ENTERASYS-FIREWALL-MIB DEFINITIONS ::= BEGIN -- enterasys-firewall-mib.txt -- -- Part Number: -- -- -- This module provides authoritative definitions for Enterasys -- Networks' Firewall MIB. -- -- This module will be extended, as needed. -- Enterasys Networks reserves the right to make changes in this -- specification and other information contained in this document -- without prior notice. The reader should consult Enterasys Networks -- to determine whether any such changes have been made. -- -- In no event shall Enterasys Networks be liable for any incidental, -- indirect, special, or consequential damages whatsoever (including -- but not limited to lost profits) arising out of or related to this -- document or the information contained in it, even if Enterasys -- Networks has been advised of, known, or should have known, the -- possibility of such damages. -- -- Enterasys Networks grants vendors, end-users, and other interested -- parties a non-exclusive license to use this Specification in -- connection with the management of Enterasys Networks products. -- Copyright April, 2003 Enterasys Networks, Inc. IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32, Unsigned32, Gauge32 FROM SNMPv2-SMI RowStatus, StorageType, TruthValue, TimeStamp, VariablePointer, DateAndTime FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB InetAddressType, InetAddress, InetPortNumber FROM INET-ADDRESS-MIB ifIndex FROM IF-MIB etsysModules FROM ENTERASYS-MIB-NAMES; etsysFirewallMIB MODULE-IDENTITY LAST-UPDATED "200411172222Z" -- Wed Nov 17 22:22 GMT 2004 ORGANIZATION "Enterasys Networks, Inc" CONTACT-INFO "Postal: Enterasys Networks 50 Minuteman Rd. Andover, MA 01801-1008 USA Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com" DESCRIPTION "This MIB module defines a portion of the SNMP MIB under the Enterasys Networks enterprise OID pertaining to the configuration, policy, and monitoring of firewall network devices." REVISION "200411172222Z" -- Wed Nov 17 22:22 GMT 2004 DESCRIPTION "The initial version of this MIB module." ::= { etsysModules 37 } -- ------------------------------------------------------------- -- MIB Objects -- ------------------------------------------------------------- etsysFWConfigurationObjects OBJECT IDENTIFIER ::= { etsysFirewallMIB 1 } etsysFWPolicyObjects OBJECT IDENTIFIER ::= { etsysFirewallMIB 2 } etsysFWMonitoringObjects OBJECT IDENTIFIER ::= { etsysFirewallMIB 3 } etsysFWPolicyGroups OBJECT IDENTIFIER ::= { etsysFWPolicyObjects 1 } etsysFWPolicyRules OBJECT IDENTIFIER ::= { etsysFWPolicyObjects 2 } etsysFWPolicyNetworks OBJECT IDENTIFIER ::= { etsysFWPolicyObjects 3 } etsysFWPolicyServices OBJECT IDENTIFIER ::= { etsysFWPolicyObjects 4 } etsysFWPolicyFilters OBJECT IDENTIFIER ::= { etsysFWPolicyObjects 5 } -- ------------------------------------------------------------- -- Firewall Configuration Objects -- ------------------------------------------------------------- etsysFWFirewallEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The current state of the firewall is returned when this value is read. Setting the value to true causes the firewall to start inspecting packets. Setting the value to false causes the firewall to stop inspecting packets. The value read could be different than the last value set if the state is changed by a means other than this MIB." ::= { etsysFWConfigurationObjects 1 } etsysFWTcpTimeout OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Firewalls can perform stateful inspection of TCP sessions. TCP sessions are created and deleted by monitoring TCP SYNC/ACK/FIN flags. Inactivity for the period specified by this object will delete the TCP session." DEFVAL { 1200 } ::= { etsysFWConfigurationObjects 2 } etsysFWUdpTimeout OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Firewalls can perform stateful inspection of UDP sessions. UDP sessions are created on the first outbound UDP packet. Inactivity for the period specified by this object will delete the UDP session." DEFVAL { 600 } ::= { etsysFWConfigurationObjects 3 } etsysFWIcmpTimeout OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "ICMP sessions are created on an outbound ICMP echo request. Inactivity for the period specified by this object will delete the ICMP session." DEFVAL { 60 } ::= { etsysFWConfigurationObjects 4 } etsysFWAuthTimeout OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Firewalls can be configured to only allow packets from IP addresses that have been authenticated. An authenticated IP address will need to re-authenticate if there is no traffic from that address for the period specified by this object." DEFVAL { 60 } ::= { etsysFWConfigurationObjects 5 } etsysFWAuthPort OBJECT-TYPE SYNTAX Integer32 (1024..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Firewalls can be configured to only allow packets from IP addresses that have been authenticated. This object specifies the port on which the firewall listens for authentication requests." DEFVAL { 3000 } ::= { etsysFWConfigurationObjects 6 } etsysFWLoggingThreshold OBJECT-TYPE SYNTAX Integer32 (0..7) MAX-ACCESS read-write STATUS current DESCRIPTION "The threshold for firewall event logging. Events with severity equal to or less than the value specified will be logged. The value corresponds to syslog severity levels as defined in RFC3164." DEFVAL { 3 } ::= { etsysFWConfigurationObjects 7 } etsysFWRPCMicrosoftTimeout OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The idle session timeout on packet inspection for Remote Procedure Call (RPC) -based applications. This Application Level Gateway (ALG) supports two types of RPCs - SUN (used by most UNIX systems) and Microsoft. If the RPC-based session is idle for the specified period, it will be shutdown." DEFVAL { 3 } ::= { etsysFWConfigurationObjects 8 } etsysFWRPCSunTimeout OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The idle session timeout on packet inspection for Remote Procedure Call (RPC) -based applications. This Application Level Gateway (ALG) supports two types of RPCs - SUN (used by most UNIX systems) and Microsoft. If the RPC-based session is idle for the specified period, it will be shutdown." DEFVAL { 3 } ::= { etsysFWConfigurationObjects 9 } -- ------------------------------------------------------------- -- ------------------------------------------------------------- -- Interface to Firewall State Table -- ------------------------------------------------------------- etsysFWFirewallOnIntfLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWFirewallOnIntfTable was last modified." ::= { etsysFWConfigurationObjects 10 } etsysFWFirewallOnIntfTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWFirewallOnIntfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table defines the state of the firewall on individual interfaces. The firewall may be enabled or disabled for each interface on the device. The effective state of the firewall depends on the setting of etsysFWFirewallEnabled. | | interface etsysFWFirewallEnabled | etsysFWFirewallOnIntfEnabled | effective | | state ----------------------------------------------------------------- true true enabled true false disabled false true disabled false false disabled If an interface is not represented in this table, then its effective state is determined by etsysFWFirewallEnabled. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWFirewallOnIntfStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWFirewallOnIntfStorageType value could allow the row to be modified or deleted." ::= { etsysFWConfigurationObjects 11 } etsysFWFirewallOnIntfEntry OBJECT-TYPE SYNTAX EtsysFWFirewallOnIntfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row defining whether firewall is enabled for a particular interface." INDEX { ifIndex } ::= { etsysFWFirewallOnIntfTable 1 } EtsysFWFirewallOnIntfEntry ::= SEQUENCE { etsysFWFirewallOnIntfEnabled TruthValue, etsysFWFirewallOnIntfStorageType StorageType, etsysFWFirewallOnIntfRowStatus RowStatus } etsysFWFirewallOnIntfEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The current state of the firewall is returned when this value is read. This setting is only effective when etsysFWFirewallEnabled is true. Setting the value to true causes the firewall to start inspecting packets, if etsysFWFirewallEnabled is true. Setting the value to false causes the firewall to stop inspecting packets, if etsysFWFirewallEnabled is true." DEFVAL { false } ::= { etsysFWFirewallOnIntfEntry 1 } etsysFWFirewallOnIntfStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this row." DEFVAL { volatile } ::= { etsysFWFirewallOnIntfEntry 2 } etsysFWFirewallOnIntfRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row. The value of this object has no effect on whether other objects in this conceptual row can be modified." ::= { etsysFWFirewallOnIntfEntry 3 } -- ------------------------------------------------------------- -- ------------------------------------------------------------- -- Interface to Firewall Filter Table -- ------------------------------------------------------------- etsysFWFirewallIntfFilterLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWFirewallIntfFilterTable was last modified." ::= { etsysFWConfigurationObjects 12 } etsysFWFirewallIntfFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWFirewallIntfFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table defines the IP filters applied to individual interfaces. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWFirewallIntfFilterStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWFirewallIntfFilterStorageType value could allow the row to be modified or deleted." ::= { etsysFWConfigurationObjects 13 } etsysFWFirewallIntfFilterEntry OBJECT-TYPE SYNTAX EtsysFWFirewallIntfFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row defining the IP filters applied to individual interfaces." INDEX { ifIndex, etsysFWFirewallIntfFilterType } ::= { etsysFWFirewallIntfFilterTable 1 } EtsysFWFirewallIntfFilterEntry ::= SEQUENCE { etsysFWFirewallIntfFilterType INTEGER, etsysFWFirewallIntfFilterDirection INTEGER, etsysFWFirewallIntfFilterStorageType StorageType, etsysFWFirewallIntfFilterRowStatus RowStatus } etsysFWFirewallIntfFilterType OBJECT-TYPE SYNTAX INTEGER { ipBroadcast (1), ipMulticast (2), ipOptionAll (3), ipOptionOther (4), ipOptionLooseSourceRoute (5), ipOptionRecordRoute (6), ipOptionStrictSourceRoute (7), ipOptionTimeStamp (8) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of IP filter that applies on a particular interface. ipBroadcast - This filter type allows incoming/outgoing IP packets through the firewall with 255.255.255.255 set as the destination address. It enables broadcast protocols such as DHCP to traverse the firewall. ipMulticast - This filter type allows incoming/outgoing IP packets with a multicast destination address through the firewall. It enables multicast protocols such as RIP and OSPF to traverse the firewall. ipOptionAll - All IP options allowed. ipOptionOther - Any IP option other than those explicitly supported by the command. ipOptionLooseSourceRoute - Requests routing that includes the specified routers. This routing path includes a sequence of IP addresses a datagram must follow to its destination but allows multiple network hops between successive addresses on the list. ipOptionRecordRoute - Traces a route. It allows the source to create an empty list of IP addresses and arrange for each router that router that handles a datagram to add its IP address to the list. When a datagram arrives, the destination device can extract and and process the list of addresses. ipOptionStrictSourceRoute - Specifies an exact route through the Internet. This routing path includes a sequence of IP addresses a datagram must follow, hop by hop, from its source to destination. The path between two successive addresses in the list must consist of a single physical network. ipOptionTimeStamp - Records timestamps along a route. It is similar to the record route option in that every router from source to destination adds its IP address, and a timestamp, to the list. The timestamp notes the time and date a router handled the datagram, expressed in milliseconds since midnight, Universal Time." ::= { etsysFWFirewallIntfFilterEntry 1 } etsysFWFirewallIntfFilterDirection OBJECT-TYPE SYNTAX INTEGER { none (1), in (2), out (3), both (4) } MAX-ACCESS read-create STATUS current DESCRIPTION "The direction which the filter is applied. none - Denies the packet that matched the filter type. in - Allows the packet that matched the filter type to enter the interface. out - Allows the packet that matched the filter type to exit the interface. both - Allows the packet that matched the filter type to enter and exit the interface." DEFVAL { none } ::= { etsysFWFirewallIntfFilterEntry 2 } etsysFWFirewallIntfFilterStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this row." DEFVAL { volatile } ::= { etsysFWFirewallIntfFilterEntry 3 } etsysFWFirewallIntfFilterRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row. The value of this object has no effect on whether other objects in this conceptual row can be modified." ::= { etsysFWFirewallIntfFilterEntry 4 } -- ------------------------------------------------------------- -- Firewall Policy Objects -- ------------------------------------------------------------- etsysFWSystemPolicyGroupName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "The name of the policy group containing the global system policy. The value of etsysFWSystemPolicyGroupName should be used as an index into the etsysFWGroupPolicyTable to determine the list of rules that MUST be applied to the system. A zero length string indicates no system wide policy exists, and the default policy of 'allow' should be executed until one is imposed by either this object or by the interface processing the packet. Since policy group names are unique, the etsysFWSystemPolicyGroupName MUST NOT be equal to any etsysFWIntfToGroupName objects." ::= { etsysFWPolicyGroups 1 } -- ------------------------------------------------------------- -- Interface to Policy Group Table -- ------------------------------------------------------------- etsysFWIntfToGroupLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWIntfToGroupTable was last modified." ::= { etsysFWPolicyGroups 2 } etsysFWIntfToGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWIntfToGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table defines the group of firewall rules applied to individual interfaces. Rules for this group will be applied in the etsysFWGroupPolicyTable. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWIntfToGroupStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWIntfToGroupStorageType value could allow the row to be modified or deleted." ::= { etsysFWPolicyGroups 3 } etsysFWIntfToGroupEntry OBJECT-TYPE SYNTAX EtsysFWIntfToGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row defining the group name for a particular interface." INDEX { ifIndex, etsysFWIntfToGroupIntfDirection, etsysFWIntfToGroupName } ::= { etsysFWIntfToGroupTable 1 } EtsysFWIntfToGroupEntry ::= SEQUENCE { etsysFWIntfToGroupIntfDirection INTEGER, etsysFWIntfToGroupName SnmpAdminString, etsysFWIntfToGroupStorageType StorageType, etsysFWIntfToGroupRowStatus RowStatus } etsysFWIntfToGroupIntfDirection OBJECT-TYPE SYNTAX INTEGER { ingress(1), egress(2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines the direction of the packets to inspect, incoming (ingress), or outgoing (egress)." ::= { etsysFWIntfToGroupEntry 1 } etsysFWIntfToGroupName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The group name for this interface. The value of etsysFWIntfToGroupName should be used as index into the etsysFWGroupPolicyTable to determine the list of rules that MUST be applied to this interface. Since policy group names are unique, the etsysFWIntfToGroupName MUST NOT be equal to the etsysFWSystemPolicyGroupName object." ::= { etsysFWIntfToGroupEntry 2 } etsysFWIntfToGroupStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this row." DEFVAL { volatile } ::= { etsysFWIntfToGroupEntry 3 } etsysFWIntfToGroupRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified." ::= { etsysFWIntfToGroupEntry 4 } -- ------------------------------------------------------------- -- Group Policy Rules Table -- ------------------------------------------------------------- etsysFWGroupPolicyLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWGroupPolicyTable was last modified." ::= { etsysFWPolicyGroups 4 } etsysFWGroupPolicyTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWGroupPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table defines the firewall rules applied to groups. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWGroupPolicyStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWGroupPolicyStorageType value could allow the row to be modified or deleted." ::= { etsysFWPolicyGroups 5 } etsysFWGroupPolicyEntry OBJECT-TYPE SYNTAX EtsysFWGroupPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row defining a particular group policy rule and its priority." INDEX { etsysFWGroupPolicyName, etsysFWGroupPolicyRuleDef } ::= { etsysFWGroupPolicyTable 1 } EtsysFWGroupPolicyEntry ::= SEQUENCE { etsysFWGroupPolicyName SnmpAdminString, etsysFWGroupPolicyRuleDef SnmpAdminString, etsysFWGroupPolicyPriority Integer32, etsysFWGroupPolicyStorageType StorageType, etsysFWGroupPolicyRowStatus RowStatus } etsysFWGroupPolicyName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The name of the group. These names should be either the etsysFWSystemPolicyGroupName or the etsysFWIntfToGroupName from the etsysFWIntfToGroupTable." ::= { etsysFWGroupPolicyEntry 1 } etsysFWGroupPolicyRuleDef OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS not-accessible STATUS current DESCRIPTION "An etsysFWPolicyRuleDefName from the etsysFWPolicyRuleDefTable." ::= { etsysFWGroupPolicyEntry 2 } etsysFWGroupPolicyPriority OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The priority of rule in the group. The firewall applies the rules from the lowest to the highest priority. Priority can only be in the range of 0 to the maximum number of policyRuleDef in the group + 1. i.e. If there are 5 policies in the group. The maximum priority the user can create is 6." ::= { etsysFWGroupPolicyEntry 3 } etsysFWGroupPolicyStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this row." DEFVAL { volatile } ::= { etsysFWGroupPolicyEntry 4 } etsysFWGroupPolicyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified." ::= { etsysFWGroupPolicyEntry 5 } -- ------------------------------------------------------------- -- Policy Rule Definition Table -- ------------------------------------------------------------- etsysFWPolicyRuleDefMaxEntries OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of entries allowed in the etsysFWPolicyRuleDefTable." ::= { etsysFWPolicyRules 1 } etsysFWPolicyRuleDefNumEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the etsysFWPolicyRuleDefTable." ::= { etsysFWPolicyRules 2 } etsysFWPolicyRuleDefLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWPolicyRuleDefTable was last modified." ::= { etsysFWPolicyRules 3 } etsysFWPolicyRuleDefTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWPolicyRuleDefEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table defines a policy rule by associating a network objects with a filter or a set of filters and an action to take when the filter is true. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWPolicyRuleDefStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWPolicyRuleDefStorageType value could allow the row to be modified or deleted." ::= { etsysFWPolicyRules 4 } etsysFWPolicyRuleDefEntry OBJECT-TYPE SYNTAX EtsysFWPolicyRuleDefEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row defining a particular policy definition. A rule definition binds a filter pointer to an action." INDEX { etsysFWPolicyRuleDefName } ::= { etsysFWPolicyRuleDefTable 1 } EtsysFWPolicyRuleDefEntry ::= SEQUENCE { etsysFWPolicyRuleDefName SnmpAdminString, etsysFWPolicyRuleDefSrcNetwork VariablePointer, etsysFWPolicyRuleDefDstNetwork VariablePointer, etsysFWPolicyRuleDefBidirectional TruthValue, etsysFWPolicyRuleDefService VariablePointer, etsysFWPolicyRuleAuthName SnmpAdminString, etsysFWPolicyRuleDefAction INTEGER, etsysFWPolicyRuleDefLogging TruthValue, etsysFWPolicyRuleDefStorageType StorageType, etsysFWPolicyRuleDefRowStatus RowStatus } etsysFWPolicyRuleDefName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "etsysFWPolicyRuleDefName is the administratively assigned name of the policy rule." ::= { etsysFWPolicyRuleDefEntry 1 } etsysFWPolicyRuleDefSrcNetwork OBJECT-TYPE SYNTAX VariablePointer MAX-ACCESS read-create STATUS current DESCRIPTION "If the source address of the packet is in the set of addresses defined by the network object pointed to by etsysFWPolicyRuleDefSrcNetwork and the destination address is in the set of addresses defined by the network object pointed to by etsysFWPolicyRuleDefDstNetwork, the firewall will evaluate the etsysFWPolicyRuleDefFilter for the packet. This MIB defines the following tables which may be pointed to by this column. Implementations may choose to provide support for other network tables or scalars as well: etsysFWNetworkGroupTable etsysFWNetworkTable If this column is set to a VariablePointer value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the VariablePointer is not supported at all, then an inconsistentValue exception should be returned." ::= { etsysFWPolicyRuleDefEntry 2 } etsysFWPolicyRuleDefDstNetwork OBJECT-TYPE SYNTAX VariablePointer MAX-ACCESS read-create STATUS current DESCRIPTION "If the source address of the packet is in the set of addresses defined by the network object pointed to by etsysFWPolicyRuleDefSrcNetwork and the destination address is in the set of addresses defined by the network object pointed to by etsysFWPolicyRuleDefDstNetwork, the firewall will evaluate the etsysFWPolicyRuleDefFilter for the packet. This MIB defines the following tables which may be pointed to by this column. Implementations may choose to provide support for other network tables or scalars as well: etsysFWNetworkGroupTable etsysFWNetworkTable If this column is set to a VariablePointer value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the VariablePointer is not supported at all, then an inconsistentValue exception should be returned." ::= { etsysFWPolicyRuleDefEntry 3 } etsysFWPolicyRuleDefBidirectional OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "A policy may be specified as bidirectional to mean that it also operates with the etsysFWPolicyRuleDefSrcNetwork and etsysFWPolicyRuleDefDstNetwork reversed. If this column is false, the policy operates only in the direction defined by etsysFWPolicyRuleDefSrcNetwork and etsysFWPolicyRuleDefDstNetwork." DEFVAL { false } ::= { etsysFWPolicyRuleDefEntry 4 } etsysFWPolicyRuleDefService OBJECT-TYPE SYNTAX VariablePointer MAX-ACCESS read-create STATUS current DESCRIPTION "etsysFWPolicyRuleDefFilter points to a filter which is used to evaluate whether the action associated with this row should be fired or not. The action will only fire if the filter referenced by this object evaluates to true. This MIB defines the following tables which may be pointed to by this column. Implementations may choose to provide support for other filter tables or scalars as well: etsysFWIpHeaderFilterTable etsysFWIpOptionsFilterTable If this column is set to a VariablePointer value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the VariablePointer is not supported at all, then an inconsistentValue exception should be returned." ::= { etsysFWPolicyRuleDefEntry 5 } etsysFWPolicyRuleAuthName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The authentication group name to use." ::= { etsysFWPolicyRuleDefEntry 6 } etsysFWPolicyRuleDefAction OBJECT-TYPE SYNTAX INTEGER { allow (1), allowAuth (2), drop (3) } MAX-ACCESS read-create STATUS current DESCRIPTION "The action to take when the filter is true. allow: the packet should be allowed drop: the packet should be dropped allowAuth: the packet is allowed if the source address has been authenticated to the group." ::= { etsysFWPolicyRuleDefEntry 7 } etsysFWPolicyRuleDefLogging OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "When the filter is true, log the activity of this rule." DEFVAL { false } ::= { etsysFWPolicyRuleDefEntry 8 } etsysFWPolicyRuleDefStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this row." DEFVAL { volatile } ::= { etsysFWPolicyRuleDefEntry 9 } etsysFWPolicyRuleDefRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This object SHOULD NOT be set to active until the containing networks and filters have been defined. Once active, it MUST remain active until no etsysFWGroupPolicyRuleDef entries are referencing it." ::= { etsysFWPolicyRuleDefEntry 10 } -- ------------------------------------------------------------- -- Network Group Table -- ------------------------------------------------------------- etsysFWNetworkGroupMaxEntries OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of entries allowed in the etsysFWNetworkGroupTable." ::= { etsysFWPolicyNetworks 1 } etsysFWNetworkGroupNumEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the etsysFWNetworkGroupTable." ::= { etsysFWPolicyNetworks 2 } etsysFWNetworkGroupLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWNetworkGroupTable was last modified." ::= { etsysFWPolicyNetworks 3 } etsysFWNetworkGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWNetworkGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table defining a group of network objects from the etsysFWNetworkTable or a network group in etsysFWNetworkGroupTable. The networks contained in the group are defined in the etsysFWNetwkInNetGrpTable. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWNetworkGroupStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWNetworkGroupStorageType value could allow the row to be modified or deleted." ::= { etsysFWPolicyNetworks 4 } etsysFWNetworkGroupEntry OBJECT-TYPE SYNTAX EtsysFWNetworkGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the etsysFWNetworkGroupTable." INDEX { etsysFWNetworkGroupName } ::= { etsysFWNetworkGroupTable 1 } EtsysFWNetworkGroupEntry ::= SEQUENCE { etsysFWNetworkGroupName SnmpAdminString, etsysFWNetworkGroupStorageType StorageType, etsysFWNetworkGroupRowStatus RowStatus } etsysFWNetworkGroupName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The administratively assigned name of the network group." ::= { etsysFWNetworkGroupEntry 1 } etsysFWNetworkGroupStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this row." DEFVAL { volatile } ::= { etsysFWNetworkGroupEntry 2 } etsysFWNetworkGroupRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. Once active, it MAY NOT have its value changed if any active rows in the etsysFWNetwkInNetGrpTable or the etsysFWFilterDefTable are currently pointing at this row." ::= { etsysFWNetworkGroupEntry 3 } -- ------------------------------------------------------------- -- Networks in Network Group Table -- ------------------------------------------------------------- etsysFWNetworkGroupMaxNetworks OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of networks allowed in a network group." ::= { etsysFWPolicyNetworks 5 } etsysFWNetwkInNetGrpLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWNetwkInNetGrpTable was last modified." ::= { etsysFWPolicyNetworks 6 } etsysFWNetwkInNetGrpTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWNetwkInNetGrpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table defining the networks in a network group. All etsysFWNetwkInNetGrpSubNetwork objects in a etsysFWNetworkGroupName must have the same etsysFWNetworkIPVersion and etsysFWNetworkRealm. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWNetwkInNetGrpStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWNetwkInNetGrpStorageType value could allow the row to be modified or deleted." ::= { etsysFWPolicyNetworks 7 } etsysFWNetwkInNetGrpEntry OBJECT-TYPE SYNTAX EtsysFWNetwkInNetGrpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the etsysFWNetwkInNetGrpTable." INDEX { etsysFWNetworkGroupName, etsysFWNetwkInNetGrpSubNetwork } ::= { etsysFWNetwkInNetGrpTable 1 } EtsysFWNetwkInNetGrpEntry ::= SEQUENCE { etsysFWNetwkInNetGrpSubNetwork SnmpAdminString, etsysFWNetwkInNetGrpStorageType StorageType, etsysFWNetwkInNetGrpRowStatus RowStatus } etsysFWNetwkInNetGrpSubNetwork OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS not-accessible STATUS current DESCRIPTION "The location of the contained network. The MIB defines the following tables which may be pointed to by this column: etsysFWNetworkTable Implementations should prevent recursion and return the inconsistentName exception if the SnmpAdminString value references an etsysFWNetworkGroupTable row that already contains the etsysFWNetworkGroupName of this row. If this column is set to a SnmpAdminString value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the SnmpAdminString is not supported at all, then an inconsistentValue exception should be returned." ::= { etsysFWNetwkInNetGrpEntry 1 } etsysFWNetwkInNetGrpStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this row." DEFVAL { volatile } ::= { etsysFWNetwkInNetGrpEntry 2 } etsysFWNetwkInNetGrpRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This object cannot be made active until the network or network group referenced by the etsysFWNetwkInNetGrpSubNetwork is both defined and is active. An attempt to do so will result in an inconsistentValue error." ::= { etsysFWNetwkInNetGrpEntry 3 } -- ------------------------------------------------------------- -- Network Table -- ------------------------------------------------------------- etsysFWNetworkMaxEntries OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of entries allowed in the etsysFWNetworkTable." ::= { etsysFWPolicyNetworks 8 } etsysFWNetworkNumEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the etsysFWNetworkTable." ::= { etsysFWPolicyNetworks 9 } etsysFWNetworkLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWNetworkTable was last modified." ::= { etsysFWPolicyNetworks 10 } etsysFWNetworkTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWNetworkEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table defining the networks associated with filters to create the firewall policy rules. Networks can be defined with a network IP address and mask, an IP address range, or a single IP host address. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWNetworkStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWNetworkStorageType value could allow the row to be modified or deleted." ::= { etsysFWPolicyNetworks 11 } etsysFWNetworkEntry OBJECT-TYPE SYNTAX EtsysFWNetworkEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the etsysFWNetworkTable." INDEX { etsysFWNetworkName } ::= { etsysFWNetworkTable 1 } EtsysFWNetworkEntry ::= SEQUENCE { etsysFWNetworkName SnmpAdminString, etsysFWNetworkRealm INTEGER, etsysFWNetworkRangeOrMask INTEGER, etsysFWNetworkIPVersion InetAddressType, etsysFWNetworkIPAddressBegin InetAddress, etsysFWNetworkIPAddressEnd InetAddress, etsysFWNetworkIPAddressMask InetAddress, etsysFWNetworkStorageType StorageType, etsysFWNetworkRowStatus RowStatus } etsysFWNetworkName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The administratively assigned name of the network." ::= { etsysFWNetworkEntry 1 } etsysFWNetworkRealm OBJECT-TYPE SYNTAX INTEGER { internal (1), external (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "A network is qualified as either an internal or external address." ::= { etsysFWNetworkEntry 2 } etsysFWNetworkRangeOrMask OBJECT-TYPE SYNTAX INTEGER { useIpAddrRange (1), useIpAddrMask (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "When set to useIpAddrRange, the etsysFWNetworkIPAddrBegin and etsysFWNetworkIPAddrEnd define the network object in this row. When set to useIpAddrMask, the etsysFWNetworkIPAddrBegin and etsysFWNetworkIPAddrMask define the network object in this row." ::= { etsysFWNetworkEntry 3 } etsysFWNetworkIPVersion OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The Internet Protocol version the addresses are to match against. The value of this property determines the size and format of the etsysFWNetworkIPAddressBegin, etsysFWNetworkIPAddressEnd and etsysFWNetworkIPAddressMask objects. Values of unknown, ipv4z, ipv6z and dns are not legal values for this object." DEFVAL { ipv4 } ::= { etsysFWNetworkEntry 4 } etsysFWNetworkIPAddressBegin OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP address that with either the etsysFWNetworkIPAddrEnd or etsysFWNetworkIPAddrMask define the network object for this row." ::= { etsysFWNetworkEntry 5 } etsysFWNetworkIPAddressEnd OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "When etsysFWNetworkRangeOrMask is set to useIpAddrRange, this is the end of the IP address range. To define a single host set this to the value of etsysFWNetworkIpAddrBegin." ::= { etsysFWNetworkEntry 6 } etsysFWNetworkIPAddressMask OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "When etsysFWNetworkRangeOrMask is set to useIpAddrMask, this is the mask that define the IP network. To define a single host set this to all 1's." ::= { etsysFWNetworkEntry 7 } etsysFWNetworkStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this row." DEFVAL { volatile } ::= { etsysFWNetworkEntry 8 } etsysFWNetworkRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. Once active, it MAY NOT have its value changed if any active rows in the etsysFWNetwkInNetGrpTable or the etsysFWFilterDefTable are currently pointing at this row." ::= { etsysFWNetworkEntry 9 } -- ------------------------------------------------------------- -- Service Group Table -- ------------------------------------------------------------- etsysFWServiceGroupMaxEntries OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of entries allowed in the etsysFWServiceGroupTable." ::= { etsysFWPolicyServices 1 } etsysFWServiceGroupNumEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the etsysFWServiceGroupTable." ::= { etsysFWPolicyServices 2 } etsysFWServiceGroupLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWServiceGroupTable was last modified." ::= { etsysFWPolicyServices 3 } etsysFWServiceGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWServiceGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table defining a group of service objects from the etsysFWServiceTable or a service group in etsysFWServiceGroupTable. The services contained in the group are defined in the etsysFWNetwkInNetGrpTable. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWServiceGroupStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWServiceGroupStorageType value could allow the row to be modified or deleted." ::= { etsysFWPolicyServices 4 } etsysFWServiceGroupEntry OBJECT-TYPE SYNTAX EtsysFWServiceGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the etsysFWServiceGroupTable." INDEX { etsysFWServiceGroupName } ::= { etsysFWServiceGroupTable 1 } EtsysFWServiceGroupEntry ::= SEQUENCE { etsysFWServiceGroupName SnmpAdminString, etsysFWServiceGroupStorageType StorageType, etsysFWServiceGroupRowStatus RowStatus } etsysFWServiceGroupName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The administratively assigned name of the service group." ::= { etsysFWServiceGroupEntry 1 } etsysFWServiceGroupStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this row." DEFVAL { volatile } ::= { etsysFWServiceGroupEntry 2 } etsysFWServiceGroupRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. Once active, it MAY NOT have its value changed if any active rows in the etsysFWNetwkInNetGrpTable or the etsysFWFilterDefTable are currently pointing at this row." ::= { etsysFWServiceGroupEntry 3 } -- ------------------------------------------------------------- -- Services in Service Group Table -- ------------------------------------------------------------- etsysFWServiceGroupMaxServices OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of services allowed in a service group." ::= { etsysFWPolicyServices 5 } etsysFWServiceInSvcGrpLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWServiceInSvcTable was last modified." ::= { etsysFWPolicyServices 6 } etsysFWServiceInSvcGrpTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWServiceInSvcGrpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table defining the services in a service group. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWServiceInSvcGrpStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWServiceInSvcGrpStorageType value could allow the row to be modified or deleted." ::= { etsysFWPolicyServices 7 } etsysFWServiceInSvcGrpEntry OBJECT-TYPE SYNTAX EtsysFWServiceInSvcGrpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the etsysFWServiceInSvcGrpTable." INDEX { etsysFWServiceGroupName, etsysFWServiceInSvcGrpSubService } ::= { etsysFWServiceInSvcGrpTable 1 } EtsysFWServiceInSvcGrpEntry ::= SEQUENCE { etsysFWServiceInSvcGrpSubService SnmpAdminString, etsysFWServiceInSvcGrpStorageType StorageType, etsysFWServiceInSvcGrpRowStatus RowStatus } etsysFWServiceInSvcGrpSubService OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS not-accessible STATUS current DESCRIPTION "The location of the contained service. The MIB defines the following tables which may be pointed to by this column: etsysFWServiceTable Implementations should prevent recursion and return the inconsistentName exception if the SnmpAdminString value references an etsysFWServiceGroupTable row that already contains the etsysFWServiceGroupName of this row. If this column is set to a SnmpAdminString value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the SnmpAdminString is not supported at all, then an inconsistentValue exception should be returned." ::= { etsysFWServiceInSvcGrpEntry 1 } etsysFWServiceInSvcGrpStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this row." DEFVAL { volatile } ::= { etsysFWServiceInSvcGrpEntry 2 } etsysFWServiceInSvcGrpRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This object cannot be made active until the service or service group referenced by the etsysFWNetwkInNetGrpSubService is both defined and is active. An attempt to do so will result in an inconsistentValue error." ::= { etsysFWServiceInSvcGrpEntry 3 } -- ------------------------------------------------------------- -- IP Service Table -- ------------------------------------------------------------- etsysFWServiceMaxEntries OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of entries allowed in the etsysFWServiceTable." ::= { etsysFWPolicyServices 8 } etsysFWServiceNumEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the etsysFWServiceTable." ::= { etsysFWPolicyServices 9 } etsysFWServiceLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWServiceTable was last modified." ::= { etsysFWPolicyServices 10 } etsysFWServiceTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWServiceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains a list of service definitions to be used within the etsysFWPolicyRuleDefTable. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWServiceStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWServiceStorageType value could allow the row to be modified or deleted." ::= { etsysFWPolicyServices 11 } etsysFWServiceEntry OBJECT-TYPE SYNTAX EtsysFWServiceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A definition of a service." INDEX { etsysFWServiceName } ::= { etsysFWServiceTable 1 } EtsysFWServiceEntry ::= SEQUENCE { etsysFWServiceName SnmpAdminString, etsysFWServiceSrcLowPort InetPortNumber, etsysFWServiceSrcHighPort InetPortNumber, etsysFWServiceDstLowPort InetPortNumber, etsysFWServiceDstHighPort InetPortNumber, etsysFWServiceProtocol INTEGER, etsysFWServiceStorageType StorageType, etsysFWServiceRowStatus RowStatus } etsysFWServiceName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The administrative name for this filter." ::= { etsysFWServiceEntry 1 } etsysFWServiceSrcLowPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The low port of the port range a packet's source must match against. To match, the port number must be greater than or equal to this value. This object is only used if sourcePort is set in etsysFWServiceType, in which case the value of 0 for this object is illegal." ::= { etsysFWServiceEntry 2 } etsysFWServiceSrcHighPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The high port of the port range a packet's source must match against. To match, the port number must be less than or equal to this value. This object is only used if sourcePort is set in etsysFWServiceType, in which case the value of 0 for this object is illegal." ::= { etsysFWServiceEntry 3 } etsysFWServiceDstLowPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The low port of the port range a packet's destination must match against. To match, the port number must be greater than or equal to this value. This object is only used if destinationPort is set in etsysFWServiceType, in which case the value of 0 for this object is illegal." ::= { etsysFWServiceEntry 4 } etsysFWServiceDstHighPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The high port of the port range a packet's destination must match against. To match, the port number must be less than or equal to this value. This object is only used if destinationPort is set in etsysFWServiceType, in which case the value of 0 for this object is illegal." ::= { etsysFWServiceEntry 5 } etsysFWServiceProtocol OBJECT-TYPE SYNTAX INTEGER { tcp (1), udp (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The protocol number the incoming packet must match against for this filter to be evaluated as true. This object is only used if protocol is set in etsysFWServiceType." ::= { etsysFWServiceEntry 6 } etsysFWServiceStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this row." DEFVAL { volatile } ::= { etsysFWServiceEntry 7 } etsysFWServiceRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified." ::= { etsysFWServiceEntry 8 } -- ------------------------------------------------------------- -- Filter Definition Table -- ------------------------------------------------------------- etsysFWFilterDefMaxEntries OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of entries allowed in the etsysFWFilterDefTable." ::= { etsysFWPolicyFilters 1 } etsysFWFilterDefNumEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the etsysFWFilterDefTable." ::= { etsysFWPolicyFilters 2 } etsysFWFilterDefLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWFilterDefTable was last modified." ::= { etsysFWPolicyFilters 3 } etsysFWFilterDefTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWFilterDefEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table defines a policy rule by associating a network objects with a filter or a set of filters and an action to take when the filter is true. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWFilterDefStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWFilterDefStorageType value could allow the row to be modified or deleted." ::= { etsysFWPolicyFilters 4 } etsysFWFilterDefEntry OBJECT-TYPE SYNTAX EtsysFWFilterDefEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row defining a particular filter definition. A rule definition binds a filter pointer to an action." INDEX { etsysFWFilterDefName } ::= { etsysFWFilterDefTable 1 } EtsysFWFilterDefEntry ::= SEQUENCE { etsysFWFilterDefName SnmpAdminString, etsysFWFilterDefSrcNetwork VariablePointer, etsysFWFilterDefDstNetwork VariablePointer, etsysFWFilterDefBidirectional TruthValue, etsysFWFilterDefProtocol Integer32, etsysFWFilterDefICMPType Integer32, etsysFWFilterDefLogging TruthValue, etsysFWFilterDefStorageType StorageType, etsysFWFilterDefRowStatus RowStatus } etsysFWFilterDefName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "etsysFWFilterDefName is the administratively assigned name of the policy rule." ::= { etsysFWFilterDefEntry 1 } etsysFWFilterDefSrcNetwork OBJECT-TYPE SYNTAX VariablePointer MAX-ACCESS read-create STATUS current DESCRIPTION "If the source address of the packet is in the set of addresses defined by the network object pointed to by etsysFWFilterDefSrcNetwork and the destination address is in the set of addresses defined by the network object pointed to by etsysFWFilterDefDstNetwork, the firewall will evaluate the etsysFWFilterDefFilter for the packet. This MIB defines the following tables which may be pointed to by this column. Implementations may choose to provide support for other network tables or scalars as well: etsysFWNetworkGroupTable etsysFWNetworkTable If this column is set to an SnmpAdminString value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the VariablePointer is not supported at all, then an inconsistentValue exception should be returned." ::= { etsysFWFilterDefEntry 2 } etsysFWFilterDefDstNetwork OBJECT-TYPE SYNTAX VariablePointer MAX-ACCESS read-create STATUS current DESCRIPTION "If the source address of the packet is in the set of addresses defined by the network object pointed to by etsysFWFilterDefSrcNetwork and the destination address is in the set of addresses defined by the network object pointed to by etsysFWFilterDefDstNetwork, the firewall will evaluate