ENTERASYS-FIREWALL-MIB
File:
ENTERASYS-FIREWALL-MIB.mib (105708 bytes)
Imported modules
Imported symbols
Defined Types
EtsysFWFirewallOnIntfEntry |
|
SEQUENCE |
|
|
|
|
etsysFWFirewallOnIntfEnabled |
TruthValue |
|
|
etsysFWFirewallOnIntfStorageType |
StorageType |
|
|
etsysFWFirewallOnIntfRowStatus |
RowStatus |
|
EtsysFWFirewallIntfFilterEntry |
|
SEQUENCE |
|
|
|
|
etsysFWFirewallIntfFilterType |
INTEGER |
|
|
etsysFWFirewallIntfFilterDirection |
INTEGER |
|
|
etsysFWFirewallIntfFilterStorageType |
StorageType |
|
|
etsysFWFirewallIntfFilterRowStatus |
RowStatus |
|
EtsysFWIntfToGroupEntry |
|
SEQUENCE |
|
|
|
|
etsysFWIntfToGroupIntfDirection |
INTEGER |
|
|
etsysFWIntfToGroupName |
SnmpAdminString |
|
|
etsysFWIntfToGroupStorageType |
StorageType |
|
|
etsysFWIntfToGroupRowStatus |
RowStatus |
|
EtsysFWGroupPolicyEntry |
|
SEQUENCE |
|
|
|
|
etsysFWGroupPolicyName |
SnmpAdminString |
|
|
etsysFWGroupPolicyRuleDef |
SnmpAdminString |
|
|
etsysFWGroupPolicyPriority |
Integer32 |
|
|
etsysFWGroupPolicyStorageType |
StorageType |
|
|
etsysFWGroupPolicyRowStatus |
RowStatus |
|
EtsysFWPolicyRuleDefEntry |
|
SEQUENCE |
|
|
|
|
etsysFWPolicyRuleDefName |
SnmpAdminString |
|
|
etsysFWPolicyRuleDefSrcNetwork |
VariablePointer |
|
|
etsysFWPolicyRuleDefDstNetwork |
VariablePointer |
|
|
etsysFWPolicyRuleDefBidirectional |
TruthValue |
|
|
etsysFWPolicyRuleDefService |
VariablePointer |
|
|
etsysFWPolicyRuleAuthName |
SnmpAdminString |
|
|
etsysFWPolicyRuleDefAction |
INTEGER |
|
|
etsysFWPolicyRuleDefLogging |
TruthValue |
|
|
etsysFWPolicyRuleDefStorageType |
StorageType |
|
|
etsysFWPolicyRuleDefRowStatus |
RowStatus |
|
EtsysFWNetworkGroupEntry |
|
SEQUENCE |
|
|
|
|
etsysFWNetworkGroupName |
SnmpAdminString |
|
|
etsysFWNetworkGroupStorageType |
StorageType |
|
|
etsysFWNetworkGroupRowStatus |
RowStatus |
|
EtsysFWNetwkInNetGrpEntry |
|
SEQUENCE |
|
|
|
|
etsysFWNetwkInNetGrpSubNetwork |
SnmpAdminString |
|
|
etsysFWNetwkInNetGrpStorageType |
StorageType |
|
|
etsysFWNetwkInNetGrpRowStatus |
RowStatus |
|
EtsysFWNetworkEntry |
|
SEQUENCE |
|
|
|
|
etsysFWNetworkName |
SnmpAdminString |
|
|
etsysFWNetworkRealm |
INTEGER |
|
|
etsysFWNetworkRangeOrMask |
INTEGER |
|
|
etsysFWNetworkIPVersion |
InetAddressType |
|
|
etsysFWNetworkIPAddressBegin |
InetAddress |
|
|
etsysFWNetworkIPAddressEnd |
InetAddress |
|
|
etsysFWNetworkIPAddressMask |
InetAddress |
|
|
etsysFWNetworkStorageType |
StorageType |
|
|
etsysFWNetworkRowStatus |
RowStatus |
|
EtsysFWServiceGroupEntry |
|
SEQUENCE |
|
|
|
|
etsysFWServiceGroupName |
SnmpAdminString |
|
|
etsysFWServiceGroupStorageType |
StorageType |
|
|
etsysFWServiceGroupRowStatus |
RowStatus |
|
EtsysFWServiceInSvcGrpEntry |
|
SEQUENCE |
|
|
|
|
etsysFWServiceInSvcGrpSubService |
SnmpAdminString |
|
|
etsysFWServiceInSvcGrpStorageType |
StorageType |
|
|
etsysFWServiceInSvcGrpRowStatus |
RowStatus |
|
EtsysFWServiceEntry |
|
SEQUENCE |
|
|
|
|
etsysFWServiceName |
SnmpAdminString |
|
|
etsysFWServiceSrcLowPort |
InetPortNumber |
|
|
etsysFWServiceSrcHighPort |
InetPortNumber |
|
|
etsysFWServiceDstLowPort |
InetPortNumber |
|
|
etsysFWServiceDstHighPort |
InetPortNumber |
|
|
etsysFWServiceProtocol |
INTEGER |
|
|
etsysFWServiceStorageType |
StorageType |
|
|
etsysFWServiceRowStatus |
RowStatus |
|
EtsysFWFilterDefEntry |
|
SEQUENCE |
|
|
|
|
etsysFWFilterDefName |
SnmpAdminString |
|
|
etsysFWFilterDefSrcNetwork |
VariablePointer |
|
|
etsysFWFilterDefDstNetwork |
VariablePointer |
|
|
etsysFWFilterDefBidirectional |
TruthValue |
|
|
etsysFWFilterDefProtocol |
Integer32 |
|
|
etsysFWFilterDefICMPType |
Integer32 |
|
|
etsysFWFilterDefLogging |
TruthValue |
|
|
etsysFWFilterDefStorageType |
StorageType |
|
|
etsysFWFilterDefRowStatus |
RowStatus |
|
EtsysFWCLSFilterEntry |
|
SEQUENCE |
|
|
|
|
etsysFWCLSFilterIndex |
Integer32 |
|
|
etsysFWCLSFilterWord |
SnmpAdminString |
|
|
etsysFWCLSFilterStorageType |
StorageType |
|
|
etsysFWCLSFilterRowStatus |
RowStatus |
|
EtsysFWHTMLFilterEntry |
|
SEQUENCE |
|
|
|
|
etsysFWHTMLFilterName |
SnmpAdminString |
|
|
etsysFWHTMLFilterType |
INTEGER |
|
|
etsysFWHTMLFilterNetwork |
SnmpAdminString |
|
|
etsysFWHTMLFilterLogging |
TruthValue |
|
|
etsysFWHTMLFilterStorageType |
StorageType |
|
|
etsysFWHTMLFilterRowStatus |
RowStatus |
|
EtsysFWPolicyRuleTrueEntry |
|
SEQUENCE |
|
|
|
|
etsysFWPolicyRuleTrueIndex |
Integer32 |
|
|
etsysFWPolicyRuleTrueName |
SnmpAdminString |
|
|
etsysFWPolicyRuleTrueEvents |
Counter32 |
|
|
etsysFWPolicyRuleTrueLastEvent |
DateAndTime |
|
EtsysFWSessionTotalsEntry |
|
SEQUENCE |
|
|
|
|
etsysFWSessTotIndex |
Integer32 |
|
|
etsysFWSessTotProtocolID |
Unsigned32 |
|
|
etsysFWSessTotActiveSessions |
Counter32 |
|
|
etsysFWSessTotPeakSessions |
Counter32 |
|
|
etsysFWSessTotBlockedSessions |
Counter32 |
|
|
etsysFWSessTotLastBlock |
DateAndTime |
|
EtsysFWIpSessionEntry |
|
SEQUENCE |
|
|
|
|
