ALU-SECURITY-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, Unsigned32,
    Counter32, IpAddress, Counter64, Gauge32, Integer32,
    NOTIFICATION-TYPE                                       FROM SNMPv2-SMI

    MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
                                                            FROM SNMPv2-CONF

    TEXTUAL-CONVENTION, RowStatus, DisplayString,
    TruthValue, TimeStamp, DateAndTime, MacAddress
                                                            FROM SNMPv2-TC

    aluSARMIBModules, aluSARObjs, aluSARConfs, 
    aluSARNotifyPrefix
                                                            FROM ALU-SAR-GLOBAL-MIB

    TItemDescription, TNamedItem, TNamedItemOrEmpty,
    TmnxPortID, IpAddressPrefixLength, TmnxEncapVal,
    TTcpUdpPort, TIpProtocol, TmnxAdminState, TmnxOperState,
    TDSCPNameOrEmpty, TIpOption, TmnxVRtrIDOrZero, TmnxActionType,
    TCpmProtPolicyID, TCIRRate, TPIRRate, TPIRRateOrZero,
    TmnxServId, Dot1PPriority, Dot1PPriorityMask,
    ServiceAccessPoint, TOperator, TmnxEnabledDisabled,
    TBurstSize, InterfaceIndex, TTcpUdpPortOperator
                                                            FROM TIMETRA-TC-MIB

    TItemMatch, TFilterLogId, TEntryId
                                                            FROM TIMETRA-FILTER-MIB

    tmnxCpmFlashHwIndex, tmnxCpmFlashOperStatus
                                                            FROM TIMETRA-CHASSIS-MIB

    InetAddressIPv6, InetAddressPrefixLength, InetAddressType,
    InetAddress
                                                            FROM INET-ADDRESS-MIB

    InterfaceIndexOrZero                                    FROM IF-MIB

    svcId, SdpId                                            FROM TIMETRA-SERV-MIB
    sdpBindId             
                                                            FROM TIMETRA-SDP-MIB
    vRtrID, vRtrIfIndex                                     FROM TIMETRA-VRTR-MIB

    tmnxMcPeerIpType, tmnxMcPeerIpAddr, tmnxMcPeerSrcIpAddr FROM TIMETRA-MC-REDUNDANCY-MIB

    ;

aluZoneModule  MODULE-IDENTITY
    LAST-UPDATED    "1007010000Z"
    ORGANIZATION    "Nokia"
    CONTACT-INFO    
        "Nokia 7705 Support
         Web: http://www.nokia.com/comps/pages/carrier_support.jhtml"
    DESCRIPTION
    "This document is the SNMP MIB module to manage and provision the 
    hardware components of the Nokia 7705 device.
    
    Copyright 2013-2015 Nokia.  All rights reserved.
    Reproduction of this document is authorized on the condition that
    the foregoing copyright notice is included.

    This SNMP MIB module (Specification) embodies Nokia's
    proprietary intellectual property.  Nokia retains 
    all title and ownership in the Specification, including any 
    revisions.

    Nokia grants all interested parties a non-exclusive 
    license to use and distribute an unmodified copy of this 
    Specification in connection with management of Nokia 
    products, and without fee, provided this copyright notice and 
    license appear on all copies.

    This Specification is supplied 'as is', and Nokia 
    makes no warranty, either express or implied, as to the use, 
    operation, condition, or performance of the Specification."

--
--  Revision History
--
    REVISION        "1107270000Z"
    DESCRIPTION     "Rev 1.0                27 July 2013 00:00 
                     1.0 release of the ALU-SECURITY-MIB.mib."

    ::= { aluSARMIBModules 15 }

aluSecurityObjs             OBJECT IDENTIFIER ::= { aluSARObjs 17 }
  aluSecurityAdminObjs       OBJECT IDENTIFIER ::= { aluSecurityObjs 1 }
  aluSecurityOperObjs        OBJECT IDENTIFIER ::= { aluSecurityObjs 2 }
  aluSecurityStatsObjs       OBJECT IDENTIFIER ::= { aluSecurityObjs 3 }
  aluSecurityNotifyObjs      OBJECT IDENTIFIER ::= { aluSecurityObjs 4 }
  aluSecurityLogObjs         OBJECT IDENTIFIER ::= { aluSecurityObjs 5 }
  aluSecMcRedundancyObjs     OBJECT IDENTIFIER ::= { aluSecurityObjs 6 }
  aluSecMcRedStatsObjs       OBJECT IDENTIFIER ::= { aluSecurityObjs 7 }
  aluSecMcRedNotifObjs       OBJECT IDENTIFIER ::= { aluSecurityObjs 8 }


aluSecurityMIBConformance   OBJECT IDENTIFIER ::= { aluSARConfs 17 }
  aluSecurityAdminConformance           OBJECT IDENTIFIER ::= { aluSecurityMIBConformance 1 }
  aluSecurityOperConformance            OBJECT IDENTIFIER ::= { aluSecurityMIBConformance 2 }
  aluSecurityStatsConformance           OBJECT IDENTIFIER ::= { aluSecurityMIBConformance 3 }

aluSecurityNotifyPrefix     OBJECT IDENTIFIER ::= { aluSARNotifyPrefix 14 }
  aluSecurityNotification     OBJECT IDENTIFIER ::= { aluSecurityNotifyPrefix 0 } 

--
--      ALU-SECURITY-MIB at a glance
-- 
--  timetra (enterprises 6527)
--    timetraBasedProducts (6)
--		aluServiceAggrRouters (1)
--        	aluSARMIB (2)
--                aluSARConfs (1)
--                      aluSecurityMIBConformance   (aluSARConfs 14)
--                          aluSecurityAdminConformance     (aluSecurityMIBConformance 1)
--                          aluSecurityOperConformance      (aluSecurityMIBConformance 2)
--                          aluSecurityStatsConformance     (aluSecurityMIBConformance 3)
--                aluSARObjs (2)
--                      aluSecurityObjs (aluSARObjs 14)
--                          aluSecurityAdminObjects (aluSecurityObjs 1)    
--                          aluSecurityOperObjects  (aluSecurityObjs 2)    
--                          aluSecurityStatsObjects (aluSecurityObjs 3)    
--                aluSARNotifyPrefix (3)
--                      aluSecurityNotifyPrefix (aluSARNotifyPrefix 14)

--
-- Textual Conventions
--

TSecurityLogId ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
       "The unique id of a security log.
        A value of '0' indicates no log is configured."
    SYNTAX       Unsigned32 (0..100)

TSecurityLogProfileId ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
       "The unique id of a security log profile"
    SYNTAX       Unsigned32 (1..100)

TIPOperator ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
       "The operator used for checking ip address and ranges"
    SYNTAX       INTEGER {
                    none(0),
                    eq(1),
                    range(2)
                 }
TZoneType ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION "Indicates the type of zone."
    SYNTAX      INTEGER { 
                    unknown  (0), 
                    network  (1),
                    service  (2),
                    global   (3)  
                }

TPlcyState ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION "Indicates the state of policy."
    SYNTAX      INTEGER { 
                    unknown  (0), 
                    empty    (1),
                    draft    (2),
                    commited (3) 
                }

TPoolType ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION "Indicates the type of pool."
    SYNTAX      INTEGER { 
                    unknown      (0),
                    srcNatPool   (1)
                }
                
TAlgType ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
       "The type of ALG processing:
          none - No ALG Processing on this flow
          auto - Automatically identify ALG required
          ftp  - Flow requires FTP processing
          tftp - Flow requires T-FTP processing"
    SYNTAX       INTEGER {
                    none (0),
                    auto (1),
                    ftp  (2),
                    tftp (3)
                 }

TSecurityPolicerId ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
       "The unique id of a security group policer.
        A value of '0' indicates no policer-grp is configured."
    SYNTAX       Unsigned32 (0..1024)
                
AluMcFwAuthAlgorithm ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "AluMcFirewallAuthAlgorithm data type is an enumerated integer
         that describes the values used to identify the
         hashing algorithm.

         Value Descriptions:

         sha256   - Choosing this value configures the use of
                    hmac-sha256 algorithm for authentication.

         sha512   - Choosing this value configures the use of
                    hmac-sha512 algorithm for authentication."
    SYNTAX          INTEGER {
                        sha256 (1),
                        sha512 (2)
                    }

AluMcFwEncrAlgorithm ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "AluMcFwEncrAlgorithm data type is an enumerated integer
         that describes the values used to identify the encryption
         algorithm.

         Value Descriptions:

         aes128 - Choosing this value configures the aes algorithm
                  with a block size of 128 bits. This is a
                  mandatory implementation size for aes. As of
                  today, this is a very strong algorithm choice.

         aes256 - Choosing this value configures the aes algorithm
                  with a block size of 256 bits. This is the
                  strongest available version of aes."
    SYNTAX        INTEGER {
                      aes128 (1),
                      aes256 (2)
                  }


--
-- Configuration Objects
--

--
-- Scalar objects
--
aluSecPlcyAdminControlApply  OBJECT-TYPE
    SYNTAX      INTEGER { 
                    none(1), 
                    initialize(2), 
                    commit(3) 
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
                "This object controls the use of security tables.
        
                This object always reads none(1).
        
                When set to initialize(2), the objects in standby tables
                are set to the current active Operational values, from the 
                corresponding active tables.  Any uncommitted changes are
                lost, so setting this value corresponds to both BEGIN-TRANSACTION
                and ABORT-TRANSACTION.
        
                When set to commit(3) (END-TRANSACTION), all of the objects from 
                standby tables are copied to the corresponding
                active table objects."
    ::= { aluSecurityAdminObjs 1 }

aluSecPlcyBypass  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "If true, bypasses security processing"
    DEFVAL { false }
    ::= { aluSecurityAdminObjs 2 }

--
-- Zone Configuration Table
--
aluZoneConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TZoneConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluZoneConfigTable has an entry for each 
                zone configured on the system."
    ::= { aluSecurityAdminObjs 4 }

aluZoneConfigEntry OBJECT-TYPE
    SYNTAX      TZoneConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a zone entry."
    INDEX { aluZoneConfigId }
    ::= { aluZoneConfigTable 1 }

TZoneConfigEntry ::= SEQUENCE {
    aluZoneConfigId                            Unsigned32,
    aluZoneConfigName                          TNamedItemOrEmpty,
    aluZoneConfigRowStatus                     RowStatus,
    aluZoneConfigDescription                   TItemDescription,
    aluZoneConfigControlApply                  INTEGER,
    aluZoneConfigType                          TZoneType,
    aluZoneConfigSvcId                         TmnxServId,
    aluZoneConfigState                         TPlcyState,                    
    aluZoneConfigBypass                        TruthValue,                    
    aluZoneConfigInTcpSessLimit                Unsigned32,
    aluZoneConfigInUdpSessLimit                Unsigned32,
    aluZoneConfigInIcmpSessLimit               Unsigned32,
    aluZoneConfigInOthSessLimit                Unsigned32,
    aluZoneConfigOutTcpSessLimit               Unsigned32,
    aluZoneConfigOutUdpSessLimit               Unsigned32,
    aluZoneConfigOutIcmpSessLimit              Unsigned32,
    aluZoneConfigOutOthSessLimit               Unsigned32,
    aluZoneConfigLogId                         TSecurityLogId,
    aluZoneConfigAutoBind                      TruthValue
    }

aluZoneConfigId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65534)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluZoneConfigId specifies
                the unique id of the Zone.  The Id must be
                unique within the system." 
    ::= { aluZoneConfigEntry 1 }

aluZoneConfigName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluZoneConfigName 
                specifies the name of the Zone."
    DEFVAL      { ''H }
    ::= { aluZoneConfigEntry 2 }

aluZoneConfigRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluZoneConfigRowStatus specifies the 
                row status.  It allows entries to be created and deleted in the 
                aluZoneConfigTable.  aluZoneConfigRowStatus does not support
                createAndWait. The status can only be active 
                or notInService."
    ::= { aluZoneConfigEntry 3 }

aluZoneConfigDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Description of this zone."
    DEFVAL      { ''H }
    ::= { aluZoneConfigEntry 4 }

aluZoneConfigControlApply  OBJECT-TYPE
    SYNTAX      INTEGER { 
                    none(1), 
                    initialize(2), 
                    commit(3) 
                }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
                "This object controls the use of commit of the Zone Policy.
        
                This object always reads none(1).
        
                When set to initialize(2), the objects in standby zone
                are set to the current active Operational values, from the 
                corresponding active aluZoneConfigTable tables.  Any uncommitted changes are
                lost, so setting this value corresponds to both BEGIN-TRANSACTION
                and ABORT-TRANSACTION.
        
                When set to commit(3) (END-TRANSACTION), all of the objects from 
                standby zone tables are copied to the corresponding
                active zone table objects."
    ::= { aluZoneConfigEntry 5 }

aluZoneConfigType OBJECT-TYPE
    SYNTAX      TZoneType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Indicates the type of zone."
    DEFVAL      { network }
    ::= { aluZoneConfigEntry 6 }

aluZoneConfigSvcId OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Specifies the service this zone belongs to when zone type is 'service'."
    DEFVAL      { 0 }
    ::= { aluZoneConfigEntry 7 }

aluZoneConfigState OBJECT-TYPE
    SYNTAX      TPlcyState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "State of the Policy of this zone."
    DEFVAL      { ''H }
    ::= { aluZoneConfigEntry 8 }

aluZoneConfigBypass OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluZoneConfigBypass specifies whether this zone is being bypassed."
    DEFVAL      { false }
    ::= { aluZoneConfigEntry 9 }
    
aluZoneConfigInTcpSessLimit OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluZoneConfigInTcpSessLimit 
                indicates the number of permitted active inbound sessions
                with protocol TCP. A value of 0 indicates that there is no 
                limit." 
    DEFVAL      { 0 }
    ::= { aluZoneConfigEntry 10 }

aluZoneConfigInUdpSessLimit OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluZoneConfigInUdpSessLimit 
                indicates the number of permitted active inbound sessions
                with protocol UDP. A value of 0 indicates that there is no 
                limit." 
    DEFVAL      { 0 }
    ::= { aluZoneConfigEntry 11 }

aluZoneConfigInIcmpSessLimit OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluZoneConfigInIcmpSessLimit 
                indicates the number of permitted active in sessions with
                protocol ICMP. A value of 0 indicates that there is no 
                limit." 
    DEFVAL      { 0 }
    ::= { aluZoneConfigEntry 12 }

aluZoneConfigInOthSessLimit OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluZoneConfigOthSessLimit 
                indicates the number of permitted active in sessions of all
                other protocols. A value of 0 indicates that there is no 
                limit." 
    DEFVAL      { 0 }
    ::= { aluZoneConfigEntry 13 }

aluZoneConfigOutTcpSessLimit OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluZoneConfigOutTcpSessLimit 
                indicates the number of permitted active outbound sessions
                with protocol TCP. A value of 0 indicates that there is no 
                limit." 
    DEFVAL      { 0 }
    ::= { aluZoneConfigEntry 14 }

aluZoneConfigOutUdpSessLimit OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluZoneConfigOutUdpSessLimit 
                indicates the number of permitted active outbound sessions
                with protocol UDP. A value of 0 indicates that there is no 
                limit." 
    DEFVAL      { 0 }
    ::= { aluZoneConfigEntry 15 }

aluZoneConfigOutIcmpSessLimit OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluZoneConfigOutIcmpSessLimit 
                indicates the number of permitted active out sessions with
                protocol ICMP. A value of 0 indicates that there is no 
                limit." 
    DEFVAL      { 0 }
    ::= { aluZoneConfigEntry 16 }

aluZoneConfigOutOthSessLimit OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluZoneConfigOutOthSessLimit 
                indicates the number of permitted active out sessions of all
                other protocols. A value of 0 indicates that there is no 
                limit." 
    DEFVAL      { 0 }
    ::= { aluZoneConfigEntry 17 }

aluZoneConfigLogId OBJECT-TYPE
    SYNTAX      TSecurityLogId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluZoneConfigLogId
                indicates the log-id for security logging." 
    DEFVAL      { 0 }
    ::= { aluZoneConfigEntry 18 }

aluZoneConfigAutoBind OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluZoneConfigAutoBind specifies whether this zone is being used to enforce policy
                 on traffic to/from MP-BGP auto-binding and spoke-sdps. This configuration is only permitted on 
                 VPRN zones and can only be enabled when no other interfaces are provisioned inside this zone."
    DEFVAL      { false }
    ::= { aluZoneConfigEntry 19 }

--
-- Zone Policy Configuration Table
--
aluZonePlcyConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TZonePlcyConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluZonePlcyConfigTable has an entry for each
                policy configured on a particular zone."
    ::= { aluSecurityAdminObjs 5 }

aluZonePlcyConfigEntry OBJECT-TYPE
    SYNTAX      TZonePlcyConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular policy entry."
    INDEX { aluZoneConfigId, aluZonePlcyConfigEntryId }
    ::= { aluZonePlcyConfigTable 1 }

TZonePlcyConfigEntry ::= SEQUENCE {
    aluZonePlcyConfigEntryId                     Unsigned32,
    aluZonePlcyConfigRowStatus                   RowStatus,
    aluZonePlcyConfigSecPlcyId                   Unsigned32
}

aluZonePlcyConfigEntryId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluZonePlcyConfigEntryId 
                specifies the unique id of the Zone entries within the zone.
                This value must always be 1 in this release."
    ::= { aluZonePlcyConfigEntry 1 }

aluZonePlcyConfigRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluZonePlcyConfigRowStatus specifies the 
                row status.  It allows entries to be created and deleted in the 
                aluZonePlcyConfigTable.  aluZonePlcyConfigRowStatus
                does not support createAndWait. The status can only be active 
                or notInService."
    ::= { aluZonePlcyConfigEntry 2 }

aluZonePlcyConfigSecPlcyId OBJECT-TYPE
    SYNTAX      Unsigned32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluZonePlcyConfigSecPlcyId specifies the 
                id of the security policy defined globally in the system."
    DEFVAL      { 0 }                
    ::= { aluZonePlcyConfigEntry 3 }

--
-- Zone NAT Pool Configuration Table
--
aluZoneNatPoolConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TZoneNatPoolConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluZoneNatPoolConfigTable has an entry for each
                nat-pool of ip addresses and ports configured on a particular zone."
    ::= { aluSecurityAdminObjs 6 }

aluZoneNatPoolConfigEntry OBJECT-TYPE
    SYNTAX      TZoneNatPoolConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular policy entry."
    INDEX { aluZoneConfigId, aluZoneNatPoolConfigId }
    ::= { aluZoneNatPoolConfigTable 1 }

TZoneNatPoolConfigEntry ::= SEQUENCE {
    aluZoneNatPoolConfigId                       Unsigned32,
    aluZoneNatPoolConfigName                     TNamedItemOrEmpty,
    aluZoneNatPoolConfigRowStatus                RowStatus,
    aluZoneNatPoolConfigDescription              TItemDescription,
    aluZoneNatPoolConfigType                     TPoolType,
    aluZoneNatPoolConfigDirection                INTEGER 
}

aluZoneNatPoolConfigId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..100)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluZoneNatPoolConfigId 
                specifies the unique id of the NAT-Pool entries within the zone."
    ::= { aluZoneNatPoolConfigEntry 1 }

aluZoneNatPoolConfigName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluZoneNatPoolConfigName 
                specifies the name of the NAT Pool."
    ::= { aluZoneNatPoolConfigEntry 2 }

aluZoneNatPoolConfigRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluZoneNatPoolConfigRowStatus specifies the 
                row status.  It allows entries to be created and deleted in the 
                aluZoneNatPoolConfigTable.  aluZoneNatPoolConfigRowStatus
                does not support createAndWait. The status can only be active 
                or notInService."
    ::= { aluZoneNatPoolConfigEntry 3 }

aluZoneNatPoolConfigDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Description of this nat pool."
    DEFVAL      { ''H }
    ::= { aluZoneNatPoolConfigEntry 4 }

aluZoneNatPoolConfigType OBJECT-TYPE
    SYNTAX      TPoolType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Specifies if this pool is direct-mapped or pooled."
    DEFVAL      { srcNatPool }
    ::= { aluZoneNatPoolConfigEntry 5 }

aluZoneNatPoolConfigDirection OBJECT-TYPE
    SYNTAX      INTEGER {
                    unknown (0),
                    zoneInbound (1),
                    zoneOutbound (2)
                    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Specifies the zone ."
    DEFVAL      { unknown }
    ::= { aluZoneNatPoolConfigEntry 6 }

--
-- NAT Pool Params Configuration Table
--
aluZoneNatPoolParamsConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TZoneNatPoolParamsConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluZoneNatPoolParamsConfigTable has an entry NAT Pool 
                 params entry configured on this system."
    ::= { aluSecurityAdminObjs 7 }

aluZoneNatPoolParamsConfigEntry OBJECT-TYPE
    SYNTAX      TZoneNatPoolParamsConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular NAT Pool params entry."
    INDEX { aluZoneConfigId, aluZoneNatPoolConfigId,
            aluZoneNatPoolParamsConfigEntryId }
    ::= { aluZoneNatPoolParamsConfigTable 1 }

TZoneNatPoolParamsConfigEntry ::= SEQUENCE {
    aluZoneNatPoolParamsConfigEntryId           Unsigned32,
    aluZoneNatPoolParamsConfigRowStatus         RowStatus,
    aluZoneNatPoolParamsConfigIPAddrValue1      IpAddress,
    aluZoneNatPoolParamsConfigIPAddrValue2      IpAddress,
    aluZoneNatPoolParamsConfigIPOperator        TIPOperator,
    aluZoneNatPoolParamsConfigIPInterfaceIndex  InterfaceIndexOrZero,
    aluZoneNatPoolParamsConfigPortOperator      TTcpUdpPortOperator,
    aluZoneNatPoolParamsConfigPortValue1        TTcpUdpPort,
    aluZoneNatPoolParamsConfigPortValue2        TTcpUdpPort
}

aluZoneNatPoolParamsConfigEntryId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of aluZoneNatPoolParamsConfigEntryId specifies the 
                3rd index for the entry."
    ::= { aluZoneNatPoolParamsConfigEntry 1 }

aluZoneNatPoolParamsConfigRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluZoneNatPoolParamsConfigRowStatus specifies the 
                row status.  It allows entries to be created and deleted in the 
                aluZoneNatPoolParamsConfigTable."
    ::= { aluZoneNatPoolParamsConfigEntry 2 }

aluZoneNatPoolParamsConfigIPAddrValue1 OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object 
                aluZoneNatPoolParamsConfigIPAddrValue1 specifies 
                the starting range of IP address of the NAT pool."
    DEFVAL { '00000000'H }
    ::= { aluZoneNatPoolParamsConfigEntry 3 }

aluZoneNatPoolParamsConfigIPAddrValue2 OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object 
                aluZoneNatPoolParamsConfigIPAddrValue2 specifies 
                the ending range of IP address of the NAT pool."
    DEFVAL { '00000000'H }
    ::= { aluZoneNatPoolParamsConfigEntry 4 }

aluZoneNatPoolParamsConfigIPOperator OBJECT-TYPE
    SYNTAX      TIPOperator
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The operator specifies the manner in which
                aluZoneNatPoolParamsConfigIPAddrValue1 and 
                aluZoneNatPoolParamsConfigIPAddrValue2
                are to be used. The value of these below 2 objects and
                aluZoneNatPoolParamsConfigIPOperator is used as described in
                TIPOperator."
    DEFVAL { none }
    ::= { aluZoneNatPoolParamsConfigEntry 5 }

aluZoneNatPoolParamsConfigIPInterfaceIndex OBJECT-TYPE
    SYNTAX      InterfaceIndexOrZero
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The aluZoneNatPoolParamsConfigIPInterfaceIndex specifies
                the index of the interface that the primary-address of that
                interface is to be used in the NAT pool.
                The interface must exist in the same vRtr that the NAT pool
                resides."
    DEFVAL { 0 }
    ::= { aluZoneNatPoolParamsConfigEntry 6 }

aluZoneNatPoolParamsConfigPortOperator OBJECT-TYPE
    SYNTAX      TTcpUdpPortOperator
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The operator specifies the manner in which
                aluZoneNatPoolParamsConfigPortValue1 and 
                aluZoneNatPoolParamsConfigPortValue2
                are to be used. The value of these below 2 objects and
                aluZoneNatPoolParamsConfigPortOperator is used as described in
                TTcpUdpPortOperator."
    DEFVAL { none }
    ::= { aluZoneNatPoolParamsConfigEntry 7 }

aluZoneNatPoolParamsConfigPortValue1 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "TCP/UDP port value1. The value of this object is used as per the
                description for aluZoneNatPoolParamsConfigPortOperator."
    DEFVAL { 0 }
    ::= { aluZoneNatPoolParamsConfigEntry 8 }

aluZoneNatPoolParamsConfigPortValue2  OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "TCP/UDP port value2. The value of this object is used as per the
                description for aluZoneNatPoolParamsConfigPortOperator."
    DEFVAL { 0 }
    ::= { aluZoneNatPoolParamsConfigEntry 9 }

--
--  Security Policy Configuration Table
--
aluSecPlcyConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecPlcyConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecPlcyConfigTable has an entry for each
                security policy configured globally on this system."
    ::= { aluSecurityAdminObjs 8 }

aluSecPlcyConfigEntry OBJECT-TYPE
    SYNTAX      TSecPlcyConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular security policy."
    INDEX { aluSecPlcyConfigId }
    ::= { aluSecPlcyConfigTable 1 }

