Event Logging Overview

FAU_GEN.1

None

None

FAU_GEN.2

None

None

Sep 27 15:09:36 yeti sshd[6529]: Accepted publickey for root from 10.163.18.165 port 45336 ssh2: RSA SHA256:l1vri77TPQ4VaupE2NMYiUXPnGkqBWIgD5vW0OuglGI

…

Sep 27 15:09:40 yeti sshd[6529]: Received disconnect from 10.163.18.165 port 45336:11: disconnected by user

Sep 27 15:09:40 yeti sshd[6529]: Disconnected from 10.163.18.165 port 45336

Sep 27 23:36:49 yeti ssh-keygen [67873]: Generated SSH key file /root/.ssh/id_rsa.pub with fingerprint SHA256:g+7lsR7x4lQb1JT8Q3scfb2sOl8lyccojGdmkmw4dwM

FAU_STG_EXT.1

Configuration of local audit settings

Identity of account making changes to the audit configuration

Jun 30 12:15:03 router1 mgd[4321]: UI_CMDLINE_READ_LINE: User 'root', command 'set system syslog file Audit-File authorization info'

FCS_CKM.1

None

None

<29>1 2025-06-24T02:19:29.342-07:00 srx pkid 18524 PKID_PV_KEYPAIR_GEN [junos@2636.1.1.1.2.105 argument1="256" argument2="ECDSA" argument3="cert1"] A 256 bit ECDSA key-Pair has been generated for cert1

<29>1 2025-06-24T02:19:39.430-07:00 srx pkid 18524 PKID_PV_KEYPAIR_GEN [junos@2636.1.1.1.2.105 argument1="384" argument2="ECDSA" argument3="cert2"] A 384 bit ECDSA key-Pair has been generated for cert2

<29>1 2025-06-24T02:19:58.585-07:00 srx pkid 18524 PKID_PV_KEYPAIR_GEN [junos@2636.1.1.1.2.105 argument1="521" argument2="ECDSA" argument3="cert3"] A 521 bit ECDSA key-Pair has been generated for cert3

<29>1 2025-06-24T02:20:18.047-07:00 srx pkid 18524 PKID_PV_KEYPAIR_GEN [junos@2636.1.1.1.2.105 argument1="2048" argument2="RSA" argument3="cert4"] A 2048 bit RSA key-Pair has been generated for cert4

<29>1 2025-06-24T02:20:44.134-07:00 srx pkid 18524 PKID_PV_KEYPAIR_GEN [junos@2636.1.1.1.2.105 argument1="4096" argument2="RSA" argument3="cert5"] A 4096 bit RSA key-Pair has been generated for cert5

FCS_CKM.2

None

None

FCS_CKM.4

None

None

FCS_COP.1/DataEncryption

None

None

Jun 24 21:50:01.508374 [DET] [STAK] [4.4.4.2 <-> 3.3.3.1] 4.4.4.2:500 (Initiator) <-> 3.3.3.1:500 { 156ed64d 2b02f270 - ddd08a8b 982a5265 [-1] / 0x00000000 } IP; MESSAGE: Phase 1 version = 1.0, auth_method = Pre shared keys, cipher = aes-cbc, hash = sha256, prf = hmac-sha256-128, life = 0 kB / 28800 sec, key len = 256, group = 14

Jun 24 21:50:01.651156 [DET] [STAK] [4.4.4.2 <-> 3.3.3.1] :500 (Initiator) <-> 3.3.3.1:500 { 156ed64d 2b02f270 - ddd08a8b 982a5265 [0] / 0xd7e490a1 } QM; MESSAGE: SA[0][0] = ESP aes, life = 0 kB/3600 sec, group = 14, tunnel, hmac-sha256-128, Extended seq not used, key len = 192, key rounds = 0

FCS_COP.1/SigGen

None

None

FCS_COP.1/Hash

None

None

FCS_COP.1/KeyedHash

None

None

<190>1 2025-04-16T05:58:18.804-07:00 srx mgd 19107 UI_LOGIN_EVENT [junos@2636.1.1.1.2.105 username="root" class-name="super-user" local-peer="" pid="19107" ssh-connection="10.220.192.90 49476 10.204.135.53 22" client-mode="cli"] User 'root' login, class 'super-user' [19107], ssh-connection '10.220.192.90 49476 10.204.135.53 22', client-mode 'cli'

FCS_RBG_EXT.1

None

None

FDP_RIP.2

None

None

FIA_AFL.1

Unsuccessful login attempts limit is met or exceeded.

Origin of the attempt (e.g., IP address).

