-------------------------------------------------------------------------------- --ACMEPACKET-SECURITY-MIB: Acme Packet SECURITY MIB file -- --April 2008 -- --Copyright (c) by Acme Packet, Inc. --All rights reserved. -------------------------------------------------------------------------------- --This MIB provides a means to gather information about the --Acme Management Interface running at the Net-Net SBC -- APSECURITY-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32, IpAddress, Unsigned32, Counter32 FROM SNMPv2-SMI OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF DisplayString, TruthValue FROM SNMPv2-TC acmepacketMgmt FROM ACMEPACKET-SMI InetAddress, InetAddressType, InetPortNumber FROM INET-ADDRESS-MIB; apSecurityModule MODULE-IDENTITY LAST-UPDATED "201207160000Z" ORGANIZATION "Acme Packet, Inc" CONTACT-INFO " Customer Service Postal: Acme Packet, Inc 100 Crosby Drive Bedford, MA 01730 US Tel: 1-781-328-4400 E-mail: support@acmepacket.com" DESCRIPTION "The Net-Net SECURITY MIB for Acme Packet" REVISION "201207160000Z" DESCRIPTION "Updated contact info" ::= { acmepacketMgmt 9 } apSecurityMIBObjects OBJECT IDENTIFIER ::= { apSecurityModule 1 } apSecurityIPsecTunCount OBJECT-TYPE SYNTAX Unsigned32 UNITS "tunnels" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of IPsec tunnels currently in progress." ::= { apSecurityMIBObjects 1 } apSecurityIPsecTunCapPct OBJECT-TYPE SYNTAX Unsigned32 (0..100) UNITS "%" MAX-ACCESS read-only STATUS current DESCRIPTION "The percentage of licensed IPsec tunnels currently in progress." ::= { apSecurityMIBObjects 2 } apSecurityIkeInterfaceStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF ApSecurityIkeInterfaceStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of Ike statistics per ike-interface for IKE negotiations." ::= { apSecurityMIBObjects 3 } apSecurityIkeInterfaceStatsEntry OBJECT-TYPE SYNTAX ApSecurityIkeInterfaceStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "IKE negotiation statistics for an IKE-interface." INDEX { apSecurityIkeInterfaceType, apSecurityIkeInterfaceAddress } ::= { apSecurityIkeInterfaceStatsTable 1 } ApSecurityIkeInterfaceStatsEntry ::= SEQUENCE { apSecurityIkeInterfaceType InetAddressType, apSecurityIkeInterfaceAddress InetAddress, apSecurityIkeInterfaceCpuOverloadErrors Unsigned32, apSecurityIkeInterfaceInitCookieErrors Unsigned32, apSecurityIkeInterfaceAuthErrors Unsigned32, apSecurityIkeInterfaceEapAccessRequestErrors Unsigned32, apSecurityIkeInterfaceEapAccessChallengeErrors Unsigned32, apSecurityIkeInterfaceTsErrors Unsigned32, apSecurityIkeInterfaceCpErrors Unsigned32, apSecurityIkeInterfaceKeErrors Unsigned32, apSecurityIkeInterfaceProposalErrors Unsigned32, apSecurityIkeInterfaceSyntaxErrors Unsigned32, apSecurityIkeInterfaceCriticalPayloadErrors Unsigned32, apSecurityIkeInterfaceAuthFailureTca Unsigned32, apSecurityIkeInterfaceTunnelRemovalsTca Unsigned32, apSecurityIkeInterfaceDpdTca Unsigned32 } apSecurityIkeInterfaceType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "IPAddress type of the IKE-interface" ::= { apSecurityIkeInterfaceStatsEntry 1 } apSecurityIkeInterfaceAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "IPAddress of the IKE-interface" ::= { apSecurityIkeInterfaceStatsEntry 2 } apSecurityIkeInterfaceCpuOverloadErrors OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of CPU overload rejections on the IKE-interface" ::= { apSecurityIkeInterfaceStatsEntry 3 } apSecurityIkeInterfaceInitCookieErrors OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of IKE COOKIE errors on the IKE-interface" ::= { apSecurityIkeInterfaceStatsEntry 4 } apSecurityIkeInterfaceAuthErrors OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of IKE AUTH payload errors on the IKE-interface" ::= { apSecurityIkeInterfaceStatsEntry 5 } apSecurityIkeInterfaceEapAccessRequestErrors OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of IKE EAP access request errors on the IKE-interface" ::= { apSecurityIkeInterfaceStatsEntry 6 } apSecurityIkeInterfaceEapAccessChallengeErrors OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of IKE EAP access challenge errors on the IKE-interface" ::= { apSecurityIkeInterfaceStatsEntry 7 } apSecurityIkeInterfaceTsErrors OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of IKE TS errors on the IKE-interface" ::= { apSecurityIkeInterfaceStatsEntry 8 } apSecurityIkeInterfaceCpErrors OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of IKE config payload errors on the