Professional Documents
Culture Documents
Page 1
Rule
Source IP Address
Event Message
Destination IP Address
Page 3
blocked Web site, and the Content Filter List Code is displayed. Code definitions for the 12 Content Filter List categories are shown below. 1. Violence 2. Intimate Apparel/Swimsuit 3. Nudism 4. Adult/Mature Content/ Pornography 5. Weapns 6. Hate/Racism 7. Cult 8. Drugs/Illegal Drugs 9. Criminal Skills/Illegal Skills 10. Sex Education 11. Gambling 12. Alcohol & Tobacco
Descriptions of the categories are available at <http://www.sonicwall.com/Content-Filter/ categories.html>. ActiveX, Java, Cookie or Code Archive blocked When ActiveX, Java or Web cookies are blocked, messages with the source and destination IP addresses of the connection attempt is displayed. Ping of Death, IP Spoof, and SYN Flood Attacks The IP address of the machine under attack and the source of the attack is displayed. In most attacks, the source address shown is fake and does not reflect the real source of the attack.
Tip!
Some network conditions can produce network traffic that appears to be an attack, even when no one is deliberately attacking the LAN. To follow up on a possible attack, contact your ISP to determine the source of the attack. Regardless of the nature of the attack, your LAN is protected and no further steps are needed.
Log Events
This section lists the log events by category. Each log event description includes an explanation of its meaning, and if necessary, a recommended action.
Fragmented Packet Dropped - The SonicWALL refused a fragmented packet. IPSec (ESP) packet dropped - An IPSec packet was dropped by the SonicWALL. Port configured to receive IPSEC Only. Drop packet received in the clear. - The SonicWALL is configured to receive IPSec packets only, therefore, unencrypted packets are dropped. ICMP Dropped - ICMP uses datagrams of various types for communicating between control messages between hosts and routers on a TCP/IP network. In this case, the communication was dropped by the SonicWALL. Denied TCP connection from LAN - The SonicWALL refused a TCP connection from the LAN. Unknown Protocol Dropped - The SonicWALL has detected and refused an unknown protocol. Internet Access restricted to authorized users. Drop packet received in the clear. IPSec (AH) packet dropped - The SonicWALL has detected and refused an IPSec packet encrypted using AH.
Priority Attack Dropped - The SonicWALL has detected and prevented a priority attack. Ini Killer Attack Dropped - The SonicWALL has detected and prevented a trojan attack. Smurf Amplification Attack Dropped - The SonicWALL has detected and prevented a Denial of Service attack. Possible Port Scan Dropped - A possible port scan was detected and rejected by the SonicWALL. Probable TCP NULL scan - The SonicWALL has detected TCP frames with a sequence number of zero and all control bits set to zero and rejected them. IPSEC Replay Detected - An IPSec Replay was detected and rejected by the SonicWALL. Forbidden E-Mail attachment deleted - When enabled on the SonicWALL, the logging file records forbidden e-mail attachments received by the SonicWALL. TCP Xmas Tree Blocked - The SonicWALL detected and blocked a TCP Xmas Tree scan. User login failure rate exceeded - source address locked out - A user has attempted logging into the SonicWALL with incorrect credentials. IPSec Decryption Failed - The SonicWALL was unable to decrypt the IPSec packets. IPSec packet to or from an illegal host - The SonicWALL detected an IPSec packet with a source or destination IP address that does not match any security policies configured on the SonicWALL. Back Orifice Attack Dropped - Back Orifice is a two part application consisting of a client and server piece. The client application running on one computer can be used to monitor and control a second computer running the server application. The SonicWALL has detected and dropped this attack. NetBus Attack Dropped - NetBus is a well-known back door Trojan attack. The SonicWALL has detected and dropped this attack. Net Spy Attack Dropped - The SonicWALL has detected and dropped a Net Spy attack. Sub Seven Attack Dropped - The SonicWALL has detected and dropped the Trojan attack, Sub Seven. Ripper Attack Dropped - The SonicWALL has detected and dropped a Ripper Attack. Striker Attack Dropped - The SonicWALL has detected and dropped a Striker Attack. Probable Port Scan Dropped - The SonicWALL detected an excessive number of port scans and dropped the traffic. Received AV Alert: Your SonicWALL Network Anti-Virus subscription has expired. The SonicWALL Anti-Virus subscription has expired. Renew your subscription at http:// www.mysonicwall.com. Forbidden E-Mail attachment disabled - When configured on the SonicWALL, forbidden e-mail attachments are disabled. Page 6 SonicWALL Internet Security Appliance Log Events Reference Guide
Probable TCP FIN scan - The SonicWALL has detected and blocked traffic resembling a TCP FIN scan. Probable TCP XMAS scan - The SonicWALL has detected and blocked TCP traffic with a sequence number of zero and the FIN, URG, and PUSH bits are set. Probable TCP NULL scan - The SonicWALL has detected and blocked TCP traffic with a sequence number of zero and all the control bits are set. E-Mail fragment dropped - When configured on the SonicWALL, e-mail fragments are prevented from accessing the SonicWALL. Malformed IP packet dropped. - The SonicWALL has detected and blocked a malformed IP packet. FTP: PORT bounce attack dropped. - The SonicWALL has detected and blocked a Port bounce attack. FTP: PASV response bounce attack dropped. The SonicWALL has detected and blocked a PASV response bounce attack which is a Denial of Service attack.
