Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS 6.3] What are the actual traps that fall under the trap types that are mentioned in the ScreenOS C & E guide?



Article ID: KB27397 KB Last Updated: 18 Feb 2021Version: 3.0
This article provides information about the different firewall traps and their associated trap types for ScreenOS version 6.3.
The following table in the Concepts & Examples (C&E) guide lists the possible alarm types and their associated trap numbers. What are the actual alarm traps that fall under each trap type?

Trap Enterprise ID Description:
  • 100 Hardware problems
  • 200 Firewall problems
  • 300 Software problems
  • 400 Traffic problems
  • 500 VPN problems
  • 600 NSRP problems
  • 800 DRP problems
  • 900 Interface failover problems
  • 1000 Firewall attacks
For ScreenOS version 6.3 traps, refer to the 6.3 MIBs file link:
The zip file contains the NS-TRAPS.MIB; which, when it is opened with a text editor or SNMP software, displays all the traps.
Trap Types 100 through 1000:

Hardware related alarms 100

device-dead(19) device not working
low-memory(20) memory low
generic-HW-fail(22) Fan, Power Supply failure
cpu-usage-high(30) CPU usage is high
rxbd-low-alarm(39) driver's rx bd shortage
wan-card-function(92) Card function is abnormal

 [back to top]

Security related alarms 200


User Authentication Fail

winnuke(4) Winnuke pak
syn-attack(5) Syn attack
tear-drop(6) tear-drop attack
ping-death(7) Ping of Death attack
ip-spoofing(8) IP spoofing attack
ip-src-route(9) IP source routing attack
land(10) land attack
icmp-flood(11) ICMP flooding attack
udp-flood(12) UDP flooding attack
port-scan(16) Port Scan attack
addr-sweep(17) address sweep attack  
policy-deny(18) Deny by policy attack 
ids-component(400) block java/active-x component
ids-icmp-flood(401) icmp flood attack
ids-udp-flood(402) udp flood attack
ids-winnuke(403) winnuke attack
ids-port-scan(404) port scan attack
ids-addr-sweep(405) address sweep attack
ids-tear-drop(406) tear drop attack
ids-syn(407) syn flood attack
ids-ip-spoofing(408) ip spoofing attack
ids-ping-death(409) ping of death attack
ids-ip-source-route(410) filter ip packet with source route option
ids-land(411) land attack
syn-frag-attack(412) screen syn fragment attack
tcp-without-flag(413) screen tcp packet without flag attack
unknow-ip-packet(414) screen unknown ip packet 
bad-ip-option(415) screen bad ip option
ids-block-zip(431) HTTP component blocking for .zip files
ids-block-jar(432) HTTP component blocking for Java applets
ids-block-exe(433) HTTP component blocking for .exe files
ids-block-activex(434) HTTP component blocking for ActiveX controls
attact-malicious-url(32) Microsoft IIS server vulnerability
session-threshold(33) session threshold is exceeded
vpn-replay-attack(42) VPN replay detected
tcp-syn-mac(435) screenos tcp syn mac
ids-nac-attack(436) screenos nac attack
tcp-sweep(442) tcp sweep
udp-sweep(443) udp sweep

Software related  alarms 300

illegal-cms-svr(13) Illegal server IP to connect to CMS port 
url-block-srv(14) URL blocking server connection alarm
dns-srv-down(21) DNS server unreachable
lb-srv-down(23) Load balance server unreachable
log-full(24) log buffer overflow  
x509(25) X509 related  
vpn-ike(26) VPN and IKE related
admin(27) admin related
sme(28) Illegal src ip to connect to sme port
dhcp(29) DHCP related
ip-conflict(31) Interface IP conflict
ssh-alarm(34) SSH related alarms  
allocated-session-threshold(51) allocated session exceed threshold 
audit-storage(35) Audit storage related alarms
trackip-status(66) track ip status related alarm
di-heap-create-fail(80) MEM cannot find usable memory for current pool
mem-alloc-fail(81) MEM cannot find usable in any pool
mcast-base(600) starting value for multicast alarm
mcore-alarm(601) mcore related alarm
spim-alarm(602) spim related alarm
attact-malicious-url(32) Microsoft IIS server vulnerability
session-threshold(33) session threshold is exceeded
vpn-replay-attack(42) VPN replay detected
av-csp-alarm(52) av-csp related alarm
av-alarm(53) av related alarm
vrrp-status-alarm(82) VRRP status related alarm
sccp-alarm(83) SCCP related alarm
mgcp-reinit(84) MGCP related alarm
mlfr-alarm(85) MLFR related alarm
fr-alarm(86) FR related alarm
cisco-hdlc-alarm(87) CISCO HDLC related alarm
pppow-alarm(88) PPPOW related alarm
h323-alarm(89) H323 related alarm
isdn-alarm(90) ISDN related alarm
dot1x-alarm(105) DOT1X related alarm

Traffic Alarms 400  

traffic-sec(1) Traffic per-second threshold
traffic-min(2) Traffic per-minute threshold
sec-potential-violation(805) Flow potential violation
flow-sess-cache(806) Flow session cache alarm

VPN Alarms 500  

vpn-tunnel-up(40) VPN tunnel from down to up   
vpn-tunnel-down(41) VPN tunnel from up to down
vpn-l2tp-tunnel-remove(43) VPN tunnel removed
vpn-l2tp-tunnel-remove-err(44) VPN tunnel removed and error detected
vpn-l2tp-call-remove(45) VPN call removed
vpn-l2tp-call-remove-err(46) VPN call removed and error detected
vpn-ias-radius-error(110) VPN IAS radius error
vpn-ikeid-enum-attack(111) VPN IKEID enum attack
vpn-softlimit-reached(112) VPN soft limit reached
vpn-ikedos-attack(113) VPN IKE dos attack
vpn-acvpn-profile-error(114) VPN acvpn profile error

NSRP Alarms 600   

nsrp-rto-up(60)  NSRP rto self unit status change from up to down
nsrp-rto-down(61) NSRP rto self unit status change from down to up   
NSRP track ip success
nsrp-trackip-failed(63) NSRP track ip failed
nsrp-trackip-failover(64) NSRP track ip fail over
nsrp-inconsistent-configuration(65) NSRP inconsistent configuration between primary and backup
nsrp-vsd-init(70) NSRP vsd  group status change to elect
nsrp-vsd-master(71) NSRP vsd  group status change to primary
NSRP vsd  group status change to primary backup
nsrp-vsd-backup(73) NSRP vsd  group status change to backup
nsrp-vsd-ineligible(74) NSRP vsd  group status change to ineligible
NSRP VSD group status change to inoperable
nsrp-vsd-req-hearbeat-2nd(76) NSRP VSD request heartbeat from 2nd HA path
nsrp-vsd-reply-2nd(77) NSRP VSD reply to 2nd path request
nsrp-rto-duplicated(78) NSRP duplicated RTO group found
ip-dup-master(79) NSRP duplicated VSD group primary

Drp Alarms 800  

route-alarm(205)   Errors in route module (exceed limit, malloc failure, add-prefix failure etc)
osfp-flood(206)  LSA/Hello packets flood in OSPF, route redistribution exceed limit
rip-flood(207) Update packet floods in RIP
ripng-flood(227) packet floods in RIPng
route-ripng-update-flood(228) exceed the update4 packet threshold per update time in RIPng
pbr-alarm(229) PBR related alarm
nhrp-alarm(230) NHRP related alarm
ospfv3-alarm(231) OSPFV3 related alarm

Interface Failover Alarms 900  

nsrp-trackip-failover(64) NSRP track ip fail over
interface-backup(91) interface backup

IDP Alarm 1000

Interface Failover Alarms 900  

sm-cpu-unresponsive(704) Security Module CPU unresponsive detected
sm-down(701) Security Module down detected
sm-packet-drop(702) Security Module packet dropped detected

If the box is running Screen OS version 6.2, please refer to: KB7990: [ScreenOS] What are the actual traps that fall under the trap types that are mentioned in the ScreenOS C & E guide?
Modification History:
2021-02-18: minor non-technical edits.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search