etsysFWIpSessionIndex |
Integer32 |
|
|
etsysFWIpSessionIPVersion |
InetAddressType |
|
|
etsysFWIpSessionSrcAddress |
InetAddress |
|
|
etsysFWIpSessionDstAddress |
InetAddress |
|
|
etsysFWIpSessionSrcPort |
InetPortNumber |
|
|
etsysFWIpSessionDstPort |
InetPortNumber |
|
|
etsysFWIpSessionProtocolID |
Unsigned32 |
|
|
etsysFWIpSessionCreation |
DateAndTime |
|
EtsysFWAuthAddressEntry |
|
SEQUENCE |
|
|
|
|
etsysFWAuthAddressIndex |
Integer32 |
|
|
etsysFWAuthAddressIPVersion |
InetAddressType |
|
|
etsysFWAuthAddressIPAddress |
InetAddress |
|
|
etsysFWAuthAddressGroupName |
SnmpAdminString |
|
|
etsysFWAuthAddressIdleTime |
Integer32 |
|
EtsysFWDoSBlockedEntry |
|
SEQUENCE |
|
|
|
|
etsysFWDoSAttackName |
SnmpAdminString |
|
|
etsysFWDoSSrcIPVersion |
InetAddressType |
|
|
etsysFWDoSSrcIPAddress |
InetAddress |
|
|
etsysFWDoSAttackTime |
DateAndTime |
|
|
etsysFWDoSBlockedAttacks |
Counter32 |
|
Defined Values
etsysFirewallMIB |
1.3.6.1.4.1.5624.1.2.37 |
This MIB module defines a portion of the SNMP MIB under
the Enterasys Networks enterprise OID pertaining to
the configuration, policy, and monitoring of firewall
network devices. |
MODULE-IDENTITY |
|
|
|
etsysFWFirewallEnabled |
1.3.6.1.4.1.5624.1.2.37.1.1 |
The current state of the firewall is returned when this value
is read. Setting the value to true causes the firewall to
start inspecting packets. Setting the value to false causes
the firewall to stop inspecting packets. The value read could
be different than the last value set if the state is changed by
a means other than this MIB. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
etsysFWTcpTimeout |
1.3.6.1.4.1.5624.1.2.37.1.2 |
Firewalls can perform stateful inspection of TCP sessions. TCP
sessions are created and deleted by monitoring TCP SYNC/ACK/FIN
flags. Inactivity for the period specified by this object will
delete the TCP session. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
etsysFWUdpTimeout |
1.3.6.1.4.1.5624.1.2.37.1.3 |
Firewalls can perform stateful inspection of UDP sessions. UDP
sessions are created on the first outbound UDP packet.
Inactivity for the period specified by this object will delete
the UDP session. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
etsysFWIcmpTimeout |
1.3.6.1.4.1.5624.1.2.37.1.4 |
ICMP sessions are created on an outbound ICMP echo request.
Inactivity for the period specified by this object will delete
the ICMP session. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
etsysFWAuthTimeout |
1.3.6.1.4.1.5624.1.2.37.1.5 |
Firewalls can be configured to only allow packets from IP
addresses that have been authenticated. An authenticated IP address
will need to re-authenticate if there is no traffic from that address
for the period specified by this object. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
etsysFWAuthPort |
1.3.6.1.4.1.5624.1.2.37.1.6 |
Firewalls can be configured to only allow packets from IP
addresses that have been authenticated. This object specifies the
port on which the firewall listens for authentication requests. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1024..65535 |
|
etsysFWLoggingThreshold |
1.3.6.1.4.1.5624.1.2.37.1.7 |
The threshold for firewall event logging. Events with
severity equal to or less than the value specified
will be logged. The value corresponds to syslog severity
levels as defined in RFC3164. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..7 |
|
etsysFWRPCMicrosoftTimeout |
1.3.6.1.4.1.5624.1.2.37.1.8 |
The idle session timeout on packet inspection for Remote
Procedure Call (RPC) -based applications. This Application Level
Gateway (ALG) supports two types of RPCs - SUN (used by most UNIX
systems) and Microsoft. If the RPC-based session is idle for the
specified period, it will be shutdown. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
etsysFWRPCSunTimeout |
1.3.6.1.4.1.5624.1.2.37.1.9 |
The idle session timeout on packet inspection for Remote
Procedure Call (RPC) -based applications. This Application Level
Gateway (ALG) supports two types of RPCs - SUN (used by most UNIX
systems) and Microsoft. If the RPC-based session is idle for the
specified period, it will be shutdown. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
etsysFWFirewallOnIntfTable |
1.3.6.1.4.1.5624.1.2.37.1.11 |
This table defines the state of the firewall on
individual interfaces. The firewall may be enabled
or disabled for each interface on the device. The effective
state of the firewall depends on the setting of
etsysFWFirewallEnabled.
| | interface
etsysFWFirewallEnabled | etsysFWFirewallOnIntfEnabled | effective
| | state
-----------------------------------------------------------------
true true enabled
true false disabled
false true disabled
false false disabled
If an interface is not represented in this table, then its
effective state is determined by etsysFWFirewallEnabled.