Page 7
Cookie removed - When cookies are blocked, the log message displays the source and destination IP address of the attempted connection.
Received fragmented packet or fragmentation needed - A packet larger than the configured MTU was received or a packet with a fragmented bit was received when fragmentation support is not configured on the SonicWALL. Log Debug - A state-specific log message used to assist SonicWALL technical support with unusual issues experienced by customers. VPN Log Debug - A state-specific log message used to assist SonicWALL technical support with unusual issues experienced by customers. Firewall access from LAN - The SonicWALL management interface was accessed from the LAN. DHCP RELEASE received from remote device - A DHCP Client has released its DHCP lease. Issuer match failed - The certificate issuer information does not match the SonicWALL certificate information. DHCP lease relayed to remote device - A DHCP lease was sent to a remote device from a local device. DHCP REQUEST received from remote device - A DHCP lease was requested from the a remote device. DHCP DISCOVER received from remote device - A remote DHCP client is trying to locate a DHCP server on the SonicWALL network. DHCP DECLINE received from remote device - A remote DHCP client has refused the proposed DHCP lease. DHCP OFFER received from server - The DHCP server has offered a DHCP lease to a client. DHCP NAK received from server - The DHCP server has denied the DHCP servers lease request. IPSec (ESP) packet dropped; waiting for pending IPSec connection - Previous IPSec (ESP) connection for pass-through is not complete. New IPSec connection cannot be started and the IPSec (ESP) packet is dropped. IPSec (AH) packet dropped; waiting for pending IPSec connection - Previous IPSec (AH) connection for pass-through is not complete. New IPSec connection cannot be started and the IPSec (AH) packet is dropped.
Page 9
Illegal LAN address in use - An IP address outside of the configured scope is in use. The cache is full; %d open connections; some will be dropped - The SonicWALL connection cache is full and some connections will be dropped. Diagnostic Code A - The Watchdog detected a suspended task. Diagnostic Code C - The Watchdog detected low memory resources. Diagnostic Code E - Failed to allocate memory for Encryption or Authentication keys. Primary firewall has transitioned to Idle - The Backup SonicWALL is now the active firewall and the Primary is now the Backup SonicWALL. Backup missed heartbeats from Active Primary: Backup going Active - The Active Primary firewall did not send heartbeats to the Backup, therefore the Backup is taking over as the Primary Firewall. Backup received error signal from Active Primary: Backup going Active - An error condition exists on the Active Primary firewall and the Backup firewall is becoming the Primary firewall. Primary firewall preempting Backup - The Primary firewall has become active again and is taking over as the Primary firewall. Backup going Active in preempt mode after reboot - After rebooting the SonicWALL and HA is enabled, the Backup SonicWALL is configured to be active instead of the Primary SonicWALL. Error updating HA peer configuration - Configuration changes could not be updated on the Primary and Backup firewalls. Backup WAN link down, Primary going Active - The modem connection on the TELE3 SP lost its dial-up connection and the WAN connection is becoming the primary connection. Failed to synchronize Relay IP Table Blocked Quick Mode for Client using Default KeyId - The SonicWALL blocked Quick Mode negotiation with the Global VPN Client using the default keyID. The current WAN interface is not ready to route packets. %s Ethernet Port Up - The Ethernet Port has returned to active status. The network connection in use is %s - The network connection is the specified source. Requesting CRL From - A VPN Certificate Revocation List was received from the specified location. CRL Loaded From - A Certificate Revocation List was loaded from the specified location. Failed to get CRL From - The SonicWALL was unable to retrieve a Certificate Revocation List. Not Enough Memory to hold the CRL - The SonicWALL did not have enough RAM available when retrieving the Certificate Revocation List. Page 11