IKE-interface" ::= { apSecurityIkeInterfaceStatsEntry 9 } apSecurityIkeInterfaceKeErrors OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of IKE KE errors on the IKE-interface" ::= { apSecurityIkeInterfaceStatsEntry 10 } apSecurityIkeInterfaceProposalErrors OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of IKE proposal payload errors on the IKE-interface" ::= { apSecurityIkeInterfaceStatsEntry 11 } apSecurityIkeInterfaceSyntaxErrors OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of IKE Syntax errors on the IKE-interface" ::= { apSecurityIkeInterfaceStatsEntry 12 } apSecurityIkeInterfaceCriticalPayloadErrors OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of IKE critical payload errors on the IKE-interface" ::= { apSecurityIkeInterfaceStatsEntry 13 } apSecurityIkeInterfaceAuthFailureTca OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Dummy object for the IKE authentication failure TCA" ::= { apSecurityIkeInterfaceStatsEntry 14 } apSecurityIkeInterfaceTunnelRemovalsTca OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Dummy object for the IPsec tunnel removals TCA" ::= { apSecurityIkeInterfaceStatsEntry 15 } apSecurityIkeInterfaceDpdTca OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Dummy object for the IKE dead peer detection TCA" ::= { apSecurityIkeInterfaceStatsEntry 16 } apSecurityTacacsTable OBJECT-TYPE SYNTAX SEQUENCE OF ApSecurityTacacsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of all tacacs, including the system-wide consolidated license (always index 1)" ::= { apSecurityMIBObjects 4 } apSecurityTacacsEntry OBJECT-TYPE SYNTAX ApSecurityTacacsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the table of all licenses" INDEX { apSecurityTacacsIndex } ::= { apSecurityTacacsTable 1} ApSecurityTacacsEntry ::= SEQUENCE { apSecurityTacacsIndex Integer32 (1..2147483647), apSecurityTacacsServer DisplayString, apSecurityTacacsCliCommands Unsigned32, apSecurityTacacsSuccessAuthentication Unsigned32, apSecurityTacacsFailureAuthentication Unsigned32, apSecurityTacacsSuccessAuthorization Unsigned32, apSecurityTacacsFailureAuthorization Unsigned32 } apSecurityTacacsIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Unique index for the tacacs table. " ::= { apSecurityTacacsEntry 1 } apSecurityTacacsServer OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Server for last transaction" ::= { apSecurityTacacsEntry 2 } apSecurityTacacsCliCommands OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of CLI commands sent for TACACS+ accounting" ::= { apSecurityTacacsEntry 3 } apSecurityTacacsSuccessAuthentication OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of successful TACACS+ authentication requests" ::= { apSecurityTacacsEntry 4 } apSecurityTacacsFailureAuthentication OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of failed TACACS+ authentication requests" ::= { apSecurityTacacsEntry 5 } apSecurityTacacsSuccessAuthorization OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of successful TACACS+ authorization requests" ::= { apSecurityTacacsEntry 6 } apSecurityTacacsFailureAuthorization OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of failed TACACS+ authorization requests" ::= { apSecurityTacacsEntry 7 } apSecurityOCSRIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "OCSR server IP address." ::= { apSecurityMIBObjects 5 } apSecurityOCSRHostname OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "OCSR server hostname." ::= { apSecurityMIBObjects 6 } apSecurityCrlIssuer OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "CRL issuer name." ::= { apSecurityMIBObjects 7 } apSecurityCspName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Cert-status-profile object name for fetching the CRL. If the CRL is just loaded from local file, then it is specified as file" ::= { apSecurityMIBObjects 8 } apSecurityIkeInterfaceInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF ApSecurityIkeInterfaceInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of Ike Info per ike-interface for IKE negotiations." ::= { apSecurityMIBObjects 9 } apSecurityIkeInterfaceInfoEntry OBJECT-TYPE SYNTAX ApSecurityIkeInterfaceInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "IKE info for an IKE-interface." AUGMENTS { apSecurityIkeInterfaceStatsEntry } ::= { apSecurityIkeInterfaceInfoTable 1 } ApSecurityIkeInterfaceInfoEntry ::= SEQUENCE { apSecurityIkeInterfaceChildSaRequest Unsigned32, apSecurityIkeInterfaceChildSaSuccess Unsigned32, apSecurityIkeInterfaceChildSaFail