Describes details about Enhanced Firewall Services (EFS) related Enterprise and Operator Orchestrator events.
Enterprise-level EFS Events
| EVENT | DISPLAYED ON ORCHESTRATOR UI AS | SEVERITY | GENERATED BY | GENERATED WHEN | RELEASE ADDED IN | DEPRECATED |
|---|---|---|---|---|---|---|
| MGD_ATPUP_INVALID_IDPS_SIGNATURE |
Invalid IDPS Signature |
ERROR |
SD-WAN Edge (MGD) | Generated when there is an invalid suricata package. |
5.2.0 | |
| MGD_ATPUP_DOWNLOAD_IDPS_SIGNATURE_FAILED |
Download IDPS Signature failed |
ERROR |
SD-WAN Edge (MGD) | Generated when downloading of suricata package fails. |
5.2.0 | |
| MGD_ATPUP_DECRYPT_IDPS_SIGNATURE_FAILED |
Decrypt IDPS Signature failed | ERROR |
SD-WAN Edge (MGD) | Generated when unpacking of suricata package fails. | 5.2.0 | |
| MGD_ATPUP_APPLY_IDPS_SIGNATURE_FAILED |
Failed to apply IDPS Signature |
ERROR |
SD-WAN Edge (MGD) | Generated due to error in applying Suricata files. |
5.2.0 | |
| MGD_ATPUP_APPLY_IDPS_SIGNATURE_SUCCEEDED |
Successfully applied IDPS Signature |
INFO | SD-WAN Edge (MGD) | Generated when suricata files are successfully applied. |
5.2.0 | |
| MGD_ATPUP_STANDBY_UPDATE_START |
Standby device IDPS Signature update started |
INFO | SD-WAN Edge (MGD) | Generated when HA Standby update with new EFS IDPS Signature version is started. |
5.2.0 | |
| MGD_ATPUP_STANDBY_UPDATE_FAILED |
Standby device IDPS Signature update failed |
ERROR | SD-WAN Edge (MGD) | Generated when HA Standby update with new EFS IDP Signature version fails. |
5.2.0 | |
| MGD_ATPUP_STANDBY_UPDATED |
Standby device IDPS Signature update completed | INFO | SD-WAN Edge (MGD) | Generated when HA Standby update with new EFS IDPS Signature version is successfully applied. |
5.2.0 | |
| EFS_IDPS_NOT_READY |
EFS_IDPS_NOT_READY | ALERT | SD-WAN Edge (MGD) | Generated when packets are dropped while on-prem Orchestrator is not connected to GSM and so IDPS signatures are not ready. |
6.0.0 | |
| EFS_IP_DB_VERSION_UPDATE |
EFS_IP_DB_VERSION_UPDATE |
INFO | SD-WAN Edge (MGD) | Generated when loading of IP database succeeds or fails. |
6.0.0 | |
| EFS_IP_RTU_DB_VERSION_UPDATE |
EFS_IP_RTU_DB_VERSION_UPDATE |
INFO | SD-WAN Edge (MGD) | Generated when loading of IP RTU database succeeds or fails. |
6.0.0 | |
| EFS_URL_DB_VERSION_UPDATE |
EFS_URL_DB_VERSION_UPDATE |
INFO | SD-WAN Edge (MGD) | Generated when loading of URL database succeeds or fails. |
6.0.0 | |
| EFS_URLF_MAL_IP_NOT_READY |
EFS_URLF_MAL_IP_NOT_READY |
ALERT | SD-WAN Edge (MGD) | Generated when packets are dropped while EFS is activated but URLF/MAL-IP filtering is not ready. |
6.0.0 | |
| EFS_URL_RTU_DB_VERSION_UPDATE |
EFS_URL_RTU_DB_VERSION_UPDATE |
INFO | SD-WAN Edge (MGD) | Generated when loading of URL RTU database succeeds or fails. |
6.0.0 | |
| MGD_EFS_NTICS_REGISTRATION_SUCCEEDED |
MGD_EFS_NTICS_REGISTRATION_SUCCEEDED |
INFO | SD-WAN Edge (MGD) | Generated when NSX Threat Intelligent Cloud Service (NTICS) registration with Client ID succeeds. |
6.0.0 | |
| MGD_EFS_NTICS_REGISTRATION_FAILED |
MGD_EFS_NTICS_REGISTRATION_FAILED |
ERROR | SD-WAN Edge (MGD) | Generated when NTICs registration fails with retry count. |
6.0.0 | |
| MGD_EFS_NTICS_AUTHENTICATION_SUCCEEDED |
MGD_EFS_NTICS_AUTHENTICATION_SUCCEEDED |
INFO | SD-WAN Edge (MGD) | Generated when NTICS authentication succeeds. |
6.0.0 | |
| MGD_EFS_NTICS_AUTHENTICATION_FAILED |
MGD_EFS_NTICS_AUTHENTICATION_FAILED |
ERROR | SD-WAN Edge (MGD) | Generated when NTICS authentication fails. |
6.0.0 |
Operator-level EFS Events
| EVENT | DISPLAYED ON ORCHESTRATOR UI AS | SEVERITY | GENERATED BY | GENERATED WHEN | RELEASE ADDED IN | DEPRECATED |