Connection Timed Out - A connection entry cache entry timed out. Connection has been dropped. Cant Connect to the CRL Server - The SonicWALL is unable to connect to the CRL server. Unknown Reason - A state-specific log message used to assist Tech Support with diagnosing unusual customer issues. Failed to Process CRL From - The SonicWALL was unable to process a retrieved CRL from the specified location. Bad CRL Format - A CRL was received in an incorrect format. Issuer Match Failed - A CRL list was received from an unauthorized provider. Certificate on Revoked List - A VPN connection was attempted using an unauthorized certificate. No Certificate for - A VPN connection was attempted using an non-existent certificate.
PPPoE Network Connected - The PPPoE connection is successfully connected. PPPoE Network Disconnected - The PPPoE connections is disconnected. PPPoE LCP Link Up - LCP is used in conjunction with PAP or CHAP to establish the connection. This link is up. PPPoE LCP Link Down - LCP is used in conjunction with PAP or CHAP to establish the connection. This link is down. No response from ISP Disconnecting PPPoE. - The ISP did not respond to the connection request. The negotiation is disconnected. PPPoE terminated - The PPPoE connection is terminated. L2TP Connect Initiated by the User - A request to connect to a L2TP server is initiated. L2TP Session Negotiation Started - Negotiation for a L2TP session has started. L2TP Tunnel Negotiation Started - Negotiation for a L2TP tunnel has started. L2TP Tunnel Established - The SonicWALL has established a L2TP tunnel. L2TP PPP Negotiation Started - The SonicWALL has begun PPP negotiation over the L2TP connection. L2TP PPP Authentication Failed - PPP Authentication failed. Check your L2TP settings. L2TP Session Disconnect from Remote - The remote site has disconnected the L2TP session. L2TP LCP Down - LCP is a protocol used as part of the authentication process. LCP is unavailable. L2TP LCP Up - LCP is a protocol used as part of the authentication process. LCP is available. Disconnecting L2TP Tunnel due to traffic timeout. - The L2TP tunnel is disconnected due to inactivity on the connection. L2TP Disconnect Initiated by the User - Disconnection from the remote L2TP connection is requested by a user. L2TP Max Retransmission Exceeded - Retransmission of data has exceeded the maximum allowed retransmissions. L2TP PPP link down - The PPP link is down. PPTP Connect Initiated by the User - A user has initiated a PPTP connection. PPTP Control Connection Negotiation Started - Negotiation has been initiated for PPTP Control Connection. PPTP Control Connection Established - PPTP Control Connection has been successfully established. Page 13
PPTP PPP Negotiation Started - The PPTP connection has begun PPP negotiations. PPTP PPP Link Up - The PPP link is up. PPTP PPP Link down - The PPP link is down. PPTP PPP Up - PPP callback is up. PPTP PPP Down - PPP callback is down. PPTP PPP Session Up - The PPTP Session is up. PPTP PPP Authentication Failed - PPP authentication has failed. PPTP starting PAP Authentication - The SonicWALL is establishing a PPTP connection using PAP for authentication. PPTP PAP Authentication success. - PAP authentication is successful. Data can be sent via the PPTP connection. PPTP PAP Authentication Failed - PAP authentication failed. Check your SonicWALL network settings. PPTP PAP Authentication Failed. - Please verify PPTP username and password Check your SonicWALL network settings to verify your username and password. PPTP Max Retransmission Exceeded - Attempts to retransmit data has exceeded the number of allowed retransmissions. PPTP Tunnel Disconnect from Remote - The PPTP tunnel is disconnected from the remote location. PPTP Session Disconnect from Remote - The PPTP tunnel is disconnected from the remote location. PPTP LCP Down - LCP is a protocol used as part of the authentication process. LCP is unavailable. PPTP LCP Up - LCP is a protocol used as part of the authentication process. LCP is available. PPTP starting CHAP Authentication - The PPTP connection is authenticating using CHAP. PPTP CHAP Authentication Failed. Please verify PPTP username and password The authentication process failed. Check your network settings to verify that the information is correct. PPTP PPP Link Finished - The PPTP PPP link is complete. Disconnecting PPTP Tunnel due to traffic timeout - Due to inactivity on the connection, the PPTP tunnel is disconnecting. PPTP Session Negotiation Started - The SonicWALL is beginning to negotiate the PPTP sessions.
