IMPORTANT
Action required: Apply the fix for SNS firewall disks.
Please follow the procedure described in the How to update my SSD Firmware - Stormshield Knowledge Base article (authentication required).
Fields specific to the "l_vpn" log
The fields described below appear in the web administration interface of the firewall under the Monitoring > Logs - Audit logs module, in the views: All logs and VPN.
pri |
Set to “5” (“notice”) to ensure WELF compatibility. Available from: SNS v1.0.0. |
Priority |
|
error
|
Error level of the log. Values: “0” (Information), “1” (Warning) or “2” (Error). |
Result Example: “Info” |
|
phase
|
Number of the IPSec VPN tunnel negotiation phase. Values: “0” (no phase), “1” (phase 1) or “2” (phase 2). |
Phase |
|
src |
IP address of the VPN tunnel’s local endpoint. Decimal format. Example: ”192.168.0.1” Available from: SNS v1.0.0. |
Source | |
srcname |
Name of the object corresponding to the VPN tunnel’s local endpoint. String of characters in UTF-8 format. Example: “Pub_FW” Available from: SNS v1.0.0. |
Source name |
|
dst |
IP address of the VPN tunnel’s remote endpoint. Decimal format. Example: ”192.168.1.1” Available from: SNS v1.0.0. |
Destination | |
dstname |
Name of the object corresponding to the VPN tunnel’s remote endpoint. String of characters in UTF-8 format. Example: “fw_remote” Available from: SNS v1.0.0. |
Destination name |
|
user |
ID of the remote user used for the negotiation. String of characters in UTF-8 format. Example: “john.smith” May be displayed anonymously depending on the administrator's access privileges. c |
User |
|
usergroup |
The user that set up a tunnel belongs this group, defined in the VPN access privileges. String of characters in UTF-8 format. Example: usergroup="ipsec-group" Available from: SNS v3.3.0. |
Group | |
msg |
Description of the operation performed. String of characters in UTF-8 format. Example: “Phase established” |
Message |
|
side |
Role of the Firewall in the negotiation of the tunnel. Values: “initiator” or “responder”. |
Role |
|
cookie_i |
Temporary identity marker of the initiator of the negotiation. Character string in hexadecimal. Example: “0xae34785945ae3cbf” |
Initiating cookie |
|
cookie_r |
Temporary identity marker of the peer of the negotiation. Character string in hexadecimal. Example: "0x56201508549a6526". |
Receiving cookie |
|
localnet |
Local network negotiated in phase2. Decimal format. Example: ”192.168.0.1” |
Local network |
|
remotenet |
Remote network negotiated in phase2. Decimal format. Example: ”192.168.1.1” |
Remote network |
|
spi_in |
SPI (Security Parameter Index) number of the negotiated incoming SA (Security Association). Character string in hexadecimal. Example: “0x01ae58af” |
Incoming spi |
|
spi_out |
SPI number of the negotiated outgoing SA. Character string in hexadecimal. Example: “0x003d098c” |
Outgoing spi |
|
ike |
Version of the IKE protocol used Values: “1”, “2”… |
IKE version | |
remoteid |
ID of the peer used during the negotiation of the IKE SA. This may be an e-mail address or IP address. |
Remote identifier | |
ruletype | Type of IPSec rule. Character string. Values: mobile, gateway. Example: ruletype=mobile. Available from: SNS v4.2.1 |