Focus

Prisma SD-WAN Administrator’s Guide

Alert and Alarm Event Codes

Table of Contents

Alert and Alarm Event Codes

Learn more about the alert and alarm event codes generated in Prisma SD-WAN.

The following tables describe a list of event or alarm codes, the event origin, its severity, and a description of each event as per the event category.

Table 1
Table 2
Table 3
Table 4
Table 5
Table 6
Table 7
Table 8

**Event Category-Device**
ALARM CODE	EVENT ORIGIN	ALARM /ALERT	SEVERITY	EVENT TITLE	EVENT DESCRIPTION	RELEASE INTRODUCED
DEVICEIF_IPV6_ADDRESS_DUPLICATE	Device	ALARM	Major	Duplicate IPv6 address	Another device in the local network is using an IPv6 address assigned to this device.	6.1.1
DEVICEHW_ DISKUTIL_ FRUSSD	Device	ALARM	MAJOR	FRU SSD Unavailable	Logs and core files are normally stored on separate media on this platform. That media is not currently available. Contact Palo Alto Networks Support.	6.2.1
DEVICEHW_ DISKENC_ SYSTEM	Device	ALARM	Critical	Disk Encryption Upgrade Failure.	One of the disk partitions failed to convert into an encrypted partition during the last device upgrade.	4.5.1
DEVICEHW_ DISKUTIL_ PARTITIONSPACE	Device	ALARM	Major	High Disk Capacity Utilization.	Disk Storage Utilization on a device has reached 85% capacity. Noncritical functions, including logging and statistics export may be impacted.	4.5.1
DEVICEHW_ INTERFACE_ ERRORS	Device	ALERT	Major	High rate of errors on the interface.	Number of transmission and/or reception errors seen on an interface over the last one hour period has exceeded the threshold. The threshold is 0.5% of received or transmitted packet count in the same one hour period.	4.5.1
DEVICEHW_ INTERFACE_ HALFDUPLEX	Device	ALARM	Major	Interface running in half-duplex mode.	An interface has negotiated half duplex, although it is allowed to run in full duplex, which is preferred.	4.5.1
DEVICEHW_ INTERFACE_DOWN	Device	ALARM	Major	Interface Down.	A configured Admin-Up interface is not receiving a signal or experiencing an error that has caused lack of data flow through that interface. `Release 5.4.1` onward, when DEVICEHW_INTERFACE_DOWN alarm is raised, it also shows Related Faults. These faults are caused due to this alarm which can be NETWORK_SECUREFABRICLINK_DEGRADED or NETWORK_SECUREFABRICLINK_DOWN.	4.5.1
DEVICEHW_ MEMUTIL_ SWAPSPACE	Device	ALARM	Critical	High Memory Utilization.	Memory utilization on a device has reached maximum capacity forcing use of disk based swap space. Sub-optimal performance impact device functions.	4.5.1
DEVICEHW_ POWER_LOST	Device	ALARM	Major	Power Lost.	Power supply unit is reporting loss of power, possibly due to failure or unplugged power cable.	4.5.1
DEVICEHW_POWER_MISSING	Device	ALARM	MAJOR	Power Supply Missing	If PSU is missing or AC voltage is not detected in ION 5200 and 9200, Power Missing alarm with reason psu_not_present and ac_lost respectively is raised.	6.4.1
DEVICEHW_ TEMPERATURE_ SENSOR	Device	ALARM	MAJOR	Operating temperature beyond threshold	One or more thermal sensors has reported temperature beyond operationally safe threshold. Please monitor device temperature activity chart. If the condition persists, the device will shutdown. This will require manual intervention to turn the device back up.	6.2.1
DEVICEIF_ ADDRESS_ DUPLICATE	Device	ALERT	Major	Interface Duplicate Address.	Another device in the local network is using an IP address assigned to this device.	4.5.1
DEVICESW_ CONCURRENT_ FLOWLIMIT_ EXCEEDED	Device	ALARM	Critical	Concurrent flow limit.	The system has reach edits allowed max concurrent flow limit.	4.5.1
DEVICESW_ CONCURRENT_ FLOW_ SOFTLIMIT_ EXCEEDED	Device	ALERT	Minor	Concurrent flow soft limit.	The system reached its 75% of the max concurrent flow limit.	6.2.1
DEVICESW_IMAGE _UNSUPPORTED	Controller	ALARM	Critical	Unsupported Software Image	Device's software image is not recognized by the controller. The software version may not be allowed in the network or may no longer exist.
APPLICATION_ PROBE_DISABLED	Device	ALARM	Major	Application Probe Disabled	Application probes are disabled either due to incomplete configuration or invalid state. Device will no longer issue application probe to detect application reachability unless the issue is resolved. Consequently, if application probes are disabled then application will no longer switch to alternative paths in case it fails on its current path.
DEVICESW_ CRITICAL_ PROCESSRESTART	Device	ALERT	Critical	Critical Process Restart.	A critical software process on the device has restarted either due to an error or as a self recovery method. Process restart as a self-recovery does not impact long-term functions on the device but can cause short term sub-optimal data plane functions and errors.	4.6.1
DEVICESW_ CRITICAL_ PROCESSSTOP	Device	ALARM	Critical	Critical Process Stopped.	A critical software process on the device has stopped due to an error and is unable to recover with a self restart. Impacts data forwarding functionality.	4.6.1
DEVICESW_ DHCPRELAY_ RESTART	Device	ALERT	Minor	DHCP relay agent restarted.	DHCP relay agent on a device has restarted and recovered from an error.	4.4.1
DEVICESW_ DHCPSERVER_ ERRORS	Device	ALARM	Critical	DHCP server failed to start.	DHCP server listening on physical interfaces failed to start due to the following reasons: DHCP server configuration error. Lack of active ION device interface with static IP configuration. Internal errors on the ION device.	4.4.1
DEVICESW_ DHCPSERVER_ RESTART	Device	ALERT	Minor	DHCP server restarted.	DHCP server listening on physical interfaces has restarted and recovered from an error.	4.4.1
DEVICESW_ DISCONNECTED_ FROM_ CONTROLLER	Device	ALARM	Major	Device disconnected from Controller	`Release 5.4.1 and later` Device has remained disconnected from the controller for a prolonged duration. The alarm hold time has been reduced to 10 minutes. `Releases prior to Release 5.4.1` the hold time was 30 minutes.	5.0.3
DEVICESW_FPS_ LIMIT_ EXCEEDED	Device	ALARM	Major	Flows Per Second limit.	The system has reached its allowed flows per second limit.	4.5.1
DEVICESW_ GENERAL_ PROCESSRESTART	Device	ALERT	Minor	Process Restart.	A software process on the device has restarted either due to an error or self-recovery method. Process restart as self recovery does not impact long-term functions on the device. However, it can cause short-term sub-optimal functions and errors.	4.5.1
DEVICESW_ GENERAL_ PROCESSSTOP	Device	ALARM	Major	Process Stopped.	A software process on the device has stopped due to an error and is unable to recover with a self-restart. Impacts the Functionality.	4.5.1
DEVICESW_ INITIATED_ CONNECTION_ON_ EXCLUDED_PATH	Device	ALARM	Major	Device Initiated Connection on excluded path.	Due to the lack of any other available interface, established a device initiated controller connection from an excluded interface as a last resort.	5.4.3
DEVICESW_LICENSE_ VERIFICATION_ FAILED	Device	ALARM	Critical	Virtual ION license verification failed.	The license is no longer valid. The maximum ION device deployment limit is reached.	4.5.1
DEVICESW_ MONITOR_ DISABLED	Device	ALARM	Major	System Monitoring Disabled	A software process that monitors the health of device and its hardware or software components is disabled.	4.5.1
DEVICESW_NTP_ NO_SYNC	Device	ALARM	Major	NTP synchronization failed.	Device NTP has been unreachable for more than 24 hours.	4.6.1
DEVICESW_SNMP_ AGENT_ RESTART	Device	ALERT	Minor	SNMP	SNMP agent on a device has restarted.	4.5.1
DEVICESW_ SNMP_ AGENT_FAILED_ TO_START	Device	ALERT	Major	SNMP Agent failed to start.	SNMP Agent failed to start due to either invalid configuration or decryption failure.	5.2.1
DEVICESW_ SYSTEM_BOOT	Device	ALERT	Critical	Device Reboot.	Device rebooted either due to recovery from an alarm condition or as part of normal operations, including user initiated reboots and software upgrades. Reboots due to alarm conditions can cause sub-optimal or significantly reduced functionality on the device.	4.5.1
DEVICESW_ TOKEN_ VERIFICATION_ FAILED	Device	ALERT	Critical	Virtual ION token validation failed.	The token is no longer valid. It is currently utilized, expired, or revoked.	4.5.1
DEVICESW_ CONNTRACK_ FLOWLIMIT_ EXCEEDED	Device	ALARM	Critical	Conntrack table flow count exceeded threshold.	Number of flows in the connection tracking table that are used for features such as NAT and device management policy has exceeded 90% threshold.	5.2.1
DEVICESW_ IPFIX_ COLLECTORS_DOWN	Device	ALARM	Major	IPFIX collectors down	The IPFIX export process observes that there are no active connections to the IPFIX collectors. The process will continue to monitor the connection status and resume export of the IPFIX records once the connection is re-established.	5.5.1
DEVICESW_ SYSLOGSERVERS_ DOWN	Device	ALARM	Minor	Syslog Export Down	A Syslog Export daemon failed to connect with remote syslog server.	5.6.1
DEVICESW_ ANALYTICS_ DISCONNECTED_ FROM_CONTROLLER	Controller	ALARM	Minor	Device analytics disconnected from Controller	Device analytics has remained disconnected from the Controller for a prolonged duration.	5.6.1
DEVICESW_FLOWS_ DISCONNECTED_ FROM_CONTROLLER	Controller	ALARM	Minor	Device flows disconnected from Controller	Device flows has remained disconnected from the Controller for a prolonged duration.	5.6.1
NAT_POLICY_ STATIC_NATPOOL_ OVERRUN	Device	ALARM	Minor	Static NAT pool range is overrun by selector prefix.	Configured NAT pool range cannot map 1:1 with matching traffic selector prefix.	5.2.1

