Alert and Alarm Event Codes
Table of Contents
Expand all | Collapse all
-
-
- Add a Branch
- Add a Data Center
- Add a Branch Gateway
- Configure Circuits
- Configure Internet Circuit Underlay Link Aggregation
- Configure Private WAN Underlay Link Quality Aggregation
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Manage Data Center Clusters
- Configure a Site Prefix
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Enable IoT Device Visibility in Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Loopback Interface
- Configure a PoE Port
- Configure and Monitor LLDP Activity and Status
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
- VPN Keep-Alives
-
- Configure Prisma SD-WAN IPFIX
- Configure IPFIX Profiles and Templates
- Configure and Attach a Collector Context to a Device Interface in IPFIX
- Configure and Attach a Filter Context to a Device Interface in IPFIX
- Configure Global and Local IPFIX Prefixes
- Flow Information Elements
- Options Information Elements
- Configure the DNS Service on the Prisma SD-WAN Interface
- Configure SNMP
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure Multicast
- Create a WAN Multicast Configuration Profile
- Assign WAN Multicast Configuration Profiles to Branch Sites
- Configure a Multicast Source at a Branch Site
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- View Routing Statistics
- Prisma SD-WAN Incident Policies
-
- Prisma SD-WAN Branch HA Key Concepts
- Configure Branch HA
- Configure HA Groups
- Add ION Devices to HA Groups
- View Device Configuration of HA Groups
- Edit HA Groups and Group Membership
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
- Prisma SD-WAN Clarity Reports
- Prisma SD-WAN Incidents and Alerts
Alert and Alarm Event Codes
Learn more about the alert and alarm event codes generated
in
Prisma SD-WAN
.The following tables describe a list
of event or alarm codes, the event origin, its severity, and a description
of each event as per the event category.
ALARM CODE | EVENT ORIGIN | ALARM /ALERT | SEVERITY | EVENT TITLE | EVENT DESCRIPTION | RELEASE INTRODUCED |
|---|---|---|---|---|---|---|
DEVICEIF_IPV6_ADDRESS_DUPLICATE | Device | ALARM | Major | Duplicate IPv6 address | Another device in the local network is using
an IPv6 address assigned to this device. | 6.1.1 |
DEVICEHW_ DISKUTIL_ FRUSSD | Device | ALARM | MAJOR | FRU SSD Unavailable | Logs and core files are normally stored on separate media
on this platform. That media is not currently available. Contact Palo
Alto Networks Support. | 6.2.1 |
DEVICEHW_ DISKENC_ SYSTEM | Device | ALARM | Critical | Disk Encryption Upgrade Failure. | One of the disk partitions failed to convert
into an encrypted partition during the last device upgrade. | 4.5.1 |
DEVICEHW_ DISKUTIL_ PARTITIONSPACE | Device | ALARM | Major | High Disk Capacity Utilization. | Disk Storage Utilization on a device has reached
85% capacity. Noncritical functions, including logging and statistics export
may be impacted. | 4.5.1 |
DEVICEHW_ INTERFACE_ ERRORS | Device | ALERT | Major | High rate of errors on the interface. | Number of transmission and/or reception errors
seen on an interface over the last one hour period has exceeded the threshold. The
threshold is 0.5% of received or transmitted packet count in the
same one hour period. | 4.5.1 |
DEVICEHW_ INTERFACE_ HALFDUPLEX | Device | ALARM | Major | Interface running in half-duplex mode. | An interface has negotiated half duplex, although
it is allowed to run in full duplex, which is preferred. | 4.5.1 |
DEVICEHW_ INTERFACE_DOWN | Device | ALARM | Major | Interface Down. | A configured Admin-Up interface
is not receiving a signal or experiencing an error that has caused lack
of data flow through that interface.Release 5.4.1 onward, when DEVICEHW_INTERFACE_DOWN
alarm is raised, it also shows Related Faults. These faults are caused
due to this alarm which can be NETWORK_SECUREFABRICLINK_DEGRADED
or NETWORK_SECUREFABRICLINK_DOWN. | 4.5.1 |
DEVICEHW_ MEMUTIL_ SWAPSPACE | Device | ALARM | Critical | High Memory Utilization. | Memory utilization on a device has reached maximum capacity forcing
use of disk based swap space. Sub-optimal performance impact device functions. | 4.5.1 |
DEVICEHW_ POWER_LOST | Device | ALARM | Major | Power Lost. | Power supply unit is reporting loss of power, possibly
due to failure or unplugged power cable. | 4.5.1 |
DEVICEHW_POWER_MISSING | Device | ALARM | MAJOR | Power Supply Missing | If PSU is missing or AC voltage is not detected in ION
5200 and 9200, Power Missing alarm with reason psu_not_present and
ac_lost respectively is raised. | 6.4.1 |
DEVICEHW_ TEMPERATURE_ SENSOR | Device | ALARM | MAJOR | Operating temperature beyond threshold | One or more thermal sensors has reported temperature
beyond operationally safe threshold. Please monitor device temperature
activity chart. If the condition persists, the device will shutdown.
