-
%FTD-3-105010: (Primary) Failover message block alloc failed
-
%FTD-3-105052: HA cipher in use algorithm name strong encryption is AVAILABLE, please reboot to use strong cipher and preferably change the key in use.
-
%FTD-3-106010: Deny inbound protocol src [interface_name: source_address/source_port] [([idfw_user | FQDN_string], sg_info)]
dst [interface_name: dest_address/dest_port}[([idfw_user | FQDN_string], sg_info)]
-
%FTD-3-106011: Deny inbound (No xlate) string
-
%FTD-3-106014: Deny inbound icmp src interface_name: IP_address [([idfw_user | FQDN_string], sg_info)] dst interface_name:
IP_address [([idfw_user | FQDN_string], sg_info)] (type dec, code dec)
-
%FTD-3-109013: User must authenticate before using this service
-
%FTD-3-109016: Can't find authorization ACL acl_ID for user 'user'
-
%FTD-3-109018: Downloaded ACL acl_ID is empty
-
%FTD-3-109019: Downloaded ACL acl_ID has parsing error; ACE string
-
%FTD-3-109020: Downloaded ACL has config error; ACE
-
%FTD-3-109026: [aaa protocol] Invalid reply digest received; shared server key may be mismatched.
-
%FTD-3-109032: Unable to install ACL access_list, downloaded for user username; Error in ACE: ace.
-
%FTD-3-109037: Exceeded 5000 attribute values for the attribute name attribute for user username
-
%FTD-3-109038: Attribute internal-attribute-name value string-from-server from AAA server could not be parsed as a type internal-attribute-name
string representation of the attribute name
-
%FTD-3-109103: CoA action-type from coa-source-ip failed for user username, with session ID: audit-session-id.
-
%FTD-3-109104: CoA action-type from coa-source-ip failed for user username, session ID: audit-session-id. Action not supported.
-
%FTD-3-109203: UAUTH Session session, User username, Assigned IP IP Address, Failed adding entry.
-
%FTD-3-109205: UAUTH Session session, User username, Assigned IP IP Address, Failed applying filter.
-
%FTD-3-109206: UAUTH Session session, User username, Assigned IP IP Address, Removing stale entry added hours ago.
-
%FTD-3-109208: UAUTH Session session, User username, Assigned IP IP Address, Failed updating entry - no entry.
-
%FTD-3-109209: UAUTH Session session, User username, Assigned IP IP Address, Failed updating filter for entry.
-
%FTD-3-109212: UAUTH Session session, User username, Assigned IP IP Address, Failed removing entry.
-
%FTD-3-109213: UAUTH Session session, User username, Assigned IP IP Address Failed removing entry.
-
%FTD-3-113001: Unable to open AAA session. Session limit [limit] reached.
-
%FTD-3-113018: User: user, Unsupported downloaded ACL Entry: ACL_entry, Action: action
-
%FTD-3-113020: Kerberos error: Clock skew with server ip_address greater than 300 seconds
-
%FTD-3-113021: Attempted console login failed. User username did NOT have appropriate Admin Rights.
-
%FTD-3-114006: Failed to get port statistics in 4GE SSM I/O card (error error_string).
-
%FTD-3-114007: Failed to get current msr in 4GE SSM I/O card (error error_string).
-
%FTD-3-114008: Failed to enable port after link is up in 4GE SSM I/O card due to either I2C serial bus access error or switch
access error.
-
%FTD-3-114009: Failed to set multicast address in 4GE SSM I/O card (error error_string).
-
%FTD-3-114010: Failed to set multicast hardware address in 4GE SSM I/O card (error error_string).
-
%FTD-3-114011: Failed to delete multicast address in 4GE SSM I/O card (error error_string).
-
%FTD-3-114012: Failed to delete multicast hardware address in 4GE SSM I/O card (error error_string).
-
%FTD-3-114013: Failed to set mac address table in 4GE SSM I/O card (error error_string).
-
%FTD-3-114014: Failed to set mac address in 4GE SSM I/O card (error error_string).
-
%FTD-3-114015: Failed to set mode in 4GE SSM I/O card (error error_string).
-
%FTD-3-114016: Failed to set multicast mode in 4GE SSM I/O card (error error_string).
-
%FTD-3-114017: Failed to get link status in 4GE SSM I/O card (error error_string).
-
%FTD-3-114018: Failed to set port speed in 4GE SSM I/O card (error error_string).
-
%FTD-3-114019: Failed to set media type in 4GE SSM I/O card (error error_string).
-
%FTD-3-114020: Port link speed is unknown in 4GE SSM I/O card.
-
%FTD-3-114021: Failed to set multicast address table in 4GE SSM I/O card due to error.
-
%FTD-3-114022: Failed to pass broadcast traffic in 4GE SSM I/O card due to error_string
-
%FTD-3-114023: Failed to cache/flush mac table in 4GE SSM I/O card due to error_string.
-
%FTD-3-115001: Error in process: process name fiber: fiber name, component: component name, subcomponent: subcomponent name,
file: filename, line: line number, cond: condition.
-
%FTD-3-199015: syslog
-
%FTD-3-201002: Too many TCP connections on {static|xlate} global_address! econns nconns
-
%FTD-3-201004: Too many UDP connections on {static|xlate} global_address! udp connections limit
-
%FTD-3-201005: FTP data connection failed for IP_address IP_address
-
%FTD-3-201006: RCMD backconnection failed for IP_address/port.
-
%FTD-3-201008: Disallowing new connections.
-
%FTD-3-201009: TCP connection limit of number for host IP_address on interface_name exceeded
-
%FTD-3-201011: Connection limit exceeded cnt/limit for dir packet from sip/sport to dip/dport on interface if_name.
-
%FTD-3-201013: Per-client connection limit exceeded curr num/limit for [input|output] packet from ip/port to ip/port on interface
interface_name
-
%FTD-3-202010: [NAT | PAT] pool exhausted in pool-name ip_address, port range [1-511 | 512-1023 | 1024-65535]. Unable to create
protocol connection from in-interface:src-ip/src-port to out-interface:dst-ip/dst-port
-
%FTD-3-208005: (function:line_num) clear command return code
-
%FTD-3-210001: LU sw_module_name error = number
-
%FTD-3-210002: LU allocate block (bytes) failed.