"<37>1 2025-07-22T23:53:36.294-07:00 srx sshd - SSHD_LOGIN_FAILED [junos@2636.1.1.1.2.105 username=""crypto-officer"" source-address=""10.220.208.11""] Login failed for user 'crypto-officer' from host '10.220.208.11'

<37>1 2025-07-22T23:53:51.302-07:00 srx sshd - SSHD_LOGIN_ATTEMPTS_THRESHOLD [junos@2636.1.1.1.2.105 limit=""3"" username=""crypto-officer""] Threshold for unsuccessful authentication attempts (3) reached by user 'crypto-officer'

<38>1 2025-07-22T23:53:51.302-07:00 srx sshd 60722 - - Disconnecting authenticating user crypto-officer 10.220.208.11 port 40163: Too many password failures for crypto-officer [preauth]"

FIA_PMG_EXT.1

None

None

FIA_UIA_EXT.1

All use of identification and authentication mechanism.

Origin of the attempt (e.g., IP address).

<190>1 2025-07-22T23:55:29.407-07:00 srx mgd 60877 UI_AUTH_EVENT [junos@2636.1.1.1.2.105 username="crypto-officer" authentication-level="j-super-user"] Authenticated user 'crypto-officer' assigned to class 'j-super-user'

FIA_UAU.7

None

None

No visual or other information presented to the used when the password is entered

[edit]

root@srx:fips# set system login user crypto-user class super-user authentication plain-text-password

New password:

Retype new password:

[edit]

root@srx:fips#

FMT_MOF.1/ManualUpdate

Any attempt to initiate a manual update.

None

"<190>1 2030-01-01T01:06:51.836-08:00 srx mgd 75803 UI_CMDLINE_READ_LINE [junos@2636.1.1.1.2.105 username=""crypto-officer"" command=""request vmhost software add /var/home/regress/junos-vmhost-install-srx-x86-64-24.4R1.9.tgz no-validate ""] User 'crypto-officer', command 'request vmhost software add /var/home/regress/junos-vmhost-install-srx-x86-64-24.4R1.9.tgz no-validate '

<31>1 2030-01-01T01:07:02.322-08:00 srx mgd 75803 - - PVIDB: Attribute 'mgd.skip_validate' not present in Db

<190>1 2030-01-01T01:07:02.325-08:00 srx mgd 75803 UI_CHILD_START [junos@2636.1.1.1.2.105 command=""/usr/libexec/ui/package""] Starting child '/usr/libexec/ui/package'

<29>1 2030-01-01T01:07:02.327-08:00 srx mgd 75803 - - /usr/libexec/ui/package -X update /var/home/regress/junos-vmhost-install-srx-x86-64-24.4R1.9.tgz -no-validate"

FMT_MTD.1/CoreData

None

None

Accepted keyboard-interactive/pam for crypto-user from 10.220.196.32 port 34972 ssh2

<190>1 2025-06-24T22:13:28.707-07:00 srx mgd 8088 UI_LOGIN_EVENT [junos@2636.1.1.1.2.105 username="crypto-user" class-name="j-super-user" local-peer="" pid="8088" ssh-connection="10.220.196.32 34972 10.204.135.53 22" client-mode="cli"] User 'crypto-user' login, class 'j-super-user' [8088], ssh-connection '10.220.196.32 34972 10.204.135.53 22', client-mode 'cli'

<35>1 2025-06-24T22:14:12.648-07:00 srx sshd 8093 - - error: PAM: Authentication error for crypto-user from 10.220.196.32

<37>1 2025-06-24T22:14:12.648-07:00 srx sshd - SSHD_LOGIN_FAILED [junos@2636.1.1.1.2.105 username="crypto-user" source-address="10.220.196.32"] Login failed for user 'crypto-user' from host '10.220.196.32'

FMT_SMF.1

All management activities of TSF data

None

"<190>1 2025-07-23T03:19:19.017-07:00 srx mgd 75803 UI_CMDLINE_READ_LINE [junos@2636.1.1.1.2.105 username=""crypto-officer"" command=""set groups global system processes ntp enable ""] User 'crypto-officer', command 'set groups global system processes ntp enable '

<190>1 2025-07-23T03:19:19.021-07:00 srx mgd 75803 UI_CMDLINE_READ_LINE [junos@2636.1.1.1.2.105 username=""crypto-officer"" command=""set groups global system ntp server 66.129.233.81 ""] User 'crypto-officer', command 'set groups global system ntp server 66.129.233.81 '

<190>1 2025-07-23T03:19:21.030-07:00 srx mgd 75803 UI_CMDLINE_READ_LINE [junos@2636.1.1.1.2.105 username=""crypto-officer"" command=""commit ""] User 'crypto-officer', command 'commit '