This will require manual intervention to turn the device back
up. | 6.2.1 |
DEVICEIF_ ADDRESS_ DUPLICATE | Device | ALERT | Major | Interface Duplicate Address. | Another device in the local network is using
an IP address assigned to this device. | 4.5.1 |
DEVICESW_ CONCURRENT_ FLOWLIMIT_ EXCEEDED | Device | ALARM | Critical | Concurrent flow limit. | The system has reach edits allowed max concurrent flow
limit. | 4.5.1 |
DEVICESW_ CONCURRENT_ FLOW_ SOFTLIMIT_ EXCEEDED | Device | ALERT | Minor | Concurrent flow soft limit. | The system reached its 75% of the max concurrent flow
limit. | 6.2.1 |
DEVICESW_IMAGE _UNSUPPORTED | Controller | ALARM | Critical | Unsupported Software Image | Device's software image is not recognized by the
controller. The software version may not be allowed in the network or
may no longer exist. | |
APPLICATION_ PROBE_DISABLED | Device | ALARM | Major | Application Probe Disabled | Application probes are disabled either due
to incomplete configuration or invalid state. Device will no longer issue application probe
to detect application reachability unless the issue is resolved. Consequently,
if application probes are disabled then application will no longer switch
to alternative paths in case it fails on its current path. | |
DEVICESW_ CRITICAL_ PROCESSRESTART | Device | ALERT | Critical | Critical Process Restart. | A critical software process on the device has
restarted either due to an error or as a self recovery method. Process restart
as a self-recovery does not impact long-term functions on the device but
can cause short term sub-optimal data plane functions and errors. | 4.6.1 |
DEVICESW_ CRITICAL_ PROCESSSTOP | Device | ALARM | Critical | Critical Process Stopped. | A critical software process on the device has
stopped due to an error and is unable to recover with a self restart. Impacts
data forwarding functionality. | 4.6.1 |
DEVICESW_ DHCPRELAY_ RESTART | Device | ALERT | Minor | DHCP relay agent restarted. | DHCP relay agent on a device has restarted
and recovered from an error. | 4.4.1 |
DEVICESW_ DHCPSERVER_ ERRORS | Device | ALARM | Critical | DHCP server failed to start. | DHCP server listening on physical interfaces failed to start due to the following
reasons:
| 4.4.1 |
DEVICESW_ DHCPSERVER_ RESTART | Device | ALERT | Minor | DHCP server restarted. | DHCP server listening on physical interfaces has
restarted and recovered from an error. | 4.4.1 |
DEVICESW_ DISCONNECTED_ FROM_ CONTROLLER | Device | ALARM | Major | Device disconnected from Controller | Release 5.4.1 and later Device has remained disconnected from
the controller for a prolonged duration. The alarm hold time has been
reduced to 10 minutes. Releases prior to Release 5.4.1 the
hold time was 30 minutes. | 5.0.3 |
DEVICESW_FPS_ LIMIT_ EXCEEDED | Device | ALARM | Major | Flows Per Second limit. | The system has reached its allowed flows per second
limit. | 4.5.1 |
DEVICESW_ GENERAL_ PROCESSRESTART | Device | ALERT | Minor | Process Restart. | A software process on the device has restarted either
due to an error or self-recovery method. Process restart as self recovery does
not impact long-term functions on the device. However, it can cause short-term sub-optimal functions
and errors. | 4.5.1 |
DEVICESW_ GENERAL_ PROCESSSTOP | Device | ALARM | Major | Process Stopped. | A software process on the device has stopped due
