Error Message %FTD-6-778001: VXLAN: Invalid VXLAN segment-id segment-id for protocol from ifc-name :(IP-address/port) to ifc-name :(IP-address/port).

Explanation The Secure Firewall Threat Defense device tries to create an inner connection for a VXLAN packet, but the VXLAN packet has an invalid segment ID.

Recommended Action None required.

Error Message %FTD-6-778002: VXLAN: There is no VNI interface for segment-id segment-id .

Explanation A decapsulated ingress VXLAN packet is discarded, because the segment ID in the VXLAN header does not match the segment ID of any VNI interface configured on the Secure Firewall Threat Defense device.

Recommended Action None required.

Error Message %FTD-6-778003: VXLAN: Invalid VXLAN segment-id segment-id for protocol from ifc-name :(IP-address/port) to ifc-name :(IP-address/port) in FP.

Explanation The Secure Firewall Threat Defense Fast Path sees a VXLAN packet with an invalid segment ID.

Recommended Action Check the VNI interface segment ID configurations to see if the dropped packet has the VXLAN segment ID that does not match any VNI segment ID configuration.

Error Message %FTD-6-778004: VXLAN: Invalid VXLAN header for protocol from ifc-name :(IP-address/port) to ifc-name :(IP-address/port) in FP.

Explanation The Secure Firewall Threat Defense VTEP sees a VXLAN packet with an invalid VXLAN header.

Recommended Action None required.

Error Message %FTD-6-778005: VXLAN: Packet with VXLAN segment-id segment-id from ifc-name is denied by FP L2 check.

Explanation A VXLAN packet is denied by a Fast Path L2 check.

Recommended Action Check the VNI interface segment ID configurations to see if the dropped packet has the VXLAN segment ID that does not match any VNI segment ID configuration. Check to see if the STS table has an entry that matches the dropped packet’s segment ID.

Error Message %FTD-6-778006: VXLAN: Invalid VXLAN UDP checksum from ifc-name :(IP-address/port) to ifc-name :(IP-address/port) in FP.

Explanation The Secure Firewall Threat Defense VTEP received a VXLAN packet with an invalid UDP checksum value.

Recommended Action None required.

Error Message %FTD-6-778007: VXLAN: Packet from ifc-name :IP-address/port to IP-address/port was discarded due to invalid NVE peer.

Explanation The Secure Firewall Threat Defense VTEP received a VXLAN packet from an IP address that is different from the configured NVE peer.

Recommended Action None required.

Error Message %FTD-6-779001: STS: Out-tag lookup failed for in-tag segment-id of protocol from ifc-name :IP-address /port to IP-address /port .

Explanation The Secure Firewall Threat Defense device tries to create a connection for a VXLAN packet, but failed to use the STS lookup table to locate the out-tag for the in-tag (segment ID) in the VXLAN packet.

Recommended Action None required.

Error Message %FTD-6-779002: STS: STS and NAT locate different egress interface for segment-id segment-id , protocol from ifc-name :IP-address /port to IP-address /port

Explanation The Secure Firewall Threat Defense device tries to create a connection for a VXLAN packet, but the STS lookup table and NAT policy locate a different egress interface.

Recommended Action None required.

Error Message %FTD-3-779003: STS: Failed to read tag-switching table - reason

Explanation The Secure Firewall Threat Defense device tried to read the tag-switching table, but failed.

Recommended Action None required.

Error Message %FTD-3-779004: STS: Failed to write tag-switching table - reason

Explanation The Secure Firewall Threat Defense device tried to write to the tag-switching table, but failed.

Recommended Action None required.

Error Message %FTD-3-779005: STS: Failed to parse tag-switching request from http - reason

Explanation The Secure Firewall Threat Defense device tried to parse the HTTP request to see what to do on the tag-switching table, but failed.

Recommended Action None required.

Error Message %FTD-3-779006: STS: Failed to save tag-switching table to flash - reason

Explanation The Secure Firewall Threat Defense device tried to save the tag-switching table to flash memory, but failed.

Recommended Action None required.

Error Message %FTD-3-779007: STS: Failed to replicate tag-switching table to peer - reason

Explanation The Secure Firewall Threat Defense device attempts to replicate the tag-switching table to the failover standby unit or clustering data units, but failed to do so.

Recommended Action None required.

Error Message %FTD-6-780001: RULE ENGINE: Started compilation for access-group transaction - description of the transaction .

Explanation The rule engine has started compilation for an access group transaction. The description of the transaction is the command line input of the access group itself.

Recommended Action None required.

Error Message %FTD-6-780002: RULE ENGINE: Finished compilation for access-group transaction - description of the transaction .

Explanation The rule engine has finished compilation for a transaction. Taking access group as an example, the description of the transaction is the command line input of the access group itself.

Recommended Action None required.

Error Message %FTD-6-780003: RULE ENGINE: Started compilation for nat transaction - description of the transaction .

Explanation The rule engine has started compilation for a NAT transaction. The description of the transaction is the command line input of the nat command itself.

Recommended Action None required.

Error Message %FTD-6-780004: RULE ENGINE: Finished compilation for nat transaction - description of the transaction .

Explanation The rule engine has finished compilation for a NAT transaction. The description of the transaction is the command line input of the nat command itself.

Recommended Action None required.

Error Message %FTD-6-780005: RULE ENGINE: Started compilation for session transaction - description of the transaction .

Explanation The rule engine has started compilation for the session transaction. This message is generated only when transactional commit is enabled.

Recommended Action None required.

Error Message %threat defense-6-780006: RULE ENGINE: Finished compilation for session transaction - description of the transaction .

Explanation The rule engine has completed compilation for the transaction. This message is generated only when transactional commit is enabled.

Recommended Action None required.

Error Message %FTD-7-785001: Clustering: Ownership for existing flow from <in_interface>:<src_ip_addr>/<src_port> to <out_interface>:<dest_ip_addr>/<dest_port> moved from unit <old-owner-unit-id> at site <old-site-id> to <new-owner-unit-id> at site <old-site-id> due to <reason>.

Explanation This syslog is generated when clustering moved the flow from one unit in one site to another unit in another site in inter-DC environment. Reason must be whatever triggered the move, such as LISP notification.

Recommended Action Verify the flow status in the new unit at new site.

Error Message %FTD-6-803001: bypass is continuing after power up, no protection will be provided by the system for traffic over GigabitEthernet 1/1-1/2

Explanation Informational message to the user that the hardware bypass will be continued after bootup.

Recommended Action None required.

Error Message %FTD-6-803001: bypass is continuing after power up, no protection will be provided by the system for traffic over GigabitEthernet 1/3-1/4

Explanation Informational message to the user that the hardware bypass will be continued after bootup.

Recommended Action None required.

Error Message %FTD-6-803002: no protection will be provided by the system for traffic over GigabitEthernet 1/1-1/2

Explanation Informational message to the user that hardware bypass is manually enabled.

Recommended Action None required.

Error Message %FTD-6-803002: no protection will be provided by the system for traffic over GigabitEthernet 1/3-1/4

Explanation Informational message to the user that hardware bypass is manually enabled.

Recommended Action None required.

Error Message %FTD-6-803003: User disabled bypass manually on GigabitEthernet 1/1-1/2.

Explanation Informational message to the user that hardware bypass is manually disabled.

Recommended Action None required.

Error Message %FTD-6-803003: User disabled bypass manually on GigabitEthernet 1/3-1/4.

Explanation Informational message to the user that hardware bypass is manually disabled.

Recommended Action None required.

Error Message %FTD-6-804001: Interface GigabitEthernet1/3 1000BaseSX SFP has been inserted

Explanation Informational message to the user about the online insertion of the supported SFP module.

Recommended Action None required.

Error Message %FTD-6-804002: Interface GigabitEthernet1/3 SFP has been removed

Explanation Informational message to the user about removal of the supported SFP module.

Recommended Action None required.

Error Message %FTD-6-805001: Flow offloaded: connection conn_id outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port) Protocol

Explanation Indicates flow is offloaded to the super-fast path.

Recommended Action None required.

Error Message %FTD-6-805002: Flow is no longer offloaded: connection conn_id outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port) Protocol

Explanation Indicates flow offloading is disabled on a flow which was offloaded to the super-fast path.

Recommended Action None required.

Error Message %FTD-6-805003: TCP Flow could not be offloaded for connection conn_id from outside_ifc:outside_addr/outside_port (mapped_addr/mapped_port) to inside_ifc:inside_addr/inside_port (mapped_addr/mapped_port)reason

Explanation Indicates flow could not be offloaded. For example, due to flow entry collision on the offload flow table.

Recommended Action None required.

Error Message %FTD-6-806001: Primary alarm CPU temperature is High temperature

Explanation The CPU has reached temperature over primary alarm temperature setting for high temperature and such alarm is enabled.

• temperature – Current CPU temperature (in Celsius).

Recommended Action Contact Administrator who configured this alarm on following actions.

Error Message %FTD-6-806002: Primary alarm for CPU high temperature is cleared

Explanation The CPU temperature goes down to under primary alarm temperature setting for high temperature.

Recommended Action None required.

Error Message %FTD-6-806003: Primary alarm CPU temperature is Low temperature

Explanation The CPU has reached temperature under primary alarm temperature setting for low temperature and such alarm is enabled.

• temperature – Current CPU temperature (in Celsius).

  Recommended Action Contact Administrator who configured this alarm on following actions.

Error Message %FTD-6-806004: Primary alarm for CPU Low temperature is cleared

Explanation The CPU temperature goes up to over primary alarm temperature setting for low temperature.

Recommended Action None required.

Error Message %FTD-6-806005: Secondary alarm CPU temperature is High temperature

Explanation The CPU has reached temperature over secondary alarm temperature setting for high temperature and such alarm is enabled.

• temperature – Current CPU temperature (in Celsius).

Recommended Action Contact Administrator who configured this alarm on following actions.

Error Message %FTD-6-806006: Secondary alarm for CPU high temperature is cleared

Explanation The CPU temperature goes down to under secondary alarm temperature setting for high temperature.

Recommended Action None required.

Error Message %FTD-6-806007: Secondary alarm CPU temperature is Low temperature

Explanation The CPU has reached temperature under secondary alarm temperature setting for low temperature and such alarm is enabled.

• temperature – Current CPU temperature (in Celsius).

Recommended Action Contact Administrator who configured this alarm on following actions.

Error Message %FTD-6-806008: Secondary alarm for CPU Low temperature is cleared

Explanation The CPU temperature goes up to over secondary alarm temperature setting for low temperature.

Recommended Action None required.

Error Message %FTD-6-806009: Alarm asserted for ALARM_IN_1 description

Explanation Alarm input port 1 is triggered.

• description – Alarm description configured by user for this alarm input port.

Recommended Action Contact Administrator who configured this alarm on following actions.

Error Message %FTD-6-806010: Alarm cleared for ALARM_IN_1 alarm_1_description

Explanation Alarm input port 1 is cleared.

• description – Alarm description configured by user for this alarm input port.

Recommended Action None required.

Error Message %FTD-6-806011: Alarm asserted for ALARM_IN_2 description

Explanation Alarm input port 2 is triggered.

• description – Alarm description configured by user for this alarm input port.

Recommended Action Contact Administrator who configured this alarm on following actions.

Error Message %FTD-6-806012: Alarm cleared for ALARM_IN_2 alarm_2_description

Explanation Alarm input port 2 is cleared.

• description – Alarm description configured by user for this alarm input port.

Recommended Action None required.

Error Message %FTD-4-812005: Link-State-Propagation activated on inline-pair due to failure of interface interface-name bringing down pair interface interface-name

Explanation This message is generated when the link state propagation is activated on the inline pair due to failure of an interface.

Recommended Action None.

Error Message %FTD-4-812006: Link-State-Propagation de-activated on inline-pair due to recovery of interface interface-name bringing up pair interface interface-name

Explanation This message is generated when the link state propagation is deactivated on the inline pair due to recovery of failed interface.

Recommended Action None.

Error Message %FTD-6-812007: Inline-set hardware-bypass mode configuration status

Explanation This message is generated when the state (succeeded or failed) of hardware and software bypass modes for the IPS inline interfaces changes.

Recommended Action None.

Error Message %FTD-2-815002: Denied packet, hard limit, 10000, for object-group search exceeded for UDP from source IP address/port to destination IP address/port

Explanation When object-group-search threshold (by default threshold is 10K) is configured in FTD, and if any OGS search crosses 10k limit, packets are dropped and this message is generated.

Recommended Action None.

Error Message %FTD-4-815003: Object-Group-Search threshold exceeded current value threshold (10000) for packet UDP from source IP address/port to destination IP address/port

Explanation When object-group-search threshold is not configured in FTD, and if any OGS search crosses 10000 limit, packets are dropped and this message is generated.

Recommended Action None.

Error Message %FTD-7-815004: OGS: Packet protocol from source IP address/port to destination IP address/port matched number of source network objects source network objects and number of source network objects destination network objects total search entries total number of entries. Resultant key-set has number of entries entries

Explanation This message is generated to provide a detailed information on the object group search entries:

• Source network object count

• Destination network object count

• Total search (product of source and destination count)

• Resultant Key-set value (to be queried in the ACL Lookup)

Recommended Action None.

