ZTE-AN-SECURITY-L3-MIB
File:
ZTE-AN-SECURITY-L3-MIB.mib (10309 bytes)
Imported modules
Imported symbols
Defined Values
zxAnSecurityL3Mib |
1.3.6.1.4.1.3902.1082.70.37 |
The MIB module for the layer 3 security management. |
MODULE-IDENTITY |
|
|
|
zxAnSecL3IpSrcDstIpAddrCheckEn |
1.3.6.1.4.1.3902.1082.70.37.2.2.1.1 |
Enable/disable source and destination IP address check function.
When this object is set to enabled(1), the source and destination
IP address of the received packets will be checked, if both
addresses are the same, the packets will be dropped.
|
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
enabled(1), disabled(2) |
|
zxAnSecL3IpSrcRouteCheckEn |
1.3.6.1.4.1.3902.1082.70.37.2.2.1.2 |
Enable/disable IP source route check function.
When this object is set to enabled(1), the received packets with
IP source route option will be dropped.
|
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
enabled(1), disabled(2) |
|
zxAnSecL3TcpSynFldProtectEnable |
1.3.6.1.4.1.3902.1082.70.37.2.3.1.1.1 |
Enable/disable TCP SYN flooding protection function. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
enabled(1), disabled(2) |
|
zxAnSecL3TcpSynFldProtectType |
1.3.6.1.4.1.3902.1082.70.37.2.3.1.1.2 |
TCP SYN flooding protection type.
delHalfOpenAndAccelerateTimeout(1) -- Both delHalfOpen(2) and
accelerateTimeout(3) will be performed when
zxAnSecL3TcpSynFldProtectStatus is defence(3).
delHalfOpen(2) -- TCP half-open connections specified by
zxAnSecL3TcpHalfOpenDels will be deleted, this
action will be performed automatically and periodically
until zxAnSecL3TcpSynFldProtectStatus is not defence(3).
when
zxAnSecL3TcpSynFldProtectStatus is defence(3).
accelerateTimeout(3) -- The system TCP half-open timeout
parameter will be forcely set to the value specified by
zxAnSecL3TcpHalfOpenTimeout when
zxAnSecL3TcpSynFldProtectStatus is defence(3). |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
delHalfOpenAndAccelerateTimeout(1), delHalfOpen(2), accelerateTimeout(3) |
|
zxAnSecL3TcpHalfOpenTimeout |
1.3.6.1.4.1.3902.1082.70.37.2.3.1.1.3 |
Timeout of TCP half-open (SYN-RCVD) status.
This object will be activated when
zxAnSecL3TcpSynFldProtectStatus is defence(3). |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..255 |
|
zxAnSecL3TcpHalfOpenDels |
1.3.6.1.4.1.3902.1082.70.37.2.3.1.1.4 |
Deleting number of TCP half-open connections that cannot be
established each time. This action will be performed automatically
and periodically until zxAnSecL3TcpSynFldProtectStatus
is not defence(3). |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..255 |
|
zxAnSecL3TcpHalfOpenLoThresh |
1.3.6.1.4.1.3902.1082.70.37.2.3.1.1.5 |
TCP half-open connections lowest ratio threshold between
zxAnSecL3TcpHalfOpenConns and zxAnSecL3TcpTotalConns. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..100 |
|
zxAnSecL3TcpHalfOpenHiThresh |
1.3.6.1.4.1.3902.1082.70.37.2.3.1.1.6 |
TCP half-open connections highest ratio threshold between
zxAnSecL3TcpHalfOpenConns and zxAnSecL3TcpTotalConns. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..100 |
|
zxAnSecL3TcpC1MHalfOpenLoThresh |
1.3.6.1.4.1.3902.1082.70.37.2.3.1.1.7 |
TCP half-open connections lowest ratio threshold
between zxAnSecL3TcpC1MHalfOpenConns and zxAnSecL3TcpC1MTotalConns
in current 1 minute.
|
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..100 |
|
zxAnSecL3TcpC1MHalfOpenHiThresh |
1.3.6.1.4.1.3902.1082.70.37.2.3.1.1.8 |
TCP half-open connections highest ratio threshold
between zxAnSecL3TcpC1MHalfOpenConns and zxAnSecL3TcpC1MTotalConns
in current 1 minute.
|
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Integer32 |
0..100 |
|
zxAnSecL3TcpSynFldProtectStatus |
1.3.6.1.4.1.3902.1082.70.37.2.3.1.1.20 |
TCP SYN flooding protection status.
This object will be automatically set as following:
CurrentHoRatio = 100 * zxAnSecL3TcpHalfOpenConns
/ zxAnSecL3TcpTotalConns
Current1MinHoRatio = 100 * zxAnSecL3TcpC1MHalfOpenConns
/ zxAnSecL3TcpC1MTotalConns
If CurrentHoRatio < zxAnSecL3TcpHalfOpenLoThresh
and Current1MinHoRatio < zxAnSecL3TcpC1MHalfOpenLoThresh
zxAnSecL3TcpSynFldProtectStatus will be set to safety(1);
If CurrentHoRatio >= zxAnSecL3TcpHalfOpenHiThresh
or Current1MinHoRatio >= zxAnSecL3TcpC1MHalfOpenHiThresh
zxAnSecL3TcpSynFldProtectStatus will be set to defence(3);
In other cases,
zxAnSecL3TcpSynFldProtectStatus will be set to warning(2). |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
safety(1), warning(2), defence(3) |
|
zxAnSecL3TcpHalfOpenConns |
1.3.6.1.4.1.3902.1082.70.37.2.3.1.1.22 |
Number of TCP half-open connections that cannot be established. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
zxAnSecL3TcpC1MTotalConns |
1.3.6.1.4.1.3902.1082.70.37.2.3.1.1.23 |
Number of all TCP connections in current 1 minute. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
zxAnSecL3TcpC1MHalfOpenConns |
1.3.6.1.4.1.3902.1082.70.37.2.3.1.1.24 |
Number of TCP half-open connections that cannot be established in
current 1 minute. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|