PPTP Session Established - The PPTP session is established by the SonicWALL. PPTP Disconnect Initiated by the User - A user has initiated a PPTP disconnect on the SonicWALL. HTTP management port has changed - The HTTP management port has changed. You must remember the port number to log into the SonicWALL. Adminstrator name changed - The administrator name has been changed on the SonicWALL. You need to remember the name in order to log into the SonicWALL. VPN disabled by administrator - VPN has been disabled on the SonicWALL. No VPN SAs are in effect and disabling VPN interrupts any current VPN connections. Log Cleared - The Log was cleared by clicking Clear Log on the Log View page. Restarting SonicWALL; dumping log to email - The SonicWALL is restarting either at a users request or after changing settings on the SonicWALL. The log file is e-mailed to the address configured on the Log Automation page. Access attempt from host without Anti-Virus agent installed - Anti-Virus is required to be installed on all computers on the network if Anti-Virus is enabled on the SonicWALL. VPN enabled by administrator - VPN is enabled by the administrator by selecting Enable VPN on the VPN page. Log successfully sent via email - When configured, the SonicWALL e-mails the log files to the administrator. HTTPS management port has changed - The HTTPS management port was changed. You must remember the port number when attempting to manage the SonicWALL using HTTPS. SonicWALL initializing - The SonicWALL is restarting after uploading new firmware or resetting the appliance. Anti-Virus agent out-of-date on host - The Anti-Virus agent has not been updated. Update the agent for the latest virus information.
Page 15
Login screen timed out - The login screen with the username and password fields timed out. Successful administrator login - An administrator successfully logged into the SonicWALL. User login failed - RADIUS authentication failure - A user configured for RADIUS Authentication failed to log into the SonicWALL. User login failed - RADIUS configuration error - A user configured for RADIUS Authentication is improperly configured on the SonicWALL. Administrator logged out - A SonicWALL Administrator logged out of the SonicWALL. User logged out - A user has logged out of the SonicWALL. User logged out - inactivity timer expired - A user was logged out when the connection did not detect data transmission. Locked out user re-enabled by admin - A user attempted to log onto the SonicWALL but was locked out when authentication failed. The administrator has re-enabled the users account. User login failed - incorrect password - A user attempted to log into the SonicWALL using the wrong password. Administrator login failed - incorrect password from the CLI - An administrator failed to log into the SonicWALL using the incorrect password over the CLI port. Successful remote user login - A remote user successfully logged into the SonicWALL. User login failed - RADIUS server timeout - A user could not log in because the RADIUS server timed out. User login failed - User has no privileges for login from that location - The user does not have privileges to log in from a specified location. Administrator logged out - inactivity timer expired - The SonicWALL did not detect any activity for specified time period and logged the Administrator out of the SonicWALL. User logged out - max session time exceeded - A user was logged out after exceeding the specified session time established for the user. Locked out user re-enabled - lockout period expired - A user attempted log into the SonicWALL and failed resulting in the user becoming locked out of the SonicWALL. The time period for the lockout has expired. Administrator logged out from the CLI - The SonicWALL administrator logged out from the SonicWALL while using the CLI interface.