The implementation may choose to allow modifications to this
table only under certain SNMP contexts. The
etsysFWFirewallOnIntfStorageType for a given SNMP context may
be readOnly, meaning the row cannot be modified or deleted. In
another SNMP context, the etsysFWFirewallOnIntfStorageType
value could allow the row to be modified or deleted. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWFirewallOnIntfEntry |
|
etsysFWFirewallOnIntfEntry |
1.3.6.1.4.1.5624.1.2.37.1.11.1 |
A row defining whether firewall is enabled for a particular
interface. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWFirewallOnIntfEntry |
|
|
etsysFWFirewallOnIntfEnabled |
1.3.6.1.4.1.5624.1.2.37.1.11.1.1 |
The current state of the firewall is returned when
this value is read. This setting is only effective when
etsysFWFirewallEnabled is true. Setting the value to true
causes the firewall to start inspecting packets, if
etsysFWFirewallEnabled is true. Setting the value to false
causes the firewall to stop inspecting packets, if
etsysFWFirewallEnabled is true. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
etsysFWFirewallOnIntfRowStatus |
1.3.6.1.4.1.5624.1.2.37.1.11.1.3 |
The status of this conceptual row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
etsysFWFirewallIntfFilterTable |
1.3.6.1.4.1.5624.1.2.37.1.13 |
This table defines the IP filters applied to
individual interfaces.
The implementation may choose to allow modifications to this
table only under certain SNMP contexts. The
etsysFWFirewallIntfFilterStorageType for a given SNMP context may
be readOnly, meaning the row cannot be modified or deleted. In
another SNMP context, the etsysFWFirewallIntfFilterStorageType
value could allow the row to be modified or deleted. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWFirewallIntfFilterEntry |
|
etsysFWFirewallIntfFilterEntry |
1.3.6.1.4.1.5624.1.2.37.1.13.1 |
A row defining the IP filters applied to individual interfaces. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWFirewallIntfFilterEntry |
|
|
etsysFWFirewallIntfFilterType |
1.3.6.1.4.1.5624.1.2.37.1.13.1.1 |
The type of IP filter that applies on a particular interface.
ipBroadcast -
This filter type allows incoming/outgoing IP packets
through the firewall with 255.255.255.255 set as the
destination address. It enables broadcast protocols
such as DHCP to traverse the firewall.
ipMulticast -
This filter type allows incoming/outgoing IP packets
with a multicast destination address through the
firewall. It enables multicast protocols such as RIP
and OSPF to traverse the firewall.
ipOptionAll -
All IP options allowed.
ipOptionOther -
Any IP option other than those explicitly supported
by the command.
ipOptionLooseSourceRoute -
Requests routing that includes the specified routers.
This routing path includes a sequence of IP addresses
a datagram must follow to its destination but allows
multiple network hops between successive addresses on
the list.
ipOptionRecordRoute -
Traces a route. It allows the source to create an
empty list of IP addresses and arrange for each
router that router that handles a datagram to add
its IP address to the list. When a datagram arrives,
the destination device can extract and and process
the list of addresses.
ipOptionStrictSourceRoute -
Specifies an exact route through the Internet.
This routing path includes a sequence of IP addresses
a datagram must follow, hop by hop, from its source
to destination. The path between two successive
addresses in the list must consist of a single
physical network.
ipOptionTimeStamp -
Records timestamps along a route. It is similar to
the record route option in that every router from
source to destination adds its IP address, and a
timestamp, to the list. The timestamp notes the
time and date a router handled the datagram,
expressed in milliseconds since midnight,
Universal Time. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
INTEGER |
ipBroadcast(1), ipMulticast(2), ipOptionAll(3), ipOptionOther(4), ipOptionLooseSourceRoute(5), ipOptionRecordRoute(6), ipOptionStrictSourceRoute(7), ipOptionTimeStamp(8) |
|
etsysFWFirewallIntfFilterDirection |
1.3.6.1.4.1.5624.1.2.37.1.13.1.2 |
The direction which the filter is applied.
none - Denies the packet that matched the filter type.
in - Allows the packet that matched the filter type
to enter the interface.
out - Allows the packet that matched the filter type
to exit the interface.
both - Allows the packet that matched the filter type
to enter and exit the interface. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
none(1), in(2), out(3), both(4) |
|
etsysFWFirewallIntfFilterRowStatus |
1.3.6.1.4.1.5624.1.2.37.1.13.1.4 |
The status of this conceptual row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
etsysFWSystemPolicyGroupName |
1.3.6.1.4.1.5624.1.2.37.2.1.1 |
The name of the policy group containing the global
system policy. The value of etsysFWSystemPolicyGroupName
should be used as an index into the etsysFWGroupPolicyTable to
determine the list of rules that MUST be applied to the system.
A zero length string indicates no system wide policy exists,
and the default policy of 'allow' should be executed until one
is imposed by either this object or by the interface processing
the packet.
Since policy group names are unique, the
etsysFWSystemPolicyGroupName MUST NOT be equal to any
etsysFWIntfToGroupName objects. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..32) |
|
etsysFWIntfToGroupTable |
1.3.6.1.4.1.5624.1.2.37.2.1.3 |
This table defines the group of firewall rules applied to
individual interfaces. Rules for this group will be
applied in the etsysFWGroupPolicyTable.
The implementation may choose to allow modifications to this
table only under certain SNMP contexts. The
etsysFWIntfToGroupStorageType for a given SNMP context may be
readOnly, meaning the row cannot be modified or deleted. In
another SNMP context, the etsysFWIntfToGroupStorageType value
could allow the row to be modified or deleted. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWIntfToGroupEntry |
|
etsysFWIntfToGroupEntry |
1.3.6.1.4.1.5624.1.2.37.2.1.3.1 |
A row defining the group name for a particular interface. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWIntfToGroupEntry |
|
|
etsysFWIntfToGroupIntfDirection |
1.3.6.1.4.1.5624.1.2.37.2.1.3.1.1 |
Defines the direction of the packets to inspect, incoming
(ingress), or outgoing (egress). |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
INTEGER |
ingress(1), egress(2) |
|
etsysFWIntfToGroupName |
1.3.6.1.4.1.5624.1.2.37.2.1.3.1.2 |
The group name for this interface. The value of
etsysFWIntfToGroupName should be used as index into the
etsysFWGroupPolicyTable to determine the list of rules that
MUST be applied to this interface.
Since policy group names are unique, the etsysFWIntfToGroupName
MUST NOT be equal to the etsysFWSystemPolicyGroupName object. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
etsysFWIntfToGroupRowStatus |
1.3.6.1.4.1.5624.1.2.37.2.1.3.1.4 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
etsysFWGroupPolicyTable |
1.3.6.1.4.1.5624.1.2.37.2.1.5 |
This table defines the firewall rules applied to groups.