-
%FTD-3-210003: Unknown LU Object number
-
%FTD-3-210005: LU allocate secondary(optional) connection failed for protocol[TCP|UDP] connection from ingress interface name:Real
IP Address/Real Port to egress interface name:Real IP Address/Real Port
-
%FTD-3-210006: LU look NAT for IP_address failed
-
%FTD-3-210007: LU allocate xlate failed for type[static | dynamic]-[NAT | PAT] secondary(optional) protocol translation from
ingress interface name:Real IP Address/real port (Mapped IP Address/Mapped Port) to egress interface name:Real IP Address/Real
Port (Mapped IP Address/Mapped Port)
-
%FTD-3-210008: LU no xlate for inside_address/inside_port outside_address/outside_port
-
%FTD-3-210010: LU make UDP connection for outside_address:outside_port inside_address:inside_port failed
-
%FTD-3-210020: LU PAT port port reserve failed
-
%FTD-3-210021: LU create static xlate global_address ifc interface_name failed
-
%FTD-3-211001: Memory allocation Error
-
%FTD-3-211003: Error in computed percentage CPU usage value
-
%FTD-3-212001: Unable to open SNMP channel (UDP port port) on interface interface_number, error code = code
-
%FTD-3-212002: Unable to open SNMP trap channel (UDP port port) on interface interface_number, error code = code
-
%FTD-3-212003: Unable to receive an SNMP request on interface interface_number, error code = code, will try again.
-
%FTD-3-212004: Unable to send an SNMP response to IP Address IP_address Port port interface interface_number, error code =
code
-
%FTD-3-212005: incoming SNMP request (number bytes) on interface interface_name exceeds data buffer size, discarding this
SNMP request.
-
%FTD-3-212006: Dropping SNMP request from src_addr/src_port to ifc:dst_addr/dst_port because: reason username.
-
%FTD-3-212010: Configuration request for SNMP user %s failed. Host %s reason.
-
%FTD-3-212011: SNMP engineBoots is set to maximum value. Reason: %s User intervention necessary.
-
%FTD-3-212012: Unable to write SNMP engine data to persistent storage.
-
%FTD-3-216002: Unexpected event (major: major_id, minor: minor_id) received by task_string in function at line: line_num
-
%FTD-3-216003: Unrecognized timer timer_ptr, timer_id received by task_string in function at line: line_num
-
%FTD-3-219002: I2C_API_name error, slot = slot_number, device = device_number, address = address, byte count = count. Reason:
reason_string
-
%FTD-3-302019: H.323 library_name ASN Library failed to initialize, error code number
-
%FTD-3-302302: ACL = deny; no sa created
-
%FTD-3-305006: {outbound static|identity|portmap|regular) translation creation failed for protocol src interface_name:source_address/source_port
[(idfw_user)] dst interface_name:dest_address/dest_port [(idfw_user)]
-
%FTD-3-305016: Unable to create protocol connection from real_interface:real_host_ip/real_source_port to real_dest_interface:real_dest_ip/real_dest_port
due to reason.
-
%FTD-3-305017: Pba-interim-logging: Active ICMP block of ports for translation from <source device IP> to <destination device
IP>/<Active Port Block >
-
%FTD-3-313001: Denied ICMP type=number, code=code from IP_address on interface interface_name
-
%FTD-3-313008: Denied ICMPv6 type=number, code=code from IP_address on interface interface_name
-
%FTD-3-316001: Denied new tunnel to IP_address. VPN peer limit (platform_vpn_peer_limit) exceeded
-
%FTD-3-316002: VPN Handle error: protocol=protocol, src in_if_num:src_addr, dst out_if_num:dst_addr
-
%FTD-3-317001: No memory available for limit_slow
-
%FTD-3-317002: Bad path index of number for IP_address, number max
-
%FTD-3-317003: IP routing table creation failure - reason
-
%FTD-3-317004: IP routing table limit warning
-
%FTD-3-317005: IP routing table limit exceeded - reason, IP_address netmask
-
%FTD-3-317006: Pdb index error pdb, pdb_index, pdb_type
-
%FTD-3-317012: Interface IP route counter negative - nameif-string-value
-
%FTD-3-318001: Internal error: reason
-
%FTD-3-318002: Flagged as being an ABR without a backbone area
-
%FTD-3-318003: Reached unknown state in neighbor state machine
-
%FTD-3-318004: area string lsid IP_address mask netmask adv IP_address type number
-
%FTD-3-318005: lsid ip_address adv IP_address type number gateway gateway_address metric number network IP_address mask netmask
protocol hex attr hex net-metric number
-
%FTD-3-318006: if interface_name if_state number
-
%FTD-3-318007: OSPF is enabled on interface_name during idb initialization
-
%FTD-3-318008: OSPF process number is changing router-id. Reconfigure virtual link neighbors with our new router-id
-
%FTD-3-318009: OSPF: Attempted reference of stale data encountered in function, line: line_num
-
%FTD-3-318101: Internal error: %REASON
-
%FTD-3-318102: Flagged as being an ABR without a backbone area T
-
%FTD-3-318103: Reached unknown state in neighbor state machine
-
%FTD-3-318104: DB already exist : area %AREA_ID_STR lsid %i adv %i type 0x%x
-
%FTD-3-318105: lsid %i adv %i type 0x%x gateway %i metric %d network %i mask %i protocol %#x attr %#x net-metric %d
-
%FTD-3-318106: if %IF_NAME if_state %d
-
%FTD-3-318107: OSPF is enabled on %IF_NAME during idb initialization
-
%FTD-3-318108: OSPF process %d is changing router-id. Reconfigure virtual link neighbors with our new router-id
-
%FTD-3-318109: OSPFv3 has received an unexpected message: %0x/%0x
-
%FTD-3-318110: Invalid encrypted key %s.
-
%FTD-3-318111: SPI %u is already in use with ospf process %d
-
%FTD-3-318112: SPI %u is already in use by a process other than ospf process %d.