IKE Responder: IPSec proposal does not match (Phase 2) - The initiating SonicWALL sent an IPSec proposal that does not match the responding SonicWALL during Phase 2 negotiations. Starting IKE negotiation - The SonicWALL is beginning IKE negotiation by matching encryption, hash, and authentication algorithms, as well as Diffe-Hellman keys and the Security Protocol. IKE Responder: No matching Phase 1 ID found for proposed remote network Phase 1 of the IKE negotiation failed because the information did not match on the responding SonicWALLs network. IKE Responder: No match for proposed remote network address - The information entered in the initiating SonicWALLs destination network field did not match the responding network information. IKE Responder: Tunnel terminates outside firewall but proposed local network is not NAT public address - The VPN tunnel is configured to terminate outside the responding firewall but the IP address for the local network is not the public IP address. IKE Responder: Tunnel terminates on DMZ but proposed local network is on LAN The Security Association is configured to terminate on the responding DMZ but the IP address is a LAN IP address. IKE Responder: AH Perfect Forward Secrecy mismatch - Perfect Forward Secrecy is configured but the authentication does not match on the responding SonicWALL. IKE Responder: Algorithms and/or keys do not match - The responding SonicWALL does not have matching algorithms or keys. Check the configuration on both appliances. IKE Initiator: Start Quick Mode (Phase 2). - The initiating SonicWALL is beginning the second phase of Quick Mode negotiation. Quick Mode is used in SAs configured using AH or ESP. IKE SA lifetime expired. - The Security Association has expired because it has exceeded the configured lifetime. IKE Responder: Received Quick Mode Request (Phase 2) - The responding SonicWALL has received a request from the first SonicWALL to begin Phase 2 of Quick Mode negotiation. IKE Initiator: Aggressive Mode complete (Phase 1). The initiating SonicWALL has completed Phase 1 of an Aggressive Mode negotiation. IKE Responder: Received Aggressive Mode request (Phase 1) - The responding SonicWALL has received a request from the initiating SonicWALL to begin Aggressive Mode (Phase 1) negotiations. IKE Initiator: Start Aggressive Mode negotiation (Phase 1) - The initiating SonicWALL is beginning Aggressive Mode Negotiation (Phase 1).
Page 17
IKE Responder: Aggressive Mode complete (Phase 1) - The responding SonicWALL has completed Aggressive Mode (Phase 1) negotiations. IKE Responder: IKE proposal does not match (Phase 1) - The responding SonicWALL does not have a matching IKE proposal from the initiating SonicWALL. IKE Responder: Proposed local network is 0.0.0.0 but SA has no LAN Default Gateway - The initiating SonicWALL has proposed a local network but the SA has no IP address in the Default LAN Gateway field. Failed payload verification after decryption - The payload in the Authentication header failed verification after it was decrypted. SA is disabled. Check VPN SA settings - The VPN SA was disabled by the administrator. Computed hash does not match hash received from peer - The hash algorithm for the SA does not match the peer hash algorithm. Check the configuration on each SonicWALL. Received IPSEC SA delete request - The SonicWALL has received a request to delete an IPSec Security Association. Received notify: INVALID_COOKIES - The SonicWALL has received notification of invalid cookies. Received notify: INVALID_SPI - The SPI is invalid on the SonicWALL. The VPN tunnel is not connected. VPN Cleanup: Dynamic network settings change - The network settings have changed and the SonicWALL is cleaning up the network information. Illegal IPSec SPI - The SPI is not authorized for connecting the VPN tunnel. IKE Responder: Accepting IPSec proposal (Phase 2) - The responding SonicWALL is accepting the initiating SonicWALL IPSec proposal. IKE negotiation complete. Adding IPSec SA. (Phase 2) - The initiating and responding SonicWALL appliances have successfully negotiated the VPN SA. IKE Responder: Mode %d - not tunnel mode - The responding SonicWALL is not in tunnel mode. IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route - The negotiating SonicWALL has proposed a network IP address but not the DHCP relay or default route IP address. IKE Responder: Default LAN gateway is set but peer is not proposing to use this SA as a default route - The responding SonicWALL has determined that the initiating SonicWALL was not configured to use the SA as the default route for Internet traffic.