TSecPlcyConfigEntry ::= SEQUENCE {
    aluSecPlcyConfigId                         Unsigned32,
    aluSecPlcyConfigRowStatus                  RowStatus,
    aluSecPlcyConfigName                       TNamedItemOrEmpty,
    aluSecPlcyConfigDescription                TItemDescription
}

aluSecPlcyConfigId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyConfigId 
                specifies the unique policy id."
    ::= { aluSecPlcyConfigEntry 1 }

aluSecPlcyConfigRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluSecPlcyConfigRowStatus specifies the 
                row status.  It allows entries to be created and deleted in the 
                aluSecPlcyConfigTable."
    ::= { aluSecPlcyConfigEntry 2 }

aluSecPlcyConfigName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Name of the security policy."
    DEFVAL      { ''H }
    ::= { aluSecPlcyConfigEntry 3 }

aluSecPlcyConfigDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Description of this security policy."
    DEFVAL      { ''H }
    ::= { aluSecPlcyConfigEntry 4 }

--
--  Security Policy Params Configuration Table
--
aluSecPlcyParamsConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecPlcyParamsConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecPlcyParamsConfigTable has an entry for each
                rule configured as part of a security policy."
    ::= { aluSecurityAdminObjs 9 }

aluSecPlcyParamsConfigEntry OBJECT-TYPE
    SYNTAX      TSecPlcyParamsConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular rule entry."
    INDEX { aluSecPlcyConfigId, 
            aluSecPlcyParamsConfigRuleId }
    ::= { aluSecPlcyParamsConfigTable 1 }

TSecPlcyParamsConfigEntry ::= SEQUENCE {
    aluSecPlcyParamsConfigRuleId                      Unsigned32,
    aluSecPlcyParamsConfigRowStatus                   RowStatus,
    aluSecPlcyParamsConfigDescription                 TItemDescription,
    aluSecPlcyParamsConfigMatchSrcIPAddrValue1        IpAddress,
    aluSecPlcyParamsConfigMatchSrcIPAddrValue2        IpAddress,
    aluSecPlcyParamsConfigMatchSrcIPOperator          TIPOperator,
    aluSecPlcyParamsConfigMatchSrcIPHostGroup         Unsigned32,
    aluSecPlcyParamsConfigMatchDstIPAddrValue1        IpAddress,
    aluSecPlcyParamsConfigMatchDstIPAddrValue2        IpAddress,
    aluSecPlcyParamsConfigMatchDstIPOperator          TIPOperator,
    aluSecPlcyParamsConfigMatchDstIPHostGroup         Unsigned32,
    aluSecPlcyParamsConfigMatchProtocol               TIpProtocol,
    aluSecPlcyParamsConfigMatchSrcPortValue1          TTcpUdpPort,
    aluSecPlcyParamsConfigMatchSrcPortValue2          TTcpUdpPort,
    aluSecPlcyParamsConfigMatchSrcPortOp              TOperator,
    aluSecPlcyParamsConfigMatchDstPortValue1          TTcpUdpPort,
    aluSecPlcyParamsConfigMatchDstPortValue2          TTcpUdpPort,
    aluSecPlcyParamsConfigMatchDstPortOp              TOperator,
    aluSecPlcyParamsConfigMatchAppGroup               Unsigned32,
    aluSecPlcyParamsConfigMatchIcmpCode               INTEGER,
    aluSecPlcyParamsConfigMatchIcmpType               INTEGER,
    aluSecPlcyParamsConfigMatchIgmpType               INTEGER,
    aluSecPlcyParamsConfigMatchFlowDirection          INTEGER,
    aluSecPlcyParamsConfigProfileId                   Unsigned32,
    aluSecPlcyParamsConfigConcurrentFlowLimit         Unsigned32,
    aluSecPlcyParamsConfigCreateRevDirFlow            TruthValue,
    aluSecPlcyParamsConfigAction                      INTEGER,
    aluSecPlcyParamsConfigMatchLocal                  TruthValue,
    aluSecPlcyParamsConfigActionNatDstIPAddr          IpAddress,
    aluSecPlcyParamsConfigActionNatDstPort            TTcpUdpPort,    
    aluSecPlcyParamsConfigLogControl                  INTEGER,   
    aluSecPlcyParamsConfigLogId                       TSecurityLogId
}

aluSecPlcyParamsConfigRuleId  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of aluSecPlcyParamsConfigRuleId specifies the 
                index of the rule within the security policy."
    ::= { aluSecPlcyParamsConfigEntry 1 }

aluSecPlcyParamsConfigRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluSecPlcyParamsConfigRowStatus specifies the 
                row status.  It allows entries to be created and deleted in the 
                aluSecPlcyParamsConfigTable."
    ::= { aluSecPlcyParamsConfigEntry 2 }

aluSecPlcyParamsConfigDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Description of this rule."
    DEFVAL      { ''H }
    ::= { aluSecPlcyParamsConfigEntry 3 }

aluSecPlcyParamsConfigMatchSrcIPAddrValue1 OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyParamsConfigMatchSrcIPAddrValue1
                specifies the source IP address of the packets to be filltered.
                When configured and activated, This filter will be 
                applied to all IP packets whose source-ip must match the Value"
    DEFVAL { '00000000'H }
    ::= { aluSecPlcyParamsConfigEntry 4 }

aluSecPlcyParamsConfigMatchSrcIPAddrValue2 OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyParamsConfigMatchSrcIPAddrValue2 
                specifies the source IP address of the packets to be filltered.
                When configured and activated, This filter will be 
                applied to all IP packets whose source-ip must match the Value"
    DEFVAL { '00000000'H }
    ::= { aluSecPlcyParamsConfigEntry 5 }

aluSecPlcyParamsConfigMatchSrcIPOperator OBJECT-TYPE
    SYNTAX      TIPOperator
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The operator specifies the manner in which
                aluSecPlcyParamsConfigMatchSrcIPAddrValue1 and 
                aluSecPlcyParamsConfigMatchSrcIPAddrValue2
                are to be used. The value of these below 2 objects and
                aluSecPlcyParamsConfigMatchSrcIPOperator is used as described in
                TIPOperator."
    DEFVAL { none }
    ::= { aluSecPlcyParamsConfigEntry 6 }

aluSecPlcyParamsConfigMatchSrcIPHostGroup OBJECT-TYPE
    SYNTAX      Unsigned32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyParamsConfigMatchSrcIPHostGroup 
                specifies the host group name, where the group name is a collection 
                of IP addresses.  When configured and activated, filter 
                policy will be applied to all IP packets whose 
                source-ip must be within this host group name's IP addresses"
    DEFVAL { 0 }
    ::= { aluSecPlcyParamsConfigEntry 7 }

aluSecPlcyParamsConfigMatchDstIPAddrValue1 OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyParamsConfigMatchDstIPAddrValue1
                specifies the source IP address of the packets to be filltered.
                When configured and activated, This filter will be 
                applied to all IP packets whose source-ip must match the Value"
    DEFVAL { '00000000'H }
    ::= { aluSecPlcyParamsConfigEntry 8 }

aluSecPlcyParamsConfigMatchDstIPAddrValue2 OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyParamsConfigMatchDstIPAddrValue2 
                specifies the source IP address of the packets to be filltered.
                When configured and activated, This filter will be 
                applied to all IP packets whose source-ip must match the Value"
    DEFVAL { '00000000'H }
    ::= { aluSecPlcyParamsConfigEntry 9 }

aluSecPlcyParamsConfigMatchDstIPOperator OBJECT-TYPE
    SYNTAX      TIPOperator
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The operator specifies the manner in which
                aluSecPlcyParamsConfigMatchDstIPAddrValue1 and 
                aluSecPlcyParamsConfigMatchDstIPAddrValue2
                are to be used. The value of these below 2 objects and
                aluSecPlcyParamsConfigMatchDstIPOperator is used as described in
                TIPOperator."
    DEFVAL { none }
    ::= { aluSecPlcyParamsConfigEntry 10 }

aluSecPlcyParamsConfigMatchDstIPHostGroup OBJECT-TYPE
    SYNTAX      Unsigned32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyParamsConfigMatchDstIPHostGroup 
                specifies the host group name, where the group name is a collection 
                of IP addresses.  When configured and activated, filter 
                policy will be applied to all IP packets whose 
                source-ip must be within this host group name's IP addresses"
    DEFVAL { 0 }
    ::= { aluSecPlcyParamsConfigEntry 11 }

aluSecPlcyParamsConfigMatchProtocol OBJECT-TYPE
    SYNTAX      TIpProtocol
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "IP protocol to match.  set to -1 to disable matching IP protocol. If
                the protocol is changed the protocol specific parameters are reset."
    DEFVAL { -1 }
    ::= { aluSecPlcyParamsConfigEntry 12 }

aluSecPlcyParamsConfigMatchSrcPortValue1 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Source TCP/UDP port value."
    DEFVAL { 0 }
    ::= { aluSecPlcyParamsConfigEntry 13 }

aluSecPlcyParamsConfigMatchSrcPortValue2 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Source TCP/UDP port value."
    DEFVAL { 0 }
    ::= { aluSecPlcyParamsConfigEntry 14 }

aluSecPlcyParamsConfigMatchSrcPortOp OBJECT-TYPE
    SYNTAX      TOperator
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Source TCP/UDP port operator."
    DEFVAL { none }
    ::= { aluSecPlcyParamsConfigEntry 15 }

aluSecPlcyParamsConfigMatchDstPortValue1 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Destination TCP/UDP port value."
    DEFVAL { 0 }
    ::= { aluSecPlcyParamsConfigEntry 16 }

aluSecPlcyParamsConfigMatchDstPortValue2 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Destination TCP/UDP port value."
    DEFVAL { 0 }
    ::= { aluSecPlcyParamsConfigEntry 17 }

aluSecPlcyParamsConfigMatchDstPortOp OBJECT-TYPE
    SYNTAX      TOperator
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Destination TCP/UDP port operator."
    DEFVAL { none }
    ::= { aluSecPlcyParamsConfigEntry 18 }

aluSecPlcyParamsConfigMatchAppGroup  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyParamsConfigMatchAppGroup 
                specifies the application group name, where the group name is a 
                collection of protocol-id/src port/dest port.  When configured 
                and activated, this filter will be applied for 
                all IP packets whose protocol value, src port and dest port
                must match this service group tuple"
    DEFVAL { 0 }
    ::= { aluSecPlcyParamsConfigEntry 19 }

aluSecPlcyParamsConfigMatchIcmpCode  OBJECT-TYPE
    SYNTAX      INTEGER (-1|0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Icmp code to be matched. aluSecPlcyParamsConfigMatchIcmpCode 
                complements the object aluSecPlcyParamsConfigMatchIcmpType. 
                Both of them need to be set to actually
                enable ICMP matching. The value -1 means Icmp code matching is not
                enabled."
    DEFVAL { -1 }
    ::= { aluSecPlcyParamsConfigEntry 20 }

aluSecPlcyParamsConfigMatchIcmpType  OBJECT-TYPE
    SYNTAX      INTEGER (-1|0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Icmp type to be matched. aluSecPlcyParamsConfigMatchIcmpType 
                complements the object aluSecPlcyParamsConfigMatchIcmpCode. 
                Both of them need to be set to actually
                enable ICMP matching. The value -1 means Icmp code matching is not
                enabled."
    DEFVAL { -1 }
    ::= { aluSecPlcyParamsConfigEntry 21 }

aluSecPlcyParamsConfigMatchIgmpType  OBJECT-TYPE
    SYNTAX      INTEGER (-1|0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Type of IGMP to be configured"
    DEFVAL      { -1 }
    ::= { aluSecPlcyParamsConfigEntry 22 }

aluSecPlcyParamsConfigMatchFlowDirection  OBJECT-TYPE
    SYNTAX      INTEGER {
                    zoneInbound  (1),
                    zoneOutbound (2),
                    both (3)
                }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "This object specifies the direction of the packet flow
                for which the security filter is to be applied.
                in is equivalent to ingress flow,
                out is equivalent to egress flow,
                both is equivalent to both ingress and egress flow"
    DEFVAL { both }
    ::= { aluSecPlcyParamsConfigEntry 23 }


aluSecPlcyParamsConfigProfileId  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies profile of this flow"
    DEFVAL { 1 }
    ::= { aluSecPlcyParamsConfigEntry 24 }

aluSecPlcyParamsConfigConcurrentFlowLimit  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of sessions (flows)
                that can be active concurrently."
    DEFVAL { 0 }
    ::= { aluSecPlcyParamsConfigEntry 25 }

aluSecPlcyParamsConfigCreateRevDirFlow  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluSecPlcyParamsConfigCreateRevDirFlow specifies 
                whether return direction of the session is created or not"
    DEFVAL { true }
    ::= { aluSecPlcyParamsConfigEntry 26 }

aluSecPlcyParamsConfigAction  OBJECT-TYPE
    SYNTAX      INTEGER {
                    forward (0),
                    drop (1),
                    nat (2),
                    reject (3)
                }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "This object specifies whether the packet needs to be
                passed or dropped if it satisfies the rule condition."
    DEFVAL { reject }
    ::= { aluSecPlcyParamsConfigEntry 27 }

aluSecPlcyParamsConfigMatchLocal  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluSecPlcyParamsConfigMatchLocal specifies 
                whether to match traffic destined to node"
    DEFVAL { false }
    ::= { aluSecPlcyParamsConfigEntry 28 }

aluSecPlcyParamsConfigActionNatDstIPAddr OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyParamsConfigActionNatDstIPAddr
                specifies the Dst IP address of the packet after NAT has been
                performed"
    DEFVAL { '00000000'H }
    ::= { aluSecPlcyParamsConfigEntry 29 }

aluSecPlcyParamsConfigActionNatDstPort OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "NAT Destination TCP/UDP port value."
    DEFVAL { 0 }
    ::= { aluSecPlcyParamsConfigEntry 30 }

aluSecPlcyParamsConfigLogControl OBJECT-TYPE
    SYNTAX      INTEGER {
                     suppress (1),
                     zone     (2),
                     log      (3)
                     }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Log control for this rule.  There are three options:
                  (1) suppress - (DEFAULT) Any events generated from this
                                 rule will be suppressed. 
                  (2) zone     - Send any events generated from this rule
                                 to the zone log-id (if configured). 
                  (3) log-id   - Send this rule to a specific log-id."
    DEFVAL { suppress }
    ::= { aluSecPlcyParamsConfigEntry 31 }

aluSecPlcyParamsConfigLogId OBJECT-TYPE
    SYNTAX      TSecurityLogId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Log for policy to be logged.  This can only be set"
    DEFVAL { 0 }
    ::= { aluSecPlcyParamsConfigEntry 32 }

--
--  Security Profile Configuration Table
--
aluSecProfileConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecProfileConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecProfileConfigTable has an entry for each
                security profile configured globally on this system."
    ::= { aluSecurityAdminObjs 10 }

aluSecProfileConfigEntry OBJECT-TYPE
    SYNTAX      TSecProfileConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular security profile."
    INDEX { aluSecProfileConfigId }
    ::= { aluSecProfileConfigTable 1 }

TSecProfileConfigEntry ::= SEQUENCE {
    aluSecProfileConfigId                     Unsigned32,
    aluSecProfileConfigRowStatus              RowStatus,
    aluSecProfileConfigName                   TNamedItemOrEmpty,
    aluSecProfileConfigDescription            TItemDescription,
    aluSecProfileConfigTcpSynTimeout          Unsigned32,
    aluSecProfileConfigTcpWaitTimeout         Unsigned32,
    aluSecProfileConfigTcpTransTimeout        Unsigned32,
    aluSecProfileConfigTcpEstTimeout          Unsigned32,
    aluSecProfileConfigUdpTimeout             Unsigned32,
    aluSecProfileConfigUdpInitTimeout         Unsigned32,
    aluSecProfileConfigUdpDnsTimeout          Unsigned32,
    aluSecProfileConfigIcmpTimeout            Unsigned32,
    aluSecProfileConfigOtherTimeout           Unsigned32,
    aluSecProfileConfigAppInspect             TruthValue,
    aluSecProfileConfigInspectTcp             TruthValue,
    aluSecProfileConfigInspectIpOpt           TruthValue,
    aluSecProfileConfigAllowedIpOpt           Unsigned32,
    aluSecProfileConfigAllowPktFrag           TruthValue,
    aluSecProfileConfigAlg                    TAlgType,    
    aluSecProfileConfigIcmpReqLimit           Unsigned32,
    aluSecProfileConfigIcmpErrLimit           TruthValue,
    aluSecProfileConfigDnsReplyOnly           TruthValue,
    aluSecProfileConfigTcpTmoStrict           TruthValue,
    aluSecProfileConfigUdpTmoStrict           TruthValue,
    aluSecProfileConfigIcmpTmoStrict          TruthValue,
    aluSecProfileConfigDnsTmoStrict           TruthValue,
    aluSecProfileConfigOthTmoStrict           TruthValue,
    aluSecProfileConfigFwdPolicerId           TSecurityPolicerId,
    aluSecProfileConfigRevPolicerId           TSecurityPolicerId
}

aluSecProfileConfigId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluSecProfileConfigId 
                specifies the unique profile id."
    ::= { aluSecProfileConfigEntry 1 }

aluSecProfileConfigRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluSecProfileConfigRowStatus specifies the 
                row status.  It allows entries to be created and deleted in the 
                aluSecProfileConfigTable."
    ::= { aluSecProfileConfigEntry 2 }

aluSecProfileConfigName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Name of the security profile."
    DEFVAL      { ''H }
    ::= { aluSecProfileConfigEntry 3 }

aluSecProfileConfigDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Description of this security profile."
    DEFVAL      { ''H }
    ::= { aluSecProfileConfigEntry 4 }
    
aluSecProfileConfigTcpSynTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32 (6..86400)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds a
                TCP session can wait for a SYN before being cleaned up."
    DEFVAL { 15 }
    ::= { aluSecProfileConfigEntry 5 }

aluSecProfileConfigTcpWaitTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..240)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds a
                TCP session can remain in time wait before being cleaned up."
    DEFVAL { 0 }
    ::= { aluSecProfileConfigEntry 6 }

aluSecProfileConfigTcpTransTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32 (60..86400)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds a
                TCP session can remain be transitory before being cleaned up."
    DEFVAL { 240 }
    ::= { aluSecProfileConfigEntry 7 }

aluSecProfileConfigTcpEstTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32 (60..86400)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds a
                TCP session has to reach established before being cleaned up."
    DEFVAL { 7440 }
    ::= { aluSecProfileConfigEntry 8 }

aluSecProfileConfigUdpTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32 (60..86400)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds a
                UDP session can remain idle before being cleaned up."
    DEFVAL { 300 }
    ::= { aluSecProfileConfigEntry 9 }

aluSecProfileConfigUdpInitTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32 (10..300)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds a
                UDP session can remain idle after recieving the first packet
                before being cleaned up."
    DEFVAL { 15 }
    ::= { aluSecProfileConfigEntry 10 }

aluSecProfileConfigUdpDnsTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32 (15..86400)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds a
                DNS request can take to recieve a response 
                before being cleaned up."
    DEFVAL { 15 }
    ::= { aluSecProfileConfigEntry 11 }

aluSecProfileConfigIcmpTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32 (60..240)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds an
                ICMP request can take to recieve a response 
                before being cleaned up."
    DEFVAL { 60 }
    ::= { aluSecProfileConfigEntry 12}

aluSecProfileConfigOtherTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32 (10..86400)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds other
                protocol sessions can remain idle before being cleaned up.
                This also includes all drop sessions regardless of protocol."
    DEFVAL { 600 }
    ::= { aluSecProfileConfigEntry 13 }

aluSecProfileConfigAppInspect  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object indicates whether application assurance inspection
                 should be performed on all active connections with this profile."
    DEFVAL { false }
    ::= { aluSecProfileConfigEntry 14 }

aluSecProfileConfigInspectTcp  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object indicates whether stict TCP inspection
                 should be performed on all active TCP connections with this profile.
                 aluSecProfileConfigAppInspect must be enabled before TCP inspection
                 can be enabled."
    DEFVAL { false }
    ::= { aluSecProfileConfigEntry 15 }
    
aluSecProfileConfigInspectIpOpt  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object indicates whether IP options inspection
                 is to be performed. When 'true' the object aluSecProfileConfigAllowedIpOpt
                 is used to specify permitted options.
                 aluSecProfileConfigAppInspect must be enabled before IP inspection
                 can be enabled."
    DEFVAL { false }
    ::= { aluSecProfileConfigEntry 16 }
    
aluSecProfileConfigAllowedIpOpt  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object indicates the bitmask of allowed IP options when IP
                 option inspection is enabled.
                 aluSecProfileConfigAppInspect must be enabled before IP inspection
                 can be enabled."
    ::= { aluSecProfileConfigEntry 17 }

aluSecProfileConfigAllowPktFrag  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object indicates whether fragmented IP packets are
                 permitted through connections with this profile."
    DEFVAL { true }
    ::= { aluSecProfileConfigEntry 18 }

aluSecProfileConfigAlg  OBJECT-TYPE
    SYNTAX      TAlgType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object indicates the application layer 
                 gateway processing to be performed on this connection."
    DEFVAL { auto}
    ::= { aluSecProfileConfigEntry 19 }

aluSecProfileConfigIcmpReqLimit  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..254)
    UNITS       "packets"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of ICMP packets permitted
                to travese the ICMP request session in each direction.
                A value of 0 specifies that there is no packet limit.
                aluSecProfileConfigAppInspect must be enabled before ICMP inspection
                can be enabled."
    DEFVAL { 0 }
    ::= { aluSecProfileConfigEntry 20}

aluSecProfileConfigIcmpErrLimit  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies the whether to limit the number of ICMP Type 3 
                packets that are permitted to travese the session in each direction.
                aluSecProfileConfigAppInspect must be enabled before ICMP inspection
                can be enabled."
    DEFVAL { false }
    ::= { aluSecProfileConfigEntry 21}

aluSecProfileConfigDnsReplyOnly  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies whether to limit the number of DNS  
                packets that are permitted to travese a DNS session in each direction.
                aluSecProfileConfigAppInspect must be enabled before DNS inspection
                can be enabled."
    DEFVAL { false }
    ::= { aluSecProfileConfigEntry 22}

aluSecProfileConfigTcpTmoStrict  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies if a TCP Session in the Established 
                state is strictly enforced to timeout after the Timeout setting regardless of 
                session activity.  When'false' the session will not timeout until the session
                has been idle for the timeout period."
    DEFVAL { false }
    ::= { aluSecProfileConfigEntry 23}

aluSecProfileConfigUdpTmoStrict  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies if a UDP Session in the Established 
                state is strictly enforced to timeout after the Timeout setting regardless of 
                session activity.  When'false' the session will not timeout until the session
                has been idle for the timeout period."
    DEFVAL { false }
    ::= { aluSecProfileConfigEntry 24}

aluSecProfileConfigIcmpTmoStrict  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies if a ICMP Request Session 
                is strictly enforced to timeout after the Timeout setting regardless of 
                session activity.  When'false' the session will not timeout until the session
                has been idle for the timeout period."
    DEFVAL { true }
    ::= { aluSecProfileConfigEntry 25}

aluSecProfileConfigDnsTmoStrict  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies if a DNS Request Session 
                is strictly enforced to timeout after the Timeout setting regardless of 
                session activity.  When'false' the session will not timeout until the session
                has been idle for the timeout period."
    DEFVAL { true }
    ::= { aluSecProfileConfigEntry 26}

aluSecProfileConfigOthTmoStrict  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies if a Other protocol session 
                is strictly enforced to timeout after the Timeout setting regardless of 
                session activity.  When'false' the session will not timeout until the session
                has been idle for the timeout period."
    DEFVAL { false }
    ::= { aluSecProfileConfigEntry 27}

aluSecProfileConfigFwdPolicerId  OBJECT-TYPE
    SYNTAX      TSecurityPolicerId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies the policer group that the forward direction
                 of the session should be rate-limited with."
    DEFVAL { 0 }
    ::= { aluSecProfileConfigEntry 28}

aluSecProfileConfigRevPolicerId  OBJECT-TYPE
    SYNTAX      TSecurityPolicerId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object specifies the policer group that the reverse direction
                 of the session should be rate-limited with."
    DEFVAL { 0 }
    ::= { aluSecProfileConfigEntry 29}

--
-- System Level Information
--

aluSecPlcyLastCommit  OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The last time the security policies were committed"
    ::= { aluSecurityAdminObjs 11 }

aluSecPlcyCount  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of security policies provisioned"
    ::= { aluSecurityAdminObjs 12 }

aluSecPlcyProfileCount  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of security profiles provisioned"
    ::= { aluSecurityAdminObjs 13 }

aluSecPlcyZoneCount  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of security zones provisioned"
    ::= { aluSecurityAdminObjs 14 }

aluSecActiveSessionCount  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of security sessions currently active"
    ::= { aluSecurityAdminObjs 15 }

aluSecActiveSessionLimit  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The max number of concurrent security sessions 
                 supported"
    ::= { aluSecurityAdminObjs 16 }

aluSecActiveSessionHiWtrMrk  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..100)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The high water mark percentage for concurrent 
                 security sessions"
    DEFVAL      { 0 }
    ::= { aluSecurityAdminObjs 17 }

aluSecActiveSessionLoWtrMrk  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..100)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The low water mark percentage for concurrent 
                 security sessions"
    DEFVAL     { 0 }
    ::= { aluSecurityAdminObjs 18 }

aluSecPlcyState  OBJECT-TYPE
    SYNTAX      TPlcyState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The state of the global security policy objects"
    ::= { aluSecurityAdminObjs 19 }

aluSecSessionResourceState  OBJECT-TYPE
    SYNTAX      INTEGER {
                    unknown (0),
                    ok (1),
                    alarm (2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The state of the security session resources.
                 The resource alarm state is detected when either the 
                 high-watermark is crossed (if configured) or all 
                 session resources have been exausted.
                 The resource alarm state is cleared when either the 
                 low-watermark is crossed (if configured) or all
                 session have been cleared."
    ::= { aluSecurityAdminObjs 20 }

