0
|
INSP_L4_NO_ERROR
|
No specific extended event.
|
1
|
INSP_L4_INVAL_HLEN
|
Invalid Layer 4 header length.
|
2
|
INSP_L4_C3PL_LOOKUP_FAIL
|
Policy match failure.
|
3
|
INSP_L4_POLICE_RATE_LIMIT
|
Police rate limiting
|
4
|
INSP_L4_SESSION_LIMIT
|
Session limit exceeded.
|
5
|
INSP_L4_ICMP_INVAL_RET
|
Invalid return packet.
|
6
|
INSP_L4_ICMP_INVAL_DEST
|
Invalid destination address for unreachable or time-exceeded packets.
|
7
|
INSP_L4_UDP_DISA_BIDIR
|
Bidirectional traffic disabled.
|
8
|
INSP_L4_SYN_INVAL_FLDATA
|
Synchronize (SYN) packet with data or with push (PSH) or urgent (URG) flags.
|
9
|
INSP_L4_INVALID_CONN_SEG
|
Segment does not match any TCP connection.
|
10
|
INSP_L4_INVALID_SEG
|
Invalid TCP segment.
|
11
|
INSP_L4_INVALID_SEQ
|
Invalid TCP sequence number.
|
12
|
INSP_L4_INVALID_ACK
|
Invalid TCP acknowledgment (ACK) or no ACK.
|
13
|
INSP_L4_INVALID_FLAGS
|
Invalid TCP flags.
|
14
|
INSP_L4_INVALID_CHKSM
|
Invalid TCP checksum.
|
15
|
INSP_L4_SYN_IN_WIN
|
SYN inside current window. A SYN packet is seen within the window of an already established TCP connection.
|
16
|
INSP_L4_RST_IN_WIN
|
Reset (RST) inside current window. An RST packet is seen within the window of an already established TCP connection.
|
17
|
INSP_L4_OOO_SEG
|
Out-of-Order (OoO) segment.
|
18
|
INSP_L4_OOO_INVALID_FLAGS
|
OoO segment with invalid flag.
|
19
|
INSP_L4_RETRANS_SEG
|
Retransmitted segment.
|
20
|
INSP_L4_RETRANS_INVALID_FLAGS
|
Retransmitted segment with invalid flag.
|
21
|
INSP_L4_STRAY_SEQ
|
Stray TCP segment.
|
22
|
INSP_L4_INTERNAL_ERR
|
Firewall internal error.
|
23
|
INSP_L4_INVALID_WINDOW_SCALE
|
Invalid window scale option.
|
24
|
INSP_L4_INVALID_TCP_OPTION
|
Invalid TCP option.
|
25
|
INSP_UNKNOWN_ERR
|
Unknown error.
|
26
|
INSP_L4_C3PL_LOOKUP_FAIL_NO_ZONE_PAIR
|
Lookup failure because zone pairs are not available between zones.
|
27
|
INSP_L4_C3PL_LKP_FAIL_ZONE_TO_NONZONE
|
Lookup failure because only one interface is the member of a zone and other interface is not a member of any zone.
|
28
|
INSP_L4_C3PL_LOOKUP_FAIL_NO_POLICY
|
Policy not present in the zone pair.
|
29
|
INSP_L4_DROP_CONFIGURED
|
Drop action configured in a policy map.
|
30
|
FW_EXT_ALERT_UNBLOCK_HOST
|
Blocking of TCP attempts to a specified host is removed.
|
31
|
FW_EXT_ALERT_HOST_TCP_ALERT_ON
|
Maximum incomplete host limit of half-open TCP connections exceeded. Note
| Once this message is sent to the host, the traffic from that host can be blocked by sending the FW_EXT_ALERT_BLOCK_HOST message for the time period configured. |
|
32
|
FW_EXT_ALERT_BLOCK_HOST
|
Maximum incomplete host threshold of half-open TCP connections exceeded.
|
33
|
FW_EXT_SESS_RATE_ALERT_ON
|
Exceeded either the maximum incomplete high threshold of half-open connections or the new connection initiation rate ID.
|
34
|
FW_EXT_SESS_RATE_ALERT_OFF
|
Either the number of half-open connections or the new connection initiation rate is below the maximum incomplete low threshold.
|
35
|
FW_EXT_MAX_SESS_LIMIT
|
Number of established sessions has crossed the configured threshold.
|