ScreenOS 5.3.0 Messages--Text Only
P/N 093-1673-000, Rev. B



Addresses
Notification (00054)

Address <name_str> for { ip address <ip_addr | domain address <dom_name> } in zone <zone> has been { added | deleted | modified }

Address group <grp_name> has been { added | deleted | modified }

Address group <grp_name> has { added | deleted } member <mbr_name>

Address <name_str> for ip address <ip_addr> in zone <zone> { add | delete | modify }
	
	
Alarm (00054)

SCAN-MGR: Cannot get { AltServer info | Version number | 
Path_GateLockCE info } from server.ini file.
	
	

Admin
Alert (00027)
 
ScreenOS <version>.<version>.<version> Serial# <number>: Asset recovery performed

ScreenOS <version>.<version>.<version> Serial # <number>: Asset recovery has been aborted

System configuration has been erased
	

Critical (00027) 
Multiple login failures occurred for user <usr_str> from IP address <ip_addr>:<port_num>

Multiple login failures occurred for user <usr_str>	
	

Warning (00002)
 
Admin AUTH: Local instance of an external admin user’s privilege has been changed from <string> to <string>
	

Warning (00515)
 
Vsys admin user <usr_str> has logged { on | out } via { Telnet from <ip_addr>:<port_num> | SSH from <ip_addr>:<port_num> }
 
Vsys admin user <usr_str> has logged { on | out } via the console
 
Admin user <usr_str> has logged { on | out } via { Telnet from <ip_addr>:<port_num> | SSH from <ip_addr>:<port_num> }
 
Admin user <usr_str> has logged { on | out } via the console

Management session via { serial console | Telnet from <ip_addr>:<port_num> | SSH from <ip_addr>:<port_num> } for [ vsys ] admin <name_str> has timed out

Login attempt to system by admin <name_str> via { the console | Telnet from <ip_addr>:<port_num> | SSH from <ip_addr>:<port_num> } has failed <string>

Admin user <name_str> has been forced to log out of the serial console session.
 
Admin user <name_str> has been forced to log out of the SSH session on host <ip_addr>:<port_num>

Admin user <name_str> has been forced to log out of the Telnet session on host <ip_addr>:<port_num>

Admin user <name_str> has been forced to log out of the Web session on host <ip_addr>:<port_num>

Remotely authenticated Admin <name_str> demoted from ROOT privilege to RW privilege.

Remotely authenticated Admin <name_str> demoted from <string> privilege to <string> privilege.	


Warning (00518)
 
Admin user <name_str> has been rejected via the <serv_name> server at <ip_addr>
	

Warning (00519)
 
Admin user <name_str> has been accepted via the <serv_name> server at <ip_addr>
		

Notification (00002)
 
Root admin access restriction through console only has been { enabled | disabled } by admin <name><changed_via> 
 
Single use password restriction for read-write administrators has been { disabled | enabled } by admin <name_str><changed_via>
 
Root admin password restriction of minimum <number> characters has been { enabled | disabled } by admin <name> <changed_via>

Maximum failed login attempts from before administrative session disconnects has been modified from <number1> to <number2> by admin <name_str>

Admin user “<name_str>” logged in for Web ({ http | https }) management (port <port_num1>) from <ip_addr>:<port_num>.

Admin user “<name_str>” login attempt for Web ({ http | https }) management (port <port_num1>) from <ip_addr>:<port_num> failed.

Admin user “<name_str>” login attempt for Web ({ http | https }) management (port <port_num1>) from <ip_addr>:<port_num> failed due to an incorrect client ID.
 
Admin user “<name_str>” logged out for Web ({ http | https }) management (port <port_num1>) from <ip_addr>:<port_num>.	


Notification (00003)
 
The console timeout value changed from <number1> to <number2> minutes
 
The console page size changed from <number1> to <number2>

The serial console has been { enabled | disabled } by admin <name_str>

The console debug buffer has been {enabled | disabled }	
	

Information (00002)
 
Admin name for account <name_str1> has been modified to <name_str2> <name_str3>

Admin password for account <name_str1> has been modified <name_str2>

Admin account created for <name_str1> <name_str2>

Admin account deleted for <name_str1> <name_str2>
 
Admin account modified for <name_str1> <name_str2>
 
Management restriction for <ip_addr> subnet <mask> has been { added | removed }

Management restriction was removed from all IPs and subnets 

System IP has been changed from <ip_addr1> to <ip_addr2> <admin_name>

{ SSH | Telnet | HTTP } port has been changed from <port_num1> to <port_num2> <name_str>
 
Web admin authentication idle timeout value has been changed from <number1> to <number2> minutes
	
	
ADSL
Notification (00555)
 
ADSL Line UP Fast and Interleave Channels.
	 
ADSL Line Waiting for Activating.
 
ADSL Line Activating.

ADSL Line Down.

ADSL Line UP Fast Channel.
 
ADSL Line UP Interleaved Channel.
 
ADSL Line UP Fast Channel, change Utopia address to match it.

ADSL Line UP Interleaved Channel, change Utopia address to match it.
 
ADSL Line in an unknown state.

ADSL line signal lost detected.
 
Adsl line suicide request received.

ADSL line closed.
 
ADSL line opened ( time ).

ADSL line failed ( incompatible line conditions).

ADSL line failed ( protocol error).
 
ADSL line failed ( Error Message received from ATU-C).

ADSL line failed ( spurious ATU detected).
 
ADSL line failed ( forced silence).
 
ADSL line failed ( unselectable operation mode).

ADSL line open failed (unknown error code).

ADSL line open rejected.	


Antivirus
Critical (00554)
 
SCAN-MGR: Check AV pattern file failed with error code: <number>
 
SCAN-MGR: Cannot write AV pattern file to flash.
 
SCAN-MGR: Cannot retrieve AV pattern file from <ip_addr>:<port_num>. HTTP status code: <number>
	

Error (00554)
 
SCAN-MGR: Cannot get { AltServer info | Version number | 
Path_GateLockCE info } from server.ini file.

SCAN-MGR: Per server.ini file, the AV pattern file size is zero.
 
SCAN-MGR: AV pattern file size is too large (<number> bytes).
 
SCAN-MGR: Alternate AV pattern file server URL is too long: <number1> bytes. Max: <number2> bytes.

SCAN-MGR: Cannot retrieve { server.ini | AV pattern } file from <ip_addr>:<port_num>. HTTP status code: <number>.

SCAN-MGR: Cannot write AV pattern file to { RAM | flash }.

SCAN-MGR: Cannot check AV pattern file. VSAPI code: <number>

SCAN-MGR: Internal error occurred while retrieving { server.ini | AV pattern } file.

SCAN-MGR: Internal error occurred when calling this function: <string>. [ Layer: <number>. | Limit: <number>. | Returned: <string> ] { Error: <number> | Returned a NULL VSC handler | cpapiErrCode: <number> }.

SCAN-MGR: TmIntSetScanMethod failed. Scan Method: <number> Err: <number>.	
	

Error (00054)
 
APPPRY: Suspicious client <ip_addr1>:<port_num1>-><ip_addr2>:<port_num2> used <number1> percent of AV resources, which exceeded the max of <number2> percent.
	
	
Warning (00547)
 
AV scan-mgr has been { attached to | detached from } policy ID <id_num>

AV: VIRUS FOUND: <ip_addr1>:<port_num1>-><ip_addr2>:<port_num2>, <string>

AV: Content from <ip_addr1>:<port_num1>-><ip_addr2>:<port_num2> was not scanned because max content size was exceeded.

AV: Content from <ip_addr1>:<port_num1>-><ip_addr2>:<port_num2> was not scanned because max content size was exceeded.

AV: Content from <ip_addr1>:<port_num1>-><ip_addr2>:<port_num2> was not scanned due to a scan engine error or constraint.

AV object scan-mgr <application> has been disabled.

AV object scan-mgr <application> timeout has been reset to its default value.
	
	
Warning (00566)

SMTP relay from <ip_address1>(<port#>) -><ip_address1>(<port#>) fails with response code <number>.

APP session <ip_address1>(<port#>) -><ip_address2>(<port#>) is aborted due to <string> with code <number>.	
	

Notification (00554)
 
SCAN-MGR: URL for AV pattern update server has been set to <ip_addr>, and the update interval to <number> minutes.

SCAN-MGR: URL for AV pattern update server has been unset, and the update interval returned to its default.

SCAN-MGR: New AV pattern file has been updated. Version: <number>; size: <number> bytes.
 
SCAN-MGR: New AV pattern file has been updated. Version: <number>; size: <number> bytes.

SCAN-MGR: Attempted to load AV pattern file created <date:time1> after the AV subscription expired. (Exp: date:time2>)

SCAN-MGR: <ip_addr>	
	

Notification (00066)
 
AV maximum content size has been set to <number>KB.

AV maximum number of concurrent messages has been set to <number>.

AV fail mode has been set to {drop | pass} unexamined traffic if content size exceeds max.
 
AV fail mode has been set to <string> unexamined traffic if any error occurs.

AV per client allowed resource has been set to <number> percent.
 
AV HTTP turn <string> http connection header close modification.

AV HTTP turn <string> http webmail scanning.

AV HTTP set webmail pattern <string1> <string2> <string3><string4>.

AV HTTP unset webmail pattern <string1><string2>.

AV HTTP turn off http trickling setting.

AV HTTP trickling setting to be trickling <number1> byte for every <number2> Mb if content length is larger than <number3> MB.

AV <string> has been {attached | detached} to policy ID <id_number>

AV {sets | removes} ext list <string1> with file extensions <string2>.

AV {sets | removes} MIME list <string1> with MIME extensions <string2>.

AV {sets | removes} a profile <string>.

AV profile <string1> {set | unset} protocol <string2><string3><string4> <string5><string6>
 
AV queue size is set to <number>.
	
	
Notification (00547)

AV object scan-mgr <application> has been enabled [ with timeout <number> ].	
	

Notification (00554)

SCAN-MGR: Number of decompression layers has been set to <number>.

SCAN-MGR: Maximum content size has been set to <number> KB.

SCAN-MGR: Maximum number of concurrent messages has been set to <number>.

SCAN-MGR: Fail mode has been set to { drop | pass } unexamined traffic if { content size | number of concurrent messages } exceeds max.

SCAN-MGR: AV pattern file has been set not to load upon bootup.

SCAN-MGR: IP address for dump TFTP server has been set to <ip_address>.

SCAN-MGR: URL for AV pattern update server has been set to <url_str>, and the update interval to <number> minutes.

SCAN-MGR: URL for AV pattern update server has been unset, and the update interval returned to its default.

SCAN-MGR: New AV pattern file has been updated. Version: <number1>; size: <number2> bytes.

SCAN-MGR: AV client has exceeded its resource allotment. Remaining available resources: <number>.

SCAN-MGR: Attempted to load AV pattern file created <date1> after the AV subscription expired. (Exp: <date2>)

SCAN-MGR: <string>
	
	
ARP
Critical (00031)

{ arp req | arp reply } detected an IP conflict (IP <ip_addr>, MAC <mac_addr>) on interface <interface>
	
	
Critical (00079)

{ arp req | arp reply } detected a duplicate VSD group master (IP <ip_addr>, MAC <mac_addr>) on interface <interface>
	
	
Notification (00031) 

ARP detected IP conflict: IP address <ip_addr> changed from interface <interface> to interface <interface>


Notification (00051)

Static ARP entry { added to | deleted from } interface <interface> with IP <ip_address> and MAC <mac_addr>
	

Notification (00053)

ARP always on destination enabled
	

Notification (00054)

ARP always on destination disabled	
	

Attack Database
Notification (00767)

Attack database version <number> has been [ authenticated and ] saved to flash.

Cannot parse attack database [ header info ]

Cannot switch to attack database version <version>

Cannot save attack database version <version>

Cannot download attack database from <url_str> (error <error_code>)

Deep Inspection update key has expired.

Attack database version <number> was rejected because the authentication check failed.

Attack <string1> was {created|deleted|changed to} <string2><string3><string4>.

Attack <string1> was {added | deleted} to attack group <string2><string3><string4>.

Attack group <string1> was {created | deleted } <string2> <string3>.

Attack group <string1> was changed to<string2> <string3> <string4>.

Attack group <string1> was {added | removed} {to | from} attack group <string2><string3><string4>.
	
	
Attacks
Emergency (00005)

SYN flood! From <src_ip>:<src_port> to <dst_ip>:<dst_port>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number> times.
	

Emergency (00006)

Teardrop attack! From <src_ip>:<src_port> to <dst_ip>:<dst_port>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.
	

Emergency (00007)

Ping of Death! From <src_ip> to <dst_ip>, proto 1 (zone <zone_name>, int <interface_name>). Occurred <number> times.
	

Alert (00004)

WinNuke attack! From <ip_addr1>:<port_num1> to <ip_addr2>:139, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number> times.
	

Alert (00008)

IP spoofing! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number> times.
	

Alert (00009)

Source Route IP option! From <src_ip>:<src_port> to <dst_ip>:<dst_port>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.
	

Alert (00010)

Land attack! From <ip_addr1>:<port_num> to <ip_addr2>:<port_num>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number2> times.
	

Alert (00011)

ICMP flood! From <ip_addr1> to <ip_addr2>, proto 1 (zone <zone_name>, int <interface_name>). Occurred <number> times.
	