<190>1 2025-07-23T03:19:22.083-07:00 srx mgd 75803 UI_COMMIT_PROGRESS [junos@2636.1.1.1.2.105 message=""commit complete""] Commit operation in progress: commit complete

<188>1 2025-07-23T03:19:22.083-07:00 srx mgd 75803 UI_COMMIT_COMPLETED [junos@2636.1.1.1.2.105 message=""commit complete""] : commit complete"

"<190>1 2025-07-23T02:56:34.518-07:00 srx mgd 73306 UI_COMMIT_PROGRESS [junos@2636.1.1.1.2.105 message=""signaling 'IDP policy daemon', pid 43653, signal 1, status 0 with notification errors enabled""] Commit operation in progress: signaling 'IDP policy daemon', pid 43653, signal 1, status 0 with notification errors enabled

<29>1 2025-07-23T02:56:35.006-07:00 srx idpd 75376 IDP_COMMIT_COMPLETED - IDP policy commit is complete."

FMT_SMR.2

None

None

FPT_SKP_EXT.1

None

None

FPT_APW_EXT.1

None

None

FPT_TST_EXT.1

None

None

<118>1 2025-06-24T22:34:21.401-07:00 srx kernel - - - Initializing Verified Exec:

<118>1 2025-06-24T22:34:21.401-07:00 srx kernel - - - FIPS veriexec ECDSA Verify Known Answer Test: Passed

<118>1 2025-06-24T22:34:21.401-07:00 srx kernel - - - Verified os-kernel-prd-x86-64-20250502 signed by PackageProductionECP256_2025 method ECDSA256+SHA256

<118>1 2025-06-24T22:34:21.401-07:00 srx kernel - - - Enforcing Verified Exec:

<118>1 2025-06-24T22:34:21.401-07:00 srx kernel - - - Verified os-pkgrs-x86-64-20250502 signed by PackageProductionECP256_2025 method ECDSA256+SHA256

<118>1 2025-06-24T22:34:21.401-07:00 srx kernel - - - Mounting os-pkgrs-x86-64-20250502.4791b2b_builder_bsd15_244

<118>1 2025-06-24T22:34:21.401-07:00 srx kernel - - - Verified os-libs-15-x86-64-20250502.4791b2b_builder_bsd15_244 signed by PackageProductionECP256_2025 method ECDSA256+SHA256

<118>1 2025-06-24T22:34:21.401-07:00 srx kernel - - - Mounting os-libs-15-x86-64-20250502.4791b2b_builder_bsd15_244

<118>1 2025-06-24T22:34:21.401-07:00 srx kernel - - - Verified os-runtime-x86-64-20250502.4791b2b_builder_bsd15_244 signed by PackageProductionECP256_2025 method ECDSA256+SHA256

<118>1 2025-06-24T22:34:21.401-07:00 srx kernel - - - Mounting os-runtime-x86-64-20250502.4791b2b_builder_bsd15_244

<118>1 2025-06-24T22:34:21.401-07:00 srx kernel - - - Verified os-package-20241014.220147_builder_main signed by PackageProductionECP256_2024 method ECDSA256+SHA256

<118>1 2025-06-24T22:34:21.401-07:00 srx kernel - - - Mounting os-package-20241014.220147_builder_main

FPT_TUD_EXT.1

Initiation of update; result of the update attempt (success or failure)

None

"<118>1 2030-01-01T01:27:07.985-08:00 srx kernel - - - @ 1893489908 [2030-01-01 09:25:08 UTC] preboot

<118>1 2030-01-01T01:27:07.985-08:00 srx kernel - - - Initializing Verified Exec:

<118>1 2030-01-01T01:27:07.985-08:00 srx kernel - - - FIPS veriexec ECDSA Verify Known Answer Test: Passed

<118>1 2030-01-01T01:27:07.985-08:00 srx kernel - - - Verified os-kernel-prd-x86-64-20241104 signed by PackageProductionECP256_2024 method ECDSA256+SHA256

<118>1 2030-01-01T01:27:07.985-08:00 srx kernel - - - Enforcing Verified Exec:

<118>1 2030-01-01T01:27:07.985-08:00 srx kernel - - - Verified os-libs-15-x86-64-20241104 signed by PackageProductionECP256_2024 method ECDSA256+SHA256

<118>1 2030-01-01T01:27:07.985-08:00 srx kernel - - - Mounting os-libs-15-x86-64-20241104.1ed86e6_builder_bsd15_244

<118>1 2030-01-01T01:27:07.985-08:00 srx kernel - - - Verified os-runtime-x86-64-20241104 signed by PackageProductionECP256_2024 method ECDSA256+SHA256

<118>1 2030-01-01T01:27:07.985-08:00 srx kernel - - - Mounting os-runtime-x86-64-20241104.1ed86e6_builder_bsd15_244

<118>1 2030-01-01T01:27:07.985-08:00 srx kernel - - - Verified os-package-20241014 signed by PackageProductionECP256_2024 method ECDSA256+SHA256

<118>1 2030-01-01T01:27:07.985-08:00 srx kernel - - - Mounting os-package-20241014.220147_builder_main"

FPT_STM_EXT.1

• For discontinuous changes to time: The old and new values for the time.

