Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual

							 Network Planning for Multiple WAN Ports
639  ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
Figure 29. Telecommuter example in a single WAN port configuration with NAT
The IP address of the gateway WAN port can be either fixed or dynamic. If the IP address is 
dynamic, you must use an FQDN. If the IP address is fixed, an FQDN is optional.
VPN Telecommuter: Dual-Gateway WAN Ports for Improved Reliability
In a gateway configuration with dual WAN ports that function in auto-rollover mode, the 
remote computer client initiates the VPN tunnel with the active gateway WAN port (port 
WAN1 in the following figure) because the IP address of the remote NAT router is not known 
in advance. The gateway WAN port must act as the responder.
Figure 30. Telecommuter example in a dual WAN port configuration with NAT before auto-rollover
The IP addresses of the gateway WAN ports can be either fixed or dynamic, but you must 
always use an FQDN because the active WAN port could be either WAN1 or WAN2 (that is, 
the IP address of the active WAN port is not known in advance).
After a rollover of the WAN port occurs, the previously inactive gateway WAN port becomes 
the active port (port WAN2 in the following figure) and the remote computer must reestablish 
the VPN tunnel. The gateway WAN port must act as the responder. 
						

							 Network Planning for Multiple WAN Ports
640 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
Figure 31. Telecommuter example in a dual WAN port configuration with NAT after auto-rollover
The purpose of the FQDN is to toggle the domain name of the gateway between the IP 
addresses of the active WAN port (that is, WAN1 and WAN2) so that the remote computer 
client can determine the gateway IP address to establish or reestablish a VPN tunnel.
VPN Telecommuter : Dual-Gateway WAN Ports for Load Balancing
In a gateway configuration with dual WAN ports that function in load balancing mode, the 
remote computer client initiates the VPN tunnel with the appropriate gateway WAN port (that 
is, port WAN1 or WAN2 as necessary to balance the loads of the two gateway WAN ports) 
because the IP address of the remote NAT router is not known in advance. The selected 
gateway WAN port must act as the responder.
Figure 32. Telecommuter example in a dual WAN port configuration with NAT and load balancing
The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address 
is dynamic, you must use an FQDN. If an IP address is fixed, an FQDN is optional. 
						

							641
B
B.   System Logs and Error Messages
This appendix provides examples and explanations of system logs and error message. When 
applicable, a recommended action is provided. 
This appendix contains the following sections:
•Log Message Terms 
•System Log Messages
•Routing Logs
•Other Event Logs
•DHCP Logs 
						

							 System Logs and Error Messages
642 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
Log Message Terms
This appendix uses the following log message terms.
System Log Messages
The following sections provide information about system log messages:
•NTP
•Login and Logout
•System Startup
•Reboot
•Firewall Restart
•IPSec Restart
•Unicast, Multicast, and Broadcast Logs
•WAN Status
•Resolved DNS Names
•VPN Log Messages
•Traffic Meter Logs
Table 13.  Log message terms  
TermDescription
[FVS336Gv2] System identifier.
[kernel] Message from the kernel.
CODE Protocol code (for example, protocol is ICMP, type 8) and CODE=0 means successful 
reply.
DEST Destination IP address of the machine to which the packet is destined.
DPT Destination port.
IN Incoming interface for packet.
OUT Outgoing interface for packet.
PROTO Protocol used.
SELF Packet coming from the system only.
SPT Source port.
SRC Source IP address of machine from which the packet is coming.
TYPE Protocol type. 
						

							 System Logs and Error Messages
643  ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
These sections describe log messages that belong to one of the following categories:
•Logs generated by traffic that is meant for the VPN firewall.
•Logs generated by traffic that is routed or forwarded through the VPN firewall.
•Logs generated by system daemons, the NTP daemon, the WAN daemon, and other 
daemons.
For information about how to select many of these logs, see Manage Logging, Alerts, and 
Event Notifications on page 567.
NTP
This section describes log messages generated by the NTP daemon during synchronization 
with the NTP server.
Login and Logout
This section describes logs generated by the administrative interfaces of the device.
Table 14.  System logs: NTP 
Message Nov 28 12:31:13 [FVS336Gv2] [ntpdate] Looking Up time-f.netgear.com
Nov 28 12:31:13 [FVS336Gv2] [ntpdate] Requesting time from time-f.netgear.com
Nov 28 12:31:14 [FVS336Gv2] [ntpdate] Adjust time server 69.25.106.19 offset 
0.140254 sec
Nov 28 12:31:14 [FVS336Gv2] [ntpdate] Synchronized time with 
time-f.netgear.com
Nov 28 12:31:16 [FVS336Gv2] [ntpdate] Date and Time Before Synchronization: 
Tue Nov 28 12:31:13 GMT+0530 2006 
Nov 28 12:31:16 [FVS336Gv2] [ntpdate] Date and Time After Synchronization: Tue 
Nov 28 12:31:16 GMT+0530 2006 
Nov 28 12:31:16 [FVS336Gv2] [ntpdate] Next Synchronization after 2 Hours
Explanation Message 1: DNS resolution for the NTP server (time-f.netgear.com).
Message 2: Request for NTP update from the time server.
Message 3: Adjust time by resetting system time.
Message 4: Display date and time before synchronization, that is, when 
resynchronization started.
Message 5: Display the new updated date and time.
Message 6: Next synchronization will be after the specified time.
Example: In these logs the next synchronization will be after two hours. The 
synchronization time interval is configurable through the CLI.
Recommended action None
Table 15.  System logs: login and logout 
Message Nov 28 14:45:42 [FVS336Gv2] [login] Login succeeded: user admin from 
192.168.10.10
Explanation Login of user admin from host with IP address 192.168.10.10. 
						

							 System Logs and Error Messages
644 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
System Startup
This section describes the log message generated during system startup.
Reboot
This section describes the log message generated during system reboot.
Firewall Restart
This section describes logs that are generated when the VPN firewall restarts.
Recommended action None
Message Nov 28 14:55:09 [FVS336Gv2] [seclogin] Logout succeeded for user admin
Nov 28 14:55:13 [FVS336Gv2] [seclogin] Login succeeded: user admin from 
192.168.1.214
Explanation Secure login or logout of user admin from host with IP address 192.168.1.214.
Recommended action None
Table 16.  System logs: system startup 
Message Jan 1 15:22:28 [FVS336Gv2] [ledTog] [SYSTEM START-UP] System Started
Explanation Log generated when the system is started.
Recommended action None
Table 17.  System logs: reboot 
Message Nov 25 19:42:57 [FVS336Gv2] [reboot] Rebooting in 3 seconds
Explanation Log generated when the system is rebooted from the web management interface.
Recommended action None
Table 18.  System logs: VPN firewall restart 
Message Jan 23 16:20:44 [FVS336Gv2] [wand] [FW] Firewall Restarted
Explanation Log generated when the VPN firewall is restarted.
This message is logged when the VPN firewall restarts after any changes in the 
configuration are applied.
Recommended action None
Table 15.  System logs: login and logout (continued) 
						

							 System Logs and Error Messages
645  ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
IPSec Restart
This section describes logs that are generated when IPSec restarts.
Unicast, Multicast, and Broadcast Logs
ICMP Redirect Logs
Table 19.  System logs: IPSec restart 
Message Jan 23 16:20:44 [FVS336Gv2] [wand] [IPSEC] IPSEC Restarted
Explanation Log generated when the IPSec is restarted.
This message is logged when IPSec restarts after any changes in the configuration 
are applied.
Recommended action None
Table 20.  System logs: unicast 
Message Nov 24 11:52:55 [FVS336Gv2] [kernel] UCAST IN=SELF OUT=WAN SRC=
192.168.10.1 DST=192.168.10.10 PROTO=UDP SPT=800 DPT=2049
Explanation
• This packet (unicast) is sent to the device from the WAN network.
• For other settings, see Table 13 on page 642.
Recommended action None
Table 21.  System logs: unicast, redirect 
Message Feb 2007 22 14:36:07 [FVS336Gv2] [kernel] [LOG_PACKET] SRC=192.168.1.49 
DST=192.168.1.124 PROTO=ICMP TYPE=5 CODE=1
Explanation This packet is an ICMP redirect message sent to the device by another device. For 
other settings, see Table 13 on page
 642.
Recommended action To enable these logs, from the CLI command prompt of the VPN firewall, enter this 
command:
monitor/firewallLogs/logger/loggerConfig logIcmpRedirect 1
And to disable it enter:
monitor/firewallLogs/logger/loggerConfig logIcmpRedirect 0 
						

							 System Logs and Error Messages
646 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
Multicast and Broadcast Logs
WAN Status
This section describes the logs generated by the WAN component. If you have several ISP 
links for Internet connectivity, you can configure the VPN firewall either in auto-rollover or 
load balancing mode.
•Load Balancing 
•Auto-Rollover 
Load Balancing
When the WAN mode is configured for load balancing, all the WAN ports are active 
simultaneously and the traffic is balanced between them. If one WAN link goes down, all the 
traffic is diverted to the other WAN links that are active. 
This section describes the logs generated when the WAN mode is set to load balancing.
Auto-Rollover
When the WAN mode is configured for auto-rollover, the primary link is active and the 
secondary link acts only as a backup. When the primary link goes down, the secondary link 
Table 22.  System logs: multicast and broadcast 
Message Jan 1 07:24:13 [FVS336Gv2] [kernel] MCAST-BCAST IN=WAN OUT=SELF SRC=
192.168.1.73 DST=192.168.1.255 PROTO=UDP SPT=138 DPT=138
Explanation
• This multicast or broadcast packet is sent to the device from the WAN network.
• For other settings, see Table 13 on page 642.
Recommended action None
Table 23.  System logs: WAN status, load balancing 
Message Dec 1 12:11:27 [FVS336Gv2] [wand] [LBFO] Restarting WAN1_
Dec 1 12:11:31 [FVS336Gv2] [wand] [LBFO] Restarting WAN2_
Dec 1 12:11:35 [FVS336Gv2] [wand] [LBFO] WAN1(UP), WAN2(UP)_
Dec 1 12:24:12 [FVS336Gv2] [wand] [LBFO] WAN1(UP), WAN2(DOWN)_
Dec 1 12:29:43 [FVS336Gv2] [wand] [LBFO] Restarting WAN2_
Dec 1 12:29:47 [FVS336Gv2] [wand] [LBFO] WAN1(UP), WAN2(DOWN)_
Explanation Message 1 and Message 2 indicate that both the WANs are restarted.
Message 3: This message shows that both the WANs are up and the traffic is 
balanced between the two WAN interfaces.
Messages 4, 5, and 6: These messages show that one of the WAN links is down 
and that restarting the WAN link does not resolve the situation. At this point, all the 
traffic is directed through the WAN that is up.
Recommended action None 
						