--
--  Security Host Group Configuration Table
--
aluSecHostGrpConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecHostGrpConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecHostGrpConfigTable has an entry for each
                security host group configured globally on this system."
    ::= { aluSecurityAdminObjs 21}

aluSecHostGrpConfigEntry OBJECT-TYPE
    SYNTAX      TSecHostGrpConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular security host group."
    INDEX { aluSecHostGrpConfigId }
    ::= { aluSecHostGrpConfigTable 1 }

TSecHostGrpConfigEntry ::= SEQUENCE {
    aluSecHostGrpConfigId                         Unsigned32,
    aluSecHostGrpConfigRowStatus                  RowStatus,
    aluSecHostGrpConfigName                       TNamedItemOrEmpty,
    aluSecHostGrpConfigDescription                TItemDescription
}

aluSecHostGrpConfigId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..100)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluSecHosTGrpConfigId 
                specifies the unique host group id."
    ::= { aluSecHostGrpConfigEntry 1 }

aluSecHostGrpConfigRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluSecHostGrpConfigRowStatus specifies the 
                row status.  It allows entries to be created and deleted in the 
                aluSecHostGrpConfigTable."
    ::= { aluSecHostGrpConfigEntry 2 }

aluSecHostGrpConfigName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Name of the security host group."
    DEFVAL      { ''H }
    ::= { aluSecHostGrpConfigEntry 3 }

aluSecHostGrpConfigDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Description of this security host group."
    DEFVAL      { ''H }
    ::= { aluSecHostGrpConfigEntry 4 }

--
--  Security Host Table
--
aluSecHostConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecHostConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecHostConfigTable has an entry for each
                rule configured as part of a security host."
    ::= { aluSecurityAdminObjs 22 }

aluSecHostConfigEntry OBJECT-TYPE
    SYNTAX      TSecHostConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular host entry."
    INDEX { aluSecHostGrpConfigId, 
            aluSecHostConfigIPAddrValue1 }
    ::= { aluSecHostConfigTable 1 }

TSecHostConfigEntry ::= SEQUENCE {
    aluSecHostConfigIPAddrValue1                IpAddress,
    aluSecHostConfigRowStatus                   RowStatus,
    aluSecHostConfigIPAddrValue2                IpAddress,
    aluSecHostConfigIPOperator                  TIPOperator
}

aluSecHostConfigIPAddrValue1 OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluSecHostConfigIPAddrValue1
                specifies the IP address of hosts in this group."
    ::= { aluSecHostConfigEntry 1 }

aluSecHostConfigRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluSecHostConfigRowStatus specifies the 
                row status.  It allows entries to be created and deleted in the 
                aluSecHostConfigTable."
    ::= { aluSecHostConfigEntry 2 }

aluSecHostConfigIPAddrValue2 OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecHostConfigIPAddrValue2
                specifies the 2nd IP address of a range of hosts."
    DEFVAL { '00000000'H }
    ::= { aluSecHostConfigEntry 3 }

aluSecHostConfigIPOperator OBJECT-TYPE
    SYNTAX      TIPOperator
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The operator specifies the manner in which
                aluSecHostConfigIPAddrValue1 and 
                aluSecHostConfigIPAddrValue2
                are to be used. The value of these below 2 objects and
                aluSecHostConfigIPOperator is used as described in
                TIPOperator."
    DEFVAL { none }
    ::= { aluSecHostConfigEntry 4 }

--
--  Security Application Group Configuration Table
--
aluSecAppGrpConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecAppGrpConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecAppGrpConfigTable has an entry for each
                security application group configured globally on this system."
    ::= { aluSecurityAdminObjs 23}

aluSecAppGrpConfigEntry OBJECT-TYPE
    SYNTAX      TSecAppGrpConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular security app group."
    INDEX { aluSecAppGrpConfigId }
    ::= { aluSecAppGrpConfigTable 1 }

TSecAppGrpConfigEntry ::= SEQUENCE {
    aluSecAppGrpConfigId                         Unsigned32,
    aluSecAppGrpConfigRowStatus                  RowStatus,
    aluSecAppGrpConfigName                       TNamedItemOrEmpty,
    aluSecAppGrpConfigDescription                TItemDescription
}

aluSecAppGrpConfigId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..100)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluSecAppGrpConfigId 
                specifies the unique application group id."
    ::= { aluSecAppGrpConfigEntry 1 }

aluSecAppGrpConfigRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluSecAppGrpConfigRowStatus specifies the 
                row status.  It allows entries to be created and deleted in the 
                aluSecAppGrpConfigTable."
    ::= { aluSecAppGrpConfigEntry 2 }

aluSecAppGrpConfigName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Name of the security application group."
    DEFVAL      { ''H }
    ::= { aluSecAppGrpConfigEntry 3 }

aluSecAppGrpConfigDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Description of this security application group."
    DEFVAL      { ''H }
    ::= { aluSecAppGrpConfigEntry 4 }

--
--  Security Application Table
--
aluSecAppConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecAppConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecAppConfigTable has an entry for each
                rule configured as part of a security application."
    ::= { aluSecurityAdminObjs 24 }

aluSecAppConfigEntry OBJECT-TYPE
    SYNTAX      TSecAppConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular host entry."
    INDEX { aluSecAppGrpConfigId, 
            aluSecAppConfigEntryId }
    ::= { aluSecAppConfigTable 1 }

TSecAppConfigEntry ::= SEQUENCE {
    aluSecAppConfigEntryId                         Unsigned32,
    aluSecAppConfigRowStatus                       RowStatus,
    aluSecAppConfigMatchProtocol                   TIpProtocol,
    aluSecAppConfigMatchSrcPortValue1              TTcpUdpPort,
    aluSecAppConfigMatchSrcPortValue2              TTcpUdpPort,
    aluSecAppConfigMatchSrcPortOp                  TOperator,
    aluSecAppConfigMatchDstPortValue1              TTcpUdpPort,
    aluSecAppConfigMatchDstPortValue2              TTcpUdpPort,
    aluSecAppConfigMatchDstPortOp                  TOperator,
    aluSecAppConfigMatchIcmpCode                   INTEGER,
    aluSecAppConfigMatchIcmpType                   INTEGER
}

aluSecAppConfigEntryId  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of aluSecAppConfigEntryId specifies the 
                index of the entry within the security app group."
    ::= { aluSecAppConfigEntry 1 }

aluSecAppConfigRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluSecAppConfigRowStatus specifies the 
                row status.  It allows entries to be created and deleted in the 
                aluSecAppConfigTable."
    ::= { aluSecAppConfigEntry 2 }

aluSecAppConfigMatchProtocol OBJECT-TYPE
    SYNTAX      TIpProtocol
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "IP protocol to match.  set to -1 to disable matching IP protocol. If
                the protocol is changed the protocol specific parameters are reset."
    DEFVAL { -1 }
    ::= { aluSecAppConfigEntry 3 }

aluSecAppConfigMatchSrcPortValue1 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Source TCP/UDP port value."
    DEFVAL { 0 }
    ::= { aluSecAppConfigEntry 4 }

aluSecAppConfigMatchSrcPortValue2 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Source TCP/UDP port value."
    DEFVAL { 0 }
    ::= { aluSecAppConfigEntry 5 }

aluSecAppConfigMatchSrcPortOp OBJECT-TYPE
    SYNTAX      TOperator
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Source TCP/UDP port operator."
    DEFVAL { none }
    ::= { aluSecAppConfigEntry 6 }

aluSecAppConfigMatchDstPortValue1 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Destination TCP/UDP port value."
    DEFVAL { 0 }
    ::= { aluSecAppConfigEntry 7 }

aluSecAppConfigMatchDstPortValue2 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Destination TCP/UDP port value."
    DEFVAL { 0 }
    ::= { aluSecAppConfigEntry 8 }

aluSecAppConfigMatchDstPortOp OBJECT-TYPE
    SYNTAX      TOperator
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Destination TCP/UDP port operator."
    DEFVAL { none }
    ::= { aluSecAppConfigEntry 9 }

aluSecAppConfigMatchIcmpCode  OBJECT-TYPE
    SYNTAX      INTEGER (-1|0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Icmp code to be matched. aluSecAppConfigMatchIcmpCode 
                complements the object aluSecAppConfigMatchIcmpType. 
                Both of them need to be set to actually
                enable ICMP matching. The value -1 means Icmp code matching is not
                enabled."
    DEFVAL { -1 }
    ::= { aluSecAppConfigEntry 10 }

aluSecAppConfigMatchIcmpType  OBJECT-TYPE
    SYNTAX      INTEGER (-1|0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Icmp type to be matched. aluSecAppConfigMatchIcmpType 
                complements the object aluSecPlcyParamsConfigMatchIcmpCode. 
                Both of them need to be set to actually
                enable ICMP matching. The value -1 means Icmp code matching is not
                enabled."
    DEFVAL { -1 }
    ::= { aluSecAppConfigEntry 11 }

--
--  Security Policer Group Configuration Table
--
aluSecPolicerGrpConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecPolicerGrpConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecPolcierGrpConfigTable has an entry for each
                security policer group configured globally on this system."
    ::= { aluSecurityAdminObjs 25}

aluSecPolicerGrpConfigEntry OBJECT-TYPE
    SYNTAX      TSecPolicerGrpConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular security app group."
    INDEX { aluSecPolicerGrpConfigId }
    ::= { aluSecPolicerGrpConfigTable 1 }

TSecPolicerGrpConfigEntry ::= SEQUENCE {
    aluSecPolicerGrpConfigId                         Unsigned32,
    aluSecPolicerGrpConfigRowStatus                  RowStatus,
    aluSecPolicerGrpConfigName                       TNamedItemOrEmpty,
    aluSecPolicerGrpConfigDescription                TItemDescription,
    aluSecPolicerGrpConfigRate                       Integer32,
    aluSecPolicerGrpConfigRateCbs                    Unsigned32
}

aluSecPolicerGrpConfigId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..1024)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluSecPolicerGrpConfigId 
                specifies the unique policer group id."
    ::= { aluSecPolicerGrpConfigEntry 1 }

aluSecPolicerGrpConfigRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluSecPolicerGrpConfigRowStatus specifies the 
                row status.  It allows entries to be created and deleted in the 
                aluSecPolicerGrpConfigTable."
    ::= { aluSecPolicerGrpConfigEntry 2 }

aluSecPolicerGrpConfigName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Name of the security policer group."
    DEFVAL      { ''H }
    ::= { aluSecPolicerGrpConfigEntry 3 }

aluSecPolicerGrpConfigDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Description of this security policer group."
    DEFVAL      { ''H }
    ::= { aluSecPolicerGrpConfigEntry 4 }

aluSecPolicerGrpConfigRate        OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 1..10000)
    UNITS       "mega-bits per second"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The aluSecPolicerGrpConfigRate object specifies the maximum ingress
         bandwidth (in mega-bits per second) that the policer can receive. 
         A value of -1 means that no policing will be performed."
    DEFVAL { -1 }
    ::= { aluSecPolicerGrpConfigEntry 14 }

aluSecPolicerGrpConfigRateCbs  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..130816)
    UNITS       "bytes"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "aluSecPolicerGrpConfigRateCbs specifies the committed burst size that hard policer can accept while complying 
        to the ingress rate aluSecPolicerGrpConfigRate.
        
        aluSecPolicerGrpConfigRateCbs is not applicable when aluSecPolicerGrpConfigRate is -1.
        Setting aluSecPolicerGrpConfigRate to -1 causes aluPortEtherIngressRateCbs of the port
        to revert back to its default value.
        
        aluSecPolicerGrpConfigRateCbs  be configured in multiples of 256 bytes."         
         
    DEFVAL { 130816 } 
    ::= { aluSecPolicerGrpConfigEntry 17}

aluSecTotalSessionCount  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of security sessions ever created"
    ::= { aluSecurityAdminObjs 26 }

--
-- Operational Table
--

aluZoneOperTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TZoneOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluZoneOperTable has an entry for each zone 
                configured on this system."
    ::= { aluSecurityOperObjs 1 }

aluZoneOperEntry OBJECT-TYPE
    SYNTAX      TZoneOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular zone."
    INDEX { aluZoneOperId }
    ::= { aluZoneOperTable 1 }

TZoneOperEntry ::= SEQUENCE {
    aluZoneOperId                          Unsigned32,
    aluZoneOperName                        TNamedItemOrEmpty,
    aluZoneOperBypass                      TruthValue,
    aluZoneOperDescription                 TItemDescription,
    aluZoneOperPlcyRuleCount               Gauge32,
    aluZoneOperType                        TZoneType,
    aluZoneOperSvcId                       TmnxServId,
    aluZoneOperInSessionCount              Counter64,
    aluZoneOperInActiveSessions            Gauge32,
    aluZoneOperOutSessionCount             Counter64,
    aluZoneOperOutActiveSessions           Gauge32,
    aluZoneOperInPktsDropped               Counter64,
    aluZoneOperInBytesDropped              Counter64,
    aluZoneOperOutPktsDropped              Counter64,
    aluZoneOperOutBytesDropped             Counter64,                    
    aluZoneOperInPktsDefAction             Counter64,
    aluZoneOperInBytesDefAction            Counter64,
    aluZoneOperOutPktsDefAction            Counter64,
    aluZoneOperOutBytesDefAction           Counter64,
    aluZoneOperPlcyLastCommit              TimeStamp,                
    aluZoneOperInTcpSessLimit              Unsigned32,
    aluZoneOperInUdpSessLimit              Unsigned32,
    aluZoneOperInIcmpSessLimit             Unsigned32,
    aluZoneOperInOthSessLimit              Unsigned32,
    aluZoneOperOutTcpSessLimit             Unsigned32,
    aluZoneOperOutUdpSessLimit             Unsigned32,
    aluZoneOperOutIcmpSessLimit            Unsigned32,
    aluZoneOperOutOthSessLimit             Unsigned32,
    aluZoneOperInTcpActSessions            Gauge32,
    aluZoneOperInUdpActSessions            Gauge32,
    aluZoneOperInIcmpActSessions           Gauge32,
    aluZoneOperInOthActSessions            Gauge32,
    aluZoneOperOutTcpActSessions           Gauge32,
    aluZoneOperOutUdpActSessions           Gauge32,
    aluZoneOperOutIcmpActSessions          Gauge32,
    aluZoneOperOutOthActSessions           Gauge32,
    aluZoneOperLogId                       Unsigned32,
    aluZoneOperAutoBind                    TruthValue,
    aluZoneOperInFwdAction                 Counter64,
    aluZoneOperOutFwdAction                Counter64,
    aluZoneOperInNatAction                 Counter64,
    aluZoneOperOutNatAction                Counter64,                    
    aluZoneOperInDropAction                Counter64,
    aluZoneOperOutDropAction               Counter64
}

aluZoneOperId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperId 
                specifies the unique id of the Zone in the system." 
    ::= { aluZoneOperEntry 1 }

aluZoneOperName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperName 
                specifies the name of the Zone in the system."
    ::= { aluZoneOperEntry 2 }

aluZoneOperBypass  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZoneOperBypass specifies whether this zone is being bypassed."
    ::= { aluZoneOperEntry 3 }

aluZoneOperDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Description about this zone."
    ::= { aluZoneOperEntry 4 }

aluZoneOperPlcyRuleCount  OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZoneOperPlcyRuleCount indicates the number of rules that
                this policy contains based on the security policies activated on this zone."
    ::= { aluZoneOperEntry 5 }

aluZoneOperType OBJECT-TYPE
    SYNTAX      TZoneType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Indicates the type of zone."
    ::= { aluZoneOperEntry 6 }

aluZoneOperSvcId OBJECT-TYPE
    SYNTAX      TmnxServId
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Specifies the service this zone belongs to when zone type is 'service'."
    ::= { aluZoneOperEntry 7 }

aluZoneOperInSessionCount OBJECT-TYPE
    SYNTAX      Counter64 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperInSessionCount 
                indicates the total number of inbound sessions ever established for
                this zone." 
    ::= { aluZoneOperEntry 8 }

aluZoneOperInActiveSessions OBJECT-TYPE
    SYNTAX      Gauge32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperInActiveSessions 
                indicates the number of currently active inbound sessions for
                this zone." 
    ::= { aluZoneOperEntry 9 }

aluZoneOperOutSessionCount OBJECT-TYPE
    SYNTAX      Counter64 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperOutSessionCount 
                indicates the total number of outbound sessions ever established for
                this zone." 
    ::= { aluZoneOperEntry 10 }

aluZoneOperOutActiveSessions OBJECT-TYPE
    SYNTAX      Gauge32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperOutActiveSessions 
                indicates the number of currently active outbound sessions for
                this zone." 
    ::= { aluZoneOperEntry 11 }

aluZoneOperInPktsDropped OBJECT-TYPE
    SYNTAX      Counter64 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of inbound packets dropped due to policy." 
    ::= { aluZoneOperEntry 12 }

aluZoneOperInBytesDropped OBJECT-TYPE
    SYNTAX      Counter64 
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION "The number of inbound bytes dropped due to policy." 
    ::= { aluZoneOperEntry 13 }

aluZoneOperOutPktsDropped OBJECT-TYPE
    SYNTAX      Counter64 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of outbound packets dropped due to policy." 
    ::= { aluZoneOperEntry 14 }

aluZoneOperOutBytesDropped OBJECT-TYPE
    SYNTAX      Counter64 
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION "The number of outbound bytes dropped due to policy." 
    ::= { aluZoneOperEntry 15 }

aluZoneOperInPktsDefAction OBJECT-TYPE
    SYNTAX      Counter64 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of inbound packets that the default 
                 action was applied." 
    ::= { aluZoneOperEntry 16 }

aluZoneOperInBytesDefAction OBJECT-TYPE
    SYNTAX      Counter64 
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION "The number of inbound bytes that the default
                 action was applied." 
    ::= { aluZoneOperEntry 17 }

aluZoneOperOutPktsDefAction OBJECT-TYPE
    SYNTAX      Counter64 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The number of outbound packets that the default 
                 action was applied." 
    ::= { aluZoneOperEntry 18 }

aluZoneOperOutBytesDefAction OBJECT-TYPE
    SYNTAX      Counter64 
    MAX-ACCESS  read-only
    STATUS      obsolete
    DESCRIPTION "The number of outbound bytes that the default
                 action was applied." 
    ::= { aluZoneOperEntry 19 }

aluZoneOperPlcyLastCommit OBJECT-TYPE
    SYNTAX      TimeStamp 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The last time a commit was performed on this zone." 
    ::= { aluZoneOperEntry 20 }

aluZoneOperInTcpSessLimit OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperInTcpSessLimit 
                indicates the number of permitted active in sessions with
                protocol TCP." 
    ::= { aluZoneOperEntry 21 }

aluZoneOperInUdpSessLimit OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperInUdpSessLimit 
                indicates the number of permitted active in sessions with
                protocol UDP." 
    ::= { aluZoneOperEntry 22 }

aluZoneOperInIcmpSessLimit OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOpeInrIcmpSessLimit 
                indicates the number of permitted active in sessions with
                protocol ICMP." 
    ::= { aluZoneOperEntry 23 }

aluZoneOperInOthSessLimit OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperInOthSessLimit 
                indicates the number of permitted active in sessions of all
                other protocols." 
    ::= { aluZoneOperEntry 24 }

aluZoneOperOutTcpSessLimit OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperInTcpSessLimit 
                indicates the number of permitted active outsessions with
                protocol TCP." 
    ::= { aluZoneOperEntry 25 }

aluZoneOperOutUdpSessLimit OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperInUdpSessLimit 
                indicates the number of permitted active out sessions with
                protocol UDP." 
    ::= { aluZoneOperEntry 26 }

aluZoneOperOutIcmpSessLimit OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOpeInrIcmpSessLimit 
                indicates the number of permitted active out sessions with
                protocol ICMP." 
    ::= { aluZoneOperEntry 27 }

aluZoneOperOutOthSessLimit OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperInOthSessLimit 
                indicates the number of permitted active out sessions of all
                other protocols." 
    ::= { aluZoneOperEntry 28 }

aluZoneOperInTcpActSessions OBJECT-TYPE
    SYNTAX      Gauge32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneInOperTcpActSessions 
                indicates the number of active sessions with
                protocol TCP." 
    ::= { aluZoneOperEntry 29 }

aluZoneOperInUdpActSessions OBJECT-TYPE
    SYNTAX      Gauge32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneInOperUdpActSessions 
                indicates the number of active sessions with
                protocol UDP." 
    ::= { aluZoneOperEntry 30 }

aluZoneOperInIcmpActSessions OBJECT-TYPE
    SYNTAX      Gauge32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperInIcmpActSessions 
                indicates the number of active sessions with
                protocol ICMP." 
    ::= { aluZoneOperEntry 31 }

aluZoneOperInOthActSessions OBJECT-TYPE
    SYNTAX      Gauge32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperInOthActiveSessions 
                indicates the number of active sessions of all
                other protocols." 
    ::= { aluZoneOperEntry 32 }

aluZoneOperOutTcpActSessions OBJECT-TYPE
    SYNTAX      Gauge32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperOutTcpActSessions 
                indicates the number of active sessions with
                protocol TCP." 
    ::= { aluZoneOperEntry 33 }

aluZoneOperOutUdpActSessions OBJECT-TYPE
    SYNTAX      Gauge32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperUdpActSessions 
                indicates the number of active sessions with
                protocol UDP." 
    ::= { aluZoneOperEntry 34 }

aluZoneOperOutIcmpActSessions OBJECT-TYPE
    SYNTAX      Gauge32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperOutIcmpActSessions 
                indicates the number of active sessions with
                protocol ICMP." 
    ::= { aluZoneOperEntry 35 }

aluZoneOperOutOthActSessions OBJECT-TYPE
    SYNTAX      Gauge32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneOperOutOthActSessions 
                indicates the number of active sessions of all
                other protocols." 
    ::= { aluZoneOperEntry 36 }
    
aluZoneOperLogId OBJECT-TYPE
    SYNTAX      Unsigned32 (0..65535)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneConfigLogId
                indicates the log-id for security logging." 
    ::= { aluZoneOperEntry 38 }

aluZoneOperAutoBind OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZoneConfigAutoBind specifies whether this zone is being used to enforce policy
                 on traffic to/from MP-BGP auto-binding and spoke-sdps. This configuration is only permitted on 
                 VPRN zones and can only be enabled when no other interfaces are provisioned inside this zone."
    ::= { aluZoneOperEntry 39 }

aluZoneOperInFwdAction OBJECT-TYPE
    SYNTAX      Counter64 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The accumulated number of inbound sessions with forward action." 
    ::= { aluZoneOperEntry 40 }

aluZoneOperOutFwdAction OBJECT-TYPE
    SYNTAX      Counter64 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The accumulated number of outbound sessions with forward action." 
    ::= { aluZoneOperEntry 41 }

aluZoneOperInNatAction OBJECT-TYPE
    SYNTAX      Counter64 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The accumulated number of inbound sessions with NAT action." 
    ::= { aluZoneOperEntry 42 }

aluZoneOperOutNatAction OBJECT-TYPE
    SYNTAX      Counter64 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The accumulated number of outbound sessions with NAT action." 
    ::= { aluZoneOperEntry 43 }

aluZoneOperInDropAction OBJECT-TYPE
    SYNTAX      Counter64 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The accumulated number of inbound sessions with drop action." 
    ::= { aluZoneOperEntry 44 }

aluZoneOperOutDropAction OBJECT-TYPE
    SYNTAX      Counter64 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The accumulated number of outbound sessions with drop action." 
    ::= { aluZoneOperEntry 45 }

--
-- Zone Policy Operational Table
--
aluZonePlcyOperTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TZonePlcyOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluZonePlcyOperTable describes the active policy of this
                 zone.  This table is a flattened ordered list of rules for this zone based
                 on the security policies that have been activated."
    ::= { aluSecurityOperObjs 2 }

aluZonePlcyOperEntry OBJECT-TYPE
    SYNTAX      TZonePlcyOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular zone entry."
    INDEX { aluZoneOperId, 
            aluZonePlcyOperRuleId }
    ::= { aluZonePlcyOperTable 1 }