• Origin of the attempt to change time for success and failure (such as, IP address).

<30>1 2030-01-01T01:01:01.000-08:00 srx nsd 43689 NSD_SYS_TIME_CHANGE - System time has changed.

FTA_SSL_EXT.1

The termination of a local session by the session lock.

None

cli -UI_CLI_IDLE_TIMEOUT [junos@2636.1.1.1.2.164 username="root"] Idle timeout for user 'root' exceeded and session terminated

FTA_SSL.3

The termination of a remote session by the session locking mechanism.

None

cli - UI_CLI_IDLE_TIMEOUT [junos@2636.1.1.1.2.164 username="root"] Idle timeout for user 'root' exceeded and session terminated

FTA_SSL.4

The termination of an interactive session.

None

mgd 71668 UI_LOGOUT_EVENT [junos@2636.1.1.1.2.164 username="root"] User 'root' logout

User-Initiated Termination - The mechanism used to terminate a remote interactive session or a local administrative session is via the “exit” command.

FTA_TAB.1

None

None

ssh security-officer@srx-host

Authorized access only.

Unauthorized use is prohibited.

(root@srx-host) Password:

FCS_SSHS_EXT.1

FTP_ITC.1

• Initiation of the trusted channel.
• Termination of the trusted channel.
• Failure of the trusted channel functions.

• None
• None

• Reason for failure

"Initiation of the trusted path

sshd 72418 - - Accepted keyboard-interactive/pam for root from 10.223.5.251 port 42482 ssh2

Termination of the trusted path

sshd 72418 - - Disconnected from user root 10.223.5.251 port 42482 Failure of the trusted path

sshd - SSHD_LOGIN_FAILED [junos@2636.1.1.1.2.164 username=""root"" source-address=""10.223.5.251""] Login failed for user 'root' from host '10.223.5.251'"

FTP_TRP.1/Admin

• Initiation of the trusted path.
• Termination of the trusted path.
• Failure of the trusted path functions.

• None
• None

• Reason for failure

"Initiation of the trusted path

sshd 72418 - - Accepted keyboard-interactive/pam for root from 10.223.5.251 port 42482 ssh2

Termination of the trusted path

sshd 72418 - - Disconnected from user root 10.223.5.251 port 42482

Failure of the trusted path

sshd - SSHD_LOGIN_FAILED [junos@2636.1.1.1.2.164 username=""root"" source-address=""10.223.5.251""] Login failed for user 'root' from host '10.223.5.251'"

FIA_X509_EXT.1/Rev

• Unsuccessful attempt to validate a certificate
• Any addition, replacement or removal of trust anchors in the TOE's trust store

• Reason for failure of certificate validation
• identification of certificates added, replaced or removed as trust anchor in the TOE's trust store

verify-sig 72830 - - cannot validate ecerts.pem: subject issuer mismatch: /C=US/ST=CA/L=Sunnyvale/O=Juniper Networks/OU=Juniper CA/CN=PackageProduction TestEc_2017_NO_DEFECTS/emailAddress =ca@juniper.net

FIA_X509_EXT.2

None

None

FIA_X509_EXT.3

None

None

FMT_MOF.1/Functions

None

None

FMT_MOF.1/Services

None

None

FMT_MTD.1/CryptoKeys

None

None

FFW_RUL_EXT.1

Application of rules configured with the ‘log’ operation

• Source and destination addresses.

• Source and destination ports.

• Transport Layer Protocol.

• TOE Interface.

"RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.164 source-address=""1.1. 1.2"" source-port=""10001"" destination-address=""2.2.2.2"" destination-port=""21"" connection-tag=""0"" service-name=""junos-ftp"" nat-source-address=""1.1.1.2"" nat-source-port=""10001"" nat-de stination-address=""2.2.2.2"" nat-destination-port=""21"" nat-connection-tag=""0"" src-nat-rule-type=""N/A"" src-nat-rule-name=""N/A"" dst-nat-rule-type=""N/A"" dst-nat-rule-name=""N/A"" protoco l-id=""6"" policy-name=""p1"" source-zone-name=""ZO_A"" destination-zone-name=""ZO_B"" session-id-32=""5"" username=""N/A"" roles=""N/A"" packet-incoming-interface=""ge-0/0/0.0"" application=""UNKN OWN"" nested-application=""UNKNOWN"" encrypted=""UNKNOWN"" application-category=""N/A"" application-sub-category=""N/A"" application-risk=""-1"" application-characteristics=""N/A"" src-vrf-grp= ""N/A"" dst-vrf-grp=""N/A""] session created 1.1.1.2/10001->2.2.2.2/21 0x0 junos-ftp 1.1.1.2/10001->2.2.2.2/21 0x0 N/A N/A N/A N/A 6 p1 ZO_A ZO_B 5 N/A(N/A) ge-0/0/0.0 UNKNOWN UNKNOWN UNKNOWN N/A N/A -1 N/A N/A N/A

RT_FLOW - RT_FLOW_SESSION_DENY [junos@2636.1.1.1.2.164 source-address=""1.1.1. 2"" source-port=""10001"" destination-address=""2.2.2.2"" destination-port=""21"" connection-tag=""0"" service-name=""junos-ftp"" protocol-id=""6"" icmp-type=""0"" policy-name=""p2"" source-zone-na me=""ZO_A"" destination-zone-name=""ZO_B"" application=""UNKNOWN"" nested-application=""UNKNOWN"" username=""N/A"" roles=""N/A"" packet-incoming-interface=""ge-0/0/0.0"" encrypted=""No"" reason=""D enied by policy"" session-id-32=""3"" application-category=""N/A"" application-sub-category=""N/A"" application-risk=""-1"" application-characteristics=""N/A"" src-vrf-grp=""N/A"" dst-vrf-grp="" N/A""] session denied 1.1.1.2/10001->2.2.2.2/21 0x0 junos-ftp 6(0) p2 ZO_A ZO_B UNKNOWN UNKNOWN N/A(N/A) ge-0/0/0.0 No Denied by policy 3 N/A N/A -1 N/A N/A N/A"

FMT_SMF.1/FFW

"<188>1 2025-07-23T04:56:14.744-07:00 srx mgd 50109 UI_RESTART_EVENT [junos@2636.1.1.1.2.105 username=""crypto-officer"" process-name=""Chassis control process"" description="" immediately""] User 'crypto-officer' restarting daemon 'Chassis control process' immediately

<35>1 2025-07-23T04:56:14.748-07:00 srx jlaunchd 43488 - - chassis-control (PID 43576) terminated by signal number 9!

<38>1 2025-07-23T04:56:14.749-07:00 srx jlaunchd 43488 - - Registered PID 52971(chassis-control): exec_command

<38>1 2025-07-23T04:56:14.749-07:00 srx jlaunchd 43488 - - chassis-control (PID 52971) started

<38>1 2025-07-23T04:56:14.749-07:00 srx jlaunchd 43488 - - Registered PID 52971(chassis-control): new process"

FCS_IPSEC_EXT.1

Failure to establish an IPsec SA

Reason for failure

"<30>1 2025-06-15T01:26:49.203-07:00 srx iked 18037 IKE_VPN_UP_ALARM_USER [junos@2636.1.1.1.2.590 vpn-name=""IPSEC_VPN"" remote-address=""4.4.4.2"" local-address=""3.3.3.1"" gateway-name=""IKE_GW"" group-name=""IPSEC_VPN"" tunnel-id=""500042"" interface-name=""st0.0"" internal-ip=""4.4.4.2"" name=""3.3.3.1"" peer-name=""4.4.4.2"" client-name=""Not-applicable"" vrrp-group-id=""root"" traffic-selector-name=""default_any_any_v4"" traffic-selector-cfg-local-id=""ipv4(0,0-65535,0.0.0.0-255.255.255.255) "" traffic-selector-cfg-remote-id=""ipv4(0,0-65535,0.0.0.0-255.255.255.255) "" argument1=""dynamic"" argument2=""No""] VPN IPSEC_VPN from 4.4.4.2 is up. Local-ip: 3.3.3.1, gateway name: IKE_GW, vpn name: IPSEC_VPN, tunnel-id: 500042, local tunnel-if: st0.0, remote tunnel-ip: 4.4.4.2, Local IKE-ID: 3.3.3.1, Remote IKE-ID: 4.4.4.2, AAA username: Not-applicable, VR id: root, Traffic-selector: default_any_any_v4, Traffic-selector local ID: ipv4(0,0-65535,0.0.0.0-255.255.255.255) , Traffic-selector remote ID: ipv4(0,0-65535,0.0.0.0-255.255.255.255) , SA Type: dynamic, Service Offload: No

