mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
6b9d05653c
git-svn-id: http://www.observium.org/svn/observer/trunk@1569 61d68cd4-352d-0410-923a-c4978735b2b8
2942 lines
100 KiB
Plaintext
2942 lines
100 KiB
Plaintext
ENTERASYS-FIREWALL-MIB DEFINITIONS ::= BEGIN
|
|
|
|
-- enterasys-firewall-mib.txt
|
|
--
|
|
-- Part Number:
|
|
--
|
|
--
|
|
|
|
-- This module provides authoritative definitions for Enterasys
|
|
-- Networks' Firewall MIB.
|
|
|
|
--
|
|
-- This module will be extended, as needed.
|
|
|
|
-- Enterasys Networks reserves the right to make changes in this
|
|
-- specification and other information contained in this document
|
|
-- without prior notice. The reader should consult Enterasys Networks
|
|
-- to determine whether any such changes have been made.
|
|
--
|
|
-- In no event shall Enterasys Networks be liable for any incidental,
|
|
-- indirect, special, or consequential damages whatsoever (including
|
|
-- but not limited to lost profits) arising out of or related to this
|
|
-- document or the information contained in it, even if Enterasys
|
|
-- Networks has been advised of, known, or should have known, the
|
|
-- possibility of such damages.
|
|
--
|
|
-- Enterasys Networks grants vendors, end-users, and other interested
|
|
-- parties a non-exclusive license to use this Specification in
|
|
-- connection with the management of Enterasys Networks products.
|
|
|
|
-- Copyright April, 2003 Enterasys Networks, Inc.
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32,
|
|
Unsigned32, Gauge32
|
|
FROM SNMPv2-SMI
|
|
RowStatus, StorageType, TruthValue, TimeStamp,
|
|
VariablePointer, DateAndTime
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE, OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
InetAddressType, InetAddress, InetPortNumber
|
|
FROM INET-ADDRESS-MIB
|
|
ifIndex
|
|
FROM IF-MIB
|
|
etsysModules
|
|
FROM ENTERASYS-MIB-NAMES;
|
|
|
|
etsysFirewallMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200411172222Z" -- Wed Nov 17 22:22 GMT 2004
|
|
ORGANIZATION "Enterasys Networks, Inc"
|
|
CONTACT-INFO
|
|
"Postal: Enterasys Networks
|
|
50 Minuteman Rd.
|
|
Andover, MA 01801-1008
|
|
USA
|
|
Phone: +1 978 684 1000
|
|
E-mail: support@enterasys.com
|
|
WWW: http://www.enterasys.com"
|
|
|
|
DESCRIPTION
|
|
"This MIB module defines a portion of the SNMP MIB under
|
|
the Enterasys Networks enterprise OID pertaining to
|
|
the configuration, policy, and monitoring of firewall
|
|
network devices."
|
|
|
|
REVISION "200411172222Z" -- Wed Nov 17 22:22 GMT 2004
|
|
DESCRIPTION
|
|
"The initial version of this MIB module."
|
|
|
|
::= { etsysModules 37 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- MIB Objects
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWConfigurationObjects OBJECT IDENTIFIER ::= { etsysFirewallMIB 1 }
|
|
etsysFWPolicyObjects OBJECT IDENTIFIER ::= { etsysFirewallMIB 2 }
|
|
etsysFWMonitoringObjects OBJECT IDENTIFIER ::= { etsysFirewallMIB 3 }
|
|
|
|
etsysFWPolicyGroups OBJECT IDENTIFIER ::= { etsysFWPolicyObjects 1 }
|
|
etsysFWPolicyRules OBJECT IDENTIFIER ::= { etsysFWPolicyObjects 2 }
|
|
etsysFWPolicyNetworks OBJECT IDENTIFIER ::= { etsysFWPolicyObjects 3 }
|
|
etsysFWPolicyServices OBJECT IDENTIFIER ::= { etsysFWPolicyObjects 4 }
|
|
etsysFWPolicyFilters OBJECT IDENTIFIER ::= { etsysFWPolicyObjects 5 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Firewall Configuration Objects
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWFirewallEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current state of the firewall is returned when this value
|
|
is read. Setting the value to true causes the firewall to
|
|
start inspecting packets. Setting the value to false causes
|
|
the firewall to stop inspecting packets. The value read could
|
|
be different than the last value set if the state is changed by
|
|
a means other than this MIB."
|
|
::= { etsysFWConfigurationObjects 1 }
|
|
|
|
etsysFWTcpTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Firewalls can perform stateful inspection of TCP sessions. TCP
|
|
sessions are created and deleted by monitoring TCP SYNC/ACK/FIN
|
|
flags. Inactivity for the period specified by this object will
|
|
delete the TCP session."
|
|
DEFVAL { 1200 }
|
|
::= { etsysFWConfigurationObjects 2 }
|
|
|
|
etsysFWUdpTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Firewalls can perform stateful inspection of UDP sessions. UDP
|
|
sessions are created on the first outbound UDP packet.
|
|
Inactivity for the period specified by this object will delete
|
|
the UDP session."
|
|
DEFVAL { 600 }
|
|
::= { etsysFWConfigurationObjects 3 }
|
|
|
|
etsysFWIcmpTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ICMP sessions are created on an outbound ICMP echo request.
|
|
Inactivity for the period specified by this object will delete
|
|
the ICMP session."
|
|
DEFVAL { 60 }
|
|
::= { etsysFWConfigurationObjects 4 }
|
|
|
|
etsysFWAuthTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Firewalls can be configured to only allow packets from IP
|
|
addresses that have been authenticated. An authenticated IP address
|
|
will need to re-authenticate if there is no traffic from that address
|
|
for the period specified by this object."
|
|
DEFVAL { 60 }
|
|
::= { etsysFWConfigurationObjects 5 }
|
|
|
|
etsysFWAuthPort OBJECT-TYPE
|
|
SYNTAX Integer32 (1024..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Firewalls can be configured to only allow packets from IP
|
|
addresses that have been authenticated. This object specifies the
|
|
port on which the firewall listens for authentication requests."
|
|
DEFVAL { 3000 }
|
|
::= { etsysFWConfigurationObjects 6 }
|
|
|
|
etsysFWLoggingThreshold OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The threshold for firewall event logging. Events with
|
|
severity equal to or less than the value specified
|
|
will be logged. The value corresponds to syslog severity
|
|
levels as defined in RFC3164."
|
|
DEFVAL { 3 }
|
|
::= { etsysFWConfigurationObjects 7 }
|
|
|
|
etsysFWRPCMicrosoftTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The idle session timeout on packet inspection for Remote
|
|
Procedure Call (RPC) -based applications. This Application Level
|
|
Gateway (ALG) supports two types of RPCs - SUN (used by most UNIX
|
|
systems) and Microsoft. If the RPC-based session is idle for the
|
|
specified period, it will be shutdown."
|
|
DEFVAL { 3 }
|
|
::= { etsysFWConfigurationObjects 8 }
|
|
|
|
etsysFWRPCSunTimeout OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The idle session timeout on packet inspection for Remote
|
|
Procedure Call (RPC) -based applications. This Application Level
|
|
Gateway (ALG) supports two types of RPCs - SUN (used by most UNIX
|
|
systems) and Microsoft. If the RPC-based session is idle for the
|
|
specified period, it will be shutdown."
|
|
DEFVAL { 3 }
|
|
::= { etsysFWConfigurationObjects 9 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- -------------------------------------------------------------
|
|
-- Interface to Firewall State Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWFirewallOnIntfLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWFirewallOnIntfTable was last
|
|
modified."
|
|
::= { etsysFWConfigurationObjects 10 }
|
|
|
|
etsysFWFirewallOnIntfTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWFirewallOnIntfEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table defines the state of the firewall on
|
|
individual interfaces. The firewall may be enabled
|
|
or disabled for each interface on the device. The effective
|
|
state of the firewall depends on the setting of
|
|
etsysFWFirewallEnabled.
|
|
|
|
|
|
| | interface
|
|
etsysFWFirewallEnabled | etsysFWFirewallOnIntfEnabled | effective
|
|
| | state
|
|
-----------------------------------------------------------------
|
|
true true enabled
|
|
true false disabled
|
|
false true disabled
|
|
false false disabled
|
|
|
|
If an interface is not represented in this table, then its
|
|
effective state is determined by etsysFWFirewallEnabled.
|
|
|
|
The implementation may choose to allow modifications to this
|
|
table only under certain SNMP contexts. The
|
|
etsysFWFirewallOnIntfStorageType for a given SNMP context may
|
|
be readOnly, meaning the row cannot be modified or deleted. In
|
|
another SNMP context, the etsysFWFirewallOnIntfStorageType
|
|
value could allow the row to be modified or deleted."
|
|
::= { etsysFWConfigurationObjects 11 }
|
|
|
|
etsysFWFirewallOnIntfEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWFirewallOnIntfEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row defining whether firewall is enabled for a particular
|
|
interface."
|
|
INDEX { ifIndex }
|
|
::= { etsysFWFirewallOnIntfTable 1 }
|
|
|
|
EtsysFWFirewallOnIntfEntry ::=
|
|
SEQUENCE {
|
|
etsysFWFirewallOnIntfEnabled TruthValue,
|
|
etsysFWFirewallOnIntfStorageType StorageType,
|
|
etsysFWFirewallOnIntfRowStatus RowStatus
|
|
}
|
|
|
|
etsysFWFirewallOnIntfEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current state of the firewall is returned when
|
|
this value is read. This setting is only effective when
|
|
etsysFWFirewallEnabled is true. Setting the value to true
|
|
causes the firewall to start inspecting packets, if
|
|
etsysFWFirewallEnabled is true. Setting the value to false
|
|
causes the firewall to stop inspecting packets, if
|
|
etsysFWFirewallEnabled is true."
|
|
DEFVAL { false }
|
|
::= { etsysFWFirewallOnIntfEntry 1 }
|
|
|
|
etsysFWFirewallOnIntfStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The storage type for this row."
|
|
DEFVAL { volatile }
|
|
::= { etsysFWFirewallOnIntfEntry 2 }
|
|
|
|
etsysFWFirewallOnIntfRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this conceptual row.
|
|
|
|
The value of this object has no effect on whether other
|
|
objects in this conceptual row can be modified."
|
|
::= { etsysFWFirewallOnIntfEntry 3 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- -------------------------------------------------------------
|
|
-- Interface to Firewall Filter Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWFirewallIntfFilterLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWFirewallIntfFilterTable
|
|
was last modified."
|
|
::= { etsysFWConfigurationObjects 12 }
|
|
|
|
etsysFWFirewallIntfFilterTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWFirewallIntfFilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table defines the IP filters applied to
|
|
individual interfaces.
