>)
 
SSH: Error processing packet from host <ip_addr> (Code <id_num>)
 
SSH: Device failed to send initialization string to client at <ip_addr>
 
SCP: Admin user '<user_name>' attempted to transfer file { to | from } the device with insufficient privilege.

Error (00026)
 
SSH: Failed to { bind | unbind } PKA key from admin user '<user_name>' (Key ID <id_num>)
 
SSH: Attempt to bind duplicate PKA key to admin user '<user_name>' (Key ID <id_num>)
 
SSH: Maximum number of PKA keys (<number>) has been bound to user '<user_name>' Key not bound.  (Key ID <id_num>)

Error (00528)
 
SSH: Client at <ip_addr> attempted to connect with invalid version string.
 
SSH: Failed to negotiate encryption algorithm with host <ip_addr>
 
SSH: Failed to negotiate MAC algorithm with host <ip_addr>
 
SSH: Failed to negotiate key exchange algorithm with host <ip_addr>
 
SSH: Failed to negotiate host key algorithm with host <ip_addr>

Warning (00528)
 
SSH: Disabled for '<vsys>'. Attempted connection failed from <ip_addr>:<port_num>
 
SSH: Admin user <user_name> at host <ip_addr> requested unsupported authentication method <string>
 
SSH: Admin user '<user_name>' at host <ip_addr> requested unsupported PKA algorithm <string>
 
SCP: Admin '<user_name>' at host <ip_addr> executed invalid scp command: '<string>'
 
SCP: Disabled for '<user_name>'. Attempted file transfer failed from host <ip_addr>
 
SSH: Password authentication (successful | failed } for admin user '<user_name>' at host <ip_addr>
 
SSH: PKA authentication ( successful | failed } for admin user '<user_name>' at host <ip_addr>

Notification (00026)
 
SCP: Admin user '<user_name>' transferred file '<filename>' (<number> bytes) to device from host <ip_addr>
 
SCP: Admin user '<user_name>' transferred file '<filename>' (<number> bytes) from device to host <host_name>

Information (00026)

SSH: SSH { enabled | disabled } for <vsys>
 
SSH: Host key deleted for <vsys>
 
SSH: PKA key has been { bound to | unbound from } admin user <user_name> (Key ID <id_num>)
 
SSH: Upgrade performed (to version <id_num>)
 
SSH: SCP { enabled | disabled } for <vsys>


SSL
Notification (00002)
 
Web SSL port changed from <port_num1> to <port_num2>
 
Web SSL has been { enabled | disabled }

Notification (00035)

web SSL cert has been changed to none 
 
web SSL CA has been changed to none 
 
web SSL cipher has been changed from <cipher_name1> to <cipher_name2> 
 
web SSL cert has been changed to <name_str> 
 
web SSL CA has been changed to <name_str>

Information (00540)
 
No context exists for the SSL connection. The device is not ready for an SSL connection.
 
Firewall-only system does not allow “<ssl_connection_name>” SSL cipher type <ssl_cipher_type> 
 
The subject field of the SSL certificate reports a mismatch with subject name <subject_name> received while expecting subject name <subject_name>

Syslog
Warning (00019)
 
Syslog cannot connect to the TCP server <serv_name>; the connection is closed.

Notification (00019)

Syslog has been { enabled | disabled }.
 
Syslog VPN encryption has been { enabled | disabled }. 
 
Syslog server <serv_name> was { added | removed }.
 
All syslog servers were removed.
 
Syslog { facility | security facility } for <ip_addr> | <name_str> has been changed to { local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | auth/sec }
 
Syslog server <serv_name> host port number has been changed to <port_num>
 
Traffic logging for syslog server <serv_name> has been { enabled | disabled }.
 
Event logging for syslog server <serv_name> has been { enabled | disabled }.
 
Syslog server <serv_name1> host name has been changed to <serv_name2>.
 
Socket cannot be assigned for syslog.
 
All syslog levels have been cleared.
 
Syslog source interface has been changed to <interface>

Syslog source interface was removed.
 