the etsysFWFilterDefFilter for the packet. This MIB defines the following tables which may be pointed to by this column. Implementations may choose to provide support for other network tables or scalars as well: etsysFWNetworkGroupTable etsysFWNetworkTable If this column is set to a VariablePointer value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the VariablePointer is not supported at all, then an inconsistentValue exception should be returned." ::= { etsysFWFilterDefEntry 3 } etsysFWFilterDefBidirectional OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "A policy may be specified as bidirectional to mean that it also operates with the etsysFWFilterDefSrcNetwork and etsysFWFilterDefDstNetwork reversed. If this column is false, the policy operates only in the direction defined by etsysFWFilterDefSrcNetwork and etsysFWFilterDefDstNetwork." DEFVAL { false } ::= { etsysFWFilterDefEntry 4 } etsysFWFilterDefProtocol OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "x" ::= { etsysFWFilterDefEntry 5 } etsysFWFilterDefICMPType OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "x" ::= { etsysFWFilterDefEntry 6 } etsysFWFilterDefLogging OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "When the filter is true, log the activity of this rule." DEFVAL { false } ::= { etsysFWFilterDefEntry 7 } etsysFWFilterDefStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this row." DEFVAL { volatile } ::= { etsysFWFilterDefEntry 8 } etsysFWFilterDefRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This object SHOULD NOT be set to active until the containing networks and filters have been defined. Once active, it MUST remain active until no etsysFWGroupFilterDef entries are referencing it." ::= { etsysFWFilterDefEntry 9 } -- ------------------------------------------------------------- -- Command Line String Filters -- ------------------------------------------------------------- etsysFWCLSFilterMaxFilters OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of CLS filters allowed per etsysFWPolicyRuleDefName." ::= { etsysFWPolicyFilters 5 } etsysFWCLSFilterLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWCLSFilterTable was last modified." ::= { etsysFWPolicyFilters 6 } etsysFWCLSFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWCLSFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table defines the command line string filters that can be applied to a policy rule definition. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWGroupPolicyStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWGroupPolicyStorageType value could allow the row to be modified or deleted." ::= { etsysFWPolicyFilters 7 } etsysFWCLSFilterEntry OBJECT-TYPE SYNTAX EtsysFWCLSFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row defining a particular command line string filter." INDEX { etsysFWPolicyRuleDefName, etsysFWCLSFilterIndex } ::= { etsysFWCLSFilterTable 1 } EtsysFWCLSFilterEntry ::= SEQUENCE { etsysFWCLSFilterIndex Integer32, etsysFWCLSFilterWord SnmpAdminString, etsysFWCLSFilterStorageType StorageType, etsysFWCLSFilterRowStatus RowStatus } etsysFWCLSFilterIndex OBJECT-TYPE SYNTAX Integer32 (1..256) MAX-ACCESS not-accessible STATUS current DESCRIPTION "." ::= { etsysFWCLSFilterEntry 1 } etsysFWCLSFilterWord OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "." ::= { etsysFWCLSFilterEntry 2 } etsysFWCLSFilterStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this row." DEFVAL { volatile } ::= { etsysFWCLSFilterEntry 3 } etsysFWCLSFilterRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified." ::= { etsysFWCLSFilterEntry 4 } -- ------------------------------------------------------------- -- HTML Filter Table -- ------------------------------------------------------------- etsysFWHTMLFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWHTMLFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains filters that applies to the HTML protocol. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWIpOptionsHeadFiltStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWIpOptionsHeadFiltStorageType value could allow the row to be modified or deleted." ::= { etsysFWPolicyFilters 8 } etsysFWHTMLFilterEntry OBJECT-TYPE SYNTAX EtsysFWHTMLFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A definition of a particular filter." INDEX { etsysFWHTMLFilterName } ::= { etsysFWHTMLFilterTable 1 } EtsysFWHTMLFilterEntry ::= SEQUENCE { etsysFWHTMLFilterName SnmpAdminString, etsysFWHTMLFilterType INTEGER, etsysFWHTMLFilterNetwork SnmpAdminString, etsysFWHTMLFilterLogging TruthValue, etsysFWHTMLFilterStorageType StorageType, etsysFWHTMLFilterRowStatus RowStatus } etsysFWHTMLFilterName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The administrative name for this HTML filter." ::= { etsysFWHTMLFilterEntry 1 } etsysFWHTMLFilterType OBJECT-TYPE SYNTAX INTEGER { none (1), selected (2), all (3) } MAX-ACCESS read-create STATUS current DESCRIPTION "." ::= { etsysFWHTMLFilterEntry 2 } etsysFWHTMLFilterNetwork OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "." ::= { etsysFWHTMLFilterEntry 3 } etsysFWHTMLFilterLogging OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "." ::= { etsysFWHTMLFilterEntry 4 } etsysFWHTMLFilterStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this row." DEFVAL { volatile } ::= { etsysFWHTMLFilterEntry 5 } etsysFWHTMLFilterRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified." ::= { etsysFWHTMLFilterEntry 6 } -- ------------------------------------------------------------- -- Firewall Monitoring Objects -- ------------------------------------------------------------- -- ------------------------------------------------------------- -- Policy Rule True Table -- ------------------------------------------------------------- etsysFWPolicyRuleTrueNumEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the etsysFWPolicyRuleTrueTable." ::= { etsysFWMonitoringObjects 1 } etsysFWPolicyRuleTrueLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWPolicyRuleTrueTable was last modified." ::= { etsysFWMonitoringObjects 2 } etsysFWPolicyRuleTrueTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWPolicyRuleTrueEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains a counter for the number of times each policy rule has been true during packet inspection since the last restart of the device." ::= { etsysFWMonitoringObjects 3 } etsysFWPolicyRuleTrueEntry OBJECT-TYPE SYNTAX EtsysFWPolicyRuleTrueEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row in the table for a named policy rule definition." INDEX { etsysFWPolicyRuleTrueIndex } ::= { etsysFWPolicyRuleTrueTable 1 } EtsysFWPolicyRuleTrueEntry ::= SEQUENCE { etsysFWPolicyRuleTrueIndex Integer32, etsysFWPolicyRuleTrueName SnmpAdminString, etsysFWPolicyRuleTrueEvents Counter32, etsysFWPolicyRuleTrueLastEvent DateAndTime } etsysFWPolicyRuleTrueIndex OBJECT-TYPE SYNTAX Integer32 (1..99999) MAX-ACCESS read-only STATUS current DESCRIPTION "A unique index for this row." ::= { etsysFWPolicyRuleTrueEntry 1 } etsysFWPolicyRuleTrueName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the policy rule." ::= { etsysFWPolicyRuleTrueEntry 2 } etsysFWPolicyRuleTrueEvents OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times since the device has restarted that the rule has been true during packet inspection." ::= { etsysFWPolicyRuleTrueEntry 3 } etsysFWPolicyRuleTrueLastEvent OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The date and time when this rule was last true during packet inspection." ::= { etsysFWPolicyRuleTrueEntry 4 } -- ------------------------------------------------------------- -- Session Totals Table -- ------------------------------------------------------------- etsysFWSessionTotalsNumEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the etsysFWSessionTotalsTable." ::= { etsysFWMonitoringObjects 4 } etsysFWSessionTotalsLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWSessionTotalsTable was last modified." ::= { etsysFWMonitoringObjects 5 } etsysFWSessionTotalsTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWSessionTotalsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The firewall can perform stateful inspection of packets to allow incoming traffic associated with outgoing packets. These associations are sessions. This table returns data about the total sessions indexed by protocol-id (as defined by the assigned protocol-numbers of the IANA)." ::= { etsysFWMonitoringObjects 6 } etsysFWSessionTotalsEntry OBJECT-TYPE SYNTAX EtsysFWSessionTotalsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row with the session counters for a particular protocol-id." INDEX { etsysFWSessTotIndex } ::= { etsysFWSessionTotalsTable 1 } EtsysFWSessionTotalsEntry ::= SEQUENCE { etsysFWSessTotIndex Integer32, etsysFWSessTotProtocolID Unsigned32, etsysFWSessTotActiveSessions Counter32, etsysFWSessTotPeakSessions Counter32, etsysFWSessTotBlockedSessions Counter32, etsysFWSessTotLastBlock DateAndTime } etsysFWSessTotIndex OBJECT-TYPE SYNTAX Integer32 (1..999999) MAX-ACCESS read-only STATUS current DESCRIPTION "A unique index