TZonePlcyOperEntry ::= SEQUENCE {
    aluZonePlcyOperRuleId                              Unsigned32,
    aluZonePlcyOperEntryId                             Unsigned32,
    aluZonePlcyOperActive                              TruthValue,
    aluZonePlcyOperFlags                               BITS,
    aluZonePlcyOperSecPlcyId                           Unsigned32,
    aluZonePlcyOperSecPlcyRuleId                       Unsigned32,
    aluZonePlcyOperNatPoolId                           Unsigned32,
    aluZonePlcyOperRuleHitCount                        Counter64,
    aluZonePlcyOperRuleActiveSessions                  Gauge32   
}

aluZonePlcyOperRuleId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluZonePlcyOperRuleId 
                rule id of each operational rule in the Zone. 
                The rule id is assigned by the system based on the
                security policies that have been activated on this zone." 
    ::= { aluZonePlcyOperEntry 1 }

aluZonePlcyOperEntryId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZonePlcyOperEntryId 
                specifies the zone policy entry this rule is associated with."
    ::= { aluZonePlcyOperEntry 2 }

aluZonePlcyOperActive OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZonePlcyOperActive 
                indicates whether this rule is active for rule parsing
                in the zone policy." 
    ::= { aluZonePlcyOperEntry 3 }

aluZonePlcyOperFlags OBJECT-TYPE
    SYNTAX          BITS {
                        noNatPool            (0) -- NAT Pool is not active
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION     "This object specifies all the conditions that
                     affect the active status of this Zone Policy."
    ::= { aluZonePlcyOperEntry 4 }

aluZonePlcyOperSecPlcyId  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZonePlcyOperSecPlcyId specifies the security policy
                that this rule was derived from."
    ::= { aluZonePlcyOperEntry 5 }

aluZonePlcyOperSecPlcyRuleId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZonePlcyOperSecPlcyRuleId specifies the rule from the
                security policy specified by aluZonePlcyOperSecPlcyId that defines this
                zone policy rule."
    ::= { aluZonePlcyOperEntry 6 }

aluZonePlcyOperNatPoolId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZonePlcyOperNatPoolId specifies the NAT Pool to be used
                for this rule when the action is NAT."
    ::= { aluZonePlcyOperEntry 7 }

aluZonePlcyOperRuleHitCount OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZonePlcyOperRuleHitCount specifies the number of times this
                 rule has been matched."
    ::= { aluZonePlcyOperEntry 8 }

aluZonePlcyOperRuleActiveSessions OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZonePlcyOperRuleActiveSessions specifies the number of currently
                 active sessions this rule has outstanding."
    ::= { aluZonePlcyOperEntry 9 }

--
-- Zone NAT Pool Operational Table
--
aluZoneNatPoolOperTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TZoneNatPoolOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluZoneNatPoolOperTable has an entry for each
                nat-pool of ip addresses and ports configured on a particular zone."
    ::= { aluSecurityOperObjs 3 }

aluZoneNatPoolOperEntry OBJECT-TYPE
    SYNTAX      TZoneNatPoolOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular policy entry."
    INDEX { aluZoneOperId, aluZoneNatPoolOperId }
    ::= { aluZoneNatPoolOperTable 1 }

TZoneNatPoolOperEntry ::= SEQUENCE {
    aluZoneNatPoolOperId                       Unsigned32,
    aluZoneNatPoolOperName                     TNamedItemOrEmpty,
    aluZoneNatPoolOperDescription              TItemDescription,
    aluZoneNatPoolOperType                     TPoolType,
    aluZoneNatPoolOperDirection                INTEGER
}

aluZoneNatPoolOperId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluZoneNatPoolOperId 
                specifies the unique id of the NAT-Pool entries within the zone."
    ::= { aluZoneNatPoolOperEntry 1 }

aluZoneNatPoolOperName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluZoneNatPoolOperName 
                specifies the name of the NAT Pool."
    ::= { aluZoneNatPoolOperEntry 2 }

aluZoneNatPoolOperDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Description of this nat pool."
    DEFVAL      { ''H }
    ::= { aluZoneNatPoolOperEntry 3 }

aluZoneNatPoolOperType OBJECT-TYPE
    SYNTAX      TPoolType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Specifies type of pool"
    ::= { aluZoneNatPoolOperEntry 4 }

aluZoneNatPoolOperDirection OBJECT-TYPE
    SYNTAX      INTEGER {
                    unknown (0),
                    zoneInbound (1),
                    zoneOutbound (2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Specifies direction of the pool."
    ::= { aluZoneNatPoolOperEntry 5 }

--
-- NAT Pool Params Operational Table
--
aluZoneNatPoolParamsOperTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TZoneNatPoolParamsOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluZoneNatPoolParamsOperTable has an entry NAT Pool 
                 params entry configured on this system."
    ::= { aluSecurityOperObjs 4 }

aluZoneNatPoolParamsOperEntry OBJECT-TYPE
    SYNTAX      TZoneNatPoolParamsOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular NAT Pool params entry."
    INDEX { aluZoneOperId, aluZoneNatPoolOperId,
            aluZoneNatPoolParamsOperEntryId }
    ::= { aluZoneNatPoolParamsOperTable 1 }

TZoneNatPoolParamsOperEntry ::= SEQUENCE {
    aluZoneNatPoolParamsOperEntryId           Unsigned32,
    aluZoneNatPoolParamsOperIPAddrValue1      IpAddress,
    aluZoneNatPoolParamsOperIPAddrValue2      IpAddress,
    aluZoneNatPoolParamsOperIPOperator        TIPOperator,
    aluZoneNatPoolParamsOperIPInterfaceIndex  InterfaceIndexOrZero,
    aluZoneNatPoolParamsOperPortOperator      TTcpUdpPortOperator,
    aluZoneNatPoolParamsOperPortValue1        TTcpUdpPort,
    aluZoneNatPoolParamsOperPortValue2        TTcpUdpPort
}

aluZoneNatPoolParamsOperEntryId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of aluZoneNatPoolParamsOperEntryId specifies the 
                3rd index for the entry."
    ::= { aluZoneNatPoolParamsOperEntry 1 }

aluZoneNatPoolParamsOperIPAddrValue1 OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object 
                aluZoneNatPoolParamsOperIPAddrValue1 specifies 
                the starting range of IP address of the NAT pool."
    DEFVAL { '00000000'H }
    ::= { aluZoneNatPoolParamsOperEntry 2 }

aluZoneNatPoolParamsOperIPAddrValue2 OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object 
                aluZoneNatPoolParamsOperIPAddrValue2 specifies 
                the ending range of IP address of the NAT pool."
    DEFVAL { '00000000'H }
    ::= { aluZoneNatPoolParamsOperEntry 3 }

aluZoneNatPoolParamsOperIPOperator OBJECT-TYPE
    SYNTAX      TIPOperator
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The operator specifies the manner in which
                aluZoneNatPoolParamsOperIPAddrValue1 and 
                aluZoneNatPoolParamsOperIPAddrValue2
                are to be used. The value of these below 2 objects and
                aluZoneNatPoolParamsOperIPOperator is used as described in
                TIPOperator."
    DEFVAL { none }
    ::= { aluZoneNatPoolParamsOperEntry 4 }

aluZoneNatPoolParamsOperIPInterfaceIndex OBJECT-TYPE
    SYNTAX      InterfaceIndexOrZero
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The aluZoneNatPoolParamsOperIPInterfaceIndex specifies
                the index of the interface that the primary-address of that
                interface is to be used in the NAT pool.
                The interface must exist in the same vRtr that the NAT pool
                resides."
    DEFVAL { 0 }
    ::= { aluZoneNatPoolParamsOperEntry 5 }

aluZoneNatPoolParamsOperPortOperator OBJECT-TYPE
    SYNTAX      TTcpUdpPortOperator
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The operator specifies the manner in which
                aluZoneNatPoolParamsOperPortValue1 and 
                aluZoneNatPoolParamsOperPortValue2
                are to be used. The value of these below 2 objects and
                aluZoneNatPoolParamsOperPortOperator is used as described in
                TTcpUdpPortOperator."
    DEFVAL { none }
    ::= { aluZoneNatPoolParamsOperEntry 6 }

aluZoneNatPoolParamsOperPortValue1 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "TCP/UDP port value1. The value of this object is used as per the
                description for aluZoneNatPoolParamsOperPortOperator."
    DEFVAL { 0 }
    ::= { aluZoneNatPoolParamsOperEntry 7 }

aluZoneNatPoolParamsOperPortValue2  OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "TCP/UDP port value2. The value of this object is used as per the
                description for aluZoneNatPoolParamsOperPortOperator."
    DEFVAL { 0 }
    ::= { aluZoneNatPoolParamsOperEntry 8 }

--
--  Security Policy Operational Table
--
aluSecPlcyOperTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecPlcyOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecPlcyOperTable has an entry for each
                policy configured globally on this system."
    ::= { aluSecurityOperObjs 5 }

aluSecPlcyOperEntry OBJECT-TYPE
    SYNTAX      TSecPlcyOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a security policy."
    INDEX { aluSecPlcyOperId }
    ::= { aluSecPlcyOperTable 1 }

TSecPlcyOperEntry ::= SEQUENCE {
    aluSecPlcyOperId                                Unsigned32,
    aluSecPlcyOperName                              TNamedItemOrEmpty,
    aluSecPlcyOperDescription                       TItemDescription,
    aluSecPlcyOperRuleCount                         Gauge32,
    aluSecPlcyOperZoneRefCount                      Gauge32
}

aluSecPlcyOperId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyOperId 
                specifies the unique id in the for the policy in
                the system."
    ::= { aluSecPlcyOperEntry 1 }

aluSecPlcyOperName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Name of the security policy."
    ::= { aluSecPlcyOperEntry 2 }

aluSecPlcyOperDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Description of this security policy."
    ::= { aluSecPlcyOperEntry 3 }

aluSecPlcyOperRuleCount  OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluSecPlcyOperRuleCount indicates the current number of
                rules that are part of the security policy."
    ::= { aluSecPlcyOperEntry 4 }

aluSecPlcyOperZoneRefCount  OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluSecPlcyOperZoneRefCount indicates the number of
                zones that are using this security policy."
    ::= { aluSecPlcyOperEntry 5 }

--
--  Security Policy Params Operational Table
--
aluSecPlcyParamsOperTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecPlcyParamsOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecPlcyParamsOperTable has an entry for each
                rule configured in each security policy."
    ::= { aluSecurityOperObjs 6 }

aluSecPlcyParamsOperEntry OBJECT-TYPE
    SYNTAX      TSecPlcyParamsOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular rule parameters."
    INDEX { aluSecPlcyOperId, 
            aluSecPlcyParamsOperRuleId }
    ::= { aluSecPlcyParamsOperTable 1 }

TSecPlcyParamsOperEntry ::= SEQUENCE {
    aluSecPlcyParamsOperRuleId                      Unsigned32,
    aluSecPlcyParamsOperDescription                 TItemDescription,
    aluSecPlcyParamsOperMatchSrcIPAddrValue1        IpAddress,
    aluSecPlcyParamsOperMatchSrcIPAddrValue2        IpAddress,
    aluSecPlcyParamsOperMatchSrcIPOperator          TIPOperator,
    aluSecPlcyParamsOperMatchSrcIPHostGroup         Unsigned32,
    aluSecPlcyParamsOperMatchDstIPAddrValue1        IpAddress,
    aluSecPlcyParamsOperMatchDstIPAddrValue2        IpAddress,
    aluSecPlcyParamsOperMatchDstIPOperator          TIPOperator,
    aluSecPlcyParamsOperMatchDstIPHostGroup         Unsigned32,
    aluSecPlcyParamsOperMatchProtocol               TIpProtocol,
    aluSecPlcyParamsOperMatchSrcPortValue1          TTcpUdpPort,
    aluSecPlcyParamsOperMatchSrcPortValue2          TTcpUdpPort,
    aluSecPlcyParamsOperMatchSrcPortOp              TOperator,
    aluSecPlcyParamsOperMatchDstPortValue1          TTcpUdpPort,
    aluSecPlcyParamsOperMatchDstPortValue2          TTcpUdpPort,
    aluSecPlcyParamsOperMatchDstPortOp              TOperator,
    aluSecPlcyParamsOperMatchAppGroup               Unsigned32,
    aluSecPlcyParamsOperMatchIcmpCode               INTEGER,
    aluSecPlcyParamsOperMatchIcmpType               INTEGER,
    aluSecPlcyParamsOperMatchIgmpType               INTEGER,
    aluSecPlcyParamsOperMatchFlowDirection          INTEGER,
    aluSecPlcyParamsOperProfileId                   Unsigned32,
    aluSecPlcyParamsOperConcurrentFlowLimit         Unsigned32,
    aluSecPlcyParamsOperCreateRevDirFlow            TruthValue,
    aluSecPlcyParamsOperAction                      INTEGER,
    aluSecPlcyParamsOperMatchLocal                  TruthValue,
    aluSecPlcyParamsOperActionNatDstIPAddr          IpAddress,
    aluSecPlcyParamsOperActionNatDstPort            TTcpUdpPort,    
    aluSecPlcyParamsOperLogControl                  INTEGER,    
    aluSecPlcyParamsOperLogId                       TSecurityLogId    
}

aluSecPlcyParamsOperRuleId  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of aluSecPlcyParamsOperRuleId specifies the 
                rule index within the Security Policy."
    ::= { aluSecPlcyParamsOperEntry 1 }

aluSecPlcyParamsOperDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Description of this rule."
    ::= { aluSecPlcyParamsOperEntry 2 }

aluSecPlcyParamsOperMatchSrcIPAddrValue1 OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyParamsOperMatchSrcIPAddrValue1
                specifies the source IP address of the packets to be filltered.
                When configured and activated, This filter will be 
                applied to all IP packets whose source-ip must match the Value"
    DEFVAL { '00000000'H }
    ::= { aluSecPlcyParamsOperEntry 3 }

aluSecPlcyParamsOperMatchSrcIPAddrValue2 OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyParamsOperMatchSrcIPAddrValue2 
                specifies the source IP address of the packets to be filltered.
                When configured and activated, This filter will be 
                applied to all IP packets whose source-ip must match the Value"
    DEFVAL { '00000000'H }
    ::= { aluSecPlcyParamsOperEntry 4 }

aluSecPlcyParamsOperMatchSrcIPOperator OBJECT-TYPE
    SYNTAX      TIPOperator
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The operator specifies the manner in which
                aluSecPlcyParamsOperMatchSrcIPAddrValue1 and 
                aluSecPlcyParamsOperMatchSrcIPAddrValue2
                are to be used. The value of these below 2 objects and
                aluSecPlcyParamsOperMatchSrcIPOperator is used as described in
                TIPOperator."
    DEFVAL { none }
    ::= { aluSecPlcyParamsOperEntry 5 }

aluSecPlcyParamsOperMatchSrcIPHostGroup OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyParamsOperMatchSrcIPHostGroup 
                specifies the host group name, where the group name is a collection 
                of IP addresses."
    ::= { aluSecPlcyParamsOperEntry 6 }

aluSecPlcyParamsOperMatchDstIPAddrValue1 OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyParamsOperMatchDstIPAddrValue1
                specifies the source IP address of the packets to be filltered.
                When configured and activated, This filter will be 
                applied to all IP packets whose source-ip must match the Value"
    DEFVAL { '00000000'H }
    ::= { aluSecPlcyParamsOperEntry 7 }

aluSecPlcyParamsOperMatchDstIPAddrValue2 OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyParamsOperMatchDstIPAddrValue2 
                specifies the source IP address of the packets to be filltered.
                When configured and activated, This filter will be 
                applied to all IP packets whose source-ip must match the Value"
    DEFVAL { '00000000'H }
    ::= { aluSecPlcyParamsOperEntry 8 }

aluSecPlcyParamsOperMatchDstIPOperator OBJECT-TYPE
    SYNTAX      TIPOperator
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The operator specifies the manner in which
                aluSecPlcyParamsOperMatchDstIPAddrValue1 and 
                aluSecPlcyParamsOperMatchDstIPAddrValue2
                are to be used. The value of these below 2 objects and
                aluSecPlcyParamsOperMatchDstIPOperator is used as described in
                TIPOperator."
    DEFVAL { none }
    ::= { aluSecPlcyParamsOperEntry 9 }

aluSecPlcyParamsOperMatchDstIPHostGroup OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object 
                aluSecPlcyParamsOperMatchDstIPHostGroup specifies 
                the host group name, where the group name is a collection 
                of IP addresses."
    ::= { aluSecPlcyParamsOperEntry 10 }

aluSecPlcyParamsOperMatchProtocol OBJECT-TYPE
    SYNTAX      TIpProtocol
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "IP protocol to match.  set to -1 to disable matching IP protocol. If
                the protocol is changed the protocol specific parameters are reset."
    ::= { aluSecPlcyParamsOperEntry 11 }

aluSecPlcyParamsOperMatchSrcPortValue1 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "TCP/UDP port value."
    ::= { aluSecPlcyParamsOperEntry 12 }

aluSecPlcyParamsOperMatchSrcPortValue2 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "TCP/UDP port value."
    ::= { aluSecPlcyParamsOperEntry 13 }

aluSecPlcyParamsOperMatchSrcPortOp OBJECT-TYPE
    SYNTAX      TOperator
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "TCP/UDP port operator."
    ::= { aluSecPlcyParamsOperEntry 14 }

aluSecPlcyParamsOperMatchDstPortValue1 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "TCP/UDP port value."
    ::= { aluSecPlcyParamsOperEntry 15 }

aluSecPlcyParamsOperMatchDstPortValue2 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "TCP/UDP port value."
    ::= { aluSecPlcyParamsOperEntry 16 }

aluSecPlcyParamsOperMatchDstPortOp OBJECT-TYPE
    SYNTAX      TOperator
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "TCP/UDP port operator."
    ::= { aluSecPlcyParamsOperEntry 17 }

aluSecPlcyParamsOperMatchAppGroup  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyParamsOperMatchAppGroup 
                specifies the application group, where the app-group is a 
                collection of protocol-id/src port/dest port."
    ::= { aluSecPlcyParamsOperEntry 18 }

aluSecPlcyParamsOperMatchIcmpCode  OBJECT-TYPE
    SYNTAX      INTEGER (-1|0..255)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Icmp code to be matched."
    ::= { aluSecPlcyParamsOperEntry 19 }

aluSecPlcyParamsOperMatchIcmpType  OBJECT-TYPE
    SYNTAX      INTEGER (-1|0..255)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Icmp type to be matched."
    ::= { aluSecPlcyParamsOperEntry 20 }

aluSecPlcyParamsOperMatchIgmpType  OBJECT-TYPE
    SYNTAX      INTEGER (-1|0..255)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Type of IGMP to be configured"
    ::= { aluSecPlcyParamsOperEntry 21 }

aluSecPlcyParamsOperMatchFlowDirection  OBJECT-TYPE
    SYNTAX      INTEGER {
                    zoneInbound (1),
                    zoneOutbound (2),
                    both (3)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "This object specifies the direction of the packet flow
                for which the rule is matched.
                in is equivalent to zone ingress flow,
                out is equivalent to zone egress flow,
                both is equivalent to both ingress and egress flow"
    ::= { aluSecPlcyParamsOperEntry 22 }

aluSecPlcyParamsOperProfileId  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..120)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies traffic profile."
    ::= { aluSecPlcyParamsOperEntry 23 }

aluSecPlcyParamsOperConcurrentFlowLimit  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..10000)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies max number of simultaneous 
                sessions allowed for this particular rule. Beyond this 
                limit, new sessions will not be created.
                Sessions will be created internally for a packet with 
                unique 5 tuples (Src IP, Dst IP, Protocol number, 
                Src Port and Dst Port.  0 means no limit"
    ::= { aluSecPlcyParamsOperEntry 24 }

aluSecPlcyParamsOperCreateRevDirFlow  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluSecPlcyParamsOperCreateRevDirFlow specifies 
                whether return direction of the session is created or not"
    ::= { aluSecPlcyParamsOperEntry 25 }

aluSecPlcyParamsOperAction  OBJECT-TYPE
    SYNTAX      INTEGER {
                    forward (0),
                    drop (1),
                    nat   (2),
                    reject (3)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "This object specifies whether the packet needs to be
                passed or dropped if it satisfies the rule condition."
    ::= { aluSecPlcyParamsOperEntry 26 }

aluSecPlcyParamsOperMatchLocal  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluSecPlcyParamsOperMatchLocal specifies 
                whether to match traffic destined to node"
    DEFVAL { false }
    ::= { aluSecPlcyParamsOperEntry 27 }

aluSecPlcyParamsOperActionNatDstIPAddr OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluSecPlcyParamsOperActionNatDstIPAddr
                specifies the Dst IP address of the packet after NAT has been
                performed"
    DEFVAL { '00000000'H }
    ::= { aluSecPlcyParamsOperEntry 28 }

aluSecPlcyParamsOperActionNatDstPort OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "NAT Destination TCP/UDP port value."
    DEFVAL { 0 }
    ::= { aluSecPlcyParamsOperEntry 39 }

aluSecPlcyParamsOperLogControl OBJECT-TYPE
    SYNTAX      INTEGER
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Log control for policy."
    ::= { aluSecPlcyParamsOperEntry 40 }

aluSecPlcyParamsOperLogId OBJECT-TYPE
    SYNTAX      TSecurityLogId
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Log Destination for policy."
    ::= { aluSecPlcyParamsOperEntry 41 }

--
--  Security Profile Operational Table
--
aluSecProfileOperTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecProfileOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecProfileOperTable has an entry for each
                security profile configured globally on this system."
    ::= { aluSecurityOperObjs 7 }

aluSecProfileOperEntry OBJECT-TYPE
    SYNTAX      TSecProfileOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular security profile."
    INDEX { aluSecProfileOperId }
    ::= { aluSecProfileOperTable 1 }

TSecProfileOperEntry ::= SEQUENCE {
    aluSecProfileOperId                     Unsigned32,
    aluSecProfileOperName                   TNamedItemOrEmpty,
    aluSecProfileOperDescription            TItemDescription,
    aluSecProfileOperPlcyRefCount           Unsigned32,
    aluSecProfileOperTcpSynTimeout          Unsigned32,
    aluSecProfileOperTcpWaitTimeout         Unsigned32,
    aluSecProfileOperTcpTransTimeout        Unsigned32,
    aluSecProfileOperTcpEstTimeout          Unsigned32,
    aluSecProfileOperUdpTimeout             Unsigned32,
    aluSecProfileOperUdpInitTimeout         Unsigned32,
    aluSecProfileOperUdpDnsTimeout          Unsigned32,
    aluSecProfileOperIcmpTimeout            Unsigned32,
    aluSecProfileOperOtherTimeout            Unsigned32,
    aluSecProfileOperAppInspect             TruthValue,
    aluSecProfileOperInspectTcp             TruthValue,
    aluSecProfileOperInspectIpOpt           TruthValue,
    aluSecProfileOperAllowedIpOpt           Unsigned32,
    aluSecProfileOperAllowPktFrag           TruthValue,
    aluSecProfileOperAlg                    TAlgType,    
    aluSecProfileOperIcmpReqLimit           Unsigned32,
    aluSecProfileOperIcmpErrLimit           TruthValue,
    aluSecProfileOperDnsReplyOnly           TruthValue,
    aluSecProfileOperTcpTmoStrict           TruthValue,
    aluSecProfileOperUdpTmoStrict           TruthValue,
    aluSecProfileOperIcmpTmoStrict          TruthValue,
    aluSecProfileOperDnsTmoStrict           TruthValue,
    aluSecProfileOperOthTmoStrict           TruthValue,
    aluSecProfileOperFwdPolicerId           TSecurityPolicerId,
    aluSecProfileOperRevPolicerId           TSecurityPolicerId
}

aluSecProfileOperId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluSecProfileOperId 
                specifies the unique profile id."
    ::= { aluSecProfileOperEntry 1 }

aluSecProfileOperName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Name of the security profile."
    DEFVAL      { ''H }
    ::= { aluSecProfileOperEntry 2 }

aluSecProfileOperDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Description of this security profile."
    DEFVAL      { ''H }
    ::= { aluSecProfileOperEntry 3 }
    
aluSecProfileOperPlcyRefCount  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of times 
                this profile is referenced in security policies."
    ::= { aluSecProfileOperEntry 4 }

aluSecProfileOperTcpSynTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds a
                TCP session can wait for a SYN before being cleaned up."
    ::= { aluSecProfileOperEntry 5 }

aluSecProfileOperTcpWaitTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds a
                TCP session can remain in time wait before being cleaned up."
    ::= { aluSecProfileOperEntry 6 }

aluSecProfileOperTcpTransTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds a
                TCP session can remain be transitory before being cleaned up."
    ::= { aluSecProfileOperEntry 7 }

aluSecProfileOperTcpEstTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds a
                TCP session has to reach established before being cleaned up."
    ::= { aluSecProfileOperEntry 8 }

aluSecProfileOperUdpTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds a
                UDP session can remain idle before being cleaned up."
    ::= { aluSecProfileOperEntry 9 }

aluSecProfileOperUdpInitTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds a
                UDP session can remain idle after recieving the first packet
                before being cleaned up."
    ::= { aluSecProfileOperEntry 10 }

aluSecProfileOperUdpDnsTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds a
                DNS request can take to recieve a response 
                before being cleaned up."
    ::= { aluSecProfileOperEntry 11 }

aluSecProfileOperIcmpTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds an
                ICMP request can take to recieve a response 
                before being cleaned up."
    ::= { aluSecProfileOperEntry 12 }

aluSecProfileOperOtherTimeout  OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of seconds other
                protocol sessions can remain idle before being cleaned up."
    ::= { aluSecProfileOperEntry 13 }

aluSecProfileOperAppInspect  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object indicates whether application inspection
                 should be performed on all active connections with this profile."
    DEFVAL { false }
    ::= { aluSecProfileOperEntry 14 }
    
aluSecProfileOperInspectTcp  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object indicates whether stict TCP inspection
                 should be performed on all active TCP connections with this profile."
    DEFVAL { false }
    ::= { aluSecProfileOperEntry 15 }
    
aluSecProfileOperInspectIpOpt  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object indicates whether IP options inspection
                 is to be performed. When 'true' the object aluSecProfileOperAllowedIpOpt
                 is used to specify permitted options."
    DEFVAL { false }
    ::= { aluSecProfileOperEntry 16 }
    
aluSecProfileOperAllowedIpOpt  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object indicates the bothmask of allowed IP options when IP
                 option inspection is enabled."
    ::= { aluSecProfileOperEntry 17 }

aluSecProfileOperAllowPktFrag  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object indicates whether fragmented IP packets are
                 permitted through connections with this profile."
    DEFVAL { true }
    ::= { aluSecProfileOperEntry 18 }

aluSecProfileOperAlg  OBJECT-TYPE
    SYNTAX      TAlgType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object indicates the application layer 
                 gateway processing to be performed on this connection."
    DEFVAL { auto }
    ::= { aluSecProfileOperEntry 19 }

aluSecProfileOperIcmpReqLimit  OBJECT-TYPE
    SYNTAX      Unsigned32 (0..254)
    UNITS       "packets"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies the number of ICMP packets permitted
                to travese the ICMP request session in each direction.
                A value of 0 specifies that there is no packet limit.
                aluSecProfileConfigAppInspect must be enabled before ICMP inspection
                can be enabled."
    DEFVAL { 0 }
    ::= { aluSecProfileOperEntry 20}

aluSecProfileOperIcmpErrLimit  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies the whether to limit the number of ICMP Type 3 
                packets that are permitted to travese the session in each direction.
                aluSecProfileConfigAppInspect must be enabled before ICMP inspection
                can be enabled."
    DEFVAL { false }
    ::= { aluSecProfileOperEntry 21}

aluSecProfileOperDnsReplyOnly  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies the whether to limit the number of DNS  
                packets that are permitted to travese a DNS session in each direction.
                aluSecProfileConfigAppInspect must be enabled before DNS inspection
                can be enabled."
    DEFVAL { false }
    ::= { aluSecProfileOperEntry 22}

aluSecProfileOperTcpTmoStrict  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies if a TCP Session in the Established 
                state is strictly enforced to timeout after the Timeout setting regardless of 
                session activity.  When'false' the session will not timeout until the session
                has been idle for the timeout period."
    ::= { aluSecProfileOperEntry 23}

aluSecProfileOperUdpTmoStrict  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies if a UDP Session in the Established 
                state is strictly enforced to timeout after the Timeout setting regardless of 
                session activity.  When'false' the session will not timeout until the session
                has been idle for the timeout period."
    ::= { aluSecProfileOperEntry 24}

aluSecProfileOperIcmpTmoStrict  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies if a ICMP Request Session 
                is strictly enforced to timeout after the Timeout setting regardless of 
                session activity.  When'false' the session will not timeout until the session
                has been idle for the timeout period."
    ::= { aluSecProfileOperEntry 25}

aluSecProfileOperDnsTmoStrict  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies if a DNS Request Session 
                is strictly enforced to timeout after the Timeout setting regardless of 
                session activity.  When'false' the session will not timeout until the session
                has been idle for the timeout period."
    ::= { aluSecProfileOperEntry 26}

aluSecProfileOperOthTmoStrict  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies if a Other protocol session 
                is strictly enforced to timeout after the Timeout setting regardless of 
                session activity.  When'false' the session will not timeout until the session
                has been idle for the timeout period."
    DEFVAL { false }
    ::= { aluSecProfileOperEntry 27}

aluSecProfileOperFwdPolicerId  OBJECT-TYPE
    SYNTAX      TSecurityPolicerId
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies the policer group that the forward direction
                 of the session should be rate-limited with."
    ::= { aluSecProfileOperEntry 28}

aluSecProfileOperRevPolicerId  OBJECT-TYPE
    SYNTAX      TSecurityPolicerId
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object specifies the policer group that the reverse direction
                 of the session should be rate-limited with."
    ::= { aluSecProfileOperEntry 29}