Alert (00012)

UDP flood! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto UDP (zone <zone_name>, int <interface_name>). Occurred <number> times.
	

Alert (00016)

Port scan! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.
	

Alert (00017)

Address sweep! From <ip_addr1> to <ip_addr2>, proto 1 (zone <zone_name>, int <interface_name>). Occurred <number> times.
	

Critical (00032)

Malicious URL! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number> times.
	

Critical (00033)

Src IP session limit! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.
	

Critical (00412)

SYN fragment! From <ip_addr1>:<port_num> to <ip_addr2>:<port_num>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number2> times.
	

Critical (00413)

No TCP flag! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.
	

Critical (00414)

Unknown protocol! From <ip_addr1>:<port_num> to <ip_addr2>:<port_num>, proto <number1> (zone <zone_name>, int <interface_name>). Occurred <number2> times.
	

Critical (00415)

Bad IP option! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.


Critical (00430)

Dst IP session limit! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.
	

Critical (00431)

ZIP file blocked! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.
	

Critical (00432)

Java applet blocked! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.
	

Critical (00433)

EXE file blocked! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.
	

Critical (00434)

ActiveX control blocked! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.
	

Critical (00435)

ICMP fragment! From <ip_addr1> to <ip_addr2>, proto 1 (zone <zone_name>, int <interface_name>). Occurred <number> times.
	

Critical (00436)

Large ICMP packet! From <ip_addr1> to <ip_addr2>, proto 1 (zone <zone_name>, int <interface_name>). Occurred <number> times.
	

Critical (00437)

SYN and FIN bits! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number2> times.
	

Critical (00438)

FIN but no ACK bit! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number2> times.
	

Critical (00439)

SYN-ACK-ACK Proxy DoS! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto TCP (zone <zone_name>, int <interface_name>). Occurred <number> times.
	

Critical (00440)

Fragmented traffic! From <ip_addr1>:<port_num1> to <ip_addr2>:<port_num2>, proto { TCP | UDP | <number1> } (zone <zone_name>, int <interface_name>). Occurred <number2> times.
	

Critical, Error, Warning, Notification, Information (00601)

<name_str> attack! From <src_ip>:<src_port> to <dst_ip>:<dst_port>, proto { TCP | UDP }, through policy <id_num>. Occurred <number> times.	


Notification (00002)

<string> has been { enabled | disabled } on zone <name_str>

<string> has been set to <number> for zone <name_str>

Malicious URL <name_str> has been { added | deleted | modified } for zone <name_str>

{ Bypass-others-IPSec | Bypass non-IP traffic } option has been { enabled | disabled }

Logging of { dropped | IKE | SNMP | ICMP } traffic to self has been { enabled | disabled }

Logging of dropped traffic to self (excluding multicast) has been { enabled | disabled } on <zone> <name_str>
	

Notification (00767)

Attack <name_str> was { created | deleted }

Attack <name_str1> was changed to <name_str2>

Attack [ group ] <name_str1> was { added to | removed from } <name_str2>

Attack group <name_str> was { created | deleted }

Attack group <name_str1> was changed to <name_str2>
	
	
Auth
Warning (00518)

Authentication for user <usr_str> was denied, (long username)

Authentication for user <usr_str> was denied, (long password)

User <usr_str> at <ip_addr> has been rejected via the {RADIUS | SecurID | LDAP | Local } server at <ip_addr>

User <name_str> at <ip_addr> {RADIUS | SecurID | LDAP | Local } authentication attempt has timed out

User <name_str> at <ip_addr> has been challenged via the {RADIUS | SecurID | LDAP | Local } server at <ip_addr> (Rejected since challenge is not supported for Web)

User <name_str> at <ip_addr> has been challenged via the {RADIUS | SecurID | LDAP | Local } server at <ip_addr> (Rejected since challenge is not supported for FTP)

WebAuth user <name_str> at <ip_addr1> has been rejected/timed out via the {RADIUS | SecurID | LDAP | Local } server at <ip_addr2>

Local authentication for WebAuth user <usr_str> was denied 

Error in authentication for WebAuth user <usr_str>

Local authentication for user <usr_str> was denied
		

Warning (00519)

WebAuth user <name_str> at <ip_addr1> has been accepted via the {RADIUS | SecurID | LDAP | Local } server at <ip_addr2>

User <name_str> <grp_name> at <ip_addr> has been accepted via the {RADIUS | SecurID | LDAP | Local} server at <ip_addr>

Local authentication for WebAuth user <usr_str> was successful 

Local authentication for user <usr_str> was successful 
	

Warning (00520)

Trying primary server <serv_name>

Trying backup1 server <serv_name>

Trying backup2 server <serv_name>

Backup1 <serv_name>, backup2 <serv_name>, and primary <serv_name> servers failed

Backup2 <serv_name>, primary <serv_name>, and backup1 <serv_name> servers failed

Primary <serv_name>, backup1 <serv_name>, and backup2 <serv_name> servers failed
	

Notification (00015)

WebAuth is set to <serv_name>

Auth server <serv_name> server name has been unset

Host name for Infranet Controller <name_str>changed from <string> to <string>.

Infranet Enforcer has connected to Infranet Controller <name_str> (ip <ip_addr>).

Auth server <serv_name> RADIUS secret has been unset

Timeout for Infranet Controller <name_str> changed from <number1> to <number2>seconds.

Auth server <serv_name> RADIUS secret has been unset

Auth server <serv_name> timeout has been unset to default <timeout>

Password for Infranet Controller <name_str>changed.

Infranet Enforcer did not receive a keepalive from the Infranet Controller(ip_addr) in the past <number> seconds. Cleaning up internal state.

Auth server <serv_name> RADIUS port has been unset to default <port_num>

Source interface for Infranet Controller <name_str> changed from <interface> to <interface>.

Infranet Enforcer could not connect to the Infranet Controller because no IP address is set for the Controller.

Auth server <serv_name> type has been set to {RADIUS | SecurID | LDAP}

Certificate Authority index for Infranet Controller <name_str> changed.

Infranet Enforcer could not connect to the Infranet Controller because a socket is already connected.

Certificate subject for Infranet Controller <name_str> changed from <string> to <string>.

Infranet Enforcer could not connect to the Infranet Controller because no password is set for the Controller.

Infranet Controller <name_str> was deleted.

Infranet Enforcer could not connect to the Infranet Controller because no certificate is set for the Controller.

Auth server <serv_name1> server name has been set to <serv_name2>

Infranet Controller <name_str> was created.

Infranet Enforcer could not connect to the Infranet Controller because a socket could not be created.

Auth server <serv_name> RADIUS secret has been changed

Port number for Infranet Controller <name_str> changed from <number> to <number>.

Infranet Enforcer could not connect to the Infranet Controller because the <interface> interface could not be bound to the socket.

Auth server <serv_name> SecurID server name has been set to <serv_name>

IP address for Infranet Controller <serv_name> changed from <ip_addr1> to <ip_addr2>.

Infranet Enforcer could not connect to the Infranet Controller because the socket could not be bound.

Auth server <serv_name> SecurID auth port has been set to <port_num>

Contact interval for Infranet settings changed from <number> to <number> seconds.

Contact interval for Infranet settings changed from <number> to <number> seconds.

Infranet Enforcer could not connect to the Infranet Controller because the socket could not be bound to SSL protocol.

Timeout action for Infranet settings changed from <string> to <string>.

Infranet Enforcer could not connect to the Infranet Controller because the Controller could not be reached on the network.

Auth server <serv_name> SecurID use duress has been { enabled | disabled }

Auth server <serv_name> SecurID timeout has been set to <number>

Auth server <serv_name> SecurID client retries has been set to <number>

Auth server <serv_name> SecurID backup1 server name has been set to <serv_name>

Auth server <serv_name> authentication timeout has been set to <number>

Auth server <serv_name> LDAP parameters have been set to server name: <ip_addr>, port: <port_num>, dn:<string>, cn:<string>

Auth server <serv_name> RADIUS port has been set to <port_num>

Auth server <serv_name> has been { created | modified }

Auth server <serv_name> type has been unset to default RADIUS

Auth server <serv_name> backup1 name has been unset

Auth server <serv_name> backup2 name has been unset

Auth server <serv_name> account type has been set to <account_type>

Auth server <serv_name> RADIUS retry timeout has been set to default of <number>

Auth server <serv_name> has been deleted

Auth server <serv_name> LDAP dn has been set to <string>

Auth server <serv_name> LDAP cn has been set to <string>

Auth server <serv_name> LDAP port number has been set to <port_num>

Auth server <serv_name1> backup1 server name has been set to <serv_name2>

Auth server <serv_name> backup2 server name has been set to <serv_name2>

Auth server <serv_name> id has been set to <id_num>

Default firewall authentication server has been changed to <serv_name>

Admin user <usr_str> attempted to verify the encrypted password <password>. Verification was successful.

Admin user <usr_str> attempted to verify the encrypted password <password>. Verification failed. 

Auth server <name_str> username separator character has been set to <string>, number of occurrences of separator character is <number>

Number of RADIUS retries for auth server <name_str> has been set to <number>
	
Auth server <name_str> fail-over revert interval has been set to <number> seconds.
		

Notification (00525)

User <usr_str> at <ip_addr1> must enter “Next Code” for SecurID <ip_addr2>

User <usr_str> at <ip_addr1> must enter “New PIN” for SecurID <ip_addr2>

User <usr_str> at <ip_addr1> must make a  “New PIN”  choice for SecurID <ip_addr2>

User <usr_str> at <ip_addr1> has selected a system-generated PIN for authentication with SecurID <ip_addr2>

The new PIN for user <usr_str> at <ip_addr1> has been { accepted | rejected }  by SecurID <ip_addr2>.
	

Notification (00544)

Access for firewall user <usr_str> at <ip_addr> (accepted at <time> for duration <number> via the <serv_name> auth server) by policy id <pol_num> is now over

Access for firewall user <usr_str> at <ip_addr> (accepted at <time> for duration <number>) by policy id <pol_num> is now over

Access for WebAuth firewall user <usr_str> at <ip_addr> (accepted at <time> for duration <number> via the <serv_name> auth server) is now over

Access for WebAuth firewall user <usr_str> at <ip_addr> (accepted at <time> for duration <number>) is now over
	

Notification (00546)

User <usr_str> <grp_name> at <ip_addr> has been challenged by the { RADIUS | SecurID | LDAP | Local } server at <ip_addr>
	

Notification (00767)

The dictionary file version of the RADIUS server <string> does not match <string>

The device cannot send data to the SecurID server	

User <usr_str> belongs to a different group in the RADIUS server than one allowed in the device

The device cannot contact the SecurID server

Cannot get route to SecurID server <ip_addr>

FIPS: Attempt to set RADIUS shared secret with invalid length <number>
	

BGP

Critical (00206)

The total number of redistributed routes into BGP in vrouter (<vrouter>) exceeded system limit (<number>)


Notification (00039)

(Un)set virtual router <vrouter> with the BGP protocol <command name>

(Un)set virtual router <vrouter> with the configuration command <command name>

<configuration command>
	

Information (00542)

BGP instance created for virtual router <vrouter>

BGP instance deleted for virtual router <vrouter_name>

BGP peer <peer_ip_addr> changed to Established state.

BGP peer <peer_ip_addr> changed to Idle state

<notification_error><error_string>

<error_string> invalid error code from notification message.

BGP peer <peer_ip_addr> {created | removed}.

BGP peer <peer_ip_addr> enabled.

BGP peer <peer_ip_addr> disabled.

BGP of vr: <vrouter>, prefix adding: <ip_addr>/<number>, ribin overflow <overflow_count> times (max rib-in <ribin_count>)

BGP of vr: <vrouter>, failed to add prefix <ip_addr>/<mask> to FDB

BGP of vr: <vrouter>, closing the socket: exceeded maximum number of bgp peers allowed (number)

BGP of vr: <vrouter>, Route <ip_addr>/<mask> ignored, Path Attr len: <number> (greater than max. <number>)
	

Device
Alert (00767)

Fatal error. The NetScreen device was unable to upgrade the file system, and the old file system is damaged.

Fatal error. The NetScreen device was unable to upgrade the loader, and the loader is damaged.
	

Critical (00020)

System memory is low (<number1> bytes allocated out of total <number2> bytes).
	

Critical (00022)

The NetScreen device was unable to upgrade the file system due to an internal conflict.

The NetScreen device was unable to upgrade the file system, but the old file system is intact.

The Netscreen device was unable to upgrade due to an internal conflict.

The NetScreen device was unable to upgrade the loader, but the loader is intact.

The power supply { primary | secondary } is functioning properly.

The power supply { primary | secondary } is not functioning properly.

All power supplies are now functioning properly.

At least one power supply is not functioning properly.

All fans are now functioning properly.

At least one fan is not functioning properly.

The battery is now functioning properly.

The battery is not functioning properly.

System’s temperature: (<number1> Centigrade, <number2> Fahrenheit) is severely high!

The system temperature (<number1> Centigrade, <number2> Fahrenheit) is too high!

The system temperature (<number1> Centigrade, <number2> Fahrenheit) is OK now.
	
	
Critical (00034)

Ethernet driver ran out of rx bd (port <number>)


Notification (00002)

LCD control keys have been locked.

LCD display has been turned off and the LCD control keys have been locked.

LCD display has been turned on.

LCD display has been turned on and the LCD control keys have been unlocked.
	

Notification (00022)

The NetScreen device file system upgrade operation was successful.

The NetScreen device file system is already upgraded.

The NetScreen device was unable to complete the upgrade of the file system.

The NetScreen device loader upgrade operation was successful.

The NetScreen device loader is already upgraded.

The NetScreen device was unable to complete the upgrade of the loader.
	

Notification (00545)

Modem <name_str> is connected. Phone number: <phone_number>, Account name: <name_str>, Status <string>

Modem <name_str> has been disconnected.

Failed to initialize modem <name_str>, <modem_token_str>

Modem <name_str> failed to dial <phone_number>, <modem_token_str>
	

DHCP
Alert (00029)

IP pool of DHCP server on interface <interface> is full. Unable to { commit | offer } IP address to client at <mac_addr>
	

Critical (00029)

DHCP server set to OFF on <interface> (another server found on <ip_addr>).
	

Warning (00527)

IP pool of DHCP server on interface <interface> is more than 90% allocated.
	

Notification (00009)

DHCP client has been { enabled | disabled } on interface <interface>
	

Notification (00024)

DHCP server shared IP has been { enabled | disabled }

DHCP server has been { enabled | disabled }
	
DHCP server options have been been { changed | removed }

DHCP server IP address pool has changed.

DHCP relay agent settings on <interface> have been { set | unset }

DHCP client admin preference has been set on <interface> as <number>

DHCP client admin preference has been unset on <interface> from <number>
	

Notification (00027)

DHCP client server-update has been { enabled | disabled }

DHCP client auto-config has been { enabled | disabled }

DHCP client lease time has been set to default value.

DHCP client lease time has been set to <number> minutes.

DHCP client server IP address has been reset.

DHCP client server IP address has been set to <ip_addr>

DHCP client vendor identifier has been reset.

DHCP client vendor identifier has been set to "<string>"
	

Information (00527)

IP address <ip_addr> has been assigned to <mac_addr>

IP address <ip_addr> has been released from <mac_addr>

DHCP server has assigned or released an IP address.

One or more IP addresses have expired.

MAC address <mac_addr> has declined address <ip_addr>

DHCP server has released an IP address.

DHCP server on interface <interface> received DHCPDISCOVER from <mac_addr> requesting out-of-scope IP address <ip_addr>/<mask>
	

Information (00530)

DHCP client is unable to get IP address for interface <interface>

DHCP client lease for <ip_addr> has expired.

DHCP server <ip_addr> has assigned interface <interface> with IP address <ip_addr> (lease time <number> minutes).

An IP address conflict has been detected and the DHCP client has declined address <ip_addr>

DHCP client IP address <ip_addr> for interface <interface> has been manually released.

DHCP client on interface <interface> was offered IP <ip_addr>/<mask> Did not proceed with DHCPREQUEST. Reason -- <string>
	

Information (00767)

System auto-config of file <filename> from TFTP server <ip_addr> has been loaded successfully.

System auto-config of file <filename> from TFTP server <ip_addr> has failed.
	

DIP
Notification (00021)

DIP IP pool <ip_addr1>-<ip_addr2> has been { added | modified | deleted }

DIP IP pool <id_num1> was removed from DIP group <id_num2> from { console | telnet | web }

DIP group <id_num> was { created | removed }

DIP pool <id_num1> was added into DIP group <id_num2>

DIP port-translation stickiness was [ enabled | disabled ]


DNS

Critical (00021)

DNS server is not configured.

Connection refused by the DNS server.

Unknown DNS error.
	

Notification (00004)

{ Primary | Secondary } DNS server IP has been changed.

DNS cache table has been cleared.

DNS entries have been refreshed as result of external event.

Daily DNS lookup has been disabled

DNS Proxy module has been { enabled | disabled }.

DNS Proxy module has more concurrent client requests than allowed.

DNS Proxy server select table enties exceeded max limit

Proxy server select table added with domain <dom_name>, interface <interface>, primary-ip <ip_addr1>, secondary-ip <ip_addr2>, tertiary-ip <ip_addr3>, failover { enabled | disabled }

DNS Proxy server select table entry deleted with domain <dom_name>

Daily DNS lookup time has been changed to start at <hour>:<minutes> with an interval of <number> hours.
	

Notification (00029)

DNS has been refreshed.
	

Notification (00059)

DDNS module is { disabled | enabled }.

DDNS entry with id <id_num> is deleted.

DDNS module is { initialized | shut down }.

DDNS entry with id <id_num> is configured with server type "<string1>" name "<name_str>" refresh-interval <number1> hours minimum update interval <number2> minutes with { secure | clear-text } secure connection.

DDNS entry with id <id_num> is configured with user name "<name_str1>" agent "<name_str2>"

DDNS entry with id <id_num> is configured with interface "<interface>" host-name "<name_str>"

Hostname of DDNS entry with id <id_num> is cleared.

Source interface of DDNS entry with id <id_num> is cleared.

Agent of DDNS entry with id <id_num> is reset to its default value.

Username and password of DDNS entry with id <id_num> are cleared.

Updates for DDNS entry with id <id_num> are set to be sent in secure (https) mode.

Refresh interval of DDNS entry with id <id_num> is set to default value (168 hours).

Minimum update interval of DDNS entry with id <id_num> is set to default value (60 min)

Server of DDNS entry with id <id_num> is cleared.

No-Change response received for DDNS entry update for id <id_num> user "<name_str1>" domain "<dom_name>" server type "{ ddo | dyndns }", server name "<name_str2>"

Error response received for DDNS entry update for id <id_num> user "<name_str1>" domain "<dom_name>" server type "{ ddo | dyndns }", server name "<name_str2>"

DDNS server <name_str> returned incorrect ip <ip_addr1>, local-ip should be <ip_addr2>
	

Information (00004)

DNS entries have been { manually | automatically } refreshed.

DNS entries have been refreshed by HA.

DNS entries have been refreshed as a result of DNS server address change.
	

Entitlement
Alert (00027)

License key <key_num> is due to expire in a month.

License key <key_num> has expired.

License key <key_num> is due to expire in 2 months.

License key <key_num> is due to expire in 2 weeks.

License key <key_num> expired after 30-day grace period.

Request to retrieve license key failed to reach server by <string>. Server url: <url_str>

Request to register the device failed to reach the server by < string >. Server url: < url_str> 
	

Notification (00036)

<number> license keys were updated successfully by <string>

Received identical license key by <string>

No license key is available for retrieval by <string>


Flow
Notification (00002)

Transparent virtual wire mode has been { enabled | disabled }
	
	
Notification (00040)

High watermark for early aging has been changed to the default (<number>).

Low watermark for early aging has been changed to the default (<number>).

The aggressive ageout value has been changed to the default (<number>).

High watermark for early aging has been changed from <number1> to <number2>

Low watermark for early aging has been changed from <number1> to <number2>

Aggressive ageout value has been changed from <number1> to <number2>
	

Notification (00601)

IP action detected attack attempt <src ip><src port>-><dst ip><dst port> vsys: <vsys name>intf: <interface name> [dropping pkt].
	

Notification (00512)

Running in Infranet Test mode: Allow packet on Infranet auth policy. Infranet Controller timeout occurred, timeout action was 'open'.

Running in Infranet Test mode: Allow packet. In Regular mode, would drop packet on Infranet auth policy since Infranet Controller timeout occurred and timeout action was 'close'

Running in Infranet Test mode: Infranet authentication succeeded, let the packet through.

Running in Infranet Test mode: Allow packet. In Regular mode, would drop packet on Infranet auth policy since Infranet auth table denied it.

Running in Infranet Test mode: Allow packet. In Regular mode, would drop packet on Infranet auth policy since there is no infranet auth table entry 
	

GTP

Notification (00065)

GTP { passes V0 | passes V1 | drops V0 | drops V1 } <gtp_message>; by admin

GTP sets { maximum message length | minimum message length } <number>; by admin
	

Notification (00311)

GTP initially allocated; trust_untrust

GTP deletes tunnel <tunnel_index> (teid <tunnel_id>), in <number_in_bytes> out <number_out_bytes>, duration: <number> seconds

<src_interface><src_ip><src_port><dst_interface><dst_ip><dst_port><message_length><packet_contexts><IE_values>{ pass | drop }
	

Notification (00312)

Trace <tunnel_index> <src_ip> <dst_ip> <tunnel_id> <dst_port> <message_length>

<packet_content>
	

High Availability
Critical (00015)

The NSRP configuration is out of synchronization between the local device and the peer device.

NSRP: <ha_link_state>

NSRP link channel <channel_name>changed to link channel <new channel>
	

Critical (00060)

RTO mirror group <group_ip> with direction <direction> changed on the local device from <old state> to up state, it had peer device <device_id>
	

Critical (00061)

RTO mirror group <group_ip> with direction <direction> on peer device <device_id> changed from <old_state> to <new_state> state.

RTO mirror group <group_ip> with direction <direction> on local device <device_id>, detected a duplicate direction on the peer device <device_id>

Peer device <device_id> { disappeared | was discovered }.

Peer device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to <new_state>

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to <new_state>

NSRP: nsrp control channel change to <interf_name>
	

Critical (00070)

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Init
	

Critical (00071)

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Master
	

Critical (00072)

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Primary Backup
	

Critical (00073)

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Backup


Critical (00074)

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Ineligible
	

Critical (00075)

The local device <device_id> in the Virtual Security Device group <vsd_group_id> changed state from <old_state> to Inoperable	
	

Critical (00076)

The local device <device_id> in the Virtual Security Device group <vsd_group_id> sent a 2nd path request to the peer device <device_id>
	

Critical (00077)

The local device <device_id> in the Virtual Security Device group <vsd_group_id> received a 2nd path request from peer device <device_id> to device <device_id>
	

Notification (00007)

The HA channel changed to interface <interface>

NSRP cluster encryption password changed.

NSRP cluster authentication password changed.

Message <message_type_name> was dropped because it contained an invalid encryption password.

Virtual Security Device group <vsd_group_id> changed to { preempt | non-preempt } mode.

The heartbeat interval of all Virtual Security Device groups changed from <number> (milliseconds) to <number> (milliseconds).

Device <device_id> { has joined | quit current } NSRP cluster <cluster_id> 

Virtual Security Device group <vsd_group_id> was deleted. The total number of members in the group was <number>

Virtual Security Device group <vsd_group_id> was created. The total number of members in the group is <number>

Virtual Security Device group <vsd_group_id> priority changed from <old_priority> to <new_priority>

The secondary HA path of the devices changed from <path1> to <path2>

The secondary HA path of the devices was set to interface <interface_name> with ifnum <interface_number>

The interface <interface_name> with ifnum <interface_number> was removed from the secondary HA path of the devices.

NSRP: HA link probe { enabled | disabled }

The probe that detects the status of High Availability link <link_name> was disabled

The interval of the probe detecting the status of High Availability link <link_name> was set to <number> seconds.

The threshold of the probe detecting the status of High Availability link <link_name> was set to <threshold_value>

A request by device <device_id> for session synchronization(s) was accepted.

The current session synchronization by device <device_id> completed.

Run Time Object mirror group <mirror_group_id> direction was set to <direction>

Run Time Object mirror group <mirror_group_id> was set.

Run Time Object mirror group <mirror_group_id> with direction <direction> was unset.

RTO mirror group <mirror_group_id> was unset.

Interface <interface_name> was removed from the monitoring list for <monitoring_list_name>

Interface <interface_name> with weight <weight_value> was added to or updated on the monitoring list for <monitoring_list_name>

Zone <zone_name> was removed from the monitoring list <monitoring_list_name>

Zone <zone_name> with weight <weight_value> was added to or updated on the monitoring list for <monitoring_list_name>

The monitoring threshold was modified to <threshold_value> for <monitoring_list_name>

The NSRP encryption key was changed.

NSRP data forwarding was {enabled | disabled}.

NSRP black hole prevention enabled. Master(s) of Virtual Security Device groups always exists.

NSRP black hole prevention disabled. Master(s) of Virtual Security Device groups may not exist.

NSRP Run Time Object synchronization between devices was {enabled | disabled}

NSRP transparent Active-Active mode was enabled.
	
NSRP transparent Active-Active mode was disabled.

NSRP: nsrp link probe enable on <interf_name>
	

Information (00767)

HA: Synchronization file(s) { <filename> | all } sent to backup device in cluster.
	

IP Tracking
Critical (00062)

Track IP IP address <IP_address> {failed | succeeded}.

Track IP failure reaches threshold.

Device cannot create Track IP object list.

Device cannot create Track IP list.

No interface/route enables the Track IP IP address <IP_address> to be transmitted.

Track IP IP address <IP_address> added with an interval of <seconds> seconds, a threshold of <threshold>, a weight of <weight> on interface <interface_name> using method <method_name>
	

Notification (00050)

Track IP IP address <IP_address> removed.