IKE Responder: Tunnel terminates inside firewall but proposed local network is not inside firewall - The initiating SonicWALL is proposing a remote IP address that is not on the local network inside the remote firewall. IKE Responder: Tunnel terminates on LAN but proposed local network is on DMZ The initiating SonicWALL is configured to terminate the VPN tunnel on the remote LAN but the IP address is on the remote DMZ. IKE Responder: ESP Perfect Forward Secrecy mismatch - The responding SonicWALL has a different authentication configured so the authentication doesnt match the initiating SonicWALL. IKE Initiator: Start Main Mode negotiation (Phase 1) - The initiating SonicWALL is starting Phase 1 of Main Mode negotiation and sending a request to the remote SonicWALL. IKE Initiator: Main Mode complete (Phase 1) - Phase 1 Main Mode has successfully completed negotiations on the initiating SonicWALL. IKE Responder: Received Main Mode request (Phase 1) - The responding SonicWALL has received a request from the initiating SonicWALL to begin Phase 1 Main Mode negotiations. IKE Responder: Main Mode complete (Phase 1) - The responding SonicWALL has completed Phase 1 Main Mode negotiations. IKE Initiator: Accepting IPSec proposal (Phase 2) - The initiating SonicWALL is in the process of accepting Phase 2 IPSec proposal. IKE Initiator: Received notify. NO_PROPOSAL_CHOSEN - The initiating SonicWALL has received a notification from the responding SonicWALL that no proposal was chosen. Check the SA configuration on the initiating SonicWALL. IKE negotiation aborted due to timeout - The SonicWALL could not complete the IKE negotiation because the connection timed out. Failed payload verification after decryption. Possible preshared key mismatch - The Preshared Secret does not match and the SonicWALL cannot properly decrypt the packet. Received packet retransmission. Drop duplicate packet - The SonicWALL received two identical packets and dropped one of them. Received notify: ISAKMP_AUTH_FAILED - The SonicWALL could not authenticate and the VPN tunnel is not established. Received notify: PAYLOAD_MALFORMED - The payload packet was malformed and could not be decrypted. Received IKE SA delete request - The responding SonicWALL received a Phase 1 delete request from the initiating SonicWALL. Page 19
Received notify: RESPONDER_LIFETIME - The initiating SonicWALL received notification that the responding SonicWALL is using a lifetime different from the lifetime on the initiating SonicWALL. IKE Initiator: Accepting peer lifetime. (Phase 1) - The initiating SonicWALL is accepting the SA lifetime configured on the responding SonicWALL. Received notify: INVALID_ID_INFO - The SonicWALL received notification that its Phase 1 ID is not correct. Modem Log Events PPP Dial-Up: Dialing: %s - The TELE3 SP is dialing the telephone number configured in its dial-up profile. PPP Dial-Up: No link carrier detected - check phone number - The SP could not connect because no phone carrier was detected. PPP Dial-Up: Dialed number did not answer - The dialed number did not answer. PPP Dial-Up: Link carrier lost - The SP lost the connection to the phone carrier. PPP: PAP Authentication failed - check username/password - Authentication with the dial-up ISP failed due to incorrect username and/or password. Check your dial-up profile. PPP: MS-CHAP authentication failed - check username/password - Authentication with the dial-up ISP failed due to incorrect username and/or password. Check your dial-up profile. PPP: Starting CHAP authentication - The authentication process with the dial-up ISP is beginning. PPP Dial-Up: PPP negotiation failed - disconnecting - The SP failed PPP negotiation with the dial-up ISP and is disconnecting from the ISP. PPP Dial-Up: Failed to get IP address - The SP could not obtain an IP address from the dial-up ISP. PPP Dial-Up: PPP link established - The SP has established a PPP link with the dial-up ISP. PPP Dial-Up: Shutting down link - The phone connection is shutting down. PPP Dial-Up: User requested disconnect - A request to disconnect from the dial-up ISP has been made by a user. PPP Dial-Up: Connect request canceled - A manual connection request is canceled. PPP Dial-Up: Trying to failover but Primary Profile is manual - The SP is attempting to failover from the WAN port to the modem, but the Primary Dial-up profile is configured for manual dialing. PPP Dial-Up: No dialtone detected - check phone-line connection - The SP did not detect a dialtone when trying to dial the ISP using the modem.