-
%FTD-3-318113: %s %s is already configured with SPI %u.
-
%FTD-3-318114: The key length used with SPI %u is not valid
-
%FTD-3-318115: %s error occured when attempting to create an IPsec policy for SPI %u
-
%FTD-3-318116: SPI %u is not being used by ospf process %d.
-
%FTD-3-318117: The policy for SPI %u could not be removed because it is in use.
-
%FTD-3-318118: %s error occured when attemtping to remove the IPsec policy with SPI %u
-
%FTD-3-318119: Unable to close secure socket with SPI %u on interface %s
-
%FTD-3-318120: OSPFv3 was unable to register with IPsec
-
%FTD-3-318121: IPsec reported a GENERAL ERROR: message %s, count %d
-
%FTD-3-318122: IPsec sent a %s message %s to OSPFv3 for interface %s. Recovery attempt %d .
-
%FTD-3-318123: IPsec sent a %s message %s to OSPFv3 for interface %IF_NAME. Recovery aborted
-
%FTD-3-318125: Init failed for interface %IF_NAME
-
%FTD-3-318126: Interface %IF_NAME is attached to more than one area
-
%FTD-3-318127: Could not allocate or find the neighbor
-
%FTD-3-320001: The subject name of the peer cert is not allowed for connection
-
%FTD-3-321007: System is low on free memory blocks of size block_size (free_blocks CNT out of max_blocks MAX)
-
%FTD-3-322001: Deny MAC address MAC_address, possible spoof attempt on interface interface
-
%FTD-3-322002: ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface.
This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is {statically|dynamically} bound to MAC
Address MAC_address_2.
-
%FTD-3-322003:ARP inspection check failed for arp {request|response} received from host MAC_address on interface interface.
This host is advertising MAC Address MAC_address_1 for IP Address IP_address, which is not bound to any MAC Address.
-
%FTD-3-323001: Module module_id experienced a control channel communications failure.
-
%FTD-3-323002: Module module_id is not able to shut down, shut down request not answered.
-
%FTD-3-323003: Module module_id is not able to reload, reload request not answered.
-
%FTD-3-323004: Module module_id failed to write software vnewver (currently vver), reason. Hw-module reset is required before
further use.
-
%FTD-3-323005: Module module_id can not be started completely
-
%FTD-3-323007: Module in slot slot experienced a firware failure and the recovery is in progress.
-
%FTD-3-325001: Router ipv6_address on interface has conflicting ND (Neighbor Discovery) settings
-
%FTD-3-326001: Unexpected error in the timer library: error_message
-
%FTD-3-326002: Error in error_message: error_message
-
%FTD-3-326004: An internal error occurred while processing a packet queue
-
%FTD-3-326005: Mrib notification failed for (IP_address, IP_address)
-
%FTD-3-326006: Entry-creation failed for (IP_address, IP_address)
-
%FTD-3-326007: Entry-update failed for (IP_address, IP_address)
-
%FTD-3-326008: MRIB registration failed
-
%FTD-3-326009: MRIB connection-open failed
-
%FTD-3-326010: MRIB unbind failed
-
%FTD-3-326011: MRIB table deletion failed
-
%FTD-3-326012: Initialization of string functionality failed
-
%FTD-3-326013: Internal error: string in string line %d (%s)
-
%FTD-3-326014: Initialization failed: error_message error_message
-
%FTD-3-326015: Communication error: error_message error_message
-
%FTD-3-326016: Failed to set un-numbered interface for interface_name (string)
-
%FTD-3-326017: Interface Manager error - string in string: string
-
%FTD-3-326019: string in string: string
-
%FTD-3-326020: List error in string: string
-
%FTD-3-326021: Error in string: string
-
%FTD-3-326022: Error in string: string
-
%FTD-3-326023: string - IP_address: string
-
%FTD-3-326024: An internal error occurred while processing a packet queue.
-
%FTD-3-326025: string
-
%FTD-3-326026: Server unexpected error: error_message
-
%FTD-3-326027: Corrupted update: error_message
-
%FTD-3-326028: Asynchronous error: error_message
-
%FTD-3-327001: IP SLA Monitor: Cannot create a new process
-
%FTD-3-327002: IP SLA Monitor: Failed to initialize, IP SLA Monitor functionality will not work
-
%FTD-3-327003: IP SLA Monitor: Generic Timer wheel timer functionality failed to initialize
-
%FTD-3-328001: Attempt made to overwrite a set stub function in string.
-
%FTD-3-329001: The string0 subblock named string1 was not removed
-
%FTD-3-331001: Dynamic DNS Update for 'fqdn_name' = ip_address failed
-
%FTD-3-332001: Unable to open cache discovery socket, WCCP V2 closing down.
-
%FTD-3-332002: Unable to allocate message buffer, WCCP V2 closing down.
-
%FTD-3-336001 Route desination_network stuck-in-active state in EIGRP-ddb_name as_num. Cleaning up
-
%FTD-3-336002: Handle handle_id is not allocated in pool.
-
%FTD-3-336003: No buffers available for bytes byte packet
-
%FTD-3-336004: Negative refcount in pakdesc pakdesc.
-
%FTD-3-336005: Flow control error, error, on interface_name.
-
%FTD-3-336006: num peers exist on IIDB interface_name.
-
%FTD-3-336007: Anchor count negative
-
%FTD-3-336008: Lingering DRDB deleting IIDB, dest network, nexthop address (interface), origin origin_str
-
%FTD-3-336009 ddb_name as_id: Internal Error
-
%FTD-3-336012: Interface interface_names going down and neighbor_links links exist
-
%FTD-3-336013: Route iproute, iproute_successors successors, db_successors rdbs
-
%FTD-3-336014: "EIGRP_PDM_Process_name, event_log"
-
%FTD-3-336015: Unable to open socket for AS as_number"
-
%FTD-3-336016: Unknown timer type timer_type expiration
-
%FTD-3-336018: process_name as_number: prefix_source threshold prefix level (prefix_threshold) reached
-
%FTD-3-336019: process_name as_number: prefix_source prefix limit reached (prefix_threshold).