|---|---|---|---|---|---|---|
| IDPS_SIGNATURE_VCO_VERSION_CHECK_FAIL | Querying existing signature version from local DB failed | ERROR | SASE Orchestrator | Generated when SASE Orchestrator backend poll job has failed to retrieve existing suricata signature version from Orchestrator's local database. | 5.2.0 | |
| IDPS_SIGNATURE_GSM_VERSION_CHECK_FAIL | Querying signature metadata from GSM failed | ERROR | SASE Orchestrator | Generated when SASE Orchestrator backend poll job has failed to retrieve existing suricata signature metadata (that includes signature version) from GSM. | 5.2.0 | |
| IDPS_SIGNATURE_SKIP_DOWNLOAD_NO_UPDATE | Skipping signature download due to no change in signature version | INFO | SASE Orchestrator | Generated when SASE Orchestrator backend poll job skips downloading suricata signature file due to no change in suricata signature file version. | 5.2.0 | |
| IDPS_SIGNATURE_STORE_FAILURE_NO_PATH | Filestore path not set to store signature file | ERROR | SASE Orchestrator | Generated when SASE Orchestrator backend poll job fails to store suricata signature file due to filestore path not being set. | 5.2.0 | |
| IDPS_SIGNATURE_DOWNLOAD_SUCCESS | Successfully downloaded signature file from GSM | INFO | SASE Orchestrator | Generated when SASE Orchestrator backend poll job successfully downloads suricata signature file from GSM. | 5.2.0 | |
| IDPS_SIGNATURE_DOWNLOAD_FAILURE | Failed to download signature file from GSM | ERROR | SASE Orchestrator | Generated when SASE Orchestrator backend poll job fails to download suricata signature file from GSM. | 5.2.0 | |
| IDPS_SIGNATURE_STORE_SUCCESS | Successfully stored the signature file in filestore | INFO | SASE Orchestrator | Generated when SASE Orchestrator backend poll job successfully stores the suricata signature file in local file store. | 5.2.0 | |
| IDPS_SIGNATURE_STORE_SIGNATURE_FAILURE | Failed to store the signature file in filestore | ERROR | SASE Orchestrator | Generated when SASE Orchestrator backend poll job fails to store the suricata signature file in local file store. | 5.2.0 | |
| IDPS_SIGNATURE_METADATA_INSERT_SUCCESS | Successfully added metadata of the signature file to local DB | INFO | SASE Orchestrator | Generated when SASE Orchestrator backend poll job successfully adds metadata of the suricata signature file to local DB. | 5.2.0 | |
| IDPS_SIGNATURE_METADATA_INSERT_FAILURE | Failure to add metadata of the signature file to local DB | ERROR | SASE Orchestrator | Generated when SASE Orchestrator backend poll job fails to add metadata of the suricata signature file to local DB. | 5.2.0 | |
| POLL_URL_CATEGORIES_FAIL | POLL_URL_CATEGORIES_FAIL | ERROR | SASE Orchestrator | Generated when SASE OrchestratorURL categories poll job fails. | 6.0.0 | |
| URL_CATEGORIES_STORE_SUCCESS | URL_CATEGORIES_STORE_SUCCESS | INFO | SASE Orchestrator | Generated when SASE OrchestratorURL categories are stored successfully. | 6.0.0 | |
| URL_CATEGORIES_STORE_FAILURE | URL_CATEGORIES_STORE_FAILURE | ERROR | SASE Orchestrator | Generated when SASE OrchestratorURL categories storage job fails. | 6.0.0 | |
| VCO_ENTERPRISE_NTICS_LICENSE_REQUEST_FAILED |
VCO_ENTERPRISE_NTICS_LICENSE_REQUEST_FAILED | ERROR | SASE Orchestrator | Generated when SASE Orchestrator Enterprise NTICS license request fails. | 6.0.0 | |
| VCO_ENTERPRISE_NTICS_LICENSE_REQUEST_SUCCEEDED |
NTICS License request succeeded | INFO | SASE Orchestrator | Generated when SASE Orchestrator Enterprise NTICS license request succeeds. | 6.0.0 |