Transport protocol for syslog server <serv_name> was changed to { tcp | udp }


WebTrends
Notification (00019)
 
Attempt to enable WebTrends has failed because WebTrends settings have not yet been configured.
 
WebTrends has been { enabled | disabled }
 
WebTrends VPN encryption has been { enabled | disabled }
 
WebTrends host { domain name | port number } has been changed to { <dom_name> | <port_num> }
 
Socket cannot be assigned for WebTrends


System
Critical (00027)

<reset_log_string>

Critical (00051)

Session utilization has reached <number>, which is <percent> of the system capacity!

Notification (00002)
 
Session threshold has been changed to percentage <percent>

Notification (00006)
 
Hostname set to “<hostname>”
 
Domain set to <domain_name>
 
An optional ScreenOS feature has been activated via a software key.

Notification (00008)
 
System clock configurations have been changed by admin <name_str>
 
System clock was changed manually.
 
System up time is shifted by <number> seconds.

Notification (00023)

System configuration has been erased.

Notification (00051)

Session utilization has reached <number>, which is <percent> of the system capacity.

Notification (00526)

The user limit has been exceeded and <ip_addr> cannot be added.

Notification (00553)
 
Invalid config size (<number>)

Notification (00767)
 
System is operational.
 
System was reset at <date><time>
 
Unsupported command <command>
 
Administrator <administrator_name> issued command <command> to redirect output.
 
Session (<id_num> <protocol>, <string>) cleared

Information (00767)
 
Environment variable <variable_name> changed to <string>
 
Environment variable <variable_name> unset.
 
Environment variable <variable_name> set to <variable_name>
 
System configuration saved 
 
All system configurations saved 
 
Save configuration to IP address <ip_address> under filename <filename> by administrator <administrator_name>
 
The system configuration was loaded from <ip_address> under the filename <filename> to slot <filename> by administrator <administrator_name>
 
The system configuration was loaded from IP address <ip_address> under filename <filename> by administrator <administrator_name>
 
The system configuration was loaded from slot <filename>
 
The system configuration was not saved <string> by administrator <name_str>. It was locked by administrator <name_str>
 
Save new software from slot filename <filename> to flash memory by administrator <administrator_name> 

Send new software from flash memory to slot filename <filename> by administrator <name_str>
 
The system configuration was loaded from flash memory to slot <filename> by administrator <name_str>
 
Send new software to IP address <ip_addr> under filename <filename> by administrator <name_str>
 
Send new software from IP address <ip_addr> under filename <filename> to slot <filename> by administrator <name_str>
 
Save new software from <ip_addr> under filename <filename> to flash memory <admin>
 
Lock configuration started by task <task_name>, with a timeout value of <minutes> minutes.
 
Lock configuration aborted explicitly by task <task_name>
 
Lock configuration aborted because <minutes> minutes timeout was exceeded.
 
Lock configuration ended by task <task_name>
 
New GMT zone ahead or behind by <number> seconds.
 
Daylight Saving Time { has started | ended ).
 
Timer reset from NSRP Peer by admin <usr_str>


Traffic Shaping
Notification (00002)
 
Traffic shaping is turned { on | off | auto }

Traffic shaping clearing DSCP selector is turned { on | off }


URL Filtering - Redirect
Alert (00014)

Communication error with { Websense | SurfControl } server { ip_addr }: SrvErr (error_code ), SockErr (error_code), Valid (string),Connected (string)

Notification (00013)
 
URL filtering server name has been changed to <name_str>
 
URL filtering server port has been changed to <port_num>
 
URL filtering fail mode has been changed to { fail-permit | fail-block }
 
URL filtering timeout has been changed to <number>
 
URL filtering   has been changed.
 
URL Filtering   type has been changed to { Juniper | Websense | SurfControl }
 
URL Filtering socket count has been changed to <number>
 
{ <enabled | disabled> } for vsys <vsys>
 
URL Filtering source interface has been changed to <interface>

Notification (00523)
 
URL filtering received an error from { Websense | SurfControl } (error <id_num>).
 