Jun 15 01:30:59.026765 [TER] [ATEC] [3.3.3.1 <-> 4.4.4.2] IKEv1 packet R(3.3.3.1:500 <- 4.4.4.2:500): len= 64, mID=f801187a, HDR, N(NO_PROPOSAL_CHOSEN)

Jun 15 01:30:59.026969 [DET] [ATEC] [3.3.3.1 <-> 4.4.4.2] ike-sa-done, sanity check failed status No proposal chosen vendor-ike-sa: 0x3533820

Jun 15 01:30:59.027065 [TER] [ATEC] [3.3.3.1 <-> 4.4.4.2] IKEv1 Error : No proposal chosen"

FCS_NTP_EXT.1

• Configuration of a new time server

• Removal of configured time server

<182>1 2025-07-23T21:47:23.745-07:00 srx mgd 25646 UI_CFG_AUDIT_OTHER [junos@2636.1.1.1.2.105 username="root" action="delete" pathname="[groups global system ntp server 66.129.233.81]" delimiter="" value=""] User 'root' delete: [groups global system ntp server 66.129.233.81]

FCS_SSHC_EXT.1

FAU_GEN.1/VPN

<118>1 2025-06-24T23:27:13.000-07:00 metalbird kernel - - - jlaunchd: JLAUNCHD_PROC_EXIT: process ipsec-key-management (PID 19601) exited with status 127

<38>1 2025-06-24T23:27:13.234-07:00 metalbird jlaunchd 16353 - - Registered PID 19605(ipsec-key-management): exec_command

<38>1 2025-06-24T23:27:13.234-07:00 metalbird jlaunchd 16353 - - ipsec-key-management (PID 19605) started

<38>1 2025-06-24T23:27:13.234-07:00 metalbird jlaunchd 16353 - - Registered PID 19605(ipsec-key-management): new process

FCS_CKM.1/IKE

FMT_SMF.1/VPN

"<190>1 2025-07-23T21:56:39.399-07:00 srx mgd 26757 UI_CMDLINE_READ_LINE [junos@2636.1.1.1.2.105 username=""root"" command=""set firewall policer p1 then discard ""] User 'root', command 'set firewall policer p1 then discard '

<190>1 2025-07-23T21:56:41.762-07:00 srx mgd 26757 UI_COMMIT_PROGRESS [junos@2636.1.1.1.2.105 message=""sending commit-check command to Firewall process(44198)""] Commit operation in progress: sending commit-check command to Firewall process(44198)"

FPT_FLS.1/SelfTest

FPT_TST_EXT.3

FPF_RUL_EXT.1

Application of rules configured with the ‘log’ operation

• Source and destination addresses.

• Source and destination ports.

• Transport Layer Protocol.

RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.164 source-address="1.1. 1.2" source-port="10001" destination-address="2.2.2.2" destination-port="53" connection-tag="0" service-name="junos-dns-udp" nat-source-address="1.1.1.2" nat-source-port="10001" na t-destination-address="2.2.2.2" nat-destination-port="53" nat-connection-tag="0" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" pro tocol-id="17" policy-name="p1" source-zone-name="A" destination-zone-name="B" session-id-32="1" username="N/A" roles="N/A" packet-incoming-interface="ge-0/0/0.0" application="UNKNO WN" nested-application="UNKNOWN" encrypted="UNKNOWN" application-category="N/A" application-sub-category="N/A" application-risk="-1" application-characteristics="N/A" src-vrf-grp=" N/A" dst-vrf-grp="N/A"] session created 1.1.1.2/10001->2.2.2.2/53 0x0 junos-dns-udp 1.1.1.2/10001->2.2.2.2/53 0x0 N/A N/A N/A N/A 17 p1 A B 1 N/A(N/A) ge-0/0/0.0 UNKNOWN UNKNOWN UN KNOWN N/A N/A -1 N/A N/A N/A

FTP_ITC.1/VPN

"<30>1 2025-06-15T01:26:49.203-07:00 srx iked 18037 IKE_VPN_UP_ALARM_USER [junos@2636.1.1.1.2.590 vpn-name=""IPSEC_VPN"" remote-address=""4.4.4.2"" local-address=""3.3.3.1"" gateway-name=""IKE_GW"" group-name=""IPSEC_VPN"" tunnel-id=""500042"" interface-name=""st0.0"" internal-ip=""4.4.4.2"" name=""3.3.3.1"" peer-name=""4.4.4.2"" client-name=""Not-applicable"" vrrp-group-id=""root"" traffic-selector-name=""default_any_any_v4"" traffic-selector-cfg-local-id=""ipv4(0,0-65535,0.0.0.0-255.255.255.255) "" traffic-selector-cfg-remote-id=""ipv4(0,0-65535,0.0.0.0-255.255.255.255) "" argument1=""dynamic"" argument2=""No""] VPN IPSEC_VPN from 4.4.4.2 is up. Local-ip: 3.3.3.1, gateway name: IKE_GW, vpn name: IPSEC_VPN, tunnel-id: 500042, local tunnel-if: st0.0, remote tunnel-ip: 4.4.4.2, Local IKE-ID: 3.3.3.1, Remote IKE-ID: 4.4.4.2, AAA username: Not-applicable, VR id: root, Traffic-selector: default_any_any_v4, Traffic-selector local ID: ipv4(0,0-65535,0.0.0.0-255.255.255.255) , Traffic-selector remote ID: ipv4(0,0-65535,0.0.0.0-255.255.255.255) , SA Type: dynamic, Service Offload: No

Jun 15 01:30:59.026765 [TER] [ATEC] [3.3.3.1 <-> 4.4.4.2] IKEv1 packet R(3.3.3.1:500 <- 4.4.4.2:500): len= 64, mID=f801187a, HDR, N(NO_PROPOSAL_CHOSEN)

Jun 15 01:30:59.026969 [DET] [ATEC] [3.3.3.1 <-> 4.4.4.2] ike-sa-done, sanity check failed status No proposal chosen vendor-ike-sa: 0x3533820

Jun 15 01:30:59.027065 [TER] [ATEC] [3.3.3.1 <-> 4.4.4.2] IKEv1 Error : No proposal chosen"

FIA_PSK_EXT.1

FIA_PSK_EXT.2

Source and destination IP addresses.

The content of the header fields that were determined to match the policy.

TOE interface that received the packet.

Aspect of the anomaly-based IPS policy rule that triggered the event (e.g. throughput, time of day, frequency, etc.).

Network-based action by the TOE (e.g. allowed, blocked, sent reset to source IP, sent blocking notification to firewall).

Jun 24 21:50:01.316626 [DET] [ATEC] [4.4.4.2 <-> 3.3.3.1] pre-shared-key callback called for ed (0x37ff028)

Jun 24 21:50:01.316643 [DET] [ATEC] [4.4.4.2 <-> 3.3.3.1] pre-shared-key authentication method is configured for ike-gateway (IKE_GW)

Jun 24 21:50:01.498486 [DET] [STAK] [4.4.4.2 <-> 3.3.3.1] ikev2_fb_find_pre_shared_key: Find pre-shared key policy call entered, IKE SA 34ede20 (neg 3508400)

"<14>1 2016-04-20T23:57:12.581-07:00 srx RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.164 source-address=""1.1.1.1"" source-port=""18498"" destination-address=""2.2.2.2"" destination-port=""1"" connection-tag=""0"" service-name=""icmp"" nat-source-address=""1.1.1.1"" nat-source-port=""18498"" nat-destination-address=""2.2.2.2"" nat-destination-port=""1"" nat-connection-tag=""0"" src-nat-rule-type=""N/A"" src-nat-rule-name=""N/A"" dst-nat-rule-type=""N/A"" dst-nat-rule-name=""N/A"" protocol-id=""1"" policy-name=""p1"" source-zone-name=""trust"" destination-zone-name=""untrust"" session-id=""2259"" username=""N/A"" roles=""N/A"" packet-incoming-interface=""ge-0/0/1.0"" application=""UNKNOWN"" nested-application=""UNKNOWN"" encrypted=""UNKNOWN"" application-category=""N/A"" application-sub-category=""N/A"" application-risk=""-1"" application-characteristics=""N/A"" src-vrf-grp=""N/A"" dst-vrf-grp=""N/A"" tunnel-inspection=""Off"" tunnel-inspection-policy-set=""root"" source-tenant=""N/A"" destination-service=""N/A"" dst-identity-context-name=""N/A"" dst-identity-context-roles=""N/A"" session-type=""N/A"" parent-session-id=""0"" client-side-stream-id=""0"" server-side-stream-id=""0""] session created 1.1.1.1/18498->2.2.2.2/1 0x0 icmp 1.1.1.1/18498->2.2.2.2/1 0x0 N/A N/A N/A N/A 1 p1 trust untrust 2259 N/A(N/A) ge-0/0/1.0 UNKNOWN UNKNOWN UNKNOWN N/A N/A -1 N/A N/A N/A Off root N/A N/A N/A N/A N/A 0 0 0