--
--  Zone Inbound Session Table
--
aluZoneInboundSessionTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TZoneInboundSessionEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluZoneInboundSessionTable has an entry for each
                session establish entering a zone."
    ::= { aluSecurityOperObjs 8 }

aluZoneInboundSessionEntry OBJECT-TYPE
    SYNTAX      TZoneInboundSessionEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular inbound active session."
    INDEX { aluZoneOperId, 
            aluZoneSessionId }
    ::= { aluZoneInboundSessionTable 1 }

TZoneInboundSessionEntry ::= SEQUENCE {
    aluZoneSessionId                                Unsigned32,
    aluZoneInboundSessionProtocol                   TIpProtocol,
    aluZoneInboundSessionSrcZoneId                  Unsigned32,
    aluZoneInboundSessionSrcIPAddrValue             IpAddress,
    aluZoneInboundSessionSrcPortValue               TTcpUdpPort,
    aluZoneInboundSessionDstIPAddrValue             IpAddress,
    aluZoneInboundSessionDstPortValue               TTcpUdpPort,
    aluZoneInboundSessionRevDirCreated              TruthValue,
    aluZoneInboundSessionAction                     INTEGER,
    aluZoneInboundSessionNatSrcIPAddrValue          IpAddress,
    aluZoneInboundSessionNatSrcPortValue            TTcpUdpPort,
    aluZoneInboundSessionNatDstIPAddrValue          IpAddress,
    aluZoneInboundSessionNatDstPortValue            TTcpUdpPort,
    aluZoneInboundSessionEstablished                TimeStamp,
    aluZoneInboundSessionAlg                        INTEGER,
    aluZoneInboundSessionInspect                    TruthValue,
    aluZoneInboundSessionFwdPolicerId               TSecurityPolicerId,
    aluZoneInboundSessionRevPolicerId               TSecurityPolicerId,
    aluZoneInboundSessionCreator                    Unsigned32
}

aluZoneSessionId  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of aluZoneSessionId specifies the 
                session index for this active session."
    ::= { aluZoneInboundSessionEntry 1 }

aluZoneInboundSessionProtocol OBJECT-TYPE
    SYNTAX      TIpProtocol
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "IP protocol of session."
    ::= { aluZoneInboundSessionEntry 2 }

aluZoneInboundSessionSrcZoneId  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZoneInboundSessionSrcZoneId secifies the 
                source zone that established this session."
    ::= { aluZoneInboundSessionEntry 3 }

aluZoneInboundSessionSrcIPAddrValue OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZoneInboundSessionSrcIPAddrValue 
                specifies the source IP address of this flow."
    ::= { aluZoneInboundSessionEntry 4 }

aluZoneInboundSessionSrcPortValue OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Source TCP/UDP port value."
    ::= { aluZoneInboundSessionEntry 5 }

aluZoneInboundSessionDstIPAddrValue OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Destination IP address of this flow."
    ::= { aluZoneInboundSessionEntry 6 }

aluZoneInboundSessionDstPortValue OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Destination TCP/UDP port value."
    ::= { aluZoneInboundSessionEntry 7 }

aluZoneInboundSessionRevDirCreated  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZoneInboundSessionRevDirCreated indicates 
                whether return direction of the session was created or not"
    ::= { aluZoneInboundSessionEntry 8 }

aluZoneInboundSessionAction  OBJECT-TYPE
    SYNTAX      INTEGER {
                    forward  (0),
                    drop     (1),
                    nat      (2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "This object specifies session action."
    ::= { aluZoneInboundSessionEntry 9 }

aluZoneInboundSessionNatSrcIPAddrValue OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZoneInboundSessionNatSrcIPAddrValue 
                specifies the source IP address of this flow has after NAT."
    ::= { aluZoneInboundSessionEntry 10 }

aluZoneInboundSessionNatSrcPortValue OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "NAT Source TCP/UDP port value."
    ::= { aluZoneInboundSessionEntry 11 }

aluZoneInboundSessionNatDstIPAddrValue OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZoneInboundSessionNatDstIPAddrValue 
                specifies the destination IP address of this flow has after NAT."
    ::= { aluZoneInboundSessionEntry 12 }

aluZoneInboundSessionNatDstPortValue OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "NAT Destination TCP/UDP port value."
    ::= { aluZoneInboundSessionEntry 13 }

aluZoneInboundSessionEstablished OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Time that this session was established."
    ::= { aluZoneInboundSessionEntry 14 }

aluZoneInboundSessionAlg  OBJECT-TYPE
    SYNTAX      INTEGER {
                    none     (0),
                    algRule  (1),
                    ftp      (2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "This object specifies ALG being performed on session.
                 algRule - Dynamic Rule for ALG Data Sessions
                 ftp     - FTP Control Session"
    ::= { aluZoneInboundSessionEntry 15 }

aluZoneInboundSessionInspect  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "This object specifies if session traffic is sent to central core."
    ::= { aluZoneInboundSessionEntry 16 }

aluZoneInboundSessionFwdPolicerId  OBJECT-TYPE
    SYNTAX      TSecurityPolicerId
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "This object specifies policer-group that forward session traffic 
                 is sent to."
    ::= { aluZoneInboundSessionEntry 17 }

aluZoneInboundSessionRevPolicerId  OBJECT-TYPE
    SYNTAX      TSecurityPolicerId
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "This object specifies policer-group that reverse session traffic 
                 is sent to."
    ::= { aluZoneInboundSessionEntry 18 }

aluZoneInboundSessionCreator  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "This object specifies the session-id that created this session via ALG."
    ::= { aluZoneInboundSessionEntry 19 }


--
--  Zone Outbound Session Table
--
aluZoneOutboundSessionTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TZoneOutboundSessionEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluZoneOutboundSessionTable has an entry for each
                session establish leaving a zone."
    ::= { aluSecurityOperObjs 9 }

aluZoneOutboundSessionEntry OBJECT-TYPE
    SYNTAX      TZoneOutboundSessionEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular inbound active session."
    INDEX { aluZoneOperId, 
            aluZoneSessionId }
    ::= { aluZoneOutboundSessionTable 1 }

TZoneOutboundSessionEntry ::= SEQUENCE {
    aluZoneOutboundSessionProtocol                   TIpProtocol,
    aluZoneOutboundSessionSrcIPAddrValue             IpAddress,
    aluZoneOutboundSessionSrcPortValue               TTcpUdpPort,
    aluZoneOutboundSessionDstIPAddrValue             IpAddress,
    aluZoneOutboundSessionDstPortValue               TTcpUdpPort,
    aluZoneOutboundSessionDstZoneId                  Unsigned32,
    aluZoneOutboundSessionRevDirCreated              TruthValue,
    aluZoneOutboundSessionAction                     INTEGER,
    aluZoneOutboundSessionNatSrcIPAddrValue          IpAddress,
    aluZoneOutboundSessionNatSrcPortValue            TTcpUdpPort,
    aluZoneOutboundSessionNatDstIPAddrValue          IpAddress,
    aluZoneOutboundSessionNatDstPortValue            TTcpUdpPort,
    aluZoneOutboundSessionEstablished                TimeStamp,
    aluZoneOutboundSessionAlg                        INTEGER,
    aluZoneOutboundSessionInspect                    TruthValue,
    aluZoneOutboundSessionFwdPolicerId               TSecurityPolicerId,
    aluZoneOutboundSessionRevPolicerId               TSecurityPolicerId,
    aluZoneOutboundSessionCreator                    Unsigned32
}

aluZoneOutboundSessionProtocol OBJECT-TYPE
    SYNTAX      TIpProtocol
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "IP protocol of session."
    ::= { aluZoneOutboundSessionEntry 1 }

aluZoneOutboundSessionSrcIPAddrValue OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZoneOutboundSessionSrcIPAddrValue 
                specifies the source IP address of this flow."
    ::= { aluZoneOutboundSessionEntry 2 }

aluZoneOutboundSessionSrcPortValue OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Source TCP/UDP port value."
    ::= { aluZoneOutboundSessionEntry 3 }

aluZoneOutboundSessionDstIPAddrValue OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Destination IP address of this flow."
    ::= { aluZoneOutboundSessionEntry 4 }

aluZoneOutboundSessionDstPortValue OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Destination TCP/UDP port value."
    ::= { aluZoneOutboundSessionEntry 5 }

aluZoneOutboundSessionDstZoneId  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZoneOutboundSessionDstZoneId specifies the 
                destination zone for this session."
    ::= { aluZoneOutboundSessionEntry 6 }

aluZoneOutboundSessionRevDirCreated  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZoneOutboundSessionRevDirCreated indicates 
                whether return direction of the session was created or not"
    ::= { aluZoneOutboundSessionEntry 7 }

aluZoneOutboundSessionAction  OBJECT-TYPE
    SYNTAX      INTEGER {
                    forward   (0),
                    drop      (1),
                    nat       (2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "This object specifies session action."
    ::= { aluZoneOutboundSessionEntry 8 }

aluZoneOutboundSessionNatSrcIPAddrValue OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZoneOutboundSessionNatSrcIPAddrValue 
                specifies the source IP address of this flow has after NAT."
    ::= { aluZoneOutboundSessionEntry 9 }

aluZoneOutboundSessionNatSrcPortValue OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "NAT Source TCP/UDP port value."
    ::= { aluZoneOutboundSessionEntry 10 }

aluZoneOutboundSessionNatDstIPAddrValue OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluZoneOutboundSessionNatDstIPAddrValue 
                specifies the destination IP address of this flow has after NAT."
    ::= { aluZoneOutboundSessionEntry 11 }

aluZoneOutboundSessionNatDstPortValue OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "NAT Destination TCP/UDP port value."
    ::= { aluZoneOutboundSessionEntry 12 }

aluZoneOutboundSessionEstablished OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Time that this session was established."
    ::= { aluZoneOutboundSessionEntry 13 }

aluZoneOutboundSessionAlg  OBJECT-TYPE
    SYNTAX      INTEGER {
                    none     (0),
                    algRule  (1),
                    ftp      (2)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "This object specifies ALG being performed on session.
                 algRule - Dynamic Rule for ALG Data Sessions
                 ftp     - FTP Control Session"
    ::= { aluZoneOutboundSessionEntry 14 }

aluZoneOutboundSessionInspect  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "This object specifies if session traffic is sent to central core."
    ::= { aluZoneOutboundSessionEntry 15 }

aluZoneOutboundSessionFwdPolicerId  OBJECT-TYPE
    SYNTAX      TSecurityPolicerId
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "This object specifies policer-group that forward session traffic 
                 is sent to."
    ::= { aluZoneOutboundSessionEntry 16 }

aluZoneOutboundSessionRevPolicerId  OBJECT-TYPE
    SYNTAX      TSecurityPolicerId
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "This object specifies policer-group that reverse session traffic 
                 is sent to."
    ::= { aluZoneOutboundSessionEntry 17 }

aluZoneOutboundSessionCreator  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "This object specifies the session-id that created this session via ALG."
    ::= { aluZoneOutboundSessionEntry 18 }



--
--  Security Host Group Operational Table
--
aluSecHostGrpOperTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecHostGrpOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecHostGrpOperTable has an entry for each
                security host group configured globally on this system."
    ::= { aluSecurityOperObjs 10}

aluSecHostGrpOperEntry OBJECT-TYPE
    SYNTAX      TSecHostGrpOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular security host group."
    INDEX { aluSecHostGrpOperId }
    ::= { aluSecHostGrpOperTable 1 }

TSecHostGrpOperEntry ::= SEQUENCE {
    aluSecHostGrpOperId                         Unsigned32,
    aluSecHostGrpOperName                       TNamedItemOrEmpty,
    aluSecHostGrpOperDescription                TItemDescription,
    aluSecHostGrpOperPlcyRefCount               Unsigned32
}

aluSecHostGrpOperId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..100)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluSecHosTGrpOperId 
                specifies the unique host group id."
    ::= { aluSecHostGrpOperEntry 1 }

aluSecHostGrpOperName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Name of the security host group."
    DEFVAL      { ''H }
    ::= { aluSecHostGrpOperEntry 2 }

aluSecHostGrpOperDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Description of this security host group."
    DEFVAL      { ''H }
    ::= { aluSecHostGrpOperEntry 3 }

aluSecHostGrpOperPlcyRefCount OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Number of policy references."
    ::= { aluSecHostGrpOperEntry 4 }

--
--  Security Host Table
--
aluSecHostOperTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecHostOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecHostOperTable has an entry for each
                rule configured as part of a security host."
    ::= { aluSecurityOperObjs 11 }

aluSecHostOperEntry OBJECT-TYPE
    SYNTAX      TSecHostOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular host entry."
    INDEX { aluSecHostGrpOperId, 
            aluSecHostOperIPAddrValue1 }
    ::= { aluSecHostOperTable 1 }

TSecHostOperEntry ::= SEQUENCE {
    aluSecHostOperIPAddrValue1                IpAddress,
    aluSecHostOperIPAddrValue2                IpAddress,
    aluSecHostOperIPOperator                  TIPOperator
}

aluSecHostOperIPAddrValue1 OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluSecHostOperIPAddrValue1
                specifies the IP address of hosts in this group."
    ::= { aluSecHostOperEntry 1 }

aluSecHostOperIPAddrValue2 OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluSecHostOperIPAddrValue2
                specifies the 2nd IP address of a range of hosts."
    DEFVAL { '00000000'H }
    ::= { aluSecHostOperEntry 2 }

aluSecHostOperIPOperator OBJECT-TYPE
    SYNTAX      TIPOperator
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The operator specifies the manner in which
                aluSecHostOperIPAddrValue1 and 
                aluSecHostOperIPAddrValue2
                are to be used. The value of these below 2 objects and
                aluSecHostOperIPOperator is used as described in
                TIPOperator."
    DEFVAL { none }
    ::= { aluSecHostOperEntry 3 }

--
--  Security Application Group Operation Table
--
aluSecAppGrpOperTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecAppGrpOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecAppGrpOperTable has an entry for each
                security application group configured globally on this system."
    ::= { aluSecurityOperObjs 12 }

aluSecAppGrpOperEntry OBJECT-TYPE
    SYNTAX      TSecAppGrpOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular security app group."
    INDEX { aluSecAppGrpOperId }
    ::= { aluSecAppGrpOperTable 1 }

TSecAppGrpOperEntry ::= SEQUENCE {
    aluSecAppGrpOperId                         Unsigned32,
    aluSecAppGrpOperName                       TNamedItemOrEmpty,
    aluSecAppGrpOperDescription                TItemDescription,
    aluSecAppGrpOperPlcyRefCount               Unsigned32
}

aluSecAppGrpOperId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..100)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluSecAppGrpOperId 
                specifies the unique application group id."
    ::= { aluSecAppGrpOperEntry 1 }

aluSecAppGrpOperName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Name of the security application group."
    DEFVAL      { ''H }
    ::= { aluSecAppGrpOperEntry 2 }

aluSecAppGrpOperDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Description of this security application group."
    DEFVAL      { ''H }
    ::= { aluSecAppGrpOperEntry 3 }

aluSecAppGrpOperPlcyRefCount OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Number of policy references."
    ::= { aluSecAppGrpOperEntry 4 }

--
--  Security Application Table
--
aluSecAppOperTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecAppOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecAppOperTable has an entry for each
                rule configured as part of a security application."
    ::= { aluSecurityOperObjs 13 }

aluSecAppOperEntry OBJECT-TYPE
    SYNTAX      TSecAppOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular host entry."
    INDEX { aluSecAppGrpOperId, 
            aluSecAppOperEntryId }
    ::= { aluSecAppOperTable 1 }

TSecAppOperEntry ::= SEQUENCE {
    aluSecAppOperEntryId                         Unsigned32,
    aluSecAppOperMatchProtocol                   TIpProtocol,
    aluSecAppOperMatchSrcPortValue1              TTcpUdpPort,
    aluSecAppOperMatchSrcPortValue2              TTcpUdpPort,
    aluSecAppOperMatchSrcPortOp                  TOperator,
    aluSecAppOperMatchDstPortValue1              TTcpUdpPort,
    aluSecAppOperMatchDstPortValue2              TTcpUdpPort,
    aluSecAppOperMatchDstPortOp                  TOperator,
    aluSecAppOperMatchIcmpCode                   INTEGER,
    aluSecAppOperMatchIcmpType                   INTEGER
}

aluSecAppOperEntryId  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of aluSecAppOperEntryId specifies the 
                index of the entry within the security app group."
    ::= { aluSecAppOperEntry 1 }

aluSecAppOperMatchProtocol OBJECT-TYPE
    SYNTAX      TIpProtocol
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "IP protocol to match.  set to -1 to disable matching IP protocol. If
                the protocol is changed the protocol specific parameters are reset."
    DEFVAL { -1 }
    ::= { aluSecAppOperEntry 2 }

aluSecAppOperMatchSrcPortValue1 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Source TCP/UDP port value."
    DEFVAL { 0 }
    ::= { aluSecAppOperEntry 3 }

aluSecAppOperMatchSrcPortValue2 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Source TCP/UDP port value."
    DEFVAL { 0 }
    ::= { aluSecAppOperEntry 4 }

aluSecAppOperMatchSrcPortOp OBJECT-TYPE
    SYNTAX      TOperator
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Source TCP/UDP port operator."
    DEFVAL { none }
    ::= { aluSecAppOperEntry 5 }

aluSecAppOperMatchDstPortValue1 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Destination TCP/UDP port value."
    DEFVAL { 0 }
    ::= { aluSecAppOperEntry 6 }

aluSecAppOperMatchDstPortValue2 OBJECT-TYPE
    SYNTAX      TTcpUdpPort
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Destination TCP/UDP port value."
    DEFVAL { 0 }
    ::= { aluSecAppOperEntry 7 }

aluSecAppOperMatchDstPortOp OBJECT-TYPE
    SYNTAX      TOperator
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Destination TCP/UDP port operator."
    DEFVAL { none }
    ::= { aluSecAppOperEntry 8 }

aluSecAppOperMatchIcmpCode  OBJECT-TYPE
    SYNTAX      INTEGER (-1|0..255)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Icmp code to be matched. aluSecAppOperMatchIcmpCode 
                complements the object aluSecAppOperMatchIcmpType. 
                Both of them need to be set to actually
                enable ICMP matching. The value -1 means Icmp code matching is not
                enabled."
    DEFVAL { -1 }
    ::= { aluSecAppOperEntry 9 }

aluSecAppOperMatchIcmpType  OBJECT-TYPE
    SYNTAX      INTEGER (-1|0..255)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Icmp type to be matched. aluSecAppOperMatchIcmpType 
                complements the object aluSecPlcyParamsOperMatchIcmpCode. 
                Both of them need to be set to actually
                enable ICMP matching. The value -1 means Icmp code matching is not
                enabled."
    DEFVAL { -1 }
    ::= { aluSecAppOperEntry 10 }


--
--  Security Policer Group Operational Table
--
aluSecPolicerGrpOperTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecPolicerGrpOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecPolcierGrpOperTable has an entry for each
                security policer group configured globally on this system."
    ::= { aluSecurityOperObjs 14}

aluSecPolicerGrpOperEntry OBJECT-TYPE
    SYNTAX      TSecPolicerGrpOperEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a particular security app group."
    INDEX { aluSecPolicerGrpOperId }
    ::= { aluSecPolicerGrpOperTable 1 }

TSecPolicerGrpOperEntry ::= SEQUENCE {
    aluSecPolicerGrpOperId                         Unsigned32,
    aluSecPolicerGrpOperName                       TNamedItemOrEmpty,
    aluSecPolicerGrpOperDescription                TItemDescription,
    aluSecPolicerGrpOperRate                       Integer32,
    aluSecPolicerGrpOperRateCbs                    Unsigned32,
    aluSecPolicerGrpOperPlcyRefCount               Unsigned32,
    aluSecPolicerGrpOperFwdPktsPassed              Counter64,
    aluSecPolicerGrpOperFwdBytesPassed             Counter64,
    aluSecPolicerGrpOperFwdPktsDrop                Counter64,
    aluSecPolicerGrpOperRevPktsPassed              Counter64,
    aluSecPolicerGrpOperRevBytesPassed             Counter64,
    aluSecPolicerGrpOperRevPktsDrop                Counter64
}

aluSecPolicerGrpOperId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..1024)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluSecPolicerGrpOperId 
                specifies the unique policer group id."
    ::= { aluSecPolicerGrpOperEntry 1 }

aluSecPolicerGrpOperName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Name of the security policer group."
    DEFVAL      { ''H }
    ::= { aluSecPolicerGrpOperEntry 2 }

aluSecPolicerGrpOperDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Description of this security policer group."
    DEFVAL      { ''H }
    ::= { aluSecPolicerGrpOperEntry 3 }

aluSecPolicerGrpOperRate        OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 1..100000)
    UNITS       "mega-bits per second"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The aluSecPolicerGrpOperRate object specifies the maximum ingress
         bandwidth (in mega-bits per second) that the policer can receive. 
         A value of -1 means that no policing will be performed."
    DEFVAL { -1 }
    ::= { aluSecPolicerGrpOperEntry 4 }

aluSecPolicerGrpOperRateCbs  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..130816)
    UNITS       "bytes"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "aluSecPolicerGrpOperRateCbs specifies the committed burst size that hard policer can accept while complying 
        to the ingress rate aluSecPolicerGrpOperRate."         
    DEFVAL { 130816 } 
    ::= { aluSecPolicerGrpOperEntry 5}

aluSecPolicerGrpOperPlcyRefCount OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Number of policy references."
    ::= { aluSecPolicerGrpOperEntry 6 }

aluSecPolicerGrpOperFwdPktsPassed  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Pkts passed thru policer in session forward direction."
    ::= { aluSecPolicerGrpOperEntry 7 }

aluSecPolicerGrpOperFwdBytesPassed  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Bytes passed thru policer in session forward direction."
    ::= { aluSecPolicerGrpOperEntry 8 }
    
aluSecPolicerGrpOperFwdPktsDrop  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Pkts dropped by policer in session forward direction."
    ::= { aluSecPolicerGrpOperEntry 9 }

aluSecPolicerGrpOperRevPktsPassed  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Pkts passed thru policer in session reverse direction."
    ::= { aluSecPolicerGrpOperEntry 10 }

aluSecPolicerGrpOperRevBytesPassed  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Bytes passed thru policer in session reverse direction."
    ::= { aluSecPolicerGrpOperEntry 11 }
    
aluSecPolicerGrpOperRevPktsDrop  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Pkts dropped by policer in session reverse direction."
    ::= { aluSecPolicerGrpOperEntry 12 }


--
--  Security Session Statistics Table
--
aluSecSessionStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecSessionStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecSessionStatsTable has an entry for each
                active session."
    ::= { aluSecurityStatsObjs 1 }

aluSecSessionStatsEntry OBJECT-TYPE
    SYNTAX      TSecSessionStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents an active session."
    INDEX { aluSecSessionId }
    ::= { aluSecSessionStatsTable 1 }

TSecSessionStatsEntry ::= SEQUENCE {
    aluSecSessionId                                  Unsigned32,
    aluSecSessionOutboundZoneId                      Unsigned32,
    aluSecSessionInboundZoneId                       Unsigned32,
    aluSecSessionFwdPktsPassed                       Counter64,
    aluSecSessionFwdBytesPassed                      Counter64,
    aluSecSessionRevPktsPassed                       Counter64,
    aluSecSessionRevBytesPassed                      Counter64,
    aluSecSessionFwdDropActionPkts                   Counter64,
    aluSecSessionFwdDropIpOptPkts                    Counter64,
    aluSecSessionRevDropIpOptPkts                    Counter64,
    aluSecSessionFwdDropMaxPkts                      Counter64,
    aluSecSessionRevDropMaxPkts                      Counter64,
    aluSecSessionFwdDropMaxIcmpErr                   Counter64,
    aluSecSessionRevDropMaxIcmpErr                   Counter64,
    aluSecSessionFwdSecurityDrop                     Counter64,
    aluSecSessionRevSecurityDrop                     Counter64,
    aluSecSessionFwdPolicerDrop                      Counter64,
    aluSecSessionRevPolicerDrop                      Counter64,
    aluSecSessionRevDropActionPkts                   Counter64
}

aluSecSessionId  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of aluSecSessionId specifies the 
                session index for this active session."
    ::= { aluSecSessionStatsEntry 1 }

aluSecSessionOutboundZoneId  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluSecSessionOutboundZoneId specifies the 
                 zone this session is leaving."
    ::= { aluSecSessionStatsEntry 2 }

aluSecSessionInboundZoneId  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluSecSessionInboundZoneId specifies the 
                 zone this session is entering."
    ::= { aluSecSessionStatsEntry 3 }

aluSecSessionFwdPktsPassed  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Pkts passed thru session in forward direction."
    ::= { aluSecSessionStatsEntry 4 }

aluSecSessionFwdBytesPassed  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Bytes passed thru session in forward direction."
    ::= { aluSecSessionStatsEntry 5 }


aluSecSessionRevPktsPassed  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Pkts passed thru session in reverse direction."
    ::= { aluSecSessionStatsEntry 6 }

aluSecSessionRevBytesPassed  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Bytes passed thru session in reverse direction."
    ::= { aluSecSessionStatsEntry 7 }

aluSecSessionFwdDropActionPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Packets/Fragments dropped due to session action being drop."
    ::= { aluSecSessionStatsEntry 8 }

aluSecSessionFwdDropIpOptPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Packets dropped due to containing prohibited IP Options 
                for this session."
    ::= { aluSecSessionStatsEntry 9 }

aluSecSessionRevDropIpOptPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Packets dropped due to containing prohibited IP Options 
                for this session."
    ::= { aluSecSessionStatsEntry 10 }

aluSecSessionFwdDropMaxPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Packets dropped due to exceeding the maximum number of packets 
                permitted for this session."
    ::= { aluSecSessionStatsEntry 11 }

aluSecSessionRevDropMaxPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Packets dropped due to exceeding the maximum number of packets 
                permitted for this session."
    ::= { aluSecSessionStatsEntry 12 }

aluSecSessionFwdDropMaxIcmpErr  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "ICMP Error Packets dropped due to exceeding the maximum number of errors 
                permitted for this session."
    ::= { aluSecSessionStatsEntry 13 }

aluSecSessionRevDropMaxIcmpErr  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "ICMP Error Packets dropped due to exceeding the maximum number of errors 
                permitted for this session."
    ::= { aluSecSessionStatsEntry 14 }

aluSecSessionFwdSecurityDrop  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Packets dropped due to applications insepctions."
    ::= { aluSecSessionStatsEntry 15 }

aluSecSessionRevSecurityDrop  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Packets dropped due to applications insepctions."
    ::= { aluSecSessionStatsEntry 16 }

aluSecSessionFwdPolicerDrop  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Packets dropped due to rate exceeded in policer."
    ::= { aluSecSessionStatsEntry 17 }

aluSecSessionRevPolicerDrop  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Packets dropped due to rate exceeded in policer."
    ::= { aluSecSessionStatsEntry 18 }

aluSecSessionRevDropActionPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Packets/Fragments dropped due to session action being drop."
    ::= { aluSecSessionStatsEntry 19 }

--%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 --
 --     Security Logging Section
--
-- Log Configuration Table
--
aluSecLogTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecLogEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The alSecLogTable has an entry for each 
                security log configured on the system."
    ::= { aluSecurityLogObjs 1 }

aluSecLogEntry OBJECT-TYPE
    SYNTAX      TSecLogEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a log entry."
    INDEX { aluSecLogId }
    ::= { aluSecLogTable 1 }

TSecLogEntry ::= SEQUENCE {
    aluSecLogId                            TSecurityLogId,
    aluSecLogName                          TNamedItemOrEmpty,
    aluSecLogRowStatus                     RowStatus,
    aluSecLogDescription                   TItemDescription,
    aluSecLogEnabled                       TruthValue,
    aluSecLogDestination                   INTEGER,
    aluSecLogMemSize                       Unsigned32,
    aluSecLogMemWrap                       TruthValue,
    aluSecLogSysLogId                      Unsigned32,
    aluSecLogLogProfileId                  TSecurityLogProfileId,
    aluSecLogApplied                       TruthValue,
    aluSecLogNextEventNum                  Unsigned32
    }

aluSecLogId OBJECT-TYPE
    SYNTAX      TSecurityLogId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluSecLogId specifies
                the unique id of the Log.  The Id must be
                unique within the system." 
    ::= { aluSecLogEntry 1 }

aluSecLogName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecLogName 
                specifies the name of the Log."
    DEFVAL      { ''H }
    ::= { aluSecLogEntry 2 }

aluSecLogRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluSecLogRowStatus specifies the 
                row status.  It allows entries to be created and deleted in the 
                aluSecLogTable.  aluSecLogRowStatus does not support
                createAndWait. The status can only be active 
                or notInService."
    ::= { aluSecLogEntry 3 }

aluSecLogDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Description of this log."
    DEFVAL      { ''H }
    ::= { aluSecLogEntry 4 }

aluSecLogEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecLogEnabled
                 indicates whether this Log is currently enabled
                 to log events." 
    DEFVAL      { false }
    ::= { aluSecLogEntry 5 }

aluSecLogDestination OBJECT-TYPE
    SYNTAX      INTEGER {
                   none   (0),
                   memory (1),
                   syslog (2)
                   }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecLogDestination
                 specifies the destination of log." 
    DEFVAL      { none }
    ::= { aluSecLogEntry 6 }

aluSecLogMemSize OBJECT-TYPE
    SYNTAX      Unsigned32 (1..1024)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecLogMemSize
                 specifies the number of logs that are held in memory.
                 This value is only applicable when aluSecLogDestinations is 
                 type 'memory'" 
    DEFVAL      { 1024 }
    ::= { aluSecLogEntry 7 }

aluSecLogMemWrap OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecLogMemWrap
                 specifies if the log will overwrite the oldest logs once
                 the log has reached it's maximum size.
                 This value is only applicable when aluSecLogDestination is 
                 type 'memory'" 
    DEFVAL      { true }
    ::= { aluSecLogEntry 8 }

aluSecLogSysLogId OBJECT-TYPE
    SYNTAX      Unsigned32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecLogSysLogId
                 specifies the unigue ID of the SysLog destination for logs
                 generated to this log id.
                 This value is only applicable when aluSecLogDestinations is 
                 type 'syslog'" 
    DEFVAL      { 0 }
    ::= { aluSecLogEntry 9 }

aluSecLogLogProfileId OBJECT-TYPE
    SYNTAX      TSecurityLogProfileId
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecLogLogProfileId
                 specifies the unigue ID of the Logging Profile of this
                 log."
    DEFVAL      { 1 }
    ::= { aluSecLogEntry 10 }

aluSecLogApplied OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluSecLogApplied indicates
                 whether this log is in use."
     ::= { aluSecLogEntry 11 }

aluSecLogNextEventNum OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluSecLogNextEventNum indicates
                 the next event number to be used."
     ::= { aluSecLogEntry 12 }

--
-- Log Profile Configuration Table
--
aluSecLogProfileTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecLogProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The alSecLogProfileTable has an entry for each 
                each logging profile configured on the system."
    ::= { aluSecurityLogObjs 2 }

aluSecLogProfileEntry OBJECT-TYPE
    SYNTAX      TSecLogProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a log profile."
    INDEX { aluSecLogProfileId }
    ::= { aluSecLogProfileTable 1 }

TSecLogProfileEntry ::= SEQUENCE {
    aluSecLogProfileId                            TSecurityLogProfileId,
    aluSecLogProfileName                          TNamedItemOrEmpty,    
    aluSecLogProfileRowStatus                     RowStatus,
    aluSecLogProfileDescription                   TItemDescription,
    aluSecLogProfileApplied                       TruthValue
    }

aluSecLogProfileId OBJECT-TYPE
    SYNTAX      TSecurityLogProfileId
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluSecLogProfileId
                 specifies the unigue ID of the Logging Profile of this
                 log."
    ::= { aluSecLogProfileEntry 1 }
    
aluSecLogProfileName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of the object aluSecLogProfileName 
                specifies the name of the Log Profile."
    DEFVAL      { ''H }
    ::= { aluSecLogProfileEntry 2 }

aluSecLogProfileRowStatus  OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "The value of aluSecLogProfileRowStatus specifies the 
                row status.  It allows entries to be created and deleted in the 
                aluSecLogProfileTable.  aluSecLogProfileRowStatus does not support
                createAndWait. The status can only be active 
                or notInService."
    ::= { aluSecLogProfileEntry 3 }

aluSecLogProfileDescription OBJECT-TYPE
    SYNTAX      TItemDescription
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION "Description of this log profile."
    DEFVAL      { ''H }
    ::= { aluSecLogProfileEntry 4 }

aluSecLogProfileApplied OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Indicates whether this profile is being used by any logs."
    ::= { aluSecLogProfileEntry 5 }

--
-- Log Event Configuration Table
--
aluSecLogEventTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecLogEventEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The alSecLogEventTable has an entry for each 
                each log event configurable with a security log profile 
                configured on the system."
    ::= { aluSecurityLogObjs 3 }

aluSecLogEventEntry OBJECT-TYPE
    SYNTAX      TSecLogEventEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a log event under a profile. All events
                 are auto-created when a Log Profile is created."
    INDEX { aluSecLogProfileId, aluSecLogEventType, aluSecLogEventId }
    ::= { aluSecLogEventTable 1 }

TSecLogEventEntry ::= SEQUENCE {
    aluSecLogEventType                            INTEGER,
    aluSecLogEventId                              Unsigned32,                                                        
    aluSecLogEventName                            TNamedItemOrEmpty,    
    aluSecLogEventControl                         INTEGER
    }

aluSecLogEventType OBJECT-TYPE
    SYNTAX      INTEGER {
                    packet      (1),
                    zone        (2),
                    policy      (3),
                    session     (4),
                    application (5),
                    alg         (6)
                }
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluSecLogEventType specifies
                the type/category of the event." 
    ::= { aluSecLogEventEntry 1 }

aluSecLogEventId OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of the object aluSecLogEventId specifies
                the unique id of the event within the Event Type/Category.
                An Event-Id of 0 is used to set settings at the Event Type level.
                These setting will be applied to all events within the Event Type." 
    ::= { aluSecLogEventEntry 2 }

aluSecLogEventName OBJECT-TYPE
    SYNTAX      TNamedItemOrEmpty
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of the object aluSecLogEventName 
                specifies the name of the Log Event.  This value is read-only."
    ::= { aluSecLogEventEntry 3 }

aluSecLogEventControl OBJECT-TYPE
    SYNTAX      INTEGER {
                    off          (1),
                    throttled    (2),
                    suppressed   (3)
                    }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION "Suppress/Throttle the generation of an event or event type. 
                 - Each event can individually be suppressed.
                 - Throttling or disabling event control must be done at the event-type
                   level by setting aluSecLogEventControl using an Event-Id of '0'. 
                 - Suppression of an entire event-type can also be done by setting
                   aluSecLogEventControl with an Event-Id og '0'."
    ::= { aluSecLogEventEntry 4 }


--
--  Security Zone Statistics Table
--
aluSecZoneStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecZoneStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecZoneStatsTable has an entry for each security zone"
    ::= { aluSecurityStatsObjs 2 }

aluSecZoneStatsEntry OBJECT-TYPE
    SYNTAX      TSecZoneStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents stats for a security zone."
    INDEX { aluSecZoneId }
    ::= { aluSecZoneStatsTable 1 }

TSecZoneStatsEntry ::= SEQUENCE {
    aluSecZoneId                       Unsigned32,
    aluSecZoneRxCtrlQueueFwdPkts       Counter64,
    aluSecZoneRxCtrlQueueFwdBytes      Counter64,
    aluSecZoneRxCtrlQueueDroPkts       Counter64,
    aluSecZoneRxCtrlQueueDroBytes      Counter64,
    aluSecZoneRxCtrlQueueAutoBind      TruthValue
}

aluSecZoneId  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65534)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of aluSecZoneId specifies the 
                security zone index for this row entry."
    ::= { aluSecZoneStatsEntry 1 }

aluSecZoneRxCtrlQueueFwdPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Pkts forwarded from the Receiving Security Control Queue to security engine for further inspection"
    ::= { aluSecZoneStatsEntry 2 }

aluSecZoneRxCtrlQueueFwdBytes  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Bytes forwarded from the Receiving Security Control Queue to security engine for further inspection"
    ::= { aluSecZoneStatsEntry 3 }


aluSecZoneRxCtrlQueueDroPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Pkts dropped from the Receiving Security Control Queue"
    ::= { aluSecZoneStatsEntry 4 }

aluSecZoneRxCtrlQueueDroBytes  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Bytes dropped from the Receiving Security Control Queue"
    ::= { aluSecZoneStatsEntry 5 }
    
aluSecZoneRxCtrlQueueAutoBind  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "All Auto-Bind zones share a single Rx Control Queue. This object indicates
                 whether this zone row is displaying the aggregates stats for all Auto-Bind Zones"
    ::= { aluSecZoneStatsEntry 6 }

--
--  Security Engine Statistics Table
--
aluSecEngineStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF TSecEngineStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The aluSecEngineStatsTable has an entry for 
                security engine in the system."
    ::= { aluSecurityStatsObjs 3 }

aluSecEngineStatsEntry OBJECT-TYPE
    SYNTAX      TSecEngineStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "Each row entry represents a security engine."
    INDEX { aluSecEngineId }
    ::= { aluSecEngineStatsTable 1 }

TSecEngineStatsEntry ::= SEQUENCE {
    aluSecEngineId                                  Unsigned32,
    aluSecEngineUtilization                         Unsigned32,
    aluSecEngineRxQueueCtrlPkts                     Counter64,
    aluSecEngineRxQueueDataPkts                     Counter64,
    aluSecEngineRxQueueDropPkts                     Counter64,
    aluSecEngineDropPkts                            Counter64
}

aluSecEngineId  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION "The value of aluSecEngineId specifies the 
                identifier for security engine."
    ::= { aluSecEngineStatsEntry 1 }

aluSecEngineUtilization  OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "percent"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "The value of aluSecEngineUtilization specifies the 
                 percentage of the processing capacity in use over
                 the last second."
    ::= { aluSecEngineStatsEntry 2 }

aluSecEngineRxQueueCtrlPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Control Pkts forwarded to Engine from Rx Queue."
    ::= { aluSecEngineStatsEntry 3 }

aluSecEngineRxQueueDataPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Session Data Pkts forwarded to Engine from Rx Queue."
    ::= { aluSecEngineStatsEntry 4 }
    
aluSecEngineRxQueueDropPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Pkts dropped by Engine Rx Queue."
    ::= { aluSecEngineStatsEntry 5 }

aluSecEngineDropPkts  OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION "Pkts dropped by Engine due to security policy."
    ::= { aluSecEngineStatsEntry 6 }


--%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 --
 --     Notification Definition section
 --
 --                     Notification Objects
 --
aluSecNotifyZoneId  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Used by Security notifications, the OID indicates the
         security zone."
    ::= { aluSecurityNotifyObjs 1 }

aluSecNotifyZoneRuleId  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Used by Security notifications, the OID indicates the
         security zone rule."
    ::= { aluSecurityNotifyObjs 2 }

aluSecNotifyPlcyAction  OBJECT-TYPE
    SYNTAX      INTEGER {
                    draft  (1),
                    commit (2),
                    abort  (3)
                 }
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Used by Security notifications, the OID indicates the
         action that was performed on the policy."
    ::= { aluSecurityNotifyObjs 3 }

aluSecNotifyRuleActive  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Used by Security notifications, the OID indicates the
         whether or not a rule is active."
    ::= { aluSecurityNotifyObjs 4 }


aluSecPlcyActionPerformed       NOTIFICATION-TYPE
    OBJECTS {
        aluSecNotifyPlcyAction
    }
    STATUS  current
    DESCRIPTION
        "Generated when a security policy action is performed."
    ::= { aluSecurityNotification 1 }

aluSecZonePlcyActionPerformed       NOTIFICATION-TYPE
    OBJECTS {
        aluSecNotifyZoneId,
        aluSecNotifyPlcyAction
    }
    STATUS  current
    DESCRIPTION
        "Generated when a zone security policy action is performed."
    ::= { aluSecurityNotification 2 }
    
 
aluSecSessionWtrMrkModified       NOTIFICATION-TYPE
    OBJECTS {
        aluSecActiveSessionHiWtrMrk,
        aluSecActiveSessionLoWtrMrk
    }
    STATUS  current
    DESCRIPTION
        "Generated when a the concurrent session alarm thresholds are
        changed."
    ::= { aluSecurityNotification 3 }
    
aluSecSessionHiWtrMrkCrossed       NOTIFICATION-TYPE
    OBJECTS {
        aluSecActiveSessionCount
    }
    STATUS  current
    DESCRIPTION
        "Generated when the concurrent session count exceeds the
        alarm threshold."
    ::= { aluSecurityNotification 4 }

aluSecSessionLoWtrMrkCrossed       NOTIFICATION-TYPE
    OBJECTS {
        aluSecActiveSessionCount
    }
    STATUS  current
    DESCRIPTION
        "Generated when the concurrent session count crosses the
        threshold to clear the alarm."
    ::= { aluSecurityNotification 5 }

aluSecSessionsExhausted      NOTIFICATION-TYPE
    OBJECTS {
        aluSecActiveSessionCount
    }
    STATUS  current
    DESCRIPTION
        "Generated when the concurrent session count reaches the
        system limit."
    ::= { aluSecurityNotification 6 }

aluSecZonePlcyRuleStateChange       NOTIFICATION-TYPE
    OBJECTS {
        aluSecNotifyZoneId,
        aluSecNotifyZoneRuleId,
        aluSecNotifyRuleActive
    }
    STATUS  current
    DESCRIPTION
        "Generated when a rule changes state."
    ::= { aluSecurityNotification 7 }



-- ------------------------------------------------
-- Multi-chassis peer Firewall table
-- ------------------------------------------------

aluMcPeerFwTableLastChanged OBJECT-TYPE
    SYNTAX       TimeStamp
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcPeerFwTableLastChanged indicates the
         sysUpTime at the time of the last modification of an entry in the
         aluMcPeerFwTable.

         If no changes were made to the table since the last re-initialization
         of the local network management subsystem, then this object
         contains a zero value."
    ::= { aluSecMcRedundancyObjs 1 }

aluMcPeerFwTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF AluMcPeerFWEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The aluMcPeerFwTable has an entry for each multi-chassis peer
         end-point configured on this system."
    ::= { aluSecMcRedundancyObjs 2 }

aluMcPeerFwEntry    OBJECT-TYPE
    SYNTAX      AluMcPeerFWEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents a particular multi-chassis firewall peer.
         Entries are create/deleted by the user."
    INDEX { tmnxMcPeerIpType, tmnxMcPeerIpAddr }
    ::= { aluMcPeerFwTable 1}

AluMcPeerFWEntry ::= SEQUENCE
   {
       aluMcPeerFwRowStatus             RowStatus,
       aluMcPeerFwLastChanged           TimeStamp,
       aluMcPeerFwAdminState            TmnxAdminState,
       aluMcPeerFwSysPriority           Unsigned32,
       aluMcPeerFwKeepAliveIntvl        Unsigned32,
       aluMcPeerFwHoldOnNbrFail         Unsigned32,
       aluMcPeerFwBootTimer             Unsigned32,
       aluMcPeerFwBfd                   TmnxEnabledDisabled,
       aluMcPeerFwOperState             INTEGER,
       aluMcPeerFwPeerLastStateChge     TimeStamp,
       aluMcPeerFwRefCount              Unsigned32,
       aluMcPeerFwEncryption            TmnxEnabledDisabled,
       aluMcPeerFwEncryptionAuthAlg     AluMcFwAuthAlgorithm,
       aluMcPeerFwEncryptionEncrAlg     AluMcFwEncrAlgorithm,
       aluMcPeerFwEncryptionActOutSa    Unsigned32,
       aluMcPeerFwEncryptionSpi1        Unsigned32,
       aluMcPeerFwEncryptionSpiAuthKey1 OCTET STRING,
       aluMcPeerFwEncryptionSpiEncrKey1 OCTET STRING,
       aluMcPeerFwEncryptionSpi2        Unsigned32,
       aluMcPeerFwEncryptionSpiAuthKey2 OCTET STRING,
       aluMcPeerFwEncryptionSpiEncrKey2 OCTET STRING,
       aluMcPeerFwElectionRole          INTEGER,
       aluMcPeerFwPolicySync            INTEGER,
       aluMcPeerFwSessionDBSync         INTEGER
   }

aluMcPeerFwRowStatus        OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwRowStatus is used for creation/deletion of 
         multi-chassis peer end-points."
    ::= { aluMcPeerFwEntry 1 }

aluMcPeerFwLastChanged OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of aluMcPeerFwLastChanged indicates the sysUpTime
         at the time of the last modification of this entry.

         If no changes were made to the entry since the last re-initialization
         of the local network management subsystem, then this object contains
         a zero value."
    ::= { aluMcPeerFwEntry 2 }

aluMcPeerFwAdminState        OBJECT-TYPE
    SYNTAX      TmnxAdminState
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwAdminState specifies the administrative state 
         of this multi-chassis peer end-point."
    DEFVAL      { outOfService }
    ::= { aluMcPeerFwEntry 3 }

aluMcPeerFwSysPriority        OBJECT-TYPE
    SYNTAX      Unsigned32 (0..255)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwSysPriority specifies the system priority
         of this multi-chassis peer end-point."
    DEFVAL      { 0 }
    ::= { aluMcPeerFwEntry 4 }

aluMcPeerFwKeepAliveIntvl        OBJECT-TYPE
    SYNTAX      Unsigned32 (5..500)
    UNITS       "deci-seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwKeepAliveIntvl specifies the interval at which
         keep-alive messages are exchanged between two peers participating
         in a multi-chassis end-point tunnel (MC-FW).

         These keep-alive messages are used to determine remote-node failures."
    DEFVAL      { 10 }
    ::= { aluMcPeerFwEntry 5 }

aluMcPeerFwHoldOnNbrFail        OBJECT-TYPE
    SYNTAX      Unsigned32 (2..25)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwHoldOnNbrFail specifies the number of
         keep-alive intervals that the local peer will wait for packets from the
         multi-chassis end-point peer before assuming failure."
    DEFVAL      { 3 }
    ::= { aluMcPeerFwEntry 6 }

aluMcPeerFwBootTimer        OBJECT-TYPE
    SYNTAX      Unsigned32 (1..600)
    UNITS       "seconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwBootTimer specifies the time the multi-chassis
         end-point protocol keeps trying the establish a connection before
         assuming a failure of the remote-peer.
         
         This object is used at the boot-time only."
    DEFVAL      { 300 }
    ::= { aluMcPeerFwEntry 7 }

aluMcPeerFwBfd        OBJECT-TYPE
    SYNTAX      TmnxEnabledDisabled
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwBfd specifies whether bi-directional
        forwarding detection (BFD) is configured for this multi-chassis
        end-point peering tunnel."
    DEFVAL      { disabled }
    ::= { aluMcPeerFwEntry 8 }

aluMcPeerFwOperState OBJECT-TYPE
    SYNTAX     INTEGER {
                   inService    (0),
                   outOfService (1)
    }
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of aluMcPeerFwOperState indicates the operational
         status of this multi-chassis end-point peer."
    ::= { aluMcPeerFwEntry 9 }

aluMcPeerFwPeerLastStateChge OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of aluMcPeerFwPeerLastStateChge indicates the sysUpTime
         at the time of the last operational state  change for this
         multi-chassis end-point peer.

