beautypg.com

Firewall and nat alarms and reports – Enterasys Networks Security Router X-PeditionTM User Manual

Page 436

background image

Firewall and NAT Alarms and Reports

A-14 Alarms/Events, System Limits, and Standard ASCII Table

Firewall and NAT Alarms and Reports

The XSR reports logging messages for firewall and NAT functionality as listed below. Low
system-level logging messages are classified at Levels 4 or 6 while Medium system-level alarms
are classified at Level 3. The format codes used in report text are defined as follows:

%CMD - ACTIVEX, JAVA or CLS application commands

%IP1 - Source IP address. E.g.: 192.168.1.1

%IP2 - Source IP address -> Destination IP address. E.g.: 192.168.1.1 -> 10.10.10.1

%IP_P2 - Source IP address and port # ->Destination IP address and port #. E.g.:
192.168.1.1(12352) -> 10.10.10.1(21)

%IP_TC - Source IP address with type x & code x. E.g.: 192.168.1.1 type 8 (echo) code 2
(subset)

%IP2_ICMP - Source IP address -> Destination IP address with type x and code x. E.g.:
192.168.1.1 -> 10.10.10.1 type 8 code 0

%IP2_X - Source IP address -> Destination IP address with protocol # (0-255) (in
hexidecimal format). E.g.: 192.168.1.1 -> 10.10.10.1 protocol 7

%POL - Name of the firewall policy that causes this report, that is: allow log, TCP, or UDP

SERIAL

Serial a/b - DSR Up CTS Down (MUX_UP)

Serial port has detected an EIA transition which will cause an
interface up condition. This alarm is additional to the high
severity Interface , changed state to up}

SERIAL

Serial a/b - DSR/CTS Down (MUX_UP)

Serial port has detected an EIA transition which will cause an
interface up condition. This alarm is additional to the high
severity Interface , changed state to up}

FR

serial a/b:d, un-configured DLCI nnn reported
active by LMI

FR switch reports that the DLCI nn is active but the Dlci is not
configured on the interface.

FR

serial a/b:d, packet arrived on unconfigured
DLCI nnn

Table A-8 Low Severity Alarms/Events (continued)

Module

Message

Description

Table A-9 Firewall and NAT Alarms

Severity

Report Text

0 - EMERG

Bad NAT entry pointer passed to freeAddrTransEntry()

0 - EMERG

Init: Failed to allocate memory for NAT cache

1 - ALERT

DHCP module resolved a new IP Address for NAT: %IP1

1 - ALERT

DHCP module resolved a new IP Mask for NAT: %IP1

1 - ALERT

DHCP module resolved a new router's IP address: %IP1

1 - ALERT

NAT: Attempt made to bypass NAT by a GRE packet, %IP2

1 - ALERT

NAT: Attempt made to bypass NAT, %IP_P2

2 - CRIT

Init: Error reading NAT Mapper table

3 - ERROR

NAT: No NAT entry found, %IP_P2

See also other documents in the category Enterasys Networks Hardware: