-- ************************************************************************** -- * * -- * * -- * Hirschmann Automation and Control GmbH * -- * * -- * P.O. Box 1649 * -- * D-72602 Nuertingen * -- * Germany * -- * * -- * * -- * Hirschmann Security Devices MIB Revision 2 * -- * * -- * Date: 08-dec-2008 * -- * * -- * * -- * Dies ist die SNMP Security MIB fuer Hirschmann Eagle. * -- * * -- * Sollten Sie weitere Fragen haben, wenden Sie sich bitte an ihren * -- * Hirschmann-Vertragspartner. * -- * * -- * Aktuelle Hirschmann-Infos zu unseren Produkten erhalten Sie ueber * -- * unseren WWW-Server unter http://www.hirschmann-ac.com * -- * * -- * This is the SNMP Security MIB for the Hirschmann Eagle * -- * * -- * If you have any further questions please contact your * -- * Hirschmann contractual partner. * -- * * -- * You can access current information about Hirschmann products * -- * via our WWW server on http://www.hirschmann-ac.com * -- * * -- ************************************************************************** HMSECURITY2-MIB DEFINITIONS ::= BEGIN IMPORTS NOTIFICATION-TYPE, OBJECT-IDENTITY, MODULE-IDENTITY, OBJECT-TYPE, enterprises, Integer32, IpAddress, Counter32, TimeTicks FROM SNMPv2-SMI PhysAddress, DisplayString, RowStatus, MacAddress, TEXTUAL-CONVENTION, TestAndIncr FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB SnmpTagValue, SnmpTagList FROM SNMP-TARGET-MIB InetPortNumber FROM INET-ADDRESS-MIB -- [RFC3291] hmLastIpAddr FROM HMPRIV-MGMT-SNMP-MIB hmLastLoginUserName FROM HMPRIV-MGMT-SNMP-MIB; hmSecurity2 MODULE-IDENTITY LAST-UPDATED "201601261200Z" -- Jan 26, 2016 ORGANIZATION "Hirschmann Automation and Control GmbH" CONTACT-INFO "Customer Support Postal: Hirschmann Automation and Control GmbH Stuttgarter Str. 45-51 72654 Neckartenzlingen Germany Phone: +49 7127 - 14 -0 E-mail: hac.support@belden.com" DESCRIPTION "The Hirschmann Private Security MIB definitions." REVISION "200812081200Z" -- December 08, 2008 DESCRIPTION "Minor changes." REVISION "200809301200Z" -- September 30, 2008 DESCRIPTION "Minor changes." REVISION "201005201200Z" -- May 20, 2010 DESCRIPTION "Minor changes." REVISION "201210021200Z" -- Oct 02, 2012 DESCRIPTION "Published as is." REVISION "201310221200Z" -- Oct 22, 2013 DESCRIPTION "Published as is." REVISION "201501231200Z" -- Jan 23, 2015 DESCRIPTION "Published as is." REVISION "201601261200Z" -- Jan 26, 2016 DESCRIPTION "Published as is." ::= { hirschmann 52 } -- -- Textual conventions for this MIB -- -- DIFwRuleActivate ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Digital-Input dependent Firewall rules activation" SYNTAX INTEGER { high-active(1), low-active(2) } -- -- hmSecurity2 / Hirschmann Security Devices MIB Revision 2 -- -- hirschmann OBJECT IDENTIFIER ::= { enterprises 248 } hmSecurity2Objects OBJECT IDENTIFIER ::= { hmSecurity2 1 } -- device related variables hmSec2Device OBJECT IDENTIFIER ::= { hmSecurity2Objects 1 } -- management agent variables -- includes configuration storage, diagnosis and other features hmSec2Agent OBJECT IDENTIFIER ::= { hmSecurity2Objects 2 } -- security related variables hmSec2Security OBJECT IDENTIFIER ::= { hmSecurity2Objects 3 } -- firewall related variables hmSec2Firewall OBJECT IDENTIFIER ::= { hmSecurity2Objects 11 } -- network configuration variables hmSec2Network OBJECT IDENTIFIER ::= { hmSecurity2Objects 12 } -- VPN related variables hmSec2Vpn OBJECT IDENTIFIER ::= { hmSecurity2Objects 13 } -- redundancy related variables hmSec2Redundancy OBJECT IDENTIFIER ::= { hmSecurity2Objects 14 } -- NAT related variables hmSec2Nat OBJECT IDENTIFIER ::= { hmSecurity2Objects 15 } -- general related info variables hmSec2Info OBJECT IDENTIFIER ::= { hmSecurity2Objects 20 } -- -- Web Server Management Definitions -- -- hmSec2WebGroup OBJECT IDENTIFIER ::= { hmSec2Agent 3 } hmSec2WebLoginAccessWeb OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables/Disables Web access to the device." DEFVAL { enable } ::= { hmSec2WebGroup 1 } hmSec2WebLoginTimeoutWeb OBJECT-TYPE SYNTAX INTEGER (0..120) MAX-ACCESS read-write STATUS current DESCRIPTION "Timeout for Web connections in minutes." DEFVAL { 5 } ::= { hmSec2WebGroup 2 } hmSec2WebHttpsPortNumber OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The port number of the https web server. To activate the port number the device has to be restarted." DEFVAL { 443 } ::= { hmSec2WebGroup 6 } hmSec2WebSNMPoverHTTPS OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables/Disables Web tunneling SNMP over HTTPS." DEFVAL { disable } ::= { hmSec2WebGroup 7 } hmSec2WebHttpsCertFingerPrintType OBJECT-TYPE SYNTAX INTEGER { sha1(1), sha256(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Controls HTTPS certificate fingerprint generation. If set to 'sha1' hmSec2WebHttpsCertFingerPrint will show the SHA1 fingerprint of the certificate." DEFVAL { sha256 } ::= { hmSec2WebGroup 8 } hmSec2WebHttpsCertFingerPrint OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The HTTPS certificate fingerprint as hash. The type of the hash is defined with hmSec2WebHttpsCertFingerPrintType." ::= { hmSec2WebGroup 9 } -- -- Command Line Interface Management Definitions -- -- hmSec2CliGroup OBJECT IDENTIFIER ::= { hmSec2Agent 4 } hmSec2CliLoginPrompt OBJECT-TYPE SYNTAX DisplayString (SIZE(0..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "Prompt string for the command line interface." DEFVAL { "" } ::= { hmSec2CliGroup 1 } hmSec2CliLoginTimeoutSerial OBJECT-TYPE SYNTAX INTEGER (0..120) MAX-ACCESS read-write STATUS current DESCRIPTION "Timeout for serial connections in minutes. If the value is set to 0, there will be no idle logout at all." DEFVAL { 5 } ::= { hmSec2CliGroup 2 } hmSec2CliLoginTimeoutSSH OBJECT-TYPE SYNTAX INTEGER (1..120) MAX-ACCESS read-write STATUS current DESCRIPTION "Timeout for SSH connections in minutes." DEFVAL { 5 } ::= { hmSec2CliGroup 3 } hmSec2CliLoginTimeoutTelnet OBJECT-TYPE SYNTAX INTEGER (1..120) MAX-ACCESS read-write STATUS current DESCRIPTION "Timeout for Telnet connections in minutes." DEFVAL { 5 } ::= { hmSec2CliGroup 4 } hmSec2CliLoginAccessSSH OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables/Disables CLI access to the device over SSH." DEFVAL { enable } ::= { hmSec2CliGroup 6 } hmSec2CliLoginAccessTelnet OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables/Disables CLI access to the device over Telnet." DEFVAL { disable } ::= { hmSec2CliGroup 7 } hmSec2CliLoginSshPortNumber OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The port number of the ssh login server. To activate the port number the device has to be restarted." DEFVAL { 22 } ::= { hmSec2CliGroup 8 } hmSec2CliLoginFingerPrintDSA OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "The local DSA fingerprint for SSH connections." ::= { hmSec2CliGroup 9 } hmSec2CliLoginFingerPrintRSA OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "The local RSA fingerprint for SSH connections." ::= { hmSec2CliGroup 10 } hmSec2CliLoginDefaultPasswordActive OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This variable displays if there are currently default passwords set for priviledged users." ::= { hmSec2CliGroup 11 } -- -- File Management Definitions -- -- hmSec2FileManagementGroup OBJECT IDENTIFIER ::= { hmSec2Agent 5 } hmSec2FileManagementActionGroup OBJECT IDENTIFIER ::= { hmSec2FileManagementGroup 1 } hmSec2FMActionType OBJECT-TYPE SYNTAX INTEGER { other (1), copy (2), clear (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Type of the action to be performed." DEFVAL { copy } ::= { hmSec2FileManagementActionGroup 1 } hmSec2FMActionItemType OBJECT-TYPE SYNTAX INTEGER { config (1), firmware (2), eventlog (3), certs (4), sysinfo (5) } MAX-ACCESS read-write STATUS current DESCRIPTION "Type of the item to be processed." DEFVAL { config } ::= { hmSec2FileManagementActionGroup 2 } hmSec2FMActionSourceType OBJECT-TYPE SYNTAX INTEGER { nv (1), aca (2), running-config (3), system (4) } MAX-ACCESS read-write STATUS current DESCRIPTION "Type of the source object to be processed." DEFVAL { running-config } ::= { hmSec2FileManagementActionGroup 3 } hmSec2FMActionSourceData OBJECT-TYPE SYNTAX DisplayString (SIZE(0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "Additional Data for the source object. This could be a profile name or URL" DEFVAL { "" } ::= { hmSec2FileManagementActionGroup 4 } hmSec2FMActionDestinationType OBJECT-TYPE SYNTAX INTEGER { nv (1), aca (2), running-config (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Type of the destination object to be processed." DEFVAL { nv } ::= { hmSec2FileManagementActionGroup 5 } hmSec2FMActionDestinationData OBJECT-TYPE SYNTAX DisplayString (SIZE(0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "Additional Data for the source object. This could be a profile name or URL" DEFVAL { "" } ::= { hmSec2FileManagementActionGroup 6 } hmSec2FMActionActivate OBJECT-TYPE SYNTAX INTEGER { other (1), activate (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If set to activate(2), the action will be started. When read, this variable returns always other(1)." DEFVAL { other } ::= { hmSec2FileManagementActionGroup 7 } hmSec2FMActionActivateResult OBJECT-TYPE SYNTAX INTEGER { ok (1), param-error (2), busy (3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Either returns ok(1) if the action is successfully started or param-error(2) if there is some problem with the given parameters or returns busy(3) if there is still an action in progress." DEFVAL { ok } ::= { hmSec2FileManagementActionGroup 8 } hmSec2FMActionActivateResultText OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Text describing why the start of the operation has failed." ::= { hmSec2FileManagementActionGroup 9 } hmSec2FMActionStatus OBJECT-TYPE SYNTAX INTEGER { idle (1), running (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Returns the running status of the action." ::= { hmSec2FileManagementActionGroup 10 } hmSec2FMActionPercentReady OBJECT-TYPE SYNTAX INTEGER (0..100) MAX-ACCESS read-only STATUS current DESCRIPTION "Estimation of how many percent of the operation is done." ::= { hmSec2FileManagementActionGroup 11 } hmSec2FMActionResult OBJECT-TYPE SYNTAX INTEGER { ok (1), error (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Error Status of the last action which has been performed." ::= { hmSec2FileManagementActionGroup 12 } hmSec2FMActionResultText OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "either OK or a descriptive text giving a reason why the last operation failed" ::= { hmSec2FileManagementActionGroup 13 } hmSec2FileManagementProfileGroup OBJECT IDENTIFIER ::= { hmSec2FileManagementGroup 2 } -- -- Profiles in non volative memory -- hmSec2FMNvProfileTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2FMNvProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of Profiles stored in NV memory." ::= { hmSec2FileManagementProfileGroup 1 } hmSec2FMNvProfileEntry OBJECT-TYPE SYNTAX HmSec2FMNvProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A profile entry." INDEX { hmSec2FMNvProfileIndex } ::= { hmSec2FMNvProfileTable 1 } HmSec2FMNvProfileEntry ::= SEQUENCE { hmSec2FMNvProfileIndex INTEGER, hmSec2FMNvProfileName DisplayString, hmSec2FMNvProfileDateTime TimeTicks, hmSec2FMNvProfileActive INTEGER, hmSec2FMNvProfileAction INTEGER } hmSec2FMNvProfileIndex OBJECT-TYPE SYNTAX INTEGER (1..100) MAX-ACCESS read-only STATUS current DESCRIPTION "Index of the profile entry." ::= { hmSec2FMNvProfileEntry 1 } hmSec2FMNvProfileName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "name of entry consisting of alphanumeric characters plus hyphen and underscore." ::= { hmSec2FMNvProfileEntry 2 } hmSec2FMNvProfileDateTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Time and Date of last write access using the content of the variable hmSystemTime." ::= { hmSec2FMNvProfileEntry 3 } hmSec2FMNvProfileActive OBJECT-TYPE SYNTAX INTEGER { active (1), inactive (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Setting the variable to active(1) enables the profile so that it will be used the next time the configuration is reloaded. Setting the value to inactive(2) is not allowed since there must be always one profile active." ::= { hmSec2FMNvProfileEntry 4 } hmSec2FMNvProfileAction OBJECT-TYPE SYNTAX INTEGER{ other (1), delete (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action to be performed on the profile entry. setting the value to delete(2) erases the profile. If it was the active profile then the first entry in the list becomes the active entry if the list is not empty. On reading the variable always returns other(1)." ::= { hmSec2FMNvProfileEntry 5 } -- -- Profiles on auto configuration adapter -- hmSec2FMAcaProfileTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2FMAcaProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of Profiles stored in NV memory." ::= { hmSec2FileManagementProfileGroup 2 } hmSec2FMAcaProfileEntry OBJECT-TYPE SYNTAX HmSec2FMAcaProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A profile entry." INDEX { hmSec2FMAcaProfileIndex } ::= { hmSec2FMAcaProfileTable 1 } HmSec2FMAcaProfileEntry ::= SEQUENCE { hmSec2FMAcaProfileIndex INTEGER, hmSec2FMAcaProfileName DisplayString, hmSec2FMAcaProfileDateTime TimeTicks, hmSec2FMAcaProfileActive INTEGER, hmSec2FMAcaProfileAction INTEGER } hmSec2FMAcaProfileIndex OBJECT-TYPE SYNTAX INTEGER (1..100) MAX-ACCESS read-only STATUS current DESCRIPTION "Index of the profile entry." ::= { hmSec2FMAcaProfileEntry 1 } hmSec2FMAcaProfileName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "name of entry consisting of alphanumeric characters plus hyphen and underscore." ::= { hmSec2FMAcaProfileEntry 2 } hmSec2FMAcaProfileDateTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "Time and Date of last write access using the content of the variable hmSystemTime." ::= { hmSec2FMAcaProfileEntry 3 } hmSec2FMAcaProfileActive OBJECT-TYPE SYNTAX INTEGER { active (1), inactive (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Setting the variable to active(1) enables the profile so that it will be used the next time the configuration is reloaded. Setting the value to inactive(2) is not allowed since there must be always one profile active." ::= { hmSec2FMAcaProfileEntry 4 } hmSec2FMAcaProfileAction OBJECT-TYPE SYNTAX INTEGER{ other (1), delete (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action to be performed on the profile entry. setting the value to delete(2) erases the profile. Reading the variable always returns other(1)." ::= { hmSec2FMAcaProfileEntry 5 } hmSec2FileManagementStatusGroup OBJECT IDENTIFIER ::= { hmSec2FileManagementGroup 3 } hmSec2FMNvState OBJECT-TYPE SYNTAX INTEGER{ ok (1), out-of-sync (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This variable returns ok(1) if the contents of the running-config is the same as the currently, out-of-sync(2) if there are any differences. used configuration in NV memory." ::= { hmSec2FileManagementStatusGroup 1 } hmSec2FMAcaState OBJECT-TYPE SYNTAX INTEGER{ ok (1), out-of-sync (2), absent (3), autodisabled (4) } MAX-ACCESS read-only STATUS current DESCRIPTION "This variable returns ok(1) if the contents of the currently used configuration on the ACA is the same than that stored in NV memory, out-of-sync(2) if there are any differences. If the value is absent(3), then the auto config adapter is not connected. In case of autodisabled(4) the USB port or the auto configuration adapter has been disabled." ::= { hmSec2FileManagementStatusGroup 2 } -- -- Logging Definitions -- -- hmSec2LoggingGroup OBJECT IDENTIFIER ::= { hmSec2Agent 10 } hmSec2LoggingGeneral OBJECT IDENTIFIER ::= { hmSec2LoggingGroup 1 } hmSec2SyslogServerIPAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "IP address of syslog server for logging. Set this value to 0.0.0.0 to disable transmission to syslog server." DEFVAL { '00000000'H } -- 0.0.0.0 ::= { hmSec2LoggingGeneral 1 } hmSec2SyslogServerUdpPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-write STATUS current DESCRIPTION "UDP port used for syslog server transmission. If this value is zero then the default port 514 is used." DEFVAL { 514 } ::= { hmSec2LoggingGeneral 2 } hmSec2LogPermFileSize OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum persistent logfile size on ACA in Kbytes (0..4096). If this value is zero logging is disabled." DEFVAL { 0 } ::= { hmSec2LoggingGeneral 3 } hmSec2LogPermFilesMax OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum number of persistent logfiles on ACA (0..99). If this value is zero logging and archiving is disabled." DEFVAL { 0 } ::= { hmSec2LoggingGeneral 4 } hmSec2LogPermFilesLock OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable locking of persistent logfiles on ACA. If it is enabled the ACA could be plugged-in/out securely." DEFVAL { disable } ::= { hmSec2LoggingGeneral 5 } hmSec2SyslogServer2IPAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "IP address of second syslog server for logging. Set this value to 0.0.0.0 to disable transmission to syslog server." DEFVAL { '00000000'H } -- 0.0.0.0 ::= { hmSec2LoggingGeneral 6 } hmSec2SyslogServer2UdpPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-write STATUS current DESCRIPTION "UDP port used for second syslog server transmission. If this value is zero then the default port 514 is used." DEFVAL { 514 } ::= { hmSec2LoggingGeneral 7 } -- -- Log level table -- hmSec2LogLevelTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2LogLevelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of log levels for various log categories" ::= { hmSec2LoggingGroup 2 } hmSec2LogLevelEntry OBJECT-TYPE SYNTAX HmSec2LogLevelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2LogLevelIndex } ::= { hmSec2LogLevelTable 1 } HmSec2LogLevelEntry ::= SEQUENCE { hmSec2LogLevelIndex INTEGER, -- facility hmSec2LogLevelUpto INTEGER, -- severity hmSec2LogLevelName DisplayString, -- facility name hmSec2LogLevelDesc DisplayString, -- facility description hmSec2LogLevelPerm INTEGER -- facility logging } hmSec2LogLevelIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "An index that uniquely identifies the entry in the table and so the log facility." ::= { hmSec2LogLevelEntry 1 } hmSec2LogLevelUpto OBJECT-TYPE SYNTAX INTEGER { emergency(1), alert(2), critical(3), error(4), warning(5), notice(6), info(7), debug(8) } MAX-ACCESS read-write STATUS current DESCRIPTION "Log level" DEFVAL { warning } ::= { hmSec2LogLevelEntry 2 } hmSec2LogLevelName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..15)) MAX-ACCESS read-only STATUS current DESCRIPTION "Name of log facility" ::= { hmSec2LogLevelEntry 3 } hmSec2LogLevelDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..127)) MAX-ACCESS read-only STATUS current DESCRIPTION "Description of log facility" ::= { hmSec2LogLevelEntry 4 } hmSec2LogLevelPerm OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable logging to persistent logfile on ACA for log facility" DEFVAL { disable } ::= { hmSec2LogLevelEntry 5 } --************************************************************************************** -- hmSec2UserConfigGroup --************************************************************************************** hmSec2UserConfigGroup OBJECT IDENTIFIER ::= { hmSec2Agent 20 } hmSec2UserConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2UserConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "User Config Table. This table provides the functionality the system uses for any interaction started by the user - Authentication, Encryption - changing authentication, password and access mode for login purposes through CLI, SSH, SNMPv3 ,. The authentication is done through a policy defined in the hmSec2UserAuthenticationList for CLI, SSH, ... ,. For SNMPv3 the standard SNMPv3 authentication/encryption methods are used. To create a new user set hmSec2UserStatus to 'createAndWait, and set the corresponding objects to their values. Setting hmSec2UserStatus to 'active' activates the user. To delete a user set hmSec2UserStatus to 'destroy'. Creating a new user in the hmSec2UserConfigTable also creates a new user in the SNMPv3 tables. All objects in this table can be set while a row is 'active'." ::= { hmSec2UserConfigGroup 1 } hmSec2UserConfigEntry OBJECT-TYPE SYNTAX HmSec2UserConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "User Config Entry" INDEX { IMPLIED hmSec2UserName } ::= { hmSec2UserConfigTable 1 } HmSec2UserConfigEntry ::= SEQUENCE { hmSec2UserName SnmpAdminString, hmSec2UserPassword DisplayString, hmSec2UserAccessMode INTEGER, hmSec2UserSnmpAuthenticationType INTEGER, hmSec2UserSnmpEncryptionType INTEGER, hmSec2UserAuthenticationList SnmpTagList, hmSec2UserStatus RowStatus } hmSec2UserName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..128)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Agent User Name." ::= { hmSec2UserConfigEntry 1 } hmSec2UserPassword OBJECT-TYPE SYNTAX DisplayString (SIZE(4..