**Event Category-Network**
ALARM CODE	EVENT ORIGIN	ALARM /ALERT	SEVERITY	EVENT TITLE	EVENT DESCRIPTION	RELEASE INTRODUCED
DEVICESW_ INITIATED_ CONNECTION_ON_ EXCLUDED_PATH	Device	ALARM	Major	Device Initiated Connection on excluded path.	Device Initiated Connection on excluded interface.	5.4.3
HUB_CLUSTER_SITE_COUNT_THRESHIOLD_EXCEEDED	Controller	ALARM	Major	Hub Cluster Branch Count Limit Exceeded	The maximum number of branches allowed on hub cluster have been exceeded.	6.1.1
NETWORK_ SECUREFABRICLINK _DEGRADED	Controller	ALARM	Minor	Secure Fabric Link is degraded with atleast 1 VPN link UP from the active spoke and 1 or more VPN links DOWN from the active SPOKE.	Secure Fabric Link is degraded with atleast 1 VPN link up from the active spoke and 1 or more VPN links down from the active spoke. The alarm also displays the reasons for the VPN failure and the root cause alarms found. Following the controller upgrade to 5.4.1 there will be immediate changes to alarms, including standing VPN related alarms that will no longer be visible, by default. If you interact with the events API programmatically, you must modify the scripts because the VPN alarms are replaced with a new alarm category. When querying for events using the API, replace the code for NETWORK_SECUREFABRICLINK_DEGRADED with NETWORK_ANYNETLINK_DEGRADED. Click here to know more about the API changes.	5.4.1
NETWORK_ SECUREFABRICLINK _DOWN	Controller	ALARM	Major	Secure Fabric Link is down with all VPN Links DOWN from the active spoke.	Secure Fabric Link is down with all VPN links down from the active spoke. The alarm also displays the reasons for the VPN failure and the root cause alarms found. Following the controller upgrade to 5.4.1 there will be immediate changes to alarms, including standing VPN related alarms that will no longer be visible, by default. If you interact with the events API programmatically, you must modify the scripts because the VPN alarms are replaced with a new alarm category. When querying for events using the API, replace the code for NETWORK_SECUREFABRICLINK_DOWN with NETWORK_ANYNETLINK_DOWN. Click here to know more about the API changes.	5.4.1
NETWORK_ DIRECTINTERNET _DOWN	Device	ALARM	Major	Direct Internet Reachability Down.	For remote office or branch sites, reachability on an internet circuit is down. If there are no alternate paths in application policy, the alarm indicates that traffic is impacted and must be attended to immediately. `Release 5.4.1 and later` When NETWORK_DIRECTINTERNET_DOWN alarm is raised, it also shows related faults. These faults are caused due to this alarm which can be NETWORK_SECUREFABRICLINK_DEGRADED or NETWORK_SECUREFABRICLINK_DOWN.	4.5.1
NETWORK_ DIRECTPRIVATE _DOWN	Device	ALARM	Major	Private WAN Reachability Down.	For remote office or branch sites, all data center sites with the ION 7000 deployed are unreachable on the private WAN. If there are no alternate paths configured in application policy, the alarm indicates that traffic is impacted and must be attended to immediately. `Release 5.4.1 and later` When NETWORK_DIRECTPRIVATE_DOWN alarm is raised, it also shows related faults. These faults are caused due to this alarm which can be NETWORK_SECUREFABRICLINK_DEGRADED or NETWORK_SECUREFABRICLINK_DOWN.	4.5.1
NETWORK_ PRIVATEWAN_ DEGRADED	Device	ALARM	Major	Private WAN Degraded.	For data center sites, a subset of IP prefixes from one or more remote sites are determined to be unreachable over the private WAN based on routing updates received from the network.	4.5.1
NETWORK_ PRIVATEWAN_ UNREACHABLE	Device	ALARM	Major	Private WAN Unreachable.	For data center sites, one or more remote offices declared unreachable over the private WAN based on routing updates received from the network. If this alarm occurred due to WAN edge peering failure PEERING_EDGE_DOWN ALARM(s) is also raised.	4.5.1
PEERING_BGP_ DOWN	Device	ALARM	Critical	BGP Peer Down.	Routing peer session is down. If alternate paths are available traffic is not affected; else the fault is critical.	5.0.3
NETWORK_ STANDARD_ VPN_ENDPOINT _DOWN	Controller	ALARM	Major	Standard VPN Endpoint Down.	Multiple service link interfaces connecting to a service endpoint are down.	5.6.1