-
%FTD-3-339006: Umbrella resolver current resolver ipv46 is reachable, resuming Umbrella redirect.
-
%FTD-3-339007: Umbrella resolver current resolver ipv46 is unreachable, moving to fail-open. Starting probe to resolver.
-
%FTD-3-339008: Umbrella resolver current resolver ipv46 is unreachable, moving to fail-close.
-
%FTD-3-340001: Loopback-proxy info: error_string context id context_id, context type = version/request_type/address_type client
socket (internal)= client_address_internal/client_port_internal server socket (internal)= server_address_internal/server_port_internal
server socket (external)= server_address_external/server_port_external remote socket (external)= remote_address_external/remote_port_external
-
%FTD-3-341003: Policy Agent failed to start for VNMC vnmc_ip_addr
-
%FTD-3-341004: Storage device not available: Attempt to shutdown module %s failed.
-
%FTD-3-341005: Storage device not available. Shutdown issued for module %s.
-
%FTD-3-341006: Storage device not available. Failed to stop recovery of module %s .
-
%FTD-3-341007: Storage device not available. Further recovery of module %s was stopped. This may take several minutes to complete.
-
%FTD-3-341008: Storage device not found. Auto-boot of module %s cancelled. Install drive and reload to try again.
-
%FTD-3-341011: Storage device with serial number ser_no in bay bay_no faulty.
-
%FTD-3-402140: CRYPTO: RSA key generation error: modulus len len
-
%FTD-3-402141: CRYPTO: Key zeroization error: key set type, reason reason
-
%FTD-3-402142: CRYPTO: Bulk data op error: algorithm alg, mode mode
-
%FTD-3-402143: CRYPTO: alg type key op
-
%FTD-3-402144: CRYPTO: Digital signature error: signature algorithm sig, hash algorithm hash
-
%FTD-3-402145: CRYPTO: Hash generation error: algorithm hash
-
%FTD-3-402146: CRYPTO: Keyed hash generation error: algorithm hash, key len len
-
%FTD-3-402147: CRYPTO: HMAC generation error: algorithm alg
-
%FTD-3-402148: CRYPTO: Random Number Generator error
-
%FTD-3-402149: CRYPTO: weak encryption type (length). Operation disallowed. Not FIPS 140-2 compliant
-
%FTD-3-402150: CRYPTO: Deprecated hash algorithm used for RSA operation (hash alg). Operation disallowed. Not FIPS 140-2 compliant
-
%FTD-3-403501: PPPoE - Bad host-unique in PADO - packet dropped. Intf:interface_name AC:ac_name
-
%FTD-3-403502: PPPoE - Bad host-unique in PADS - dropping packet. Intf:interface_name AC:ac_name
-
%FTD-3-403503: PPPoE:PPP link down:reason
-
%FTD-3-403504: PPPoE:No vpdn group group_name for PPPoE is created
-
%FTD-3-403507: PPPoE:PPPoE client on interface interface failed to locate PPPoE vpdn group group_name
-
%FTD-3-414001: Failed to save logging buffer using file name filename to FTP server ftp_server_address on interface interface_name:
[fail_reason]
-
%FTD-3-414002: Failed to save logging buffer to flash:/syslog directory using file name: filename: [fail_reason]
-
%FTD-3-414003: TCP Syslog Server intf: IP_Address/port not responding. New connections are [permitted|denied] based on logging
permit-hostdown policy.
-
%FTD-3-414005: TCP Syslog Server intf: IP_Address/port connected, New connections are permitted based on logging permit-hostdown
policy
-
%FTD-3-414006: TCP Syslog Server configured and logging queue is full. New connections denied based on logging permit-hostdown
policy.
-
%FTD-3-421001: TCP|UDP flow from interface_name:ip/port to interface_name:ip/port is dropped because application has failed.
-
%FTD-3-421007: TCP|UDP flow from interface_name:IP_address/port to interface_name:IP_address/port is skipped because application
has failed.
-
%FTD-3-425006 Redundant interface redundant_interface_name switch active member to interface_name failed.
-
%FTD-3-505016: Module module_id application changed from: name version version state state to: name version state state.
-
%FTD-3-500005: connection terminated from in_ifc_name:src_adddress/src_port to out_ifc_name:dest_address/dest_port due to
invalid combination of inspections on same flow. Inspect inspect_name is not compatible with inspect inspect_name_2
-
%FTD-3-507003: The flow of type protocol from the originating interface: src_ip/src_port to dest_if:dest_ip/dest_port terminated
by inspection engine, reason -
-
%FTD-3-520001: error_string
-
%FTD-3-520002: bad new ID table size
-
%FTD-3-520003: bad id in error_string (id: 0xid_num)
-
%FTD-3-520004: error_string
-
%FTD-3-520005: error_string
-
%FTD-3-520010: Bad queue elem – qelem_ptr: flink flink_ptr, blink blink_ptr, flink->blink flink_blink_ptr, blink->flink blink_flink_ptr
-
%FTD-3-520011: Null queue elem
-
%FTD-3-520013: Regular expression access check with bad list acl_ID
-
%FTD-3-520020: No memory available
-
%FTD-3-520021: Error deleting trie entry, error_message
-
%FTD-3-520022: "Error adding mask entry, error_message
-
%FTD-3-520023: Invalid pointer to head of tree, 0x<radix_node_ptr>
-
%FTD-3-520024: Orphaned mask #radix_mask_ptr, refcount= radix_mask_ptr ‘s ref count at # radix_node_address, next=# radix_node_next
-
%threat defense-3-520025: No memory for radix initialization: error_msg
-
%threat defense-3-602305: IPSEC: SA creation error, source source address, destination
destination address, reason error string
-
%FTD-3-611313: VPN Client: Backup Server List Error: reason
-
%FTD-3-613004: Internal error: memory allocation failure
-
%FTD-3-613005: Flagged as being an ABR without a backbone area
-
%FTD-3-613006: Reached unknown state in neighbor state machine
-
%FTD-3-613007: area string lsid IP_address mask netmask type number
-
%FTD-3-613008: if inside if_state number
-
%FTD-3-613011: OSPF process number is changing router-id. Reconfigure virtual link neighbors with our new router-id
-
%FTD-3-613013: OSPF LSID IP_address adv IP_address type number gateway IP_address metric number forwarding addr route IP_address
/mask type number has no corresponding LSA
-
%threat defense-3-613029: Router-ID IP_address is in use by ospf process number
-
%threat defense-3-613016: Area string router-LSA of length number bytes plus update overhead
bytes is too large to flood.