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "Agent User Password This object will always return '********' even if a password is set. The User Password can be set while the row is active." DEFVAL { "" } ::= { hmSec2UserConfigEntry 2 } hmSec2UserAccessMode OBJECT-TYPE SYNTAX INTEGER { no-access(0), read-access(1), read-write-access(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Agent User Access Mode. The User Access Mode can be set while the row is active." DEFVAL { no-access } ::= { hmSec2UserConfigEntry 3 } hmSec2UserSnmpAuthenticationType OBJECT-TYPE SYNTAX INTEGER { none(0), hmacmd5(1), hmacsha(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "SNMPv3 User Authentication. The user passsword must be set to a string greater than or equal to 8 characters for this to be set to anything but none(0). - none(0) -> no authentication used - hmacmd5(1) -> Use HMAC-MD5 authentication - hmacsha(2) -> Use HMAC-SHA authentication The User Authentication Type can be set while the row is active ." DEFVAL { none } ::= { hmSec2UserConfigEntry 4 } hmSec2UserSnmpEncryptionType OBJECT-TYPE SYNTAX INTEGER { none(0), des(1), aes-cfb-128(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "SNMPv3 User Encryption Can not be set to des(2) or aes-cfb-128(3) if hmSec2UserSnmpAuthenticationType is set to none(0). - none(0) -> no encryption used - des(1) -> DES encryption used - aes-cfb-128(2) -> AES-128 encryption used The User Encryption Type can be set while the row is active." DEFVAL { none } ::= { hmSec2UserConfigEntry 5 } hmSec2UserAuthenticationList OBJECT-TYPE SYNTAX SnmpTagList (SIZE(1..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "The authentication list used for this user to authenticate to the system. The User Authentication List can be set while the row is active." DEFVAL { "systemLoginDefaultList" } ::= { hmSec2UserConfigEntry 6 } hmSec2UserStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Agent User Status. active(1) - This user account is active. notInService(2) - Row has been suspended. notReady(3) - Row has incomplete values. createAndGo(4) - Accept row values and activate. createAndWait(5) - Accept row values and wait. destroy(6) - Set to this value to remove this user account." ::= { hmSec2UserConfigEntry 7 } --************************************************************************************** -- hmSec2UserAuthListGroup --************************************************************************************** hmSec2UserAuthListGroup OBJECT IDENTIFIER ::= { hmSec2Agent 30 } hmSec2UserAuthListTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2UserAuthListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The hmSec2UserAuthListTable holds up to 3 policies a user authenticates to the system." ::= { hmSec2UserAuthListGroup 1 } hmSec2UserAuthListEntry OBJECT-TYPE SYNTAX HmSec2UserAuthListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The hmSec2UserAuthListEntry." INDEX { IMPLIED hmSec2UserAuthListName } ::= { hmSec2UserAuthListTable 1 } HmSec2UserAuthListEntry ::= SEQUENCE { hmSec2UserAuthListName SnmpTagValue, hmSec2UserAuthListPolicy1 INTEGER, hmSec2UserAuthListPolicy2 INTEGER, hmSec2UserAuthListPolicy3 INTEGER, hmSec2UserAuthListStatus RowStatus } hmSec2UserAuthListName OBJECT-TYPE SYNTAX SnmpTagValue (SIZE(1..128)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Authentication List Index Unique name used for indexing into this table." ::= { hmSec2UserAuthListEntry 1 } hmSec2UserAuthListPolicy1 OBJECT-TYPE SYNTAX INTEGER { none(1), local(2), radius(3), deny(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "Authenticion List Policy 1 Configures the first authentication policy to use when this list is specified. - none -> no authentication policy set - local -> authentication is done through local user DB - radius -> authentication is done through a RADIUS server - deny -> no authentication is ever allowed for this user name" ::= { hmSec2UserAuthListEntry 2 } hmSec2UserAuthListPolicy2 OBJECT-TYPE SYNTAX INTEGER { none(1), local(2), radius(3), deny(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "Authenticion List Policy 2 Configures the second authentication policy to use when this list is specified. - none -> no authentication policy set - local -> authentication is done through local user DB - radius -> authentication is done through a RADIUS server - deny -> no authentication is ever allowed for this user name" ::= { hmSec2UserAuthListEntry 3 } hmSec2UserAuthListPolicy3 OBJECT-TYPE SYNTAX INTEGER { none(1), local(2), radius(3), deny(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "Authenticion List Policy 3 Configures the third authentication policy to use when this list is specified. - none -> no authentication policy set - local -> authentication is done through local user DB - radius -> authentication is done through a RADIUS server - deny -> no authentication is ever allowed for this user name" ::= { hmSec2UserAuthListEntry 4 } hmSec2UserAuthListStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The status of the Authentication List. active(1) - This auth list is active. notInService(2) - Row has been suspended. notReady(3) - Row has incomplete values. createAndGo(4) - Accept row values and activate. createAndWait(5) - Accept row values and wait. destroy(6) - Set to this value to remove this auth list." ::= { hmSec2UserAuthListEntry 5 } hmSec2UserAuthListDefault OBJECT-TYPE SYNTAX SnmpTagValue (SIZE(0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "Default System Login Authentication List This object configures the Authentication List to be used for non-configured users for System Login. An empty string means this object is not configured -> non-configured users never grant System Login access. The list must be configured in the hmSec2UserAuthListTable before setting." ::= { hmSec2UserAuthListGroup 2 } hmSec2UserFirewallAuthListDefault OBJECT-TYPE SYNTAX SnmpTagValue (SIZE(0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "Default User Firewall Login Authentication List This object configures the Authentication List to be used for non-configured users for User Firewall Login. An empty string means this object is not configured -> non-configured users never grant User Firewall Login access. The list must be configured in the hmSec2UserAuthListTable before setting." ::= { hmSec2UserAuthListGroup 3 } --************************************************************************************** -- hmSec2UsrFwUserGroup --************************************************************************************** hmSec2UsrFwUserGroup OBJECT IDENTIFIER ::= { hmSec2Agent 40 } hmSec2UsrFwUserGroupAuth OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables/Disables Group Authentication for User Firewall users." DEFVAL { disable } ::= { hmSec2UsrFwUserGroup 1 } hmSec2UsrFwUserTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2UsrFwUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Firewall User Config Table. This table provides the functionality the system uses for Firewal Users management. To create a new user set hmSec2UsrFwUserStatus to 'createAndWait', and set the corresponding objects to their values. Setting hmSec2UsrFwUserStatus to 'active' activates the user. To delete a user set hmSec2UsrFwUserStatus to 'destroy'. Creating a new user in the hmSec2UsrFwUserTable also creates a new user in the SNMPv3 tables. All objects in this table can be set while a row is 'active'." ::= { hmSec2UsrFwUserGroup 2 } hmSec2UsrFwUserEntry OBJECT-TYPE SYNTAX HmSec2UsrFwUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "User Config Entry" INDEX { IMPLIED hmSec2UsrFwUserName } ::= { hmSec2UsrFwUserTable 1 } HmSec2UsrFwUserEntry ::= SEQUENCE { hmSec2UsrFwUserName SnmpAdminString, hmSec2UsrFwUserPassword DisplayString, hmSec2UsrFwUserAuthList SnmpTagValue, hmSec2UsrFwUserLoginStatus INTEGER, hmSec2UsrFwUserLoginAddr DisplayString, hmSec2UsrFwUserStatus RowStatus } hmSec2UsrFwUserName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Firewall User Name." ::= { hmSec2UsrFwUserEntry 1 } hmSec2UsrFwUserPassword OBJECT-TYPE SYNTAX DisplayString (SIZE(5..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "Firewall User Password This object will always return '********' even if a password is set. The User Password can be set while the row is active." DEFVAL { "" } ::= { hmSec2UsrFwUserEntry 2 } hmSec2UsrFwUserAuthList OBJECT-TYPE SYNTAX SnmpTagValue (SIZE(1..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "The authentication list used for this user to authenticate to the system. The User Authentication List can be set while the row is active." DEFVAL { "systemLoginDefaultList" } ::= { hmSec2UsrFwUserEntry 3 } hmSec2UsrFwUserLoginStatus OBJECT-TYPE SYNTAX INTEGER { logout (1), login (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Log-in status of the firewall user." ::= { hmSec2UsrFwUserEntry 4 } hmSec2UsrFwUserLoginAddr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address the firewall user logged in from, or epty string if the user isn't logged in." ::= { hmSec2UsrFwUserEntry 5 } hmSec2UsrFwUserStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Firewall User Status. active(1) - This user account is active. notInService(2) - Row has been suspended. notReady(3) - Row has incomplete values. createAndGo(4) - Accept row values and activate. createAndWait(5) - Accept row values and wait. destroy(6) - Set to this value to remove this user account." ::= { hmSec2UsrFwUserEntry 6 } hmSec2UsrFwUserStateRemoval OBJECT-TYPE SYNTAX INTEGER { remove (1), keep (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Set to remove or keep the Firewall state entries for User Firewall users at Logout." DEFVAL { keep } ::= { hmSec2UsrFwUserGroup 3 } -- -- Radius client support -- hmSec2Radius OBJECT IDENTIFIER ::= { hmSec2Security 1 } hmSec2RadiusClient OBJECT IDENTIFIER ::= { hmSec2Radius 1 } hmSec2RadiusMaxRetries OBJECT-TYPE SYNTAX Integer32 (1..15) MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum number of retransmissions of a radius request packet" DEFVAL { 3 } ::= { hmSec2RadiusClient 1 } hmSec2RadiusTimeout OBJECT-TYPE SYNTAX Integer32 (1..30) MAX-ACCESS read-write STATUS current DESCRIPTION "Time out duration (in seconds) before packets are retransmitted" DEFVAL { 3 } ::= { hmSec2RadiusClient 2 } -- -- Radius Authentication Servers -- hmSec2RadiusAuthServerTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2RadiusAuthServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "List of radius authentication servers. The priority of a server depends on the position in the table, i.e. the primary server is the first one in the table, the secondary is the second one, etc." ::= { hmSec2RadiusClient 10 } hmSec2RadiusAuthServerEntry OBJECT-TYPE SYNTAX HmSec2RadiusAuthServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A radius authentication server entry." INDEX { hmSec2RadiusAuthServerIndex } ::= { hmSec2RadiusAuthServerTable 1 } HmSec2RadiusAuthServerEntry ::= SEQUENCE { hmSec2RadiusAuthServerIndex Integer32, hmSec2RadiusAuthServerAddress IpAddress, hmSec2RadiusAuthServerPort Integer32, hmSec2RadiusAuthServerSecret DisplayString, hmSec2RadiusAuthServerStatus RowStatus } hmSec2RadiusAuthServerIndex OBJECT-TYPE SYNTAX Integer32 (1..3) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table index." ::= { hmSec2RadiusAuthServerEntry 1 } hmSec2RadiusAuthServerAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "IP address of the radius authentication server." ::= { hmSec2RadiusAuthServerEntry 2 } hmSec2RadiusAuthServerPort OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Port number of the radius authentication server." DEFVAL { 1812 } ::= { hmSec2RadiusAuthServerEntry 3 } hmSec2RadiusAuthServerSecret OBJECT-TYPE SYNTAX DisplayString (SIZE(0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Shared secret for the radius authentication server." ::= { hmSec2RadiusAuthServerEntry 4 } hmSec2RadiusAuthServerStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Row status of this entry: active(1) - Authentication entry is active. notInService(2) - Entry has been suspended." ::= { hmSec2RadiusAuthServerEntry 5 } -- -- Firewall Definitions -- -- -- -- Denial of Service variables -- -- hmSec2FirewallDenialOfServiceGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 1 } hmSec2FirewallDenialOfServiceVars OBJECT IDENTIFIER ::= { hmSec2FirewallDenialOfServiceGroup 1 } hmSec2FwDosInSynLimit OBJECT-TYPE SYNTAX Integer32 (1..999999) MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum number of new incoming TCP connections (SYN) per second." DEFVAL { 25 } ::= { hmSec2FirewallDenialOfServiceVars 1 } hmSec2FwDosOutSynLimit OBJECT-TYPE SYNTAX Integer32 (1..999999) MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum number of new outgoing TCP connections (SYN) per second." DEFVAL { 75 } ::= { hmSec2FirewallDenialOfServiceVars 2 } hmSec2FwDosInPingLimit OBJECT-TYPE SYNTAX Integer32 (1..999999) MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum number of incoming ping frames (ICMP Echo Request) per second." DEFVAL { 3 } ::= { hmSec2FirewallDenialOfServiceVars 3 } hmSec2FwDosOutPingLimit OBJECT-TYPE SYNTAX Integer32 (1..999999) MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum number of outgoing ping frames (ICMP Echo Request) per second" DEFVAL { 5 } ::= { hmSec2FirewallDenialOfServiceVars 4 } hmSec2FwDosInArpLimit OBJECT-TYPE SYNTAX Integer32 (1..999999) MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum number of incoming ARP frames per second." DEFVAL { 500 } ::= { hmSec2FirewallDenialOfServiceVars 5 } hmSec2FwDosOutArpLimit OBJECT-TYPE SYNTAX Integer32 (1..999999) MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum number of outgoing ARP frames per second." DEFVAL { 500 } ::= { hmSec2FirewallDenialOfServiceVars 6 } hmSec2FwDosInSynLimitLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for incoming DOS rules." DEFVAL { enable } ::= { hmSec2FirewallDenialOfServiceVars 7 } hmSec2FwDosOutSynLimitLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for outgoing DOS rules." DEFVAL { enable } ::= { hmSec2FirewallDenialOfServiceVars 8 } hmSec2FwDosInPingLimitLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for incoming DOS rules." DEFVAL { enable } ::= { hmSec2FirewallDenialOfServiceVars 9 } hmSec2FwDosOutPingLimitLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for outgoing DOS rules." DEFVAL { enable } ::= { hmSec2FirewallDenialOfServiceVars 10 } hmSec2FwDosInArpLimitLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for incoming DOS rules." DEFVAL { enable } ::= { hmSec2FirewallDenialOfServiceVars 11 } hmSec2FwDosOutArpLimitLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for outgoing DOS rules." DEFVAL { enable } ::= { hmSec2FirewallDenialOfServiceVars 12 } -- -- MAC Rules for incoming traffic variables -- -- hmSec2FirewallL2PacketFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 2 } hmSec2FirewallL2PfIncomingGroup OBJECT IDENTIFIER ::= { hmSec2FirewallL2PacketFilterGroup 1 } hmSec2FirewallL2PfOutgoingGroup OBJECT IDENTIFIER ::= { hmSec2FirewallL2PacketFilterGroup 2 } -- -- MAC Rules for incoming traffic table -- -- hmSec2FwL2PfInTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2FwL2PfInEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of MAC rules for incoming traffic." ::= { hmSec2FirewallL2PfIncomingGroup 1 } hmSec2FwL2PfInEntry OBJECT-TYPE SYNTAX HmSec2FwL2PfInEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2FwL2PfInIndex } ::= { hmSec2FwL2PfInTable 1 } HmSec2FwL2PfInEntry ::= SEQUENCE { hmSec2FwL2PfInIndex Integer32, hmSec2FwL2PfInSrcAddr DisplayString, hmSec2FwL2PfInDstAddr DisplayString, hmSec2FwL2PfInProto DisplayString, hmSec2FwL2PfInAction INTEGER, hmSec2FwL2PfInLog INTEGER, hmSec2FwL2PfInDesc DisplayString, hmSec2FwL2PfInErrorText DisplayString, hmSec2FwL2PfInRowStatus RowStatus } hmSec2FwL2PfInIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index that uniquely identifies the entry in the table. The index must be choosen in ascending and compact order. It may change if a rule (not the last in list) is deleted or a new row is inserted." ::= { hmSec2FwL2PfInEntry 1 } hmSec2FwL2PfInSrcAddr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single MAC address aa:bb:cc:dd:ee:ff or address with wildcards aa:bb:??:dd:ee:ff or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwL2PfInEntry 2 } hmSec2FwL2PfInDstAddr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single MAC address aa:bb:cc:dd:ee:ff or address with wildcards aa:bb:??:dd:ee:ff or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwL2PfInEntry 4 } hmSec2FwL2PfInProto OBJECT-TYPE SYNTAX DisplayString (SIZE (0..10)) MAX-ACCESS read-write STATUS current DESCRIPTION "The Ethernet protocol as a hexadecimal number in range 0000 - FFFF or the keyword 'any' for protocol-independent filtering." DEFVAL { "any" } ::= { hmSec2FwL2PfInEntry 6 } hmSec2FwL2PfInAction OBJECT-TYPE SYNTAX INTEGER { accept(1), drop(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action to be performed if the filter rule matches" DEFVAL { accept } ::= { hmSec2FwL2PfInEntry 7 } hmSec2FwL2PfInLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2), logAndTrap(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for packets matching this rule." DEFVAL { disable } ::= { hmSec2FwL2PfInEntry 8 } hmSec2FwL2PfInDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "user defined text" DEFVAL { "" } ::= { hmSec2FwL2PfInEntry 9 } hmSec2FwL2PfInErrorText OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "error text" DEFVAL { "" } ::= { hmSec2FwL2PfInEntry 10 } hmSec2FwL2PfInRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "the row status for the table entry" ::= { hmSec2FwL2PfInEntry 11 } -- -- MAC Rules for outgoing traffic table -- -- hmSec2FwL2PfOutTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2FwL2PfOutEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of the MAC rules for outgoing traffic" ::= { hmSec2FirewallL2PfOutgoingGroup 1 } hmSec2FwL2PfOutEntry OBJECT-TYPE SYNTAX HmSec2FwL2PfOutEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2FwL2PfOutIndex } ::= { hmSec2FwL2PfOutTable 1 } HmSec2FwL2PfOutEntry ::= SEQUENCE { hmSec2FwL2PfOutIndex Integer32, hmSec2FwL2PfOutSrcAddr DisplayString, hmSec2FwL2PfOutDstAddr DisplayString, hmSec2FwL2PfOutProto DisplayString, hmSec2FwL2PfOutAction INTEGER, hmSec2FwL2PfOutLog INTEGER, hmSec2FwL2PfOutDesc DisplayString, hmSec2FwL2PfOutErrorText DisplayString, hmSec2FwL2PfOutRowStatus RowStatus } hmSec2FwL2PfOutIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index that uniquely identifies the entry in the table. The index must be choosen in ascending and compact order. It may change if a rule (not the last in list) is deleted or a new row is inserted." ::= { hmSec2FwL2PfOutEntry 1 } hmSec2FwL2PfOutSrcAddr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address aa:bb:cc:dd:ee:ff or address with wildcards aa:bb:??:dd:ee:ff or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwL2PfOutEntry 2 } hmSec2FwL2PfOutDstAddr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address aa:bb:cc:dd:ee:ff or address with wildcards aa:bb:??:dd:ee:ff or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwL2PfOutEntry 4 } hmSec2FwL2PfOutProto OBJECT-TYPE SYNTAX DisplayString (SIZE (0..10)) MAX-ACCESS read-write STATUS current DESCRIPTION "The Ethernet protocol as a hexdecimal number in range 0000 - FFFF or the keyword 'any' for protocol-independent filtering." DEFVAL { "any" } ::= { hmSec2FwL2PfOutEntry 6 } hmSec2FwL2PfOutAction OBJECT-TYPE SYNTAX INTEGER { accept(1), drop(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action to be performed if the firewall rule matches" DEFVAL { drop } ::= { hmSec2FwL2PfOutEntry 7 } hmSec2FwL2PfOutLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2), logAndTrap(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for packets matching this rule" DEFVAL { disable } ::= { hmSec2FwL2PfOutEntry 8 } hmSec2FwL2PfOutDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "User defined text." DEFVAL { "" } ::= { hmSec2FwL2PfOutEntry 9 } hmSec2FwL2PfOutErrorText OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Error text." DEFVAL { "" } ::= { hmSec2FwL2PfOutEntry 10 } hmSec2FwL2PfOutRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status for this table entry." ::= { hmSec2FwL2PfOutEntry 11 } -- -- IP Rules for incoming traffic variables -- -- hmSec2FirewallL3PacketFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 3 } hmSec2FirewallL3PfIncomingGroup OBJECT IDENTIFIER ::= { hmSec2FirewallL3PacketFilterGroup 1 } hmSec2FirewallL3PfOutgoingGroup OBJECT IDENTIFIER ::= { hmSec2FirewallL3PacketFilterGroup 2 } -- -- IP Rules for incoming traffic table -- -- hmSec2FwL3PfInTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2FwL3PfInEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of the IP rules for incoming traffic." ::= { hmSec2FirewallL3PfIncomingGroup 1 } hmSec2FwL3PfInEntry OBJECT-TYPE SYNTAX HmSec2FwL3PfInEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2FwL3PfInIndex } ::= { hmSec2FwL3PfInTable 1 } HmSec2FwL3PfInEntry ::= SEQUENCE { hmSec2FwL3PfInIndex Integer32, hmSec2FwL3PfInSrcNet DisplayString, hmSec2FwL3PfInSrcPort DisplayString, hmSec2FwL3PfInDstNet DisplayString, hmSec2FwL3PfInDstPort DisplayString, hmSec2FwL3PfInProto DisplayString, hmSec2FwL3PfInAction INTEGER, hmSec2FwL3PfInLog INTEGER, hmSec2FwL3PfInDesc DisplayString, hmSec2FwL3PfInErrorText DisplayString, hmSec2FwL3PfInRowStatus RowStatus } hmSec2FwL3PfInIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index that uniquely identifies the entry in the table. The index must be choosen in ascending and compact order. It may change if a rule (not the last in list) is deleted or a new row is inserted." ::= { hmSec2FwL3PfInEntry 1 } hmSec2FwL3PfInSrcNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address (a.b.c.d) or address range in CIDR notation (a.b.c.d/n) or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwL3PfInEntry 2 } hmSec2FwL3PfInSrcPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Port expression or the keyword 'any'. A port expressions is structured as 'port' (default), 'op port' or 'port1 op port2', where 'op' is a mathematical operator for: o equal (default) = o unequal != o less than < o less than or equal <= o greater than > o greater than or equal to >= o outside range <> o inside range >< The port must be specified as a decimal number or one of the aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443) For ICMP only: ICMP type and code can be specified as: o 'type ' o 'type code ' where and are decimal numbers (0..255)." DEFVAL { "any" } ::= { hmSec2FwL3PfInEntry 3 } hmSec2FwL3PfInDstNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address (a.b.c.d) or address range in CIDR notation (a.b.c.d/n) or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwL3PfInEntry 4 } hmSec2FwL3PfInDstPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Port expression or the keyword 'any'. A port expressions is structured as 'port' (default), 'op port' or 'port1 op port2', where 'op' is a mathematical operator for: o equal (default) = o unequal != o less than < o less than or equal <= o greater than > o greater than or equal to >= o outside range <> o inside range >< The port must be specified as a decimal number or one of the aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443)" DEFVAL { "any" } ::= { hmSec2FwL3PfInEntry 5 } hmSec2FwL3PfInProto OBJECT-TYPE SYNTAX DisplayString (SIZE (0..10)) MAX-ACCESS read-write STATUS current DESCRIPTION "The IP protocol (RFC 791) as a decimal number (in range 1 - 255), a name or the keyword 'any' for protocol-independent filtering. The following protocol names are currently supported: o 'icmp': internet control message protocol (RFC 792) o 'igmp': internet group management protocol o 'ipip': IP in IP tunneling (RFC 1853) o 'tcp': transmission control protocol (RFC 793) o 'udp': user datagram protocol (RFC 768) o 'esp': IPsec encapsulated security payload (RFC 2406) o 'ah': IPsec authentication header (RFC 2402) o 'ipv6-icmp': internet control message protocol for IPv6" DEFVAL { "any" } ::= { hmSec2FwL3PfInEntry 6 } hmSec2FwL3PfInAction OBJECT-TYPE SYNTAX INTEGER { accept(1), drop(2), reject(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action to be performed if the firewall rule matches." DEFVAL { accept } ::= { hmSec2FwL3PfInEntry 7 } hmSec2FwL3PfInLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2), logAndTrap(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for packets matching this rule." DEFVAL { disable } ::= { hmSec2FwL3PfInEntry 8 } hmSec2FwL3PfInDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "User defined text." DEFVAL { "" } ::= { hmSec2FwL3PfInEntry 9 } hmSec2FwL3PfInErrorText OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Error text." DEFVAL { "" } ::= { hmSec2FwL3PfInEntry 10 } hmSec2FwL3PfInRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status of this table entry." ::= { hmSec2FwL3PfInEntry 11 } hmSec2FwL3PfInLogNonMatching OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Log incoming packets not matching any rule." DEFVAL { disable } ::= { hmSec2FirewallL3PfIncomingGroup 2 } -- -- IP Rules for incoming traffic table dependent on Digital Input -- -- hmSec2FwL3PfDIInTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2FwL3PfDIInEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of the IP rules for incoming traffic controlled by the digital input to activate or deactivate the rules." ::= { hmSec2FirewallL3PfIncomingGroup 3 } hmSec2FwL3PfDIInEntry OBJECT-TYPE SYNTAX HmSec2FwL3PfDIInEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2FwL3PfDIInIndex } ::= { hmSec2FwL3PfDIInTable 1 } HmSec2FwL3PfDIInEntry ::= SEQUENCE { hmSec2FwL3PfDIInIndex Integer32, hmSec2FwL3PfDIInSrcNet DisplayString, hmSec2FwL3PfDIInSrcPort DisplayString, hmSec2FwL3PfDIInDstNet DisplayString, hmSec2FwL3PfDIInDstPort DisplayString, hmSec2FwL3PfDIInProto DisplayString, hmSec2FwL3PfDIInAction INTEGER, hmSec2FwL3PfDIInLog INTEGER, hmSec2FwL3PfDIInDesc DisplayString, hmSec2FwL3PfDIInErrorText DisplayString, hmSec2FwL3PfDIInRowStatus RowStatus } hmSec2FwL3PfDIInIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index that uniquely identifies the entry in the table. The index must be choosen in ascending and compact order. It may change if a rule (not the last in list) is deleted or a new row is inserted." ::= { hmSec2FwL3PfDIInEntry 1 } hmSec2FwL3PfDIInSrcNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address (a.b.c.d) or address range in CIDR notation (a.b.c.d/n) or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwL3PfDIInEntry 2 } hmSec2FwL3PfDIInSrcPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Port expression or the keyword 'any'. A port expressions is structured as 'port' (default), 'op port' or 'port1 op port2', where 'op' is a mathematical operator for: o equal (default) = o unequal != o less than < o less than or equal <= o greater than > o greater than or equal to >= o outside range <> o inside range >< The port must be specified as a decimal number or one of the aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443) For ICMP only: ICMP type and code can be specified as: o 'type ' o 'type code ' where and are decimal numbers (0..255)." DEFVAL { "any" } ::= { hmSec2FwL3PfDIInEntry 3 } hmSec2FwL3PfDIInDstNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address (a.b.c.d) or address range in CIDR notation (a.b.c.d/n) or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwL3PfDIInEntry 4 } hmSec2FwL3PfDIInDstPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Port expression or the keyword 'any'. A port expressions is structured as 'port' (default), 'op port' or 'port1 op port2', where 'op' is a mathematical operator for: o equal (default) = o unequal != o less than < o less than or equal <= o greater than > o greater than or equal to >= o outside range <> o inside range >< The port must be specified as a decimal number or one of the aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443)" DEFVAL { "any" } ::= { hmSec2FwL3PfDIInEntry 5 } hmSec2FwL3PfDIInProto OBJECT-TYPE SYNTAX DisplayString (SIZE (0..10)) MAX-ACCESS read-write STATUS current DESCRIPTION "The IP protocol (RFC 791) as a decimal number (in range 1 - 255), a name or the keyword 'any' for protocol-independent filtering. The following protocol names are currently supported: o 'icmp': internet control message protocol (RFC 792) o 'igmp': internet group management protocol o 'ipip': IP in IP tunneling (RFC 1853) o 'tcp': transmission control protocol (RFC 793) o 'udp': user datagram protocol (RFC 768) o 'esp': IPsec encapsulated security payload (RFC 2406) o 'ah': IPsec authentication header (RFC 2402) o 'ipv6-icmp': internet control message protocol for IPv6" DEFVAL { "any" } ::= { hmSec2FwL3PfDIInEntry 6 } hmSec2FwL3PfDIInAction OBJECT-TYPE SYNTAX INTEGER { accept(1), drop(2), reject(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action to be performed if the firewall rule matches." DEFVAL { accept } ::= { hmSec2FwL3PfDIInEntry 7 } hmSec2FwL3PfDIInLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2), logAndTrap(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for packets matching this rule." DEFVAL { disable } ::= { hmSec2FwL3PfDIInEntry 8 } hmSec2FwL3PfDIInDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "User defined text." DEFVAL { "" } ::= { hmSec2FwL3PfDIInEntry 9 } hmSec2FwL3PfDIInErrorText OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Error text." DEFVAL { "" } ::= { hmSec2FwL3PfDIInEntry 10 } hmSec2FwL3PfDIInRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status of this table entry." ::= { hmSec2FwL3PfDIInEntry 11 } hmSec2FwL3PfDIInLevel OBJECT-TYPE SYNTAX DIFwRuleActivate MAX-ACCESS read-write STATUS current DESCRIPTION "Set this variable to change the behavior of the digital input to activate the Firewall rules in the Digital Input Rule table when the digital input value is high (high-active) or low (low-active)." DEFVAL { high-active } ::= { hmSec2FirewallL3PfIncomingGroup 4 } hmSec2FwL3PfDIInStateRemoval OBJECT-TYPE SYNTAX INTEGER { remove (1), keep (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Set to remove or keep the Firewall state entries for Digital Input Firewall rules when the state switches." DEFVAL { remove } ::= { hmSec2FirewallL3PfIncomingGroup 5 } hmSec2FwL3PfDIInOperStatus OBJECT-TYPE SYNTAX INTEGER { active(1), inactive(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This value shows if the rules for digital input are currently active or inactive (depends on the activation level hmSec2FwL3PfDIInLevel)." ::= { hmSec2FirewallL3PfIncomingGroup 6 } -- -- IP Rules for outgoing traffic table -- -- hmSec2FwL3PfOutTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2FwL3PfOutEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of the IP rules for outgoing traffic." ::= { hmSec2FirewallL3PfOutgoingGroup 1 } hmSec2FwL3PfOutEntry OBJECT-TYPE SYNTAX HmSec2FwL3PfOutEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2FwL3PfOutIndex } ::= { hmSec2FwL3PfOutTable 1 } HmSec2FwL3PfOutEntry ::= SEQUENCE { hmSec2FwL3PfOutIndex Integer32, hmSec2FwL3PfOutSrcNet DisplayString, hmSec2FwL3PfOutSrcPort DisplayString, hmSec2FwL3PfOutDstNet DisplayString, hmSec2FwL3PfOutDstPort DisplayString, hmSec2FwL3PfOutProto DisplayString, hmSec2FwL3PfOutAction INTEGER, hmSec2FwL3PfOutLog INTEGER, hmSec2FwL3PfOutDesc DisplayString, hmSec2FwL3PfOutErrorText DisplayString, hmSec2FwL3PfOutRowStatus RowStatus } hmSec2FwL3PfOutIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index that uniquely identifies the entry in the table. The index must be choosen in ascending and compact order. It may change if a rule (not the last in list) is deleted or a new row is inserted." ::= { hmSec2FwL3PfOutEntry 1 } hmSec2FwL3PfOutSrcNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address (a.b.c.d) or address range in CIDR notation (a.b.c.d/n) or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwL3PfOutEntry 2 } hmSec2FwL3PfOutSrcPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Port expression or the keyword 'any'. A port expressions is structured as 'port' (default), 'op port' or 'port1 op port2', where 'op' is a mathematical operator for: o equal (default) = o unequal != o less than < o less than or equal <= o greater than > o greater than or equal to >= o outside range <> o inside range >< The port must be specified as a decimal number or one of the aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443) For ICMP only: ICMP type and code can be specified as: o 'type ' o 'type code ' where and are decimal numbers (0..255)." DEFVAL { "any" } ::= { hmSec2FwL3PfOutEntry 3 } hmSec2FwL3PfOutDstNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address (a.b.c.d) or address range in CIDR notation (a.b.c.d/n) or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwL3PfOutEntry 4 } hmSec2FwL3PfOutDstPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Port expression or the keyword 'any'. A port expressions is structured as 'port' (default), 'op port' or 'port1 op port2', where 'op' is a mathematical operator for: o equal (default) = o unequal != o less than < o less than or equal <= o greater than > o greater than or equal to >= o outside range <> o inside range >< The port must be specified as a decimal number or one of the aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443)" DEFVAL { "any" } ::= { hmSec2FwL3PfOutEntry 5 } hmSec2FwL3PfOutProto OBJECT-TYPE SYNTAX DisplayString (SIZE (0..10)) MAX-ACCESS read-write STATUS current DESCRIPTION "The IP protocol (RFC 791) as a decimal number (in range 1 - 255), a name or the keyword 'any' for protocol-independent filtering. The following protocol names are currently supported: o 'icmp': internet control message protocol (RFC 792) o 'igmp': internet group management protocol o 'ipip': IP in IP tunneling (RFC 1853) o 'tcp': transmission control protocol (RFC 793) o 'udp': user datagram protocol (RFC 768) o 'esp': IPsec encapsulated security payload (RFC 2406) o 'ah': IPsec authentication header (RFC 2402) o 'ipv6-icmp': internet control message protocol for IPv6" DEFVAL { "any" } ::= { hmSec2FwL3PfOutEntry 6 } hmSec2FwL3PfOutAction OBJECT-TYPE SYNTAX INTEGER { accept(1), drop(2), reject(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action to be performed if the firewall rule matches." DEFVAL { drop } ::= { hmSec2FwL3PfOutEntry 7 } hmSec2FwL3PfOutLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2), logAndTrap(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for packets matching this rule." DEFVAL { disable } ::= { hmSec2FwL3PfOutEntry 8 } hmSec2FwL3PfOutDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "User defined text." DEFVAL { "" } ::= { hmSec2FwL3PfOutEntry 9 } hmSec2FwL3PfOutErrorText OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Error text." DEFVAL { "" } ::= { hmSec2FwL3PfOutEntry 10 } hmSec2FwL3PfOutRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status for this table entry." ::= { hmSec2FwL3PfOutEntry 11 } hmSec2FwL3PfOutLogNonMatching OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Log incoming packets not matching any rule." DEFVAL { disable } ::= { hmSec2FirewallL3PfOutgoingGroup 2 } -- -- IP Rules for outgoing traffic table dependent on Digital Input -- -- hmSec2FwL3PfDIOutTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2FwL3PfDIOutEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of the IP rules for outgoing traffic controlled by the digital input to activate or deactivate the rules." ::= { hmSec2FirewallL3PfOutgoingGroup 3 } hmSec2FwL3PfDIOutEntry OBJECT-TYPE SYNTAX HmSec2FwL3PfDIOutEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2FwL3PfDIOutIndex } ::= { hmSec2FwL3PfDIOutTable 1 } HmSec2FwL3PfDIOutEntry ::= SEQUENCE { hmSec2FwL3PfDIOutIndex Integer32, hmSec2FwL3PfDIOutSrcNet DisplayString, hmSec2FwL3PfDIOutSrcPort DisplayString, hmSec2FwL3PfDIOutDstNet DisplayString, hmSec2FwL3PfDIOutDstPort DisplayString, hmSec2FwL3PfDIOutProto DisplayString, hmSec2FwL3PfDIOutAction INTEGER, hmSec2FwL3PfDIOutLog INTEGER, hmSec2FwL3PfDIOutDesc DisplayString, hmSec2FwL3PfDIOutErrorText DisplayString, hmSec2FwL3PfDIOutRowStatus RowStatus } hmSec2FwL3PfDIOutIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index that uniquely identifies the entry in the table. The index must be choosen in ascending and compact order. It may change if a rule (not the last in list) is deleted or a new row is inserted." ::= { hmSec2FwL3PfDIOutEntry 1 } hmSec2FwL3PfDIOutSrcNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address (a.b.c.d) or address range in CIDR notation (a.b.c.d/n) or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwL3PfDIOutEntry 2 } hmSec2FwL3PfDIOutSrcPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Port expression or the keyword 'any'. A port expressions is structured as 'port' (default), 'op port' or 'port1 op port2', where 'op' is a mathematical operator for: o equal (default) = o unequal != o less than < o less than or equal <= o greater than > o greater than or equal to >= o outside range <> o inside range >< The port must be specified as a decimal number or one of the aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443) For ICMP only: ICMP type and code can be specified as: o 'type ' o 'type code ' where and are decimal numbers (0..255)." DEFVAL { "any" } ::= { hmSec2FwL3PfDIOutEntry 3 } hmSec2FwL3PfDIOutDstNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address (a.b.c.d) or address range in CIDR notation (a.b.c.d/n) or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwL3PfDIOutEntry 4 } hmSec2FwL3PfDIOutDstPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Port expression or the keyword 'any'. A port expressions is structured as 'port' (default), 'op port' or 'port1 op port2', where 'op' is a mathematical operator for: o equal (default) = o unequal != o less than < o less than or equal <= o greater than > o greater than or equal to >= o outside range <> o inside range >< The port must be specified as a decimal number or one of the aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443)" DEFVAL { "any" } ::= { hmSec2FwL3PfDIOutEntry 5 } hmSec2FwL3PfDIOutProto OBJECT-TYPE SYNTAX DisplayString (SIZE (0..10)) MAX-ACCESS read-write STATUS current DESCRIPTION "The IP protocol (RFC 791) as a decimal number (in range 1 - 255), a name or the keyword 'any' for protocol-independent filtering. The following protocol names are currently supported: o 'icmp': internet control message protocol (RFC 792) o 'igmp': internet group management protocol o 'ipip': IP in IP tunneling (RFC 1853) o 'tcp': transmission control protocol (RFC 793) o 'udp': user datagram protocol (RFC 768) o 'esp': IPsec encapsulated security payload (RFC 2406) o 'ah': IPsec authentication header (RFC 2402) o 'ipv6-icmp': internet control message protocol for IPv6" DEFVAL { "any" } ::= { hmSec2FwL3PfDIOutEntry 6 } hmSec2FwL3PfDIOutAction OBJECT-TYPE SYNTAX INTEGER { accept(1), drop(2), reject(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action to be performed if the firewall rule matches." DEFVAL { drop } ::= { hmSec2FwL3PfDIOutEntry 7 } hmSec2FwL3PfDIOutLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2), logAndTrap(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for packets matching this rule." DEFVAL { disable } ::= { hmSec2FwL3PfDIOutEntry 8 } hmSec2FwL3PfDIOutDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "User defined text." DEFVAL { "" } ::= { hmSec2FwL3PfDIOutEntry 9 } hmSec2FwL3PfDIOutErrorText OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Error text." DEFVAL { "" } ::= { hmSec2FwL3PfDIOutEntry 10 } hmSec2FwL3PfDIOutRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status for this table entry." ::= { hmSec2FwL3PfDIOutEntry 11 } hmSec2FwL3PfDIOutLevel OBJECT-TYPE SYNTAX DIFwRuleActivate MAX-ACCESS read-write STATUS current DESCRIPTION "Set this variable to change the behavior of the digital input to activate the Firewall rules in the Digital Input Rule table when the digital input value is high (high-active) or low (low-active)." DEFVAL { high-active } ::= { hmSec2FirewallL3PfOutgoingGroup 4 } hmSec2FwL3PfDIOutStateRemoval OBJECT-TYPE SYNTAX INTEGER { remove (1), keep (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Set to remove or keep the Firewall state entries for Digital Input Firewall rules when the state switches." DEFVAL { remove } ::= { hmSec2FirewallL3PfOutgoingGroup 5 } hmSec2FwL3PfDIOutOperStatus OBJECT-TYPE SYNTAX INTEGER { active(1), inactive(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This value shows if the rules for digital input are currently active or inactive (depends on the activation level hmSec2FwL3PfDIOutLevel)." ::= { hmSec2FirewallL3PfOutgoingGroup 6 } -- -- IP template definitions -- hmSec2FirewallL3TemplateGroup OBJECT IDENTIFIER ::= { hmSec2FirewallL3PacketFilterGroup 3 } -- Id to Name mapping hmSec2FwL3TplIdTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2FwL3TplIdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of IP templates." ::= { hmSec2FirewallL3TemplateGroup 1 } hmSec2FwL3TplIdEntry OBJECT-TYPE SYNTAX HmSec2FwL3TplIdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2FwL3TplIdIndex } ::= { hmSec2FwL3TplIdTable 1 } HmSec2FwL3TplIdEntry ::= SEQUENCE { hmSec2FwL3TplIdIndex Integer32, hmSec2FwL3TplIdName DisplayString, hmSec2FwL3TplIdRowStatus RowStatus } hmSec2FwL3TplIdIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Table index." ::= { hmSec2FwL3TplIdEntry 1 } hmSec2FwL3TplIdName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..19)) MAX-ACCESS read-write STATUS current DESCRIPTION "The (unique) name of the template." DEFVAL { "any" } ::= { hmSec2FwL3TplIdEntry 2 } hmSec2FwL3TplIdRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status of this table entry. This object can be set to createAndGo(4) or destroy(6)." ::= { hmSec2FwL3TplIdEntry 3 } -- Template network table hmSec2FwL3TplNetTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2FwL3TplNetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Holds the addresses/networks of the templates." ::= { hmSec2FirewallL3TemplateGroup 2 } hmSec2FwL3TplNetEntry OBJECT-TYPE SYNTAX HmSec2FwL3TplNetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2FwL3TplNetIdIndex, hmSec2FwL3TplNetIndex } ::= { hmSec2FwL3TplNetTable 1 } HmSec2FwL3TplNetEntry ::= SEQUENCE { hmSec2FwL3TplNetIdIndex Integer32, hmSec2FwL3TplNetIndex Integer32, hmSec2FwL3TplNetAddr DisplayString, hmSec2FwL3TplNetRowStatus RowStatus } hmSec2FwL3TplNetIdIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The corresponding index in the hmSec2FwL3TplIdTable." ::= { hmSec2FwL3TplNetEntry 1 } hmSec2FwL3TplNetIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The index of the net entry within a template." ::= { hmSec2FwL3TplNetEntry 2 } hmSec2FwL3TplNetAddr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address (a.b.c.d) or address range in CIDR notation (a.b.c.d/n) or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwL3TplNetEntry 3 } hmSec2FwL3TplNetRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status of this table entry." ::= { hmSec2FwL3TplNetEntry 4 } -- -- IP Rules for incoming PPP traffic variables -- -- hmSec2FirewallPppFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 4 } hmSec2FirewallPppIncomingGroup OBJECT IDENTIFIER ::= { hmSec2FirewallPppFilterGroup 1 } -- -- IP Rules for incoming PPP traffic table -- -- hmSec2FwPppInTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2FwPppInEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of the IP rules for incoming traffic from the PPP interface." ::= { hmSec2FirewallPppIncomingGroup 1 } hmSec2FwPppInEntry OBJECT-TYPE SYNTAX HmSec2FwPppInEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2FwPppInIndex } ::= { hmSec2FwPppInTable 1 } HmSec2FwPppInEntry ::= SEQUENCE { hmSec2FwPppInIndex Integer32, hmSec2FwPppInSrcNet DisplayString, hmSec2FwPppInSrcPort DisplayString, hmSec2FwPppInDstNet DisplayString, hmSec2FwPppInDstPort DisplayString, hmSec2FwPppInProto DisplayString, hmSec2FwPppInAction INTEGER, hmSec2FwPppInLog INTEGER, hmSec2FwPppInDesc DisplayString, hmSec2FwPppInErrorText DisplayString, hmSec2FwPppInRowStatus RowStatus } hmSec2FwPppInIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index that uniquely identifies the entry in the table. The index must be choosen in ascending and compact order. It may change if a rule (not the last in list) is deleted or a new row is inserted." ::= { hmSec2FwPppInEntry 1 } hmSec2FwPppInSrcNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address (a.b.c.d) or address range in CIDR notation (a.b.c.d/n) or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwPppInEntry 2 } hmSec2FwPppInSrcPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Port expression or the keyword 'any'. A port expressions is structured as 'port' (default), 'op port' or 'port1 op port2', where 'op' is a mathematical operator for: o equal (default) = o unequal != o less than < o less than or equal <= o greater than > o greater than or equal to >= o outside range <> o inside range >< The port must be specified as a decimal number or one of the aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443) For ICMP only: ICMP type and code can be specified as: o 'type ' o 'type code ' where and are decimal numbers (0..255)." DEFVAL { "any" } ::= { hmSec2FwPppInEntry 3 } hmSec2FwPppInDstNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address (a.b.c.d) or address range in CIDR notation (a.b.c.d/n) or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwPppInEntry 4 } hmSec2FwPppInDstPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Port expression or the keyword 'any'. A port expressions is structured as 'port' (default), 'op port' or 'port1 op port2', where 'op' is a mathematical operator for: o equal (default) = o unequal != o less than < o less than or equal <= o greater than > o greater than or equal to >= o outside range <> o inside range >< The port must be specified as a decimal number or one of the aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443)" DEFVAL { "any" } ::= { hmSec2FwPppInEntry 5 } hmSec2FwPppInProto OBJECT-TYPE SYNTAX DisplayString (SIZE (0..10)) MAX-ACCESS read-write STATUS current DESCRIPTION "The IP protocol (RFC 791) as a decimal number (in range 1 - 255), a name or the keyword 'any' for protocol-independent filtering. The following protocol names are currently supported: o 'icmp': internet control message protocol (RFC 792) o 'igmp': internet group management protocol o 'ipip': IP in IP tunneling (RFC 1853) o 'tcp': transmission control protocol (RFC 793) o 'udp': user datagram protocol (RFC 768) o 'esp': IPsec encapsulated security payload (RFC 2406) o 'ah': IPsec authentication header (RFC 2402) o 'ipv6-icmp': internet control message protocol for IPv6" DEFVAL { "any" } ::= { hmSec2FwPppInEntry 6 } hmSec2FwPppInAction OBJECT-TYPE SYNTAX INTEGER { accept(1), drop(2), reject(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action to be performed if the firewall rule matches." DEFVAL { accept } ::= { hmSec2FwPppInEntry 7 } hmSec2FwPppInLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2), logAndTrap(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for packets matching this rule." DEFVAL { disable } ::= { hmSec2FwPppInEntry 8 } hmSec2FwPppInDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "User defined text." DEFVAL { "" } ::= { hmSec2FwPppInEntry 9 } hmSec2FwPppInErrorText OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Error text." DEFVAL { "" } ::= { hmSec2FwPppInEntry 10 } hmSec2FwPppInRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status of this table entry." ::= { hmSec2FwPppInEntry 11 } hmSec2FwPppInLogNonMatching OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Log incoming packets not matching any rule." DEFVAL { disable } ::= { hmSec2FirewallPppIncomingGroup 2 } -- -- IP Rules for SNMP filter variables -- -- hmSec2FirewallSnmpFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 5 } -- -- IP Rules for incoming traffic table -- -- hmSec2FwSnmpTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2FwSnmpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of firewall rules for SNMP traffic." ::= { hmSec2FirewallSnmpFilterGroup 1 } hmSec2FwSnmpEntry OBJECT-TYPE SYNTAX HmSec2FwSnmpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2FwSnmpIndex } ::= { hmSec2FwSnmpTable 1 } HmSec2FwSnmpEntry ::= SEQUENCE { hmSec2FwSnmpIndex Integer32, hmSec2FwSnmpInterface INTEGER, hmSec2FwSnmpSrcNet DisplayString, hmSec2FwSnmpAction INTEGER, hmSec2FwSnmpLog INTEGER, hmSec2FwSnmpDesc DisplayString, hmSec2FwSnmpErrorText DisplayString, hmSec2FwSnmpRowStatus RowStatus } hmSec2FwSnmpIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index that uniquely identifies the entry in the table. The index must be choosen in ascending and compact order. It may change if a rule (not the last in list) is deleted or a new row is inserted." ::= { hmSec2FwSnmpEntry 1 } hmSec2FwSnmpInterface OBJECT-TYPE SYNTAX INTEGER { int (1), ext (2), ppp (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Interface for which this firewall rule applies" DEFVAL { ext } ::= { hmSec2FwSnmpEntry 2 } hmSec2FwSnmpSrcNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address (a.b.c.d) or address range in CIDR notation (a.b.c.d/n) or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwSnmpEntry 3 } hmSec2FwSnmpAction OBJECT-TYPE SYNTAX INTEGER { accept(1), drop(2), reject(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action to be performed if the firewall rule matches." DEFVAL { accept } ::= { hmSec2FwSnmpEntry 4 } hmSec2FwSnmpLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2), logAndTrap(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for packets matching this rule." DEFVAL { disable } ::= { hmSec2FwSnmpEntry 5 } hmSec2FwSnmpDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "User defined text." DEFVAL { "" } ::= { hmSec2FwSnmpEntry 6 } hmSec2FwSnmpErrorText OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Error text." DEFVAL { "" } ::= { hmSec2FwSnmpEntry 7 } hmSec2FwSnmpRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status of this table entry." ::= { hmSec2FwSnmpEntry 8 } -- -- IP Rules for SSH filter variables -- -- hmSec2FirewallSshFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 6 } -- -- IP Rules for incoming traffic table -- -- hmSec2FwSshTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2FwSshEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of firewall rules for SSH traffic." ::= { hmSec2FirewallSshFilterGroup 1 } hmSec2FwSshEntry OBJECT-TYPE SYNTAX HmSec2FwSshEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2FwSshIndex } ::= { hmSec2FwSshTable 1 } HmSec2FwSshEntry ::= SEQUENCE { hmSec2FwSshIndex Integer32, hmSec2FwSshInterface INTEGER, hmSec2FwSshSrcNet DisplayString, hmSec2FwSshAction INTEGER, hmSec2FwSshLog INTEGER, hmSec2FwSshDesc DisplayString, hmSec2FwSshErrorText DisplayString, hmSec2FwSshRowStatus RowStatus } hmSec2FwSshIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index that uniquely identifies the entry in the table. The index must be choosen in ascending and compact order. It may change if a rule (not the last in list) is deleted or a new row is inserted." ::= { hmSec2FwSshEntry 1 } hmSec2FwSshInterface OBJECT-TYPE SYNTAX INTEGER { int (1), ext (2), ppp (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Interface for which this firewall rule applies" DEFVAL { ext } ::= { hmSec2FwSshEntry 2 } hmSec2FwSshSrcNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address (a.b.c.d) or address range in CIDR notation (a.b.c.d/n) or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwSshEntry 3 } hmSec2FwSshAction OBJECT-TYPE SYNTAX INTEGER { accept(1), drop(2), reject(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action to be performed if the firewall rule matches." DEFVAL { accept } ::= { hmSec2FwSshEntry 4 } hmSec2FwSshLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2), logAndTrap(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for packets matching this rule." DEFVAL { disable } ::= { hmSec2FwSshEntry 5 } hmSec2FwSshDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "User defined text." DEFVAL { "" } ::= { hmSec2FwSshEntry 6 } hmSec2FwSshErrorText OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Error text." DEFVAL { "" } ::= { hmSec2FwSshEntry 7 } hmSec2FwSshRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status of this table entry." ::= { hmSec2FwSshEntry 8 } -- -- IP Rules for HTTPS filter variables -- -- hmSec2FirewallHttpsFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 7 } -- -- IP Rules for incoming traffic table -- -- hmSec2FwHttpsTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2FwHttpsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of firewall rules for HTTPS traffic." ::= { hmSec2FirewallHttpsFilterGroup 1 } hmSec2FwHttpsEntry OBJECT-TYPE SYNTAX HmSec2FwHttpsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2FwHttpsIndex } ::= { hmSec2FwHttpsTable 1 } HmSec2FwHttpsEntry ::= SEQUENCE { hmSec2FwHttpsIndex Integer32, hmSec2FwHttpsInterface INTEGER, hmSec2FwHttpsSrcNet DisplayString, hmSec2FwHttpsAction INTEGER, hmSec2FwHttpsLog INTEGER, hmSec2FwHttpsDesc DisplayString, hmSec2FwHttpsErrorText DisplayString, hmSec2FwHttpsRowStatus RowStatus } hmSec2FwHttpsIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index that uniquely identifies the entry in the table. The index must be choosen in ascending and compact order. It may change if a rule (not the last in list) is deleted or a new row is inserted." ::= { hmSec2FwHttpsEntry 1 } hmSec2FwHttpsInterface OBJECT-TYPE SYNTAX INTEGER { int (1), ext (2), ppp (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Interface for which this firewall rule applies" DEFVAL { ext } ::= { hmSec2FwHttpsEntry 2 } hmSec2FwHttpsSrcNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address (a.b.c.d) or address range in CIDR notation (a.b.c.d/n) or the keywords 'me' or 'any'." DEFVAL { "any" } ::= { hmSec2FwHttpsEntry 3 } hmSec2FwHttpsAction OBJECT-TYPE SYNTAX INTEGER { accept(1), drop(2), reject(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action to be performed if the firewall rule matches." DEFVAL { accept } ::= { hmSec2FwHttpsEntry 4 } hmSec2FwHttpsLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2), logAndTrap(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for packets matching this rule." DEFVAL { disable } ::= { hmSec2FwHttpsEntry 5 } hmSec2FwHttpsDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "User defined text." DEFVAL { "" } ::= { hmSec2FwHttpsEntry 6 } hmSec2FwHttpsErrorText OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Error text." DEFVAL { "" } ::= { hmSec2FwHttpsEntry 7 } hmSec2FwHttpsRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status of this table entry." ::= { hmSec2FwHttpsEntry 8 } --************************************************************************************** -- UserFirewall group --************************************************************************************** hmSec2UsrFwConfigGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 8 } hmSec2UsrFwStatus OBJECT-TYPE SYNTAX INTEGER { -- Comment out the next line to disable the error state -- and USRFW_STATUS_ERROR_FLAG in usrfw/h/usrfw.h too error (0), enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables/Disables the User Firewall." DEFVAL { enable } ::= { hmSec2UsrFwConfigGroup 1 } hmSec2UsrFwTemplateTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2UsrFwTemplateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of the User Firewall templates." ::= { hmSec2UsrFwConfigGroup 2 } hmSec2UsrFwTemplateEntry OBJECT-TYPE SYNTAX HmSec2UsrFwTemplateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2UsrFwTemplateIndex } ::= { hmSec2UsrFwTemplateTable 1 } HmSec2UsrFwTemplateEntry ::= SEQUENCE { hmSec2UsrFwTemplateIndex Integer32, hmSec2UsrFwTemplateName SnmpAdminString, hmSec2UsrFwTemplateTimeout Integer32, hmSec2UsrFwTemplateTimeoutType INTEGER, hmSec2UsrFwTemplateComment DisplayString, hmSec2UsrFwTemplateSrcAddr DisplayString, hmSec2UsrFwTemplateStatus RowStatus } hmSec2UsrFwTemplateIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Table index." ::= { hmSec2UsrFwTemplateEntry 1 } hmSec2UsrFwTemplateName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "The descriptive name of the template." DEFVAL { "(unnamed)" } ::= { hmSec2UsrFwTemplateEntry 2 } hmSec2UsrFwTemplateTimeout OBJECT-TYPE SYNTAX Integer32 (30..604800) MAX-ACCESS read-write STATUS current DESCRIPTION "Timeout in seconds after that the User Firewall user will be logged out." DEFVAL { 28800 } ::= { hmSec2UsrFwTemplateEntry 3 } hmSec2UsrFwTemplateTimeoutType OBJECT-TYPE SYNTAX INTEGER { static (1), dynamic (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Type of the User Firewall Timeout. static - means the user will be logged out after the time elapsed regardless of the user network activity. dynamic - the countdown for logout will not start until all user connections are closed and/or timed out." DEFVAL { static } ::= { hmSec2UsrFwTemplateEntry 4 } hmSec2UsrFwTemplateComment OBJECT-TYPE SYNTAX DisplayString (SIZE(0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "A comment for the template." DEFVAL { "" } ::= { hmSec2UsrFwTemplateEntry 5 } hmSec2UsrFwTemplateSrcAddr OBJECT-TYPE SYNTAX DisplayString (SIZE (2..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Source IP address for the user firewall rules. - single address (a.b.c.d) - address range in CIDR notation (a.b.c.d/n) - keyword 'me' - keyword 'any' - placeholder '%authorized_ip' the IP address user logged in from." DEFVAL { "%authorized_ip" } ::= { hmSec2UsrFwTemplateEntry 6 } hmSec2UsrFwTemplateStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Template Status. active(1) - This template is active. notInService(2) - Row has been suspended. notReady(3) - Row has incomplete values. createAndGo(4) - Accept row values and activate. createAndWait(5) - Accept row values and wait. destroy(6) - Set to this value to remove this template." ::= { hmSec2UsrFwTemplateEntry 7 } hmSec2UsrFwTemplateUserTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2UsrFwTemplateUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Users for the template." ::= { hmSec2UsrFwConfigGroup 3 } hmSec2UsrFwTemplateUserEntry OBJECT-TYPE SYNTAX HmSec2UsrFwTemplateUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2UsrFwTemplateIndex, IMPLIED hmSec2UsrFwTemplateUserName } ::= { hmSec2UsrFwTemplateUserTable 1 } HmSec2UsrFwTemplateUserEntry ::= SEQUENCE { hmSec2UsrFwTemplateUserTemplateIndex Integer32, hmSec2UsrFwTemplateUserName SnmpAdminString, hmSec2UsrFwTemplateUserStatus RowStatus } hmSec2UsrFwTemplateUserTemplateIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Template index from the hmSec2UsrFwTemplateTable above." ::= { hmSec2UsrFwTemplateUserEntry 1 } hmSec2UsrFwTemplateUserName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "User name." DEFVAL { "" } ::= { hmSec2UsrFwTemplateUserEntry 2 } hmSec2UsrFwTemplateUserStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Template-User Entry Status. active(1) - This entry is active. notInService(2) - Row has been suspended. notReady(3) - Row has incomplete values. createAndGo(4) - Accept row values and activate. createAndWait(5) - Accept row values and wait. destroy(6) - Set to this value to remove this entry." ::= { hmSec2UsrFwTemplateUserEntry 3 } hmSec2UsrFwTemplateRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2UsrFwTemplateRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Firewall rules for a template." ::= { hmSec2UsrFwConfigGroup 4 } hmSec2UsrFwTemplateRuleEntry OBJECT-TYPE SYNTAX HmSec2UsrFwTemplateRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2UsrFwTemplateRuleTemplateIndex, hmSec2UsrFwTemplateRuleIndex } ::= { hmSec2UsrFwTemplateRuleTable 1 } HmSec2UsrFwTemplateRuleEntry ::= SEQUENCE { hmSec2UsrFwTemplateRuleTemplateIndex Integer32, hmSec2UsrFwTemplateRuleIndex Integer32, hmSec2UsrFwTemplateRuleProto DisplayString, hmSec2UsrFwTemplateRuleSrcPort DisplayString, hmSec2UsrFwTemplateRuleDstNet DisplayString, hmSec2UsrFwTemplateRuleDstPort DisplayString, hmSec2UsrFwTemplateRuleComment DisplayString, hmSec2UsrFwTemplateRuleLog INTEGER, hmSec2UsrFwTemplateRuleStatus RowStatus } hmSec2UsrFwTemplateRuleTemplateIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index of the hmSec2UsrFwTemplateTable above" ::= { hmSec2UsrFwTemplateRuleEntry 1 } hmSec2UsrFwTemplateRuleIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The table index." ::= { hmSec2UsrFwTemplateRuleEntry 2 } hmSec2UsrFwTemplateRuleProto OBJECT-TYPE SYNTAX DisplayString (SIZE (0..10)) MAX-ACCESS read-write STATUS current DESCRIPTION "The IP protocol (RFC 791) as a decimal number (in range 1 - 255), a name or the keyword 'any' for protocol-independent filtering. The following protocol names are currently supported: o 'icmp': internet control message protocol (RFC 792) o 'igmp': internet group management protocol o 'ipip': IP in IP tunneling (RFC 1853) o 'tcp': transmission control protocol (RFC 793) o 'udp': user datagram protocol (RFC 768) o 'esp': IPsec encapsulated security payload (RFC 2406) o 'ah': IPsec authentication header (RFC 2402) o 'ipv6-icmp': internet control message protocol for IPv6" DEFVAL { "tcp" } ::= { hmSec2UsrFwTemplateRuleEntry 3 } hmSec2UsrFwTemplateRuleSrcPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Port expression or the keyword 'any'. A port expressions is structured as 'port' (default), 'op port' or 'port1 op port2', where 'op' is a mathematical operator for: o equal (default) = o unequal != o less than < o less than or equal <= o greater than > o greater than or equal to >= o outside range <> o inside range >< The port must be specified as a decimal number or one of the aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443)" DEFVAL { "any" } ::= { hmSec2UsrFwTemplateRuleEntry 4 } hmSec2UsrFwTemplateRuleDstNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Single address (a.b.c.d) or address range in CIDR notation (a.b.c.d/n) or the keywords 'me' or 'any'." DEFVAL { "" } ::= { hmSec2UsrFwTemplateRuleEntry 5 } hmSec2UsrFwTemplateRuleDstPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Port expression or the keyword 'any'. A port expressions is structured as 'port' (default), 'op port' or 'port1 op port2', where 'op' is a mathematical operator for: o equal (default) = o unequal != o less than < o less than or equal <= o greater than > o greater than or equal to >= o outside range <> o inside range >< The port must be specified as a decimal number or one of the aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443)" DEFVAL { "any" } ::= { hmSec2UsrFwTemplateRuleEntry 6 } hmSec2UsrFwTemplateRuleComment OBJECT-TYPE SYNTAX DisplayString (SIZE(0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "A comment for the firewall rule." DEFVAL { "" } ::= { hmSec2UsrFwTemplateRuleEntry 7 } hmSec2UsrFwTemplateRuleLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for packets matching this rule." DEFVAL { disable } ::= { hmSec2UsrFwTemplateRuleEntry 8 } hmSec2UsrFwTemplateRuleStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Firewall rule status. active(1) - This rule is active. notInService(2) - Row has been suspended. notReady(3) - Row has incomplete values. createAndGo(4) - Accept row values and activate. createAndWait(5) - Accept row values and wait. destroy(6) - Set to this value to remove this rule." ::= { hmSec2UsrFwTemplateRuleEntry 9 } -- -- Firewall Diagnostics -- -- hmSec2FirewallDiagnosticsGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 9 } -- -- List of all IP firewall rules -- -- hmSec2FwDiagL3Table OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2FwDiagL3Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Complete list of IP firewall rules." ::= { hmSec2FirewallDiagnosticsGroup 1 } hmSec2FwDiagL3Entry OBJECT-TYPE SYNTAX HmSec2FwDiagL3Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Firewall rule" INDEX { hmSec2FwDiagL3Index } ::= { hmSec2FwDiagL3Table 1 } HmSec2FwDiagL3Entry ::= SEQUENCE { hmSec2FwDiagL3Index Integer32, hmSec2FwDiagL3Group DisplayString, hmSec2FwDiagL3Ref Integer32, hmSec2FwDiagL3Interface DisplayString, hmSec2FwDiagL3SrcNet DisplayString, hmSec2FwDiagL3SrcPort DisplayString, hmSec2FwDiagL3DstNet DisplayString, hmSec2FwDiagL3DstPort DisplayString, hmSec2FwDiagL3Proto DisplayString, hmSec2FwDiagL3Action INTEGER, hmSec2FwDiagL3Log INTEGER, hmSec2FwDiagL3MatchCnt Counter32 } hmSec2FwDiagL3Index OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Rule number in IP firewall table" ::= { hmSec2FwDiagL3Entry 1 } hmSec2FwDiagL3Group OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "Name of group this rule belongs to." ::= { hmSec2FwDiagL3Entry 2 } hmSec2FwDiagL3Ref OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Reference into group (typically the rule number). If this value is -1, then no reference exist." ::= { hmSec2FwDiagL3Entry 3 } hmSec2FwDiagL3Interface OBJECT-TYPE SYNTAX DisplayString (SIZE (0..15)) MAX-ACCESS read-only STATUS current DESCRIPTION "Interface (or type of traffic)." ::= { hmSec2FwDiagL3Entry 4 } hmSec2FwDiagL3SrcNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "Source address." ::= { hmSec2FwDiagL3Entry 5 } hmSec2FwDiagL3SrcPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "Source port (expression)." ::= { hmSec2FwDiagL3Entry 6 } hmSec2FwDiagL3DstNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "Destination address." ::= { hmSec2FwDiagL3Entry 7 } hmSec2FwDiagL3DstPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "Destination port (expression)" ::= { hmSec2FwDiagL3Entry 8 } hmSec2FwDiagL3Proto OBJECT-TYPE SYNTAX DisplayString (SIZE (0..10)) MAX-ACCESS read-only STATUS current DESCRIPTION "IP protocol" ::= { hmSec2FwDiagL3Entry 9 } hmSec2FwDiagL3Action OBJECT-TYPE SYNTAX INTEGER { accept(1), drop(2), reject(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Action." ::= { hmSec2FwDiagL3Entry 10 } hmSec2FwDiagL3Log OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2), logAndTrap(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Logging." ::= { hmSec2FwDiagL3Entry 11 } hmSec2FwDiagL3MatchCnt OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the matches on this rule." ::= { hmSec2FwDiagL3Entry 12 } -- -- Firewall Learning Mode -- -- hmSec2FirewallLearningModeGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 10 } hmSec2FirewallLearningModeVars OBJECT IDENTIFIER ::= { hmSec2FirewallLearningModeGroup 1 } -- -- List of States and Generic Vars for Firewall Learning Mode-- -- hmSec2FLMAdminState OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable or disable the Firewall Learning Mode " DEFVAL { disable } ::= { hmSec2FirewallLearningModeVars 1 } hmSec2FLMAction OBJECT-TYPE SYNTAX INTEGER { other(1), start(2), stop(3), clear(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "Actions to control the Firewall Learning Mode " DEFVAL { other } ::= { hmSec2FirewallLearningModeVars 2 } hmSec2FLMInterfaces OBJECT-TYPE SYNTAX INTEGER { both(1), int(2), ext(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Defines the Interface to learn from" DEFVAL { both } ::= { hmSec2FirewallLearningModeVars 3 } hmSec2FLMType OBJECT-TYPE SYNTAX INTEGER { learn(1), test(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Learning or testing Mode" DEFVAL { learn } ::= { hmSec2FirewallLearningModeVars 4 } hmSec2FLMAppState OBJECT-TYPE SYNTAX INTEGER { off(1), stoppeddatanotpresent(2), stoppeddatapresent(3), learning(4), testing(5), pending(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "State of running FLM Application" ::= { hmSec2FirewallLearningModeVars 5 } hmSec2FLMAppInfoEnum OBJECT-TYPE SYNTAX INTEGER { other(1), normal(2), ramlow(3), ramempty(4), conndrop(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "Enum for Infostring" ::= { hmSec2FirewallLearningModeVars 6 } hmSec2FLMAppInfoString OBJECT-TYPE SYNTAX DisplayString (SIZE (0..80)) MAX-ACCESS read-only STATUS current DESCRIPTION "Special Statusmessage" ::= { hmSec2FirewallLearningModeVars 7 } hmSec2FLML3Entries OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Layer 3 entries in the connection table" ::= { hmSec2FirewallLearningModeVars 8 } hmSec2FLMFreeMem OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Free Mem For Learning Data" ::= { hmSec2FirewallLearningModeVars 9 } hmSec2FLMAnyRuleChange OBJECT-TYPE SYNTAX INTEGER { automatic(1), manual(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "How to handle detected accept-any rules during Learning Mode. This can only be set during state: Data not present" DEFVAL { automatic } ::= { hmSec2FirewallLearningModeVars 10 } -- -- List of all MAC firewall rules -- -- hmSec2FwDiagL2Table OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2FwDiagL2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Complete list of MAC firewall rules." ::= { hmSec2FirewallDiagnosticsGroup 2 } hmSec2FwDiagL2Entry OBJECT-TYPE SYNTAX HmSec2FwDiagL2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Firewall rule" INDEX { hmSec2FwDiagL2Index } ::= { hmSec2FwDiagL2Table 1 } HmSec2FwDiagL2Entry ::= SEQUENCE { hmSec2FwDiagL2Index Integer32, hmSec2FwDiagL2Group DisplayString, hmSec2FwDiagL2Ref Integer32, hmSec2FwDiagL2Interface DisplayString, hmSec2FwDiagL2SrcNet DisplayString, hmSec2FwDiagL2DstNet DisplayString, hmSec2FwDiagL2Proto DisplayString, hmSec2FwDiagL2Action INTEGER, hmSec2FwDiagL2Log INTEGER, hmSec2FwDiagL2MatchCnt Counter32 } hmSec2FwDiagL2Index OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Rule number in MAC firewall table" ::= { hmSec2FwDiagL2Entry 1 } hmSec2FwDiagL2Group OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "Name of group this rule belongs to." ::= { hmSec2FwDiagL2Entry 2 } hmSec2FwDiagL2Ref OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Reference into group (typically the rule number). If this value is -1, then no reference exist." ::= { hmSec2FwDiagL2Entry 3 } hmSec2FwDiagL2Interface OBJECT-TYPE SYNTAX DisplayString (SIZE (0..15)) MAX-ACCESS read-only STATUS current DESCRIPTION "Interface (or type of traffic)." ::= { hmSec2FwDiagL2Entry 4 } hmSec2FwDiagL2SrcNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "Source address." ::= { hmSec2FwDiagL2Entry 5 } hmSec2FwDiagL2DstNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "Destination address." ::= { hmSec2FwDiagL2Entry 6 } hmSec2FwDiagL2Proto OBJECT-TYPE SYNTAX DisplayString (SIZE (0..10)) MAX-ACCESS read-only STATUS current DESCRIPTION "Layer 2 (Ethernet) protocol" ::= { hmSec2FwDiagL2Entry 7 } hmSec2FwDiagL2Action OBJECT-TYPE SYNTAX INTEGER { accept(1), drop(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Action." ::= { hmSec2FwDiagL2Entry 8 } hmSec2FwDiagL2Log OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2), logAndTrap(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Logging." ::= { hmSec2FwDiagL2Entry 9 } hmSec2FwDiagL2MatchCnt OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the matches on this rule." ::= { hmSec2FwDiagL2Entry 10 } hmSec2FwConfigGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 11 } hmSec2FwStaticPacketCheck OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable or disable static packet check in the firewall (disable for performance reasons)." DEFVAL { enable } ::= { hmSec2FwConfigGroup 1 } hmSec2FwInternRemNumIPRules OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Remaining number of internally available IP firewall rules." ::= { hmSec2FwConfigGroup 2 } -- -- Network group -- hmSec2NetGeneralGroup OBJECT IDENTIFIER ::= { hmSec2Network 1 } hmSec2NetTransparentGroup OBJECT IDENTIFIER ::= { hmSec2Network 2 } hmSec2NetRouterGroup OBJECT IDENTIFIER ::= { hmSec2Network 3 } hmSec2NetPPPoEGroup OBJECT IDENTIFIER ::= { hmSec2Network 4 } hmSec2NetPPPGroup OBJECT IDENTIFIER ::= { hmSec2Network 5 } hmSec2NetDNSClientGroup OBJECT IDENTIFIER ::= { hmSec2Network 6 } hmSec2NetDynDNSGroup OBJECT IDENTIFIER ::= { hmSec2Network 7 } hmSec2NetPingGroup OBJECT IDENTIFIER ::= { hmSec2Network 8 } -- -- General Network variables -- hmSec2NetworkMode OBJECT-TYPE SYNTAX INTEGER { transparent(1), router(2), pppoe(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Network mode: Transparent Mode or Routing Mode (PPPoE is also Routing Mode)" ::= { hmSec2NetGeneralGroup 1 } hmSec2NetAction OBJECT-TYPE SYNTAX INTEGER { other (1), activate (2), flushstates (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object, when read, always returns a value of other(1). Setting the object to activate(2) causes a reconfiguration of the IP protocol stack and network configuration with the current value of hmSec2NetworkMode. All of the further configuration depends on the used operating mode, such as hmSec2LocalIPAddr, hmSec2GatewayIPAddr, hmSec2NetMask, hmSec2UseVLAN and hmSec2MgmtVLANID in Transparent Mode or the tables values out of hmSec2NetIPInterfaceTable (defined by hmSec2NetIPInterfaceEntry) in Router or PPPoE mode. In PPPoE mode also the PPPoE configuration is taken into account. Additional routing values will be used after the reconfiguration. Setting the object to flushstates(3) causes a flush to the Firewall and NAT state/mapping tables, which removes all active mappings and connection entries. Clients behind the Firewall or the NAT router will have to re-establish their connections." DEFVAL { other } ::= { hmSec2NetGeneralGroup 2 } hmSec2NetDirectedBroadcasts OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable or disable forwarding of net directed broadcasts by the device. Remark: net directed broadcast can be used for so called Smurf attacks. Per default this feature is disabled (do not allow Smurf attacks)." DEFVAL { disable } ::= { hmSec2NetGeneralGroup 3 } hmSec2NetIPFragmentsAllowed OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable or disable forwarding of IP fragments by the device. Per default this feature is enabled." DEFVAL { enable } ::= { hmSec2NetGeneralGroup 4 } hmSec2NetICMPSendRedirects OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable or disable sending of ICMP redirects by the device, when the incoming subnet and interface and the outgoing subnet and interface is the same for the forwarded packet. Per default this feature is enabled." DEFVAL { enable } ::= { hmSec2NetGeneralGroup 5 } hmSec2NetEtherBroadcastRoute OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Internal use only." DEFVAL { disable } ::= { hmSec2NetGeneralGroup 6 } hmSec2LocalIPAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "IP address of the management agent in transparent mode. Changing this value will take effect after activating with hmNetAction." DEFVAL { 'C0A80101'H } -- 192.168.1.1 ::= { hmSec2NetTransparentGroup 1 } hmSec2LocalPhysAddr OBJECT-TYPE SYNTAX PhysAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Physical MAC-address of the agent." ::= { hmSec2NetTransparentGroup 2 } hmSec2GatewayIPAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "IP address of the default gateway. Changing this value will take effect after activating with hmNetAction." DEFVAL { '00000000'H } -- 0.0.0.0 ::= { hmSec2NetTransparentGroup 3 } hmSec2NetMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Subnet mask. Changing this value will take effect after activating with hmNetAction." DEFVAL { 'FFFFFF00'H } -- 255.255.255.0 ::= { hmSec2NetTransparentGroup 4 } hmSec2UseVLAN OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Use VLAN Tag and Management VLAN ID." DEFVAL { disable } ::= { hmSec2NetTransparentGroup 5 } hmSec2MgmtVLANID OBJECT-TYPE SYNTAX Integer32 (1..4094) MAX-ACCESS read-write STATUS current DESCRIPTION "Management VLAN ID." DEFVAL { 1 } ::= { hmSec2NetTransparentGroup 6 } hmSec2NetProto OBJECT-TYPE SYNTAX INTEGER { none (1), dhcp (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Network Protocol to obtain IP configuration. (1) none means use fix configuration, (2) DHCP means using DHCP in transparent mode to obtain a IP address from server." DEFVAL { none } ::= { hmSec2NetTransparentGroup 7 } hmSec2NetPassThroughSTP OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Passthorugh Spanning Tree Protocol BPDU frames in Transparent Mode." DEFVAL { enable } ::= { hmSec2NetTransparentGroup 8 } hmSec2NetPassThroughGMRP OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Passthorugh GMRP (GARP Multicast registration protocol) frames in Transparent Mode." DEFVAL { disable } ::= { hmSec2NetTransparentGroup 9 } hmSec2NetPassThroughDHCP OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Passthorugh DHCP (no DHCP server on the EAGLE) frames in Transparent Mode." DEFVAL { disable } ::= { hmSec2NetTransparentGroup 10 } -- -- Network -- hmSec2NetIPInterfaceTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2NetIPInterfaceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the IP Configuration table for the IP interfaces." ::= { hmSec2NetRouterGroup 1 } hmSec2NetIPInterfaceEntry OBJECT-TYPE SYNTAX HmSec2NetIPInterfaceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the IP Configuration table for the internal interface." INDEX { hmSec2NetIPIfIndex } ::= { hmSec2NetIPInterfaceTable 1 } HmSec2NetIPInterfaceEntry ::= SEQUENCE { hmSec2NetIPIfIndex Integer32, hmSec2NetIPIfAddr IpAddress, hmSec2NetIPIfMask IpAddress, hmSec2NetIPIfUseVLAN INTEGER, hmSec2NetIPIfVLANID Integer32, hmSec2NetIPIfNetProto INTEGER } hmSec2NetIPIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index of IP interface in the table." ::= { hmSec2NetIPInterfaceEntry 1 } hmSec2NetIPIfAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Internal IP address." ::= { hmSec2NetIPInterfaceEntry 2 } hmSec2NetIPIfMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Subnet mask." ::= { hmSec2NetIPInterfaceEntry 3 } hmSec2NetIPIfUseVLAN OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Use VLAN Tag and Management VLAN ID." DEFVAL { disable } ::= { hmSec2NetIPInterfaceEntry 4 } hmSec2NetIPIfVLANID OBJECT-TYPE SYNTAX Integer32 (1..4094) MAX-ACCESS read-write STATUS current DESCRIPTION "Management VLAN ID." DEFVAL { 1 } ::= { hmSec2NetIPInterfaceEntry 5 } hmSec2NetIPIfNetProto OBJECT-TYPE SYNTAX INTEGER { none (1), dhcp (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Network Protocol to obtain IP configuration. (1) none means use fix configuration, (2) DHCP means using DHCP on this interface to obtain a IP address from server." ::= { hmSec2NetIPInterfaceEntry 6 } -- -- Additional IP Addresses for the interfaces table -- hmSec2NetIPAliasesTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2NetIPAliasesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains additional IP Configuration for the IP interfaces." ::= { hmSec2NetRouterGroup 2 } hmSec2NetIPAliasesEntry OBJECT-TYPE SYNTAX HmSec2NetIPAliasesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains additional IP Configuration for the IP interfaces." INDEX { hmSec2NetIPAliasIfIndex, hmSec2NetIPAliasAddr } ::= { hmSec2NetIPAliasesTable 1 } HmSec2NetIPAliasesEntry ::= SEQUENCE { hmSec2NetIPAliasIfIndex Integer32, hmSec2NetIPAliasAddr IpAddress, hmSec2NetIPAliasMask IpAddress, hmSec2NetIPAliasUseVLAN INTEGER, hmSec2NetIPAliasVLANID Integer32, hmSec2NetIPAliasRowStatus RowStatus } hmSec2NetIPAliasIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index of IP interface in the table." ::= { hmSec2NetIPAliasesEntry 1 } hmSec2NetIPAliasAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Internal IP address." ::= { hmSec2NetIPAliasesEntry 2 } hmSec2NetIPAliasMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Subnet mask." ::= { hmSec2NetIPAliasesEntry 3 } hmSec2NetIPAliasUseVLAN OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Use VLAN Tag and Management VLAN ID." DEFVAL { disable } ::= { hmSec2NetIPAliasesEntry 4 } hmSec2NetIPAliasVLANID OBJECT-TYPE SYNTAX Integer32 (1..4094) MAX-ACCESS read-write STATUS current DESCRIPTION "Management VLAN ID." DEFVAL { 1 } ::= { hmSec2NetIPAliasesEntry 5 } hmSec2NetIPAliasRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status for the table entry The configuration is been taken, when the row status is set to active." ::= { hmSec2NetIPAliasesEntry 6 } -- -- Some more Network Variables for the external interface -- hmSec2NetRouterExternalGroup OBJECT IDENTIFIER ::= { hmSec2NetRouterGroup 3 } hmSec2NetRtrExternalGateway OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "IP address of the default gateway for the external interface. Changing this value will take effect after activating with hmNetAction." DEFVAL { '00000000'H } -- 0.0.0.0 ::= { hmSec2NetRouterExternalGroup 1 } hmSec2NetRtrExtTrapAddr OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Use the external router IP address as agent address for sending SNMP v1 traps." DEFVAL { disable } ::= { hmSec2NetRouterExternalGroup 2 } -- -- Additional Routing entries for the system routing table -- hmSec2NetIPRouteTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2NetIPRouteEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains additional Routing Configuration for the IP interfaces." ::= { hmSec2NetRouterGroup 4 } hmSec2NetIPRouteEntry OBJECT-TYPE SYNTAX HmSec2NetIPRouteEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains additional IP Configuration for the IP interfaces." INDEX { hmSec2NetIPRouteIfIndex, hmSec2NetIPRouteAddr, hmSec2NetIPRouteMask } ::= { hmSec2NetIPRouteTable 1 } HmSec2NetIPRouteEntry ::= SEQUENCE { hmSec2NetIPRouteIfIndex Integer32, hmSec2NetIPRouteAddr IpAddress, hmSec2NetIPRouteMask IpAddress, hmSec2NetIPRouteGateway IpAddress, hmSec2NetIPRouteRowStatus RowStatus } hmSec2NetIPRouteIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index of IP interface in the table." ::= { hmSec2NetIPRouteEntry 1 } hmSec2NetIPRouteAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Network IP address." ::= { hmSec2NetIPRouteEntry 2 } hmSec2NetIPRouteMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Network subnet mask." ::= { hmSec2NetIPRouteEntry 3 } hmSec2NetIPRouteGateway OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Gateway to be used for this network." ::= { hmSec2NetIPRouteEntry 4 } hmSec2NetIPRouteRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status for the table entry. The configuration is been taken, when the row status is set to active." ::= { hmSec2NetIPRouteEntry 5 } -- -- PPPoE configuration -- hmSec2PPPoEUsername OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "PPPoE login configuration user name" ::= { hmSec2NetPPPoEGroup 1 } hmSec2PPPoEPassword OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "PPPoE login configuration password" ::= { hmSec2NetPPPoEGroup 2 } hmSec2PPPoEMTU OBJECT-TYPE SYNTAX INTEGER (60..1500) MAX-ACCESS read-write STATUS current DESCRIPTION "PPPoE Interface MTU preconfigured value." DEFVAL { 1492 } ::= { hmSec2NetPPPoEGroup 3 } hmSec2PPPoEIfAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Provider assigned IP address on PPPoE interface." ::= { hmSec2NetPPPoEGroup 4 } hmSec2PPPoEIfMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Provider assigned subnet mask." ::= { hmSec2NetPPPoEGroup 5 } hmSec2PPPoEGateway OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Provider assigned gateway address." ::= { hmSec2NetPPPoEGroup 6 } hmSec2PPPoEStatus OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Current state of PPPoE interface." ::= { hmSec2NetPPPoEGroup 7 } hmSec2PPPoEDisconAdminState OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "PPPoE automatic disconnect admin state. When enabled an automatic disconnect will be performed every day at the specified hour (if PPPoE connection is up only)." DEFVAL { disable } ::= { hmSec2NetPPPoEGroup 8 } hmSec2PPPoEDisconHour OBJECT-TYPE SYNTAX INTEGER (0..23) MAX-ACCESS read-write STATUS current DESCRIPTION "PPPoE automatic disconnect hour setting." DEFVAL { 0 } ::= { hmSec2NetPPPoEGroup 9 } -- -- PPP configuration -- hmSec2PPPUsername OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "PPP login configuration user name" ::= { hmSec2NetPPPGroup 1 } hmSec2PPPPassword OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "PPP login configuration password" ::= { hmSec2NetPPPGroup 2 } hmSec2PPPLocalIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Local IP address for PPP configuration." DEFVAL { 'C0A80201'H } -- 192.168.2.1 ::= { hmSec2NetPPPGroup 3 } hmSec2PPPRemoteIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Remote IP address for PPP configuration." DEFVAL { 'C0A80202'H } -- 192.168.2.2 ::= { hmSec2NetPPPGroup 4 } hmSec2PPPModemAdminState OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Allow Modem on serial interface or not. The configuration will be taken, when hmSec2NetAction variable is set to activate." DEFVAL { disable } ::= { hmSec2NetPPPGroup 5 } hmSec2PPPModemBaudRate OBJECT-TYPE SYNTAX INTEGER { b19200(1), b38400(2), b57600(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Modem speed on serial connection to be used." DEFVAL { b57600 } ::= { hmSec2NetPPPGroup 6 } hmSec2PPPMTU OBJECT-TYPE SYNTAX INTEGER (60..1500) MAX-ACCESS read-write STATUS current DESCRIPTION "PPP Interface MTU preconfigured value." DEFVAL { 1500 } ::= { hmSec2NetPPPGroup 7 } hmSec2PPPStatus OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Current state of PPP interface." ::= { hmSec2NetPPPGroup 8 } hmSec2PPPModemFlowControl OBJECT-TYPE SYNTAX INTEGER { off(1), rtscts(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Modem flow control on serial connection to be used. Off disable all flow control options. RTS/CTS means hardware flow control." DEFVAL { off } ::= { hmSec2NetPPPGroup 9 } -- -- DNS Client Definitions -- -- hmSec2DNSClientServer1 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The first DNS Server to use." DEFVAL { '00000000'H } -- 0.0.0.0 ::= { hmSec2NetDNSClientGroup 1 } hmSec2DNSClientServer2 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The second DNS Server to use." DEFVAL { '00000000'H } -- 0.0.0.0 ::= { hmSec2NetDNSClientGroup 2 } hmSec2DNSClientServer3 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The third DNS Server to use." DEFVAL { '00000000'H } -- 0.0.0.0 ::= { hmSec2NetDNSClientGroup 3 } hmSec2DNSClientServer4 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The fourth DNS Server to use." DEFVAL { '00000000'H } -- 0.0.0.0 ::= { hmSec2NetDNSClientGroup 4 } hmSec2DNSClientConfigSource OBJECT-TYPE SYNTAX INTEGER { user(1), provider(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "DNS Client configuration source. If the value is set to user(1), then the variables hmSec2DNSClientServer1 to hmSec2DNSClientServer4 will be used. If the value is set to provider(2), then the DNS configuration comes from the access protocol like PPP or PPPoE. The configuration will be taken, when hmSec2NetAction variable is set to activate." DEFVAL { provider } ::= { hmSec2NetDNSClientGroup 5 } -- -- DynDNS configuration -- hmSec2DynDNSProvider OBJECT-TYPE SYNTAX INTEGER { dyndns-org (1), other (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Type of DynDNS provider to be used." DEFVAL { dyndns-org } ::= { hmSec2NetDynDNSGroup 1 } hmSec2DynDNSRegister OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables the DynDNS service. When enabled the host is registered at the DynDNS server. " DEFVAL { disable } ::= { hmSec2NetDynDNSGroup 2 } hmSec2DynDNSServer OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "The DynDNS server which provides the service to register the IP address of this host." ::= { hmSec2NetDynDNSGroup 3 } hmSec2DynDNSLogin OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "The DynDNS server login name for the registration to the DynDNS service." ::= { hmSec2NetDynDNSGroup 4 } hmSec2DynDNSPassword OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "The DynDNS server password for the registration to the DynDNS service." ::= { hmSec2NetDynDNSGroup 5 } hmSec2DynDNSHostname OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "The DynDNS host name to be registered with the IP address to the DynDNS service." ::= { hmSec2NetDynDNSGroup 6 } hmSec2DynDNSRefresh OBJECT-TYPE SYNTAX Integer32 (1..6000) MAX-ACCESS read-write STATUS current DESCRIPTION "Refresh interval for checking the IP address. The refresh interval is counted in minutes." DEFVAL { 10 } ::= { hmSec2NetDynDNSGroup 7 } hmSec2DynDNSStatus OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "The DynDNS registration status." ::= { hmSec2NetDynDNSGroup 8 } hmSec2DynDNSCheckIPServer OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "The CheckIP server which provides the service to detect the IP address of this host seen from the outside." ::= { hmSec2NetDynDNSGroup 9 } -- -- ping functionality -- hmSec2NetPingSourceAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Source IP address for ping command. 0.0.0.0 means no source address given." DEFVAL { '00000000'H } -- 0.0.0.0 ::= { hmSec2NetPingGroup 1 } hmSec2NetPingDestAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Destination IP address for ping command." DEFVAL { '00000000'H } -- 0.0.0.0 ::= { hmSec2NetPingGroup 2 } hmSec2NetPingAction OBJECT-TYPE SYNTAX INTEGER { other (1), activate (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If set to activate(2), the ping will be started. When read, this variable returns always other(1)." DEFVAL { other } ::= { hmSec2NetPingGroup 3 } hmSec2NetPingActionStatus OBJECT-TYPE SYNTAX INTEGER { idle (1), pinging (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Returns, if a ping command is running at the monent (pinging) or if the ping functionality is not running (idle)." ::= { hmSec2NetPingGroup 4 } hmSec2NetPingResult OBJECT-TYPE SYNTAX INTEGER { init (1), reachable (2), unreachable (3), pinging (4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Returns the result of the last ping operation. If the ping has been successful (host is reachable through ping) or ping has failed (host is not reachable through ping)." ::= { hmSec2NetPingGroup 5 } hmSec2NetPingResultText OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Returns the result of the last ping operation as text." ::= { hmSec2NetPingGroup 6 } -- -- VPN Definitions -- -- hmSec2VpnGroup OBJECT IDENTIFIER ::= { hmSec2Vpn 1 } hmSec2VpnGeneralGroup OBJECT IDENTIFIER ::= { hmSec2VpnGroup 1 } hmSec2VpnConnGroup OBJECT IDENTIFIER ::= { hmSec2VpnGroup 2 } hmSec2VpnTrafficSelGroup OBJECT IDENTIFIER ::= { hmSec2VpnGroup 3 } hmSec2VpnCertificateGroup OBJECT IDENTIFIER ::= { hmSec2VpnGroup 4 } -- -- VPN general group -- hmSec2VpnRemoteCtlPwd OBJECT-TYPE SYNTAX DisplayString (SIZE(0..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "VPN Remote Control Password. This object will always return '********' even if a password is set. Setting this object to a 'zero' string deactivates the remote control function." ::= { hmSec2VpnGeneralGroup 1 } hmSec2VpnLEDIndication OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "LED indication for VPN connection active. If at least one VPN connection is active und up, the EAGLE will signalize this with its STATUS LED blinking yellow and green when the feature is enabled." ::= { hmSec2VpnGeneralGroup 2 } hmSec2VpnModeConfigPool OBJECT-TYPE SYNTAX DisplayString (SIZE(0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { hmSec2VpnGeneralGroup 3 } hmSec2VpnInputServiceMode OBJECT-TYPE SYNTAX INTEGER { powersupply(1), digitalinput-low(2), digitalinput-high(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Select the source which shall be used to activate VPN service mode connections. Redundant power supply (power off -> service mode active), low level on digital input (set to 0 -> service mode active) or high level on digital input (set to 1 -> service mode active)." DEFVAL { powersupply } ::= { hmSec2VpnGeneralGroup 4 } -- -- VPN traffic selector group -- hmSec2VpnTrafficSelTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2VpnTrafficSelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of traffic selectors. For details on the role of traffic selectors in IPsec protocol see RFC 2409, section 5.5 and RFC 4306, section 2.9." ::= { hmSec2VpnTrafficSelGroup 1 } hmSec2VpnTrafficSelEntry OBJECT-TYPE SYNTAX HmSec2VpnTrafficSelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A traffic selector entry. A traffic selector defines the subnet/host addresses for which this IPSec connection (SA) is responsible." INDEX { hmSec2VpnConnIndex, hmSec2VpnTrafficSelIndex } ::= { hmSec2VpnTrafficSelTable 1 } HmSec2VpnTrafficSelEntry ::= SEQUENCE { hmSec2VpnTrafficSelIndex INTEGER, hmSec2VpnTrafficSelSrcAddr DisplayString, hmSec2VpnTrafficSelDstAddr DisplayString, hmSec2VpnTrafficSelSrcPort DisplayString, hmSec2VpnTrafficSelDstPort DisplayString, hmSec2VpnTrafficSelProto DisplayString, hmSec2VpnTrafficSelPolicy DisplayString, hmSec2VpnTrafficSelDesc DisplayString, hmSec2VpnTrafficSelRowStatus RowStatus, hmSec2VpnTrafficSelSrcMapping DisplayString, hmSec2VpnTrafficSelDstMapping DisplayString } hmSec2VpnTrafficSelIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "An index that (together with the connection index hmSec2VpnConnIndex) identifies the entry in the traffic selector table. This index can be choosen freely, but must be greater than 0." ::= { hmSec2VpnTrafficSelEntry 1 } hmSec2VpnTrafficSelSrcAddr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Host or subnet address in CIDR notation (a.b.c.d/n) for which this traffic descriptor (and the associated VPN connection) is responsible. This address is compared to the source address of IP packets sent, when determining the associated IPsec and IKE-SA. The special keyword 'any' means that the address comparision always matches." DEFVAL { "any" } ::= { hmSec2VpnTrafficSelEntry 3 } hmSec2VpnTrafficSelDstAddr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Host or subnet address in CIDR notation (a.b.c.d/n) for which this traffic descriptor (and the associated VPN connection) is responsible. This address is compared to the destination address of IP packets sent, when determining the associated IPsec and IKE-SA. The special keyword 'any' means that the address comparision always matches." DEFVAL { "any" } ::= { hmSec2VpnTrafficSelEntry 4 } hmSec2VpnTrafficSelSrcPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "The source port as a decimal number in range 1 - 65535, the keyword 'any' for a port-independent policy (equivalent to port number 0), or one of the following aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443)" DEFVAL { "any" } ::= { hmSec2VpnTrafficSelEntry 5 } hmSec2VpnTrafficSelDstPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "The destination port as a decimal number in range 0 - 65535, the keyword 'any' for a port-independent policy (equivalent to port number 0), or one of the following aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443)" DEFVAL { "any" } ::= { hmSec2VpnTrafficSelEntry 6 } hmSec2VpnTrafficSelProto OBJECT-TYPE SYNTAX DisplayString (SIZE (0..10)) MAX-ACCESS read-write STATUS current DESCRIPTION "The IP protocol (RFC 791) as a decimal number in range 0 - 255 or a hexadecimal number in range 0x00 - 0xff, a protocol name or the keyword 'any' for a protocol-independent policy. The following protocol names are currently supported: o 'icmp': internet control message protocol (RFC 792) o 'tcp': transmission control protocol (RFC 793) o 'udp': user datagram protocol (RFC 768) o 'icmpv6': internet control message protocol for IPv6" DEFVAL { "any" } ::= { hmSec2VpnTrafficSelEntry 7 } hmSec2VpnTrafficSelPolicy OBJECT-TYPE SYNTAX DisplayString (SIZE (0..10)) MAX-ACCESS read-write STATUS current DESCRIPTION "Policy to apply to the matching traffic. The following policies are currently supported: o 'require': require encryption of the traffic. If the tunnel or traffic selector is down the traffic will discarded. o 'use': use encryption if possible else route the traffic unencrypted." DEFVAL { "require" } ::= { hmSec2VpnTrafficSelEntry 8 } hmSec2VpnTrafficSelDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "User defined text." DEFVAL { "" } ::= { hmSec2VpnTrafficSelEntry 9 } hmSec2VpnTrafficSelRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status of this table entry. Only traffic selector entries with an 'active' row status will be considered if the connections row status is set 'active'. Independent of that dependency any value in this entry can be changed only if the row status is not 'active'." ::= { hmSec2VpnTrafficSelEntry 10 } hmSec2VpnTrafficSelSrcMapping OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Optional mapping for the source address in CIDR notation (a.b.c.d/n) for a given traffic descriptor. If set, the IP source address of outgoing packets will be replaced according to this MIB object. For incoming packets the mapping will be reversed. Default is a string of size 0, i.e. mapping disabled." DEFVAL { "" } ::= { hmSec2VpnTrafficSelEntry 11 } hmSec2VpnTrafficSelDstMapping OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Optional mapping for the destination address in CIDR notation (a.b.c.d/n) for a given traffic descriptor. If set, the IP destination address of outgoing packets will be replaced according to this MIB object. For incoming packets the mapping will be reversed. Default is a string of size 0, i.e. mapping disabled." DEFVAL { "" } ::= { hmSec2VpnTrafficSelEntry 12 } -- -- VPN connection group -- hmSec2VpnConnMax OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Maximum number of VPN connections supported. Notice that the maximum number of active and up VPN connections is limited to 64." DEFVAL { 256 } ::= { hmSec2VpnConnGroup 1 } hmSec2VpnConnNext OBJECT-TYPE SYNTAX INTEGER (0..256) MAX-ACCESS read-only STATUS current DESCRIPTION "This object always holds an appropriate value to be used for hmSec2VpnConnIndex when creating entries in the hmSec2VpnConnTable. The value 0 indicates that no unassigned entries are available. To obtain the hmSec2VpnConnIndex value for a new entry, the management station issues a SNMP retrieval operation to obtain the current value of this object. After each row creation or deletion the agent modifies the value to the next unassigned index." ::= { hmSec2VpnConnGroup 2 } hmSec2VpnConnTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2VpnConnEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of VPN connections." ::= { hmSec2VpnConnGroup 3 } hmSec2VpnConnEntry OBJECT-TYPE SYNTAX HmSec2VpnConnEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A VPN connection entry." INDEX { hmSec2VpnConnIndex } ::= { hmSec2VpnConnTable 1 } HmSec2VpnConnEntry ::= SEQUENCE { hmSec2VpnConnIndex INTEGER, hmSec2VpnConnIkeVersion INTEGER, hmSec2VpnConnIkeStartup INTEGER, hmSec2VpnConnIkeCompat INTEGER, hmSec2VpnConnIkeLifetime INTEGER, hmSec2VpnConnIkeDpdTimeout INTEGER, hmSec2VpnConnIkeLocalAddr DisplayString, hmSec2VpnConnIkeRemoteAddr DisplayString, hmSec2VpnConnIkeAuthType INTEGER, hmSec2VpnConnIkeAuthMode INTEGER, hmSec2VpnConnIkeAuthCertCA OCTET STRING, hmSec2VpnConnIkeAuthCertRemote OCTET STRING, hmSec2VpnConnIkeAuthCertLocal OCTET STRING, hmSec2VpnConnIkeAuthPrivKey OCTET STRING, hmSec2VpnConnIkeAuthPasswd DisplayString, -- never saved hmSec2VpnConnIkeAuthPsk DisplayString, hmSec2VpnConnIkeAuthLocId DisplayString, hmSec2VpnConnIkeAuthLocType INTEGER, hmSec2VpnConnIkeAuthRemId DisplayString, hmSec2VpnConnIkeAuthRemType INTEGER, hmSec2VpnConnIkeAlgDh INTEGER, hmSec2VpnConnIkeAlgHash INTEGER, hmSec2VpnConnIkeAlgMac INTEGER, hmSec2VpnConnIkeAlgEncr INTEGER, hmSec2VpnConnIpsecMode INTEGER, hmSec2VpnConnIpsecNatTraversal INTEGER, hmSec2VpnConnIpsecLifetime INTEGER, hmSec2VpnConnIpsecAlgDh INTEGER, hmSec2VpnConnIpsecAlgMac INTEGER, hmSec2VpnConnIpsecAlgEncr INTEGER, hmSec2VpnConnOperStatus INTEGER, hmSec2VpnConnDesc DisplayString, hmSec2VpnConnRowStatus RowStatus, hmSec2VpnConnServiceMode INTEGER } hmSec2VpnConnIndex OBJECT-TYPE SYNTAX INTEGER (1..256) MAX-ACCESS read-only STATUS current DESCRIPTION "An index that uniquely identifies the entry in the table." ::= { hmSec2VpnConnEntry 1 } hmSec2VpnConnIkeVersion OBJECT-TYPE SYNTAX INTEGER { auto(1), v1(2), v2(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Version of the IKE protocol: o auto: accept IKEv1/v2 as responder, start with IKEv1 as initiator o v1: used protocol is IKE version 1 (ISAKMP) o v2: used protocol is IKE version 2" DEFVAL { auto } ::= { hmSec2VpnConnEntry 2 } hmSec2VpnConnIkeStartup OBJECT-TYPE SYNTAX INTEGER { initiator(1), responder(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If this host acts as a responder it does not initiate a key exchange (IKE) nor connection parameters negotiation. Otherwise, this host acts as an initiator - then it initiates an IKE actively." DEFVAL { responder } ::= { hmSec2VpnConnEntry 3 } hmSec2VpnConnIkeCompat OBJECT-TYPE SYNTAX INTEGER { on(1), off(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Compatibility mode for older IPsec clients." DEFVAL { off } ::= { hmSec2VpnConnEntry 4 } hmSec2VpnConnIkeLifetime OBJECT-TYPE SYNTAX INTEGER ( 1..86400) MAX-ACCESS read-write STATUS current DESCRIPTION "Lifetime of IKE security association in seconds. The maximum value is 24 hours (86400 seconds)." DEFVAL { 28800 } -- 8 hours ::= { hmSec2VpnConnEntry 5 } hmSec2VpnConnIkeDpdTimeout OBJECT-TYPE SYNTAX INTEGER ( 0..86400) -- max. 24 hours MAX-ACCESS read-write STATUS current DESCRIPTION "If greater than zero, the local peer sends Dead Peer Detection (DPD) messages (according to RFC 3706) to the remote peer. This value specifies the timeout in seconds, the remote peer is declared dead, if not responding. The value 0 disables this feature." DEFVAL { 120 } ::= { hmSec2VpnConnEntry 6 } hmSec2VpnConnIkeLocalAddr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "Hostname (FQDN) or IP address of local security gateway. If the value is 'any', then the primary IP address of external interface is used. In the case that this address is assigned dynamically by a DHCP server, the setup of the VPN connection is delayed until a valid IP address is assigned. Establishing the connection may also be delayed until the hostname (if specified) can be resolved." DEFVAL { "any" } ::= { hmSec2VpnConnEntry 7 } hmSec2VpnConnIkeRemoteAddr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "Typically the hostname (FQDN) or IP address of remote security gateway. If this value is 'any', then any IP address is accepted when establishing an IKE-SA as responder. Also a network in CIDR notation, to be accepted when establishing the IKE-SA, is allowed as responder. As initiator such values are not allowed. Establishing the VPN connection may be delayed until the hostname (if specified) can be resolved." DEFVAL { "any" } ::= { hmSec2VpnConnEntry 8 } hmSec2VpnConnIkeAuthType OBJECT-TYPE SYNTAX INTEGER { psk(1), x509rsa(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Type of authentication to be used (X.509 RSA certificates or pre-shared key)." DEFVAL { psk } ::= { hmSec2VpnConnEntry 9 } hmSec2VpnConnIkeAuthMode OBJECT-TYPE SYNTAX INTEGER { mainaggressive(1), main(2), aggressive(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "The phase 1 exchange mode to be used." DEFVAL { mainaggressive } ::= { hmSec2VpnConnEntry 10 } hmSec2VpnConnIkeAuthCertCA OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..6144)) MAX-ACCESS read-write STATUS current DESCRIPTION "PEM encoded X.509 certificate (RFC 1422), if authentication type in 'hmSec2VpnConnIkeAuthType' is 'x509rsa'. This certificate is used for RSA based signature verification in local and remote certificates." DEFVAL { "" } ::= { hmSec2VpnConnEntry 11 } hmSec2VpnConnIkeAuthCertRemote OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..6144)) MAX-ACCESS read-write STATUS current DESCRIPTION "PEM encoded X.509 certificate (RFC 1422), if authentication type in 'hmSec2VpnConnIkeAuthType' is 'x509rsa'. This certificate is used for RSA based authentication of remote peer at the local side. This certificate binds the identity of remote peer to it's public key. It is optional because typically send by the remote peer while negotiating an ISAKMP/IKE security association." DEFVAL { "" } ::= { hmSec2VpnConnEntry 12 } hmSec2VpnConnIkeAuthCertLocal OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..6144)) MAX-ACCESS read-write STATUS current DESCRIPTION "PEM encoded X.509 certificate (RFC 1422) to be used, if authentication type in 'hmSec2VpnConnIkeAuthType' is 'x509rsa'. This certificate is used for RSA based authentication of local peer at the remote side. The certificate binds the identity of local peer to it's public key, signed by the certification authority (CA) from 'hmSec2VpnConnIkeAuthCertCA'." DEFVAL { "" } ::= { hmSec2VpnConnEntry 13 } hmSec2VpnConnIkeAuthPrivKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..6144)) MAX-ACCESS read-write STATUS current DESCRIPTION "PEM encoded RSA private key (PKCS 1) to be used, if authentication type in 'hmSec2VpnConnIkeAuthType' is 'x509rsa'. Notice that this object is write-only and encrypted with 'hmSec2VpnConnIkeAuthPasswd'." DEFVAL { "" } ::= { hmSec2VpnConnEntry 14 } hmSec2VpnConnIkeAuthPasswd OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "Passphrase to be used for decryption of private key from 'hmSec2VpnConnIkeAuthPrivKey'. The passphrase must be set before the private key is set, else the SNMP operation fails." DEFVAL { "" } ::= { hmSec2VpnConnEntry 15 } hmSec2VpnConnIkeAuthPsk OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "Preshared key (passphrase) to be used if authentication type in 'hmSec2VpnConnIkeAuthType' is 'psk'." DEFVAL { "" } ::= { hmSec2VpnConnEntry 16 } hmSec2VpnConnIkeAuthLocId OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "Local peer identifier to be sent within ID payload during negotiation. The ID payload is used to identify the initiator of the security association. The identity is used by the responder to determine the correct host system security policy requirement for the association (see RFC 2407, section 4.6.2 for details when using IKEv1 and RFC 4306, section 3.5 for IKEv2). Allowed formats for this object depend on 'hmSec2VpnConnIkeAuthLocType': o default: don't care o ipaddr: IPv4 address o keyid: key identifier o fqdn: fully qualified domain name o email: fully qualified RFC 822 email address o asn1dn: X.500 distinguished name (DN) If 'hmSec2VpnConnIkeAuthLocType' is 'asn1dn': o and 'hmSec2VpnConnIkeAuthLocId' a character string, then a typical X.500 distinguished name syntax has to be used, e.g. CN=XY-D,C=DE,L=NT, ST=BW,O=COMPANY,OU=DEV,E=testuser@company.com); o and 'hmSec2VpnConnIkeAuthLocId' is a hex string with prefix, then the associated distinguished name must be DER encoded (see RFC 2459); o and 'hmSec2VpnConnIkeAuthLocId' is empty, then the distinguished name from the certificate in 'hmSec2VpnConnIkeAuthCertLocal' is used here." DEFVAL { "" } ::= { hmSec2VpnConnEntry 17 } hmSec2VpnConnIkeAuthLocType OBJECT-TYPE SYNTAX INTEGER { default(1), ipaddr(2), keyid(3), fqdn(4), email(5), asn1dn(6) } MAX-ACCESS read-write STATUS current DESCRIPTION "Type of local peer identifier in 'hmSec2VpnConnIkeAuthLocId': o default: If 'hmSec2VpnConnIkeAuthType' is 'psk' then use the IP address from 'hmSec2VpnConnIkeLocalAddr' as local identifier. In case of 'x509rsa' use the DN from local certificate in 'hmSec2VpnConnIkeAuthCertLocal'. o ipaddr: IPv4 address o keyid: key identifier o fqdn: fully qualified domain name o email: fully qualified RFC 822 email address o asn1dn: X.500 distinguished name (DN). For further information see RFC 2407, section 4.6.2" DEFVAL { default } ::= { hmSec2VpnConnEntry 18 } hmSec2VpnConnIkeAuthRemId OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "Remote peer identifier to be compared with ID payload during negotiation. The ID payload is used to identify the initiator of the security association. The identity is used by the responder to determine the correct host system security policy requirement for the association (see RFC 2407, section 4.6.2 for details when using IKEv1 and RFC 4306, section 3.5 for IKEv2). Allowed formats for this entry depend on 'hmSec2VpnConnIkeAuthRemType': o any: don't care o ipaddr: IPv4 address o keyid: key identifier o fqdn: fully qualified domain name o email: fully qualified RFC 822 email address o asn1dn: X.500 distinguished name (DN) If 'hmSec2VpnConnIkeAuthRemType' is 'asn1dn': o and 'hmSec2VpnConnIkeAuthRemId' a character string, then a typical X.500 distinguished name syntax has to be used, e.g. CN=XY-D,C=DE,L=NT, ST=BW,O=COMPANY,OU=DEV,E=testuser@company.com); o and 'hmSec2VpnConnIkeAuthRemId' is a hex string with prefix 0x, then the associated distinguished name must be DER encoded (see RFC 2459); o and 'hmSec2VpnConnIkeAuthRemId' is empty, then the distinguished name from the certificate in 'hmSec2VpnConnIkeAuthCertRemote' is used here; o then the subject from received certificate (remote peer distinguished name) is compared against this value." DEFVAL { "" } ::= { hmSec2VpnConnEntry 19 } hmSec2VpnConnIkeAuthRemType OBJECT-TYPE SYNTAX INTEGER { any(1), ipaddr(2), keyid(3), fqdn(4), email(5), asn1dn(6) } MAX-ACCESS read-write STATUS current DESCRIPTION "Type of remote peer identifier in hmSec2VpnConnIkeAuthRemId: o any: received remote identifier is not checked o ipaddr: IPv4 address o keyid: key identifier o fqdn: fully qualified domain name o email: fully qualified RFC 822 email address o asn1dn: X.500 distinguished name (DN). For further information see RFC 2407, section 4.6.2" DEFVAL { any } ::= { hmSec2VpnConnEntry 20 } hmSec2VpnConnIkeAlgDh OBJECT-TYPE SYNTAX INTEGER { any(1), modp768(2), modp1024(3), modp1536(4), modp2048(5), modp3072(6), modp4096(7) } MAX-ACCESS read-write STATUS current DESCRIPTION "Diffie-Hellman key agreement algorithm to be used for establishment of IKE-SA: o any: accept all algorithms as responder, use default as initiator o modp768: RSA with 768 bits modulus o modp1024: RSA with 1024 bits modulus o modp1536: RSA with 1536 bits modulus o modp2048: RSA with 2048 bits modulus o modp3072: RSA with 3072 bits modulus o modp4096: RSA with 4096 bits modulus" DEFVAL { modp1024 } ::= { hmSec2VpnConnEntry 21 } hmSec2VpnConnIkeAlgHash OBJECT-TYPE SYNTAX INTEGER { any(1), md5(2), sha1(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Hash algorithm to be used in IKE: o any: accept all algorithms as responder, use all as IKEv2 initiator (not allowed as IKEv1 initiator) o md5: MD5 o sha1: SHA-1" DEFVAL { sha1 } ::= { hmSec2VpnConnEntry 22 } hmSec2VpnConnIkeAlgMac OBJECT-TYPE SYNTAX INTEGER { any(1), hmacmd5(2), hmacsha1(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Integrity (MAC) algorithm to be used in IKEv2: o any: accept all algorithms as responder, use all as IKEv2 initiator (not allowed as IKEv1 initiator) o hmacmd5: HMAC-MD5 o hmacsha1: HMAC-SHA1" DEFVAL { hmacsha1 } ::= { hmSec2VpnConnEntry 23 } hmSec2VpnConnIkeAlgEncr OBJECT-TYPE SYNTAX INTEGER { any(1), des(2), des3(3), aes128(4), aes192(5), aes256(6) } MAX-ACCESS read-write STATUS current DESCRIPTION "Encryption algorithm to be used in IKE: o any: accept all algorithms as responder, use all as IKEv2 initiator (not allowed as IKEv1 initiator) o des: DES o des3: Triple-DES o aes128: AES with 128 key bits o aes192: AES with 192 key bits o aes256: AES with 256 key bits" DEFVAL { aes128 } ::= { hmSec2VpnConnEntry 24 } hmSec2VpnConnIpsecMode OBJECT-TYPE SYNTAX INTEGER { transport(1), tunnel(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "IPsec encapsulation mode." DEFVAL { tunnel } ::= { hmSec2VpnConnEntry 25 } hmSec2VpnConnIpsecNatTraversal OBJECT-TYPE SYNTAX INTEGER { on(1), off(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If 'on', then it forces UDP encapsulation of ESP payloads (NAT traversal). When 'off', then the remote peer is allowed to negotiate normal ESP encapsulation or UDP encapsulation via port 4500. A typical scenario is to turn this switch 'on' if it is a priori known, that the local peer resides behind a NAT gateway (else turn it 'off')." DEFVAL { off } ::= { hmSec2VpnConnEntry 26 } hmSec2VpnConnIpsecLifetime OBJECT-TYPE SYNTAX INTEGER ( 1..28800) MAX-ACCESS read-write STATUS current DESCRIPTION "Lifetime of IPsec security association in seconds. The maximum value is 8 hours (28800 seconds)." DEFVAL { 3600 } -- 1 hour ::= { hmSec2VpnConnEntry 27 } hmSec2VpnConnIpsecAlgDh OBJECT-TYPE SYNTAX INTEGER { any(1), modp768(2), modp1024(3), modp1536(4), modp2048(5), modp3072(6), modp4096(7), none(8) } MAX-ACCESS read-write STATUS current DESCRIPTION "Diffie-Hellman key agreement algorithm to be used for IPsec-SA session key establishment: o any: accept all algorithms as responder, use all as IKEv2 initiator (not allowed as IKEv1 initiator) o modp768: RSA with 768 bits modulus o modp1024: RSA with 1024 bits modulus o modp1536: RSA with 1536 bits modulus o modp2048: RSA with 2048 bits modulus o modp3072: RSA with 3072 bits modulus o modp4096: RSA with 4096 bits modulus o none: no Perfect Forward Secrecy (PFS)" DEFVAL { modp1024 } ::= { hmSec2VpnConnEntry 28 } hmSec2VpnConnIpsecAlgMac OBJECT-TYPE SYNTAX INTEGER { any(1), hmacmd5(2), hmacsha1(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Integrity (MAC) algorithm to be used in IPsec: o any: accept all algorithms as responder, use all as IKEv2 initiator (not allowed as IKEv1 initiator) o hmacmd5: HMAC-MD5 o hmacsha1: HMAC-SHA1" DEFVAL { hmacsha1 } ::= { hmSec2VpnConnEntry 29 } hmSec2VpnConnIpsecAlgEncr OBJECT-TYPE SYNTAX INTEGER { any(1), des(2), des3(3), aes128(4), aes192(5), aes256(6) } MAX-ACCESS read-write STATUS current DESCRIPTION "Encryption algorithm to be used for payload encryption in IPsec: o any: accept all algorithms as responder, use all as IKEv2 initiator (not allowed as IKEv1 initiator) o des: DES o des3: Triple-DES o aes128: AES with 128 key bits o aes192: AES with 192 key bits o aes256: AES with 256 key bits" DEFVAL { aes128 } ::= { hmSec2VpnConnEntry 30 } hmSec2VpnConnOperStatus OBJECT-TYPE SYNTAX INTEGER { up (1), down (2), negotiation (3), constructing (4), dormant (5), servicemode-up (6) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current operational status of the VPN connection: o 'up': the IKE-SA and all IPsec SAs are up; o 'down': the IKE-SA and all IPsec SAs are down; o 'negotiation': key exchange and algorithm negotiation is in progress (or, as responder, waiting to be contacted for that purpose); o 'constructing': the IKE-SA is up, but at least one IPsec-SA is not established so far; o 'dormant': waiting for a precondition to be fulfilled before connection setup, e.g.: - a dynamically assigned IP address; - successful hostname resolution; - assignment of a valid system time. o 'servicemode-up': the IKE-SA and all IPsec SAs are up in service mode;" ::= { hmSec2VpnConnEntry 31 } hmSec2VpnConnDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "User defined text." DEFVAL { "" } ::= { hmSec2VpnConnEntry 32 } hmSec2VpnConnRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status of this table entry. If the row status is 'active' then it is not allowed to change any value (this applies also to active traffic selectors). The maximum number of active VPN connections is limited to 256. The maximum number of up VPN connections is limited to 64." ::= { hmSec2VpnConnEntry 33 } hmSec2VpnConnServiceMode OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The service mode can be enabled for connections which shall be established only, when the device enters service mode (redundant power supply not connected). The connection is down, when the device is not in service mode (redundant power suply connected). When the value is set to disable, the functionality is independant of the service mode." DEFVAL { disable } ::= { hmSec2VpnConnEntry 34 } -- -- VPN certificate group -- hmSec2VpnCertificateValidation OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Validation of certificates globally enabled or disabled. This allows to use certificates even the system time is not set. " ::= { hmSec2VpnCertificateGroup 4 } -- -- Redundancy group -- hmSec2RedRouterGroup OBJECT IDENTIFIER ::= { hmSec2Redundancy 1 } hmSec2HostCheckGroup OBJECT IDENTIFIER ::= { hmSec2Redundancy 2 } hmSec2RedLayer2Group OBJECT IDENTIFIER ::= { hmSec2Redundancy 3 } hmSec2RedTransparentGroup OBJECT IDENTIFIER ::= { hmSec2Redundancy 4 } hmSec2RedAdminState OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Redundancy admin state (switch redundancy globally off or on). The redundancy is a router redundancy using VRRP for synchronising both devices (master and backup) and on all interfaces. Thus the virtual router redundancy can be used in router mode only. It defines a virtual IP address for each interface." DEFVAL { disable } ::= { hmSec2RedRouterGroup 1 } hmSec2RedStartupState OBJECT-TYPE SYNTAX INTEGER { master(1), backup(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Redundancy function of the device used at startup. The device can be master or backup system." DEFVAL { master } ::= { hmSec2RedRouterGroup 2 } hmSec2RedPriority OBJECT-TYPE SYNTAX INTEGER ( 1..254 ) MAX-ACCESS read-write STATUS current DESCRIPTION "Redundancy device priority as defined by VRRP." DEFVAL { 100 } ::= { hmSec2RedRouterGroup 3 } hmSec2RedOperState OBJECT-TYPE SYNTAX INTEGER { master(1), backup(2), outofservice(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Actual redundancy function of the device. The device can be master or backup system, if it is in service." DEFVAL { outofservice } ::= { hmSec2RedRouterGroup 4 } hmSec2RedOperInfo OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Additional redundancy function information." ::= { hmSec2RedRouterGroup 5 } hmSec2RedIfaceTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2RedIfaceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains additional Routing Configuration for the IP interfaces." ::= { hmSec2RedRouterGroup 6 } hmSec2RedSwitchCounter OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counter that counts the number of redundancy switches from master to backup system and vice versa." ::= { hmSec2RedRouterGroup 7 } hmSec2RedIfaceEntry OBJECT-TYPE SYNTAX HmSec2RedIfaceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the per interface redundancy configuration." INDEX { hmSec2RedIfIndex } ::= { hmSec2RedIfaceTable 1 } HmSec2RedIfaceEntry ::= SEQUENCE { hmSec2RedIfIndex Integer32, hmSec2RedVirtualAddr IpAddress, hmSec2RedVRID INTEGER, hmSec2RedRemoteIPAddr IpAddress } hmSec2RedIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index of IP interface in the table." ::= { hmSec2RedIfaceEntry 1 } hmSec2RedVirtualAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Virtual IP address to be used for this Router IP interface." ::= { hmSec2RedIfaceEntry 2 } hmSec2RedVRID OBJECT-TYPE SYNTAX INTEGER ( 1..255 ) MAX-ACCESS read-write STATUS current DESCRIPTION "Virtual Router ID used on this network interface. The VRIDs have to be different on all network interfaces. There is no default value." ::= { hmSec2RedIfaceEntry 3 } hmSec2RedRemoteIPAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "IP address of the remote system on this network interface. On the master system the IP address of the backup system and vice versa. The virtual IP address must not be used here." ::= { hmSec2RedIfaceEntry 4 } hmSec2HostCheckAdminState OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Redundancy ICMP host check (ping of host) admin state. The host check function tries to find the configured hosts in case of a network error (communication loss) of the both redundancy systems." DEFVAL { disable } ::= { hmSec2HostCheckGroup 1 } hmSec2HostCheckNumAddrs OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Additional host check function information. Shows the number of configured addresses." ::= { hmSec2HostCheckGroup 2 } hmSec2HostCheckOperState OBJECT-TYPE SYNTAX INTEGER { running(1), notchecking(2), outofservice(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Actual redundancy host check function of the device. The host check function is only running when packets of the redundancy application have been lost." DEFVAL { outofservice } ::= { hmSec2HostCheckGroup 3 } hmSec2HostCheckOperInfo OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Additional host check function information." ::= { hmSec2HostCheckGroup 4 } hmSec2HostCheckTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2HostCheckEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the hosts to be checked on network errors by the redundancy application. The order in the table is important for the host check algorithm." ::= { hmSec2HostCheckGroup 5 } hmSec2HostCheckEntry OBJECT-TYPE SYNTAX HmSec2HostCheckEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the per interface redundancy configuration. The order in the table is important for the host check algorithm. The table has a maximum of configurable hosts." INDEX { hmSec2HostCheckIfIndex, hmSec2HostCheckTableIndex } ::= { hmSec2HostCheckTable 1 } HmSec2HostCheckEntry ::= SEQUENCE { hmSec2HostCheckIfIndex Integer32, hmSec2HostCheckTableIndex Integer32, hmSec2HostCheckAddr IpAddress, hmSec2HostCheckRowStatus RowStatus } hmSec2HostCheckIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index of IP interface in the table." ::= { hmSec2HostCheckEntry 1 } hmSec2HostCheckTableIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index of entry in the table." ::= { hmSec2HostCheckEntry 2 } hmSec2HostCheckAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Host IP address to be used for ICMP checks (pings) in case of network errors (communication losses)." ::= { hmSec2HostCheckEntry 3 } hmSec2HostCheckRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "the row status for the table entry" ::= { hmSec2HostCheckEntry 4 } hmSec2RedLayer2AdminState OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Redundancy Layer2 admin state (enable/disable Layer2 redundancy support). The redundancy takes down the physical link automatically when the Link on the non-redundancy port is lost." DEFVAL { disable } ::= { hmSec2RedLayer2Group 1 } hmSec2RedLayer2IfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Index of the physical interface where the Layer2 redundancy is connected to." ::= { hmSec2RedLayer2Group 2 } hmSec2RedLayer2Packetcounter OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of redundancy Layer 2 Ethernet packets sent through the system and have been passed to the other port." ::= { hmSec2RedLayer2Group 3 } hmSec2RedTPRemoteIPAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "IP address of the remote system in the transparent mode. On the master system the IP address of the backup system and vice versa. This IP address is used to synchronize the Firewall/NAT state tables of the system. If the address is not set (set to 0.0.0.0) the system disables Firewall/NAT synchronization." ::= { hmSec2RedTransparentGroup 1 } hmSec2RedTPOperState OBJECT-TYPE SYNTAX INTEGER { master(1), backup(2), outofservice(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Actual redundancy transparent mode Firewall/NAT table synchronization operation state." DEFVAL { outofservice } ::= { hmSec2RedTransparentGroup 2 } hmSec2RedTPOperInfo OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Actual redundancy transparent mode Firewall/NAT table synchronization operation state information." ::= { hmSec2RedTransparentGroup 3 } hmSec2RedTPCommunicationState OBJECT-TYPE SYNTAX INTEGER { active(1), inactive(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Actual redundancy transparent mode Firewall/NAT table synchronization communication state. Inactive communication may indicate that the system can not communicate or the nothing has to be exchanged. Active communication shows that the system is operating properly." DEFVAL { inactive } ::= { hmSec2RedTransparentGroup 4 } -- -- NAT definitions -- -- hmSec2NatGeneralGroup OBJECT IDENTIFIER ::= { hmSec2Nat 1 } hmSec2NatRulesGroup OBJECT IDENTIFIER ::= { hmSec2Nat 2 } -- -- NAT general group -- -- hmSec2NatMappingMax OBJECT-TYPE SYNTAX Integer32 (0..4096) MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum number of simultaneous NAT mappings." DEFVAL { 1024 } ::= { hmSec2NatGeneralGroup 1 } hmSec2NatTimeoutEstablished OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "Timeout in the NAT mapping table for established TCP connections." DEFVAL { 432000 } ::= { hmSec2NatGeneralGroup 2 } hmSec2NatAllowOutputSameIface OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If this value is enabled, the NAT component checks the NAT rules on outgoing packets also if the outgoing interface and the incoming interface is the same. Per default this is disabled." DEFVAL { disable } ::= { hmSec2NatGeneralGroup 3 } hmSec2NatAutoDuplicateInvert OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Internal usage only." DEFVAL { disable } ::= { hmSec2NatGeneralGroup 4 } hmSec2NatDisallowVRRPAddrs OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Internal usage only." DEFVAL { disable } ::= { hmSec2NatGeneralGroup 5 } -- -- NAT rules group -- -- -- -- NAPT rules table -- -- hmSec2NatTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2NatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of NAPT rules." ::= { hmSec2NatRulesGroup 1 } hmSec2NatEntry OBJECT-TYPE SYNTAX HmSec2NatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2NatIndex } ::= { hmSec2NatTable 1 } HmSec2NatEntry ::= SEQUENCE { hmSec2NatIndex Integer32, hmSec2NatSrcNet DisplayString, hmSec2NatAlg BITS, hmSec2NatDesc DisplayString, hmSec2NatErrorText DisplayString, hmSec2NatRowStatus RowStatus } hmSec2NatIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index that uniquely identifies the entry in the table. The index must be choosen in ascending and compact order. It may change if a rule (not the last in list) is deleted or a new row is inserted." ::= { hmSec2NatEntry 1 } hmSec2NatSrcNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Network for NAPT transactions on local interface in CIDR notation (a.b.c.d/n)" DEFVAL { "192.168.1.0/24" } ::= { hmSec2NatEntry 2 } hmSec2NatAlg OBJECT-TYPE SYNTAX BITS { ftp(0) } MAX-ACCESS read-write STATUS current DESCRIPTION "Bitmask for application level gateway selections in this rule" DEFVAL { {} } ::= { hmSec2NatEntry 3 } hmSec2NatDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "User defined text." DEFVAL { "" } ::= { hmSec2NatEntry 4 } hmSec2NatErrorText OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Error text" DEFVAL { "" } ::= { hmSec2NatEntry 5 } hmSec2NatRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status of this table entry." ::= { hmSec2NatEntry 6 } -- -- 1:1 NAT rules table -- -- hmSec2Nat1To1Table OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2Nat1To1Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of 1:1 NAT rules." ::= { hmSec2NatRulesGroup 2 } hmSec2Nat1To1Entry OBJECT-TYPE SYNTAX HmSec2Nat1To1Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2Nat1To1Index } ::= { hmSec2Nat1To1Table 1 } HmSec2Nat1To1Entry ::= SEQUENCE { hmSec2Nat1To1Index Integer32, hmSec2Nat1To1SrcNet DisplayString, hmSec2Nat1To1DstNet DisplayString, hmSec2Nat1To1NetMask Integer32, hmSec2Nat1To1Desc DisplayString, hmSec2Nat1To1ErrorText DisplayString, hmSec2Nat1To1RowStatus RowStatus, hmSec2Nat1To1Alg BITS, hmSec2Nat1To1DoOutput INTEGER, hmSec2Nat1To1InvertDirection INTEGER } hmSec2Nat1To1Index OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index that uniquely identifies the entry in the table. The index must be choosen in ascending and compact order. It may change if a rule (not the last in list) is deleted or a new row is inserted." ::= { hmSec2Nat1To1Entry 1 } hmSec2Nat1To1SrcNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Network for 1:1 NAT on internal interface." DEFVAL { "192.168.1.1" } ::= { hmSec2Nat1To1Entry 2 } hmSec2Nat1To1DstNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Network for 1:1 NAT on external interface." DEFVAL { "10.0.1.1" } ::= { hmSec2Nat1To1Entry 3 } hmSec2Nat1To1NetMask OBJECT-TYPE SYNTAX Integer32 (0..32) MAX-ACCESS read-write STATUS current DESCRIPTION "Netmask for 1:1 NAT" DEFVAL { 32 } ::= { hmSec2Nat1To1Entry 4 } hmSec2Nat1To1Desc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "User defined text." DEFVAL { "" } ::= { hmSec2Nat1To1Entry 5 } hmSec2Nat1To1ErrorText OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Error text" DEFVAL { "" } ::= { hmSec2Nat1To1Entry 6 } hmSec2Nat1To1RowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status of this table entry." ::= { hmSec2Nat1To1Entry 7 } hmSec2Nat1To1Alg OBJECT-TYPE SYNTAX BITS { ftp(0) } MAX-ACCESS read-write STATUS current DESCRIPTION "Bitmask for application level gateway selections in this rule" DEFVAL { {} } ::= { hmSec2Nat1To1Entry 8 } hmSec2Nat1To1DoOutput OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If this value is enabled, the 1:1 NAT does the NAT operation also when sending the packet. This means a twice NAT or destination NAT operation will be additionally performaned. This feature shall be used in special cases only." DEFVAL { disable } ::= { hmSec2Nat1To1Entry 9 } hmSec2Nat1To1InvertDirection OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If this value is enabled, the 1:1 NAT does the NAT operation in the opposite direction. This means the NAT operation is done from the view of the external interface, when devices on the external side shall be mapped to the internal side. This feature shall be used in special cases only." DEFVAL { disable } ::= { hmSec2Nat1To1Entry 10 } -- -- Port forwarding rules table -- -- hmSec2NatPortFwdTable OBJECT-TYPE SYNTAX SEQUENCE OF HmSec2NatPortFwdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of port forwarding rules." ::= { hmSec2NatRulesGroup 3 } hmSec2NatPortFwdEntry OBJECT-TYPE SYNTAX HmSec2NatPortFwdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hmSec2NatPortFwdIndex } ::= { hmSec2NatPortFwdTable 1 } HmSec2NatPortFwdEntry ::= SEQUENCE { hmSec2NatPortFwdIndex Integer32, hmSec2NatPortFwdSrcNet DisplayString, hmSec2NatPortFwdSrcPort DisplayString, hmSec2NatPortFwdDstNet DisplayString, hmSec2NatPortFwdDstPort DisplayString, hmSec2NatPortFwdFwdNet DisplayString, hmSec2NatPortFwdFwdPort DisplayString, hmSec2NatPortFwdProto DisplayString, hmSec2NatPortFwdLog INTEGER, hmSec2NatPortFwdDesc DisplayString, hmSec2NatPortFwdErrorText DisplayString, hmSec2NatPortFwdRowStatus RowStatus } hmSec2NatPortFwdIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "An index that uniquely identifies the entry in the table. The index must be choosen in ascending and compact order. It may change if a rule (not the last in list) is deleted or a new row is inserted." ::= { hmSec2NatPortFwdEntry 1 } hmSec2NatPortFwdSrcNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Source network in CIDR notation (a.b.c.d/n) thats allowed to be forwarded by this rule or the keyword 'any'." DEFVAL { "any" } ::= { hmSec2NatPortFwdEntry 2 } hmSec2NatPortFwdSrcPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Source port expression or the keyword 'any'. A port expressions is structured as 'op port' or 'port1 op port2', where 'op' is a mathematical operator for: o equal = o unequal != o less than < o less than or equal <= o greater than > o greater than or equal to >= o outside range <> o inside range >< The port must be specified as a decimal number or one of the aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443)" DEFVAL { "any" } ::= { hmSec2NatPortFwdEntry 3 } hmSec2NatPortFwdDstNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Destination IP address to be forwarded or the keyword '%extern'. This keyword stands for the first external IP address." DEFVAL { "%extern" } ::= { hmSec2NatPortFwdEntry 4 } hmSec2NatPortFwdDstPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Destination port expression in the form '= port'. The port must be specified as a decimal number or one of the aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443)" DEFVAL { "= 80" } ::= { hmSec2NatPortFwdEntry 5 } hmSec2NatPortFwdFwdNet OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Redirect IP address." DEFVAL { "127.0.0.1" } ::= { hmSec2NatPortFwdEntry 6 } hmSec2NatPortFwdFwdPort OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Redirect port expression in the form '= port'. The port must be specified as a decimal number or one of the aliases: o tcp/udp: echo (7) o tcp/udp: discard, sink, null (9) o tcp: ftp-data (20) o tcp: ftp (21) o tcp/udp: ssh (22) o tcp: telnet (23) o tcp/udp: domain, nameserver (53) o tcp/udp: bootps (67) o tcp/udp: bootpc (68) o udp: tftp (69) o tcp/udp: www, http (80) o tcp/udp: kerberos, krb5 (88) o tcp: sftp (115) o tcp/udp: ntp (123) o udp: snmp (161) o udp: snmp-trap, snmptrap (162) o tcp/udp: bgp (179) o tcp/udp: ldap (389) o tcp/udp: https (443)" DEFVAL { "= 80" } ::= { hmSec2NatPortFwdEntry 7 } hmSec2NatPortFwdProto OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "The protocol as a decimal number (in range 1 - 255) or a name. The following protocol names are currently supported: o 'icmp': internet control message protocol (RFC 792) o 'igmp': internet group management protocol o 'ip': internet protocol (RFC 791) o 'tcp': transmission control protocol (RFC 793) o 'udp': user datagram protocol (RFC 768) o 'esp': IPsec encapsulated security payload (RFC 2406) o 'ah': IPsec authentication header (RFC 2402)" DEFVAL { "tcp" } ::= { hmSec2NatPortFwdEntry 8 } hmSec2NatPortFwdLog OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables logging for this port forwarding rule." DEFVAL { disable } ::= { hmSec2NatPortFwdEntry 9 } hmSec2NatPortFwdDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "User defined text." DEFVAL { "" } ::= { hmSec2NatPortFwdEntry 10 } hmSec2NatPortFwdErrorText OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "Error text" DEFVAL { "" } ::= { hmSec2NatPortFwdEntry 11 } hmSec2NatPortFwdRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The row status of this table entry." ::= { hmSec2NatPortFwdEntry 12 } -- -- General info -- hmSec2DHCPLastAccessMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS obsolete DESCRIPTION "MAC Address returns always 0:0:0:0:0:0." ::= { hmSec2Info 1 } hmSec2MiscTrapText OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "MIB object to include a text message in a trap. When read, it will always return an empty string." ::= { hmSec2Info 2 } hmSec2DigitalInStatus OBJECT-TYPE SYNTAX INTEGER { high(1), low(2), not-available(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the digital input or not-available, if the status can not be determined or digtal-input not available." ::= { hmSec2Info 3 } -- ************************************************************************** -- * * -- * Notifications (Traps) * -- * * -- ************************************************************************** -- * * -- * Following Notifications are supported with enterprise = hmSecurity2 * -- * hmSec2DHCPNewClientTrap (1) * -- * hmSec2RedundSwitchTrap (2) * -- * hmSec2VpnDownTrap (3) * -- * hmSec2VpnUpTrap (4) * -- * hmSec2UsrFwLogInTrap (10) * -- * hmSec2UsrFwLogOutTrap (11) * -- * * -- ************************************************************************** hmSecurity2Event OBJECT-IDENTITY STATUS current DESCRIPTION "The events of hmSecurity2." ::= { hmSecurity2 0 } -- -- Notifications (Traps) with enterprise = hmSecurity2 -- hmSec2DHCPNewClientTrap NOTIFICATION-TYPE OBJECTS { hmSec2DHCPLastAccessMAC } STATUS current DESCRIPTION "This trap is sent when a DHCP request was received from an unknown client using DHCP." ::= { hmSecurity2Event 1 } -- -- Notifications (Traps) for Redundancy application -- hmSec2RedundSwitchTrap NOTIFICATION-TYPE OBJECTS { hmSec2RedOperState } STATUS current DESCRIPTION "This trap is sent when the redundancy state changes on the device (Master <-> Backup)." ::= { hmSecurity2Event 2 } hmSec2VpnDownTrap NOTIFICATION-TYPE OBJECTS { hmSec2VpnConnOperStatus } STATUS current DESCRIPTION "A hmSec2VpnDown trap signals that a VPN connection is about to enter the down state from some other state (see 'hmSec2VpnConnOperStatus')." ::= { hmSecurity2Event 3 } hmSec2VpnUpTrap NOTIFICATION-TYPE OBJECTS { hmSec2VpnConnOperStatus } STATUS current DESCRIPTION "A hmSec2VpnUp trap signals that a VPN connection is about to enter the up state from some other state (see 'hmSec2VpnConnOperStatus')." ::= { hmSecurity2Event 4 } hmSec2LoginSuccessTrap NOTIFICATION-TYPE OBJECTS { hmLastLoginUserName, hmLastIpAddr } STATUS current DESCRIPTION "This trap is sent if a user successfully grants access via telnet, ssh or serial connection to the device. hmLastIpAddr contains the IP address of the login request. The value is 0.0.0.0, if the access was via serial connection. hmLastLoginUserName contains the user name the user logged in into the device." ::= { hmSecurity2Event 5 } hmSec2LoginFailedTrap NOTIFICATION-TYPE OBJECTS { hmLastLoginUserName, hmLastIpAddr } STATUS current DESCRIPTION "This trap is sent if a user tried to grant access via telnet, ssh or serial connection to the device. hmLastIpAddr contains the IP address of the login request. The value is 0.0.0.0, if the access was via serial connection. hmLastLoginUserName contains the user name the user tried to log in into the device." ::= { hmSecurity2Event 6 } -- -- Notifications (Traps) for User Firewall -- hmSec2UsrFwLogInTrap NOTIFICATION-TYPE OBJECTS { hmSec2UsrFwUserName, hmSec2UsrFwUserLoginAddr } STATUS current DESCRIPTION "A hmSec2UsrFwLogInTrap trap signals that a firewal user is logged in (see 'hmSec2UsrFwUserName', 'hmSec2UsrFwUserLoginAddr')." ::= { hmSecurity2Event 10 } hmSec2UsrFwLogOutTrap NOTIFICATION-TYPE OBJECTS { hmSec2UsrFwUserName, hmSec2UsrFwUserLoginAddr } STATUS current DESCRIPTION "A hmSec2UsrFwLogInTrap trap signals that a firewal user is logged out (see 'hmSec2UsrFwUserName', 'hmSec2UsrFwUserLoginAddr')." ::= { hmSecurity2Event 11 } hmSec2UsrFwLogErrTrap NOTIFICATION-TYPE OBJECTS { hmSec2UsrFwUserName, hmSec2UsrFwUserLoginAddr } STATUS current DESCRIPTION "A hmSec2UsrFwLogInTrap trap signals that a firewal user login is failed (see 'hmSec2UsrFwUserName', 'hmSec2UsrFwUserLoginAddr')." ::= { hmSecurity2Event 12 } -- -- Notification (Trap) for Firewall -- hmSec2FirewallLogTrap NOTIFICATION-TYPE OBJECTS { hmSec2MiscTrapText } STATUS current DESCRIPTION "This trap is sent if the 'Log' object of a firewall rule has been set to 'logAndTrap', and the rule matches. 'hmSec2MiscTrapText' is a copy of the log message written to the system log." ::= { hmSecurity2Event 15 } END