NETWORK_VPNKEK_UNAVAILABLE	Device	ALARM	Minor	Key Encryption Key (KEK) is not available.	This fault is generated when Key Encryption Key (KEK) required to decrypt shared secrets for VPN link is not available. The controller issues a KEK along with shared secrets. If the communication between the controller and the device is down for more than three days, this can happen.
NETWORK_ VPNLINK_DOWN	Device	ALARM	Major	VPN Link Down	A VPN Link connecting two sites is down. If the VPN Link is the only link between the two sites, VPN based connectivity between those sites has been impacted. If alternate VPN Links exist between the two sites, connectivity and capacity is available between the sites; however additional VPN Link failures between the two sites may impact traffic.
NETWORK_ VPNPEER_ UNAVAILABLE	Device	ALARM	Minor	VPN Peer Down	A peer instance on other side of a VPN Link of a remote office (branch) has been declared to be down. This fault will typically be seen along with one of [NETWORK_VPNLINK_DOWN, PEERING_CORE_DOWN, DEVICESW_GENERAL_PROCESSSTOP] faults that identify the likely root cause.
NETWORK_ VPNSS_ UNAVAILABLE	Device	ALARM	Minor	VPN Shared Secret Unavailable	Shared secret required to establish a VPN Link is not available. The Prisma SD-WAN controller pre-issues a certain number of shared secrets (3 days worth by default). If the communication between the Prisma SD-WAN Controller and the device is down for 3 days or more, then this fault is raised.
NETWORK_ VPNPEER_ UNREACHABLE	Device	ALARM	Minor	VPN Peer Unreachable	Control communication could not be established with the VPN Peer. Common reasons include (a) IP Address mis-configuration, (b) NAT misconfiguration or (c) a firewall which is blocking port 4500 traffic as UDP port 4500 is used for control communication between the two VPN Peers.
NETWORK_ VPNSS_ MISMATCH	Device	ALARM	Minor	VPN Shared Secret Mismatch	VPN Peers could not agree on a shared secret. Usually happens when (a) one of the devices is not able to contact the Prisma SD-WAN Controller and retrieve the shared secret corresponding to the time window when the fault was raised or (b) the clocks on the VPN Peer devices are out of sync.
NETWORK_ VPNBFD_DOWN	Device	ALARM	Minor	VPN Liveliness Down	VPN Link liveliness is monitored through BFD heartbeats. This fault indicates that the VPN Link went down because the BFD heartbeats failed. If this is a temporary network failure then the VPN Link will come back up once the network is restored. If the fault continues to stay on then check for network availability.
SITE_ CONNECTIVITY_ DOWN	Controller	ALARM	Critical	Site Connectivity Down	At the Branch, alarm is raised when the site cannot connect to controller or any remote branch or data center. Suppressed Alarms at the Branch site: DEVICESW_DISCONNECTED_FROM_CONTROLLERNETWORK_SECUREFABRICLINK_DOWN The following alarms are suppressed only if they were received by the controller before the site connectivity was lost:DEVICEHW_INTERFACE_DOWNNETWORK_DIRECTINTERNET_DOWNNETWORK_DIRECTPRIVATE_DOWN At the Data Center, alarm is raised when all the remote sites are unreachable. Suppressed Alarms at the Data Center site: DEVICESW_DISCONNECTED_FROM_CONTROLLERNETWORK_SECUREFABRICLINK_DOWN	5.5.1
SITE_CIRCUIT_ ABSENT_ FOR_POLICY	Controller	ALARM	Major	Path label used in policy is missing on site.	One or more path labels (public-, private-, public-[1-32], private-[1-32]) used in policy not assigned to any site WAN interface at the site.	4.5.1
SITE_NETWORK_ SERVICE_ABSENT_ FOR_POLICY	Controller	ALARM	Major	Policy DC Group Missing Service Endpoint.	One or more DC groups used in the policy has not been assigned a valid service endpoint for the domain bound to the identified site.	5.4.1
SITE_ CONNECTIVITY_ DEGRADED	Controller	ALARM	Major	Site connectivity degraded	Branch site connectivity is degraded due to one or more secure fabric links down, Layer 3 reachability is down or service link is down. Suppressed Alarms: NETWORK_DIRECTINTERNET_DOWNNETWORK_DIRECTPRIVATE_DOWNNETWORK_SECUREFABRICLINK_DOWNNETWORK_SECUREFABRICLINK_DEGRADEDDEVICEHW_INTERFACE_DOWN	5.5.1