-
%threat defense-3-613032: Init failed for interface inside, area is being deleted. Try
again.
-
%threat defense-3-613033: Interface inside is attached to more than one area
-
%FTD-3-613034: Neighbor IP_address not configured
-
%threat defense-3-613035: Could not allocate or find neighbor IP_address
-
%threat defense-4-613015: Process 1 flushes LSA ID IP_address type-number adv-rtr IP_address
in area mask.
-
%FTD-3-709015: Command sync Error: Sync failed for command no nameif with error code = code
-
%FTD-3-710003: {TCP|UDP} access denied by ACL from source_IP/source_port to interface_name:dest_IP/service
-
%FTD-3-713004: device scheduled for reboot or shutdown, IKE key acquire message on interface interface num, for Peer IP_address
ignored
-
%FTD-3-713008: Key ID in ID payload too big for pre-shared IKE tunnel
-
%FTD-3-713009: OU in DN in ID payload too big for Certs IKE tunnel
-
%FTD-3-713012: Unknown protocol (protocol). Not adding SA w/spi=SPI value
-
%FTD-3-713014: Unknown Domain of Interpretation (DOI): DOI value
-
%FTD-3-713016: Unknown identification type, Phase 1 or 2, Type ID_Type
-
%FTD-3-713017: Identification type not supported, Phase 1 or 2, Type ID_Type
-
%FTD-3-713018: Unknown ID type during find of group name for certs, Type ID_Type
-
%FTD-3-713020: No Group found by matching OU(s) from ID payload: OU_value
-
%FTD-3-713022: No Group found matching peer_ID or IP_address for Pre-shared key peer IP_address
-
%FTD-3-713032: Received invalid local Proxy Range IP_address - IP_address
-
%FTD-3-713033: Received invalid remote Proxy Range IP_address - IP_address
-
%FTD-3-713042: IKE Initiator unable to find policy: Intf interface_number, Src: source_address, Dst: dest_address
-
%FTD-3-713043: Cookie/peer address IP_address session already in progress
-
%FTD-3-713048: Error processing payload: Payload ID: id
-
%FTD-3-713056: Tunnel rejected: SA (SA_name) not found for group (group_name)!
-
%FTD-3-713060: Tunnel Rejected: User (user) not member of group (group_name), group-lock check failed.
-
%FTD-3-713061: Tunnel rejected: Crypto Map Policy not found for Src:source_address, Dst: dest_address!
-
%FTD-3-713062: IKE Peer address same as our interface address IP_address
-
%FTD-3-713063: IKE Peer address not configured for destination IP_address
-
%FTD-3-713065: IKE Remote Peer did not negotiate the following: proposal attribute
-
%FTD-3-713072: Password for user (user) too long, truncating to number characters
-
%FTD-3-713081: Unsupported certificate encoding type encoding_type
-
%FTD-3-713082: Failed to retrieve identity certificate
-
%FTD-3-713083: Invalid certificate handle
-
%FTD-3-713084: Received invalid phase 1 port value (port) in ID payload
-
%FTD-3-713085: Received invalid phase 1 protocol (protocol) in ID payload
-
%FTD-3-713086: Received unexpected Certificate payload Possible invalid Auth Method (Auth method (auth numerical value))
-
%FTD-3-713088: Set Cert file handle failure: no IPSec SA in group group_name
-
%FTD-3-713098: Aborting: No identity cert specified in IPSec SA (SA_name)!
-
%FTD-3-713102: Phase 1 ID Data length number too long - reject tunnel!
-
%FTD-3-713105: Zero length data in ID payload received during phase 1 or 2 processing
-
%FTD-3-713107: IP_Address request attempt failed!
-
%FTD-3-713109: Unable to process the received peer certificate
-
%FTD-3-713112: Failed to process CONNECTED notify (SPI SPI_value)!
-
%FTD-3-713014: Unknown Domain of Interpretation (DOI): DOI value
-
%FTD-3-713016: Unknown identification type, Phase 1 or 2, Type ID_Type
-
%FTD-3-713017: Identification type not supported, Phase 1 or 2, Type ID_Type
-
%FTD-3-713118: Detected invalid Diffie-Helmann group_descriptor group_number, in IKE area
-
%FTD-3-713122: Keep-alives configured keepalive_type but peer IP_address support keep-alives (type = keepalive_type)
-
%FTD-3-713123: IKE lost contact with remote peer, deleting connection (keepalive type: keepalive_type)
-
%FTD-3-713124: Received DPD sequence number rcv_sequence_# in DPD Action, description expected seq #
-
%FTD-3-713127: Xauth required but selected Proposal does not support xauth, Check priorities of ike xauth proposals in ike
proposal list
-
%FTD-3-713129: Received unexpected Transaction Exchange payload type: payload_id
-
%FTD-3-713132: Cannot obtain an IP_address for remote peer
-
%FTD-3-713133: Mismatch: Overriding phase 2 DH Group(DH group DH group_id) with phase 1 group(DH group DH group_number
-
%FTD-3-713134: Mismatch: P1 Authentication algorithm in the crypto map entry different from negotiated algorithm for the L2L
connection
-
%FTD-3-713138: Group group_name not found and BASE GROUP default preshared key not configured
-
%FTD-3-713140: Split Tunneling Policy requires network list but none configured
-
%FTD-3-713141: Client-reported firewall does not match configured firewall: action tunnel. Received -- Vendor: vendor(id),
Product product(id), Caps: capability_value. Expected -- Vendor: vendor(id), Product: product(id), Caps: capability_value
-
%FTD-3-713142: Client did not report firewall in use, but there is a configured firewall: action tunnel. Expected -- Vendor:
vendor(id), Product product(id), Caps: capability_value
-
%FTD-3-713146: Could not add route for Hardware Client in network extension mode, address: IP_address, mask: netmask
-
%FTD-3-713149: Hardware client security attribute attribute_name was enabled but not requested.