to an error and is unable to recover with a self-restart. Impacts
the Functionality. | 4.5.1 |
DEVICESW_ INITIATED_ CONNECTION_ON_ EXCLUDED_PATH | Device | ALARM | Major | Device Initiated Connection on excluded path. | Due to the lack of any other available interface, established
a device initiated controller connection from an excluded interface
as a last resort. | 5.4.3 |
DEVICESW_LICENSE_ VERIFICATION_ FAILED | Device | ALARM | Critical | Virtual ION license verification failed. | The license is no longer valid. The maximum ION
device deployment limit is reached. | 4.5.1 |
DEVICESW_ MONITOR_ DISABLED | Device | ALARM | Major | System Monitoring Disabled | A software process that monitors the health
of device and its hardware or software components is disabled. | 4.5.1 |
DEVICESW_NTP_ NO_SYNC | Device | ALARM | Major | NTP synchronization failed. | Device NTP has been unreachable for more than 24
hours. | 4.6.1 |
DEVICESW_SNMP_ AGENT_ RESTART | Device | ALERT | Minor | SNMP | SNMP agent on a device has restarted. | 4.5.1 |
DEVICESW_ SNMP_ AGENT_FAILED_ TO_START | Device | ALERT | Major | SNMP Agent failed to start. | SNMP Agent failed to start due to either invalid configuration or
decryption failure. | 5.2.1 |
DEVICESW_ SYSTEM_BOOT | Device | ALERT | Critical | Device Reboot. | Device rebooted either due to recovery from
an alarm condition or as part of normal operations, including user
initiated reboots and software upgrades. Reboots due to alarm conditions can
cause sub-optimal or significantly reduced functionality on the device. | 4.5.1 |
DEVICESW_ TOKEN_ VERIFICATION_ FAILED | Device | ALERT | Critical | Virtual ION token validation failed. | The token is no longer valid. It is currently utilized, expired,
or revoked. | 4.5.1 |
DEVICESW_ CONNTRACK_ FLOWLIMIT_ EXCEEDED | Device | ALARM | Critical | Conntrack table flow count exceeded threshold. | Number of flows in the connection tracking
table that are used for features such as NAT and device management policy
has exceeded 90% threshold. | 5.2.1 |
DEVICESW_ IPFIX_ COLLECTORS_DOWN | Device | ALARM | Major | IPFIX collectors down | The IPFIX export process observes that there
are no active connections to the IPFIX collectors. The process will
continue to monitor the connection status and resume export of the IPFIX
records once the connection is re-established. | 5.5.1 |
DEVICESW_ SYSLOGSERVERS_ DOWN | Device | ALARM | Minor | Syslog Export Down | A Syslog Export daemon failed to connect with remote syslog
server. | 5.6.1 |
DEVICESW_ ANALYTICS_ DISCONNECTED_ FROM_CONTROLLER | Controller | ALARM | Minor | Device analytics disconnected from Controller | Device analytics has remained disconnected from
the Controller for a prolonged duration. | 5.6.1 |
DEVICESW_FLOWS_ DISCONNECTED_ FROM_CONTROLLER | Controller | ALARM | Minor | Device flows disconnected from Controller | Device flows has remained disconnected from
the Controller for a prolonged duration. | 5.6.1 |
NAT_POLICY_ STATIC_NATPOOL_ OVERRUN | Device | ALARM | Minor | Static NAT pool range is overrun by selector prefix. | Configured NAT pool range cannot map 1:1 with matching traffic selector prefix. | 5.2.1 |
ALARM CODE | EVENT ORIGIN | ALARM /ALERT | SEVERITY | EVENT TITLE | EVENT DESCRIPTION | RELEASE INTRODUCED |
|---|---|---|---|---|---|---|