for this row." ::= { etsysFWSessionTotalsEntry 1 } etsysFWSessTotProtocolID OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The protocol-id for this row." ::= { etsysFWSessionTotalsEntry 2 } etsysFWSessTotActiveSessions OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of active sessions for this protocol." ::= { etsysFWSessionTotalsEntry 3 } etsysFWSessTotPeakSessions OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The peak number of sessions for this protocol since the last restart of the device." ::= { etsysFWSessionTotalsEntry 4 } etsysFWSessTotBlockedSessions OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of sessions that have been blocked for this protocol since the last restart of the device." ::= { etsysFWSessionTotalsEntry 5 } etsysFWSessTotLastBlock OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The date and time of the last blocked session for this protocol." ::= { etsysFWSessionTotalsEntry 6 } -- ------------------------------------------------------------- -- IP Sessions Table -- ------------------------------------------------------------- etsysFWIpSessionNumEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the etsysFWIpSessionTable." ::= { etsysFWMonitoringObjects 7 } etsysFWIpSessionLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWIpSessionTable was last modified." ::= { etsysFWMonitoringObjects 8 } etsysFWIpSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWIpSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The firewall can perform stateful inspection of packets to allow incoming traffic associated with outgoing packets. These associations are sessions. This table returns data about the current active sessions." ::= { etsysFWMonitoringObjects 9 } etsysFWIpSessionEntry OBJECT-TYPE SYNTAX EtsysFWIpSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row that defines an active session." INDEX { etsysFWIpSessionIndex } ::= { etsysFWIpSessionTable 1 } EtsysFWIpSessionEntry ::= SEQUENCE { etsysFWIpSessionIndex Integer32, etsysFWIpSessionIPVersion InetAddressType, etsysFWIpSessionSrcAddress InetAddress, etsysFWIpSessionDstAddress InetAddress, etsysFWIpSessionSrcPort InetPortNumber, etsysFWIpSessionDstPort InetPortNumber, etsysFWIpSessionProtocolID Unsigned32, etsysFWIpSessionCreation DateAndTime } etsysFWIpSessionIndex OBJECT-TYPE SYNTAX Integer32 (1..999999) MAX-ACCESS read-only STATUS current DESCRIPTION "A unique index for this row." ::= { etsysFWIpSessionEntry 1 } etsysFWIpSessionIPVersion OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The Internet Protocol version. The value of this property affects the size and format of the etsysFWIpSessionSrcAddress and etsysFWIpSessionDstAddress objects." ::= { etsysFWIpSessionEntry 2 } etsysFWIpSessionSrcAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The source IP address of this session." ::= { etsysFWIpSessionEntry 3 } etsysFWIpSessionDstAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The destination IP address of this session." ::= { etsysFWIpSessionEntry 4 } etsysFWIpSessionSrcPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-only STATUS current DESCRIPTION "The source port of this session." ::= { etsysFWIpSessionEntry 5 } etsysFWIpSessionDstPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-only STATUS current DESCRIPTION "The destination port of this session." ::= { etsysFWIpSessionEntry 6 } etsysFWIpSessionProtocolID OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The protocol-id of this session (as defined by the assigned protocol-numbers of the IANA)." ::= { etsysFWIpSessionEntry 7 } etsysFWIpSessionCreation OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The date and time this session was created." ::= { etsysFWIpSessionEntry 8 } -- ------------------------------------------------------------- -- Authenticated Addresses Table -- ------------------------------------------------------------- etsysFWAuthAddressNumEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the etsysFWAuthAddressTable." ::= { etsysFWMonitoringObjects 10 } etsysFWAuthAddressLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWAuthAddressTable was last modified." ::= { etsysFWMonitoringObjects 11 } etsysFWAuthAddressTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWAuthAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The firewall has an action to allow traffic only to IP addresses that have authenticated with the firewall. After authentication, the authenticated address remains in a cache as long as there are packets from the address. This table returns the cached authenticated IP addresses. The table rows are removed when the IP address is idle for the number of seconds specified in etsysFWAuthTimeout." ::= { etsysFWMonitoringObjects 12 } etsysFWAuthAddressEntry OBJECT-TYPE SYNTAX EtsysFWAuthAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row that defines an authenticated IP address." INDEX { etsysFWAuthAddressIndex } ::= { etsysFWAuthAddressTable 1 } EtsysFWAuthAddressEntry ::= SEQUENCE { etsysFWAuthAddressIndex Integer32, etsysFWAuthAddressIPVersion InetAddressType, etsysFWAuthAddressIPAddress InetAddress, etsysFWAuthAddressGroupName SnmpAdminString, etsysFWAuthAddressIdleTime Integer32 } etsysFWAuthAddressIndex OBJECT-TYPE SYNTAX Integer32 (1..999999) MAX-ACCESS read-only STATUS current DESCRIPTION "A unique index for this row." ::= { etsysFWAuthAddressEntry 1 } etsysFWAuthAddressIPVersion OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The Internet Protocol version. The value of this property affects the size and format of the etsysFWAuthAddressIPAddress object." ::= { etsysFWAuthAddressEntry 2 } etsysFWAuthAddressIPAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The authenticated IP address." ::= { etsysFWAuthAddressEntry 3 } etsysFWAuthAddressGroupName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The group name of the authenticated IP address." ::= { etsysFWAuthAddressEntry 4 } etsysFWAuthAddressIdleTime OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of seconds this IP address has been idle." ::= { etsysFWAuthAddressEntry 5 } -- ------------------------------------------------------------- -- Denial of Service (DoS) Attacks Blocked Table -- ------------------------------------------------------------- etsysFWDoSBlockedNumEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the etsysFWDoSBlockedTable." ::= { etsysFWMonitoringObjects 13 } etsysFWDoSBlockedLastChange OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysFWDoSBlockedTable was last modified." ::= { etsysFWMonitoringObjects 14 } etsysFWDoSBlockedTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysFWDoSBlockedEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Firewalls can provide protection from some common forms of Denial of Service attacks. The firewall will return the total number of times the specific DoS attack has been blocked and the IP address and time of the last blocked attack." ::= { etsysFWMonitoringObjects 15 } etsysFWDoSBlockedEntry OBJECT-TYPE SYNTAX EtsysFWDoSBlockedEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row that defines the statistics for a particular DoS attack." INDEX { etsysFWDoSAttackName } ::= { etsysFWDoSBlockedTable 1 } EtsysFWDoSBlockedEntry ::= SEQUENCE { etsysFWDoSAttackName SnmpAdminString, etsysFWDoSSrcIPVersion InetAddressType, etsysFWDoSSrcIPAddress InetAddress, etsysFWDoSAttackTime DateAndTime, etsysFWDoSBlockedAttacks Counter32 } etsysFWDoSAttackName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "The name of a DoS attack. Example names are 'SYN Flood', 'Tear Drop', and 'ICMP Flood'." ::= { etsysFWDoSBlockedEntry 1 } etsysFWDoSSrcIPVersion OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The Internet Protocol version. The value of this property affects the size and format of the etsysFWDoSScrIPAddress object." ::= { etsysFWDoSBlockedEntry 2 } etsysFWDoSSrcIPAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The source IP address of the last blocked attack." ::= { etsysFWDoSBlockedEntry 3 } etsysFWDoSAttackTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The time of the last blocked attack." ::= { etsysFWDoSBlockedEntry 4 } etsysFWDoSBlockedAttacks OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times this DoS attack has been blocked since the last restart of the device." ::= { etsysFWDoSBlockedEntry 5 } -- ------------------------------------------------------------- -- Conformance Information -- ------------------------------------------------------------- etsysFirewallConformance OBJECT IDENTIFIER ::= { etsysFirewallMIB 4 } etsysFirewallGroups OBJECT IDENTIFIER ::= { etsysFirewallConformance 1 } etsysFirewallCompliances OBJECT IDENTIFIER ::= { etsysFirewallConformance 2 } -- ------------------------------------------------------------- -- Units of Conformance -- ------------------------------------------------------------- etsysFWFirewallEnabledGroup OBJECT-GROUP OBJECTS { etsysFWFirewallEnabled } STATUS current DESCRIPTION "The Firewall Enabled Group." ::= { etsysFirewallGroups 1 } etsysFWFirewallConfigGroup