PPP Dial-Up: Dialed number is busy - The phone number configured in the dial-up profile is busy. PPP Dial-Up: Connected at %s bps - starting PPP - The modem has successfully dialed the ISP and connected to it. The SP is now beginning PPP negotiations. PPP: Authentication successful - The SP successfully authenticated with the dial-up ISP. Data can now be transmitted using this connections. PPP: CHAP authentication failed - check username/password - The SP could not authenticate to the dial-up ISP with the configured username and/or password. Check the dial-up profile information. PPP: Starting MS-CHAP authentication - The SP is beginning authentication with the dial-up ISP. PPP: Starting PAP authentication - The SP is beginning authentication with the dial-up ISP. PPP Dial-Up: Idle time limit exceeded - disconnecting - No data has been transmitted for a specified period of time, therefore, the SP is disconnecting from the ISP. PPP Dial-Up: Received new IP address - The SP received a new IP address from the dial-up ISP. PPP Dial-Up: PPP link down - The PPP link is down and the SP cannot connect to the ISP. PPP Dial-Up: Initialization : %s - The modem is initializing. PPP Dial-Up: User requested connect - A user on the SP has requested a connection via the modem. PPP Dial-Up: Manual intervention needed. Check Primary Profile or Profile details Configuration of the dial-up profile may be incorrect. Check the profile and verify the information. PPP Dial-Up: Startup without Ethernet cable, will try to dial on outbound traffic The SP is not connect to the WAN with an Ethernet cable. The SP will dial the ISP when outbound data is detected. Other User Activity Log Events XAUTH Succeeded with VPN client - The VPN Client successfully authenticated using XAUTH. XAUTH Failed with VPN client, Cannot Contact RADIUS Server - The VPN SA is configured to require XAUTH using a RADIUS server, however, it cannot contact the RADIUS server. Verify your RADIUS settings. Received a path MTU icmp message from router/gateway - The SonicWALL received a routing message from a router and/or gateway on the network. Page 21
NAT Discovery : Peer IPSec Security Gateway behind a NAT/NAPT Device - NAT Trarversal is enabled and the local SonicWALL discovered a NAT/NAPT device in front of the remote SonicWALL. NAT Discovery : No NAT/NAPT device detected between IPSec Security gateways NAT Traversal is enabled on the SonicWALL and did not detect a NAT/NATPT device on a VPN tunnel between two SonicWALL appliances. Access Rule added - An Access Rule was added to the SonicWALL. The type of rule is described in the Notes section of the View Log page. Access Rule deleted - An Access Rule was deleted from the SonicWALL. The type of rule is described in the Notes section of the View Log page. PPPoE user name changed by Administrator - The PPPoE user name was changed by the Administrator. Web access request received - The SonicWALL received a Web access request from the LAN. XAUTH Failed with VPN client, Authentication failure - A remote user using VPN Client to access the SonicWALL did not authenticate using XAUTH. VPN Client Policy Provisioning - A VPN Client has received its VPN SA configuration from the SonicWALL. NAT Discovery : Local IPSec Security Gateway behind a NAT/NAPT Device - NAT Traversal is enabled and has detected a NAT/NATP device between the SonicWALL and the WAN. NAT Discovery : Peer IPSec Security Gateway doesn't support VPN NAT Traversal NAT Traversal is enabled on the SonicWALL, but it is trying to connect to a VPN Gateway that doesnt support NAT Traversal. Access Rule modified - An Access Rule has been modified on the SonicWALL. The type of rule is described in the Notes section of the View Log page. Access Rules restored to defaults - The SonicWALL has restored the default rule set.
Page 23
WiFiSec Enforcement disabled by administrator - The administrator has disabled WiFiSec and VPN is no longer enforced on the WLAN. WiFiSec Enforcement enabled by administrator - WiFiSec is enabled and VPN is required to access the WLAN. Wireless MAC Filter List enabled by administrator - Wireless MAC Filter List is enabled and wireless cards access the WLAN using the MAC address as part of the authentication process. Wireless MAC Filter List disabled by administrator - Wireless card MAC addresses are no longer required as part of the authentication process. 802.11b Management - Activity on 802.11b is listed in the Notes column. wlan recovery - WLAN network has recovered from an error.
T: 408.745.9600 F: 408.745.9300
www.sonicwall.com
2002 SonicWALL, Inc. SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein may be trademarks and/ or registered trademarks of their respective companies. Specifications and descriptions subject to change with out notice.