Enhanced Firewall Services Alerts and Events

Describes details about Enhanced Firewall Services (EFS) related Enterprise and Operator Orchestrator events.

Enterprise-level EFS Events

EVENT	DISPLAYED ON ORCHESTRATOR UI AS	SEVERITY	GENERATED BY	GENERATED WHEN	RELEASE ADDED IN	DEPRECATED
MGD_ATPUP_INVALID_IDPS_SIGNATURE	Invalid IDPS Signature	ERROR	SD-WAN Edge (MGD)	Generated when there is an invalid suricata package.	5.2.0
MGD_ATPUP_DOWNLOAD_IDPS_SIGNATURE_FAILED	Download IDPS Signature failed	ERROR	SD-WAN Edge (MGD)	Generated when downloading of suricata package fails.	5.2.0
MGD_ATPUP_DECRYPT_IDPS_SIGNATURE_FAILED	Decrypt IDPS Signature failed	ERROR	SD-WAN Edge (MGD)	Generated when unpacking of suricata package fails.	5.2.0
MGD_ATPUP_APPLY_IDPS_SIGNATURE_FAILED	Failed to apply IDPS Signature	ERROR	SD-WAN Edge (MGD)	Generated due to error in applying Suricata files.	5.2.0
MGD_ATPUP_APPLY_IDPS_SIGNATURE_SUCCEEDED	Successfully applied IDPS Signature	INFO	SD-WAN Edge (MGD)	Generated when suricata files are successfully applied.	5.2.0
MGD_ATPUP_STANDBY_UPDATE_START	Standby device IDPS Signature update started	INFO	SD-WAN Edge (MGD)	Generated when HA Standby update with new EFS IDPS Signature version is started.	5.2.0
MGD_ATPUP_STANDBY_UPDATE_FAILED	Standby device IDPS Signature update failed	ERROR	SD-WAN Edge (MGD)	Generated when HA Standby update with new EFS IDP Signature version fails.	5.2.0
MGD_ATPUP_STANDBY_UPDATED	Standby device IDPS Signature update completed	INFO	SD-WAN Edge (MGD)	Generated when HA Standby update with new EFS IDPS Signature version is successfully applied.	5.2.0
EFS_IDPS_NOT_READY	EFS_IDPS_NOT_READY	ALERT	SD-WAN Edge (MGD)	Generated when packets are dropped while on-prem Orchestrator is not connected to GSM and so IDPS signatures are not ready.	6.0.0
EFS_IP_DB_VERSION_UPDATE	EFS_IP_DB_VERSION_UPDATE	INFO	SD-WAN Edge (MGD)	Generated when loading of IP database succeeds or fails.	6.0.0
EFS_IP_RTU_DB_VERSION_UPDATE	EFS_IP_RTU_DB_VERSION_UPDATE	INFO	SD-WAN Edge (MGD)	Generated when loading of IP RTU database succeeds or fails.	6.0.0
EFS_URL_DB_VERSION_UPDATE	EFS_URL_DB_VERSION_UPDATE	INFO	SD-WAN Edge (MGD)	Generated when loading of URL database succeeds or fails.	6.0.0
EFS_URLF_MAL_IP_NOT_READY	EFS_URLF_MAL_IP_NOT_READY	ALERT	SD-WAN Edge (MGD)	Generated when packets are dropped while EFS is activated but URLF/MAL-IP filtering is not ready.	6.0.0
EFS_URL_RTU_DB_VERSION_UPDATE	EFS_URL_RTU_DB_VERSION_UPDATE	INFO	SD-WAN Edge (MGD)	Generated when loading of URL RTU database succeeds or fails.	6.0.0
MGD_EFS_NTICS_REGISTRATION_SUCCEEDED	MGD_EFS_NTICS_REGISTRATION_SUCCEEDED	INFO	SD-WAN Edge (MGD)	Generated when VMware Threat Intelligent Cloud Service (NTICS) registration with Client ID succeeds.	6.0.0
MGD_EFS_NTICS_REGISTRATION_FAILED	MGD_EFS_NTICS_REGISTRATION_FAILED	ERROR	SD-WAN Edge (MGD)	Generated when NTICs registration fails with retry count.	6.0.0
MGD_EFS_NTICS_AUTHENTICATION_SUCCEEDED	MGD_EFS_NTICS_AUTHENTICATION_SUCCEEDED	INFO	SD-WAN Edge (MGD)	Generated when NTICS authentication succeeds.	6.0.0
MGD_EFS_NTICS_AUTHENTICATION_FAILED	MGD_EFS_NTICS_AUTHENTICATION_FAILED	ERROR	SD-WAN Edge (MGD)	Generated when NTICS authentication fails.	6.0.0