|
|
|
|
The implementation may choose to allow modifications to this
|
|
table only under certain SNMP contexts. The
|
|
etsysFWFirewallIntfFilterStorageType for a given SNMP context may
|
|
be readOnly, meaning the row cannot be modified or deleted. In
|
|
another SNMP context, the etsysFWFirewallIntfFilterStorageType
|
|
value could allow the row to be modified or deleted."
|
|
::= { etsysFWConfigurationObjects 13 }
|
|
|
|
etsysFWFirewallIntfFilterEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWFirewallIntfFilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row defining the IP filters applied to individual interfaces."
|
|
INDEX { ifIndex, etsysFWFirewallIntfFilterType }
|
|
::= { etsysFWFirewallIntfFilterTable 1 }
|
|
|
|
EtsysFWFirewallIntfFilterEntry ::=
|
|
SEQUENCE {
|
|
etsysFWFirewallIntfFilterType INTEGER,
|
|
etsysFWFirewallIntfFilterDirection INTEGER,
|
|
etsysFWFirewallIntfFilterStorageType StorageType,
|
|
etsysFWFirewallIntfFilterRowStatus RowStatus
|
|
}
|
|
|
|
etsysFWFirewallIntfFilterType OBJECT-TYPE
|
|
SYNTAX INTEGER { ipBroadcast (1),
|
|
ipMulticast (2),
|
|
ipOptionAll (3),
|
|
ipOptionOther (4),
|
|
ipOptionLooseSourceRoute (5),
|
|
ipOptionRecordRoute (6),
|
|
ipOptionStrictSourceRoute (7),
|
|
ipOptionTimeStamp (8) }
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of IP filter that applies on a particular interface.
|
|
|
|
ipBroadcast -
|
|
This filter type allows incoming/outgoing IP packets
|
|
through the firewall with 255.255.255.255 set as the
|
|
destination address. It enables broadcast protocols
|
|
such as DHCP to traverse the firewall.
|
|
|
|
ipMulticast -
|
|
This filter type allows incoming/outgoing IP packets
|
|
with a multicast destination address through the
|
|
firewall. It enables multicast protocols such as RIP
|
|
and OSPF to traverse the firewall.
|
|
|
|
ipOptionAll -
|
|
All IP options allowed.
|
|
|
|
ipOptionOther -
|
|
Any IP option other than those explicitly supported
|
|
by the command.
|
|
|
|
ipOptionLooseSourceRoute -
|
|
Requests routing that includes the specified routers.
|
|
This routing path includes a sequence of IP addresses
|
|
a datagram must follow to its destination but allows
|
|
multiple network hops between successive addresses on
|
|
the list.
|
|
|
|
ipOptionRecordRoute -
|
|
Traces a route. It allows the source to create an
|
|
empty list of IP addresses and arrange for each
|
|
router that router that handles a datagram to add
|
|
its IP address to the list. When a datagram arrives,
|
|
the destination device can extract and and process
|
|
the list of addresses.
|
|
|
|
ipOptionStrictSourceRoute -
|
|
Specifies an exact route through the Internet.
|
|
This routing path includes a sequence of IP addresses
|
|
a datagram must follow, hop by hop, from its source
|
|
to destination. The path between two successive
|
|
addresses in the list must consist of a single
|
|
physical network.
|
|
|
|
ipOptionTimeStamp -
|
|
Records timestamps along a route. It is similar to
|
|
the record route option in that every router from
|
|
source to destination adds its IP address, and a
|
|
timestamp, to the list. The timestamp notes the
|
|
time and date a router handled the datagram,
|
|
expressed in milliseconds since midnight,
|
|
Universal Time."
|
|
::= { etsysFWFirewallIntfFilterEntry 1 }
|
|
|
|
etsysFWFirewallIntfFilterDirection OBJECT-TYPE
|
|
SYNTAX INTEGER { none (1),
|
|
in (2),
|
|
out (3),
|
|
both (4) }
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction which the filter is applied.
|
|
none - Denies the packet that matched the filter type.
|
|
in - Allows the packet that matched the filter type
|
|
to enter the interface.
|
|
out - Allows the packet that matched the filter type
|
|
to exit the interface.
|
|
both - Allows the packet that matched the filter type
|
|
to enter and exit the interface."
|
|
DEFVAL { none }
|
|
::= { etsysFWFirewallIntfFilterEntry 2 }
|
|
|
|
|
|
etsysFWFirewallIntfFilterStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The storage type for this row."
|
|
DEFVAL { volatile }
|
|
::= { etsysFWFirewallIntfFilterEntry 3 }
|
|
|
|
etsysFWFirewallIntfFilterRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this conceptual row.
|
|
|
|
The value of this object has no effect on whether other
|
|
objects in this conceptual row can be modified."
|
|
::= { etsysFWFirewallIntfFilterEntry 4 }
|
|
|
|
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Firewall Policy Objects
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWSystemPolicyGroupName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(0..32))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the policy group containing the global
|
|
system policy. The value of etsysFWSystemPolicyGroupName
|
|
should be used as an index into the etsysFWGroupPolicyTable to
|
|
determine the list of rules that MUST be applied to the system.
|
|
A zero length string indicates no system wide policy exists,
|
|
and the default policy of 'allow' should be executed until one
|
|
is imposed by either this object or by the interface processing
|
|
the packet.
|
|
|
|
Since policy group names are unique, the
|
|
etsysFWSystemPolicyGroupName MUST NOT be equal to any
|
|
etsysFWIntfToGroupName objects."
|
|
::= { etsysFWPolicyGroups 1 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Interface to Policy Group Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWIntfToGroupLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWIntfToGroupTable was last
|
|
modified."
|
|
::= { etsysFWPolicyGroups 2 }
|
|
|
|
etsysFWIntfToGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWIntfToGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table defines the group of firewall rules applied to
|
|
individual interfaces. Rules for this group will be
|
|
applied in the etsysFWGroupPolicyTable.
|
|
|
|
The implementation may choose to allow modifications to this
|
|
table only under certain SNMP contexts. The
|
|
etsysFWIntfToGroupStorageType for a given SNMP context may be
|
|
readOnly, meaning the row cannot be modified or deleted. In
|
|
another SNMP context, the etsysFWIntfToGroupStorageType value
|
|
could allow the row to be modified or deleted."
|
|
::= { etsysFWPolicyGroups 3 }
|
|
|
|
etsysFWIntfToGroupEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWIntfToGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row defining the group name for a particular interface."
|
|
INDEX { ifIndex,
|
|
etsysFWIntfToGroupIntfDirection,
|
|
etsysFWIntfToGroupName }
|
|
::= { etsysFWIntfToGroupTable 1 }
|
|
|
|
EtsysFWIntfToGroupEntry ::=
|
|
SEQUENCE {
|
|
etsysFWIntfToGroupIntfDirection INTEGER,
|
|
etsysFWIntfToGroupName SnmpAdminString,
|
|
etsysFWIntfToGroupStorageType StorageType,
|
|
etsysFWIntfToGroupRowStatus RowStatus
|
|
}
|
|
|
|
etsysFWIntfToGroupIntfDirection OBJECT-TYPE
|
|
SYNTAX INTEGER { ingress(1),
|
|
egress(2) }
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines the direction of the packets to inspect, incoming
|
|
(ingress), or outgoing (egress)."
|
|
::= { etsysFWIntfToGroupEntry 1 }
|
|
|
|
etsysFWIntfToGroupName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The group name for this interface. The value of
|
|
etsysFWIntfToGroupName should be used as index into the
|
|
etsysFWGroupPolicyTable to determine the list of rules that
|
|
MUST be applied to this interface.
|
|
|
|
Since policy group names are unique, the etsysFWIntfToGroupName
|
|
MUST NOT be equal to the etsysFWSystemPolicyGroupName object."
|
|
::= { etsysFWIntfToGroupEntry 2 }
|
|
|
|
etsysFWIntfToGroupStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The storage type for this row."
|
|
DEFVAL { volatile }
|
|
::= { etsysFWIntfToGroupEntry 3 }
|
|
|
|
etsysFWIntfToGroupRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the conceptual status of this row.
|
|
|
|
The value of this object has no effect on whether other
|
|
objects in this conceptual row can be modified."
|
|
::= { etsysFWIntfToGroupEntry 4 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Group Policy Rules Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWGroupPolicyLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWGroupPolicyTable was last
|
|
modified."
|
|
::= { etsysFWPolicyGroups 4 }
|
|
|
|
etsysFWGroupPolicyTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWGroupPolicyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table defines the firewall rules applied to groups.
|
|
|
|
The implementation may choose to allow modifications to this
|
|
table only under certain SNMP contexts. The
|
|
etsysFWGroupPolicyStorageType for a given SNMP context may be
|
|
readOnly, meaning the row cannot be modified or deleted. In
|
|
another SNMP context, the etsysFWGroupPolicyStorageType value
|
|
could allow the row to be modified or deleted."
|
|
::= { etsysFWPolicyGroups 5 }
|
|
|
|
etsysFWGroupPolicyEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWGroupPolicyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row defining a particular group policy rule and its priority."
|
|
INDEX { etsysFWGroupPolicyName, etsysFWGroupPolicyRuleDef }
|
|
::= { etsysFWGroupPolicyTable 1 }
|
|
|
|
EtsysFWGroupPolicyEntry ::=
|
|
SEQUENCE {
|
|
etsysFWGroupPolicyName SnmpAdminString,
|
|
etsysFWGroupPolicyRuleDef SnmpAdminString,
|
|
etsysFWGroupPolicyPriority Integer32,
|
|
etsysFWGroupPolicyStorageType StorageType,
|
|
etsysFWGroupPolicyRowStatus RowStatus
|
|
}
|
|
|
|
etsysFWGroupPolicyName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the group. These names should be either
|
|
the etsysFWSystemPolicyGroupName or the
|
|
etsysFWIntfToGroupName from the etsysFWIntfToGroupTable."
|
|
::= { etsysFWGroupPolicyEntry 1 }
|
|
|
|
etsysFWGroupPolicyRuleDef OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An etsysFWPolicyRuleDefName from the etsysFWPolicyRuleDefTable."
|
|
::= { etsysFWGroupPolicyEntry 2 }
|
|
|
|
etsysFWGroupPolicyPriority OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The priority of rule in the group. The firewall applies the
|
|
rules from the lowest to the highest priority.
|
|
Priority can only be in the range of 0 to the maximum number of
|
|
policyRuleDef in the group + 1. i.e. If there are 5 policies in
|
|
the group. The maximum priority the user can create is 6."
|
|
::= { etsysFWGroupPolicyEntry 3 }
|
|
|
|
etsysFWGroupPolicyStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The storage type for this row."