The implementation may choose to allow modifications to this
table only under certain SNMP contexts. The
etsysFWGroupPolicyStorageType for a given SNMP context may be
readOnly, meaning the row cannot be modified or deleted. In
another SNMP context, the etsysFWGroupPolicyStorageType value
could allow the row to be modified or deleted. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWGroupPolicyEntry |
|
etsysFWGroupPolicyEntry |
1.3.6.1.4.1.5624.1.2.37.2.1.5.1 |
A row defining a particular group policy rule and its priority. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWGroupPolicyEntry |
|
|
etsysFWGroupPolicyName |
1.3.6.1.4.1.5624.1.2.37.2.1.5.1.1 |
The name of the group. These names should be either
the etsysFWSystemPolicyGroupName or the
etsysFWIntfToGroupName from the etsysFWIntfToGroupTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
etsysFWGroupPolicyPriority |
1.3.6.1.4.1.5624.1.2.37.2.1.5.1.3 |
The priority of rule in the group. The firewall applies the
rules from the lowest to the highest priority.
Priority can only be in the range of 0 to the maximum number of
policyRuleDef in the group + 1. i.e. If there are 5 policies in
the group. The maximum priority the user can create is 6. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..65535 |
|
etsysFWGroupPolicyRowStatus |
1.3.6.1.4.1.5624.1.2.37.2.1.5.1.5 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
etsysFWPolicyRuleDefMaxEntries |
1.3.6.1.4.1.5624.1.2.37.2.2.1 |
The maximum number of entries allowed in the
etsysFWPolicyRuleDefTable. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..65535 |
|
etsysFWPolicyRuleDefTable |
1.3.6.1.4.1.5624.1.2.37.2.2.4 |
This table defines a policy rule by associating a network
objects with a filter or a set of filters and an action to take
when the filter is true.
The implementation may choose to allow modifications to this
table only under certain SNMP contexts. The
etsysFWPolicyRuleDefStorageType for a given SNMP context may be
readOnly, meaning the row cannot be modified or deleted. In
another SNMP context, the etsysFWPolicyRuleDefStorageType value
could allow the row to be modified or deleted. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWPolicyRuleDefEntry |
|
etsysFWPolicyRuleDefEntry |
1.3.6.1.4.1.5624.1.2.37.2.2.4.1 |
A row defining a particular policy definition. A rule
definition binds a filter pointer to an action. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWPolicyRuleDefEntry |
|
|
etsysFWPolicyRuleDefName |
1.3.6.1.4.1.5624.1.2.37.2.2.4.1.1 |
etsysFWPolicyRuleDefName is the administratively assigned
name of the policy rule. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
etsysFWPolicyRuleDefSrcNetwork |
1.3.6.1.4.1.5624.1.2.37.2.2.4.1.2 |
If the source address of the packet is in the set of
addresses defined by the network object pointed to by
etsysFWPolicyRuleDefSrcNetwork and the destination address
is in the set of addresses defined by the network object
pointed to by etsysFWPolicyRuleDefDstNetwork, the firewall
will evaluate the etsysFWPolicyRuleDefFilter for the packet.
This MIB defines the following tables which may
be pointed to by this column. Implementations may choose to
provide support for other network tables or scalars as well:
etsysFWNetworkGroupTable
etsysFWNetworkTable
If this column is set to a VariablePointer value which
references a non-existent row in an otherwise supported
table, the inconsistentName exception should be returned.
If the table or scalar pointed to by the VariablePointer is
not supported at all, then an inconsistentValue exception
should be returned. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
VariablePointer |
|
|
etsysFWPolicyRuleDefDstNetwork |
1.3.6.1.4.1.5624.1.2.37.2.2.4.1.3 |
If the source address of the packet is in the set of
addresses defined by the network object pointed to by
etsysFWPolicyRuleDefSrcNetwork and the destination address
is in the set of addresses defined by the network object
pointed to by etsysFWPolicyRuleDefDstNetwork, the firewall
will evaluate the etsysFWPolicyRuleDefFilter for the packet.
This MIB defines the following tables which may
be pointed to by this column. Implementations may choose to
provide support for other network tables or scalars as well:
etsysFWNetworkGroupTable
etsysFWNetworkTable
If this column is set to a VariablePointer value which
references a non-existent row in an otherwise supported
table, the inconsistentName exception should be returned.
If the table or scalar pointed to by the VariablePointer is
not supported at all, then an inconsistentValue exception
should be returned. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
VariablePointer |
|
|
etsysFWPolicyRuleDefBidirectional |
1.3.6.1.4.1.5624.1.2.37.2.2.4.1.4 |
A policy may be specified as bidirectional to mean that it also
operates with the etsysFWPolicyRuleDefSrcNetwork and
etsysFWPolicyRuleDefDstNetwork reversed.
If this column is false, the policy operates only in the
direction defined by etsysFWPolicyRuleDefSrcNetwork and
etsysFWPolicyRuleDefDstNetwork. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
etsysFWPolicyRuleDefService |
1.3.6.1.4.1.5624.1.2.37.2.2.4.1.5 |
etsysFWPolicyRuleDefFilter points to a filter which is used to
evaluate whether the action associated with this row should
be fired or not. The action will only fire if the filter
referenced by this object evaluates to true.
This MIB defines the following tables which may
be pointed to by this column. Implementations may choose to
provide support for other filter tables or scalars as well:
etsysFWIpHeaderFilterTable
etsysFWIpOptionsFilterTable
If this column is set to a VariablePointer value which
references a non-existent row in an otherwise supported
table, the inconsistentName exception should be returned.
If the table or scalar pointed to by the VariablePointer is
not supported at all, then an inconsistentValue exception
should be returned. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
VariablePointer |
|
|
etsysFWPolicyRuleDefAction |
1.3.6.1.4.1.5624.1.2.37.2.2.4.1.7 |
The action to take when the filter is true.
allow: the packet should be allowed
drop: the packet should be dropped
allowAuth: the packet is allowed if the source
address has been authenticated to the
group. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
allow(1), allowAuth(2), drop(3) |
|
etsysFWPolicyRuleDefRowStatus |
1.3.6.1.4.1.5624.1.2.37.2.2.4.1.10 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
This object SHOULD NOT be set to active until the containing
networks and filters have been defined. Once active, it
MUST remain active until no etsysFWGroupPolicyRuleDef
entries are referencing it. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
etsysFWNetworkGroupMaxEntries |
1.3.6.1.4.1.5624.1.2.37.2.3.1 |
The maximum number of entries allowed in the
etsysFWNetworkGroupTable. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..65535 |
|
etsysFWNetworkGroupTable |
1.3.6.1.4.1.5624.1.2.37.2.3.4 |
A table defining a group of network objects from the
etsysFWNetworkTable or a network group in
etsysFWNetworkGroupTable. The networks contained in the group
are defined in the etsysFWNetwkInNetGrpTable.