Track IP <ip_address> interval changed from <seconds1> to <seconds2>

Track IP <ip_address> threshold value changed from <threshold1> to <threshold2>

Track IP <ip_address> weight changed from <weight1> to <weight2>

Track IP <ip_address> interface changed from <interface_number1> to <interface_number2>

Track IP <ip_address> method changed from method name <method_name1> to <method_name2>

Track_IP <ip_address> gateway was changed from { the interface default gateway | gateway IP address <gateway1_IP_address> } to {<gateway2_IP_address> | the interface default gateway } 

Track IP default gateway updated.

Track IP default gateway { enabled | disabled }.

Track ip failed because it exceeded the threshold set to <number>.

Track IP threshold disabled.

Track IP object <track_ip_object_name> failed because the Track IP weight value <number> was exceeded.

Track IP object <track_ip_object_name> failed because the Track IP default weight value was exceeded.


HDLC
Notification (00539)

Dialup HDLC PPP failed to establish a session. No IP address assigned.

Dialup HDLC PPP session has been successfully established.

Dialup HDLC PPP failed to establish a session: <string>.
	

IGMP

Notification (00055)

IGMP host instance was { created | deleted } on interface <interface>.

IGMP router instance was { created | deleted } on interface <interface>.

IGMP function was { enabled | disabled } on interface <interface>.

IGMP will not do same subnet check on interface <interface>.

IGMP will do same subnet check on interface <interface>.

IGMP will not do router alert IP option check on interface <interface>.

IGMP will do router alert IP option check on interface <interface>.

IGMP version was changed to <number> on interface <interface>.

IGMP query interval was changed to <number> seconds on interface <interface>.

IGMP query max response time was changed to <number> seconds on interface <interface>.

IGMP leave interval was changed to <number> seconds on interface <interface>.

IGMP last member query interval was changed to <number> seconds on interface <interface>.

IGMP routers accept list ID was changed to <id_num> on interface <interface>.

IGMP hosts accept list ID was changed to <id_num> on interface <interface>.

IGMP groups accept list ID was changed to <id_num> on interface <interface>.

IGMP group <id_num> static flag was removed on interface <interface>. The IGMP group is no longer static.

IGMP all groups static flag was removed on interface <interface>. The IGMP groups are no longer static.

IGMP static group <id_num> was added on interface <interface>.

IGMP group <id_num> static flag was added on interface <interface>.

IGMP proxy was disabled on interface <interface>.

IGMP proxy was enabled on interface <interface>.

IGMP proxy always is disabled on interface <interface>.

IGMP proxy always is enabled on interface <interface>.

IGMP group <mcast_addr> static flag was removed on interface <interface>.

IGMP all groups static flag was removed on interface <interface>.

IGMP static group <mcast_addr> was added on interface <interface>.

IGMP group <mcast_addr> static flag was added on interface <interface>.

IGMP proxy was { enabled | disabled } on interface <interface>.

IGMP proxy always is disabled on interface <interface>.
	

IKE
Alert (00026)

IKE <ip_addr>: Policy Manager’s default CA is used by peer to establish an IPSec VPN.

IPSec tunnel on int <interface> with tunnel ID <id_num> received a packet with a bad SPI. <src_ip_addr>-><dst_ip_addr>/<pckt_len>, { ESP | AH }, SPI <number1>, SEQ <number2>
	

Critical (00042)

Replay packet detected on IPSec tunnel on <interface> with tunnel ID <number>! From <src_ip_addr> to <dst_ip_addr>/<pckt_len>, { ESP | AH }, SPI <number1>, SEQ <number2>.
	

Critical (00047)

Number of IAS exceeds configured maximum <number>.
	

Critical (00048)

Number of IAS crossed configured upper threshold <number>.


Critical (00049)

Number of IAS crossed configured lower threshold <number>.
	

Critical (00050)

IAS for peer <%P<ip_addr>> has IKE error: <id_num>
	

Notification (00017)

Gateway <name_str> at <ip_addr> in { Main | Aggressive } mode with ID <string> has been { added | modified | deleted }

P1 proposal <name_str> with { Preshared | RSA-sig | DSA-sig }, DH group { 0 | 1 | 2 | 5 }, ESP { NULL | DES | 3DES | AES128 | AES192 | AES256 }, auth { NULL | MD5 | SHA-1 }, and lifetime <number> has been { added | modified | deleted }.

P2 proposal <name_str> with DH group { 0 | 1 | 2 | 5 }, { AH | ESP }, enc { NULL | DES | 3DES | AES128 | AES192 | AES256 }, auth { NULL | MD5 | SHA-1 }, and lifetime (<number> sec/<number> KB) has been { added | modified | deleted }.
	

Information (00536)

IKE <ip_addr1> >> <ip_addr2> Phase 1: Initiated negotiations in { Aggressive | Main } mode.

IKE <ip_addr> Phase 1: Responder starts { Main | Aggressive } mode negotiations.

IKE <ip_addr>: The initial contact task is already in the task list. 

IKE <ip_addr> Phase 1: Completed { Aggressive | Main } mode negotiations with a <number>-second lifetime.

IKE <ip_addr> Phase 1: Completed for user <name_str>.

IKE <ip_addr> Phase 1: Discarded a second initial packet, which arrived within 5 seconds after the first.

IKE <ip_addr> Phase 1: Discarded peer’s P1 request because there are currently <number1> sessions--max is <number2>.

IKE <ip_addr> Phase 2: Initiated negotiations.

IKE <ip_addr> Phase 2 msg ID <id_num>: Responded to the peer’s first message [ from user <name_str> ].

IKE <ip_addr>: Added the initial contact task to the task list.

IKE <ip_addr>: Phase 2 negotiation request is already in the task list. 

IKE <ip_addr>: Added Phase 2 session tasks to the task list. 

IKE <ip_addr> Phase 2 msg ID <number>: Completed negotiations with SPI <number1>, tunnel ID <number2>, and lifetime <number3> sec/<number> KB.

IKE<ip_addr> Phase 2 msg-id <number>: Completed for user <name_str>.

IKE <ip_addr>: Received a TRNXTN_XCHG packet with payload type <number>.

Received an IKE packet on <interface> from <ip_addr1:port_num1> to <ip_addr2:port_num2>. Cookies: <string1>, <string2>.

Rejected an IKE packet on <interface> from <src_ip_addr>:<src_port> to <dst_ip_addr>:<dst_port>, with cookies <string1> and <string2> because <reason

IKE: User <name_str> with ID <number> requested a connection.

IKE <ip_addr> Phase 1: { Aggressive | Main } mode negotiations have failed.

IKE <ip_addr> Phase 1: Negotiations have failed for user <name_str>.

IKE <ip_addr> Phase 1: Cannot use a preshared key because the peer gateway <ip_addr> has a dynamic IP address and negotiations are in Main mode.

IKE <ip_addr> Phase 1: Retransmission limit has been reached.

IKE <ip_addr>: Phase 1 SA (my cookie: <number>) was removed due to a simultaneous rekey.

IKE<ip_addr>: User <name_str> has exceeded the configured share-limit of <number>.

IKE <ip_addr> Phase 2 msg ID <number>: Negotiations have failed..

IKE <ip_addr> Phase 2 msg ID <number>: Negotiations have failed for user <name_str>.
	
there were no acceptable Phase 2 proposals

IKE <ip_addr> Phase { 1 | 2 }: Aborted negotiations because the time limit has elapsed. { (<p1_state_mask/p1_state>) | (<p1_state_mask/p1_state>, session ID <id_num>) }

IKE <ip_addr> Phase 2: Received DH group <number1> instead of expected group <number2> for PFS.

IKE <ip_addr>: Dropped packet because remote gateway <name_str> is not used in any VPN tunnel configurations.

IKE <ip_addr>: Received incorrect ID payload: ID type mismatch.

IKE <ip_addr> Phase 1: Cert received has a different { IP address | FQDN | UFQDN } SubAltName than expected.

IKE <ip_addr> Phase 1: Cert received has a subject name that does not match the ID payload.

IKE <ip_addr>: Sent initial contact notification to peer to use a new SA.

IKE <ip_addr>: Sent an initial contact notification message because of a bad SPI. 

IKE <ip_addr>: Received a notification message for DOI <doi_number> <type_value> <msg_text>.

IKE <ip_addr> Phase 2 msg ID <number1>: Received responder lifetime notification. (<number2> sec/<number> KB)

IKE <ip_addr>: Received initial contact notification and removed Phase { 1 | 2 } SAs.

IKE <ip_addr>: Removed Phase 2 SAs after receiving a notification message.
	
IKE DPD found peer at <ip_addr> not responding.
	
IKE DPD configuration changed, <string>

IKE <ip_addr>: Dropped a packet from the peer because no policy permits it.

IKE <ip_addr> Phase 2: Received a message but did not check a policy because id-mode was set to IP or policy-checking was disabled.

IKE <ip_addr> Phase 2: Negotiations have failed. Policy-checking has been disabled but multiple VPN policies to the peer exist.

IKE <ip_addr> Phase 2: No policy exists for the proxy ID received: local ID (<ip_addr>/<mask>, <protocol>, <port_num>) remote ID (<ip_addr>/<mask>, <protocol>, <port_num>).

IKE <ip_addr> Phase 1: Received an invalid RSA signature.

IKE <ip_addr> Phase 1: No private key exists to sign packets.

IKE <ip_addr> Phase 1: Received an incorrect public key authentication method.

IKE <ip_addr> Phase 1: Cannot verify { RSA | DSA } signature.

IKE <ip_addr>: Missing heartbeats have exceeded the threshold. All Phase 1 and 2 SAs have been removed.

IKE <ip_addr>: Heartbeats have been lost <number> times. 

IKE <ip_addr>: Changed heartbeat interval to <number>.

IKE <ip_addr>: Heartbeats have been disabled because the peer is not sending them.

IKE gateway <name_str> has been enabled. The peer address <hostname[.dom_name]> has been resolved to <ip_addr>.

IKE gateway <name_str> has been disabled. The peer address< hostname[.dom_name]> cannot be resolved to an IP address.

IKE gateway< name> has been disabled because the peer IP address <ip_addr> is already in use by another IKE gateway on interface <interface>.

IKE <ip_addr>: XAuth login { was passed | was aborted | failed } for gateway <name_str>, username <name_str>, retry: <number> [ timeout <number>]

IKE <ip_addr1>: XAuth login expired and was terminated for username <name_str> at <ip_addr2>.

IKE <ip_addr1>: XAuth login was refreshed for username <name_str> at <ip_addr2>.

IKE <ip_addr1>: XAuth login was terminated because the user logged in again. Previous gateway: <ip_addr3>. Username: <name_str> at <ip_addr2>.

IKE: XAuth assign prefix <ip_addr>/<number> to interface <interface>.

IKE: XAuth assign prefix <ip_addr>/<number> to interface <interface> failed.
	
IKE: XAuth assign DNS <interface>.

IKE: XAuth assign dns1 <ip_addr1> dns2 <ip_addr2> wins1 <ip_addr3> wins2 <ip_addr4>.

IKE <ip_addr>: New SA (ID <id_num> is up. Switch policy ID <id_num1> from SA <id_num2>.
	
IKE <ip_addr>: An SA for VPN ID <tun_id_num1> with a higher weight replaced the SA for VPN ID <tun_id_num2> in policy ID <pol_id_num>

IAS for peer <ip_addr> and XAUTH user <name_str> activated.

IAS for peer <ip_addr> and XAUTH user <name_str> terminated by <string>.
	

Interface

Critical (00090)

Failover to secondary untrust interface occurred.

Recovery to primary untrust interface occurred.
	
	

Notification (00009)

Interface <interface> IP address { cannot | can } be used to manage the NetScreen device.

Interface <interface> holddown time interval has been set to <number>

Interface <interface> has been { added to | removed from } redundant interface <interface>

Interface <interface> has been { added to | removed from } aggregate interface <interface>

Interface <interface> has been { added to | removed from} shared interface <interface>
	
	


Interface <interface> IP has been changed from <ip_addr1> to <ip_addr2>

Interface <interface> netmask has been changed from <mask1> to <mask2>

Interface <interface> gateway IP has been changed from <ip_addr1> to <ip_addr2>

Interface <interface> operational mode has been changed to [ NAT | Route ]

Interface <interface> management IP has been changed from <ip_addr> to <ip_addr>

{ Global-PRO | Ident-reset | Ping | SCS | SNMP | SSL | Telnet | Web } has been { enabled | disabled } on interface <interface>

Interface <interface> in [ <vsys> | root ] with IP <ip_addr> mask <mask> tag <id_num> was created.

Interface <interface> in [ <vsys> | root ] with IP <ip_addr> mask <mask> was created.

Interface <interface> in [ <vsys> | root ] was removed.

Interface <interface> was unbound from zone <zone>

Interface <interface> was bound to zone <zone>

Maximum bandwidth <number1> kbps on interface <interface> is less than total guaranteed bandwidth <number2> kbps.

Interface <interface> bandwidth has been changed to <number> kbps.

Interface <interface> 802.1Q tag has been removed

interface <interface> 802.1Q tag has been changed to <number> 

Interface <interface> 802.1Q VLAN trunking has been turned { ON | OFF }

802.1Q VLAN tag <number> has been { created | removed }.

Interface <interface> has been changed from local to VSI

Interface <interface> has been changed from VSI to local.

Route between secondary IP addresses on interface <interface> has been { disabled | enabled }.