Error Message %FTD-3-840001: Failed to create the backup for an IKEv2 session <Local IP>, <Remote IP>

Explanation In the high-availability setup of distributed site-to-site VPN, an attempt to create a backup session is made when a IKEv2 session is established or when the cluster membership changes. However, the attempt may fail for reasons such as capacity limit. Hence this message is generated on the unit of a session owner whenever it is notified of failing to create a  backup.

Recommended Action None.

Error Message %FTD-3-850001: SNORT ID (<snort-instance-id>/<snort-process-id>) Automatic-Application-Bypass due to delay of <delay>ms (threshold <AAB-threshold>ms) with <connection-info>

Explanation The Automatic-Application-Bypass (AAB) event is triggered due to packet delay exceeding the AAB threshold.

Recommended Action Collect troubleshoot archive, snort core files and contact Cisco TAC.

Error Message %FTD-3-850002: SNORT ID (<snort-instance-id>/<snort-process-id>) Automatic-Application-Bypass due to SNORT not responding to traffics for <timeout-delay>ms(threshold <AAB-threshold>ms)

Explanation The Automatic-Application-Bypass (AAB) event is triggered due to SNORT not responding to traffics for a period exceeding the AAB threshold.

Recommended Action Collect troubleshoot archive, snort core files and contact Cisco TAC.

Error Message %FTD-6-852001: Received Lightweight to Full Proxy event from application Snort for TCP flow ip-address/port to ip-address/port

Explanation This message appears when Snort decides to inspect payload of TCP based upon the matching policy of connection, for example, SSL policy.

• ip-address⏤The IPv4 or IPv6 address of flow

• port⏤The TCP port number

Recommended Action None required.

Error Message %FTD-6-852002: Received Full Proxy to Lightweight event from application Snort for TCP flow ip-address/port to ip-address/port

Explanation This message appears when Snort is no longer interested to inspect payload of TCP based upon the matching policy of connection, for example, SSL policy DND.

• ip-address⏤The IPv4 or IPv6 address of flow

• port⏤The TCP port number

Recommended Action None required.

Error Message %FTD-4-870001: policy-route path-monitoring, remote peer interface_name:IP_Address reachable_status

Explanation This message appears to display whether the interface on the policy based route identified through path monitoring is reacheable or not:

• reacheable_status—reacheable or unreacheable

Recommended Action None required.

Error Message %FTD-6-880001:Ingress interface, for traffic source ipaddress to destination ipaddress,PBR picked outside interface 1 as its metric-type became better than outside interface 2

Explanation This message is generated whenever the interface chosen is different from previous while forwarding the traffic. Where, metric-types are jitter, cost, mos, packet loss, rtt.

Recommended Action None.

Error Message %FTD-6-8300001: VPN session redistribution <variable 1>

Explanation These events notify the administrator that the operation related to ‘cluster redistribute vpn-sessiondb’ has started or completed. Where,

• <variable 1>—Action: started or completed

Recommended Action None.

Error Message %FTD-6-8300002: Moved <variable 1> sessions to <variable 2>

Explanation Provides details on how many active sessions were moved to another member of the cluster.

• <variable 1>— number of active sessions moved (this can be less than the number requested)

• <variable 2>—name of the cluster member the sessions where moved to

Recommended Action None.

Error Message %FTD-3-8300003: Failed to send session redistribution message to <variable 1>

Explanation There was an error sending a request to another cluster member. This could be due to an internal error or the cluster member the message was destined for is not available.

• <variable 1>— name of the cluster member the message was destined for

Recommended Action If this message is persistent contact customer support.

Error Message %FTD-6-8300004: <variable 1> request to move <variable 2> sessions from <variable 3> to <variable 4>

Explanation This event is displayed when a member receives a request from the director to move a specific number of active sessions to another member in the group.

• <variable 1>—Action: Received, Sent

• <variable 2>—number of active sessions to move

• <variable 3>—name of member receiving the move session request

• <variable 4>—name of the member to receive the active sessions

Recommended Action None.

Error Message %FTD-3-8300005: Failed to receive session move response from <variable 1>

Explanation The director has requested a member to move active sessions to another member. If the director has not received a response to this request within a defined period, it will display this event and terminate the redistribution process.

• <variable 1>—name of member which failed to send a move response within timeout period

Recommended Action Re-issue the ‘’cluster redistribute vpn-sessiondb” and if the problem persists, contact support.

Error Message %FTD-5-8300006: Cluster topology change detected. VPN session redistribution aborted.

Explanation The VPN session redistribution move calculations are based on the active members at the time the process is started. If a member joins or leaves during this process, the director will terminate the session redistribution.

Recommended Action Retry the operation when all of the members have joined or left the group.