The implementation may choose to allow modifications to this
table only under certain SNMP contexts. The
etsysFWNetworkGroupStorageType for a given SNMP context may be
readOnly, meaning the row cannot be modified or deleted. In
another SNMP context, the etsysFWNetworkGroupStorageType value
could allow the row to be modified or deleted. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWNetworkGroupEntry |
|
etsysFWNetworkGroupEntry |
1.3.6.1.4.1.5624.1.2.37.2.3.4.1 |
An entry in the etsysFWNetworkGroupTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWNetworkGroupEntry |
|
|
etsysFWNetworkGroupName |
1.3.6.1.4.1.5624.1.2.37.2.3.4.1.1 |
The administratively assigned name of the network group. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
etsysFWNetworkGroupRowStatus |
1.3.6.1.4.1.5624.1.2.37.2.3.4.1.3 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
Once active, it MAY NOT have its value changed if any active
rows in the etsysFWNetwkInNetGrpTable or the
etsysFWFilterDefTable are currently pointing at this row. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
etsysFWNetwkInNetGrpTable |
1.3.6.1.4.1.5624.1.2.37.2.3.7 |
A table defining the networks in a network group.
All etsysFWNetwkInNetGrpSubNetwork objects in a
etsysFWNetworkGroupName must have the same
etsysFWNetworkIPVersion and etsysFWNetworkRealm.
The implementation may choose to allow modifications to this
table only under certain SNMP contexts. The
etsysFWNetwkInNetGrpStorageType for a given SNMP context may be
readOnly, meaning the row cannot be modified or deleted. In
another SNMP context, the etsysFWNetwkInNetGrpStorageType value
could allow the row to be modified or deleted. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWNetwkInNetGrpEntry |
|
etsysFWNetwkInNetGrpEntry |
1.3.6.1.4.1.5624.1.2.37.2.3.7.1 |
An entry in the etsysFWNetwkInNetGrpTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWNetwkInNetGrpEntry |
|
|
etsysFWNetwkInNetGrpSubNetwork |
1.3.6.1.4.1.5624.1.2.37.2.3.7.1.1 |
The location of the contained network. The MIB defines the
following tables which may be pointed to by this column:
etsysFWNetworkTable
Implementations should prevent recursion and return the
inconsistentName exception if the SnmpAdminString value
references an etsysFWNetworkGroupTable row that already
contains the etsysFWNetworkGroupName of this row.
If this column is set to a SnmpAdminString value which
references a non-existent row in an otherwise supported
table, the inconsistentName exception should be returned.
If the table or scalar pointed to by the SnmpAdminString is
not supported at all, then an inconsistentValue exception
should be returned. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
|
|
etsysFWNetwkInNetGrpRowStatus |
1.3.6.1.4.1.5624.1.2.37.2.3.7.1.3 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
This object cannot be made active until the network or
network group referenced by the etsysFWNetwkInNetGrpSubNetwork
is both defined and is active. An attempt to do so will
result in an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
etsysFWNetworkMaxEntries |
1.3.6.1.4.1.5624.1.2.37.2.3.8 |
The maximum number of entries allowed in the
etsysFWNetworkTable. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..65535 |
|
etsysFWNetworkNumEntries |
1.3.6.1.4.1.5624.1.2.37.2.3.9 |
The current number of entries in the
etsysFWNetworkTable. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Gauge32 |
|
|
etsysFWNetworkLastChange |
1.3.6.1.4.1.5624.1.2.37.2.3.10 |
The sysUpTime at which the etsysFWNetworkTable was last
modified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
etsysFWNetworkTable |
1.3.6.1.4.1.5624.1.2.37.2.3.11 |
A table defining the networks associated with filters to create
the firewall policy rules. Networks can be defined with a
network IP address and mask, an IP address range, or a single
IP host address.
The implementation may choose to allow modifications to this
table only under certain SNMP contexts. The
etsysFWNetworkStorageType for a given SNMP context may be
readOnly, meaning the row cannot be modified or deleted. In
another SNMP context, the etsysFWNetworkStorageType value could
allow the row to be modified or deleted. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWNetworkEntry |
|
etsysFWNetworkEntry |
1.3.6.1.4.1.5624.1.2.37.2.3.11.1 |
An entry in the etsysFWNetworkTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWNetworkEntry |
|
|
etsysFWNetworkName |
1.3.6.1.4.1.5624.1.2.37.2.3.11.1.1 |
The administratively assigned name of the network. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
etsysFWNetworkRealm |
1.3.6.1.4.1.5624.1.2.37.2.3.11.1.2 |
A network is qualified as either an internal or external
address. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
internal(1), external(2) |
|
etsysFWNetworkRangeOrMask |
1.3.6.1.4.1.5624.1.2.37.2.3.11.1.3 |
When set to useIpAddrRange, the etsysFWNetworkIPAddrBegin
and etsysFWNetworkIPAddrEnd define the network object in this
row.
When set to useIpAddrMask, the etsysFWNetworkIPAddrBegin
and etsysFWNetworkIPAddrMask define the network object in this
row. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
useIpAddrRange(1), useIpAddrMask(2) |
|
etsysFWNetworkIPVersion |
1.3.6.1.4.1.5624.1.2.37.2.3.11.1.4 |
The Internet Protocol version the addresses are to match
against. The value of this property determines the size and
format of the etsysFWNetworkIPAddressBegin,
etsysFWNetworkIPAddressEnd and etsysFWNetworkIPAddressMask
objects.
Values of unknown, ipv4z, ipv6z and dns are not legal values
for this object. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddressType |
|
|
etsysFWNetworkIPAddressBegin |
1.3.6.1.4.1.5624.1.2.37.2.3.11.1.5 |
The IP address that with either the etsysFWNetworkIPAddrEnd
or etsysFWNetworkIPAddrMask define the network object for this
row. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
etsysFWNetworkIPAddressEnd |
1.3.6.1.4.1.5624.1.2.37.2.3.11.1.6 |
When etsysFWNetworkRangeOrMask is set to useIpAddrRange, this
is the end of the IP address range. To define a single host
set this to the value of etsysFWNetworkIpAddrBegin. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
etsysFWNetworkIPAddressMask |
1.3.6.1.4.1.5624.1.2.37.2.3.11.1.7 |
When etsysFWNetworkRangeOrMask is set to useIpAddrMask, this
is the mask that define the IP network. To define a single
host set this to all 1's. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
etsysFWNetworkRowStatus |
1.3.6.1.4.1.5624.1.2.37.2.3.11.1.9 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
Once active, it MAY NOT have its value changed if any active
rows in the etsysFWNetwkInNetGrpTable or the
etsysFWFilterDefTable are currently pointing at this row. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
etsysFWServiceGroupMaxEntries |
1.3.6.1.4.1.5624.1.2.37.2.4.1 |
The maximum number of entries allowed in the
etsysFWServiceGroupTable. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..65535 |
|
etsysFWServiceGroupTable |
1.3.6.1.4.1.5624.1.2.37.2.4.4 |
A table defining a group of service objects from the
etsysFWServiceTable or a service group in
etsysFWServiceGroupTable. The services contained in the group
are defined in the etsysFWNetwkInNetGrpTable.