         If no changes were made since the last re-initialization
         of the local network management subsystem, then this object contains
         a zero value."
    ::= { aluMcPeerFwEntry 10 }

aluMcPeerFwRefCount OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwRefCount indicates how many service end-points
         are referencing this multi-chassis firewall peer."
    ::= { aluMcPeerFwEntry 11 }

aluMcPeerFwEncryption OBJECT-TYPE
    SYNTAX      TmnxEnabledDisabled
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwEncryption specifies whether encryption
        is enabled for this multi-chassis firewall peer."
    DEFVAL      { disabled }
    ::= { aluMcPeerFwEntry 12 }

aluMcPeerFwEncryptionAuthAlg OBJECT-TYPE
    SYNTAX      AluMcFwAuthAlgorithm
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwEncryptionAuthAlg specifies the hashing
         algorithm used for the AH (Authentication Header) protocol's
         authentication function."
    DEFVAL      { sha256 }
    ::= { aluMcPeerFwEntry 13 }

aluMcPeerFwEncryptionEncrAlg OBJECT-TYPE
    SYNTAX     AluMcFwEncrAlgorithm
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwEncryptionEncrAlg specifies the
         encryptiontion algorithm to be used. Encryptiontion only applies
         to ESP(Encapsulating Security Payload) configurations."
    DEFVAL      { aes128 }
    ::= { aluMcPeerFwEntry 14 }

aluMcPeerFwEncryptionActOutSa OBJECT-TYPE
    SYNTAX      Unsigned32 (0..1023)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwEncryptionActOutSa specifies the SPI
         to be used when performing encryption and authentication
         on egressing packets using this MC firewall peer."
    DEFVAL      { 0 }
    ::= { aluMcPeerFwEntry 15 }

aluMcPeerFwEncryptionSpi1 OBJECT-TYPE
    SYNTAX      Unsigned32 (0..1023)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwEncryptionSpi1 specifies the spi of the first security association.
         spi 0 means that this security association is invalid"
    DEFVAL      { 0 }
    ::= { aluMcPeerFwEntry 16 }

aluMcPeerFwEncryptionSpiAuthKey1 OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwEncryptionSpiAuthKey1 specifies the key used
         for the authentication algorithm defined by the
         aluMcPeerFwEncryptionAuthAlg.

         The length of the key must match the length required by the
         authentication algorithm. If a key of another length is set, the
         request will fail with an 'inconsistentValue' error.

         There is no default value for aluMcPeerFwEncryptionSpiAuthKey1 and
         this is a required object when setting aluMcPeerFwEncryptionSpi1 to none zero value.
         If aluMcPeerFwEncryptionSpiAuthKey1 is not specified
         when aluMcPeerFwEncryptionSpi1 is set to none zero value, the request will fail with an
         'inconsistentValue' error.

         Any GET request on this object returns an empty string."
    ::= { aluMcPeerFwEntry 17 }

aluMcPeerFwEncryptionSpiEncrKey1 OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..32))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwEncryptionSpiEncrKey1 specifies the key used
         for the encryption algorithm defined by the
         aluMcPeerFwEncryptionEncrAlg.

         The length of the key must match the length required by the
         encryption algorithm. If a key of another length is set, the
         request will fail with an 'inconsistentValue' error.

         There is no default value for aluMcPeerFwEncryptionSpiEncrKey1 and
         this is a required object when setting aluMcPeerFwEncryptionSpi1 to none zero value.
         If aluMcPeerFwEncryptionSpiEncrKey1 is not specified
         when aluMcPeerFwEncryptionSpi1 is set to none zero value, the request will fail with an
         'inconsistentValue' error.

         Any GET request on this object returns an empty string."
    ::= { aluMcPeerFwEntry 18 }

aluMcPeerFwEncryptionSpi2 OBJECT-TYPE
    SYNTAX      Unsigned32 (0..1023)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwEncryptionSpi2 specifies the spi of the second security association.
         spi 0 means that this security association is invalid"
    DEFVAL      { 0 }
    ::= { aluMcPeerFwEntry 19 }

aluMcPeerFwEncryptionSpiAuthKey2 OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwEncryptionSpiAuthKey2 specifies the key used
         for the authentication algorithm defined by the
         aluMcPeerFwEncryptionAuthAlg.

         The length of the key must match the length required by the
         authentication algorithm. If a key of another length is set, the
         request will fail with an 'inconsistentValue' error.

         There is no default value for aluMcPeerFwEncryptionSpiAuthKey2 and
         this is a required object when setting aluMcPeerFwEncryptionSpi2 to none zero value.
         If aluMcPeerFwEncryptionSpiAuthKey2 is not specified
         when aluMcPeerFwEncryptionSpi2 is set to none zero value, the request will fail with an
         'inconsistentValue' error.

         Any GET request on this object returns an empty string."
    ::= { aluMcPeerFwEntry 20 }

aluMcPeerFwEncryptionSpiEncrKey2 OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..32))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The value of aluMcPeerFwEncryptionSpiEncrKey2 specifies the key used
         for the encryption algorithm defined by the
         aluMcPeerFwEncryptionEncrAlg.

         The length of the key must match the length required by the
         encryption algorithm. If a key of another length is set, the
         request will fail with an 'inconsistentValue' error.

         There is no default value for aluMcPeerFwEncryptionSpiEncrKey2 and
         this is a required object when setting aluMcPeerFwEncryptionSpi2 to none zero value.
         If aluMcPeerFwEncryptionSpiEncrKey2 is not specified
         when aluMcPeerFwEncryptionSpi2 is set to none zero value, the request will fail with an
         'inconsistentValue' error.

         Any GET request on this object returns an empty string."
    ::= { aluMcPeerFwEntry 21 }

aluMcPeerFwElectionRole OBJECT-TYPE
    SYNTAX     INTEGER {
                   not-applicable    (0),
                   master            (1),
                   slave             (2),
                   standalone-master (3)
    }
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of aluMcPeerFwElectionRole indicates the role
         of this multi-chassis firewall peer."
    ::= { aluMcPeerFwEntry 22 }

aluMcPeerFwPolicySync OBJECT-TYPE
    SYNTAX     INTEGER {
                   not-applicable (0),
                   synced         (1),
                   out-of-sync    (2)
    }
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of aluMcPeerFwPolicySync indicates the state of the
         Policy Synchronization flag on this multi-chassis firewall peer."
    ::= { aluMcPeerFwEntry 23 }

aluMcPeerFwSessionDBSync OBJECT-TYPE
    SYNTAX     INTEGER {
                   not-applicable (0),
                   synced         (1),
                   out-of-sync    (2)
    }
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The value of aluMcPeerFwSessionDBSync indicates the state of the
         Session Database Synchronization flag on this multi-chassis firewall peer."
    ::= { aluMcPeerFwEntry 24 }

-- ------------------------------------------------
-- aluMcFwPeerStatsTable table
-- ------------------------------------------------

aluMcFwPeerStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF AluMcFwPeerStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The aluMcFwPeerStatsTable has an entry for each multi-chassis peer
         configured on this system."
    ::= { aluSecMcRedStatsObjs 1 }

aluMcFwPeerStatsEntry OBJECT-TYPE
    SYNTAX      AluMcFwPeerStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each row entry represents a collection of statistics for a
         multi-chassis peer.

         Entries cannot be created and deleted via SNMP SET operations."
    INDEX { tmnxMcPeerIpType, tmnxMcPeerIpAddr }
    ::= { aluMcFwPeerStatsTable 1 }

AluMcFwPeerStatsEntry ::= SEQUENCE
   {
        aluMcFwPeerStatsPktsRx            Counter32,
        aluMcFwPeerStatsPktsRxKpalive     Counter32,
        aluMcFwPeerStatsPktsRxPeerCfg     Counter32,
        aluMcFwPeerStatsPktsRxPeerData    Counter32,
        aluMcFwPeerStatsDropRxPeerData    Counter32,
        aluMcFwPeerStatsDropStateDsbld    Counter32,
        aluMcFwPeerStatsDropPktTooShrt    Counter32,
        aluMcFwPeerStatsDropTlvInvldSz    Counter32,
        aluMcFwPeerStatsDropOutOfSeq      Counter32,
        aluMcFwPeerStatsDropUnknownTlv    Counter32,
        aluMcFwPeerStatsDropMD5           Counter32,
        aluMcFwPeerStatsPktsTx            Counter32,
        aluMcFwPeerStatsPktsTxKpalive     Counter32,
        aluMcFwPeerStatsPktsTxPeerCfg     Counter32,
        aluMcFwPeerStatsPktsTxPeerData    Counter32,
        aluMcFwPeerStatsPktsTxFailed      Counter32,
        aluMcFwPeerStatsDropFwNoPeer      Counter32
   }

aluMcFwPeerStatsPktsRx OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcFwPeerStatsPktsRx indicates how many valid MC-Firewall
         control packets were received on this system from the peer."
    ::= { aluMcFwPeerStatsEntry 1 }

aluMcFwPeerStatsPktsRxKpalive OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcFwPeerStatsPktsRxKpalive indicates how many valid
         MC-Firewall control packets of type keepalive were received on this
         system from the peer."
    ::= { aluMcFwPeerStatsEntry 2 }

aluMcFwPeerStatsPktsRxPeerCfg OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcFwPeerStatsPktsRxPeerCfg indicates how many valid
         MC-Firewall control packets of type peer config were received on this
         system from the peer."
    ::= { aluMcFwPeerStatsEntry 3}

aluMcFwPeerStatsPktsRxPeerData OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcFwPeerStatsPktsRxPeerData indicates how many valid
         MC-Firewall control packets of type peer data were received on this
         system from the peer."
    ::= { aluMcFwPeerStatsEntry 4 }

aluMcFwPeerStatsDropRxPeerData OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwPeerStatsDropRxPeerData indicates indicates how many MC-Firewall
        control packets of type peer data were dropped on this system from the peer."
    ::= { aluMcFwPeerStatsEntry 5 }

aluMcFwPeerStatsDropStateDsbld OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcFwPeerStatsDropStateDsbld indicates how many
         MC-Firewall control packets were dropped on this system from the peer
         because the peer was administratively disabled."
    ::= { aluMcFwPeerStatsEntry 6 }

aluMcFwPeerStatsDropPktTooShrt OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcFwPeerStatsDropPktTooShrt indicates how many
         MC-Firewall control packets were dropped on this system from the peer
         because the packet was too short."
    ::= { aluMcFwPeerStatsEntry 7 }

aluMcFwPeerStatsDropTlvInvldSz OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcFwPeerStatsDropTlvInvldSz indicates how many
         MC-Firewall control packets were dropped on this system from the peer
         because the packet size was invalid."
    ::= { aluMcFwPeerStatsEntry 8 }

aluMcFwPeerStatsDropOutOfSeq OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcFwPeerStatsDropOutOfSeq indicates how many
         MC-Firewall control packets were dropped on this system from the peer
         because the packet was out of sequence."
    ::= { aluMcFwPeerStatsEntry 9 }

aluMcFwPeerStatsDropUnknownTlv OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcFwPeerStatsDropUnknownTlv indicates how many
         MC-Firewall control packets were dropped on this system from the peer
         because the packet contained an unknown TLV."
    ::= { aluMcFwPeerStatsEntry 10 }

aluMcFwPeerStatsDropMD5 OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcFwPeerStatsDropMD5 indicates how many
         MC-Firewall control packets were dropped on this system from the peer
         because the packet failed MD5 authentication."
    ::= { aluMcFwPeerStatsEntry 11 }

aluMcFwPeerStatsPktsTx OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcFwPeerStatsPktsTx indicates how many
         MC-Firewall control packets were transmitted from this system to the peer."
    ::= { aluMcFwPeerStatsEntry 12 }

aluMcFwPeerStatsPktsTxKpalive OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcFwPeerStatsPktsTxKpalive indicates how many
         MC-Firewall control packets of type keepalive were transmitted from
         this system to the peer."
    ::= { aluMcFwPeerStatsEntry 13 }

aluMcFwPeerStatsPktsTxPeerCfg OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcFwPeerStatsPktsTxPeerCfg indicates how many
         MC-Firewall control packets of type peer config were transmitted from
         this system to the peer."
    ::= { aluMcFwPeerStatsEntry 14 }

aluMcFwPeerStatsPktsTxPeerData OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcFwPeerStatsPktsTxPeerData indicates how many
         MC-Firewall control packets of type peer data were transmitted from
         this system to the peer."
    ::= { aluMcFwPeerStatsEntry 15 }

aluMcFwPeerStatsPktsTxFailed OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcFwPeerStatsPktsTxFailed indicates how many
         MC-Firewall control packets failed to be transmitted from
         this system to the peer."
    ::= { aluMcFwPeerStatsEntry 16 }

aluMcFwPeerStatsDropFwNoPeer OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of aluMcFwPeerStatsDropFwNoPeer indicates how many
         pkts were dropped because MC-Firewall does not have a MC-peer
         assigned yet or MC-Firewall is attached to a different peer."
    ::= { aluMcFwPeerStatsEntry 17 }

-- ------------------------------------------------
-- aluMcFwGlobalStats
-- ------------------------------------------------

aluMcFwGlobalStats       OBJECT IDENTIFIER ::= { aluSecMcRedStatsObjs 2}

aluMcFwStatsPktsRx OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsPktsRx indicates how many MC-FW control
         packets with valid authentication were received on this system."
    ::= { aluMcFwGlobalStats 1 }

aluMcFwStatsPktsRxKeepalive OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsPktsRxKeepalive indicates how many valid
         MC-FW control packets of type keepalive were received on this
         system."
    ::= { aluMcFwGlobalStats 2 }

aluMcFwStatsPktsRxPeerConfig OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsPktsRxPeerConfig indicates how many valid
         MC-FW control packets indicating the peer configuration were
         received on this system."
    ::= { aluMcFwGlobalStats 3 }

aluMcFwStatsPktsRxPeerData OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsPktsRxPeerData indicates how many valid
         MC-FW control packets indicating the peer data were
         received on this system."
    ::= { aluMcFwGlobalStats 4 }

aluMcFwStatsDropRxPeerData OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsDropRxPeerData indicates indicates how many MC-Firewall
        control packets of type peer data were dropped on this system from the peer."
    ::= { aluMcFwGlobalStats 5 }

aluMcFwStatsDropPktKpaliveTask OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsDropPktKpaliveTask indicates how many
         MC-FW control packets were dropped on this system because of invalid
         size, authentication or unknown peer."
    ::= { aluMcFwGlobalStats 6 }

aluMcFwStatsDropPktTooShort OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsDropPktTooShort indicates how many
         MC-FW control packets were dropped on this system because the packet
         was too small."
    ::= { aluMcFwGlobalStats 7 }

aluMcFwStatsDropPktVerifyFailed OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsDropPktVerifyFailed indicates how many
         MC-FW control packets were dropped on this system because of invalid
         formatting."
    ::= { aluMcFwGlobalStats 8 }

aluMcFwStatsDropTlvInvalidSize OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsDropTlvInvalidSize indicates how many
         MC-FW control packets were dropped on this system because of invalid
         size."
    ::= { aluMcFwGlobalStats 9 }

aluMcFwStatsDropOutOfSeq OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsDropOutOfSeq indicates how many
         MC-FW control packets were dropped on this system because they were
         out of sequence."
    ::= { aluMcFwGlobalStats 10 }

aluMcFwStatsDropUnknownTlv OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsDropUnknownTlv indicates how many
         MC-FW control packets were dropped on this system because they
         contained an unknown TLV."
    ::= { aluMcFwGlobalStats 11 }

aluMcFwStatsDropMD5 OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsDropMD5 indicates how many
         MC-FW control packets were dropped on this system because they
         failed MD5 authentication."
    ::= { aluMcFwGlobalStats 12 }

aluMcFwStatsDropUnknownPeer OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsDropUnknownPeer indicates how many
         MC-FW control packets were dropped on this system because they
         are coming from an unknown peer."
    ::= { aluMcFwGlobalStats 13 }

aluMcFwStatsPktsTx OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsPktsTx indicates how many
         MC-FW control packets were transmitted from this system."
    ::= { aluMcFwGlobalStats 14 }

aluMcFwStatsPktsTxKeepalive OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsPktsTxKeepalive indicates how many
         MC-FW control packets were transmitted from this system of type
         keepalive."
    ::= { aluMcFwGlobalStats 15 }

aluMcFwStatsPktsTxPeerConfig OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsPktsTxPeerConfig indicates how many
         MC-FW control packets were transmitted from this system of type
         peer config."
    ::= { aluMcFwGlobalStats 16 }

aluMcFwStatsPktsTxPeerData OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsPktsTxPeerData indicates how many
        MC-FW control packets were transmitted from this system of type peer data."
    ::= { aluMcFwGlobalStats 17 }

aluMcFwStatsPktsTxFailed OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsPktsTxFailed indicates how many
         MC-FW control packets failed to be transmitted."
    ::= { aluMcFwGlobalStats 18 }

aluMcFwStatsDropFwNoPeer OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The value of aluMcFwStatsDropFwNoPeer indicates how many
         MC-FW control packets were dropped on this system because no peer
         was assigned or peer did not match."
    ::= { aluMcFwGlobalStats 19 }

aluMcPeerFwBfdSessionOpenStatus OBJECT-TYPE
    SYNTAX         INTEGER {
       ok (0),
       invalidSrcAddr (1), -- bad src address. eg. non-ipV4, all 0
       nonSysLoopbackIf (2), -- bfd interface is neither system nor loopback.
                             -- only central bfd is to be used
       clientUseSessionFail (3), -- attempt to use bfd session failed.
                                 -- eg. bfd is not enabled on the interface
       clientAppUseIfFail (4) -- concerning bfd resources
    }
    MAX-ACCESS     accessible-for-notify
    STATUS         current
    DESCRIPTION    "The value of aluMcPeerFwBfdSessionOpenStatus indicates the
                    status of multi-chassis firewall's attempt to open BFD
                    session to the multi-chassis firewall peer."
    ::= { aluSecMcRedNotifObjs 1 }


aluMcPeerFwBfdSessionOpen NOTIFICATION-TYPE
   OBJECTS {
        tmnxMcPeerSrcIpAddr,
        aluMcPeerFwBfdSessionOpenStatus
   }
   STATUS       current
   DESCRIPTION  "The aluMcPeerFwBfdSessionOpen notification is generated
                 when the multi-chassis firewall is attempting to open BFD
                 session to the multi-chassis firewall peer."
    ::= { aluSecurityNotification 8 }

aluMcPeerFwBfdSessionClose NOTIFICATION-TYPE
   OBJECTS {
        tmnxMcPeerSrcIpAddr
   }
   STATUS       current
   DESCRIPTION  "The aluMcPeerFwBfdSessionClose notification is generated
                 when the multi-chassis firewall is closing BFD session to the
                 multi-chassis firewall peer."
    ::= { aluSecurityNotification 9 }

aluMcPeerFwBfdSessionUp NOTIFICATION-TYPE
   OBJECTS {
        tmnxMcPeerSrcIpAddr
   }
   STATUS       current
   DESCRIPTION  "The aluMcPeerFwBfdSessionUp notification is generated
                 when operational state of the BFD session between the
                 multi-chassis firewall and its peer is changed to 'up'."
    ::= { aluSecurityNotification 10 }

aluMcPeerFwBfdSessionDown NOTIFICATION-TYPE
   OBJECTS {
        tmnxMcPeerSrcIpAddr
   }
   STATUS       current
   DESCRIPTION  "The aluMcPeerFwBfdSessionDown notification is generated
                 when operational state of the BFD session between the
                 multi-chassis firewall and its peer is changed to 'down'."
    ::= { aluSecurityNotification 11 }

aluMcPeerFwOperDown NOTIFICATION-TYPE
   OBJECTS {
        tmnxMcPeerSrcIpAddr
   }
   STATUS       current
   DESCRIPTION  "The aluMcPeerFwOperDown notification is generated
                 when the multi-chassis firewall detects time-out communicating
                 with the multi-chassis firewall peer."
    ::= { aluSecurityNotification 12 }

aluMcPeerFwOperUp NOTIFICATION-TYPE
   OBJECTS {
        tmnxMcPeerSrcIpAddr
   }
   STATUS       current
   DESCRIPTION  "The aluMcPeerFwOperUp notification is generated
                 when the multi-chassis firewall clears time-out condition in
                 communicating with the multi-chassis firewall peer."
    ::= { aluSecurityNotification 13 }

aluMcPeerFwElectionMaster NOTIFICATION-TYPE
   OBJECTS {
        tmnxMcPeerSrcIpAddr
   }
   STATUS       current
   DESCRIPTION  "The aluMcPeerFwElectionMaster notification is generated
                 when the multi-chassis firewall node is elected as a Master."
    ::= { aluSecurityNotification 14 }

aluMcPeerFwElectionSlave NOTIFICATION-TYPE
   OBJECTS {
        tmnxMcPeerSrcIpAddr
   }
   STATUS       current
   DESCRIPTION  "The aluMcPeerFwElectionMaster notification is generated
                 when the multi-chassis firewall node is elected as a Slave."
    ::= { aluSecurityNotification 15 }

aluMcPeerFwMasterPolicySyncClr NOTIFICATION-TYPE
   OBJECTS {
        tmnxMcPeerSrcIpAddr
   }
   STATUS       current
   DESCRIPTION  "The aluMcPeerFwMasterPolicySyncClr notification is generated on a multi-chassis firewall Master node
                 before initiating policy synchronization with its peer."
    ::= { aluSecurityNotification 16 }

aluMcPeerFwMasterPolicySyncSet NOTIFICATION-TYPE
   OBJECTS {
        tmnxMcPeerSrcIpAddr
   }
   STATUS       current
   DESCRIPTION  "The aluMcPeerFwMasterPolicySyncSet notification is generated on a multi-chassis firewall Master node
                 after completing policy synchronization with its Slave peer."
    ::= { aluSecurityNotification 17 }

aluMcPeerFwSlavePolicySyncClr NOTIFICATION-TYPE
   OBJECTS {
        tmnxMcPeerSrcIpAddr
   }
   STATUS       current
   DESCRIPTION  "The aluMcPeerFwSlavePolicySyncClr notification is generated on a multi-chassis firewall Slave node
                 before initiating policy synchronization with its peer."
    ::= { aluSecurityNotification 18 }

aluMcPeerFwSlavePolicySyncSet NOTIFICATION-TYPE
   OBJECTS {
        tmnxMcPeerSrcIpAddr
   }
   STATUS       current
   DESCRIPTION  "The aluMcPeerFwSlavePolicySyncSet notification is generated on a multi-chassis firewall Slave node
                 after completing policy synchronization with its Master peer."
    ::= { aluSecurityNotification 19 }

aluMcPeerFwSessionDbSyncClr NOTIFICATION-TYPE
   OBJECTS {
        tmnxMcPeerSrcIpAddr
   }
   STATUS       current
   DESCRIPTION  "The aluMcPeerFwSessionDbSyncClr notification is generated on a multi-chassis firewall node
                 before initiating Session Database synchronization with its peer."
    ::= { aluSecurityNotification 20 }

aluMcPeerFwSessionDbSyncSet NOTIFICATION-TYPE
   OBJECTS {
        tmnxMcPeerSrcIpAddr
   }
   STATUS       current
   DESCRIPTION  "The aluMcPeerFwSessionDbSyncSet notification is generated on a multi-chassis firewall node
                 after completing Session Database synchronization with its peer."
    ::= { aluSecurityNotification 21 }

--%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
--
--      The compliance specifications.
--

--
-- Conformance Information
--
aluSecurityAdminCompliances     OBJECT IDENTIFIER ::= { aluSecurityAdminConformance 1 }
aluSecurityAdminGroups          OBJECT IDENTIFIER ::= { aluSecurityAdminConformance 2 }
aluSecurityLogGroups            OBJECT IDENTIFIER ::= { aluSecurityAdminConformance 3 }
aluSecurityMcGroups             OBJECT IDENTIFIER ::= { aluSecurityAdminConformance 4 }

aluSecurityOperCompliances      OBJECT IDENTIFIER ::= { aluSecurityOperConformance 1 }
aluSecurityOperGroups           OBJECT IDENTIFIER ::= { aluSecurityOperConformance 2 }
aluSecurityNotifyGroups         OBJECT IDENTIFIER ::= { aluSecurityOperConformance 3 }

-- compliance statements   
   
aluSecurity7705V6v1Compliance MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
        "The compliance statement for management of security features
         on Nokia 7705 SAR series systems release R6.1."
    MODULE  -- this module
        MANDATORY-GROUPS {
            aluSecPlcyAdminGroup,
            aluZonePlcyConfigGroup,
            aluSecPlcyConfigGroup,
            aluZoneOperGroup,
            aluSecPlcyOperGroup,
            aluSecStatsGroup,
            aluSecStatsV7v0Group,
            aluSecNotificationGroup      
        }
    ::= { aluSecurityAdminCompliances 1 }