-
%FTD-3-713152: Unable to obtain any rules from filter ACL_tag to send to client for CPP, terminating connection.
-
%FTD-3-713159: TCP Connection to Firewall Server has been lost, restricted tunnels are now allowed full network access
-
%FTD-3-713161: Remote user (session Id - id) network access has been restricted by the Firewall Server
-
%FTD-3-713162: Remote user (session Id - id) has been rejected by the Firewall Server
-
%FTD-3-713163: Remote user (session Id - id) has been terminated by the Firewall Server
-
%FTD-3-713165: Client IKE Auth mode differs from the group's configured Auth mode
-
%FTD-3-713166: Headend security gateway has failed our user authentication attempt - check configured username and password
-
%FTD-3-713167: Remote peer has failed user authentication - check configured username and password
-
%FTD-3-713168: Re-auth enabled, but tunnel must be authenticated interactively!
-
%FTD-3-713174: Hardware Client connection rejected! Network Extension Mode is not allowed for this group!
-
%FTD-3-713182: IKE could not recognize the version of the client! IPSec Fragmentation Policy will be ignored for this connection!
-
%FTD-3-713185: Error: Username too long - connection aborted
-
%FTD-3-713186: Invalid secondary domain name list received from the authentication server. List Received: list_text Character
index (value) is illegal
-
%FTD-3-713189: Attempted to assign network or broadcast IP_address, removing (IP_address) from pool.
-
%FTD-3-713191: Maximum concurrent IKE negotiations exceeded!
-
%FTD-3-713193: Received packet with missing payload, Expected payload: payload_id
-
%FTD-3-713194: Sending IKE|IPSec Delete With Reason message: termination_reason
-
%FTD-3-713195: Tunnel rejected: Originate-Only: Cannot accept incoming tunnel yet!
-
%FTD-3-713198: User Authorization failed: user User authorization failed.
-
%FTD-3-713203: IKE Receiver: Error reading from socket.
-
%FTD-3-713205: Could not add static route for client address: IP_address
-
%FTD-3-713206: Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy
-
%FTD-3-713208: Cannot create dynamic rule for Backup L2L entry rule rule_id
-
%FTD-3-713209: Cannot delete dynamic rule for Backup L2L entry rule id
-
%FTD-3-713210: Cannot create dynamic map for Backup L2L entry rule_id
-
%FTD-3-713212: Could not add route for L2L peer coming in on a dynamic map. address: IP_address, mask: netmask
-
%FTD-3-713214: Could not delete route for L2L peer that came in on a dynamic map. address: IP_address, mask: netmask
-
%FTD-3-713217: Skipping unrecognized rule: action: action client type: client_type client version: client_version
-
%FTD-3-713218: Tunnel Rejected: Client Type or Version not allowed.
-
%FTD-3-713226: Connection failed with peer IP_address, no trust-point defined in tunnel-group tunnel_group
-
%FTD-3-713227: Rejecting new IPSec SA negotiation for peer Peer_address. A negotiation was already in progress for local Proxy
Local_address/Local_netmask, remote Proxy Remote_address/Remote_netmask
-
%FTD-3-713230: Internal Error, ike_lock trying to lock bit that is already locked for type type
-
%FTD-3-713231: Internal Error, ike_lock trying to unlock bit that is not locked for type type
-
%FTD-3-713232: SA lock refCnt = value, bitmask = hexvalue, p1_decrypt_cb = value, qm_decrypt_cb = value, qm_hash_cb = value,
qm_spi_ok_cb = value, qm_dh_cb = value, qm_secret_key_cb = value, qm_encrypt_cb = value
-
%FTD-3-713238: Invalid source proxy address: 0.0.0.0! Check private address on remote client
-
%FTD-3-713258: IP = var1, Attempting to establish a phase2 tunnel on var2 interface but phase1 tunnel is on var3 interface.
Tearing down old phase1 tunnel due to a potential routing change.
-
%FTD-3-713254: Group = groupname, Username = username, IP = peerip, Invalid IPSec/UDP port = portnum, valid range is minport
- maxport, except port 4500, which is reserved for IPSec/NAT-T
-
%FTD-3-713260: Output interface %d to peer was not found
-
%FTD-3-713261: IPV6 address on output interface %d was not found
-
%FTD-3-713262: Rejecting new IPSec SA negotiation for peer Peer_address. A negotiation was already in progress for local Proxy
Local_address/Local_prefix_len, remote Proxy Remote_address/Remote_prefix_len
-
%FTD-3-713266: Could not add route for L2L peer coming in on a dynamic map. address: IP_address, mask: /prefix_len
-
%FTD-3-713268: Could not delete route for L2L peer that came in on a dynamic map. address: IP_address, mask: /prefix_len
-
%FTD-3-713270: Could not add route for Hardware Client in network extension mode, address: IP_addres>, mask: /prefix_len
-
%FTD-3-713272: Terminating tunnel to Hardware Client in network extension mode, unable to delete static route for address:
IP_address, mask: /prefix_len
-
%FTD-3-713274: Could not delete static route for client address: IP_Address IP_Address address of client whose route is being
removed
-
%FTD-3-713902: Descriptive_event_string.
-
%FTD-3-716057: Group group User user IP ip Session terminated, no type license available.
-
%FTD-3-716061: Group DfltGrpPolicy User user IP ip addr IPv6 User Filter tempipv6 configured for AnyConnect. This setting
has been deprecated, terminating connection
-
%FTD-3-716158: Failed to create SAML logout request, initiated by SP. Reason: reason
-
%FTD-3-716159: Failed to process SAML logout request, initiated by SP. Reason: reason
-
%FTD-3-716160: Failed to create SAML authentication request. Reason: reason
-
%FTD-3-716162: Failed to consume SAML assertion. Reason: reason
-
%FTD-3-716600: Rejected size-recv KB Hostscan data from IP src-ip. Hostscan results exceed default | configured limit of size-conf
KB.