Operator-level EFS Events

EVENT	DISPLAYED ON ORCHESTRATOR UI AS	SEVERITY	GENERATED BY	GENERATED WHEN	RELEASE ADDED IN	DEPRECATED
IDPS_SIGNATURE_VCO_VERSION_CHECK_FAIL	Querying existing signature version from local DB failed	ERROR	SASE Orchestrator	Generated when SASE Orchestrator backend poll job has failed to retrieve existing suricata signature version from Orchestrator's local database.	5.2.0
IDPS_SIGNATURE_GSM_VERSION_CHECK_FAIL	Querying signature metadata from GSM failed	ERROR	SASE Orchestrator	Generated when SASE Orchestrator backend poll job has failed to retrieve existing suricata signature metadata (that includes signature version) from GSM.	5.2.0
IDPS_SIGNATURE_SKIP_DOWNLOAD_NO_UPDATE	Skipping signature download due to no change in signature version	INFO	SASE Orchestrator	Generated when SASE Orchestrator backend poll job skips downloading suricata signature file due to no change in suricata signature file version.	5.2.0
IDPS_SIGNATURE_STORE_FAILURE_NO_PATH	Filestore path not set to store signature file	ERROR	SASE Orchestrator	Generated when SASE Orchestrator backend poll job fails to store suricata signature file due to filestore path not being set.	5.2.0
IDPS_SIGNATURE_DOWNLOAD_SUCCESS	Successfully downloaded signature file from GSM	INFO	SASE Orchestrator	Generated when SASE Orchestrator backend poll job successfully downloads suricata signature file from GSM.	5.2.0
IDPS_SIGNATURE_DOWNLOAD_FAILURE	Failed to download signature file from GSM	ERROR	SASE Orchestrator	Generated when SASE Orchestrator backend poll job fails to download suricata signature file from GSM.	5.2.0
IDPS_SIGNATURE_STORE_SUCCESS	Successfully stored the signature file in filestore	INFO	SASE Orchestrator	Generated when SASE Orchestrator backend poll job successfully stores the suricata signature file in local file store.	5.2.0
IDPS_SIGNATURE_STORE_SIGNATURE_FAILURE	Failed to store the signature file in filestore	ERROR	SASE Orchestrator	Generated when SASE Orchestrator backend poll job fails to store the suricata signature file in local file store.	5.2.0
IDPS_SIGNATURE_METADATA_INSERT_SUCCESS	Successfully added metadata of the signature file to local DB	INFO	SASE Orchestrator	Generated when SASE Orchestrator backend poll job successfully adds metadata of the suricata signature file to local DB.	5.2.0
IDPS_SIGNATURE_METADATA_INSERT_FAILURE	Failure to add metadata of the signature file to local DB	ERROR	SASE Orchestrator	Generated when SASE Orchestrator backend poll job fails to add metadata of the suricata signature file to local DB.	5.2.0
POLL_URL_CATEGORIES_FAIL	POLL_URL_CATEGORIES_FAIL	ERROR	SASE Orchestrator	Generated when SASE OrchestratorURL categories poll job fails.	6.0.0
URL_CATEGORIES_STORE_SUCCESS	URL_CATEGORIES_STORE_SUCCESS	INFO	SASE Orchestrator	Generated when SASE OrchestratorURL categories are stored successfully.	6.0.0
URL_CATEGORIES_STORE_FAILURE	URL_CATEGORIES_STORE_FAILURE	ERROR	SASE Orchestrator	Generated when SASE OrchestratorURL categories storage job fails.	6.0.0
VCO_ENTERPRISE_NTICS_LICENSE_REQUEST_FAILED	VCO_ENTERPRISE_NTICS_LICENSE_REQUEST_FAILED	ERROR	SASE Orchestrator	Generated when SASE Orchestrator Enterprise NTICS license request fails.	6.0.0
VCO_ENTERPRISE_NTICS_LICENSE_REQUEST_SUCCEEDED	NTICS License request succeeded	INFO	SASE Orchestrator	Generated when SASE Orchestrator Enterprise NTICS license request succeeds.	6.0.0