**Event Category-Policy**
ALARM CODE	EVENT ORIGIN	ALARM /ALERT	SEVERITY	EVENT TITLE	EVENT DESCRIPTION	RELEASE INTRODUCED
FLAP_RATE_ EXCEEDED	Controller	ALARM	Major	Flap Rate Exceeded	Alarm is raised when an entity flaps more than the rate configured in the flap rule.	5.5.1
NAT_POLICY_ LEGACY_ALG_ CONFIG_OVERRIDE	Device	ALERT	Major	NAT policy ALG action overridden by legacy configuration.	ALG action configured in the NAT policy has been overridden by legacy configuration present on the device.	5.2.1
NETWORK_ POLICY_RULE_ CONFLICT	Device	ALARM	Minor	Network policy rule conflict.	Two or more policy rules conflict in a policy set, resulting in an incorrect policy applied to some flows.	5.0.1
NETWORK_POLICY_ RULE_DROPPED	Device	ALARM	Major	Network policy rule dropped.	Network policy configuration contains rules with too many permutations causing resources to exceed the operational limits. Some rules are dropped from the policy so that the limits are not exceeded. As a result, desired policy actions may not be applied in some cases.	5.0.1
PRIORITY_POLICY_ RULE_CONFLICT	Device	ALARM	Minor	Priority policy rule conflict.	Two or more policy rules conflict in a priority policy set, potentially resulting in an incorrect policy applied to some flows.	5.0.1
PRIORITY_POLICY_ RULE_DROPPED	Device	ALARM	Major	Priority policy rule dropped.	Priority policy configuration contains rules with too many permutations causing resources to exceed the operational limits. Some rules are dropped from the policy so that the limits are not exceeded. As a result, desired policy actions may not be applied in some cases.	5.0.1
SECURITY_POLICY_ RULE_ INCOMPLETE	Device	ALARM	Critical	The security policy rule configuration is incomplete.	The security policy rule configuration is incomplete. In this case the security policy rule is skipped.	5.4.3
SECURITY_POLICY_ LIMITS_EXCEEDED	Device	ALARM	Critical	The security policy stack exceeds resource limits	The resources need to be installed in security policy stack as it exceeds the system limits. Security policy will not be installed. Element will have no security policy until the condition exists.	5.6.1