OBJECT-GROUP OBJECTS { etsysFWTcpTimeout, etsysFWUdpTimeout, etsysFWIcmpTimeout, etsysFWAuthTimeout, etsysFWAuthPort, etsysFWLoggingThreshold, etsysFWRPCMicrosoftTimeout, etsysFWRPCSunTimeout } STATUS current DESCRIPTION "The Firewall Configuration Group for general system parameters." ::= { etsysFirewallGroups 2 } etsysFWFirewallIntfGroup OBJECT-GROUP OBJECTS { etsysFWFirewallOnIntfLastChange, etsysFWFirewallOnIntfEnabled, etsysFWFirewallOnIntfStorageType, etsysFWFirewallOnIntfRowStatus, etsysFWFirewallIntfFilterLastChange, etsysFWFirewallIntfFilterDirection, etsysFWFirewallIntfFilterStorageType, etsysFWFirewallIntfFilterRowStatus } STATUS current DESCRIPTION "The Firewall on Interface Enabled Group for enabling the firewall on individual interfaces." ::= { etsysFirewallGroups 3 } etsysFWSystemPolicyNameGroup OBJECT-GROUP OBJECTS { etsysFWSystemPolicyGroupName } STATUS current DESCRIPTION "The System Policy Group Name Group." ::= { etsysFirewallGroups 4 } etsysFWInterfacePolicyGroup OBJECT-GROUP OBJECTS { etsysFWIntfToGroupLastChange, etsysFWIntfToGroupStorageType, etsysFWIntfToGroupRowStatus } STATUS current DESCRIPTION "The Interface to Policy Table Group." ::= { etsysFirewallGroups 5 } etsysFWGroupPolicyGroup OBJECT-GROUP OBJECTS { etsysFWGroupPolicyLastChange, etsysFWGroupPolicyPriority, etsysFWGroupPolicyStorageType, etsysFWGroupPolicyRowStatus } STATUS current DESCRIPTION "The Group Policy to Rule Definition Table Group." ::= { etsysFirewallGroups 6 } etsysFWPolicyRuleDefGroup OBJECT-GROUP OBJECTS { etsysFWPolicyRuleDefMaxEntries, etsysFWPolicyRuleDefNumEntries, etsysFWPolicyRuleDefLastChange, etsysFWPolicyRuleDefSrcNetwork, etsysFWPolicyRuleDefDstNetwork, etsysFWPolicyRuleDefBidirectional, etsysFWPolicyRuleDefService, etsysFWPolicyRuleAuthName, etsysFWPolicyRuleDefAction, etsysFWPolicyRuleDefLogging, etsysFWPolicyRuleDefStorageType, etsysFWPolicyRuleDefRowStatus } STATUS current DESCRIPTION "The Policy Rule Definition Table Group." ::= { etsysFirewallGroups 7 } etsysFWNetworkGroupGroup OBJECT-GROUP OBJECTS { etsysFWNetworkGroupMaxEntries, etsysFWNetworkGroupNumEntries, etsysFWNetworkGroupLastChange, etsysFWNetworkGroupStorageType, etsysFWNetworkGroupRowStatus, etsysFWNetworkGroupMaxNetworks, etsysFWNetwkInNetGrpLastChange, etsysFWNetwkInNetGrpStorageType, etsysFWNetwkInNetGrpRowStatus } STATUS current DESCRIPTION "The Network Group Network In Network Group Tables Group" ::= { etsysFirewallGroups 8 } etsysFWNetworkGroup OBJECT-GROUP OBJECTS { etsysFWNetworkMaxEntries, etsysFWNetworkNumEntries, etsysFWNetworkLastChange, etsysFWNetworkRealm, etsysFWNetworkRangeOrMask, etsysFWNetworkIPVersion, etsysFWNetworkIPAddressBegin, etsysFWNetworkIPAddressEnd, etsysFWNetworkIPAddressMask, etsysFWNetworkStorageType, etsysFWNetworkRowStatus } STATUS current DESCRIPTION "The Network Table Group." ::= { etsysFirewallGroups 9 } etsysFWServiceGroupGroup OBJECT-GROUP OBJECTS { etsysFWServiceGroupMaxEntries, etsysFWServiceGroupNumEntries, etsysFWServiceGroupLastChange, etsysFWServiceGroupStorageType, etsysFWServiceGroupRowStatus, etsysFWServiceGroupMaxServices, etsysFWServiceInSvcGrpLastChange, etsysFWServiceInSvcGrpStorageType, etsysFWServiceInSvcGrpRowStatus } STATUS current DESCRIPTION "The Service Group in Servce Group Tables Group." ::= { etsysFirewallGroups 10 } etsysFWServiceGroup OBJECT-GROUP OBJECTS { etsysFWServiceMaxEntries, etsysFWServiceNumEntries, etsysFWServiceLastChange, etsysFWServiceSrcLowPort, etsysFWServiceSrcHighPort, etsysFWServiceDstLowPort, etsysFWServiceDstHighPort, etsysFWServiceProtocol, etsysFWServiceStorageType, etsysFWServiceRowStatus } STATUS current DESCRIPTION "The Service Table Group." ::= { etsysFirewallGroups 11 } etsysFWFilterGroup OBJECT-GROUP OBJECTS { etsysFWFilterDefMaxEntries, etsysFWFilterDefNumEntries, etsysFWFilterDefLastChange, etsysFWFilterDefSrcNetwork, etsysFWFilterDefDstNetwork, etsysFWFilterDefBidirectional, etsysFWFilterDefProtocol, etsysFWFilterDefICMPType, etsysFWFilterDefLogging, etsysFWFilterDefStorageType, etsysFWFilterDefRowStatus } STATUS current DESCRIPTION "The Filter Table Group." ::= { etsysFirewallGroups 12 } etsysFWCLSFilterGroup OBJECT-GROUP OBJECTS { etsysFWCLSFilterMaxFilters, etsysFWCLSFilterLastChange, etsysFWCLSFilterWord, etsysFWCLSFilterStorageType, etsysFWCLSFilterRowStatus } STATUS current DESCRIPTION "The CLS Filter Table Group." ::= { etsysFirewallGroups 13 } etsysFWHTMLFilterGroup OBJECT-GROUP OBJECTS { etsysFWHTMLFilterType, etsysFWHTMLFilterNetwork, etsysFWHTMLFilterLogging, etsysFWHTMLFilterStorageType, etsysFWHTMLFilterRowStatus } STATUS current DESCRIPTION "The HTML Filter Table Group." ::= { etsysFirewallGroups 14 } etsysFWPolicyRuleTrueGroup OBJECT-GROUP OBJECTS { etsysFWPolicyRuleTrueNumEntries, etsysFWPolicyRuleTrueLastChange, etsysFWPolicyRuleTrueIndex, etsysFWPolicyRuleTrueName, etsysFWPolicyRuleTrueEvents, etsysFWPolicyRuleTrueLastEvent } STATUS current DESCRIPTION "The Policy Rule True Table Group." ::= { etsysFirewallGroups 15 } etsysFWSessionTotalsGroup OBJECT-GROUP OBJECTS { etsysFWSessionTotalsNumEntries, etsysFWSessionTotalsLastChange, etsysFWSessTotIndex, etsysFWSessTotProtocolID, etsysFWSessTotActiveSessions, etsysFWSessTotPeakSessions, etsysFWSessTotBlockedSessions, etsysFWSessTotLastBlock } STATUS current DESCRIPTION "The Firewall Session Totals Table Group." ::= { etsysFirewallGroups 16 } etsysFWIpSessionGroup OBJECT-GROUP OBJECTS { etsysFWIpSessionNumEntries, etsysFWIpSessionLastChange, etsysFWIpSessionIndex, etsysFWIpSessionIPVersion, etsysFWIpSessionSrcAddress, etsysFWIpSessionDstAddress, etsysFWIpSessionSrcPort, etsysFWIpSessionDstPort, etsysFWIpSessionProtocolID, etsysFWIpSessionCreation } STATUS current DESCRIPTION "The Firewall IP Sessions Table Group." ::= { etsysFirewallGroups 17 } etsysFWAuthAddressGroup OBJECT-GROUP OBJECTS { etsysFWAuthAddressNumEntries, etsysFWAuthAddressLastChange, etsysFWAuthAddressIndex, etsysFWAuthAddressIPVersion, etsysFWAuthAddressIPAddress, etsysFWAuthAddressGroupName, etsysFWAuthAddressIdleTime } STATUS current DESCRIPTION "The Firewall Authenticated Addresses Table Group." ::= { etsysFirewallGroups 18 } etsysFWDoSBlockedGroup OBJECT-GROUP OBJECTS { etsysFWDoSBlockedNumEntries, etsysFWDoSBlockedLastChange, etsysFWDoSAttackName, etsysFWDoSSrcIPVersion, etsysFWDoSSrcIPAddress, etsysFWDoSAttackTime, etsysFWDoSBlockedAttacks } STATUS current DESCRIPTION "The Firewall DoS Blocked Attacks Table Group." ::= { etsysFirewallGroups 19 } -- ------------------------------------------------------------- -- Compliance statements -- ------------------------------------------------------------- etsysFirewallCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for devices that support the etsysFirewallMIB." MODULE -- this module MANDATORY-GROUPS { etsysFWFirewallEnabledGroup, etsysFWGroupPolicyGroup, etsysFWPolicyRuleDefGroup, etsysFWNetworkGroup } GROUP etsysFWFirewallConfigGroup DESCRIPTION "This group is mandatory for firewall implementations which support these global configuration settings." GROUP etsysFWFirewallIntfGroup DESCRIPTION "This group is mandatory for firewall implementations which support enabling packet inspection on individual interfaces." GROUP etsysFWSystemPolicyNameGroup DESCRIPTION "This group is mandatory for firewall policy implementations which support a system or global firewall policy." GROUP etsysFWInterfacePolicyGroup DESCRIPTION "This group is mandatory for firewall policy implementations which support distinct policy on individual interfaces." GROUP etsysFWNetworkGroupGroup DESCRIPTION "This group is mandatory for firewall policy implementations which support network groups." GROUP etsysFWServiceGroupGroup DESCRIPTION "This group is mandatory for firewall policy implementations which support service group." GROUP etsysFWServiceGroup DESCRIPTION "This group is mandatory for firewall policy implementations which support service defined in this MIB." GROUP etsysFWFilterGroup DESCRIPTION "This group is mandatory for firewall policy implementations which support filters." GROUP etsysFWCLSFilterGroup DESCRIPTION "This group is mandatory for firewall policy implementations which support CLS filters." GROUP etsysFWHTMLFilterGroup DESCRIPTION "This group is mandatory for firewall policy implementations which support HTML filters." GROUP etsysFWPolicyRuleTrueGroup DESCRIPTION "This group is mandatory for firewall implementations which support a counter for the number of times a policy rule is true." GROUP etsysFWSessionTotalsGroup DESCRIPTION "This group is mandatory for firewall implementations which support counters for IP protocol sessions." GROUP etsysFWIpSessionGroup DESCRIPTION "This group is mandatory for firewall implementations which support active session information." GROUP etsysFWAuthAddressGroup DESCRIPTION "This group is mandatory for firewall implementations which support current authenticated address information." GROUP etsysFWDoSBlockedGroup DESCRIPTION "This group is mandatory for firewall implementations which support blocking common DoS attacks." ::= { etsysFirewallCompliances 1 } END