Secondary IP address <ip_addr>/<mask> has been { added to | deleted from } interface <interface>
	
MTU for interface <interface> has been changed to <number>

Interface <interface> was removed from the monitoring list of <interface2>

Interface <interface> with weight <weight> was added to the monitoring list of <interface2>

Zone <zone> was removed from the monitoring list of <interface>

Zone <zone> with weight <weight> was added to the monitoring list of <interface2>

Monitoring threshold was modified to <threshold> of <interface>

Mtrace has been { enabled | disabled } on interface <interface> <change>

NSGP <IPSec> has been {enabled | disabled } on interface <interface> <previous status>

DNS proxy was {enabled | disabled } on interface <interface>

Interface <interface> switching to auto-negotiating mode.

Interface <interface> switching to G.Lite mode.

Interface <interface> switching to ANSI T1.413 Issue 2 mode.

Interface <interface> switching to ITU G.992.1 mode.

Interface <interface> switching to loopback mode.

IPv4 Path-MTU has been { enabled | disabled } on interface <interface> <previous status>
	

Notification (00513)

The physical state of interface <interface> has changed to [ up | down ]
	
	

L2TP
Alert (00043)

rcv StopCCN_msg, remove l2tp tunnel (<ip_addr1 - <ip_addr2>), Result code <id_num> (<string>)
	

Alert (00044)

rcv StopCCN_msg, remove l2tp tunnel (<ip_addr1 - <ip_addr2>), Result code <number> (<string>), Error code <id_num> (<string>)
	

Alert (00045)

rcv CDN_msg, remove l2tp call, id = <number>, user = <usr_str>, assigned ip = <ip_addr>, Result code <number> (<string>)
	

Alert (00046)

rcv CDN_msg, remove l2tp call, id = <number>, user = <usr_str>, assigned ip = <ip_addr>, Result code <number> (<string>), Error code <id_num> (<string>)
	

Notification (00017)

L2TP ippool is unset to default.	

L2TP { primary | secondary } { DNS | WINS } server is unset to default.

L2TP RADIUS server is unset to default.

L2TP RADIUS secret is unset to default.

L2TP RADIUS port changed to <port_num>

L2TP default ippool changed from “<name_str1>” to “<name_str2>”

L2TP default { primary | secondary } { DNS | WINS } server changed from <ip_addr1> to <ip_addr2>

L2TP default auth type changed to <string>

L2TP default PPP auth type changed to { PAP | CHAP | ALL }.

L2TP default RADIUS server changed to <serv_name>

L2TP default RADIUS secret changed to “<secret>”

L2TP default RADUIS port changed to <port_num>

L2TP “<name_str>”, all-L2TP-users secret “<secret>” keepalive <number> has been { modified | added }

L2TP “<name_str>”, { <user_name> | <grp_name> } ID <id_num> secret “<secret>” keepalive <number> has been { modified | added }


Information (00536)

L2TP tunnel <name_str> created between <ip_addr1>:<port_num1> and <ip_addr1>:<port_num2>

Incorrect L2TP secret in tunnel auth for L2TP (<ip_addr>).

L2TP (<ip_addr1>/<port_num1> - <ip_addr2>/<port_num2>), user authentication passed. IP address <ip_addr3> assigned to user.
	
L2TP at <ip_addr> PPP failed, Failure in <peer_ip< <error code><failure_str>

Retry time-out interval expired. L2TP call (peer at <ip_addr1>, local at <ip_addr2>) removed, tunnel ID <id_num>, call ID <id_num>

Retry time-out interval expired. L2TP tunnel removed (peer at <ip_addr1>, local at <ip_addr2>), tunnel ID <id_num>
	

Logging
Critical (00020)

System memory is low (<number1> allocated out of <number2> ) <number3> times in 1 minute
	

Critical (00024)

{Traffic log | Alarm log | Event log | Self log | Asset Recovery log } has overflowed
	

Critical (00030)

System CPU utilization is high (<number1> > alarm threshold: <number2>) <number3> times in 1 minute
	

Warning (00002)

Cannot connect to e-mail server <serv_name>.

Mail server is not configured.

Mail recipients were not configured.

Unexpected error from e-mail server (state=<id_num>): <string>
	

Notification (00002)

E-mail notification has been { enabled | disabled }.

Mail server { IP address | domain name } has been changed.

E-mail address { 1 | 2 } has been changed.

Inclusion of traffic logs with e-mail notification of event alarms has been { enabled | disabled }.
	

Notification (00019)

VPN management tunnel has been enabled.
	

Notification (00022)

VPN management tunnel has been disabled.

CLI logging has been enabled by < admin_name >.

CLI logging has been disabled by < admin_name >.

CLI logging has been set to < number > bytes by < admin_name >.
	

Notification (00767)

All logged events or alarms were cleared

Log setting was modified to { enable | disable } <level> level 

{ Alarm | Traffic | Event | Asset-recovery | Self | System } log was reviewed.

Log buffer was full and remaining messages were sent to external destination. <number> packets were dropped. 

All {self logs | traffic logs } were cleared.
	

Information (00534)

{Traffic log | Event log } has been cleared
		

MIP
Notification (00021)

Mapped IP <ip_addr1> - <ip_addr2> has been { added | modified | deleted }
	

Multicast
Alert (00601)

Error in initializing multicast

Failure in initializing Multicast route task.

Failure in initializing Multicast data handler task.

Failure in shutting down Multicast route task.

Failure in registering for multicast data packet.

System wide multicast cachemiss node limit reached, not added from last exceed - <number.
	

Critical (00601)

System wide multicast route limit exceeded, mroute add failed

System wide multicast route limit reached, routes not added from last exceed - <number>.

<vrouter>: virtual router multicast route limit exceeded, mroute add failed.

<vrouter>: virtual router multicast route maximum routes not added from last exceed - <number>

Failure adding output interface to multicast route list due to exceed system max. Total exceed - <number>
	

Notification (00056)

Remove multicast policy from <src-zone> <mcast_addr> to <dst-zone> <mcast_addr> 

Add multicast policy from <src-zone> <mcast_addr> to <dst-zone> <mcast_addr>
	

Notification (00057)

<vrouter>: static multicast route src=<ip_addr>, grp=<mcast_addr> input ifp = <interface1> output ifp = <interface2> added.

<vrouter>: static multicast route src=<ip_addr>, grp=<mcast_addr> ifp = <interface> deleted.

<vrouter>: maximum multicast routes limit removed.

<vrouter>: maximum multicast routes limit configured to <number>.

<vrouter>: multicast negative cache routes feature { configured | removed }.

<vrouter>: multicast negative cache routes timer configured to <number> seconds.

<vrouter>: multicast negative cache routes timer configured to default.


NSM
Notification (00033)

NSM has been { enabled | disabled }.

User-defined service <svc_name> has been { added to | removed from } protocol distribution.

Reporting of protocol distribution table to NSM has been { enabled | disabled }.

Reporting of ethernet statistics table to NSM has been { enabled | disabled }.

Reporting of attack statistics table to NSM has been { enabled | disabled }.

Reporting of flow statistics table to NSM has been { enabled | disabled }.

Reporting of policy table to NSM has been { enabled | disabled }.

Reporting of traffic alarms to NSM has been { enabled | disabled }.

Reporting of attack alarms to NSM has been { enabled | disabled }.

Reporting of miscellaneous alarms to NSM has been { enabled | disabled }.

Reporting of configuration logs to NSM has been { enabled | disabled }.

Reporting of information logs to NSM has been { enabled | disabled }.

Reporting of self management logs to NSM has been { enabled | disabled }.

Reporting of traffic logs to NSM has been { enabled | disabled }.

Reporting of deep inspection alarms to NSM has been { enabled | disabled }.

NSM device ID was { set to <string> | unset }.

NSM one-time-password was { set | unset }.

NSM installer name [ (<string>) ] and password were { set | unset }.

NSM { primary | secondary } server with name <serv_name> was set: addr <ip_addr>, port <port_num>

NSM { primary | secondary } server with name <serv_name> was unset.

NSM keys were deleted.
	

Information (00538)

NSM: Connection to NSM server at <ip_addr> is down

NSM: Connected to NSM server at <ip_addr> (<number> connect attempt(s))

NSM: Cannot connect to NSM server at <ip_addr>. Reason: <string> (<number> connect attempt(s))

NSM: Sent <number> message


NSRD
Error (00551)

Error <id_num> occurred during configlet file processing.
	

Warning (00551)

Error <id_num> occurred, causing failure to establish secure management with Management System.

Configlet file authentication failed.

Configlet file decryption failed.
	

Information (00551)

Secure management established successfully with remote server.

Rapid Deployment cannot start because gateway has undergone configuration changes.
	

NTP
Notification (00531)

Administrator <admin_name> changed the Network Time Protocol maximum adjustment value from <number> to <number> seconds 

Administrator <admin_name> changed the Network Time Protocol authentication mode <mode> 

Network Time Protocol settings changed.

Network Time Protocol adjustment of <numbert> ms from NTP server <server_name> exceeds the allowed adjustment of <number1> ms.

An error occurred in setting the system clock.

The NetScreen device is attempting to contact the primary NTP server <server_name>

The NetScreen device is attempting to contact the primary backup NTP server <server_name>

The NetScreen device is attempting to contact the secondary backup NTP server <server_name>

Authentication failed for Network Time Protocol server <server_type> <server_name> because <failure_reason>

NTP request cannot be sent. No key ID found for Network Time Protocol server <server_type> <server_name>

NTP request cannot be sent. No key found for server <server_type> <server_name>

<server_type> NTP server <server_name> could not be contacted.

No NTP server could be contacted.

An acceptable time could not be obtained from <server_type> NTP server <server_name>

No acceptable time could be obtained from any NTP server.
	
An administrator aborted the NTP time update.


OSPF
Critical (00206)

LSA flood in OSPF with router-id <router_id> on interface <interface> forced the interface to drop a packet.

OSPF instance with router-id <router_id> received a Hello packet flood from neighbor (IP address <ip_addr>, router ID <neighbor_router_id>) on interface <interface> forcing the interface to drop the packet.

Link State Advertisement Id <lsa_id>, router ID <router_ID>, type <type> cannot be deleted from the real-time database in area <area>

The total number of redistributed routes into OSPF in vrouter (<vrouter>) exceeded system limit (<number>)

Reject second OSPF neighbor (<neighbor_ip_addr>) on interface (<interface>) since it’s configured as point-to-point interface


Notification (00038)

{ set | unset } virtual router <virtual_router> with the OSPF protocol <command>

{ set | unset } virtual router <virtual_router> with the configuration command <command>

<configuration_command>

OSPF virtual routing instance in virtual router <virtual_router> {created | deleted}.
	

Information (00541)

Neighbor routerID - <neighbor_router_ID> IpAddress - <neighbor_router_ip_address> changed its state to state <state>

Link State Advertisement in Area -<area> with Id -<lsa_id> Router-Id <router_id> Type -<type> in OSPF aged out

The system killed OSPF neighbor because the current router could not see itself in hello packet. Neighbor changed state from <previous_state> to Init state, (neighbor router-id <neighbor_router_id>, ip-address <neighbor_ip_address>)

The system killed OSPF neighbor because of elapsed Hello time <hello_interval> sec (neighbor router-id <router_id>, ip-address <router_IP_address>)

Delaying killing OSPF neighbor <neighbor> by <seconds> seconds, last hello packet received time <time> ms and last processed hello packet occurring at <time> ms.

OSPF neighbor <neighbor> timeout, with last Hello packet received at time <time> ms, and last processed Hello packet occurring at time <time> ms current sys-up-sec <seconds> 

OSPF interface <interface> has become inactive, kill neighbor (IpAddress <ip_addr> RouterId <id>) on this interface

OSPF packet retransmit counter exceeeds limit, kill neighbor (IpAddress <ip_addr> RouterId <id>)
	

PIM
Alert (00602)

PIMSM Error in initializing interface state change

PIMSM Error in initializing interface delete handler

PIMSM Error in initializing vrouter delete handler

PIMSM Error in initializing zone delete handler

PIMSM Error in initializing IP change handler

PIMSM Error in initializing packet copy handler

PIMSM Error in initializing MCAST policy change handler.

PIMSM Error in initializing drp vsi elect change handler

PIMSM Error in initializing nsrp state change handler.

PIMSM Error in initializing access-list change handler.
	

Notification (00058)

PIMSM protocol configured on interface <interface>

PIMSM protocol enabled on interface <interface>

PIMSM interface <interface> DR priority set to <number>

PIMSM interface <interface> Join-Prune Interval set to <number> seconds

PIMSM interface <interface>'s Hello Interval set to <number> seconds

PIMSM interface <interface> accept neighbors access list <id_num> configured

PIMSM interface <interface> configured as boot-strap border

PIMSM interface <interface> hello holdtime set to <number> seconds

PIMSM protocol unconfigured on interface <interface>

PIMSM protocol disabled on interface <interface>

PIMSM interface <interface> neighbor access list removed.

PIMSM interface <interface> BSR border removed.

PIMSM protocol disabled in vrouter <vrouter>

Vrouter <vrouter> PIMSM SPT threshold set to <number> packets per second

Vrouter <vrouter> PIMSM source access list for multicast group <mcast_addr> removed

Vrouter <vrouter> PIMSM Rendezvous point access list for multicast group <mcast_addr> removed

Vrouter <vrouter> PIMSM multicast group access list removed

Vrouter <vrouter> PIMSM RP <ip_addr> removed from zone <zone>

Vrouter <vrouter> PIMSM RP Candidate removed from zone <zone>

Vrouter <vrouter> PIMSM RP Proxy removed from zone <zone> 

PIMSM protocol enabled in vrouter <vrouter> 

Vrouter <vrouter> PIMSM SPT threshold set to infinity

Vrouter <vrouter> PIMSM multicast group <mcast_addr> has been configured with source access list <id_num>

Vrouter <vrouter> PIMSM multicast group <mcast_addr> has been configured with RP access list <id_num>

Vrouter <vrouter> PIMSM multicast group access-list <id_num> has been configured 

Vrouter <vrouter> PIMSM zone <zone> configured as RP Proxy.

Vrouter <vrouter> PIMSM RP address <ip_addr> configured for multicast group access list <id_num> in zone <zone>

Vrouter <vrouter> PIMSM RP candidate on interface <interface> configured for multicast group access list <id_num> in zone <zone> with priority <number> and holdtime <number>

PIMSM protocol configured in vrouter <vrouter>

PIMSM protocol removed from vrouter <vrouter>


Notification (00555)

Vrouter <vrouter> PIMSM cannot process non-multicast address <mcast_addr> 
	

PKI
Notification (00002)

PKI: The device failed to generate the certificate request file in PKCS #10 format.
	

Notification (00535)

PKI: Verified cert with subject name <name_str>

PKI: Unable to get issuer cert for cert with subject name <name_str>

PKI: Failed to obtain CRL for CA issuing cert with subject name <name_str>

PKI: Unable to decrypt signature of cert with subject name <name_str>

PKI: Unable to decrypt signature of CRL for cert with subject name <name_str>

PKI: Unable to decode issuer’s public key for cert with subject name <name_str>

PKI: Unable to authenticate cert with subject name <name_str>

PKI: CRL has bad signature for cert with subject name <name_str>

PKI: Cert is not yet valid (subject name <name_str>)

PKI: Cert has expired (subject name <name_str>)

PKI: CRL is not yet valid for cert with subject name <name_str>

PKI: CRL has expired for cert with subject name <name_str>

PKI: Format error in the { notBefore | notAfter } field of cert with subject name <name_str>

PKI: Format error in CRL { lastUpdate | nextUpdate } field for cert with subject name <name_str>

PKI: Out of memory. Cannot process cert with subject name <string>

PKI: Received a self-signed cert with subject name <string>

PKI: Received a self-signed cert in a certificate chain for cert with subject name <name_str>

PKI: Unable to get local issuer cert for cert with subject name <name_str>

PKI: Unable to verify first cert in a certificate chain (subject name <name_str>)

PKI: Certificate chain is too long for cert with subject name <name_str>

PKI: Cannot return to the original certificate chain. Cookies: (<id_num1>) (<id_num2>) (<id_num3>) (<id_num4>)

PKI: Internal configuration error. Cannot verify cert with subject name <name_str>

PKI: No revocation check, per config, for cert with subject name <name_str>

PKI: Cannot decrypt public key of cert with subject name <name_str>

PKI: Top cert of chain for peer’s cert was wrong. Config required <name_str>, but derived <name_str>.

PKI: CRL has expired. (CA <name_str>)

PKI: CRL will be refreshed as configured on the interupdate refresh setting. (CA <name_str>)

PKI: The CRL has a bad timestamp. (CA <name_str>)

PKI: Unable to verify the validity of cert with subject name <name_str>

PKI: An incoming certificate is broken.

PKI: Per config, accepted cert even though CRL has a bad signature. (subject name <name_str>)

PKI: CRL is not issued by the CA that signed the cert with subject name <name_str>

PKI: Invalid certificate (subject name <name_str>)

PKI: Certificate has been revoked (subject name <name_str>)

PKI: Per config, accepted cert even though revocation check was inconclusive (subject name <name_str>)

PKI: Cannot build certificate chain for cert with subject name <name_str>

PKI: Cannot load CRL for cert with subject name <name_str>

PKI: Cannot load item from flash. Reason: { erroneous input | insufficient memory | cannot read file | cannot decode | lost in RAM | reason unknown } , type: { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER PKI OBJECT}, DN: <name_str>

PKI: Loaded a flash file with PKI data in an earlier format (version 0).

PKI: Saved PKI objects to flash.

PKI: PKI storage file is empty.

PKI item in flash is incorrect. Type (CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER PKI OBJECT), length (<number>).

PKI: No response for status inquiry for cert with subject name <name_str>

PKI: LDAP bind operation timed out for cert with subject name <name_str>

PKI: LDAP operation timed out for cert with subject name <name_str>

PKI: Cannot connect to LDAP server { <ip_addr> | <dom_name> }:<port_num> through <interface>

PKI: LDAP cannot search for DN (<name_str>) using filter (<string>)

PKI: LDAP modify { add | delete } is not supported.

PKI: Cannot contact HTTP server at URL <url_str>

PKI: Received bad LDAP response for cert with subject name <name_str>

PKI: Cannot save CA config (CA cert subject name <name_str>)

PKI: Cannot store config for CA with cert subject name <name_str>

PKI: Saved CA config (CA cert subject name <name_str>)

PKI: Cannot save CA configuration (CA cert subject name <string>)

PKI: A configurable item ‘DN’s { Name | phone | e-mail | country | state | county/locality | organization | unit/department | IP address | e-mail to }’ field has changed from { ‘<string1>’ to none | none to ‘<string2>’ | ‘<string1>’ to ‘<string2>’ }.

PKI: A configurable item (raw CN setting) field has changed from { (enabled) to (disabled) | (disabled) to (enabled) }.

PKI: A configurable item (default certificate validation level) field has changed from { (full) to (partial) | (partial) to (full) }.

PKI: A configurable item (certificate FQDN) field has changed from (<string1>) to (<string2>).

PKI: A configurable item (default LDAP server name) field has changed from { (<ip_addr1>) to (<ip_addr2>) | (<dom_name1>) to (<dom_name2>) }.

PKI: A configurable item (default LDAP server CRL URL) field has changed from (<string1>) to (<string2>).

PKI: A configurable item (e-mail address to send certificate request) field has changed from (<number1>) to (<number2>).

PKI: A configurable item (default CRL Refresh Frequency) field has changed from (<number1>) to (<number2>).

PKI: A configurable item (SCEP’s { CA | RA } CGI URL) field has changed from (<string1>) to (<string2>).

PKI: A configurable item (SCEP’s { CA IDENT | challenge password }) field has changed from (<name_str1>) to (<name_str2>).

PKI: A configurable item (CRL’s signature verification) field has changed from { (0) to (1) | (1) to (0) }.

PKI: A configurable item SCEP mode has changed { from (auto) to (manual) | from (manual) to (auto) }

PKI: { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER } has been deleted. (subject name <name_str>)

PKI: Cannot save the key-pair object for cert with subject name <name_str>

PKI: Cannot { locate | delete } the key-pair object for cert with subject name <name_str>

PKI: Incorrect fingerprint for CA cert with subject name <name_str>

Cannot save the { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER } with subject name <name_str>

PKI: Cannot load <filename> file.

PKI: Failed to obtain object ID (<hex_id_num>) (dec_id_num).

PKI: Saved { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER PKI OBJECT} with subject name <name_str>

PKI: Number of PKI objects exceeds storage maximum (<number>)

PKI: Cannot compose HTTP packet to send to URL <url_str>

PKI: Cannot sync data to NSRP peer. (command <id_num>)

PKI: Cannot sync { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER PKI OBJECT} to NSRP peer. (command <id_num>)

PKI: Received CA cert with bad fingerprint (CA cert subject name <name_str>)

PKI: Cannot wrap SCEP request. Error: <string>, for cert request with subject name <name_str>

PKI: Cannot generate SCEP data. Cmd: <id_num>, error: { input | no memory | encode cert req | encode issuer-subject | reason unknown }, for cert request with subject name <name_str>

PKI: Cannot extract SCEP SUCCESS response. Error: { input | no memory | no selfsign CA | bad inner p7 | bad outer p7 [ data ] | dec outer p7 data | bad content | reason unknown }, for cert request with subject name <name_str>

PKI: Received a SCEP FAILURE message for cert request with subject name <name_str>
	
PKI: PKI: Cannot initiate SCEP request with subject name <name_str>

PKI: Cannot locate key pair with ID <id_num> for SCEP.

PKI: Completed SCEP cert request.

PKI: SCEP error: { bad subject dn | no cert | rm old cer | rm old key | private key | nsrp sync | reason unknown }, for cert with subject name <name_str>

PKI: Renewing cert through SCEP (subject name <name_str>)

PKI: Cannot verify cert for ScreenOS image authentication.

PKI: Successfully loaded image signer's public key. 

PKI: Cannot generate PKCS #10 file for certificate request.

PKI: Cannot send PKCS #10 cert request to e-mail address <e-mail_addr>.

PKI: Adjusted key pair length from 0 to 1024 bits.

PKI: Cannot generate { RSA | DSA } key pair with subject name <name_str>

PKI: Cannot generate cert request. Reason: <string> (subject name <name_str>)

PKI: NSRP cold start sync for <number> items.

PKI: NSRP cold start sync. Received item <number1> out of order, expecting <number2> of <total_number>.

PKI: NSRP cold start sync. Received item <number> before first item.

PKI: NSRP cold start sync session interrupted by normal sync item.

PKI: NSRP cold start sync session cannot locate item <id_num>

PKI: NSRP cold start sync attempt <number> failed.

PKI: NSRP cold start sync failed.

PKI: Completed NSRP cold start sync after <number> attempts.

PKI: request NSRP cold start sync at <number> seconds.

PKI: Cannot locate config for CA with ID <id_num>

PKI: Updated config for CA with ID <id_num> from a global CA config.

PKI: Cannot retrieve the { CA CERT | LOCAL CERT | RSA PBULIC KEY PAIR OF USER | DSA PBULIC KEY PAIR OF USER | CRL | PENDING LOCAL CERT | REFERENCES OF CA CERT | OTHER PKI OBJECT} for cert with subject name <name_str>

PKI: PKI objects exceeded maximum capacity (<number>).

PKI: CRL is too big (<number>) to save to flash. Max: <number>, CA: <name_str>

PKI: Cannot decode CRL data.

PKI: CRL is too big (<number>) to load. Max: <number>, CA: <name_str>

PKI: CRL cannot be saved to flash, issuer (<name_str>)

PKI: Cannot save new item to flash. Max: (<number1>), item: (<number1>).

PKI: System auto generated a self-signed cert.

PKI: Auto-generated self-signed cert was deleted.

PKI: Cannot auto generate a self-signed cert.

PKI: Cert requested already exists for subject name <name_str>

PKI: Cannot access OCSP server to get revocation status for cert with subject name <name_str>

PKI: Cannot verify signature on OCSP response for cert with subject name <name_str>

PKI: OCSP response was inconclusive for cert with subject name <name_str>

PKI: Cannot verify OCSP responder cert with subject name <name_str>

PKI: Cannot send HTTP packet through socket to URL <url_str>

PKI: Cannot create a socket to URL <url_str>

PKI: CRL server closed LDAP socket when verifying cert with subject name <name_str>

PKI: <string> has been deleted. (subject name <name_str>)
	

Policies
Notification (00018)

Policy (<id_num>, { <zone1> -> <zone2> | global }, <src_addr> -> <dst_addr>, <svc_name>, { permit | deny | tunnel }) was { added | modified | deleted | enabled | disabled } by admin <name_str>

Default policy of the device has been changed to { permit | deny } <name_str>

Policy <id_num1> has been moved { before | after } <id_num2> <name_str>

cell_obj_name was { added | deleted } policy <id_num> cell_name

Policy <id_num> DI attack component was modified

Policy <id_num> application was modified to <string>

Policy <id_num> attack severity was modified


PPP
Notification (00017)

IP address pool <name_str> with range <ip_addr1> - <ip_addr2> has been { created | removed } <name_str>

IP address pool <name> was removed <name_str>

Range <ip_addr1> - <ip_addr2> has been { added to | removed from } IP pool <name_str1> <name_str2>
	

Notification (00539)

No IP pool has been assigned. You cannot allocate an IP address.

Cannot allocate IP address from pool <name_str> for user <user_name>
	

PPPoA
Notification (00060)

PPPoA is { enabled | disabled } on <interface> interface.
	

Notification (00558)

PPPoA <name> started negotiation.

PPPoA <name> connected successfully.

PPPoA <name> connection attempt failed <reason>.

PPPoA <name> idle timeout.

PPPoA <name> shutdown.

PPPoA <name> failed to modify the IP for the interface.

PPPoA <name> failed to negotiate IP for the interface.

PPPoA <name> failed to modify the gateway for the interface.
	

PPPoE

Notification (00034)

PPPoE is { enabled | disabled } on <interface> interface.

Point-to-Point Protocol over Ethernet (PPPoE) settings changed.

Point-to-Point Protocol over Ethernet (PPPoE) connection failed to establish a session. Timeout { PADI | PADR }

PPPoE session shut down, PPPoE disabled.

PPPoE session started negotiations.

Point-to-Point Protocol over Ethernet (PPPoE) connection failed to establish a session. <string> received.