**Event Category-Spoke HA**
ALARM CODE	EVENT ORIGIN	ALARM /ALERT	SEVERITY	EVENT TITLE	EVENT DESCRIPTION	RELEASE INTRODUCED
SPOKEHA_ CLUSTER _DEGRADED	Controller	ALARM	Major	Spoke cluster operating in a degraded state.	One of the devices in the cluster has failed and is incapable of becoming active if the current active device fails.	5.1.1
SPOKEHA_ CLUSTER _DOWN	Controller	ALARM	Critical	Spoke cluster operation is down.	Both devices in the cluster have failed, therefore affects the network connectivity to the site.	5.1.1
SPOKEHA_ MULTIPLE _ACTIVE_ DEVICES	Controller	ALARM	Critical	More than one device is active in the spoke cluster.	Both devices in the cluster have declared themselves to be active. This situation happens when the devices in the cluster are not able to communicate with each other. Affects the network connectivity to the site.	5.1.1
SPOKEHA_STATE _UPDATE	Device	ALERT	Major	Device state changes in spoke cluster.	Device changed its state from active to backup or backup to active. If the device changed its state to backup, and there is no other device eligible to become active, this affects the network connectivity at the site.	5.1.1

**Event Category-Application**
ALARM CODE	EVENT ORIGIN	ALARM /ALERT	SEVERITY	EVENT TITLE	EVENT DESCRIPTION	RELEASE INTRODUCED
APPLICATION_ CUSTOM_RULE_ CONFLICT	Device	ALARM	Minor	Custom application rule conflict.	Custom application configuration contains rules that overlap, and therefore, a clear choice cannot be made.	4.5.1

**Event Category-AAA**
ALARM CODE	EVENT ORIGIN	ALARM /ALERT	SEVERITY	EVENT TITLE	EVENT DESCRIPTION	RELEASE INTRODUCED
OPERATOR_ SIGNUP_ TOKEN_DISABLED	Controller	ALERT	Minor	User Signup Disabled.	A new user that was issued a sign up token to self-complete the sign up process failed multiple times by using a wrong combination of the sign up token and unique ID supplied by the administrator. The same sign up process failure can occur if an existing user forgets his/her password and is required to self complete the password reset process.	4.5.1

**Cellular Category**
ALARM CODE	EVENT ORIGIN	ALARM /ALERT	SEVERITY	EVENT TITLE	EVENT DESCRIPTION	RELEASE INTRODUCED
DEVICE_ CELLULAR_ ROAMING	Device	Alert	Major	Cellular Carrier Change	A software process responsible for cellular link support observed a change in carrier.	5.6.1
DEVICE_ CELLULAR_ SIM_ REMOVAL	Device	Alert	Major	SIM Presence Status Change	A software process responsible for cellular link support detected insertion or removal of a SIM card.	5.6.1
DEVICE_ CELLULAR_ SIM_ SWITCHOVER	Device	Alert	Major	SIM Switchover Status Change	A software process responsible for cellular link support detected a switch-over from one SIM card to another.	5.6.1
DEVICE_ CELLULAR_ SIGNAL_ STRENGTH_THRESH	Device	Alert	Major	Cellular Signal Strength	A software process responsible for cellular link support detected a change in signal strength below acceptable limits.	5.6.1
DEVICE_ CELLULAR_ INTERNAL_MODEM_ ERROR	Device	Alarm	Critical	Cellular Modem Error	A software process responsible for cellular link support detected an internal error in the modem.	5.6.1
DEVICE_ CELLULAR_ SIM_PIN_ERROR	Device	Alarm	Critical	SIM PIN	A software process responsible for cellular link support detected a locked SIM card requiring a correct PIN.	5.6.1
DEVICE_ CELLULAR_ SIM_PUK_ NEEDED	Device	Alarm	Critical	SIM PUK	Incorrect SIM PIN was used three times to unlock the SIM card. PUK required to try PIN again.	5.6.1
DEVICE_ CELLULAR_ MODEM_TEMP_ HIGH	Device	Alarm	Minor	High Modem Temperature	A software process responsible for cellular link support received a notification from the cellular modem indicating high operating temperature.	5.6.1
DEVICE_ CELLULAR_ MTU_MISMATCH	Device	Alert	Minor	Cellular MTU Mismatch	Carrier negotiated MTU is lower than the configured MTU for a cellular interface.	5.6.1
DEVICE_ CELLULAR_ SIM_SECURITY_ ERROR	Device	Alert	Minor	Cellular SIM security error	SIM security operation failure.	5.6.1
DEVICE_ CELLULAR_ FIRMWARE_ NOT_AVAILABLE	Device	Alert	Major	Cellular Firmware Not available	Supported Firmware not available.	5.6.1
DEVICE_ CELLULAR_ MODEM_ DETECTION_ERROR	Device	Alarm	Critical	Cellular modem detection	A software process responsible for cellular link support was unable to detect the cellular modem.	5.6.1
DEVICE_ CELLULAR_ TECH_CHANGE	Device	Alert	Minor	Technology change	A software process responsible for cellular link support detected a change in technology mode.	5.6.1