DEVICESW_ INITIATED_ CONNECTION_ON_ EXCLUDED_PATH | Device | ALARM | Major | Device Initiated Connection on excluded path. | Device Initiated Connection on excluded interface. | 5.4.3 |
HUB_CLUSTER_SITE_COUNT_THRESHIOLD_EXCEEDED | Controller | ALARM | Major | Hub Cluster Branch Count Limit Exceeded | The maximum number of branches allowed on hub
cluster have been exceeded. | 6.1.1 |
NETWORK_ SECUREFABRICLINK _DEGRADED | Controller | ALARM | Minor | Secure Fabric Link is degraded with atleast 1
VPN link UP from the active spoke and 1 or more VPN links DOWN from
the active SPOKE. | Secure Fabric Link is degraded with atleast
1 VPN link up from the active spoke and 1 or more VPN links down from
the active spoke. The alarm also displays the reasons for the VPN failure
and the root cause alarms found. Following the controller upgrade
to 5.4.1 there will be immediate changes to alarms, including standing
VPN related alarms that will no longer be visible, by default. If you
interact with the events API programmatically, you must modify the
scripts because the VPN alarms are replaced with a new alarm category. When querying
for events using the API, replace the code for NETWORK_SECUREFABRICLINK_DEGRADED
with NETWORK_ANYNETLINK_DEGRADED. Click here to know
more about the API changes. | 5.4.1 |
NETWORK_ SECUREFABRICLINK _DOWN | Controller | ALARM | Major | Secure Fabric Link is down with all VPN Links DOWN
from the active spoke. | Secure Fabric Link is down with all VPN links
down from the active spoke. The alarm also displays the reasons for
the VPN failure and the root cause alarms found. Following the controller upgrade
to 5.4.1 there will be immediate changes to alarms, including standing
VPN related alarms that will no longer be visible, by default. If you
interact with the events API programmatically, you must modify the
scripts because the VPN alarms are replaced with a new alarm category. When querying
for events using the API, replace the code for NETWORK_SECUREFABRICLINK_DOWN
with NETWORK_ANYNETLINK_DOWN. Click here to know
more about the API changes. | 5.4.1 |
NETWORK_ DIRECTINTERNET _DOWN | Device | ALARM | Major | Direct Internet Reachability Down. | For remote office or branch sites, reachability on
an internet circuit is down. If there are no alternate paths in application policy,
the alarm indicates that traffic is impacted and must be attended
to immediately. Release 5.4.1 and later When NETWORK_DIRECTINTERNET_DOWN alarm
is raised, it also shows related faults. These faults are caused
due to this alarm which can be NETWORK_SECUREFABRICLINK_DEGRADED
or NETWORK_SECUREFABRICLINK_DOWN. | 4.5.1 |
NETWORK_ DIRECTPRIVATE _DOWN | Device | ALARM | Major | Private WAN Reachability Down. | For remote office or branch sites, all data center
sites with the ION 7000 deployed are unreachable on the private
WAN. If there are no alternate paths configured in application policy,
the alarm indicates that traffic is impacted and must be attended
to immediately. Release 5.4.1 and later When NETWORK_DIRECTPRIVATE_DOWN alarm
is raised, it also shows related faults. These faults are caused
due to this alarm which can be NETWORK_SECUREFABRICLINK_DEGRADED
or NETWORK_SECUREFABRICLINK_DOWN. | 4.5.1 |
NETWORK_ PRIVATEWAN_ DEGRADED | Device | ALARM | Major | Private WAN Degraded. | For data center sites, a subset of IP prefixes