-
%FTD-3-716601: Rejected size-recv KB Hostscan data from IP src-ip. System-wide limit onthe amount of Hostscan data stored
on ASA exceeds the limit of data-max KB.
-
%FTD-3-716602: Memory allocation error. Rejected size-recv KB Hostscan data from IP src-ip.
-
%FTD-3-717001: Querying keypair failed.
-
%FTD-3-717002: Certificate enrollment failed for trustpoint trustpoint_name. Reason: reason_string.
-
%FTD-3-717009: Certificate validation failed. Reason: reason_string.
-
%FTD-3-717010: CRL polling failed for trustpoint trustpoint_name.
-
%FTD-3-717012: Failed to refresh CRL cache entry from the server for trustpoint trustpoint_name at time_of_failure
-
%FTD-3-717015: CRL received from issuer is too large to process (CRL size = crl_size, maximum CRL size = max_crl_size)
-
%FTD-3-717017: Failed to query CA certificate for trustpoint trustpoint_name from enrollment_url
-
%FTD-3-717018: CRL received from issuer has too many entries to process (number of entries = number_of_entries, maximum number
allowed = max_allowed)
-
%FTD-3-717019: Failed to insert CRL for trustpoint trustpoint_name. Reason: failure_reason.
-
%FTD-3-717020: Failed to install device certificate for trustpoint label. Reason: reason string.
-
%FTD-3-717021: Certificate data could not be verified. Locate Reason: reason_string serial number: serial number, subject
name: subject name, key length key length bits.
-
%FTD-3-717023: SSL failed to set device certificate for trustpoint trustpoint name. Reason: reason_string.
-
%FTD-3-717027: Certificate chain failed validation. reason_string.
-
%FTD-3-717032: OCSP status check failed. Reason: reason_string
-
%FTD-3-717051: SCEP Proxy: Denied processing the request type type received from IP client ip address, User username, TunnelGroup
tunnel group name, GroupPolicy group policy name to CA ca ip address. Reason: msg
-
%FTD-3-717063: protocol Certificate enrollment failed for the trustpoint tpname with the CA ca
-
%FTD-3-719002: Email Proxy session pointer from source_address has been terminated due to reason error.
-
%FTD-3-719008: Email Proxy service is shutting down.
-
%FTD-3-722007: Group group User user-name IP IP_address SVC Message: type-num/ERROR: message
-
%FTD-3-722008: Group group User user-name IP IP_address SVC Message: type-num/ERROR: message
-
%FTD-3-722009: Group group User user-name IP IP_address SVC Message: type-num/ERROR: message
-
%FTD-3-722020: TunnelGroup tunnel_group GroupPolicy group_policy User user-name IP IP_address No address available for SVC
connection
-
%FTD-3-722035: Group group User user-name IP IP_address Received large packet length threshold num).
-
%FTD-3-722045: Connection terminated: no SSL tunnel initialization data.
-
%FTD-3-722046: Group group User user IP ip Session terminated: unable to establish tunnel.
-
%FTD-3-725015 Error verifying client certificate. Public key size in client certificate exceeds the maximum supported key
size.
-
%FTD-3-734004: DAP: Processing error: internal error code
-
%FTD-3-735010: IPMI: Environment Monitoring has failed to update one or more of its records.
-
%FTD-3-737002: IPAA: Received unknown message 'num'
-
%FTD-3-737027: IPAA: No data for address request
-
%FTD-3-737202: VPNFIP: Pool=pool, ERROR: message
-
%FTD-3-737403: POOLIP: Pool=pool, ERROR: message
-
%FTD-3-742001: failed to read master key for password encryption from persistent store
-
%FTD-3-742002: failed to set master key for password encryption
-
%FTD-3-742003: failed to save master key for password encryption, reason reason_text
-
%FTD-3-742004: failed to sync master key for password encryption, reason reason_text
-
%FTD-3-742005: cipher text enc_pass is not compatible with the configured master key or the cipher text has been tampered
with
-
%FTD-3-742006: password decryption failed due to unavailable memory
-
%FTD-3-742007: password encryption failed due to unavailable memory
-
%FTD-3-742008: password enc_pass decryption failed due to decoding error
-
%FTD-3-742009: password encryption failed due to decoding error
-
%FTD-3-742010: encrypted password enc_pass is not well formed
-
%FTD-3-743010: EOBC RPC server failed to start for client module client name.
-
%FTD-3-743011: EOBC RPC call failed, return code code string.
-
%FTD-3-746016: user-identity: DNS lookup failed, reason: reason.
-
%FTD-3-747001: Clustering: Recovered from state machine event queue depleted. Event (event-id, ptr-in-hex, ptr-in-hex) dropped.
Current state state-name, stack ptr-in-hex, ptr-in-hex, ptr-in-hex, ptr-in-hex, ptr-in-hex, ptr-in-hex
-
%FTD-3-747010: Clustering: RPC call failed, message message-name, return code code-value.
-
%FTD-3-747012: Clustering: Failed to replicate global object id hex-id-value in domain domain-name to peer unit-name, continuing
operation.
-
%FTD-3-747013: Clustering: Failed to remove global object id hex-id-value in domain domain-name from peer unit-name, continuing
operation.
-
%FTD-3-747014: Clustering: Failed to install global object id hex-id-value in domain domain-name, continuing operation.
-
%FTD-3-747018: Clustering: State progression failed due to timeout in module module-name.
-
%FTD-3-747021: Clustering: Master unit unit-name is quitting due to interface health check failure on failed-interface.
-
%FTD-3-747022: Clustering: Asking slave unit unit-name to quit because it failed interface health check x times, rejoin will
be attempted after y min. Failed interface: interface-name.
-
%FTD-3-747030: Clustering: Asking slave unit unit-name to quit because it failed interface health check x times (last failure
on interface-name), Clustering must be manually enabled on the unit to re-join.
-
%FTD-3-747031: Clustering: Platform mismatch between cluster master (platform-type) and joining unit unit-name (platform-type).
unit-name aborting cluster join.