**Switch Port and RADIUS Server Alarms**
ALARM CODE	EVENT ORIGIN	ALERT/ ALARM	SEVERITY	EVENT TITLE	EVENT DESCRIPTION	RELEASE INTRODUCED
DEVICE_POE_MAIN_POWER_OVER_THRESHOLD	Device	Alarm	Major	Port Power Status	When the system level main PoE power usage exceeds the configured threshold, this alarm is raised. When the exceeded system level main PoE power usage comes down below the threshold, this alarm is cleared.	6.0.2
DEVICE_POE_PORT_POWER_OVER_THRESHOLD	Device	Alarm	Major	Port Power Over Threshold	When the port PoE power usage exceeds the configured threshold, this alarm is raised. When the exceeded port PoE power usage comes down below the threshold, this alarm is cleared.	6.0.2
DEVICE_POE_MAIN_POWER_FAULT	Device	Alarm	Critical	Main Power Fault	When the PSE controller encounters an internal error, this alarm is raised. Need reload/RMA of the device.	6.0.2
DEVICE_POE_PORT_POWER_STATUS	Device	Alert	Major	Port Power Status	This alert is raised when the software process responsible for Power Over Ethernet support observes a change in power supply status of a PoE port.	6.0.2
RADIUS_SERVER_NOT_REACHABLE	Device	Alarm	Major	Radius Server reachability error.	When the primary and secondary RADIUS server is unreachable from a device, this alarm is generated. The reasons could be a network error or an improper/missing source interface configuration.	6.0.2
DYNAMIC_VLAN_NOT_CONFIGURED	Device	Alarm	Major	Dynamic VLAN NAME/ID issued from the Radius server is not configured on the element.	When the RADIUS server requested Dynamic VLAN ID is not configured on the system, this alarm is generated. It is cleared either when the configuration was updated with the VLAN ID is configured or when the client gets authenticated.	6.0.2
CLIENT_AUTH_FAIL	Device	Alert	Major	A client failed to authenticate with valid credentials on an 802.1X authentication enabled port.	This alert is raised when the client Authentication (MAC Auth or 802.1X) fails.	6.0.2

**User ID Alarms**
ALARM CODE	EVENT ORIGIN	ALERT/ ALARM	SEVERITY	EVENT TITLE	EVENT DESCRIPTION	RELEASE INTRODUCED
DEVICESW_USERIDAGENTS_DOWN	Device	Alarm	Minor	UserId agent down	The device generates the alarm in case if the User-ID daemon failed to connect with the User-ID agent.	6.2.1
USER_ID_DIRECTORY_SYNC_FAILED	Controller	Alarm	Minor	Directory sync failed	Controller generates the alarm in case of failure of Full Sync or Delta Sync while syncing any of groups, users and membership. Alarm will be cleared once the sync is successfully completed.	6.2.1
USER_ID_HUB_SELECTION_FAILED	Controller	Alarm	Minor	Hub selection failed	Controller generates this alarm if hub selection failed.	6.2.1

Prisma SD-WAN Key Elements