PPPoE session shut down. Idle timeout.

PPPoE session shuts down for <interface> instance due to system reset.

PPPoE session shut down by user.

Failed to set PPPoE interface IP address.

Point-to-Point Protocol over Ethernet (PPPoE) connection failed to establish a session. No IP address assigned.

Failed to set PPPoE interface gateway.

PPPoE session was successfully established.

PPPoE session termination or failure during: <string>

PPPoE session closed by AC.

AC <name_str> is advertising URL <url_str>

Message from AC <name_str>: <string>

Point-to-Point Protocol over Ethernet (PPPoE) connection failed to establish a session. No IPv6 address assigned.

Failed to set PPPoE IPv6 interface gateway.	
	

RIP
Critical (00207)

Virtual router <vrouter_name> that received an update packet flood from neighbor <neighbor_ip_address> on interface <interface_name> dropped a packet.

System wide RIP route limit exceeded, RIP route dropped.

<number> RIP routes dropped from last system wide RIP route limit exceed.

RIP database size limit exceeded for <vrouter>, RIP route dropped.

<number> RIP routes dropped from last database size exceed in vr <vrouter>.


Notification (00045)

RIP instance in virtual router <vrouter_name> was {created | removed}.

{set | unset} vrouter <vrouter_name> protocol RIP received configuration command <command>

{set | unset} virtual router <vrouter_name> with the configuration command <command>

<command>
	

Information (00544)

RIP neighbor <neighbor_ip_address> in virtual router <vrouter_name> was added

RIP neighbor <neighbor_ip_address> in virtual router <vrouter_name> was removed
	

Route
Critical (00200)

A new route cannot be added to the device because the maximum number of system route entries (<maximum_route_number>) has been exceeded

An error occurred on virtual router <vrouter> while removing route <route_address>/<subnetwork_mask> from virtual router route table.

A route <route_address>/<subnetwork_mask> cannot be added to the virtual router “<vrouter>” because the number of route entries in the virtual router exceeds the maximum number of routes (<number>) allowed

Error occurred while adding route <route_address>/<subnetwork_mask> to virtual router <vrouter_name> route table because the db_insert function failed.

Error occurred while adding route <route_address>/<subnetwork_mask> to virtual router <vrouter_name> route table because the prefix add function failed.


Notification (00011)

Route(s) in virtual router “<vrouter>” with an IP address <ip_address>/<subnetwork_mask> and gateway <gateway_address> has been deleted

A route in virtual router “<vrouter>” that has IP address <ip_address>/<subnetwork_mask> through interface <interface> and gateway <gateway_address> with metric <metric> has been created.

A route has been created in virtual router “<vrouter_name>” with an IP address <ip_address>/<subnetwork_mask> and next-hop as virtual router “<vrouter_name>”

Source route(s) in virtual router <vrouter> with route addresses of <route_address>/<subnetwork_mask> and a default gateway address of <gateway_address> was removed.

Source route(s) in virtual router <vrouter> with route addresses of <route_address>/<subnetwork_mask> through interface <interface> and a default gateway address <address> with metric <metric> was created.

SIBR route(s) in virtual router “<vrouter>” for interface <interface> with an IP address <ip_addr>/<subnetwork_mask> and gateway <ip_addr> has been removed

SIBR route in virtual router “<vrouter>” for interface <interface> that has IP address <ip_addr>/<subnetwork_mask> through interface <interface> and gateway <gateway_ip_addr> with metric <route_metric> was created

A source route has been created in virtual router “<vrouter>” with an IPaddress <ip_addr>/<subnet_mask> and next-hop as virtual router “<vrouter>”

An sibr route has been created in virtual router “<vrouter>” with an IP address <ip_addr>/<subnet_mask>and next-hop as virtual router “<vrouter>”


Notification (00048)

Route entry with sequence number <sequence_number> in route map <route_map_name>, virtual router <vrouter_name> was removed. 

Route map <route_map_name> in virtual router <vrouter_name> was removed.

Route map entry with sequence number <number> in route map <name_str> in virtual router <vrouter> was created.

An { import | export } rule applied to a connection between virtual router <virtual_router1> and virtual router <virtual_router2> with IP prefix <prefix/subnetwork_mask> was { created | deleted }

An { import | export } rule in virtual router <vrouter> to virtual router <vrouter> with route map <route_map> and protocol <protocol> was { created | deleted }

Access list entry <access_list_id> with a sequence number <sequence_number> that {permits | denies} IP address <IP_address>/<subnetwork_mask> was removed from virtual router <vrouter>

Access list entry <access_list_name> was {added to | removed from} from virtual router <vrouter_name>

Access list entry <access_list_id> with sequence number <sequence_number> with an action of { permit | deny } with an IP address and subnetwork mask of <ip_address>/<subnetwork_mask> was created on virtual router <virtual_router>
	

Schedule
Notification (00020)

Schedule <name_str> has been { added | modified | deleted }.
	

Service
Notification (00012)

Service <serv_name> has been { added | modified | deleted }

Service group <grp_name> has been { added | deleted | modified }

Service group <grp_name> has { added member | deleted member } <serv_name>
	

SIP
Notification (00047)
An administrator set the media inactivity timeout value to its default value of <seconds> seconds.

An administrator set the SIP invite timeout value to its default value of <seconds> seconds.

An administrator set the SIP trying timeout value to its default value of <seconds> seconds.

An administrator set the SIP ringing timeout value to its default value of <seconds> seconds.

An administrator set the SIP signaling inactivity timeout value to its default value of <seconds> seconds.

An administrator set the SIP media inactivity timeout value to <seconds> seconds.

An administrator set the SIP invite timeout value to <seconds> seconds.

An administrator set the SIP trying timeout value to <seconds> seconds.

An administrator set the SIP ringing timeout value to <seconds> seconds.

An administrator set the SIP signaling inactivity timeout value to <seconds> seconds.

An administrator disables SIP ALG.

An administrator enables SIP ALG.
	

Notification (00511)

The device cannot allocate sufficient memory for the SIP ALG request.

The device cannot register the Network Address Translation vector for the SIP ALG request.

The device cannot register the SIP ALG request to RM.

SIP parser error <error_name>

NetScreen devices do not support multiple IP addresses <ip_addresses> or ports <port_numbers> in SIP headers <header_field>

NetScreen devices do not support multicast IP addresses <ip_addresses> in SIP <sip_values>

Too many call segments.

Transaction data is too long.

SIP structure corrupted.

Too many call segments for response.

Transaction data too long for response.

Cannot allocate SIP call because device fielding too many calls.

SIP call information data is too long.

SIP ALG is unregistered by RM.


SNMP
Notification (00002)

SNMP listen port has been changed from <port_num1> to <port_num2>. 
	

Notification (00031)

SNMP system location has been changed to <loc_str>.

SNMP system contact has been changed to <name_str>.

SNMP system name has been changed to <name_str>.
	

Information (00524)

SNMP request from <ip_addr1>:<port_num> has been received, but the SNMP version type is incorrect.

SNMP request from an unknown SNMP community <name_str> at <ip_addr1>:<port_num1> has been received.

SNMP request has been received from an unknown host in SNMP community <name_str> at <ip_addr1>:<port_num1>.

SNMP request has been received from host <ip_addr1>:<port_num1> with read-only privileges.

SNMP request has been received from host <ip_addr1>:<port_num1> without read privileges.

SNMP: NetScreen device at <ip_addr>:<port_num> has responded successfully to the SNMP request.

SNMP: NetScreen device has responded successfully to the SNMP request from <ip_addr>:<port_num>.

SNMP response to the SNMP request from <ip_addr1>:<port_num1> has failed due to a coding error.


SSHv1
Error (00034)

SSH: Max number (<number>) of session reached.

SSH: Unable to validate cookie from the SSH client at <ip_addr>.

SSH: NetScreen device failed to generate a PKA RSA challenge for SSH user <name_str> at <ip_addr> (Key ID <key_num>).

SSH: FIPS self test failed.

SSH: Unable to perform FIPS self test.
	

Error (00528)

SSH: NetScreen device failed to identify itself to the SSH client at <ip_addr>

SSH: Incompatible SSH version string has been received from SSH client at <ip_addr>

SSH: Failed to send identification string to client host at <ip_addr>
	

Warning (00528)

SSH: Unsupported cipher type <name_str> requested from <ip_addr>

SSH: Host client has requested NO cipher from <name_str>

SSH: Disabled for <name_str> Attempted connection failed from <ip_addr>:<port_num>

SSH: SSH user <name> at <ip_addr> tried unsuccessfully to log in to <vsys> using the shared untrusted interface. SSH disabled on that interface.

SSH: SSH client at <ip_addr> tried unsuccessfully to establish an SSH connection to interface <interface> with IP <ip_addr> SSH disabled on that interface.

SSH: SSH client at <ip_addr> tried unsuccessfully to make an SSH connection to interface <interface> with IP <ip_addr> SSH not enabled on that interface.

SSH: SSH client <name_str> unsuccessfully attempted to make an SSH connection to <vsys> SSH was not completely initialized for that system.
	

Information (00026)

SSH: SSH { enabled | disabled } for <vsys>
	

Information (00528)

SSH: Key regeneration interval has been changed from <number1> to <number2>

SSH: SSH user <name_str> has been authenticated using password from <ip_addr>

SSH: SSH user <user_name> at <ip_addr> has requested password authentication, which is not enabled for that user.

SSH: SSH user <user_name> at <ip_addr> has requested PKA RSA authentication which is not supported for that user.

SSH: SSH has been { enabled | disabled } for <vsys> with <number1> existing PKA key(s) bound to <number2> SSH user(s).

SSH: Connection has been terminated for admin user <user_name> at <ip_addr>.

SSH: SSH user <user_name> has been authenticated using PKA RSA from <ip_addr> (Key ID <id_num>)

SSH: SSH user <user_name> at <ip_addr> failed the PKA RSA challenge. (Key ID <id_num>)


SSHv2
Critical (00034)

SSH: Failed to retrieve PKA key bound to SSH user <user_name> (Key ID <id_num>)

SSH: Error processing packet from host <ip_addr> (Code <id_num>)

SSH: Device failed to send initialization string to client at <ip_addr>
	
SCP: Admin user '<user_name>' attempted to transfer file { to | from } the device with insufficient privilege.
	

Error (00026)

SSH: Failed to { bind | unbind } PKA key from admin user '<user_name>' (Key ID <id_num>)

SSH: Attempt to bind duplicate PKA key to admin user '<user_name>' (Key ID <id_num>)

SSH: Maximum number of PKA keys (<number>) has been bound to user '<user_name>' Key not bound.  (Key ID <id_num>)
	

Error (00528)

SSH: Client at <ip_addr> attempted to connect with invalid version string.

SSH: Failed to negotiate encryption algorithm with host <ip_addr>

SSH: Failed to negotiate MAC algorithm with host <ip_addr>

SSH: Failed to negotiate key exchange algorithm with host <ip_addr>

SSH: Failed to negotiate host key algorithm with host <ip_addr>


Warning (00528)

SSH: Disabled for '<vsys>'. Attempted connection failed from <ip_addr>:<port_num>

SSH: Admin user <user_name> at host <ip_addr> requested unsupported authentication method <string>

SSH: Admin ’<user_name>’ at host <ip_addr> attempted to be authenticated with no authentication methods enabled.

SSH: Admin user '<user_name>' at host <ip_addr> requested unsupported PKA algorithm <string>

SCP: Admin '<user_name>' at host <ip_addr> executed invalid scp command: '<string>'

SCP: Disabled for '<user_name>'. Attempted file transfer failed from host <ip_addr>

SSH: Password authentication { successful | failed } for admin user '<user_name>' at host <ip_addr>

SSH: PKA authentication ( successful | failed } for admin user '<user_name>' at host <ip_addr>

SCP: Admin user ’<usr_name>’ requested unknown file ’<filename>’
	

Notification (00026)

SCP: Admin user '<user_name>' transferred file '<filename>' (<number> bytes) to device from host <ip_addr>

SCP: Admin user '<user_name>' transferred file '<filename>' (<number> bytes) from device to host <host_name>
	

Information (00026)

SSH: SSH { enabled | disabled } for <vsys>

SSH: Host key deleted for <vsys>

SSH: PKA key has been { bound to | unbound from } admin user <user_name> (Key ID <id_num>)

SSH: Upgrade peformed (to version <id_num>)

SSH: SCP { enabled | disabled } for <vsys>


SSL
Notification (00002)

Web SSL port changed from <port_num1> to <port_num2>

Web SSL has been { enabled | disabled }
	

Notification (00035)

<name_str> SSL Certificate Authority changed to none <string>

<name_str> SSL CA changed to none <string> 

<name_str> SSL cipher name changed from <cipher_name1> to <cipher_name2> <string>

<name_str1> SSL certificate changed to <name_str2>

<name_str> SSL Certificate Authority name changed to <name_str2>
	

Information (00540)

No context exists for the SSL connection. The device is not ready for an SSL connection.

Firewall-only system does not allow “<ssl_connection_name>” SSL cipher type <ssl_cipher_type> 

The subject field of the SSL certificate reports a mismatch with subject name <subject_name> received while expecting subject name <subject_name>
	

Syslog
Warning (00019)

Syslog cannot connect to the TCP server <serv_name>; the connection is closed.
	

