Skip to main content
Skip table of contents

Firewall Messages - V6.4/6.5/6.6/6.7

Vendor Documentation

https://www.forcepoint.com/product/ngfw-next-generation-firewall
https://help.stonesoft.com/onlinehelp/StoneGate/SMC/6.5.0/GUID-71291199-8540-496C-A4DF-52A69E8FE227.html
https://support.forcepoint.com/KBArticle?id=000015002
https://www.websense.com/content/support/library/ngfw/v64/mgmt/ngfw_640_pg_a_en-us.pdf

Classification

Rule Name

Rule Type

Common Event

Classification


Firewall Messages - V6.4/6.5/6.6/6.7Base RuleGeneral Firewall LogNetwork Traffic
VMID: 0Sub RuleSyslog InformationInformation
VMID: 1500 Stopping Unused ServiceSub RuleProcess/Service StoppingStartup and Shutdown
VMID: 2011 Cluster EventSub RuleGeneral CLUSTER MessageInformation
VMID: 2302 System Tester NoticeSub RuleTest MessageInformation
VMID: 4118 System Policy AppliedSub RuleGeneral POLICY InformationInformation
VMID: 4501 FW Authentication New Config SuccessfulSub RuleConfiguration Loaded : SecurityConfiguration
VMID: 70018 Connection AllowedSub RuleTraffic Allowed by Network FirewallNetwork Allow
VMID: 70019 Connection DiscardedSub RuleConnection Removed Or DisabledInformation
VMID: 70021 Connection ClosedSub RuleConnection ClosedNetwork Traffic
VMID: 70022 Connection Closed AbnormallySub RuleConnection ClosedNetwork Traffic
VMID: 70026 Connection ProgressSub RuleGeneral Connection MessagesNetwork Traffic
VMID: 70511 HTTP URL LoggedSub RuleURL Logged - CategoryActivity
VMID 1004: Connection AllowedSub RuleConnection EstablishedNetwork Traffic
VMID 1001: Connection DiscardedSub RuleRequest DiscardedNetwork Traffic
VMID 1008: Packet DiscardedSub RuleTCP Packet DroppedInformation
VMID 12100: IKEv2 SA Initiator CompleteSub RuleIKE Phase 1 CompleteActivity
VMID 12101: IKE SA Initiator FailedSub RuleIKE Initiator: Phase 1 NegotiationActivity
VMID 12102: IKE SA Responder DoneSub RuleIKE Accept IPSec ProposalOther Audit Success
VMID 12105: IPSec SA Initiator DoneSub RuleIKE Phase 1 CompleteActivity
VMID 12107: IPSec SA Responder DoneSub RuleIKE Accept IPSec ProposalOther Audit Success
VMID 12110: IKE Starting Initiator NegotiationSub RuleIKE Initiator: Phase 1 NegotiationActivity
VMID 12111: IKE Starting Responder NegotiationSub RuleStarting IKE NegotiationInformation
VMID 12116: IKE SA DeletedSub RuleIKE SA Delete Request ReceivedNetwork Traffic
VMID 12171: IKE TimeoutSub RuleIKE Ticket Exchange Failed - TimeoutActivity
VMID 15006: DHCP ClientSub RuleDHCP InformationInformation
VMID 2000: Cluster ProtocolSub RuleGeneral CLUSTER MessageInformation
VMID 261653: Analyzer Compress MessageSub RuleGeneral InformationInformation
VMID 70027: Connection Interface ChangedSub RuleConnection InformationInformation
VMID 70082: Protocol ViolationSub RuleGeneral Protocol InformationInformation
VMID 7059: TCP Checksum MismatchSub RuleGeneral Checksum InformationInformation
VMID 71009: VPN ConnectionSub RuleGeneral VPN InformationOther Operations
VMID 71012: IPSec VPN ConnectionSub RuleGeneral VPN InformationOther Operations
VMID 71040: Log Compress MessageSub RuleGeneral Information Log MessageInformation
VMID 71257: TCP Segment SYN MessageSub RuleVPN TCP SYN MessageInformation
VMID 275137: Unknown BrowserSub RuleUnknown Browser TypeInformation
VMID 275505: Unknown StatusSub RuleStatus LogInformation
VMID 316105: TCP NTLMSSP MessageSub RuleGeneral InformationInformation
VMID 261657: Analyzer Compress MessageSub RuleGeneral InformationInformation
VMID 263279: UDP-Denial Of ServiceSub RuleApplication Denial Of ServiceDenial Of Service
VMID 270346: HTTP Long Options Request ArgumentSub RuleHTTP Response ErrorError
VMID 318473: MS_RPC_TPC_CPSSub RuleRPC RequestActivity
VMID 323594: SNMP UDP Write AttemptSub RuleSNMP ActivityActivity
VMID 324106: SNMP UDP Write Attemp RejectedSub RuleModify Object FailureAccess Failure
VMID 324107: SNMP UDP Write Attempt AcceptedSub RuleObject AccessedAccess Success
VMID 501475: File Binary Shell CodeSub RuleProgrammable Binary File Data Processing Info MsgInformation
VMID 70095: TCP Small Overlapping SegmentSub RuleGeneral TCP/IP InformationInformation
VMID 70507: SSH ViolationSub RuleSSH Information-Only EventInformation
VMID 70961: Connection RematchedSub RuleConnection RestoredInformation
VMID 71268: TCP Window SmallSub RuleGeneral TCP/IP InformationInformation
VMID 72123: Anti-Malware Database FailureSub RuleDatabase InformationInformation
VMID 76515: Cannot Connect To CloudSub RuleGeneral CLOUD MessageInformation
VMID 79059: TLS Certificate Verify FailedSub RuleTLS MessageInformation
VMID 79973: SMB Attempted Tree Connect To AdminSub RuleSMB Information MessageInformation
Connection Refused MessagesSub RuleTraffic Denied by Network FirewallNetwork Deny

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData Type
severity<severity>Text/String/Number
Version

<version>

Text/String
vmid<vmid>Number
command<command>Text/String
severity<severity>Number
suser<login>Text/String
cat<objecttype>Text/String
in<packetsin>Number
out<packetsout>Number
app<object>Text/String/Number
protname<protname>Text/String/Number
deviceFacility<objectname>Text/String
destinationTranslatedPort<dnatport>Number
sourceTranslatedPort<snatport>Number
destinationTranslatedAddress<dnatip>IP Address
sourceTranslatedAddress<snatip>IP Address
msg<subject>Text/String
act<action>Text/String
deviceinboundinterface<dinterface>Text/String/Number
dpt<dport>Number
spt<sport>Number
dst<dip>IP Address
src<sip>IP Address
dvchost<dname>Text/String/Number


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close