|
|
DEFVAL { volatile }
|
|
::= { etsysFWGroupPolicyEntry 4 }
|
|
|
|
etsysFWGroupPolicyRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the conceptual status of this row.
|
|
|
|
The value of this object has no effect on whether other
|
|
objects in this conceptual row can be modified."
|
|
::= { etsysFWGroupPolicyEntry 5 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Policy Rule Definition Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWPolicyRuleDefMaxEntries OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of entries allowed in the
|
|
etsysFWPolicyRuleDefTable."
|
|
::= { etsysFWPolicyRules 1 }
|
|
|
|
etsysFWPolicyRuleDefNumEntries OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries in the
|
|
etsysFWPolicyRuleDefTable."
|
|
::= { etsysFWPolicyRules 2 }
|
|
|
|
etsysFWPolicyRuleDefLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWPolicyRuleDefTable was last
|
|
modified."
|
|
::= { etsysFWPolicyRules 3 }
|
|
|
|
etsysFWPolicyRuleDefTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWPolicyRuleDefEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table defines a policy rule by associating a network
|
|
objects with a filter or a set of filters and an action to take
|
|
when the filter is true.
|
|
|
|
The implementation may choose to allow modifications to this
|
|
table only under certain SNMP contexts. The
|
|
etsysFWPolicyRuleDefStorageType for a given SNMP context may be
|
|
readOnly, meaning the row cannot be modified or deleted. In
|
|
another SNMP context, the etsysFWPolicyRuleDefStorageType value
|
|
could allow the row to be modified or deleted."
|
|
::= { etsysFWPolicyRules 4 }
|
|
|
|
etsysFWPolicyRuleDefEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWPolicyRuleDefEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row defining a particular policy definition. A rule
|
|
definition binds a filter pointer to an action."
|
|
INDEX { etsysFWPolicyRuleDefName }
|
|
::= { etsysFWPolicyRuleDefTable 1 }
|
|
|
|
EtsysFWPolicyRuleDefEntry ::=
|
|
SEQUENCE {
|
|
etsysFWPolicyRuleDefName SnmpAdminString,
|
|
etsysFWPolicyRuleDefSrcNetwork VariablePointer,
|
|
etsysFWPolicyRuleDefDstNetwork VariablePointer,
|
|
etsysFWPolicyRuleDefBidirectional TruthValue,
|
|
etsysFWPolicyRuleDefService VariablePointer,
|
|
etsysFWPolicyRuleAuthName SnmpAdminString,
|
|
etsysFWPolicyRuleDefAction INTEGER,
|
|
etsysFWPolicyRuleDefLogging TruthValue,
|
|
etsysFWPolicyRuleDefStorageType StorageType,
|
|
etsysFWPolicyRuleDefRowStatus RowStatus
|
|
}
|
|
|
|
etsysFWPolicyRuleDefName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"etsysFWPolicyRuleDefName is the administratively assigned
|
|
name of the policy rule."
|
|
::= { etsysFWPolicyRuleDefEntry 1 }
|
|
|
|
etsysFWPolicyRuleDefSrcNetwork OBJECT-TYPE
|
|
SYNTAX VariablePointer
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If the source address of the packet is in the set of
|
|
addresses defined by the network object pointed to by
|
|
etsysFWPolicyRuleDefSrcNetwork and the destination address
|
|
is in the set of addresses defined by the network object
|
|
pointed to by etsysFWPolicyRuleDefDstNetwork, the firewall
|
|
will evaluate the etsysFWPolicyRuleDefFilter for the packet.
|
|
|
|
This MIB defines the following tables which may
|
|
be pointed to by this column. Implementations may choose to
|
|
provide support for other network tables or scalars as well:
|
|
|
|
etsysFWNetworkGroupTable
|
|
etsysFWNetworkTable
|
|
|
|
If this column is set to a VariablePointer value which
|
|
references a non-existent row in an otherwise supported
|
|
table, the inconsistentName exception should be returned.
|
|
If the table or scalar pointed to by the VariablePointer is
|
|
not supported at all, then an inconsistentValue exception
|
|
should be returned."
|
|
::= { etsysFWPolicyRuleDefEntry 2 }
|
|
|
|
etsysFWPolicyRuleDefDstNetwork OBJECT-TYPE
|
|
SYNTAX VariablePointer
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If the source address of the packet is in the set of
|
|
addresses defined by the network object pointed to by
|
|
etsysFWPolicyRuleDefSrcNetwork and the destination address
|
|
is in the set of addresses defined by the network object
|
|
pointed to by etsysFWPolicyRuleDefDstNetwork, the firewall
|
|
will evaluate the etsysFWPolicyRuleDefFilter for the packet.
|
|
|
|
This MIB defines the following tables which may
|
|
be pointed to by this column. Implementations may choose to
|
|
provide support for other network tables or scalars as well:
|
|
|
|
etsysFWNetworkGroupTable
|
|
etsysFWNetworkTable
|
|
|
|
If this column is set to a VariablePointer value which
|
|
references a non-existent row in an otherwise supported
|
|
table, the inconsistentName exception should be returned.
|
|
If the table or scalar pointed to by the VariablePointer is
|
|
not supported at all, then an inconsistentValue exception
|
|
should be returned."
|
|
::= { etsysFWPolicyRuleDefEntry 3 }
|
|
|
|
etsysFWPolicyRuleDefBidirectional OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A policy may be specified as bidirectional to mean that it also
|
|
operates with the etsysFWPolicyRuleDefSrcNetwork and
|
|
etsysFWPolicyRuleDefDstNetwork reversed.
|
|
If this column is false, the policy operates only in the
|
|
direction defined by etsysFWPolicyRuleDefSrcNetwork and
|
|
etsysFWPolicyRuleDefDstNetwork."
|
|
DEFVAL { false }
|
|
::= { etsysFWPolicyRuleDefEntry 4 }
|
|
|
|
etsysFWPolicyRuleDefService OBJECT-TYPE
|
|
SYNTAX VariablePointer
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"etsysFWPolicyRuleDefFilter points to a filter which is used to
|
|
evaluate whether the action associated with this row should
|
|
be fired or not. The action will only fire if the filter
|
|
referenced by this object evaluates to true.
|
|
|
|
This MIB defines the following tables which may
|
|
be pointed to by this column. Implementations may choose to
|
|
provide support for other filter tables or scalars as well:
|
|
|
|
etsysFWIpHeaderFilterTable
|
|
etsysFWIpOptionsFilterTable
|
|
|
|
If this column is set to a VariablePointer value which
|
|
references a non-existent row in an otherwise supported
|
|
table, the inconsistentName exception should be returned.
|
|
If the table or scalar pointed to by the VariablePointer is
|
|
not supported at all, then an inconsistentValue exception
|
|
should be returned."
|
|
::= { etsysFWPolicyRuleDefEntry 5 }
|
|
|
|
etsysFWPolicyRuleAuthName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication group name to use."
|
|
::= { etsysFWPolicyRuleDefEntry 6 }
|
|
|
|
etsysFWPolicyRuleDefAction OBJECT-TYPE
|
|
SYNTAX INTEGER { allow (1),
|
|
allowAuth (2),
|
|
drop (3) }
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action to take when the filter is true.
|
|
allow: the packet should be allowed
|
|
drop: the packet should be dropped
|
|
allowAuth: the packet is allowed if the source
|
|
address has been authenticated to the
|
|
group."
|
|
::= { etsysFWPolicyRuleDefEntry 7 }
|
|
|
|
etsysFWPolicyRuleDefLogging OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When the filter is true, log the activity of this rule."
|
|
DEFVAL { false }
|
|
::= { etsysFWPolicyRuleDefEntry 8 }
|
|
|
|
etsysFWPolicyRuleDefStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The storage type for this row."
|
|
DEFVAL { volatile }
|
|
::= { etsysFWPolicyRuleDefEntry 9 }
|
|
|
|
etsysFWPolicyRuleDefRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the conceptual status of this row.
|
|
|
|
The value of this object has no effect on whether other
|
|
objects in this conceptual row can be modified.
|
|
|
|
This object SHOULD NOT be set to active until the containing
|
|
networks and filters have been defined. Once active, it
|
|
MUST remain active until no etsysFWGroupPolicyRuleDef
|
|
entries are referencing it."
|
|
::= { etsysFWPolicyRuleDefEntry 10 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Network Group Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWNetworkGroupMaxEntries OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of entries allowed in the
|
|
etsysFWNetworkGroupTable."
|
|
::= { etsysFWPolicyNetworks 1 }
|
|
|
|
etsysFWNetworkGroupNumEntries OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries in the
|
|
etsysFWNetworkGroupTable."
|
|
::= { etsysFWPolicyNetworks 2 }
|
|
|
|
etsysFWNetworkGroupLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWNetworkGroupTable was last
|
|
modified."
|
|
::= { etsysFWPolicyNetworks 3 }
|
|
|
|
etsysFWNetworkGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWNetworkGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table defining a group of network objects from the
|
|
etsysFWNetworkTable or a network group in
|
|
etsysFWNetworkGroupTable. The networks contained in the group
|
|
are defined in the etsysFWNetwkInNetGrpTable.
|
|
|
|
The implementation may choose to allow modifications to this
|
|
table only under certain SNMP contexts. The
|
|
etsysFWNetworkGroupStorageType for a given SNMP context may be
|
|
readOnly, meaning the row cannot be modified or deleted. In
|
|
another SNMP context, the etsysFWNetworkGroupStorageType value
|
|
could allow the row to be modified or deleted."
|
|
::= { etsysFWPolicyNetworks 4 }
|
|
|
|
etsysFWNetworkGroupEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWNetworkGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the etsysFWNetworkGroupTable."
|
|
INDEX { etsysFWNetworkGroupName }
|
|
::= { etsysFWNetworkGroupTable 1 }
|
|
|
|
EtsysFWNetworkGroupEntry ::=
|
|
SEQUENCE {
|
|
etsysFWNetworkGroupName SnmpAdminString,
|
|
etsysFWNetworkGroupStorageType StorageType,
|
|
etsysFWNetworkGroupRowStatus RowStatus
|
|
}
|
|
|
|
etsysFWNetworkGroupName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The administratively assigned name of the network group."
|
|
::= { etsysFWNetworkGroupEntry 1 }
|
|
|
|
etsysFWNetworkGroupStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The storage type for this row."
|
|
DEFVAL { volatile }
|
|
::= { etsysFWNetworkGroupEntry 2 }
|
|
|
|
etsysFWNetworkGroupRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the conceptual status of this row.
|
|
|
|
The value of this object has no effect on whether other
|
|
objects in this conceptual row can be modified.
|
|
|
|
Once active, it MAY NOT have its value changed if any active
|
|
rows in the etsysFWNetwkInNetGrpTable or the
|
|
etsysFWFilterDefTable are currently pointing at this row."
|
|
::= { etsysFWNetworkGroupEntry 3 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Networks in Network Group Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWNetworkGroupMaxNetworks OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of networks allowed in a network group."
|
|
::= { etsysFWPolicyNetworks 5 }
|
|
|
|
etsysFWNetwkInNetGrpLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWNetwkInNetGrpTable was last
|
|
modified."
|
|
::= { etsysFWPolicyNetworks 6 }
|
|
|
|
etsysFWNetwkInNetGrpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWNetwkInNetGrpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table defining the networks in a network group.
|
|
All etsysFWNetwkInNetGrpSubNetwork objects in a
|
|
etsysFWNetworkGroupName must have the same
|
|
etsysFWNetworkIPVersion and etsysFWNetworkRealm.
|
|
|
|
The implementation may choose to allow modifications to this
|
|
table only under certain SNMP contexts. The
|
|
etsysFWNetwkInNetGrpStorageType for a given SNMP context may be
|
|
readOnly, meaning the row cannot be modified or deleted. In
|
|
another SNMP context, the etsysFWNetwkInNetGrpStorageType value
|
|
could allow the row to be modified or deleted."
|
|
::= { etsysFWPolicyNetworks 7 }
|
|
|
|
etsysFWNetwkInNetGrpEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWNetwkInNetGrpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the etsysFWNetwkInNetGrpTable."
|
|
INDEX { etsysFWNetworkGroupName, etsysFWNetwkInNetGrpSubNetwork }
|
|
::= { etsysFWNetwkInNetGrpTable 1 }
|
|
|
|
EtsysFWNetwkInNetGrpEntry ::=
|
|
SEQUENCE {
|
|
etsysFWNetwkInNetGrpSubNetwork SnmpAdminString,
|
|
etsysFWNetwkInNetGrpStorageType StorageType,
|
|
etsysFWNetwkInNetGrpRowStatus RowStatus
|
|
}
|
|
|
|
etsysFWNetwkInNetGrpSubNetwork OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The location of the contained network. The MIB defines the
|
|
following tables which may be pointed to by this column:
|
|
|
|
etsysFWNetworkTable
|
|
|
|
Implementations should prevent recursion and return the
|
|
inconsistentName exception if the SnmpAdminString value
|
|
references an etsysFWNetworkGroupTable row that already
|
|
contains the etsysFWNetworkGroupName of this row.
|
|
|
|
If this column is set to a SnmpAdminString value which
|
|
references a non-existent row in an otherwise supported
|
|
table, the inconsistentName exception should be returned.
|
|
If the table or scalar pointed to by the SnmpAdminString is
|
|
not supported at all, then an inconsistentValue exception
|
|
should be returned."
|
|
::= { etsysFWNetwkInNetGrpEntry 1 }
|
|
|
|
etsysFWNetwkInNetGrpStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The storage type for this row."
|
|
DEFVAL { volatile }
|
|
::= { etsysFWNetwkInNetGrpEntry 2 }
|
|
|
|
etsysFWNetwkInNetGrpRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the conceptual status of this row.
|
|
|
|
The value of this object has no effect on whether other
|
|
objects in this conceptual row can be modified.
|
|
|
|
This object cannot be made active until the network or
|
|
network group referenced by the etsysFWNetwkInNetGrpSubNetwork
|
|
is both defined and is active. An attempt to do so will
|
|
result in an inconsistentValue error."
|
|
::= { etsysFWNetwkInNetGrpEntry 3 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Network Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWNetworkMaxEntries OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of entries allowed in the
|
|
etsysFWNetworkTable."
|
|
::= { etsysFWPolicyNetworks 8 }
|
|
|
|
etsysFWNetworkNumEntries OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries in the
|
|
etsysFWNetworkTable."
|
|
::= { etsysFWPolicyNetworks 9 }
|
|
|
|
etsysFWNetworkLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWNetworkTable was last
|
|
modified."
|
|
::= { etsysFWPolicyNetworks 10 }
|
|
|
|
etsysFWNetworkTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWNetworkEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table defining the networks associated with filters to create
|
|
the firewall policy rules. Networks can be defined with a
|
|
network IP address and mask, an IP address range, or a single
|
|
IP host address.
|
|
|
|
The implementation may choose to allow modifications to this
|
|
table only under certain SNMP contexts. The
|
|
etsysFWNetworkStorageType for a given SNMP context may be
|
|
readOnly, meaning the row cannot be modified or deleted. In
|
|
another SNMP context, the etsysFWNetworkStorageType value could
|
|
allow the row to be modified or deleted."
|
|
::= { etsysFWPolicyNetworks 11 }
|
|
|
|
etsysFWNetworkEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWNetworkEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the etsysFWNetworkTable."
|
|
INDEX { etsysFWNetworkName }
|
|
::= { etsysFWNetworkTable 1 }
|
|
|
|
EtsysFWNetworkEntry ::=
|
|
SEQUENCE {
|
|
etsysFWNetworkName SnmpAdminString,
|
|
etsysFWNetworkRealm INTEGER,
|
|
etsysFWNetworkRangeOrMask INTEGER,
|
|
etsysFWNetworkIPVersion InetAddressType,
|
|
etsysFWNetworkIPAddressBegin InetAddress,
|
|
etsysFWNetworkIPAddressEnd InetAddress,
|
|
etsysFWNetworkIPAddressMask InetAddress,
|
|
etsysFWNetworkStorageType StorageType,
|
|
etsysFWNetworkRowStatus RowStatus
|
|
}
|
|
|
|
etsysFWNetworkName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The administratively assigned name of the network."
|
|
::= { etsysFWNetworkEntry 1 }
|
|
|
|
etsysFWNetworkRealm OBJECT-TYPE
|
|
SYNTAX INTEGER { internal (1),
|
|
external (2) }
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A network is qualified as either an internal or external
|
|
address."
|
|
::= { etsysFWNetworkEntry 2 }
|
|
|
|
etsysFWNetworkRangeOrMask OBJECT-TYPE
|
|
SYNTAX INTEGER { useIpAddrRange (1),
|
|
useIpAddrMask (2) }
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When set to useIpAddrRange, the etsysFWNetworkIPAddrBegin
|
|
and etsysFWNetworkIPAddrEnd define the network object in this
|
|
row.
|
|
When set to useIpAddrMask, the etsysFWNetworkIPAddrBegin
|
|
and etsysFWNetworkIPAddrMask define the network object in this
|
|
row."
|
|
::= { etsysFWNetworkEntry 3 }
|
|
|
|
etsysFWNetworkIPVersion OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Internet Protocol version the addresses are to match
|
|
against. The value of this property determines the size and
|
|
format of the etsysFWNetworkIPAddressBegin,
|
|
etsysFWNetworkIPAddressEnd and etsysFWNetworkIPAddressMask
|
|
objects.
|
|
|
|
Values of unknown, ipv4z, ipv6z and dns are not legal values
|
|
for this object."
|
|
DEFVAL { ipv4 }
|
|
::= { etsysFWNetworkEntry 4 }
|
|
|
|
etsysFWNetworkIPAddressBegin OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address that with either the etsysFWNetworkIPAddrEnd
|
|
or etsysFWNetworkIPAddrMask define the network object for this
|
|
row."
|
|
::= { etsysFWNetworkEntry 5 }
|
|
|
|
etsysFWNetworkIPAddressEnd OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When etsysFWNetworkRangeOrMask is set to useIpAddrRange, this
|
|
is the end of the IP address range. To define a single host
|
|
set this to the value of etsysFWNetworkIpAddrBegin."
|
|
::= { etsysFWNetworkEntry 6 }
|
|
|
|
etsysFWNetworkIPAddressMask OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When etsysFWNetworkRangeOrMask is set to useIpAddrMask, this
|
|
is the mask that define the IP network. To define a single
|
|
host set this to all 1's."
|
|
::= { etsysFWNetworkEntry 7 }
|
|
|
|
etsysFWNetworkStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The storage type for this row."
|
|
DEFVAL { volatile }
|
|
::= { etsysFWNetworkEntry 8 }
|
|
|
|
etsysFWNetworkRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the conceptual status of this row.
|
|
|
|
The value of this object has no effect on whether other
|
|
objects in this conceptual row can be modified.
|
|
|
|
Once active, it MAY NOT have its value changed if any active
|
|
rows in the etsysFWNetwkInNetGrpTable or the
|
|
etsysFWFilterDefTable are currently pointing at this row."
|
|
::= { etsysFWNetworkEntry 9 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Service Group Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWServiceGroupMaxEntries OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of entries allowed in the
|
|
etsysFWServiceGroupTable."
|
|
::= { etsysFWPolicyServices 1 }
|
|
|
|
etsysFWServiceGroupNumEntries OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries in the
|
|
etsysFWServiceGroupTable."
|
|
::= { etsysFWPolicyServices 2 }
|
|
|
|
etsysFWServiceGroupLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWServiceGroupTable was last
|
|
modified."
|
|
::= { etsysFWPolicyServices 3 }
|
|
|
|
etsysFWServiceGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWServiceGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table defining a group of service objects from the
|
|
etsysFWServiceTable or a service group in
|
|
etsysFWServiceGroupTable. The services contained in the group
|
|
are defined in the etsysFWNetwkInNetGrpTable.
|
|
|
|
The implementation may choose to allow modifications to this
|
|
table only under certain SNMP contexts. The
|
|
etsysFWServiceGroupStorageType for a given SNMP context may be
|
|
readOnly, meaning the row cannot be modified or deleted. In
|
|
another SNMP context, the etsysFWServiceGroupStorageType value
|
|
could allow the row to be modified or deleted."
|
|
::= { etsysFWPolicyServices 4 }
|
|
|
|
etsysFWServiceGroupEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWServiceGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the etsysFWServiceGroupTable."
|
|
INDEX { etsysFWServiceGroupName }
|
|
::= { etsysFWServiceGroupTable 1 }
|
|
|
|
EtsysFWServiceGroupEntry ::=
|
|
SEQUENCE {
|
|
etsysFWServiceGroupName SnmpAdminString,
|
|
etsysFWServiceGroupStorageType StorageType,
|
|
etsysFWServiceGroupRowStatus RowStatus
|
|
}
|
|
|
|
etsysFWServiceGroupName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The administratively assigned name of the service group."
|
|
::= { etsysFWServiceGroupEntry 1 }
|
|
|
|
etsysFWServiceGroupStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The storage type for this row."
|
|
DEFVAL { volatile }
|
|
::= { etsysFWServiceGroupEntry 2 }
|
|
|
|
etsysFWServiceGroupRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the conceptual status of this row.
|
|
|
|
The value of this object has no effect on whether other
|
|
objects in this conceptual row can be modified.