-
%FTD-3-747032: Clustering: Service module mismatch between cluster master (module-name) and joining unit unit-name (module-name)
in slot slot-number. unit-name aborting cluster join.
-
%FTD-3-747033: Clustering: Interface mismatch between cluster master and joining unit unit-name. unit-name aborting cluster
join.
-
%FTD-3-747042: Master receives config hash string request message from unknown member id <cluster-member-id>
-
%FTD-3-747043: Get config hash string from master error: ret_code <ret_code>, string_len: <string_len>
-
%FTD-3-748005: Failed to bundle the ports for module slot_number in chassis chassis_number; clustering is disabled
-
%FTD-3-748006: Asking module slot_number in chassis chassis_number to leave the cluster due to a port bundling failure
-
%FTD-3-750011: Tunnel Rejected: Selected IKEv2 encryption algorithm (IKEV2 encry algo) is not strong enough to secure proposed
IPSEC encryption algorithm (IPSEC encry algo).
-
%FTD-3-751001: Local: localIP:port Remote:remoteIP:port Username: username/group Failed to complete Diffie-Hellman operation.
Error: error
-
%FTD-3-751002: Local: localIP:port Remote:remoteIP:port Username: username/group No preshared key or trustpoint configured
for self in tunnel group group
-
%FTD-3-751004: Local: localIP:port Remote:remoteIP:port Username: username/group No remote authentication method configured
for peer in tunnel group group
-
%FTD-3-751005: Local: localIP:port Remote:remoteIP:port Username: username/group AnyConnect client reconnect authentication
failed. Session ID: sessionID, Error: error
-
%FTD-3-751006: Local: localIP:port Remote:remoteIP:port Username: username/group Certificate authentication failed. Error:
error
-
%FTD-3-751008: Local: localIP:port Remote:remoteIP:port Username: username/group Group=group, Tunnel rejected: IKEv2 not enabled
in group policy
-
%FTD-3-751009: Local: localIP:port Remote:remoteIP:port Username: username/group Unable to find tunnel group for peer.
-
%FTD-3-751010: Local: localIP:port Remote:remoteIP:port Username: username/group Unable to determine self-authentication method.
No crypto map setting or tunnel group found.
-
%FTD-3-751011: Local: localIP:port Remote:remoteIP:port Username: username/group Failed user authentication. Error: error
-
%FTD-3-751012: Local: localIP:port Remote:remoteIP:port Username: username/group Failure occurred during Configuration Mode
processing. Error: error
-
%FTD-3-751013: Local: localIP:port Remote:remoteIP:port Username: username/group Failed to process Configuration Payload request
for attribute attribute ID. Error: error
-
%FTD-3-751017: Local: localIP:port Remote remoteIP:port Username: username/group Configuration Error error description
-
%FTD-3-751018: Terminating the VPN connection attempt from landing group. Reason: This connection is group locked to locked
group.
-
%FTD-3-751020: Local:%A:%u Remote:%A:%u Username:%s An %s remote access connection failed. Attempting to use an NSA Suite
B crypto algorithm (%s) without an AnyConnect Premium license.
-
%FTD-3-751022: Local: local-ip Remote: remote-ip Username:username Tunnel rejected: Crypto Map Policy not found for remote
traffic selector rem-ts-start/rem-ts-end/rem-ts.startport/rem-ts.endport/rem-ts.protocol local traffic selector local-ts-start/local-ts-end/local-ts.startport/local-ts.endport/local-ts.protocol!
-
%FTD-3-751024: Local:ip addr Remote:ip addr Username:username IKEv2 IPv6 User Filter tempipv6 configured. This setting has
been deprecated, terminating connection
-
%FTD-3-752006: Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Probable mis-configuration of the crypto map or tunnel-group.
Map Tag = Tag. Map Sequence Number = num, SRC Addr: address port: port Dst Addr: address port: port.
-
%FTD-3-752007: Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Entry already in Tunnel Manager. Map Tag = mapTag.
Map Sequence Number = mapSeq.
-
%FTD-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel.
Map Tag = mapTag. Map Sequence Number = mapSeq.
-
%FTD-3-768001: QUOTA: resource utilization is high: requested req, current curr, warning level level
-
%FTD-3-768002: QUOTA: resource quota exceeded: requested req, current curr, limit limit
-
%FTD-3-768003: QUOTA: management session quota exceeded for user user name: current 3, user limit 3
-
%FTD-3-768004: QUOTA: management session quota exceeded for ssh/telnet/http protocol: current 2, protocol limit 2
-
%FTD-3-769006: UPDATE: ASA boot system image image_name was not found on disk
-
%FTD-3-772002: PASSWORD: console login warning, user username, cause: password expired
-
%FTD-3-772004: PASSWORD: session login failed, user username, IP ip, cause: password expired
-
%FTD-3-776202: CTS PAC for Server IP_address, A-ID PAC issuer name has expired
-
%FTD-3-776254: CTS SGT-MAP: Binding manager unable to action binding binding IP - SGname (SGT ) from source name .
-
%FTD-3-779003: STS: Failed to read tag-switching table - reason
-
%FTD-3-779004: STS: Failed to write tag-switching table - reason
-
%FTD-3-779005: STS: Failed to parse tag-switching request from http - reason
-
%FTD-3-779006: STS: Failed to save tag-switching table to flash - reason
-
%FTD-3-779007: STS: Failed to replicate tag-switching table to peer - reason
-
%FTD-3-840001: Failed to create the backup for an IKEv2 session <Local IP>, <Remote IP>
-
%FTD-3-850001: SNORT ID (<snort-instance-id>/<snort-process-id>) Automatic-Application-Bypass due to delay of <delay>ms (threshold
<AAB-threshold>ms) with <connection-info>
-
%FTD-3-850002: SNORT ID (<snort-instance-id>/<snort-process-id>) Automatic-Application-Bypass due to SNORT not responding
to traffics for <timeout-delay>ms(threshold <AAB-threshold>ms)
-
%FTD-3-8300003: Failed to send session redistribution message to <variable 1>
-
%FTD-3-8300005: Failed to receive session move response from <variable 1>