Focus

Prisma SD-WAN

Event Category-Policy

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Activation & Onboarding
Administration
CloudBlades
Select a Document
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
Deployment
Incidents & Alerts
Reference
Release Notes
Select a Document
- 6.5
- 6.4
- 6.3
- 6.1
- 5.6
- Prisma SD-WAN Controller
- Prisma SD-WAN On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
Prisma SASE

Event Category-Network

Event Category-Branch HA

Event Category-Policy

Incident and alert event codes based on the categories for troubleshooting in Prisma SD-WAN. See the list of policy event codes in Prisma SD-WAN.

Where Can I Use This?	What Do I Need?
Prisma SD-WAN (Managed by `Strata Cloud Manager`)	Prisma SD-WAN

The following tables describe a list of event or incident codes, the event origin, its severity, and a description of each event as per the event category.

**Event Category-Policy**
INCIDENT CODE	EVENT ORIGIN	INCIDENT /ALERT	SEVERITY	EVENT TITLE	EVENT DESCRIPTION	RELEASE INTRODUCED
FLAP_ RATE_ EXCEEDED	Controller	INCIDENT	Warning	Flap Rate Exceeded	Incident is raised when an entity flaps more than the rate configured in the flap rule.	5.5.1
NAT_ POLICY_ LEGACY_ ALG_ CONFIG_ OVERRIDE	Device	ALERT	Warning	NAT policy ALG action overridden by legacy configuration.	ALG action configured in the NAT policy has been overridden by legacy configuration present on the device.	5.2.1
NETWORK_ POLICY_ RULE_ CONFLICT	Device	INCIDENT	Informational	Network policy rule conflict.	Two or more policy rules conflict in a policy set, resulting in an incorrect policy applied to some flows.	5.0.1
NETWORK_ POLICY_ RULE_ DROPPED	Device	INCIDENT	Warning	Network policy rule dropped.	Network policy configuration contains rules with too many permutations causing resources to exceed the operational limits. Some rules are dropped from the policy so that the limits are not exceeded. As a result, desired policy actions may not be applied in some cases.	5.0.1
PRIORITY_ POLICY_ RULE_ CONFLICT	Device	INCIDENT	Informational	Priority policy rule conflict.	Two or more policy rules conflict in a priority policy set, potentially resulting in an incorrect policy applied to some flows.	5.0.1
PRIORITY_ POLICY_ RULE_ DROPPED	Device	INCIDENT	Warning	Priority policy rule dropped.	Priority policy configuration contains rules with too many permutations causing resources to exceed the operational limits. Some rules are dropped from the policy so that the limits are not exceeded. As a result, desired policy actions may not be applied in some cases.	5.0.1
SECURITY_ POLICY_ RULE_ INCOMPLETE	Device	INCIDENT	Critical	The security policy rule configuration is incomplete.	The security policy rule configuration is incomplete. In this case the security policy rule is skipped.	5.4.3
SECURITY_ POLICY_ RULES_ FAILED	Device	INCIDENT	Critical	The security policy rule configuration is failed.	The security policy rule configuration is failed because of low memory availability.	6.6.1
SECURITY_ POLICY_ LIMITS_ EXCEEDED	Device	INCIDENT	Critical	The security policy stack exceeds resource limits	The resources need to be installed in security policy stack as it exceeds the system limits. Security policy will not be installed. Element will have no security policy until the condition exists.	5.6.1
CIRCUIT_ PERFORMANCE_ DEGRADED	Device	INCIDENT	Critical	The circuit performance is degraded.	The configured thresholds in the performance policy SLA is violated. This includes Link Quality metric thresholds for latency, jitter, and packet loss.	6.3.1
APPLICATION_ PERFORMANCE_ DEGRADED	Device	INCIDENT	Critical	The application performance is degraded.	The configured thresholds in the performance policy SLA is violated. This involves the rtt and init failure rate of the app thresholds. From 6.4.1 release version, it includes UDP TRT failure rate of the app threshold.	6.3.1
CARRIER_ PERFORMANCE_ DEGRADED	Controller	INCIDENT	Critical	The carrier performance is degraded.	When the CIRCUIT_ PERFORMANCE _DEGRADED alarm is present for more than one circuit (site WAN interface) for a tenant, then the alarm is generated to indicate that the WAN carrier performance is degraded.	6.3.1
SYSTEM_ CPU_ THRESHOLD_ EXCEEDED	Device	Incident	Warning	The system CPU threshold is exceeded.	The configured CPU utilization threshold in the performance policy is violated.	6.4.1
SYSTEM_ MEMORY_ THRESHOLD_ EXCEEDED	Device	Incident	Warning	The system memory threshold is exceeded.	The configured memory utilization threshold in the performance policy is violated.	6.4.1
SYSTEM_ DISK_ THRESHOLD_ EXCEEDED	Device	Incident	Warning	The system disk threshold is exceeded.	The configured disk utilization threshold in the performance policy is violated.	6.4.1
SYSTEM_ CIRCUIT_ UTILIZATION_ THRESHOLD_ EXCEEDED	Device	Incident	Warning	The site circuit utilization threshold is exceeded.	The configured circuit utilization threshold in the performance policy is violated.	6.4.1
SYSTEM_ CONCURRENT_ FLOW_ THRESHOLD_ EXCEEDED	Device	Incident	Warning	The system concurrent flow threshold is exceeded.	The configured concurrent flow utilization threshold in the performance policy is violated.	6.4.1

Event Category-Network

Event Category-Branch HA

Prisma SD-WAN Docs

Event Category-Policy

Prisma SD-WAN Docs

Event Category-Policy

Activation & Onboarding

SASE

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices

Resources