|
|
|
|
Once active, it MAY NOT have its value changed if any active
|
|
rows in the etsysFWNetwkInNetGrpTable or the
|
|
etsysFWFilterDefTable are currently pointing at this row."
|
|
::= { etsysFWServiceGroupEntry 3 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Services in Service Group Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWServiceGroupMaxServices OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of services allowed in a service group."
|
|
::= { etsysFWPolicyServices 5 }
|
|
|
|
etsysFWServiceInSvcGrpLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWServiceInSvcTable was last
|
|
modified."
|
|
::= { etsysFWPolicyServices 6 }
|
|
|
|
etsysFWServiceInSvcGrpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWServiceInSvcGrpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table defining the services in a service group.
|
|
|
|
The implementation may choose to allow modifications to this
|
|
table only under certain SNMP contexts. The
|
|
etsysFWServiceInSvcGrpStorageType for a given SNMP context may be
|
|
readOnly, meaning the row cannot be modified or deleted. In
|
|
another SNMP context, the etsysFWServiceInSvcGrpStorageType value
|
|
could allow the row to be modified or deleted."
|
|
::= { etsysFWPolicyServices 7 }
|
|
|
|
etsysFWServiceInSvcGrpEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWServiceInSvcGrpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the etsysFWServiceInSvcGrpTable."
|
|
INDEX { etsysFWServiceGroupName, etsysFWServiceInSvcGrpSubService }
|
|
::= { etsysFWServiceInSvcGrpTable 1 }
|
|
|
|
EtsysFWServiceInSvcGrpEntry ::=
|
|
SEQUENCE {
|
|
etsysFWServiceInSvcGrpSubService SnmpAdminString,
|
|
etsysFWServiceInSvcGrpStorageType StorageType,
|
|
etsysFWServiceInSvcGrpRowStatus RowStatus
|
|
}
|
|
|
|
etsysFWServiceInSvcGrpSubService OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The location of the contained service. The MIB defines the
|
|
following tables which may be pointed to by this column:
|
|
|
|
etsysFWServiceTable
|
|
|
|
Implementations should prevent recursion and return the
|
|
inconsistentName exception if the SnmpAdminString value
|
|
references an etsysFWServiceGroupTable row that already
|
|
contains the etsysFWServiceGroupName of this row.
|
|
|
|
If this column is set to a SnmpAdminString value which
|
|
references a non-existent row in an otherwise supported
|
|
table, the inconsistentName exception should be returned.
|
|
If the table or scalar pointed to by the SnmpAdminString is
|
|
not supported at all, then an inconsistentValue exception
|
|
should be returned."
|
|
::= { etsysFWServiceInSvcGrpEntry 1 }
|
|
|
|
etsysFWServiceInSvcGrpStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The storage type for this row."
|
|
DEFVAL { volatile }
|
|
::= { etsysFWServiceInSvcGrpEntry 2 }
|
|
|
|
etsysFWServiceInSvcGrpRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the conceptual status of this row.
|
|
|
|
The value of this object has no effect on whether other
|
|
objects in this conceptual row can be modified.
|
|
|
|
This object cannot be made active until the service or
|
|
service group referenced by the etsysFWNetwkInNetGrpSubService
|
|
is both defined and is active. An attempt to do so will
|
|
result in an inconsistentValue error."
|
|
::= { etsysFWServiceInSvcGrpEntry 3 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- IP Service Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWServiceMaxEntries OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of entries allowed in the
|
|
etsysFWServiceTable."
|
|
::= { etsysFWPolicyServices 8 }
|
|
|
|
etsysFWServiceNumEntries OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries in the
|
|
etsysFWServiceTable."
|
|
::= { etsysFWPolicyServices 9 }
|
|
|
|
etsysFWServiceLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWServiceTable was last
|
|
modified."
|
|
::= { etsysFWPolicyServices 10 }
|
|
|
|
etsysFWServiceTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWServiceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains a list of service definitions to be used
|
|
within the etsysFWPolicyRuleDefTable.
|
|
|
|
The implementation may choose to allow modifications to this
|
|
table only under certain SNMP contexts. The
|
|
etsysFWServiceStorageType for a given SNMP context may be
|
|
readOnly, meaning the row cannot be modified or deleted. In
|
|
another SNMP context, the etsysFWServiceStorageType value
|
|
could allow the row to be modified or deleted."
|
|
::= { etsysFWPolicyServices 11 }
|
|
|
|
etsysFWServiceEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWServiceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A definition of a service."
|
|
INDEX { etsysFWServiceName }
|
|
::= { etsysFWServiceTable 1 }
|
|
|
|
EtsysFWServiceEntry ::=
|
|
SEQUENCE {
|
|
etsysFWServiceName SnmpAdminString,
|
|
etsysFWServiceSrcLowPort InetPortNumber,
|
|
etsysFWServiceSrcHighPort InetPortNumber,
|
|
etsysFWServiceDstLowPort InetPortNumber,
|
|
etsysFWServiceDstHighPort InetPortNumber,
|
|
etsysFWServiceProtocol INTEGER,
|
|
etsysFWServiceStorageType StorageType,
|
|
etsysFWServiceRowStatus RowStatus
|
|
}
|
|
|
|
etsysFWServiceName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The administrative name for this filter."
|
|
::= { etsysFWServiceEntry 1 }
|
|
|
|
etsysFWServiceSrcLowPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The low port of the port range a packet's source must match
|
|
against. To match, the port number must be greater than or
|
|
equal to this value.
|
|
|
|
This object is only used if sourcePort is set in
|
|
etsysFWServiceType, in which case the value of 0 for
|
|
this object is illegal."
|
|
::= { etsysFWServiceEntry 2 }
|
|
|
|
etsysFWServiceSrcHighPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The high port of the port range a packet's source must match
|
|
against. To match, the port number must be less than or
|
|
equal to this value.
|
|
|
|
This object is only used if sourcePort is set in
|
|
etsysFWServiceType, in which case the value of 0 for
|
|
this object is illegal."
|
|
::= { etsysFWServiceEntry 3 }
|
|
|
|
etsysFWServiceDstLowPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The low port of the port range a packet's destination must
|
|
match against. To match, the port number must be greater
|
|
than or equal to this value.
|
|
|
|
This object is only used if destinationPort is set in
|
|
etsysFWServiceType, in which case the value of 0 for
|
|
this object is illegal."
|
|
::= { etsysFWServiceEntry 4 }
|
|
|
|
etsysFWServiceDstHighPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The high port of the port range a packet's destination must
|
|
match against. To match, the port number must be less than
|
|
or equal to this value.
|
|
|
|
This object is only used if destinationPort is set in
|
|
etsysFWServiceType, in which case the value of 0 for
|
|
this object is illegal."
|
|
::= { etsysFWServiceEntry 5 }
|
|
|
|
etsysFWServiceProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER { tcp (1),
|
|
udp (2) }
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol number the incoming packet must match against
|
|
for this filter to be evaluated as true.
|
|
|
|
This object is only used if protocol is set in
|
|
etsysFWServiceType."
|
|
::= { etsysFWServiceEntry 6 }
|
|
|
|
etsysFWServiceStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The storage type for this row."
|
|
DEFVAL { volatile }
|
|
::= { etsysFWServiceEntry 7 }
|
|
|
|
etsysFWServiceRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the conceptual status of this row.
|
|
|
|
The value of this object has no effect on whether other
|
|
objects in this conceptual row can be modified."
|
|
::= { etsysFWServiceEntry 8 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Filter Definition Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWFilterDefMaxEntries OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of entries allowed in the
|
|
etsysFWFilterDefTable."
|
|
::= { etsysFWPolicyFilters 1 }
|
|
|
|
etsysFWFilterDefNumEntries OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries in the
|
|
etsysFWFilterDefTable."
|
|
::= { etsysFWPolicyFilters 2 }
|
|
|
|
etsysFWFilterDefLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWFilterDefTable was last
|
|
modified."
|
|
::= { etsysFWPolicyFilters 3 }
|
|
|
|
etsysFWFilterDefTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWFilterDefEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table defines a policy rule by associating a network
|
|
objects with a filter or a set of filters and an action to take
|
|
when the filter is true.
|
|
|
|
The implementation may choose to allow modifications to this
|
|
table only under certain SNMP contexts. The
|
|
etsysFWFilterDefStorageType for a given SNMP context may be
|
|
readOnly, meaning the row cannot be modified or deleted. In
|
|
another SNMP context, the etsysFWFilterDefStorageType value
|
|
could allow the row to be modified or deleted."
|
|
::= { etsysFWPolicyFilters 4 }
|
|
|
|
etsysFWFilterDefEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWFilterDefEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row defining a particular filter definition. A rule
|
|
definition binds a filter pointer to an action."
|
|
INDEX { etsysFWFilterDefName }
|
|
::= { etsysFWFilterDefTable 1 }
|
|
|
|
EtsysFWFilterDefEntry ::=
|
|
SEQUENCE {
|
|
etsysFWFilterDefName SnmpAdminString,
|
|
etsysFWFilterDefSrcNetwork VariablePointer,
|
|
etsysFWFilterDefDstNetwork VariablePointer,
|
|
etsysFWFilterDefBidirectional TruthValue,
|
|
etsysFWFilterDefProtocol Integer32,
|
|
etsysFWFilterDefICMPType Integer32,
|
|
etsysFWFilterDefLogging TruthValue,
|
|
etsysFWFilterDefStorageType StorageType,
|
|
etsysFWFilterDefRowStatus RowStatus
|
|
}
|
|
|
|
etsysFWFilterDefName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"etsysFWFilterDefName is the administratively assigned
|
|
name of the policy rule."
|
|
::= { etsysFWFilterDefEntry 1 }
|
|
|
|
etsysFWFilterDefSrcNetwork OBJECT-TYPE
|
|
SYNTAX VariablePointer
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If the source address of the packet is in the set of
|
|
addresses defined by the network object pointed to by
|
|
etsysFWFilterDefSrcNetwork and the destination address
|
|
is in the set of addresses defined by the network object
|
|
pointed to by etsysFWFilterDefDstNetwork, the firewall
|
|
will evaluate the etsysFWFilterDefFilter for the packet.
|
|
|
|
This MIB defines the following tables which may
|
|
be pointed to by this column. Implementations may choose to
|
|
provide support for other network tables or scalars as well:
|
|
|
|
etsysFWNetworkGroupTable
|
|
etsysFWNetworkTable
|
|
|
|
If this column is set to an SnmpAdminString value which
|
|
references a non-existent row in an otherwise supported
|
|
table, the inconsistentName exception should be returned.
|
|
If the table or scalar pointed to by the VariablePointer is
|
|
not supported at all, then an inconsistentValue exception
|
|
should be returned."
|
|
::= { etsysFWFilterDefEntry 2 }
|
|
|
|
etsysFWFilterDefDstNetwork OBJECT-TYPE
|
|
SYNTAX VariablePointer
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If the source address of the packet is in the set of
|
|
addresses defined by the network object pointed to by
|
|
etsysFWFilterDefSrcNetwork and the destination address
|
|
is in the set of addresses defined by the network object
|
|
pointed to by etsysFWFilterDefDstNetwork, the firewall
|
|
will evaluate the etsysFWFilterDefFilter for the packet.
|
|
|
|
This MIB defines the following tables which may
|
|
be pointed to by this column. Implementations may choose to
|
|
provide support for other network tables or scalars as well:
|
|
|
|
etsysFWNetworkGroupTable
|
|
etsysFWNetworkTable
|
|
|
|
If this column is set to a VariablePointer value which
|
|
references a non-existent row in an otherwise supported
|
|
table, the inconsistentName exception should be returned.
|
|
If the table or scalar pointed to by the VariablePointer is
|
|
not supported at all, then an inconsistentValue exception
|
|
should be returned."
|
|
::= { etsysFWFilterDefEntry 3 }
|
|
|
|
etsysFWFilterDefBidirectional OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A policy may be specified as bidirectional to mean that it also
|
|
operates with the etsysFWFilterDefSrcNetwork and
|
|
etsysFWFilterDefDstNetwork reversed.
|
|
If this column is false, the policy operates only in the
|
|
direction defined by etsysFWFilterDefSrcNetwork and
|
|
etsysFWFilterDefDstNetwork."
|
|
DEFVAL { false }
|
|
::= { etsysFWFilterDefEntry 4 }
|
|
|
|
etsysFWFilterDefProtocol OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"x"
|
|
::= { etsysFWFilterDefEntry 5 }
|
|
|
|
etsysFWFilterDefICMPType OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"x"
|
|
::= { etsysFWFilterDefEntry 6 }
|
|
|
|
etsysFWFilterDefLogging OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When the filter is true, log the activity of this rule."
|
|
DEFVAL { false }
|
|
::= { etsysFWFilterDefEntry 7 }
|
|
|
|
etsysFWFilterDefStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The storage type for this row."
|
|
DEFVAL { volatile }
|
|
::= { etsysFWFilterDefEntry 8 }
|
|
|
|
etsysFWFilterDefRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the conceptual status of this row.
|
|
|
|
The value of this object has no effect on whether other
|
|
objects in this conceptual row can be modified.
|
|
|
|
This object SHOULD NOT be set to active until the containing
|
|
networks and filters have been defined. Once active, it
|
|
MUST remain active until no etsysFWGroupFilterDef
|
|
entries are referencing it."
|
|
::= { etsysFWFilterDefEntry 9 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Command Line String Filters
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWCLSFilterMaxFilters OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of CLS filters allowed per
|
|
etsysFWPolicyRuleDefName."
|
|
::= { etsysFWPolicyFilters 5 }
|
|
|
|
etsysFWCLSFilterLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWCLSFilterTable was last
|
|
modified."
|
|
::= { etsysFWPolicyFilters 6 }
|
|
|
|
etsysFWCLSFilterTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWCLSFilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table defines the command line string filters that can be
|
|
applied to a policy rule definition.
|
|
|
|
The implementation may choose to allow modifications to this
|
|
table only under certain SNMP contexts. The
|
|
etsysFWGroupPolicyStorageType for a given SNMP context may be
|
|
readOnly, meaning the row cannot be modified or deleted. In
|
|
another SNMP context, the etsysFWGroupPolicyStorageType value
|
|
could allow the row to be modified or deleted."
|
|
::= { etsysFWPolicyFilters 7 }
|
|
|
|
etsysFWCLSFilterEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWCLSFilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row defining a particular command line string filter."
|
|
INDEX { etsysFWPolicyRuleDefName, etsysFWCLSFilterIndex }
|
|
::= { etsysFWCLSFilterTable 1 }
|
|
|
|
EtsysFWCLSFilterEntry ::=
|
|
SEQUENCE {
|
|
etsysFWCLSFilterIndex Integer32,
|
|
etsysFWCLSFilterWord SnmpAdminString,
|
|
etsysFWCLSFilterStorageType StorageType,
|
|
etsysFWCLSFilterRowStatus RowStatus
|
|
}
|
|
|
|
etsysFWCLSFilterIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..256)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { etsysFWCLSFilterEntry 1 }
|
|
|
|
etsysFWCLSFilterWord OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { etsysFWCLSFilterEntry 2 }
|
|
|
|
etsysFWCLSFilterStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The storage type for this row."
|
|
DEFVAL { volatile }
|
|
::= { etsysFWCLSFilterEntry 3 }
|
|
|
|
etsysFWCLSFilterRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the conceptual status of this row.
|
|
|
|
The value of this object has no effect on whether other
|
|
objects in this conceptual row can be modified."
|
|
::= { etsysFWCLSFilterEntry 4 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- HTML Filter Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWHTMLFilterTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWHTMLFilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains filters that applies to the HTML protocol.
|
|
|
|
The implementation may choose to allow modifications to this
|
|
table only under certain SNMP contexts. The
|
|
etsysFWIpOptionsHeadFiltStorageType for a given SNMP context
|
|
may be readOnly, meaning the row cannot be modified or
|
|
deleted. In another SNMP context, the
|
|
etsysFWIpOptionsHeadFiltStorageType value could allow the row
|
|
to be modified or deleted."
|
|
::= { etsysFWPolicyFilters 8 }
|
|
|
|
etsysFWHTMLFilterEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWHTMLFilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A definition of a particular filter."
|
|
INDEX { etsysFWHTMLFilterName }
|
|
::= { etsysFWHTMLFilterTable 1 }
|
|
|
|
EtsysFWHTMLFilterEntry ::=
|
|
SEQUENCE {
|
|
etsysFWHTMLFilterName SnmpAdminString,
|
|
etsysFWHTMLFilterType INTEGER,
|
|
etsysFWHTMLFilterNetwork SnmpAdminString,
|
|
etsysFWHTMLFilterLogging TruthValue,
|
|
etsysFWHTMLFilterStorageType StorageType,
|
|
etsysFWHTMLFilterRowStatus RowStatus
|
|
}
|
|
|
|
etsysFWHTMLFilterName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The administrative name for this HTML filter."
|
|
::= { etsysFWHTMLFilterEntry 1 }
|
|
|
|
etsysFWHTMLFilterType OBJECT-TYPE
|
|
SYNTAX INTEGER { none (1),
|
|
selected (2),
|
|
all (3) }
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { etsysFWHTMLFilterEntry 2 }
|
|
|
|
etsysFWHTMLFilterNetwork OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { etsysFWHTMLFilterEntry 3 }
|
|
|
|
etsysFWHTMLFilterLogging OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { etsysFWHTMLFilterEntry 4 }
|
|
|
|
etsysFWHTMLFilterStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The storage type for this row."
|
|
DEFVAL { volatile }
|
|
::= { etsysFWHTMLFilterEntry 5 }
|
|
|
|
etsysFWHTMLFilterRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the conceptual status of this row.
|
|
|
|
The value of this object has no effect on whether other
|
|
objects in this conceptual row can be modified."
|
|
::= { etsysFWHTMLFilterEntry 6 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Firewall Monitoring Objects
|
|
-- -------------------------------------------------------------
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Policy Rule True Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWPolicyRuleTrueNumEntries OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries in the
|
|
etsysFWPolicyRuleTrueTable."
|
|
::= { etsysFWMonitoringObjects 1 }
|
|
|
|
etsysFWPolicyRuleTrueLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWPolicyRuleTrueTable was last
|
|
modified."
|
|
::= { etsysFWMonitoringObjects 2 }
|
|
|
|
etsysFWPolicyRuleTrueTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWPolicyRuleTrueEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains a counter for the number of times each
|
|
policy rule has been true during packet inspection since the
|
|
last restart of the device."
|
|
::= { etsysFWMonitoringObjects 3 }
|
|
|
|
etsysFWPolicyRuleTrueEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWPolicyRuleTrueEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row in the table for a named policy rule definition."
|
|
INDEX { etsysFWPolicyRuleTrueIndex }
|
|
::= { etsysFWPolicyRuleTrueTable 1 }
|
|
|
|
EtsysFWPolicyRuleTrueEntry ::=
|
|
SEQUENCE {
|
|
etsysFWPolicyRuleTrueIndex Integer32,
|
|
etsysFWPolicyRuleTrueName SnmpAdminString,
|
|
etsysFWPolicyRuleTrueEvents Counter32,
|
|
etsysFWPolicyRuleTrueLastEvent DateAndTime
|
|
}
|
|
|
|
etsysFWPolicyRuleTrueIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..99999)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique index for this row."
|
|
::= { etsysFWPolicyRuleTrueEntry 1 }
|
|
|
|
etsysFWPolicyRuleTrueName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the policy rule."
|
|
::= { etsysFWPolicyRuleTrueEntry 2 }
|
|
|
|
etsysFWPolicyRuleTrueEvents OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of times since the device has restarted that the
|
|
rule has been true during packet inspection."
|
|
::= { etsysFWPolicyRuleTrueEntry 3 }
|
|
|
|
etsysFWPolicyRuleTrueLastEvent OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The date and time when this rule was last true during packet
|
|
inspection."
|
|
::= { etsysFWPolicyRuleTrueEntry 4 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Session Totals Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWSessionTotalsNumEntries OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries in the
|
|
etsysFWSessionTotalsTable."
|
|
::= { etsysFWMonitoringObjects 4 }
|
|
|
|
etsysFWSessionTotalsLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWSessionTotalsTable was last
|
|
modified."
|
|
::= { etsysFWMonitoringObjects 5 }
|
|
|
|
etsysFWSessionTotalsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWSessionTotalsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The firewall can perform stateful inspection of packets
|
|
to allow incoming traffic associated with outgoing packets.
|
|
These associations are sessions. This table returns data
|
|
about the total sessions indexed by protocol-id (as defined
|
|
by the assigned protocol-numbers of the IANA)."
|
|
::= { etsysFWMonitoringObjects 6 }
|
|
|
|
etsysFWSessionTotalsEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWSessionTotalsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row with the session counters for a particular protocol-id."
|
|
INDEX { etsysFWSessTotIndex }
|
|
::= { etsysFWSessionTotalsTable 1 }
|
|
|
|
EtsysFWSessionTotalsEntry ::=
|
|
SEQUENCE {
|
|
etsysFWSessTotIndex Integer32,
|
|
etsysFWSessTotProtocolID Unsigned32,
|
|
etsysFWSessTotActiveSessions Counter32,
|
|
etsysFWSessTotPeakSessions Counter32,
|
|
etsysFWSessTotBlockedSessions Counter32,
|
|
etsysFWSessTotLastBlock DateAndTime
|
|
}
|
|
|
|
etsysFWSessTotIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..999999)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique index for this row."
|
|
::= { etsysFWSessionTotalsEntry 1 }
|
|
|
|
etsysFWSessTotProtocolID OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol-id for this row."
|
|
::= { etsysFWSessionTotalsEntry 2 }
|
|
|
|
etsysFWSessTotActiveSessions OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of active sessions for this protocol."
|
|
::= { etsysFWSessionTotalsEntry 3 }
|
|
|
|
etsysFWSessTotPeakSessions OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The peak number of sessions for this protocol since the last
|
|
restart of the device."
|
|
::= { etsysFWSessionTotalsEntry 4 }
|
|
|
|
etsysFWSessTotBlockedSessions OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of sessions that have been blocked
|
|
for this protocol since the last restart of the device."
|
|
::= { etsysFWSessionTotalsEntry 5 }
|
|
|
|
etsysFWSessTotLastBlock OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The date and time of the last blocked session for this
|
|
protocol."
|
|
::= { etsysFWSessionTotalsEntry 6 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- IP Sessions Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWIpSessionNumEntries OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries in the
|
|
etsysFWIpSessionTable."
|
|
::= { etsysFWMonitoringObjects 7 }
|
|
|
|
etsysFWIpSessionLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWIpSessionTable was last
|
|
modified."
|
|
::= { etsysFWMonitoringObjects 8 }
|
|
|
|
etsysFWIpSessionTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWIpSessionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The firewall can perform stateful inspection of packets
|
|
to allow incoming traffic associated with outgoing packets.
|
|
These associations are sessions. This table returns data
|
|
about the current active sessions."
|
|
::= { etsysFWMonitoringObjects 9 }
|
|
|
|
etsysFWIpSessionEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWIpSessionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row that defines an active session."
|
|
INDEX { etsysFWIpSessionIndex }
|
|
::= { etsysFWIpSessionTable 1 }
|
|
|
|
EtsysFWIpSessionEntry ::=
|
|
SEQUENCE {
|
|
etsysFWIpSessionIndex Integer32,
|
|
etsysFWIpSessionIPVersion InetAddressType,
|
|
etsysFWIpSessionSrcAddress InetAddress,
|
|
etsysFWIpSessionDstAddress InetAddress,
|
|
etsysFWIpSessionSrcPort InetPortNumber,
|
|
etsysFWIpSessionDstPort InetPortNumber,
|
|
etsysFWIpSessionProtocolID Unsigned32,
|
|
etsysFWIpSessionCreation DateAndTime
|
|
}
|
|
|
|
etsysFWIpSessionIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..999999)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique index for this row."
|
|
::= { etsysFWIpSessionEntry 1 }
|
|
|
|
etsysFWIpSessionIPVersion OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Internet Protocol version. The value of this property
|
|
affects the size and format of the etsysFWIpSessionSrcAddress
|
|
and etsysFWIpSessionDstAddress objects."
|
|
::= { etsysFWIpSessionEntry 2 }
|
|
|
|
etsysFWIpSessionSrcAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source IP address of this session."
|
|
::= { etsysFWIpSessionEntry 3 }
|
|
|
|
etsysFWIpSessionDstAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination IP address of this session."
|
|
::= { etsysFWIpSessionEntry 4 }
|
|
|
|
etsysFWIpSessionSrcPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source port of this session."
|
|
::= { etsysFWIpSessionEntry 5 }
|
|
|
|
etsysFWIpSessionDstPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination port of this session."
|
|
::= { etsysFWIpSessionEntry 6 }
|
|
|
|
etsysFWIpSessionProtocolID OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol-id of this session (as defined
|
|
by the assigned protocol-numbers of the IANA)."
|
|
::= { etsysFWIpSessionEntry 7 }
|
|
|
|
etsysFWIpSessionCreation OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The date and time this session was created."
|
|
::= { etsysFWIpSessionEntry 8 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Authenticated Addresses Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWAuthAddressNumEntries OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries in the
|
|
etsysFWAuthAddressTable."
|
|
::= { etsysFWMonitoringObjects 10 }
|
|
|
|
etsysFWAuthAddressLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWAuthAddressTable was last
|
|
modified."
|
|
::= { etsysFWMonitoringObjects 11 }
|
|
|
|
etsysFWAuthAddressTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWAuthAddressEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The firewall has an action to allow traffic only to
|
|
IP addresses that have authenticated with the firewall.
|
|
After authentication, the authenticated address remains
|
|
in a cache as long as there are packets from the address.
|
|
This table returns the cached authenticated IP addresses.
|
|
The table rows are removed when the IP address is idle
|
|
for the number of seconds specified in etsysFWAuthTimeout."
|
|
::= { etsysFWMonitoringObjects 12 }
|
|
|
|
etsysFWAuthAddressEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWAuthAddressEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row that defines an authenticated IP address."
|
|
INDEX { etsysFWAuthAddressIndex }
|
|
::= { etsysFWAuthAddressTable 1 }
|
|
|
|
EtsysFWAuthAddressEntry ::=
|
|
SEQUENCE {
|
|
etsysFWAuthAddressIndex Integer32,
|
|
etsysFWAuthAddressIPVersion InetAddressType,
|
|
etsysFWAuthAddressIPAddress InetAddress,
|
|
etsysFWAuthAddressGroupName SnmpAdminString,
|
|
etsysFWAuthAddressIdleTime Integer32
|
|
}
|
|
|
|
etsysFWAuthAddressIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..999999)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique index for this row."
|
|
::= { etsysFWAuthAddressEntry 1 }
|
|
|
|
etsysFWAuthAddressIPVersion OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Internet Protocol version. The value of this property
|
|
affects the size and format of the etsysFWAuthAddressIPAddress
|
|
object."
|
|
::= { etsysFWAuthAddressEntry 2 }
|
|
|
|
etsysFWAuthAddressIPAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authenticated IP address."
|
|
::= { etsysFWAuthAddressEntry 3 }
|
|
|
|
etsysFWAuthAddressGroupName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The group name of the authenticated IP address."
|
|
::= { etsysFWAuthAddressEntry 4 }
|
|
|
|
etsysFWAuthAddressIdleTime OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of seconds this IP address has been idle."
|
|
::= { etsysFWAuthAddressEntry 5 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Denial of Service (DoS) Attacks Blocked Table
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWDoSBlockedNumEntries OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries in the
|
|
etsysFWDoSBlockedTable."
|
|
::= { etsysFWMonitoringObjects 13 }
|
|
|
|
etsysFWDoSBlockedLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sysUpTime at which the etsysFWDoSBlockedTable was last
|
|
modified."
|
|
::= { etsysFWMonitoringObjects 14 }
|
|
|
|
etsysFWDoSBlockedTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EtsysFWDoSBlockedEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Firewalls can provide protection from some common forms of
|
|
Denial of Service attacks. The firewall will return the total
|
|
number of times the specific DoS attack has been blocked and
|
|
the IP address and time of the last blocked attack."
|
|
::= { etsysFWMonitoringObjects 15 }
|
|
|
|
etsysFWDoSBlockedEntry OBJECT-TYPE
|
|
SYNTAX EtsysFWDoSBlockedEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row that defines the statistics for a particular DoS attack."
|
|
INDEX { etsysFWDoSAttackName }
|
|
::= { etsysFWDoSBlockedTable 1 }
|
|
|
|
EtsysFWDoSBlockedEntry ::=
|
|
SEQUENCE {
|
|
etsysFWDoSAttackName SnmpAdminString,
|
|
etsysFWDoSSrcIPVersion InetAddressType,
|
|
etsysFWDoSSrcIPAddress InetAddress,
|
|
etsysFWDoSAttackTime DateAndTime,
|
|
etsysFWDoSBlockedAttacks Counter32
|
|
}
|
|
|
|
etsysFWDoSAttackName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(1..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of a DoS attack. Example names are
|
|
'SYN Flood', 'Tear Drop', and 'ICMP Flood'."
|
|
::= { etsysFWDoSBlockedEntry 1 }
|
|
|
|
etsysFWDoSSrcIPVersion OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Internet Protocol version. The value of this property
|
|
affects the size and format of the etsysFWDoSScrIPAddress
|
|
object."
|
|
::= { etsysFWDoSBlockedEntry 2 }
|
|
|
|
etsysFWDoSSrcIPAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source IP address of the last blocked attack."
|
|
::= { etsysFWDoSBlockedEntry 3 }
|
|
|
|
etsysFWDoSAttackTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time of the last blocked attack."
|
|
::= { etsysFWDoSBlockedEntry 4 }
|
|
|
|
etsysFWDoSBlockedAttacks OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of times this DoS attack has been blocked since
|
|
the last restart of the device."
|
|
::= { etsysFWDoSBlockedEntry 5 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Conformance Information
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFirewallConformance OBJECT IDENTIFIER
|
|
::= { etsysFirewallMIB 4 }
|
|
|
|
etsysFirewallGroups OBJECT IDENTIFIER
|
|
::= { etsysFirewallConformance 1 }
|
|
|
|
etsysFirewallCompliances OBJECT IDENTIFIER
|
|
::= { etsysFirewallConformance 2 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Units of Conformance
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFWFirewallEnabledGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWFirewallEnabled
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Firewall Enabled Group."
|
|
::= { etsysFirewallGroups 1 }
|
|
|
|
etsysFWFirewallConfigGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWTcpTimeout,
|
|
etsysFWUdpTimeout,
|
|
etsysFWIcmpTimeout,
|
|
etsysFWAuthTimeout,
|
|
etsysFWAuthPort,
|
|
etsysFWLoggingThreshold,
|
|
etsysFWRPCMicrosoftTimeout,
|
|
etsysFWRPCSunTimeout
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Firewall Configuration Group for general system parameters."
|
|
::= { etsysFirewallGroups 2 }
|
|
|
|
etsysFWFirewallIntfGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWFirewallOnIntfLastChange,
|
|
etsysFWFirewallOnIntfEnabled,
|
|
etsysFWFirewallOnIntfStorageType,
|
|
etsysFWFirewallOnIntfRowStatus,
|
|
etsysFWFirewallIntfFilterLastChange,
|
|
etsysFWFirewallIntfFilterDirection,
|
|
etsysFWFirewallIntfFilterStorageType,
|
|
etsysFWFirewallIntfFilterRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Firewall on Interface Enabled Group for enabling
|
|
the firewall on individual interfaces."
|
|
::= { etsysFirewallGroups 3 }
|
|
|
|
|
|
etsysFWSystemPolicyNameGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWSystemPolicyGroupName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The System Policy Group Name Group."
|
|
::= { etsysFirewallGroups 4 }
|
|
|
|
etsysFWInterfacePolicyGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWIntfToGroupLastChange,
|
|
etsysFWIntfToGroupStorageType,
|
|
etsysFWIntfToGroupRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Interface to Policy Table Group."
|
|
::= { etsysFirewallGroups 5 }
|
|
|
|
etsysFWGroupPolicyGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWGroupPolicyLastChange,
|
|
etsysFWGroupPolicyPriority,
|
|
etsysFWGroupPolicyStorageType,
|
|
etsysFWGroupPolicyRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Group Policy to Rule Definition Table Group."
|
|
::= { etsysFirewallGroups 6 }
|
|
|
|
etsysFWPolicyRuleDefGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWPolicyRuleDefMaxEntries,
|
|
etsysFWPolicyRuleDefNumEntries,
|
|
etsysFWPolicyRuleDefLastChange,
|
|
etsysFWPolicyRuleDefSrcNetwork,
|
|
etsysFWPolicyRuleDefDstNetwork,
|
|
etsysFWPolicyRuleDefBidirectional,
|
|
etsysFWPolicyRuleDefService,
|
|
etsysFWPolicyRuleAuthName,
|
|
etsysFWPolicyRuleDefAction,
|
|
etsysFWPolicyRuleDefLogging,
|
|
etsysFWPolicyRuleDefStorageType,
|
|
etsysFWPolicyRuleDefRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Policy Rule Definition Table Group."
|
|
::= { etsysFirewallGroups 7 }
|
|
|
|
etsysFWNetworkGroupGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWNetworkGroupMaxEntries,
|
|
etsysFWNetworkGroupNumEntries,
|
|
etsysFWNetworkGroupLastChange,
|
|
etsysFWNetworkGroupStorageType,
|
|
etsysFWNetworkGroupRowStatus,
|
|
etsysFWNetworkGroupMaxNetworks,
|
|
etsysFWNetwkInNetGrpLastChange,
|
|
etsysFWNetwkInNetGrpStorageType,
|
|
etsysFWNetwkInNetGrpRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Network Group Network In Network Group Tables Group"
|
|
::= { etsysFirewallGroups 8 }
|
|
|
|
etsysFWNetworkGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWNetworkMaxEntries,
|
|
etsysFWNetworkNumEntries,
|
|
etsysFWNetworkLastChange,
|
|
etsysFWNetworkRealm,
|
|
etsysFWNetworkRangeOrMask,
|
|
etsysFWNetworkIPVersion,
|
|
etsysFWNetworkIPAddressBegin,
|
|
etsysFWNetworkIPAddressEnd,
|
|
etsysFWNetworkIPAddressMask,
|
|
etsysFWNetworkStorageType,
|
|
etsysFWNetworkRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Network Table Group."
|
|
::= { etsysFirewallGroups 9 }
|
|
|
|
etsysFWServiceGroupGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWServiceGroupMaxEntries,
|
|
etsysFWServiceGroupNumEntries,
|
|
etsysFWServiceGroupLastChange,
|
|
etsysFWServiceGroupStorageType,
|
|
etsysFWServiceGroupRowStatus,
|
|
etsysFWServiceGroupMaxServices,
|
|
etsysFWServiceInSvcGrpLastChange,
|
|
etsysFWServiceInSvcGrpStorageType,
|
|
etsysFWServiceInSvcGrpRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Service Group in Servce Group Tables Group."
|
|
::= { etsysFirewallGroups 10 }
|
|
|
|
etsysFWServiceGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWServiceMaxEntries,
|
|
etsysFWServiceNumEntries,
|
|
etsysFWServiceLastChange,
|
|
etsysFWServiceSrcLowPort,
|
|
etsysFWServiceSrcHighPort,
|
|
etsysFWServiceDstLowPort,
|
|
etsysFWServiceDstHighPort,
|
|
etsysFWServiceProtocol,
|
|
etsysFWServiceStorageType,
|
|
etsysFWServiceRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Service Table Group."
|
|
::= { etsysFirewallGroups 11 }
|
|
|
|
etsysFWFilterGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWFilterDefMaxEntries,
|
|
etsysFWFilterDefNumEntries,
|
|
etsysFWFilterDefLastChange,
|
|
etsysFWFilterDefSrcNetwork,
|
|
etsysFWFilterDefDstNetwork,
|
|
etsysFWFilterDefBidirectional,
|
|
etsysFWFilterDefProtocol,
|
|
etsysFWFilterDefICMPType,
|
|
etsysFWFilterDefLogging,
|
|
etsysFWFilterDefStorageType,
|
|
etsysFWFilterDefRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Filter Table Group."
|
|
::= { etsysFirewallGroups 12 }
|
|
|
|
etsysFWCLSFilterGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWCLSFilterMaxFilters,
|
|
etsysFWCLSFilterLastChange,
|
|
etsysFWCLSFilterWord,
|
|
etsysFWCLSFilterStorageType,
|
|
etsysFWCLSFilterRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The CLS Filter Table Group."
|
|
::= { etsysFirewallGroups 13 }
|
|
|
|
etsysFWHTMLFilterGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWHTMLFilterType,
|
|
etsysFWHTMLFilterNetwork,
|
|
etsysFWHTMLFilterLogging,
|
|
etsysFWHTMLFilterStorageType,
|
|
etsysFWHTMLFilterRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The HTML Filter Table Group."
|
|
::= { etsysFirewallGroups 14 }
|
|
|
|
etsysFWPolicyRuleTrueGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWPolicyRuleTrueNumEntries,
|
|
etsysFWPolicyRuleTrueLastChange,
|
|
etsysFWPolicyRuleTrueIndex,
|
|
etsysFWPolicyRuleTrueName,
|
|
etsysFWPolicyRuleTrueEvents,
|
|
etsysFWPolicyRuleTrueLastEvent
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Policy Rule True Table Group."
|
|
::= { etsysFirewallGroups 15 }
|
|
|
|
etsysFWSessionTotalsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWSessionTotalsNumEntries,
|
|
etsysFWSessionTotalsLastChange,
|
|
etsysFWSessTotIndex,
|
|
etsysFWSessTotProtocolID,
|
|
etsysFWSessTotActiveSessions,
|
|
etsysFWSessTotPeakSessions,
|
|
etsysFWSessTotBlockedSessions,
|
|
etsysFWSessTotLastBlock
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Firewall Session Totals Table Group."
|
|
::= { etsysFirewallGroups 16 }
|
|
|
|
etsysFWIpSessionGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWIpSessionNumEntries,
|
|
etsysFWIpSessionLastChange,
|
|
etsysFWIpSessionIndex,
|
|
etsysFWIpSessionIPVersion,
|
|
etsysFWIpSessionSrcAddress,
|
|
etsysFWIpSessionDstAddress,
|
|
etsysFWIpSessionSrcPort,
|
|
etsysFWIpSessionDstPort,
|
|
etsysFWIpSessionProtocolID,
|
|
etsysFWIpSessionCreation
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Firewall IP Sessions Table Group."
|
|
::= { etsysFirewallGroups 17 }
|
|
|
|
etsysFWAuthAddressGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWAuthAddressNumEntries,
|
|
etsysFWAuthAddressLastChange,
|
|
etsysFWAuthAddressIndex,
|
|
etsysFWAuthAddressIPVersion,
|
|
etsysFWAuthAddressIPAddress,
|
|
etsysFWAuthAddressGroupName,
|
|
etsysFWAuthAddressIdleTime
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Firewall Authenticated Addresses Table Group."
|
|
::= { etsysFirewallGroups 18 }
|
|
|
|
etsysFWDoSBlockedGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
etsysFWDoSBlockedNumEntries,
|
|
etsysFWDoSBlockedLastChange,
|
|
etsysFWDoSAttackName,
|
|
etsysFWDoSSrcIPVersion,
|
|
etsysFWDoSSrcIPAddress,
|
|
etsysFWDoSAttackTime,
|
|
etsysFWDoSBlockedAttacks
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Firewall DoS Blocked Attacks Table Group."
|
|
::= { etsysFirewallGroups 19 }
|
|
|
|
|
|
-- -------------------------------------------------------------
|
|
-- Compliance statements
|
|
-- -------------------------------------------------------------
|
|
|
|
etsysFirewallCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for devices that support the
|
|
etsysFirewallMIB."
|
|
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { etsysFWFirewallEnabledGroup,
|
|
etsysFWGroupPolicyGroup,
|
|
etsysFWPolicyRuleDefGroup,
|
|
etsysFWNetworkGroup }
|
|
|
|
GROUP etsysFWFirewallConfigGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for firewall implementations
|
|
which support these global configuration settings."
|
|
|
|
GROUP etsysFWFirewallIntfGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for firewall implementations
|
|
which support enabling packet inspection on
|
|
individual interfaces."
|
|
|
|
GROUP etsysFWSystemPolicyNameGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for firewall policy
|
|
implementations which support a system or global
|
|
firewall policy."
|
|
|
|
GROUP etsysFWInterfacePolicyGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for firewall policy
|
|
implementations which support distinct policy on
|
|
individual interfaces."
|
|
|
|
GROUP etsysFWNetworkGroupGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for firewall policy
|
|
implementations which support network groups."
|
|
|
|
GROUP etsysFWServiceGroupGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for firewall policy
|
|
implementations which support service group."
|
|
|
|
GROUP etsysFWServiceGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for firewall policy
|
|
implementations which support service
|
|
defined in this MIB."
|
|
|
|
GROUP etsysFWFilterGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for firewall policy
|
|
implementations which support filters."
|
|
|
|
GROUP etsysFWCLSFilterGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for firewall policy
|
|
implementations which support CLS filters."
|
|
|
|
GROUP etsysFWHTMLFilterGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for firewall policy
|
|
implementations which support HTML filters."
|
|
|
|
GROUP etsysFWPolicyRuleTrueGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for firewall implementations
|
|
which support a counter for the number of times a
|
|
policy rule is true."
|
|
|
|
GROUP etsysFWSessionTotalsGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for firewall implementations
|
|
which support counters for IP protocol sessions."
|
|
|
|
GROUP etsysFWIpSessionGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for firewall implementations
|
|
which support active session information."
|
|
|
|
GROUP etsysFWAuthAddressGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for firewall implementations
|
|
which support current authenticated address information."
|
|
|
|
GROUP etsysFWDoSBlockedGroup
|
|
DESCRIPTION
|
|
"This group is mandatory for firewall implementations
|
|
which support blocking common DoS attacks."
|
|
|
|
::= { etsysFirewallCompliances 1 }
|
|
|
|
END
|