The implementation may choose to allow modifications to this
table only under certain SNMP contexts. The
etsysFWServiceGroupStorageType for a given SNMP context may be
readOnly, meaning the row cannot be modified or deleted. In
another SNMP context, the etsysFWServiceGroupStorageType value
could allow the row to be modified or deleted. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWServiceGroupEntry |
|
etsysFWServiceGroupEntry |
1.3.6.1.4.1.5624.1.2.37.2.4.4.1 |
An entry in the etsysFWServiceGroupTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWServiceGroupEntry |
|
|
etsysFWServiceGroupName |
1.3.6.1.4.1.5624.1.2.37.2.4.4.1.1 |
The administratively assigned name of the service group. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
etsysFWServiceGroupRowStatus |
1.3.6.1.4.1.5624.1.2.37.2.4.4.1.3 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
Once active, it MAY NOT have its value changed if any active
rows in the etsysFWNetwkInNetGrpTable or the
etsysFWFilterDefTable are currently pointing at this row. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
etsysFWServiceInSvcGrpTable |
1.3.6.1.4.1.5624.1.2.37.2.4.7 |
A table defining the services in a service group.
The implementation may choose to allow modifications to this
table only under certain SNMP contexts. The
etsysFWServiceInSvcGrpStorageType for a given SNMP context may be
readOnly, meaning the row cannot be modified or deleted. In
another SNMP context, the etsysFWServiceInSvcGrpStorageType value
could allow the row to be modified or deleted. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWServiceInSvcGrpEntry |
|
etsysFWServiceInSvcGrpEntry |
1.3.6.1.4.1.5624.1.2.37.2.4.7.1 |
An entry in the etsysFWServiceInSvcGrpTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWServiceInSvcGrpEntry |
|
|
etsysFWServiceInSvcGrpSubService |
1.3.6.1.4.1.5624.1.2.37.2.4.7.1.1 |
The location of the contained service. The MIB defines the
following tables which may be pointed to by this column:
etsysFWServiceTable
Implementations should prevent recursion and return the
inconsistentName exception if the SnmpAdminString value
references an etsysFWServiceGroupTable row that already
contains the etsysFWServiceGroupName of this row.
If this column is set to a SnmpAdminString value which
references a non-existent row in an otherwise supported
table, the inconsistentName exception should be returned.
If the table or scalar pointed to by the SnmpAdminString is
not supported at all, then an inconsistentValue exception
should be returned. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
|
|
etsysFWServiceInSvcGrpRowStatus |
1.3.6.1.4.1.5624.1.2.37.2.4.7.1.3 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
This object cannot be made active until the service or
service group referenced by the etsysFWNetwkInNetGrpSubService
is both defined and is active. An attempt to do so will
result in an inconsistentValue error. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
etsysFWServiceMaxEntries |
1.3.6.1.4.1.5624.1.2.37.2.4.8 |
The maximum number of entries allowed in the
etsysFWServiceTable. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..65535 |
|
etsysFWServiceNumEntries |
1.3.6.1.4.1.5624.1.2.37.2.4.9 |
The current number of entries in the
etsysFWServiceTable. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Gauge32 |
|
|
etsysFWServiceLastChange |
1.3.6.1.4.1.5624.1.2.37.2.4.10 |
The sysUpTime at which the etsysFWServiceTable was last
modified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
etsysFWServiceTable |
1.3.6.1.4.1.5624.1.2.37.2.4.11 |
This table contains a list of service definitions to be used
within the etsysFWPolicyRuleDefTable.
The implementation may choose to allow modifications to this
table only under certain SNMP contexts. The
etsysFWServiceStorageType for a given SNMP context may be
readOnly, meaning the row cannot be modified or deleted. In
another SNMP context, the etsysFWServiceStorageType value
could allow the row to be modified or deleted. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWServiceEntry |
|
etsysFWServiceEntry |
1.3.6.1.4.1.5624.1.2.37.2.4.11.1 |
A definition of a service. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWServiceEntry |
|
|
etsysFWServiceName |
1.3.6.1.4.1.5624.1.2.37.2.4.11.1.1 |
The administrative name for this filter. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
etsysFWServiceSrcLowPort |
1.3.6.1.4.1.5624.1.2.37.2.4.11.1.2 |
The low port of the port range a packet's source must match
against. To match, the port number must be greater than or
equal to this value.
This object is only used if sourcePort is set in
etsysFWServiceType, in which case the value of 0 for
this object is illegal. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
etsysFWServiceSrcHighPort |
1.3.6.1.4.1.5624.1.2.37.2.4.11.1.3 |
The high port of the port range a packet's source must match
against. To match, the port number must be less than or
equal to this value.
This object is only used if sourcePort is set in
etsysFWServiceType, in which case the value of 0 for
this object is illegal. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
etsysFWServiceDstLowPort |
1.3.6.1.4.1.5624.1.2.37.2.4.11.1.4 |
The low port of the port range a packet's destination must
match against. To match, the port number must be greater
than or equal to this value.
This object is only used if destinationPort is set in
etsysFWServiceType, in which case the value of 0 for
this object is illegal. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
etsysFWServiceDstHighPort |
1.3.6.1.4.1.5624.1.2.37.2.4.11.1.5 |
The high port of the port range a packet's destination must
match against. To match, the port number must be less than
or equal to this value.
This object is only used if destinationPort is set in
etsysFWServiceType, in which case the value of 0 for
this object is illegal. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
etsysFWServiceProtocol |
1.3.6.1.4.1.5624.1.2.37.2.4.11.1.6 |
The protocol number the incoming packet must match against
for this filter to be evaluated as true.
This object is only used if protocol is set in
etsysFWServiceType. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
tcp(1), udp(2) |
|
etsysFWServiceRowStatus |
1.3.6.1.4.1.5624.1.2.37.2.4.11.1.8 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
etsysFWFilterDefMaxEntries |
1.3.6.1.4.1.5624.1.2.37.2.5.1 |
The maximum number of entries allowed in the
etsysFWFilterDefTable. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..65535 |
|
etsysFWFilterDefNumEntries |
1.3.6.1.4.1.5624.1.2.37.2.5.2 |
The current number of entries in the
etsysFWFilterDefTable. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Gauge32 |
|
|
etsysFWFilterDefLastChange |
1.3.6.1.4.1.5624.1.2.37.2.5.3 |
The sysUpTime at which the etsysFWFilterDefTable was last
modified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
etsysFWFilterDefTable |
1.3.6.1.4.1.5624.1.2.37.2.5.4 |
This table defines a policy rule by associating a network
objects with a filter or a set of filters and an action to take
when the filter is true.
