| Message Code | PIX-3-717018 |
| Severity | Error |
| Description | CRL received from issuer has too many entries to process (number of entries = number_of_entries, maximum number allowed = max_allowed) |
| Explanation | This log event will be generated when an IPSec connection causes a CRL, that contains
more revocation entries than can be supported, to be downloaded. This is an error condition that
will cause the connection to fail. This message is rate limited to one message every 10 seconds. issuer—The X.500 name of the CRLs issuer number_of_entries—The number of revocation entries in the received CRL max_allowed—The maximum number of CRL entries that the device supports |
| User Action | Scalability is perhaps the most significant drawback to the CRL method of revocation checking. The only options to solve this problem are to investigate a Certificate Authority based solution to reduce the CRL size or configure the device not to require CRL validation. |
| Reference Links |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.