from one or more remote sites are determined to be unreachable over
the private WAN based on routing updates received from the network. | 4.5.1 |
NETWORK_ PRIVATEWAN_ UNREACHABLE | Device | ALARM | Major | Private WAN Unreachable. | For data center sites, one or more remote offices declared unreachable over
the private WAN based on routing updates received from the network. If
this alarm occurred due to WAN edge peering failure PEERING_EDGE_DOWN ALARM(s)
is also raised. | 4.5.1 |
PEERING_BGP_ DOWN | Device | ALARM | Critical | BGP Peer Down. | Routing peer session is down. If alternate paths
are available traffic is not affected; else the fault is critical. | 5.0.3 |
NETWORK_ STANDARD_ VPN_ENDPOINT _DOWN | Controller | ALARM | Major | Standard VPN Endpoint Down. | Multiple service link interfaces connecting
to a service endpoint are down. | 5.6.1 |
NETWORK_VPNKEK_UNAVAILABLE | Device | ALARM | Minor | Key Encryption Key (KEK) is not available. | This fault is generated when Key Encryption Key (KEK)
required to decrypt shared secrets for VPN link is not available. The
controller issues a KEK along with shared secrets. If the communication
between the controller and the device is down for more than three days,
this can happen. | |
NETWORK_ VPNLINK_DOWN | Device | ALARM | Major | VPN Link Down | A VPN Link connecting two sites is down. If
the VPN Link is the only link between the two sites, VPN based connectivity between those
sites has been impacted. If alternate VPN Links exist between the two
sites, connectivity and capacity is available between the sites; however additional VPN
Link failures between the two sites may impact traffic. | |
NETWORK_ VPNPEER_ UNAVAILABLE | Device | ALARM | Minor | VPN Peer Down | A peer instance on other side of a VPN Link
of a remote office (branch) has been declared to be down. This fault
will typically be seen along with one of [NETWORK_VPNLINK_DOWN, PEERING_CORE_DOWN, DEVICESW_GENERAL_PROCESSSTOP] faults
that identify the likely root cause. | |
NETWORK_ VPNSS_ UNAVAILABLE | Device | ALARM | Minor | VPN Shared Secret Unavailable | Shared secret required to establish a VPN Link
is not available. The Prisma SD-WAN controller pre-issues a certain number
of shared secrets (3 days worth by default). If the communication
between the Prisma SD-WAN Controller and the device is down for
3 days or more, then this fault is raised. | |
NETWORK_ VPNPEER_ UNREACHABLE | Device | ALARM | Minor | VPN Peer Unreachable | Control communication could not be established with
the VPN Peer. Common reasons include (a) IP Address mis-configuration,
(b) NAT misconfiguration or (c) a firewall which is blocking port
4500 traffic as UDP port 4500 is used for control communication
between the two VPN Peers. | |
NETWORK_ VPNSS_ MISMATCH | Device | ALARM | Minor | VPN Shared Secret Mismatch | VPN Peers could not agree on a shared secret. Usually happens when
(a) one of the devices is not able to contact the Prisma SD-WAN Controller and
retrieve the shared secret corresponding to the time window when the
fault was raised or (b) the clocks on the VPN Peer devices are out
of sync. | |
NETWORK_ VPNBFD_DOWN | Device | ALARM | Minor | VPN Liveliness Down | VPN Link liveliness is monitored through BFD heartbeats. This
fault indicates that the VPN Link went down because the BFD heartbeats failed.