Unsigned32, apSecurityIkeInterfaceChildSaDelRequest Unsigned32, apSecurityIkeInterfaceChildSaDelSuccess Unsigned32, apSecurityIkeInterfaceChildSaDelFail Unsigned32, apSecurityIkeInterfaceChildSaRekey Unsigned32, apSecurityIkeInterfaceInitialChildSa Unsigned32, apSecurityIkeInterfaceDPDRecvPortChange Unsigned32, apSecurityIkeInterfaceDPDRecvIPChange Unsigned32, apSecurityIkeInterfaceDPDRespRecv Unsigned32, apSecurityIkeInterfaceDPDRespNotRecv Unsigned32, apSecurityIkeInterfaceDPDRecv Unsigned32, apSecurityIkeInterfaceDPDRetran Unsigned32, apSecurityIkeInterfaceDPDSent Unsigned32, apSecurityIkeInterfaceIKESAPacketSent Unsigned32, apSecurityIkeInterfaceIKESAPacketRcv Unsigned32, apSecurityIkeInterfaceIKESAPacketDropped Unsigned32, apSecurityIkeInterfaceAuthFailure Unsigned32, apSecurityIkeInterfaceMsgError Unsigned32, apSecurityIkeInterfaceAuthIDError Unsigned32, apSecurityIkeInterfaceAuthCertCheckRequest Unsigned32, apSecurityIkeInterfaceAuthCertCheckSuccess Unsigned32, apSecurityIkeInterfaceAuthCertCheckFailure Unsigned32, apSecurityIkeInterfaceDDosSent Unsigned32, apSecurityIkeInterfaceDDosRecv Unsigned32, apSecurityIkeInterfaceMessageRetrans Unsigned32, apSecurityIkeInterfaceSAInitMsgRecv Unsigned32, apSecurityIkeInterfaceSAInitMsgSent Unsigned32, apSecurityIkeInterfaceSAEstablishmentAttempts Unsigned32, apSecurityIkeInterfaceSAEstablishmentSuccess Unsigned32, apSecurityIkeInterfaceTunnelRate Unsigned32, apSecurityIkeInterfaceCurrentChildSaPair Unsigned32 } apSecurityIkeInterfaceChildSaRequest OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Child SA Requests on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 1 } apSecurityIkeInterfaceChildSaSuccess OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Child SA Success on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 2 } apSecurityIkeInterfaceChildSaFail OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Child SA Failures on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 3 } apSecurityIkeInterfaceChildSaDelRequest OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Child SA Delete Requests on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 4 } apSecurityIkeInterfaceChildSaDelSuccess OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Child SA Delete Success on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 5 } apSecurityIkeInterfaceChildSaDelFail OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Child SA Delete Failures on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 6 } apSecurityIkeInterfaceChildSaRekey OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Child SA Rekeys on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 7 } apSecurityIkeInterfaceInitialChildSa OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Initial Child SA Establishments on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 8 } apSecurityIkeInterfaceDPDRecvPortChange OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of DPD Port Change Received on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 9 } apSecurityIkeInterfaceDPDRecvIPChange OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of DPD IP Change Received on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 10 } apSecurityIkeInterfaceDPDRespRecv OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of DPD Responses Received on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 11 } apSecurityIkeInterfaceDPDRespNotRecv OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of DPD Responses Not Received on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 12 } apSecurityIkeInterfaceDPDRecv OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of DPD Packets Received on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 13 } apSecurityIkeInterfaceDPDRetran OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of DPD Packets Retransmitted on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 14 } apSecurityIkeInterfaceDPDSent OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of DPD Packets Sent on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 15 } apSecurityIkeInterfaceIKESAPacketSent OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of IKE SA Packets Sent on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 16 } apSecurityIkeInterfaceIKESAPacketRcv OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of IKE SA Packets Received on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 17 } apSecurityIkeInterfaceIKESAPacketDropped OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of IKE SA Packets dropped on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 18 } apSecurityIkeInterfaceAuthFailure OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Authentication Failures on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 19 } apSecurityIkeInterfaceMsgError OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of IKE Message Errors on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 20 } apSecurityIkeInterfaceAuthIDError OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Authentication ID Errors on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 21 } apSecurityIkeInterfaceAuthCertCheckRequest OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Certificate Status Requests on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 22 } apSecurityIkeInterfaceAuthCertCheckSuccess OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Certificate Status Success on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 23 } apSecurityIkeInterfaceAuthCertCheckFailure OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Certificate Status Failures on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 24 } apSecurityIkeInterfaceDDosSent OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of DDoS Sent on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 25 } apSecurityIkeInterfaceDDosRecv OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of DDoS Received on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 26 } apSecurityIkeInterfaceMessageRetrans OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of IKE Message Retransmissions on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 27 } apSecurityIkeInterfaceSAInitMsgRecv OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of IKE_SA_INIT messages received on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 28 } apSecurityIkeInterfaceSAInitMsgSent OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of IKE_SA_INIT messages sent on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 29 } apSecurityIkeInterfaceSAEstablishmentAttempts OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of IKE_SA establishment attempts on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 30 } apSecurityIkeInterfaceSAEstablishmentSuccess OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of IKE_SA establishment success on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 31 } apSecurityIkeInterfaceTunnelRate OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Tunnels per second averaged over 100sec window on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 32 } apSecurityIkeInterfaceCurrentChildSaPair OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Current number of Child Security Association Pairs (Tunnels) on the IKE-interface." ::= { apSecurityIkeInterfaceInfoEntry 33 } -- certificate table (read only) apSecurityCertificateTable OBJECT-TYPE SYNTAX SEQUENCE OF ApSecurityCertificateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of locally installed certifcate." ::= { apSecurityMIBObjects 10 } apSecurityCertificateEntry OBJECT-TYPE SYNTAX ApSecurityCertificateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The certificate entry." INDEX { apSecurityCertificateConfigId, apSecurityCertificateIndex } ::= { apSecurityCertificateTable 1 } ApSecurityCertificateEntry ::= SEQUENCE { apSecurityCertificateConfigId Unsigned32, apSecurityCertificateIndex Unsigned32, apSecurityCertificateRecordName DisplayString, apSecurityCertificateCertSubject DisplayString, apSecurityCertificateCertStart DisplayString, apSecurityCertificateCertExpire DisplayString, apSecurityCertificateCertIssuer DisplayString, apSecurityCertificateCertIsCA TruthValue } apSecurityCertificateConfigId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The internal configuration ID of the certificate. " ::= { apSecurityCertificateEntry 1 } apSecurityCertificateIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The internal index of the certificate. Combined with configuration ID is the unique ID of a certificate " ::= { apSecurityCertificateEntry 2 } apSecurityCertificateRecordName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The SBC's configuration record name for the certificate. " ::= { apSecurityCertificateEntry 3 } apSecurityCertificateCertSubject OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The certificate subject. " ::= { apSecurityCertificateEntry 4 } apSecurityCertificateCertStart OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The start time and date of the certificate. " ::= { apSecurityCertificateEntry 5 } apSecurityCertificateCertExpire OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The expiration time and date of the certificate. " ::= { apSecurityCertificateEntry 6 } apSecurityCertificateCertIssuer OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The issuer of the certificate." ::= { apSecurityCertificateEntry 7 } apSecurityCertificateCertIsCA OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Boolean value indicating if the certificate is a CA certificate." ::= { apSecurityCertificateEntry 8 } apSecurityNotificationObjects OBJECT IDENTIFIER ::= { apSecurityModule 2 } apSecuritySpi OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Tunnel security-policy-index." ::= { apSecurityNotificationObjects 1 } apSecuritySrcIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Source IP address." ::= { apSecurityNotificationObjects 2 } apSecurityDstIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Destination IP address." ::= { apSecurityNotificationObjects 3 } apSecurityIPSECMode OBJECT-TYPE SYNTAX INTEGER { tunnel(0), transport(1) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IPSec mode." ::= { apSecurityNotificationObjects 4 } apSecurityEncryptionAlg OBJECT-TYPE SYNTAX INTEGER { any(0), alg-des(1), alg-3des(2), alg-blowfish(3), alg-aes(4), null(5) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Type of the encryption algorithms supported in the tunnel setup." ::= { apSecurityNotificationObjects 5 } apSecurityAuthAlg OBJECT-TYPE SYNTAX INTEGER { any(0), md5(1), sha1(2) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Type of the authentication algorithms supported in the tunnel setup." ::= { apSecurityNotificationObjects 6 } apSecuritySecProtocol OBJECT-TYPE SYNTAX INTEGER { ah(0), esp(1), esp-auth(2), esp-null(3) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Type of the security protocol supported in the tunnel setup." ::= { apSecurityNotificationObjects 7 } apSecurityFailureCause OBJECT-TYPE SYNTAX INTEGER { incorrect-id(0), incorrect-user-passwd(1), incorrect-shared-secret(2), incorrect-dh-group(3), incorrect-encryption-alg(4), incorrect-auth-alg(5), incorrect-sec-protocol(6), incorrect-hash(7), incorrect-mode(8), service-unavailable(9), access-reject(10), initiator-timeout(11), invalid-certificate(12), authentication-failure(13), authorization-failure(14), accounting-failure(15) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Reason for failure in the IKE, IPSec or RADIUS areas." ::= { apSecurityNotificationObjects 8 } apSecurityFailureArea OBJECT-TYPE SYNTAX INTEGER { ike(0), ipsec(1), radius(2), tacacs(3) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Where the failure happened." ::= { apSecurityNotificationObjects 9 } apSecurityStatus OBJECT-TYPE SYNTAX INTEGER { success (1), failure (2) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Status." ::= { apSecurityNotificationObjects 10 } apSecurityDateTime OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Time as configured at the Net-Net SBC when an event completes." ::= { apSecurityNotificationObjects 11 } apSecurityUser OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "User name" ::= { apSecurityNotificationObjects 12 } apSecurityPeerPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IKE peer port" ::= { apSecurityNotificationObjects 13 } apSecurityPeerIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IKE peer IP address." ::= { apSecurityNotificationObjects 14 } apSecurityCRLServer OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "CRL Server FQDN if configured." ::= { apSecurityNotificationObjects 15 } apSecurityCRLRetrievalFailureCause OBJECT-TYPE SYNTAX INTEGER { internal(0), incorrect-response(1), timeout(2) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Reason for failure in the CRL retrieval." ::= { apSecurityNotificationObjects 16 } apSecurityLastSuccessfulCRLRetrieval OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Last successful CRL retrieval." ::= { apSecurityNotificationObjects 17 } apSecurityCRLServerIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "CRL Server IP address." ::= { apSecurityNotificationObjects 18 } apSecurityGTPProfileName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "GTP Profile Name configured." ::= { apSecurityNotificationObjects 19 } apSecurityGTPHostName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "GGSN Host Name if