URL filtering has successfully connected { Websense | SurfControl } server (connections <number>).


URL Filtering - Integrated
Error (00556)
 
UF-MGR: Failed to process a request. Reason: <string>
 
UF-MGR: Failed to abort a transaction. Reason: <string>
 
UF-MGR: UF Key Expired (expiration date: <date>; current date: <date> ).
 
UF-MGR: Failed to { enable | disable } cache.
 
UF-MGR: Internal Error: <string>

Notification (00556)
 
UF-MGR: Cache size changed to <number>(K).
 
UF-MGR: Cache timeout changes to <number> (hours).
 
UF-MGR: Category update interval changed to <number> (weeks).
 
UF-MGR: Cache { enabled | disabled }.
 
UF-MGR: URL BLOCKED: ip_addr (%d) -> ip_addr (%d), <string> action: <string>, category: <string>, reason <string>
 
UF-MGR: URL FILTER ERR: ip_addr (%d) -> ip_addr (%d), host: <string> page: <string> code: <string> reason: <string>.
 
UF-MGR: Primary CPA server changed to <serv_name>.
 
UF-MGR: %s CPA server host changed to %s.
 
UF-MGR: %s CPA server port changed to <port_num>.
 
UF-MGR: SurfControl URL filtering { enabled | disabled }. 
 
UF-MGR: The url <url_str> was { added into | removed from } category <name>.5.1
 
UF-MGR: The category <name> was { created | removed }.
 
UF-MGR: The profile <name> was { created | removed }.
 
UF-MGR: The category <name> was added into profile <name> with action <string>.
 
UF-MGR: The category <name> was set in profile <name> as the { black | white } list.
 
UF-MGR: The category <name> was removed from profile <name> with action <string>.
 
UF-MGR: The action for other in profile <name> was set to <string>.
 
UF-MGR: The action for <name> in profile <name> was changed to <string>.
 
UF-MGR: The profile <name> { white list | black list } was removed.
 
UF-MGR: The category list from the CPA server has been updated onto the device.


User
Notification (00014)
 
The user <usr_str> has been { enabled | disabled } by <name_str>
 
The user group <grp_name> has been { added | deleted | modified } by <name_str>VIP

Critical (00023)
 
VIP server <ip_addr> cannot be contacted.

Notification (00021)
 
VIP multi-port was { enabled | disabled }
 
VIP (<ip_addr>:<port_num1> <svc_num> <port_num2>) has been { added | modified | deleted }

Notification (00533)
 
VIP server <ip_addr> is now alive.
 
VIP server <ip_addr> is now in manual mode.


VPNs
Critical (00040)
 
VPN <name_str> [ for <usr_name> ] from <ip_addr> is up.

Critical (00041)
 
VPN <name_str> [ for <usr_name> ] from <ip_addr> is down.

Notification (00017)
 
VPN <name_str> has been bound to tunnel { interface <interface> | zone <zone> }.
 
VPN <name_str> has been unbound from tunnel zone <zone>.
 
VPN monitoring interval has been unset.
 
VPN monitoring threshold has been unset.
 
VPN monitoring interval has been set to <number> seconds.
 
VPN monitoring threshold has been set to <number>.
 
VPN monitoring for VPN <name_str> has been enabled (src int <interface>, dst IP <ip_addr>, rekeying { enabled | disabled }, scalability optimization { enabled | disabled }).
 
VPN monitoring for VPN <name_str> has been disabled.
 
IPSec NAT-T for VPN <name_str> has been { enabled | disabled }.
 
The DF-BIT for VPN <name_str> has been set to { clear | set | copy }.
 
VPN <name_str> with gateway <name_str2> and P2 proposal <name> has been { added | modified | deleted }
 
VPN <name_str> with gateway <ip_addr> and SPI <hex_num1>/<hex_num2> has been { added | modified | deleted }

Information (00536)
 
A Manual Key VPN tunnel using AES encryption is not allowed for SSH.
 