If this is a temporary network failure then the VPN Link will come back
up once the network is restored. If the fault continues to stay
on then check for network availability. | |
SITE_ CONNECTIVITY_ DOWN | Controller | ALARM | Critical | Site Connectivity Down | At the Branch, alarm is raised when the site cannot connect
to controller or any remote branch or data center. Suppressed Alarms
at the Branch site : DEVICESW_DISCONNECTED_FROM_CONTROLLERNETWORK_SECUREFABRICLINK_DOWN The
following alarms are suppressed only if they were received by the
controller before the site connectivity was lost:DEVICEHW_INTERFACE_DOWNNETWORK_DIRECTINTERNET_DOWNNETWORK_DIRECTPRIVATE_DOWN At
the Data Center, alarm is raised when all the remote sites are unreachable. Suppressed Alarms
at the Data Center site : DEVICESW_DISCONNECTED_FROM_CONTROLLERNETWORK_SECUREFABRICLINK_DOWN | 5.5.1 |
SITE_CIRCUIT_ ABSENT_ FOR_POLICY | Controller | ALARM | Major | Path label used in policy is missing on site. | One or more path labels (public-*, private-*, public-[1-32], private-[1-32])
used in policy not assigned to any site WAN interface at the site. | 4.5.1 |
SITE_NETWORK_ SERVICE_ABSENT_ FOR_POLICY | Controller | ALARM | Major | Policy DC Group Missing Service Endpoint. | One or more DC groups used in the policy has
not been assigned a valid service endpoint for the domain bound
to the identified site. | 5.4.1 |
SITE_ CONNECTIVITY_ DEGRADED | Controller | ALARM | Major | Site connectivity degraded | Branch site connectivity is degraded due to
one or more secure fabric links down, Layer 3 reachability is down
or service link is down. Suppressed Alarms : NETWORK_DIRECTINTERNET_DOWNNETWORK_DIRECTPRIVATE_DOWNNETWORK_SECUREFABRICLINK_DOWNNETWORK_SECUREFABRICLINK_DEGRADEDDEVICEHW_INTERFACE_DOWN | 5.5.1 |
ALARM CODE | EVENT ORIGIN | ALARM /ALERT | SEVERITY | EVENT TITLE | EVENT DESCRIPTION | RELEASE INTRODUCED |
|---|---|---|---|---|---|---|
FLAP_RATE_ EXCEEDED | Controller | ALARM | Major | Flap Rate Exceeded | Alarm is raised when an entity flaps more than
the rate configured in the flap rule. | 5.5.1 |
NAT_POLICY_ LEGACY_ALG_ CONFIG_OVERRIDE | Device | ALERT | Major | NAT policy ALG action overridden by legacy configuration. | ALG action configured in the NAT policy has been overridden
by legacy configuration present on the device. | 5.2.1 |
NETWORK_ POLICY_RULE_ CONFLICT | Device | ALARM | Minor | Network policy rule conflict. | Two or more policy rules conflict in a policy
set, resulting in an incorrect policy applied to some flows. | 5.0.1 |
NETWORK_POLICY_ RULE_DROPPED | Device | ALARM | Major | Network policy rule dropped. | Network policy configuration contains rules with
too many permutations causing resources to exceed the operational limits.
Some rules are dropped from the policy so that the limits are not exceeded.
As a result, desired policy actions may not be applied in some cases. | 5.0.1 |
PRIORITY_POLICY_ RULE_CONFLICT | Device | ALARM | Minor | Priority policy rule conflict. | Two or more policy rules conflict in a priority
policy set, potentially resulting in an incorrect policy applied to
some flows. | 5.0.1 |
PRIORITY_POLICY_ RULE_DROPPED | Device | ALARM | Major | Priority policy rule dropped. | Priority policy configuration contains rules with
too many permutations causing resources to exceed the operational limits.
Some rules are dropped from the policy so that the limits are not exceeded.