configured." ::= { apSecurityNotificationObjects 20 } apSecurityGTPLinkFailureCause OBJECT-TYPE SYNTAX INTEGER { internal(0), timeout(1), versionError(2) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Reason for failure in the GTPCRL retrieval." ::= { apSecurityNotificationObjects 21 } apSecurityGTPIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "GGSN IP address." ::= { apSecurityNotificationObjects 22 } apSecuritySrcAddressFamily OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Source IP address family IPv4 or IPv6." ::= { apSecurityNotificationObjects 23 } apSecuritySrcAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Source IP address." ::= { apSecurityNotificationObjects 24 } apSecurityDstAddressFamily OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Destination IP address family IPv4 or IPv6." ::= { apSecurityNotificationObjects 25 } apSecurityDstAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Destination IP address." ::= { apSecurityNotificationObjects 26 } apSecurityPeerAddressFamily OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IKE peer IP address family IPv4 or IPv6." ::= { apSecurityNotificationObjects 27 } apSecurityPeerAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IKE peer IP address." ::= { apSecurityNotificationObjects 28 } -- Notifications apSecurityNotifications OBJECT IDENTIFIER ::= { apSecurityModule 3 } apSecurityAuthNotificationsPrefix OBJECT IDENTIFIER ::= { apSecurityNotifications 1 } apSecurityAuthNotifications OBJECT IDENTIFIER ::= { apSecurityAuthNotificationsPrefix 0 } apSecurityTunnelFailureNotification NOTIFICATION-TYPE OBJECTS { apSecuritySpi, apSecuritySrcIpAddress, apSecurityDstIpAddress, apSecurityFailureCause, apSecurityFailureArea, apSecurityStatus } STATUS current DESCRIPTION "The notification will be generated whenever IPSEC IKEV2 tunnel fails to establish. " ::= { apSecurityAuthNotifications 1 } apSecurityRadiusFailureNotification NOTIFICATION-TYPE OBJECTS { apSecurityUser, apSecurityFailureCause, apSecurityFailureArea, apSecurityStatus } STATUS current DESCRIPTION "The notification will be generated whenever Radius authentication request fails." ::= { apSecurityAuthNotifications 2 } apSecurityAuthFailureThresholdNotification NOTIFICATION-TYPE OBJECTS { apSecurityUser, apSecurityPeerIpAddress, apSecurityPeerPort } STATUS current DESCRIPTION "The notification will be generated when IKE DDos auth-failure-threshold is reached and report mode includes SNMP trap" ::= { apSecurityAuthNotifications 3 } apSecurityTacacsFailureNotification NOTIFICATION-TYPE OBJECTS { apSecurityUser, apSecurityFailureCause, apSecurityFailureArea, apSecurityStatus } STATUS current DESCRIPTION "The notification will be generated whenever TACACS authentication requests fail." ::= { apSecurityAuthNotifications 4 } apSecurityTunnelFailureInetNotification NOTIFICATION-TYPE OBJECTS { apSecuritySpi, apSecuritySrcAddressFamily, apSecuritySrcAddress, apSecurityDstAddressFamily, apSecurityDstAddress, apSecurityFailureCause, apSecurityFailureArea, apSecurityStatus } STATUS current DESCRIPTION "The notification will be generated whenever IPSEC IKEV2 tunnel fails to establish. " ::= { apSecurityAuthNotifications 5 } apSecurityAuthFailureThresholdInetNotification NOTIFICATION-TYPE OBJECTS { apSecurityUser, apSecurityPeerAddressFamily, apSecurityPeerAddress, apSecurityPeerPort } STATUS current DESCRIPTION "The notification will be generated when IKE DDos auth-failure-threshold is reached and report mode includes SNMP trap" ::= { apSecurityAuthNotifications 6 } apSecurityGeneralNotificationsPrefix OBJECT IDENTIFIER ::= { apSecurityNotifications 2 } apSecurityGeneralNotifications OBJECT IDENTIFIER ::= { apSecurityGeneralNotificationsPrefix 0 } apSecurityTunnelDPDNotification NOTIFICATION-TYPE OBJECTS { apSecuritySpi, apSecuritySrcIpAddress, apSecurityDstIpAddress, apSecurityFailureArea, apSecurityStatus } STATUS current DESCRIPTION "The notification will be generated whenever IPSEC IKEV2 tunnel fails due to Dead Peer Detection(DPD). " ::= { apSecurityGeneralNotifications 1 } apSecurityIPsecTunCapNotification NOTIFICATION-TYPE OBJECTS { apSecurityIPsecTunCapPct } STATUS current DESCRIPTION "This notification is sent when the percentage of licensed IPsec tunnels exceeds an IPsec tunnel alarm threshold. The apSecurityIPsecTunCapPct object indicates the current percentage." ::= { apSecurityGeneralNotifications 2 } apSecurityIPsecTunCapClearNotification NOTIFICATION-TYPE OBJECTS { apSecurityIPsecTunCapPct } STATUS current DESCRIPTION "This trap is sent when the percentage of licensed IPsec tunnels no longer exceeds an IPsec tunnel alarm threshold. The apSecurityIPsecTunCapPct object indicates the current percentage." ::= { apSecurityGeneralNotifications 3 } apSecurityTunnelDPDInetNotification NOTIFICATION-TYPE OBJECTS { apSecuritySpi, apSecuritySrcAddressFamily, apSecuritySrcAddress, apSecurityDstAddressFamily, apSecurityDstAddress, apSecurityFailureArea, apSecurityStatus } STATUS current DESCRIPTION "The notification will be generated whenever IPSEC IKEV2 tunnel fails due to Dead Peer Detection(DPD). " ::= { apSecurityGeneralNotifications 4 } apSecurityOCSRNotificationsPrefix OBJECT IDENTIFIER ::= { apSecurityNotifications 3 } apSecurityOCSRNotifications OBJECT IDENTIFIER ::= { apSecurityOCSRNotificationsPrefix 0 } apSecurityOCSRDownNotification NOTIFICATION-TYPE OBJECTS { apSecurityOCSRHostname, apSecurityOCSRIpAddress } STATUS current DESCRIPTION "This notification is sent when a OCSR server becomes unreachable." ::= { apSecurityOCSRNotifications 1 } apSecurityOCSRUpNotification NOTIFICATION-TYPE OBJECTS { apSecurityOCSRHostname, apSecurityOCSRIpAddress } STATUS current DESCRIPTION "This notification is sent when a OCSR server becomes reachable." ::= { apSecurityOCSRNotifications 2 } apSecurityCrlNotificationsPrefix OBJECT IDENTIFIER ::= { apSecurityNotifications 4 } apSecurityCrlNotifications OBJECT IDENTIFIER ::= { apSecurityCrlNotificationsPrefix 0 } apSecurityCrlInvalidNotification NOTIFICATION-TYPE OBJECTS { apSecurityCrlIssuer, apSecurityCspName } STATUS current DESCRIPTION "This notification is sent when an invalid CRL is detected." ::= { apSecurityCrlNotifications 1 } apSecurityCRLRetrievalNotificationsPrefix OBJECT IDENTIFIER ::= { apSecurityNotifications 5 } apSecurityCRLRetrievalNotifications OBJECT IDENTIFIER ::= { apSecurityCRLRetrievalNotificationsPrefix 0 } apSecurityCRLRetrievalFailNotification NOTIFICATION-TYPE OBJECTS { apSecurityCRLServer, apSecurityCRLRetrievalFailureCause, apSecurityLastSuccessfulCRLRetrieval, apSecurityCRLServerIPAddress } STATUS current DESCRIPTION "This notification is sent when there is a failure in CRL retrieval." ::= { apSecurityCRLRetrievalNotifications 1 } apSecurityCRLRetrievalClearNotification NOTIFICATION-TYPE OBJECTS { apSecurityCRLServer, apSecurityCRLServerIPAddress } STATUS current DESCRIPTION "This notification is sent when there is a success in CRL retrieval." ::= { apSecurityCRLRetrievalNotifications 2 } -- certificate expiration notifications apSecurityCertNotificationsPrefix OBJECT IDENTIFIER ::= { apSecurityNotifications 6 } apSecurityCertNotifications OBJECT IDENTIFIER ::= { apSecurityCertNotificationsPrefix 0 } apSecurityCertExpiredNotification NOTIFICATION-TYPE OBJECTS { apSecurityCertificateRecordName, apSecurityCertificateCertSubject, apSecurityCertificateCertExpire, apSecurityCertificateCertIssuer } STATUS current DESCRIPTION "The notification will be generated periodically if a locally installed certificate has expired. " ::= { apSecurityCertNotifications 1 } apSecurityCertExpireSoonNotification NOTIFICATION-TYPE OBJECTS { apSecurityCertificateRecordName, apSecurityCertificateCertSubject, apSecurityCertificateCertExpire, apSecurityCertificateCertIssuer } STATUS current DESCRIPTION "The notification will be generated periodically if a locally installed certificate will soon expire. " ::= { apSecurityCertNotifications 2 } apSecurityGTPFailureNotificationsPrefix OBJECT IDENTIFIER ::= { apSecurityNotifications 7 } apSecurityGTPFailureNotifications OBJECT IDENTIFIER ::= { apSecurityGTPFailureNotificationsPrefix 0 } apSecurityGTPLinkFailureNotification NOTIFICATION-TYPE OBJECTS { apSecurityGTPProfileName, apSecurityGTPHostName, apSecurityGTPLinkFailureCause, apSecurityGTPIPAddress } STATUS current DESCRIPTION "This notification is sent when there is a link failure with GGSN on GTP Profile." ::= { apSecurityGTPFailureNotifications 1 } apSecurityGTPLinkClearNotification NOTIFICATION-TYPE OBJECTS { apSecurityGTPProfileName, apSecurityGTPHostName, apSecurityGTPIPAddress } STATUS current DESCRIPTION "This notification is sent when the link is restored with GGSN on GTP Profile." ::= { apSecurityGTPFailureNotifications 2 } -- Conformance information apSecurityConformance OBJECT IDENTIFIER ::= { apSecurityModule 4 } apSecurityCompliances OBJECT IDENTIFIER ::= { apSecurityConformance 1 } apSecurityGroups OBJECT IDENTIFIER ::= { apSecurityConformance 2 } apSecurityNotificationsGroups OBJECT IDENTIFIER ::= { apSecurityConformance 3 } ------objects group apSecurityIPsecTunnelsObjectsGroup OBJECT-GROUP OBJECTS { apSecurityIPsecTunCount, apSecurityIPsecTunCapPct } STATUS current DESCRIPTION "Objects for monitoring IPsec tunnel capacity." ::= { apSecurityGroups 1 } apSecurityIkeInterfaceObjectsGroup OBJECT-GROUP OBJECTS { apSecurityIkeInterfaceInitCookieErrors, apSecurityIkeInterfaceAuthErrors, apSecurityIkeInterfaceEapAccessRequestErrors, apSecurityIkeInterfaceEapAccessChallengeErrors, apSecurityIkeInterfaceTsErrors, apSecurityIkeInterfaceCpErrors, apSecurityIkeInterfaceKeErrors, apSecurityIkeInterfaceProposalErrors, apSecurityIkeInterfaceSyntaxErrors, apSecurityIkeInterfaceCriticalPayloadErrors } STATUS current DESCRIPTION "Objects for monitoring IKE negotiation errors." ::= { apSecurityGroups 2 } apSecurityTacacsObjectsGroup OBJECT-GROUP OBJECTS { apSecurityTacacsServer, apSecurityTacacsCliCommands, apSecurityTacacsSuccessAuthentication, apSecurityTacacsFailureAuthentication, apSecurityTacacsSuccessAuthorization, apSecurityTacacsFailureAuthorization } STATUS current DESCRIPTION "Objects for monitoring TACACS+ transactions." ::= { apSecurityGroups 3 } apSecurityCertObjectsGroup OBJECT-GROUP OBJECTS { apSecurityCertificateRecordName, apSecurityCertificateCertSubject, apSecurityCertificateCertStart, apSecurityCertificateCertExpire, apSecurityCertificateCertIssuer, apSecurityCertificateCertIsCA } STATUS current DESCRIPTION "Objects for managing locally installed certificates. " ::= { apSecurityGroups 4 } apSecurityIkeInterfaceInfoObjectsGroup OBJECT-GROUP OBJECTS { apSecurityIkeInterfaceTunnelRate, apSecurityIkeInterfaceCurrentChildSaPair } STATUS current DESCRIPTION "Objects for monitoring IKE interface tunnel information" ::= { apSecurityGroups 5 } -- notification groups apSecurityNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { apSecurityTunnelFailureNotification, apSecurityRadiusFailureNotification, apSecurityTunnelDPDNotification, apSecurityTacacsFailureNotification } STATUS current DESCRIPTION "A collection of notifications for security " ::= { apSecurityNotificationsGroups 1 } apSecurityIPsecTunnelsNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { apSecurityIPsecTunCapNotification, apSecurityIPsecTunCapClearNotification } STATUS current DESCRIPTION "A collection of notifications for IPsec tunnel capacity." ::= { apSecurityNotificationsGroups 2 } apSecurityDDosNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { apSecurityAuthFailureThresholdNotification } STATUS current DESCRIPTION "A collection of notifications for IKEv2 DDos " ::= { apSecurityNotificationsGroups 3 } apSecurityOCSRNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { apSecurityOCSRDownNotification, apSecurityOCSRUpNotification } STATUS current DESCRIPTION "A collection of notifications for OCSRs " ::= { apSecurityNotificationsGroups 4 } apSecurityCrlNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { apSecurityCrlInvalidNotification } STATUS current DESCRIPTION "A collection of notifications for CRLs " ::= { apSecurityNotificationsGroups 5 } apSecurityCRLRetrievalNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { apSecurityCRLRetrievalFailNotification, apSecurityCRLRetrievalClearNotification } STATUS current DESCRIPTION "A collection of notifications for CRL Retrieval " ::= { apSecurityNotificationsGroups 6 } apSecurityCertNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { apSecurityCertExpiredNotification, apSecurityCertExpireSoonNotification } STATUS current DESCRIPTION "A collection of notifications for CRLs " ::= { apSecurityNotificationsGroups 7 } apSecurityGTPNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { apSecurityGTPLinkFailureNotification, apSecurityGTPLinkClearNotification } STATUS current DESCRIPTION "A collection of notifications for GTP peer communication " ::= { apSecurityNotificationsGroups 8 } apSecurityNotificationsInetGroup NOTIFICATION-GROUP NOTIFICATIONS { apSecurityTunnelFailureInetNotification, apSecurityRadiusFailureNotification, apSecurityTunnelDPDInetNotification, apSecurityTacacsFailureNotification } STATUS current DESCRIPTION "A collection of notifications for security " ::= { apSecurityNotificationsGroups 9 } apSecurityDDosNotificationsInetGroup NOTIFICATION-GROUP NOTIFICATIONS { apSecurityAuthFailureThresholdInetNotification } STATUS current DESCRIPTION "A collection of notifications for IKEv2 DDos " ::= { apSecurityNotificationsGroups 10 } END