<14>1 2016-04-20T23:57:44.737-07:00 srx RT_FLOW - RT_FLOW_SESSION_DENY [junos@2636.1.1.1.2.164 source-address=""1.1.1.1"" source-port=""18499"" destination-address=""2.2.2.2"" destination-port=""1"" connection-tag=""0"" service-name=""icmp"" protocol-id=""1"" icmp-type=""8"" policy-name=""p1"" source-zone-name=""trust"" destination-zone-name=""untrust"" application=""UNKNOWN"" nested-application=""UNKNOWN"" username=""N/A"" roles=""N/A"" packet-incoming-interface=""ge-0/0/1.0"" encrypted=""No"" reason=""Denied by policy"" session-id=""2264"" application-category=""N/A"" application-sub-category=""N/A"" application-risk=""-1"" application-characteristics=""N/A"" src-vrf-grp=""N/A"" dst-vrf-grp=""N/A"" source-tenant=""N/A"" destination-service=""N/A"" user-type=""N/A"" dst-identity-context-name=""N/A"" dst-identity-context-roles=""N/A"" source-country=""N/A"" destination-country=""N/A"" session-type=""N/A"" parent-session-id=""0"" client-side-stream-id=""0"" server-side-stream-id=""0""] session denied 1.1.1.1/18499->2.2.2.2/1 0x0 icmp 1(8) p1 trust untrust UNKNOWN UNKNOWN N/A(N/A) ge-0/0/1.0 No Denied by policy 2264 N/A N/A -1 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A 0 0 0"

Enabling/disabling a TOE interface with IPS policies applied

Modification of which mode(s) is/are active on a TOE interface

<14>1 2016-04-21T00:02:58.985-07:00 srx RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.164 source-address="1.1.1.1" source-port="6789" destination-address="2.2.2.2" destination-port="2345" connection-tag="0" service-name="None" nat-source-address="1.1.1.1" nat-source-port="6789" nat-destination-address="2.2.2.2" nat-destination-port="2345" nat-connection-tag="0" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" protocol-id="6" policy-name="p1" source-zone-name="trust" destination-zone-name="untrust" session-id="2273" username="N/A" roles="N/A" packet-incoming-interface="ge-0/0/1.0" application="UNKNOWN" nested-application="UNKNOWN" encrypted="UNKNOWN" application-category="N/A" application-sub-category="N/A" application-risk="-1" application-characteristics="N/A" src-vrf-grp="N/A" dst-vrf-grp="N/A" tunnel-inspection="Off" tunnel-inspection-policy-set="root" source-tenant="N/A" destination-service="N/A" dst-identity-context-name="N/A" dst-identity-context-roles="N/A" session-type="N/A" parent-session-id="0" client-side-stream-id="0" server-side-stream-id="0"] session created 1.1.1.1/6789->2.2.2.2/2345 0x0 None 1.1.1.1/6789->2.2.2.2/2345 0x0 N/A N/A N/A N/A 6 p1 trust untrust 2273 N/A(N/A) ge-0/0/1.0 UNKNOWN UNKNOWN UNKNOWN N/A N/A -1 N/A N/A N/A Off root N/A N/A N/A N/A N/A 0 0 0

<14>1 2016-04-21T00:02:58.985-07:00 srx RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.164 source-address="1.1.1.1" source-port="6789" destination-address="2.2.2.2" destination-port="2345" connection-tag="0" service-name="None" nat-source-address="1.1.1.1" nat-source-port="6789" nat-destination-address="2.2.2.2" nat-destination-port="2345" nat-connection-tag="0" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" protocol-id="6" policy-name="p1" source-zone-name="trust" destination-zone-name="untrust" session-id="2273" username="N/A" roles="N/A" packet-incoming-interface="ge-0/0/1.0" application="UNKNOWN" nested-application="UNKNOWN" encrypted="UNKNOWN" application-category="N/A" application-sub-category="N/A" application-risk="-1" application-characteristics="N/A" src-vrf-grp="N/A" dst-vrf-grp="N/A" tunnel-inspection="Off" tunnel-inspection-policy-set="root" source-tenant="N/A" destination-service="N/A" dst-identity-context-name="N/A" dst-identity-context-roles="N/A" session-type="N/A" parent-session-id="0" client-side-stream-id="0" server-side-stream-id="0"] session created 1.1.1.1/6789->2.2.2.2/2345 0x0 None 1.1.1.1/6789->2.2.2.2/2345 0x0 N/A N/A N/A N/A 6 p1 trust untrust 2273 N/A(N/A) ge-0/0/1.0 UNKNOWN UNKNOWN UNKNOWN N/A N/A -1 N/A N/A N/A Off root N/A N/A N/A N/A N/A 0 0 0