As a result, desired policy actions may not be applied in some cases. | 5.0.1 |
SECURITY_POLICY_ RULE_ INCOMPLETE | Device | ALARM | Critical | The security policy rule configuration is incomplete. | The security policy rule configuration is incomplete. In
this case the security policy rule is skipped. | 5.4.3 |
SECURITY_POLICY_ LIMITS_EXCEEDED | Device | ALARM | Critical | The security policy stack exceeds resource limits | The resources need to be installed in security policy
stack as it exceeds the system limits. Security policy will not be
installed. Element will have no security policy until the condition exists. | 5.6.1 |
ALARM CODE | EVENT ORIGIN | ALARM /ALERT | SEVERITY | EVENT TITLE | EVENT DESCRIPTION | RELEASE INTRODUCED |
|---|---|---|---|---|---|---|
SPOKEHA_ CLUSTER _DEGRADED | Controller | ALARM | Major | Spoke cluster operating in a degraded state. | One of the devices in the cluster has failed
and is incapable of becoming active if the current active device
fails. | 5.1.1 |
SPOKEHA_ CLUSTER _DOWN | Controller | ALARM | Critical | Spoke cluster operation is down. | Both devices in the cluster have failed, therefore affects
the network connectivity to the site. | 5.1.1 |
SPOKEHA_ MULTIPLE _ACTIVE_ DEVICES | Controller | ALARM | Critical | More than one device is active in the spoke cluster. | Both devices in the cluster have declared themselves to
be active. This situation happens when the devices in the cluster
are not able to communicate with each other. Affects the network connectivity to
the site. | 5.1.1 |
SPOKEHA_STATE _UPDATE | Device | ALERT | Major | Device state changes in spoke cluster. | Device changed its state from active to backup
or backup to active. If the device changed its state to backup,
and there is no other device eligible to become active, this affects
the network connectivity at the site. | 5.1.1 |
ALARM CODE | EVENT ORIGIN | ALARM /ALERT | SEVERITY | EVENT TITLE | EVENT DESCRIPTION | RELEASE INTRODUCED |
|---|---|---|---|---|---|---|
APPLICATION_ CUSTOM_RULE_ CONFLICT | Device | ALARM | Minor | Custom application rule conflict. | Custom application configuration contains rules that
overlap, and therefore, a clear choice cannot be made. | 4.5.1 |
ALARM CODE | EVENT ORIGIN | ALARM /ALERT | SEVERITY | EVENT TITLE | EVENT DESCRIPTION | RELEASE INTRODUCED |
|---|---|---|---|---|---|---|
OPERATOR_ SIGNUP_ TOKEN_DISABLED | Controller | ALERT | Minor | User Signup Disabled. | A new user that was issued a sign up token
to self-complete the sign up process failed multiple times by using
a wrong combination of the sign up token and unique ID supplied
by the administrator. The same sign up process failure can occur
if an existing user forgets his/her password and is required to self
complete the password reset process. | 4.5.1 |
ALARM CODE | EVENT ORIGIN | ALARM /ALERT | SEVERITY | EVENT TITLE | EVENT DESCRIPTION | RELEASE INTRODUCED |
|---|---|---|---|---|---|---|
DEVICE_ CELLULAR_ ROAMING | Device | Alert | Major | Cellular Carrier Change | A software process responsible for cellular
link support observed a change in carrier. | 5.6.1 |
DEVICE_ CELLULAR_ SIM_ REMOVAL | Device | Alert | Major | SIM Presence Status Change | A software process responsible for cellular
link support detected insertion or removal of a SIM card. | 5.6.1 |
DEVICE_ CELLULAR_ SIM_ SWITCHOVER | Device | Alert | Major | SIM Switchover Status Change | A software process responsible for cellular
link support detected a switch-over from one SIM card to another. | 5.6.1 |
DEVICE_ CELLULAR_ SIGNAL_ STRENGTH_THRESH | Device | Alert | Major | Cellular Signal Strength | A software process responsible for cellular
link support detected a change in signal strength below acceptable limits. | 5.6.1 |
DEVICE_ CELLULAR_ INTERNAL_MODEM_ ERROR | Device | Alarm | Critical | Cellular Modem Error | A software process responsible for cellular
link support detected an internal error in the modem. | 5.6.1 |
DEVICE_ CELLULAR_ SIM_PIN_ERROR | Device | Alarm | Critical | SIM PIN | A software process responsible for cellular
link support detected a locked SIM card requiring a correct PIN. | 5.6.1 |