The implementation may choose to allow modifications to this
table only under certain SNMP contexts. The
etsysFWFilterDefStorageType for a given SNMP context may be
readOnly, meaning the row cannot be modified or deleted. In
another SNMP context, the etsysFWFilterDefStorageType value
could allow the row to be modified or deleted. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWFilterDefEntry |
|
etsysFWFilterDefEntry |
1.3.6.1.4.1.5624.1.2.37.2.5.4.1 |
A row defining a particular filter definition. A rule
definition binds a filter pointer to an action. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWFilterDefEntry |
|
|
etsysFWFilterDefName |
1.3.6.1.4.1.5624.1.2.37.2.5.4.1.1 |
etsysFWFilterDefName is the administratively assigned
name of the policy rule. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
etsysFWFilterDefSrcNetwork |
1.3.6.1.4.1.5624.1.2.37.2.5.4.1.2 |
If the source address of the packet is in the set of
addresses defined by the network object pointed to by
etsysFWFilterDefSrcNetwork and the destination address
is in the set of addresses defined by the network object
pointed to by etsysFWFilterDefDstNetwork, the firewall
will evaluate the etsysFWFilterDefFilter for the packet.
This MIB defines the following tables which may
be pointed to by this column. Implementations may choose to
provide support for other network tables or scalars as well:
etsysFWNetworkGroupTable
etsysFWNetworkTable
If this column is set to an SnmpAdminString value which
references a non-existent row in an otherwise supported
table, the inconsistentName exception should be returned.
If the table or scalar pointed to by the VariablePointer is
not supported at all, then an inconsistentValue exception
should be returned. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
VariablePointer |
|
|
etsysFWFilterDefDstNetwork |
1.3.6.1.4.1.5624.1.2.37.2.5.4.1.3 |
If the source address of the packet is in the set of
addresses defined by the network object pointed to by
etsysFWFilterDefSrcNetwork and the destination address
is in the set of addresses defined by the network object
pointed to by etsysFWFilterDefDstNetwork, the firewall
will evaluate the etsysFWFilterDefFilter for the packet.
This MIB defines the following tables which may
be pointed to by this column. Implementations may choose to
provide support for other network tables or scalars as well:
etsysFWNetworkGroupTable
etsysFWNetworkTable
If this column is set to a VariablePointer value which
references a non-existent row in an otherwise supported
table, the inconsistentName exception should be returned.
If the table or scalar pointed to by the VariablePointer is
not supported at all, then an inconsistentValue exception
should be returned. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
VariablePointer |
|
|
etsysFWFilterDefBidirectional |
1.3.6.1.4.1.5624.1.2.37.2.5.4.1.4 |
A policy may be specified as bidirectional to mean that it also
operates with the etsysFWFilterDefSrcNetwork and
etsysFWFilterDefDstNetwork reversed.
If this column is false, the policy operates only in the
direction defined by etsysFWFilterDefSrcNetwork and
etsysFWFilterDefDstNetwork. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
etsysFWFilterDefLogging |
1.3.6.1.4.1.5624.1.2.37.2.5.4.1.7 |
When the filter is true, log the activity of this rule. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
etsysFWFilterDefRowStatus |
1.3.6.1.4.1.5624.1.2.37.2.5.4.1.9 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified.
This object SHOULD NOT be set to active until the containing
networks and filters have been defined. Once active, it
MUST remain active until no etsysFWGroupFilterDef
entries are referencing it. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
etsysFWCLSFilterMaxFilters |
1.3.6.1.4.1.5624.1.2.37.2.5.5 |
The maximum number of CLS filters allowed per
etsysFWPolicyRuleDefName. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..65535 |
|
etsysFWCLSFilterLastChange |
1.3.6.1.4.1.5624.1.2.37.2.5.6 |
The sysUpTime at which the etsysFWCLSFilterTable was last
modified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
etsysFWCLSFilterTable |
1.3.6.1.4.1.5624.1.2.37.2.5.7 |
This table defines the command line string filters that can be
applied to a policy rule definition.
The implementation may choose to allow modifications to this
table only under certain SNMP contexts. The
etsysFWGroupPolicyStorageType for a given SNMP context may be
readOnly, meaning the row cannot be modified or deleted. In
another SNMP context, the etsysFWGroupPolicyStorageType value
could allow the row to be modified or deleted. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWCLSFilterEntry |
|
etsysFWCLSFilterEntry |
1.3.6.1.4.1.5624.1.2.37.2.5.7.1 |
A row defining a particular command line string filter. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWCLSFilterEntry |
|
|
etsysFWCLSFilterRowStatus |
1.3.6.1.4.1.5624.1.2.37.2.5.7.1.4 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
etsysFWHTMLFilterTable |
1.3.6.1.4.1.5624.1.2.37.2.5.8 |
This table contains filters that applies to the HTML protocol.
The implementation may choose to allow modifications to this
table only under certain SNMP contexts. The
etsysFWIpOptionsHeadFiltStorageType for a given SNMP context
may be readOnly, meaning the row cannot be modified or
deleted. In another SNMP context, the
etsysFWIpOptionsHeadFiltStorageType value could allow the row
to be modified or deleted. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWHTMLFilterEntry |
|
etsysFWHTMLFilterEntry |
1.3.6.1.4.1.5624.1.2.37.2.5.8.1 |
A definition of a particular filter. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWHTMLFilterEntry |
|
|
etsysFWHTMLFilterName |
1.3.6.1.4.1.5624.1.2.37.2.5.8.1.1 |
The administrative name for this HTML filter. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
etsysFWHTMLFilterType |
1.3.6.1.4.1.5624.1.2.37.2.5.8.1.2 |
. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
none(1), selected(2), all(3) |
|
etsysFWHTMLFilterRowStatus |
1.3.6.1.4.1.5624.1.2.37.2.5.8.1.6 |
This object indicates the conceptual status of this row.
The value of this object has no effect on whether other
objects in this conceptual row can be modified. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
etsysFWPolicyRuleTrueTable |
1.3.6.1.4.1.5624.1.2.37.3.3 |
This table contains a counter for the number of times each
policy rule has been true during packet inspection since the
last restart of the device. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWPolicyRuleTrueEntry |
|
etsysFWPolicyRuleTrueEntry |
1.3.6.1.4.1.5624.1.2.37.3.3.1 |
A row in the table for a named policy rule definition. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWPolicyRuleTrueEntry |
|
|
etsysFWPolicyRuleTrueEvents |
1.3.6.1.4.1.5624.1.2.37.3.3.1.3 |
The number of times since the device has restarted that the
rule has been true during packet inspection. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
etsysFWSessionTotalsTable |
1.3.6.1.4.1.5624.1.2.37.3.6 |
The firewall can perform stateful inspection of packets
to allow incoming traffic associated with outgoing packets.