							 System Logs and Error Messages
647  ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
becomes active only until the primary link comes back up. The VPN firewall monitors the 
status of the primary link using the configured WAN failure detection method.
This section describes the logs generated when the WAN mode is set to auto-rollover.
Table 24.  System logs: WAN status, auto-rollover 
Message Nov 17 09:59:09 [FVS336Gv2] [wand] [LBFO] WAN1 Test Failed 1 of 3 times_
Nov 17 09:59:39 [FVS336Gv2] [wand] [LBFO] WAN1 Test Failed 2 of 3 times_
Nov 17 10:00:09 [FVS336Gv2] [wand] [LBFO] WAN1 Test Failed 3 of 3 times_
Nov 17 10:01:01 [FVS336Gv2] [wand] [LBFO] WAN1 Test Failed 4 of 3 times_
Nov 17 10:01:35 [FVS336Gv2] [wand] [LBFO] WAN1 Test Failed 5 of 3 times_
Nov 17 10:01:35 [FVS336Gv2] [wand] [LBFO] WAN1(DOWN), WAN2(UP), 
ACTIVE(WAN2)_
Nov 17 10:02:25 [FVS336Gv2] [wand] [LBFO] WAN1 Test Failed 6 of 3 times_
Nov 17 10:02:25 [FVS336Gv2] [wand] [LBFO] Restarting WAN1_
Nov 17 10:02:57 [FVS336Gv2] [wand] [LBFO] WAN1 Test Failed 7 of 3 times_
Nov 17 10:03:27 [FVS336Gv2] [wand] [LBFO] WAN1 Test Failed 8 of 3 times_
Nov 17 10:03:57 [FVS336Gv2] [wand] [LBFO] WAN1 Test Failed 9 of 3 times_
Nov 17 10:03:57 [FVS336Gv2] [wand] [LBFO] Restarting WAN1_
Explanation The logs suggest that the failover was detected after 5 attempts instead of 3. 
However, the reason that the messages appear in the log is because of the WAN 
state transition logic, which is part of the failover algorithm. These logs can be 
interpreted as follows: 
The primary link failure is correctly detected after the third attempt. Thereafter, the 
algorithm attempts to restart the WAN connection and checks once again to 
determine if WAN1 is still down. This results in the fourth failure detection 
message. If it is still down, then it starts a secondary link, and once the secondary 
link is up, the secondary link is marked as active. Meanwhile, the primary link has 
failed once more, and that results in the fifth failure detection message. Note that 
the fifth failure detection message and the message suggesting that the secondary 
link is active have the same time stamp, and so they happen in the same algorithm 
state–machine cycle. So although it appears that the failover did not happen 
immediately after 3 failures, internally, the failover process is triggered after the 
third failure, and transition to the secondary link is completed by the fifth failure. 
The primary link is also restarted every 3 failures till it is functional again. In these 
logs, the primary link was restarted after the sixth failure, that is, 3 failures after the 
failover process was triggered.
Recommended action Check the WAN settings and WAN failure detection method configured for the 
primary link. 
						

							 System Logs and Error Messages
648 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 
PPP Logs
This section describes the WAN PPP connection logs. The PPP type can be configured from 
the web management interface (see Manually Configure a PPPoE IPv4 Internet Connection 
on page  39).
•PPPoE idle time-out logs
Table 25.  System logs: WAN status, PPPoE idle time-out 
Message Nov 29 13:12:46 [FVS336Gv2] [pppd] Starting connection
Nov 29 13:12:49 [FVS336Gv2] [pppd] Remote message: Success
Nov 29 13:12:49 [FVS336Gv2] [pppd] PAP authentication succeeded
Nov 29 13:12:49 [FVS336Gv2] [pppd] local IP address 50.0.0.62
Nov 29 13:12:49 [FVS336Gv2] [pppd] remote IP address 50.0.0.1
Nov 29 13:12:49 [FVS336Gv2] [pppd] primary DNS address 202.153.32.3
Nov 29 13:12:49 [FVS336Gv2] [pppd] secondary DNS address 
202.153.32.3
Nov 29 11:29:26 [FVS336Gv2] [pppd] Terminating connection due to lack 
of activity.
Nov 29 11:29:28 [FVS336Gv2] [pppd] Connect time 8.2 minutes.
Nov 29 11:29:28 [FVS336Gv2] [pppd] Sent 1408 bytes, received 0 bytes.
Nov 29 11:29:29 [FVS336Gv2] [pppd] Connection terminated.
Explanation Message 1: PPPoE connection started.
Message 2: Message from PPPoE server for correct login.
Message 3: Authentication for PPP succeeded.
Message 4: Local IP address assigned by the server. 
Message 5: Server side IP address. 
Message 6: The primary DNS server that is configured on the WAN ISP 
Settings screen.
Message 7: The secondary DNS server that is configured on the WAN ISP 
Settings screen.
Message 8: The PPP link has transitioned to idle mode. This event occurs 
if there is no traffic from the LAN network.
Message 9: The time in minutes for which the link is up.
Message 10: Data sent and received at the LAN side while the link was up.
Message 11: PPP connection terminated after idle time-out.
Recommended action To reconnect during idle mode, initiate traffic from the LAN side.