DEVICE_ CELLULAR_ SIM_PUK_ NEEDED | Device | Alarm | Critical | SIM PUK | Incorrect SIM PIN was used three times to unlock
the SIM card. PUK required to try PIN again. | 5.6.1 |
DEVICE_ CELLULAR_ MODEM_TEMP_ HIGH | Device | Alarm | Minor | High Modem Temperature | A software process responsible for cellular
link support received a notification from the cellular modem indicating
high operating temperature. | 5.6.1 |
DEVICE_ CELLULAR_ MTU_MISMATCH | Device | Alert | Minor | Cellular MTU Mismatch | Carrier negotiated MTU is lower than the configured
MTU for a cellular interface. | 5.6.1 |
DEVICE_ CELLULAR_ SIM_SECURITY_ ERROR | Device | Alert | Minor | Cellular SIM security error | SIM security operation failure. | 5.6.1 |
DEVICE_ CELLULAR_ FIRMWARE_ NOT_AVAILABLE | Device | Alert | Major | Cellular Firmware Not available | Supported Firmware not available. | 5.6.1 |
DEVICE_ CELLULAR_ MODEM_ DETECTION_ERROR | Device | Alarm | Critical | Cellular modem detection | A software process responsible for cellular
link support was unable to detect the cellular modem. | 5.6.1 |
DEVICE_ CELLULAR_ TECH_CHANGE | Device | Alert | Minor | Technology change | A software process responsible for cellular
link support detected a change in technology mode. | 5.6.1 |
ALARM CODE | EVENT ORIGIN | ALERT/ ALARM | SEVERITY | EVENT TITLE | EVENT DESCRIPTION | RELEASE INTRODUCED |
|---|---|---|---|---|---|---|
DEVICE_POE_MAIN_POWER_OVER_THRESHOLD | Device | Alarm | Major | Port Power Status | When the system level main PoE power usage exceeds
the configured threshold, this alarm is raised. When the exceeded
system level main PoE power usage comes down below the threshold,
this alarm is cleared. | 6.0.2 |
DEVICE_POE_PORT_POWER_OVER_THRESHOLD | Device | Alarm | Major | Port Power Over Threshold | When the port PoE power usage exceeds the configured threshold,
this alarm is raised. When the exceeded port PoE power usage comes
down below the threshold, this alarm is cleared. | 6.0.2 |
DEVICE_POE_MAIN_POWER_FAULT | Device | Alarm | Critical | Main Power Fault | When the PSE controller encounters an internal
error, this alarm is raised. Need reload/RMA of the device. | 6.0.2 |
DEVICE_POE_PORT_POWER_STATUS | Device | Alert | Major | Port Power Status | This alert is raised when the software process responsible
for Power Over Ethernet support observes a change in power supply
status of a PoE port. | 6.0.2 |
RADIUS_SERVER_NOT_REACHABLE | Device | Alarm | Major | Radius Server reachability error. | When the primary and secondary RADIUS server
is unreachable from a device, this alarm is generated. The reasons
could be a network error or an improper/missing source interface configuration. | 6.0.2 |
DYNAMIC_VLAN_NOT_CONFIGURED | Device | Alarm | Major | Dynamic VLAN NAME/ID issued from the Radius server
is not configured on the element. | When the RADIUS server requested Dynamic VLAN ID
is not configured on the system, this alarm is generated. It is cleared
either when the configuration was updated with the VLAN ID is configured
or when the client gets authenticated. | 6.0.2 |
CLIENT_AUTH_FAIL | Device | Alert | Major | A client failed to authenticate with valid credentials on
an 802.1X authentication enabled port. | This alert is raised when the client Authentication (MAC
Auth or 802.1X) fails. | 6.0.2 |
ALARM CODE | EVENT ORIGIN | ALERT/ ALARM | SEVERITY | EVENT TITLE | EVENT DESCRIPTION | RELEASE INTRODUCED |
|---|---|---|---|---|---|---|
DEVICESW_USERIDAGENTS_DOWN | Device | Alarm | Minor | UserId agent down | The device generates the alarm in case if the User-ID
daemon failed to connect with the User-ID agent. | 6.2.1 |
USER_ID_DIRECTORY_SYNC_FAILED | Controller | Alarm | Minor | Directory sync failed | Controller generates the alarm in case of failure of Full
Sync or Delta Sync while syncing any of groups, users and membership.
Alarm will be cleared once the sync is successfully completed. | 6.2.1 |
USER_ID_HUB_SELECTION_FAILED | Controller | Alarm | Minor | Hub selection failed | Controller generates this alarm if hub selection
failed. | 6.2.1 |