IKE <ip_addr>: IP address of local int has been changed to 0.0.0.0, and VPNs cannot terminate at it.
 
IKE <ip_addr>: IP address of local int has been changed from 0.0.0.0 to <ip_addr>.
 
IKE <ip_addr>: Policy ID <id_num> failed over from SA <id_num1> to SA <id_num2>.
 
IKE <ip_addr>: VPN ID number cannot be assigned.
 
VPN monitoring for VPN <name_str> has deactivated the SA with ID <number>.
 
Phase 2 SA for tunnel ID <id_num> has been idle too long. Deactivated P2 SA and sent a Delete msg to peer.


Virtual Router
Notification (00049)

A <virtual_router_type> virtual router using name <vrouter> and id <id_num> has been created
 
A virtual router with name “<vrouter>” and ID <id_num> has been removed
 
The auto-route-export feature in virtual router <vrouter> has been { enabled | disabled }
 
The maximum number of routes that can be created in virtual router “<vrouter>” is <number>
 
The router-id that can be used by OSPF, BGP routing instances in virtual router “<vrouter>” has been set to <id_num>
 
The routing preference for protocol <name_str> in virtual router “<vrouter>” has been set to <number>
 
The virtual router “<vrouter>” has been made default virtual router for virtual system (<vsys_name>)
 
The virtual router “<vrouter>” has been made { sharable | unsharable }
 
The system default-route through virtual router “<vrouter1>” has been added in virtual router “<vrouter2>”
 
The maximum routes limit in virtual router <vrouter> has been removed.
 
The router-id of virtual router “<vrouter>” used by OSPF, BGP routing instances id has been uninitialized.
 
The routing preference for protocol <name_str> in virtual router “<vrouter>” has been reset.
 
The system default-route in virtual router (<vrouter>) has been removed.
 
Source-based routing { enabled | disabled } in virtual router <vrouter>
 
SNMP trap made { private | public } in virtual router <vrouter>
 
Fast route lookup was { enabled | disabled } in virtual router <vrouter> 
Routes defined on inactive interfaces { will | will not } be exported into other virtual routers, protocols in virtual router (<vrouter>)
 
The subnetwork conflict checking feature for interfaces in virtual router <vrouter> was removed.
 
Subnetwork conflict checking for interfaces in virtual router (<vrouter>) has been enabled.

Route-lookup preference changed to <route_lookup_method_name> (<preference_value>) => 
<route_lookup_method_name> (<preference_value>) => <route_lookup_method_name> 
(<preference_value>) in virtual router (<vrouter>).
 
SIBR routing { disabled |enabled } in virtual router <vrouter>


Vsys
Notification (00032) 

Vsys <name_str> has been { created | removed }

Vsys <name_str> has been changed to <name_str>

Name for vsys with ID <id_num> has been changed from <vsys_id_1> to <vsys_id_2>

NSRP VSD group ID for vsys <name_str> has changed from <id_num1> to <id_num2> by configuration change <command>

Notification (00043)
 
IP classification has been { enabled | disabled } for zone <zone>

IP classification object { net <ip_addr1>/<mask> | range <ip_addr2>-<ip_addr3> } has been { added | deleted } for zone <zone>

Notification (00515)
 
Vsys admin user <username> has logged on via the console.
 
Vsys admin user <username> has logged on via Telnet from remote IP address <ip_addr> using port <port>Zone

Notification (00037)
 
New zone <zone> (ID <id_num>) was created.
 
Zone <zone> (ID <id_num>) was deleted.
 
Zone <zone> was bound to virtual router <vrouter>
 
Zone <zone> was unbound from virtual router <vrouter>
 
Tunnel zone <zone1> was bound to out zone <zone2>
 
Intra-zone block for zone <zone> was set to { on | off }
 
Zone <zone> was changed to { shared | non-shared }.
 
IP/TCP reassembly for ALG was { enabled | disabled } on zone <zone>
 
Asymmetric vpn was{ enabled | disabled } on zone <zone>