These associations are sessions. This table returns data
about the total sessions indexed by protocol-id (as defined
by the assigned protocol-numbers of the IANA). |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWSessionTotalsEntry |
|
etsysFWSessionTotalsEntry |
1.3.6.1.4.1.5624.1.2.37.3.6.1 |
A row with the session counters for a particular protocol-id. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWSessionTotalsEntry |
|
|
etsysFWSessTotIndex |
1.3.6.1.4.1.5624.1.2.37.3.6.1.1 |
A unique index for this row. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
1..999999 |
|
etsysFWSessTotPeakSessions |
1.3.6.1.4.1.5624.1.2.37.3.6.1.4 |
The peak number of sessions for this protocol since the last
restart of the device. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
etsysFWSessTotBlockedSessions |
1.3.6.1.4.1.5624.1.2.37.3.6.1.5 |
The total number of sessions that have been blocked
for this protocol since the last restart of the device. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
etsysFWSessTotLastBlock |
1.3.6.1.4.1.5624.1.2.37.3.6.1.6 |
The date and time of the last blocked session for this
protocol. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DateAndTime |
|
|
etsysFWIpSessionNumEntries |
1.3.6.1.4.1.5624.1.2.37.3.7 |
The current number of entries in the
etsysFWIpSessionTable. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Gauge32 |
|
|
etsysFWIpSessionLastChange |
1.3.6.1.4.1.5624.1.2.37.3.8 |
The sysUpTime at which the etsysFWIpSessionTable was last
modified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
etsysFWIpSessionTable |
1.3.6.1.4.1.5624.1.2.37.3.9 |
The firewall can perform stateful inspection of packets
to allow incoming traffic associated with outgoing packets.
These associations are sessions. This table returns data
about the current active sessions. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWIpSessionEntry |
|
etsysFWIpSessionEntry |
1.3.6.1.4.1.5624.1.2.37.3.9.1 |
A row that defines an active session. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWIpSessionEntry |
|
|
etsysFWIpSessionIPVersion |
1.3.6.1.4.1.5624.1.2.37.3.9.1.2 |
The Internet Protocol version. The value of this property
affects the size and format of the etsysFWIpSessionSrcAddress
and etsysFWIpSessionDstAddress objects. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
InetAddressType |
|
|
etsysFWIpSessionProtocolID |
1.3.6.1.4.1.5624.1.2.37.3.9.1.7 |
The protocol-id of this session (as defined
by the assigned protocol-numbers of the IANA). |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
etsysFWAuthAddressTable |
1.3.6.1.4.1.5624.1.2.37.3.12 |
The firewall has an action to allow traffic only to
IP addresses that have authenticated with the firewall.
After authentication, the authenticated address remains
in a cache as long as there are packets from the address.
This table returns the cached authenticated IP addresses.
The table rows are removed when the IP address is idle
for the number of seconds specified in etsysFWAuthTimeout. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWAuthAddressEntry |
|
etsysFWAuthAddressEntry |
1.3.6.1.4.1.5624.1.2.37.3.12.1 |
A row that defines an authenticated IP address. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWAuthAddressEntry |
|
|
etsysFWAuthAddressIPVersion |
1.3.6.1.4.1.5624.1.2.37.3.12.1.2 |
The Internet Protocol version. The value of this property
affects the size and format of the etsysFWAuthAddressIPAddress
object. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
InetAddressType |
|
|
etsysFWDoSBlockedNumEntries |
1.3.6.1.4.1.5624.1.2.37.3.13 |
The current number of entries in the
etsysFWDoSBlockedTable. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Gauge32 |
|
|
etsysFWDoSBlockedLastChange |
1.3.6.1.4.1.5624.1.2.37.3.14 |
The sysUpTime at which the etsysFWDoSBlockedTable was last
modified. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TimeStamp |
|
|
etsysFWDoSBlockedTable |
1.3.6.1.4.1.5624.1.2.37.3.15 |
Firewalls can provide protection from some common forms of
Denial of Service attacks. The firewall will return the total
number of times the specific DoS attack has been blocked and
the IP address and time of the last blocked attack. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
EtsysFWDoSBlockedEntry |
|
etsysFWDoSBlockedEntry |
1.3.6.1.4.1.5624.1.2.37.3.15.1 |
A row that defines the statistics for a particular DoS attack. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
EtsysFWDoSBlockedEntry |
|
|
etsysFWDoSAttackName |
1.3.6.1.4.1.5624.1.2.37.3.15.1.1 |
The name of a DoS attack. Example names are
'SYN Flood', 'Tear Drop', and 'ICMP Flood'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(1..32) |
|
etsysFWDoSSrcIPVersion |
1.3.6.1.4.1.5624.1.2.37.3.15.1.2 |
The Internet Protocol version. The value of this property
affects the size and format of the etsysFWDoSScrIPAddress
object. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
InetAddressType |
|
|
etsysFWDoSBlockedAttacks |
1.3.6.1.4.1.5624.1.2.37.3.15.1.5 |
The number of times this DoS attack has been blocked since
the last restart of the device. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
etsysFWFirewallConfigGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.2 |
The Firewall Configuration Group for general system parameters. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWFirewallIntfGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.3 |
The Firewall on Interface Enabled Group for enabling
the firewall on individual interfaces. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWSystemPolicyNameGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.4 |
The System Policy Group Name Group. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWInterfacePolicyGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.5 |
The Interface to Policy Table Group. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWGroupPolicyGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.6 |
The Group Policy to Rule Definition Table Group. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWPolicyRuleDefGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.7 |
The Policy Rule Definition Table Group. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWNetworkGroupGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.8 |
The Network Group Network In Network Group Tables Group |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWNetworkGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.9 |
The Network Table Group. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWServiceGroupGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.10 |
The Service Group in Servce Group Tables Group. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWServiceGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.11 |
The Service Table Group. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWFilterGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.12 |
The Filter Table Group. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWCLSFilterGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.13 |
The CLS Filter Table Group. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWHTMLFilterGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.14 |
The HTML Filter Table Group. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWPolicyRuleTrueGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.15 |
The Policy Rule True Table Group. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWSessionTotalsGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.16 |
The Firewall Session Totals Table Group. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWIpSessionGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.17 |
The Firewall IP Sessions Table Group. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWAuthAddressGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.18 |
The Firewall Authenticated Addresses Table Group. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFWDoSBlockedGroup |
1.3.6.1.4.1.5624.1.2.37.4.1.19 |
The Firewall DoS Blocked Attacks Table Group. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
etsysFirewallCompliance |
1.3.6.1.4.1.5624.1.2.37.4.2.1 |
The compliance statement for devices that support the
etsysFirewallMIB. |
Status: current |
Access: read-only |
MODULE-COMPLIANCE |
|
|
|