Notification (00019)

Syslog has been { enabled | disabled }.

Syslog VPN encryption has been { enabled | disabled }.

Syslog server <serv_name> was { added | removed }.

All syslog servers were removed.

Syslog { facility | security facility } for {<ip_addr> | <name_str>} has been changed to { local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | auth/sec }

Syslog server <serv_name> host port number has been changed to <port_num>

Traffic logging for syslog server <serv_name> has been { enabled | disabled }.

Event logging for syslog server <serv_name> has been { enabled | disabled }.

Syslog server <serv_name1> hostname has been changed to <serv_name2>.

Socket cannot be assigned for syslog.

All syslog message levels have been cleared.

Syslog source interface has been changed to <interface>

Syslog source interface was removed.

Transport protocol for syslog server <serv_name> was changed to { tcp | udp }
	

WebTrends
Notification (00019)

Attempt to enable WebTrends has failed because WebTrends settings have not yet been configured.

WebTrends has been { enabled | disabled }

WebTrends VPN encryption has been { enabled | disabled }

Socket cannot be assigned for WebTrends

WebTrends host { domain name | port number } has been changed to { <dom_name> | <port_num> }
	

System
Critical (00027)

<reset_log_string>	


Critical (00051)

Session utilization has reached <number>, which is <percent> of the system capacity!
	

Notification (00002)

Session threshold has been changed to percentage <percent>


Notification (00006)

Hostname set to “<hostname>”

Domain set to <domain_name>

An optional ScreenOS feature has been activated via a software key.
	

Notification (00008)

System clock configurations have been changed by admin <name_str>

System clock was changed manually.

System up time is shifted by <number> seconds.
	

Notification (00023)

System configuration has been erased.
	

Notification (00036)

Register device succeeded and warranty key is installed

Retrieve firmware list failed

Retrieve firmware list succeeded: <number> firmware
	

Notification (00051)

Session utilization has reached <number>, which is <percent> of the system capacity.
	

Notification (00526)

The user limit has been exceeded and <ip_addr> cannot be added.
	

Notification (00553)

Invalid config size (<number>)
	

Notification (00767)

Trial keys are available to download to enable advanced features. To find out, please visit <url_str>.

System is operational.

System was reset at <date><time>

Unsupported command <command>

Administrator <administrator_name> issued command <command> to redirect output.

Session (<id_num> <protocol>, <string>) cleared
	

Information (00767)

Environment variable <variable_name> changed to <string>

Environment variable <variable_name> unset.

Environment variable <variable_name> set to <variable_name>

System configuration saved <string> by <name_str>

All system configurations saved to <string> by <usr_name>

Save configuration to IP address <ip_address> under filename <filename> by administrator <administrator_name>

The system configuration was loaded from <ip_address> under the filename <filename> to slot <filename> by administrator <administrator_name>

The system configuration was loaded from IP address <ip_address> under filename <filename> by administrator <administrator_name>

The system configuration was loaded from slot <filename>

The system configuration was loaded from flash memory to slot <filename> by administrator <name_str>

The system configuration was not saved <string> by administrator <name_str>. It was locked by administrator <name_str>

Send new software to IP address <ip_addr> under filename <filename> by administrator <name_str>

Send new software from IP address <ip_addr> under filename <filename> to slot <filename> by administrator <name_str>

Save new software from <ip_addr> under filename <filename> to flash memory by admin <name_str>

Save new software from slot filename <filename> to flash memory by administrator <administrator_name>

Send new software from flash memory to slot filename <filename> by administrator <name_str>

Save new software from <ip_addr> under filename <filename> to flash memory <admin>

Lock configuration started by task <task_name>, with a timeout value of <minutes> minutes.

Lock configuration aborted explicitly by task <task_name>

Lock configuration aborted because <minutes> minutes timeout was exceeded.

Lock configuration ended by task <task_name>

New GMT zone ahead or behind by <number> seconds.

Daylight Saving Time { has started | ended ).

Timer reset from NSRP Peer by admin <usr_str>


Traffic Shaping
Notification (00002)

Traffic shaping is turned { on | off | auto }

Traffic shaping clearing DSCP selector is turned { on | off }
	

Web Filtering - Redirect
Critical (00014)

Communication error with { Websense | SurfControl } server { ip_addr }: SrvErr (error_code ), SockErr (error_code), Valid (string),Connected (string)
	

Notification (00013)

Web filtering server name has been changed to <name_str>

Web filtering server port has been changed to <port_num>

Web filtering fail mode has been changed to { fail-permit | fail-block }

Web filtering timeout has been changed to <number>

Web filtering message has been changed.

Web Filtering message type has been changed to { Juniper | Websense | SurfControl }

Web Filtering socket count has been changed to <number>

{ <enabled | disabled> } for vsys <vsys>

Web Filtering source interface has been changed to <interface>

Web filtering server account name has been changed to < name_str >


Notification (00523)

Web filtering received an error from { Websense | SurfControl } (error <id_num>).

Web filtering has successfully connected { Websense | SurfControl } server (connections <number>).

Web filtering received an error from { Websense | SurfControl } (error <id_num>, flag < error_flag >, cmd < command >)


Web Filtering - Integrated
Error (00556)

UF-MGR: Failed to process a request. Reason: <string>

UF-MGR: Failed to abort a transaction. Reason: <string>

UF-MGR: UF Key Expired (expiration date: <date>; current date: <date> ).

UF-MGR: Failed to { enable | disable } cache.

UF-MGR: Internal Error: <string>
	

Notification (00556)

UF-MGR: Cache size changed to <number>(K).

UF-MGR: Cache timeout changes to <number> (hours).

UF-MGR: Category update interval changed to <number> (weeks).

UF-MGR: Cache { enabled | disabled }.

UF-MGR: URL BLOCKED: ip_addr (%d) -> ip_addr (%d), <string> action: <string>, category: <string>, reason <string>

UF-MGR: URL FILTER ERR: ip_addr (%d) -> ip_addr (%d), host: <string> page: <string> code: <string> reason: <string>.

UF-MGR: Primary CPA server changed to <serv_name>.

UF-MGR: %s CPA server host changed to %s.

UF-MGR: %s CPA server port changed to <port_num>.

UF-MGR: SurfControl web filtering { enabled | disabled }. 

UF-MGR: The url <url_str> was { added into | removed from } category <name>.

UF-MGR: The category <name> was { created | removed }.

UF-MGR: The profile <name> was { created | removed }.

UF-MGR: The category <name> was added into profile <name> with action <string>.

UF-MGR: The category <name> was set in profile <name> as the { black | white } list.

UF-MGR: The category <name> was removed from profile <name> with action <string>.

UF-MGR: The action for other in profile <name> was set to <string>.

UF-MGR: The action for <name> in profile <name> was changed to <string>.

UF-MGR: The profile <name> { white list | black list } was removed.

UF-MGR: The category list from the CPA server has been updated onto the device.
	

User
Notification (00014)

The user <usr_str> has been { enabled | disabled } by <name_str>

The user group <grp_name> has been { added | deleted | modified } by <name_str>
	
	

VIP
Critical (00023)

VIP server <ip_addr> cannot be contacted.
	

Critical (00102)

Utilization of DIP pool <id_num> in vsys <vsys> hits raise threshold <number>.
	

Critical (00103)

Utilization of DIP pool <id_num> in vsys <vsys> hits clear threshold <number>.
	

Notification (00021)

DIP IP pool %d was removed from DIP group %d %s

VIP multi-port was { enabled | disabled }

VIP (<ip_addr>:<port_num1> <svc_num> <port_num2>) has been { added | modified | deleted }
	

Notification (00533)

VIP server <ip_addr> is now alive.

VIP server <ip_addr> is now in manual mode.
	

VPNs
Critical (00040)

VPN <name_str> [ for <usr_name> ] from <ip_addr> is up.
	

Critical (00041)

VPN <name_str> [ for <usr_name> ] from <ip_addr> is down.
	

Notification (00017)

VPN <name_str> has been bound to tunnel { interface <interface> | zone <zone> }.

VPN <name_str> has been unbound from tunnel zone <zone>.

VPN monitoring interval has been unset.

VPN monitoring threshold has been unset.

VPN monitoring interval has been set to <number> seconds.

VPN monitoring threshold has been set to <number>.

VPN monitoring for VPN <name_str> has been enabled (src int <interface>, dst IP <ip_addr>, rekeying { enabled | disabled }, scalability optimization { enabled | disabled }).

VPN monitoring for VPN <name_str> has been disabled.

IPSec NAT-T for VPN <name_str> has been { enabled | disabled }.

The DF-BIT for VPN <name_str> has been set to { clear | set | copy }.

VPN <name_str> with gateway <name_str2> and P2 proposal <name> has been { added | modified | deleted }

VPN <name_str> with gateway <ip_addr> and SPI <hex_num1>/<hex_num2> has been { added | modified | deleted }
	

Information (00536)

A Manual Key VPN tunnel using AES encryption is not allowed for SSH.

IKE <ip_addr>: IP address of local int has been changed to 0.0.0.0, and VPNs cannot terminate at it.

IKE <ip_addr>: IP address of local int has been changed from 0.0.0.0 to <ip_addr>.

IKE <ip_addr>: Policy ID <id_num> failed over from SA <id_num1> to SA <id_num2>.

IKE <ip_addr>: VPN ID number cannot be assigned.

VPN monitoring for VPN <name_str> has deactivated the SA with ID <number>.

Phase 2 SA for tunnel ID <id_num> has been idle too long. Deactivated P2 SA and sent a Delete msg to peer.
	

Virtual Router
Notification (00049)

A <virtual_router_type> virtual router using name <vrouter> and id <id_num> has been created

A virtual router with name “<vrouter>” and ID <id_num> has been removed

The auto-route-export feature in virtual router “<vrouter>” has been { enabled | disabled }

The maximum number of routes that can be created in virtual router “<vrouter>” is <number>

The router-id that can be used by OSPF, BGP routing instances in virtual router “<vrouter>” has been set to <id_num>

The routing preference for protocol <name_str> in virtual router “<vrouter>” has been set to <number>

The virtual router “<vrouter>” has been made default virtual router for virtual system (<vsys_name>)

The virtual router “<vrouter>” has been made { sharable | unsharable }

The system default-route through virtual router “<vrouter1>” has been added in virtual router “<vrouter2>”

The maximum routes limit in virtual router <vrouter> has been removed.

The router-id of virtual router “<vrouter>” used by OSPF, BGP routing instances id has been uninitialized.

The routing preference for protocol <name_str> in virtual router “<vrouter>” has been reset.

The system default-route in virtual router (<vrouter>) has been removed.

Source-based routing enabled in virtual router <vrouter>

Source-based routing disabled in virtual router (<vrouter>)

SNMP trap made private in virtual router <vrouter>

SNMP trap made public in virtual router <vrouter>

Fast route lookup was { enabled | disabled } in virtual router <vrouter>

Routes defined on inactive interfaces { will | will not } be exported into other virtual routers, protocols in virtual router (<vrouter>)

The subnetwork conflict checking feature for interfaces in virtual router <vrouter> was removed.

Subnetwork conflict checking for interfaces in virtual router (<vrouter>) has been enabled.
	
Route-lookup preference changed to <route_lookup_method_name> (<preference_value>) => 
<route_lookup_method_name> (<preference_value>) => <route_lookup_method_name> 
(<preference_value>) in virtual router (<vrouter>).

SIBR routing { disabled |enabled } in virtual router <vrouter>


Vsys
Notification (00032)

Vsys <name_str> has been { created | removed } by < name_str >

Vsys <name_str> has been changed to <name_str> by configuration change <command>

ID for vsys <vsys_name > has been changed from < vsys_id_1 > to < vsys_id_2 > by configuration change <command>

NSRP VSD group ID for vsys <name_str> has been changed from <id_num1> to <id_num2> by configuration change <command>
	

Notification (00043)

IP classification has been { enabled | disabled } for zone <zone>

IP classification object { net <ip_addr1>/<mask> | range <ip_addr2>-<ip_addr3> } has been { added | deleted } for zone <zone>


Notification (00515)

Vsys admin user <username> has logged on via the console.

Vsys admin user <username> has logged on via Telnet from remote IP address <ip_addr> using port <port>
	

WLAN
The following are related to the wireless interface, refered to in the messages as AP, on the device.
Alert(00026)

Wireless AP fatal error: <error_string >
	

Error (00026)

Wireless AP re-activated with error: <CLI sequence > Error index: < index > Error code: < code >
	

Notification (00026)

Wireless AP in <mode_string > mode

Wireless CLI updated: < command_string >

Wireless station event: < event_string >

Wireless RADIUS event: < event_string >
	

Zone
Notification (00037)

New zone <zone> (ID <id_num>) was created.

Zone <zone> (ID <id_num>) was deleted.

Zone <zone> was bound to virtual router <vrouter>

Zone <zone> was unbound from virtual router <vrouter>

Tunnel zone <zone1> was bound to out zone <zone2>

Intra-zone block for zone <zone> was set to { on | off }

Zone <zone> was changed to { shared | non-shared }.

IP/TCP reassembly for ALG was { enabled | disabled } on zone <zone>

Asymmetric vpn was{ enabled | disabled } on zone <zone>