-- units of conformance

aluSecPlcyAdminGroup     OBJECT-GROUP
    OBJECTS   {
        aluSecPlcyAdminControlApply,
        aluSecPlcyBypass,
        aluSecPlcyLastCommit,
        aluSecPlcyCount,
        aluSecPlcyProfileCount,
        aluSecPlcyZoneCount,
        aluSecActiveSessionCount,
        aluSecActiveSessionLimit,
        aluSecActiveSessionHiWtrMrk,
        aluSecActiveSessionLoWtrMrk,
        aluSecPlcyState,
        aluSecSessionResourceState
    }
    STATUS    current
    DESCRIPTION
        "The group of objects to manage the Security Policy Administration
         on Nokia 7705 SAR series systems."
    ::= { aluSecurityAdminGroups 1 }
    
aluZonePlcyConfigGroup     OBJECT-GROUP
    OBJECTS   {
        aluZoneConfigName,
        aluZoneConfigRowStatus,
        aluZoneConfigDescription,
        aluZoneConfigControlApply,
        aluZoneConfigType,
        aluZoneConfigSvcId,
        aluZoneConfigState,
        aluZoneConfigBypass,
        aluZonePlcyConfigRowStatus,
        aluZonePlcyConfigSecPlcyId
    }
    STATUS    current
    DESCRIPTION
        "The group of objects to manage the Security Zones
         on Nokia 7705 SAR series systems."
    ::= { aluSecurityAdminGroups 2 }
        
aluSecPlcyConfigGroup     OBJECT-GROUP
    OBJECTS   {
        aluSecPlcyConfigRowStatus,
        aluSecPlcyConfigName,
        aluSecPlcyConfigDescription,
        aluSecPlcyParamsConfigRowStatus,
        aluSecPlcyParamsConfigDescription,
        aluSecPlcyParamsConfigMatchSrcIPAddrValue1,
        aluSecPlcyParamsConfigMatchSrcIPAddrValue2,
        aluSecPlcyParamsConfigMatchSrcIPOperator,
        aluSecPlcyParamsConfigMatchSrcIPHostGroup,
        aluSecPlcyParamsConfigMatchDstIPAddrValue1,
        aluSecPlcyParamsConfigMatchDstIPAddrValue2,
        aluSecPlcyParamsConfigMatchDstIPOperator,
        aluSecPlcyParamsConfigMatchDstIPHostGroup,
        aluSecPlcyParamsConfigMatchProtocol,
        aluSecPlcyParamsConfigMatchSrcPortValue1,
        aluSecPlcyParamsConfigMatchSrcPortValue2,
        aluSecPlcyParamsConfigMatchSrcPortOp,
        aluSecPlcyParamsConfigMatchDstPortValue1,
        aluSecPlcyParamsConfigMatchDstPortValue2,
        aluSecPlcyParamsConfigMatchDstPortOp,
        aluSecPlcyParamsConfigMatchAppGroup,
        aluSecPlcyParamsConfigMatchIcmpCode,
        aluSecPlcyParamsConfigMatchIcmpType,
        aluSecPlcyParamsConfigMatchIgmpType,
        aluSecPlcyParamsConfigMatchFlowDirection,
        aluSecPlcyParamsConfigProfileId,
        aluSecPlcyParamsConfigConcurrentFlowLimit,
        aluSecPlcyParamsConfigCreateRevDirFlow,
        aluSecPlcyParamsConfigAction,
        aluZoneNatPoolConfigName,
        aluZoneNatPoolConfigRowStatus,
        aluZoneNatPoolConfigDescription,
        aluZoneNatPoolConfigType,
        aluZoneNatPoolConfigDirection,
        aluZoneNatPoolParamsConfigRowStatus,
        aluZoneNatPoolParamsConfigIPAddrValue1,
        aluZoneNatPoolParamsConfigIPAddrValue2,
        aluZoneNatPoolParamsConfigIPOperator,
        aluZoneNatPoolParamsConfigIPInterfaceIndex,
        aluZoneNatPoolParamsConfigPortOperator,
        aluZoneNatPoolParamsConfigPortValue1,
        aluZoneNatPoolParamsConfigPortValue2,
        aluSecProfileConfigRowStatus,
        aluSecProfileConfigName,
        aluSecProfileConfigDescription,
        aluSecProfileConfigTcpSynTimeout,
        aluSecProfileConfigTcpWaitTimeout,
        aluSecProfileConfigTcpTransTimeout,
        aluSecProfileConfigTcpEstTimeout,
        aluSecProfileConfigUdpTimeout,
        aluSecProfileConfigUdpInitTimeout,
        aluSecProfileConfigUdpDnsTimeout,
        aluSecProfileConfigIcmpTimeout,
        aluSecProfileConfigOtherTimeout            
    }
    STATUS    current
    DESCRIPTION
        "The group of objects to manage the Security Policies
         on Nokia 7705 SAR series systems."
    ::= { aluSecurityAdminGroups 3 }
            
aluSecPlcyDstNatGroup     OBJECT-GROUP
    OBJECTS   {
        aluSecPlcyParamsConfigMatchLocal,
        aluSecPlcyParamsConfigActionNatDstIPAddr,
        aluSecPlcyParamsConfigActionNatDstPort,
        aluSecPlcyParamsOperMatchLocal,
        aluSecPlcyParamsOperActionNatDstIPAddr,
        aluSecPlcyParamsOperActionNatDstPort,
        aluZoneInboundSessionNatDstIPAddrValue,
        aluZoneInboundSessionNatDstPortValue,
        aluZoneOutboundSessionNatDstIPAddrValue,
        aluZoneOutboundSessionNatDstPortValue
    }
    STATUS    current
    DESCRIPTION
        "The group of objects to manage the Security Policies
         Dst NAT on Nokia 7705 SAR series systems."
    ::= { aluSecurityAdminGroups 4 }

aluSecFirewallAdminGroup     OBJECT-GROUP
    OBJECTS   {
        aluSecProfileConfigAppInspect,
        aluSecProfileConfigInspectTcp,
        aluSecProfileConfigInspectIpOpt,
        aluSecProfileConfigAllowedIpOpt,
        aluSecProfileConfigAllowPktFrag,
        aluSecProfileConfigAlg,
        aluSecProfileConfigIcmpReqLimit,
        aluSecProfileConfigIcmpErrLimit,
        aluSecProfileConfigDnsReplyOnly,
        aluSecProfileConfigTcpTmoStrict,
        aluSecProfileConfigUdpTmoStrict,
        aluSecProfileConfigIcmpTmoStrict,
        aluSecProfileConfigDnsTmoStrict,
        aluSecProfileConfigOthTmoStrict,
        aluSecProfileConfigFwdPolicerId,
        aluSecProfileConfigRevPolicerId,        
        aluZoneConfigInTcpSessLimit,
        aluZoneConfigInUdpSessLimit,
        aluZoneConfigInIcmpSessLimit,
        aluZoneConfigInOthSessLimit,
        aluZoneConfigOutTcpSessLimit,
        aluZoneConfigOutUdpSessLimit,
        aluZoneConfigOutIcmpSessLimit,
        aluZoneConfigOutOthSessLimit,
        aluZoneConfigLogId,
        aluZoneConfigAutoBind
    }
    STATUS    current
    DESCRIPTION
        "The group of objects to provision firewall
         on Nokia 7705 SAR series systems."
    ::= { aluSecurityAdminGroups 5 }

aluSecGroupConfigGroup     OBJECT-GROUP
    OBJECTS   {
        aluSecHostGrpConfigRowStatus,
        aluSecHostGrpConfigName,
        aluSecHostGrpConfigDescription,
        aluSecHostConfigRowStatus,
        aluSecHostConfigIPAddrValue2,
        aluSecHostConfigIPOperator,
        aluSecAppGrpConfigRowStatus,
        aluSecAppGrpConfigName,
        aluSecAppGrpConfigDescription,
        aluSecAppConfigRowStatus,
        aluSecAppConfigMatchProtocol,
        aluSecAppConfigMatchSrcPortValue1,
        aluSecAppConfigMatchSrcPortValue2,
        aluSecAppConfigMatchSrcPortOp,
        aluSecAppConfigMatchDstPortValue1,
        aluSecAppConfigMatchDstPortValue2,
        aluSecAppConfigMatchDstPortOp,
        aluSecAppConfigMatchIcmpCode,
        aluSecAppConfigMatchIcmpType,
        aluSecPolicerGrpConfigRowStatus,
        aluSecPolicerGrpConfigName,
        aluSecPolicerGrpConfigDescription,
        aluSecPolicerGrpConfigRate,
        aluSecPolicerGrpConfigRateCbs       
    }
    STATUS    current
    DESCRIPTION
        "The group of objects to manage the Security Groups
         on Nokia 7705 SAR series systems."
    ::= { aluSecurityAdminGroups 6 }
        
aluZoneOperGroup     OBJECT-GROUP
    OBJECTS   {
        aluZoneOperName,
        aluZoneOperDescription,
        aluZoneOperPlcyRuleCount,
        aluZoneOperType,
        aluZoneOperSvcId,
        aluZoneOperBypass,
        aluZoneOperInSessionCount,
        aluZoneOperInActiveSessions,
        aluZoneOperOutSessionCount,
        aluZoneOperOutActiveSessions,
        aluZoneOperInPktsDropped,
        aluZoneOperInBytesDropped,
        aluZoneOperOutPktsDropped,
        aluZoneOperOutBytesDropped,
        aluZoneOperInPktsDefAction,
        aluZoneOperInBytesDefAction,
        aluZoneOperOutPktsDefAction,
        aluZoneOperOutBytesDefAction,
        aluZoneOperPlcyLastCommit,
        aluZonePlcyOperEntryId,
        aluZonePlcyOperActive,
        aluZonePlcyOperFlags,
        aluZonePlcyOperSecPlcyId,
        aluZonePlcyOperSecPlcyRuleId,
        aluZonePlcyOperNatPoolId,
        aluZonePlcyOperRuleHitCount,
        aluZonePlcyOperRuleActiveSessions,
        aluZoneInboundSessionProtocol,
        aluZoneInboundSessionSrcZoneId,
        aluZoneInboundSessionSrcIPAddrValue,
        aluZoneInboundSessionSrcPortValue,
        aluZoneInboundSessionDstIPAddrValue,
        aluZoneInboundSessionDstPortValue,
        aluZoneInboundSessionRevDirCreated,
        aluZoneInboundSessionAction,
        aluZoneInboundSessionNatSrcIPAddrValue,
        aluZoneInboundSessionNatSrcPortValue,
        aluZoneInboundSessionEstablished,
        aluZoneOutboundSessionProtocol,
        aluZoneOutboundSessionDstZoneId,
        aluZoneOutboundSessionSrcIPAddrValue,
        aluZoneOutboundSessionSrcPortValue,
        aluZoneOutboundSessionDstIPAddrValue,
        aluZoneOutboundSessionDstPortValue,
        aluZoneOutboundSessionRevDirCreated,
        aluZoneOutboundSessionAction,
        aluZoneOutboundSessionNatSrcIPAddrValue,
        aluZoneOutboundSessionNatSrcPortValue,
        aluZoneOutboundSessionEstablished,        
        aluSecProfileOperName,
        aluSecProfileOperDescription,
        aluSecProfileOperPlcyRefCount,
        aluSecProfileOperTcpSynTimeout,
        aluSecProfileOperTcpWaitTimeout,
        aluSecProfileOperTcpTransTimeout,
        aluSecProfileOperTcpEstTimeout,
        aluSecProfileOperUdpTimeout,
        aluSecProfileOperUdpInitTimeout,
        aluSecProfileOperUdpDnsTimeout,
        aluSecProfileOperIcmpTimeout,
        aluSecProfileOperOtherTimeout
    }
    STATUS    obsolete
    DESCRIPTION
        "The group of objects to manage the Security Zone Groups
         on Nokia 7705 SAR series systems."
    ::= { aluSecurityOperGroups 1 }
        
aluSecPlcyOperGroup     OBJECT-GROUP
    OBJECTS   {
        aluSecPlcyOperName,
        aluSecPlcyOperDescription,
        aluSecPlcyOperRuleCount,
        aluSecPlcyOperZoneRefCount,
        aluSecPlcyParamsOperDescription,
        aluSecPlcyParamsOperMatchSrcIPAddrValue1,
        aluSecPlcyParamsOperMatchSrcIPAddrValue2,
        aluSecPlcyParamsOperMatchSrcIPOperator,
        aluSecPlcyParamsOperMatchSrcIPHostGroup,
        aluSecPlcyParamsOperMatchDstIPAddrValue1,
        aluSecPlcyParamsOperMatchDstIPAddrValue2,
        aluSecPlcyParamsOperMatchDstIPOperator,
        aluSecPlcyParamsOperMatchDstIPHostGroup,
        aluSecPlcyParamsOperMatchProtocol,
        aluSecPlcyParamsOperMatchSrcPortValue1,
        aluSecPlcyParamsOperMatchSrcPortValue2,
        aluSecPlcyParamsOperMatchSrcPortOp,
        aluSecPlcyParamsOperMatchDstPortValue1,
        aluSecPlcyParamsOperMatchDstPortValue2,
        aluSecPlcyParamsOperMatchDstPortOp,
        aluSecPlcyParamsOperMatchAppGroup,
        aluSecPlcyParamsOperMatchIcmpCode,
        aluSecPlcyParamsOperMatchIcmpType,
        aluSecPlcyParamsOperMatchIgmpType,
        aluSecPlcyParamsOperMatchFlowDirection,
        aluSecPlcyParamsOperProfileId,
        aluSecPlcyParamsOperConcurrentFlowLimit,
        aluSecPlcyParamsOperCreateRevDirFlow,
        aluSecPlcyParamsOperAction,
        aluZoneNatPoolOperName,
        aluZoneNatPoolOperDescription,
        aluZoneNatPoolOperType,
        aluZoneNatPoolOperDirection,
        aluZoneNatPoolParamsOperIPAddrValue1,
        aluZoneNatPoolParamsOperIPAddrValue2,
        aluZoneNatPoolParamsOperIPOperator,
        aluZoneNatPoolParamsOperIPInterfaceIndex,
        aluZoneNatPoolParamsOperPortOperator,
        aluZoneNatPoolParamsOperPortValue1,
        aluZoneNatPoolParamsOperPortValue2    
    }
    STATUS    current
    DESCRIPTION
        "The group of objects to manage the Security Policies
         on Nokia 7705 SAR series systems."
    ::= { aluSecurityOperGroups 2 }

aluSecStatsGroup     OBJECT-GROUP
    OBJECTS   {
        aluSecSessionOutboundZoneId,
        aluSecSessionInboundZoneId,
        aluSecSessionFwdPktsPassed,
        aluSecSessionFwdBytesPassed,
        aluSecSessionRevPktsPassed,
        aluSecSessionRevBytesPassed
    }
    STATUS    current
    DESCRIPTION
        "The group of objects to retrieve stats
         on Nokia 7705 SAR series systems."
    ::= { aluSecurityOperGroups 3 }

aluSecFirewallOperGroup     OBJECT-GROUP
    OBJECTS   {
        aluSecProfileOperAppInspect,
        aluSecProfileOperInspectTcp,
        aluSecProfileOperInspectIpOpt,
        aluSecProfileOperAllowedIpOpt,
        aluSecProfileOperAllowPktFrag,
        aluSecProfileOperAlg,
        aluSecProfileOperIcmpReqLimit,
        aluSecProfileOperIcmpErrLimit,
        aluSecProfileOperDnsReplyOnly,
        aluSecProfileOperTcpTmoStrict,
        aluSecProfileOperUdpTmoStrict,
        aluSecProfileOperIcmpTmoStrict,
        aluSecProfileOperDnsTmoStrict,
        aluSecProfileOperOthTmoStrict,
        aluSecProfileOperFwdPolicerId,
        aluSecProfileOperRevPolicerId,        
        aluZoneOperInTcpSessLimit,
        aluZoneOperInUdpSessLimit,
        aluZoneOperInIcmpSessLimit,
        aluZoneOperInOthSessLimit,
        aluZoneOperInTcpActSessions,
        aluZoneOperInUdpActSessions,
        aluZoneOperInIcmpActSessions,
        aluZoneOperInOthActSessions,
        aluZoneOperOutTcpSessLimit,
        aluZoneOperOutUdpSessLimit,
        aluZoneOperOutIcmpSessLimit,
        aluZoneOperOutOthSessLimit,
        aluZoneOperOutTcpActSessions,
        aluZoneOperOutUdpActSessions,
        aluZoneOperOutIcmpActSessions,
        aluZoneOperOutOthActSessions,
        aluZoneOperLogId,
        aluZoneOperAutoBind,
        aluZoneInboundSessionAlg,        
        aluZoneInboundSessionInspect,        
        aluZoneInboundSessionCreator,        
        aluZoneOutboundSessionAlg,        
        aluZoneOutboundSessionInspect,
        aluZoneInboundSessionFwdPolicerId,
        aluZoneInboundSessionRevPolicerId,
        aluZoneOutboundSessionFwdPolicerId,
        aluZoneOutboundSessionRevPolicerId,
        aluZoneOutboundSessionCreator
    }
    STATUS    current
    DESCRIPTION
        "The group of objects to provision firewall
         on Nokia 7705 SAR series systems."
    ::= { aluSecurityOperGroups 4 }

aluSecStatsV7v0Group     OBJECT-GROUP
    OBJECTS   {
        aluSecZoneRxCtrlQueueFwdPkts,
        aluSecZoneRxCtrlQueueFwdBytes,
        aluSecZoneRxCtrlQueueDroPkts,
        aluSecZoneRxCtrlQueueDroBytes,
        aluSecZoneRxCtrlQueueAutoBind,
        aluSecSessionFwdDropActionPkts,
        aluSecSessionFwdDropIpOptPkts,
        aluSecSessionRevDropIpOptPkts,
        aluSecSessionFwdDropMaxPkts,
        aluSecSessionRevDropMaxPkts,
        aluSecSessionFwdDropMaxIcmpErr,
        aluSecSessionRevDropMaxIcmpErr,
        aluSecSessionFwdSecurityDrop,
        aluSecSessionRevSecurityDrop,
        aluSecSessionFwdPolicerDrop,
        aluSecSessionRevPolicerDrop,
        aluSecEngineUtilization,
        aluSecEngineRxQueueCtrlPkts,
        aluSecEngineRxQueueDataPkts,
        aluSecEngineRxQueueDropPkts,
        aluSecEngineDropPkts,
        aluSecTotalSessionCount,
        aluSecSessionRevDropActionPkts
    }
    STATUS    current
    DESCRIPTION
        "The group of objects to retrieve stats added 
        in Release 7.0 on Nokia 7705 SAR series systems."
    ::= { aluSecurityOperGroups 5 }

aluSecGroupOperGroup     OBJECT-GROUP
    OBJECTS   {
        aluSecHostGrpOperName,
        aluSecHostGrpOperDescription,
        aluSecHostGrpOperPlcyRefCount,
        aluSecHostOperIPAddrValue2,
        aluSecHostOperIPOperator,
        aluSecAppGrpOperName,
        aluSecAppGrpOperDescription,
        aluSecAppGrpOperPlcyRefCount,
        aluSecAppOperMatchProtocol,
        aluSecAppOperMatchSrcPortValue1,
        aluSecAppOperMatchSrcPortValue2,
        aluSecAppOperMatchSrcPortOp,
        aluSecAppOperMatchDstPortValue1,
        aluSecAppOperMatchDstPortValue2,
        aluSecAppOperMatchDstPortOp,
        aluSecAppOperMatchIcmpCode,
        aluSecAppOperMatchIcmpType,
        aluSecPolicerGrpOperName,
        aluSecPolicerGrpOperDescription,
        aluSecPolicerGrpOperRate,
        aluSecPolicerGrpOperRateCbs,
        aluSecPolicerGrpOperPlcyRefCount,
        aluSecPolicerGrpOperFwdPktsPassed,
        aluSecPolicerGrpOperFwdBytesPassed,
        aluSecPolicerGrpOperFwdPktsDrop,
        aluSecPolicerGrpOperRevPktsPassed,
        aluSecPolicerGrpOperRevBytesPassed,
        aluSecPolicerGrpOperRevPktsDrop
    }
    STATUS    current
    DESCRIPTION
        "The group of operational objects of the Security Groups
         on Nokia 7705 SAR series systems."
    ::= { aluSecurityOperGroups 6 }
    
aluZoneOperGroupV7v0    OBJECT-GROUP
    OBJECTS   {
        aluZoneOperName,
        aluZoneOperDescription,
        aluZoneOperPlcyRuleCount,
        aluZoneOperType,
        aluZoneOperSvcId,
        aluZoneOperBypass,
        aluZoneOperInSessionCount,
        aluZoneOperInActiveSessions,
        aluZoneOperOutSessionCount,
        aluZoneOperOutActiveSessions,
        aluZoneOperInPktsDropped,
        aluZoneOperOutPktsDropped,
        aluZoneOperInPktsDefAction,
        aluZoneOperOutPktsDefAction,
        aluZoneOperPlcyLastCommit,
        aluZonePlcyOperEntryId,
        aluZonePlcyOperActive,
        aluZonePlcyOperFlags,
        aluZonePlcyOperSecPlcyId,
        aluZonePlcyOperSecPlcyRuleId,
        aluZonePlcyOperNatPoolId,
        aluZonePlcyOperRuleHitCount,
        aluZonePlcyOperRuleActiveSessions,
        aluZoneInboundSessionProtocol,
        aluZoneInboundSessionSrcZoneId,
        aluZoneInboundSessionSrcIPAddrValue,
        aluZoneInboundSessionSrcPortValue,
        aluZoneInboundSessionDstIPAddrValue,
        aluZoneInboundSessionDstPortValue,
        aluZoneInboundSessionRevDirCreated,
        aluZoneInboundSessionAction,
        aluZoneInboundSessionNatSrcIPAddrValue,
        aluZoneInboundSessionNatSrcPortValue,
        aluZoneInboundSessionEstablished,
        aluZoneOutboundSessionProtocol,
        aluZoneOutboundSessionDstZoneId,
        aluZoneOutboundSessionSrcIPAddrValue,
        aluZoneOutboundSessionSrcPortValue,
        aluZoneOutboundSessionDstIPAddrValue,
        aluZoneOutboundSessionDstPortValue,
        aluZoneOutboundSessionRevDirCreated,
        aluZoneOutboundSessionAction,
        aluZoneOutboundSessionNatSrcIPAddrValue,
        aluZoneOutboundSessionNatSrcPortValue,
        aluZoneOutboundSessionEstablished,        
        aluSecProfileOperName,
        aluSecProfileOperDescription,
        aluSecProfileOperPlcyRefCount,
        aluSecProfileOperTcpSynTimeout,
        aluSecProfileOperTcpWaitTimeout,
        aluSecProfileOperTcpTransTimeout,
        aluSecProfileOperTcpEstTimeout,
        aluSecProfileOperUdpTimeout,
        aluSecProfileOperUdpInitTimeout,
        aluSecProfileOperUdpDnsTimeout,
        aluSecProfileOperIcmpTimeout,
        aluSecProfileOperOtherTimeout,
        aluZoneOperInFwdAction,
        aluZoneOperOutFwdAction,
        aluZoneOperInNatAction,
        aluZoneOperOutNatAction,
        aluZoneOperInDropAction,
        aluZoneOperOutDropAction
    }
    STATUS    current
    DESCRIPTION
        "The group of objects to manage the Security Zone Groups
         on Nokia 7705 SAR series systems."
    ::= { aluSecurityOperGroups 7 }
        
aluSecNotificationGroup NOTIFICATION-GROUP
    NOTIFICATIONS   {   aluSecPlcyActionPerformed,
                        aluSecZonePlcyActionPerformed,
                        aluSecSessionWtrMrkModified,
                        aluSecSessionHiWtrMrkCrossed,
                        aluSecSessionLoWtrMrkCrossed,
                        aluSecSessionsExhausted,
                        aluSecZonePlcyRuleStateChange
                    }
    STATUS        current
    DESCRIPTION
        "The group of notifications supporting the management of 
        security on Nokia SAR series systems."
    ::= { aluSecurityNotifyGroups 1 }

aluSecNotificationObjsGroup     OBJECT-GROUP
    OBJECTS   {
        aluSecNotifyPlcyAction,
        aluSecNotifyRuleActive,
        aluSecNotifyZoneId,
        aluSecNotifyZoneRuleId
    }
    STATUS    current
    DESCRIPTION
        "The group of objects to manage the Security Zone Groups
         on Nokia 7705 SAR series systems."
    ::= { aluSecurityNotifyGroups 2 } 

aluSecLogObjsGroup     OBJECT-GROUP
    OBJECTS   {
        aluSecLogName,
        aluSecLogRowStatus,
        aluSecLogDescription,
        aluSecLogEnabled,
        aluSecLogDestination,
        aluSecLogMemSize,
        aluSecLogMemWrap,
        aluSecLogSysLogId,
        aluSecLogLogProfileId,
        aluSecLogApplied,
        aluSecLogNextEventNum,
        aluSecLogEventName,    
        aluSecLogEventControl,
        aluSecLogProfileName,    
        aluSecLogProfileRowStatus,
        aluSecLogProfileDescription,
        aluSecLogProfileApplied,
        aluSecPlcyParamsConfigLogControl,
        aluSecPlcyParamsConfigLogId,
        aluSecPlcyParamsOperLogControl,
        aluSecPlcyParamsOperLogId
    }
    STATUS    current
    DESCRIPTION
        "The group of objects to manage the Security Log Groups
         on Nokia 7705 SAR series systems."
    ::= { aluSecurityLogGroups 1 } 

aluMcPeerFwGroup OBJECT-GROUP
    OBJECTS {
       aluMcPeerFwAdminState,
       aluMcPeerFwBootTimer,
       aluMcPeerFwHoldOnNbrFail,
       aluMcPeerFwKeepAliveIntvl,
       aluMcPeerFwLastChanged,
       aluMcPeerFwRefCount,
       aluMcPeerFwBfd,
       aluMcPeerFwRowStatus,
       aluMcPeerFwSysPriority,
       aluMcPeerFwTableLastChanged,
       aluMcFwPeerStatsDropMD5,
       aluMcFwPeerStatsDropRxPeerData,
       aluMcFwPeerStatsDropOutOfSeq,
       aluMcFwPeerStatsDropPktTooShrt,
       aluMcFwPeerStatsDropStateDsbld,
       aluMcFwPeerStatsDropTlvInvldSz,
       aluMcFwPeerStatsDropUnknownTlv,
       aluMcFwPeerStatsPktsRx,
       aluMcFwPeerStatsPktsRxKpalive,
       aluMcFwPeerStatsPktsRxPeerCfg,
       aluMcFwPeerStatsPktsRxPeerData,
       aluMcFwPeerStatsPktsTx,
       aluMcFwPeerStatsPktsTxFailed,
       aluMcFwPeerStatsPktsTxKpalive,
       aluMcFwPeerStatsPktsTxPeerCfg,
       aluMcFwPeerStatsPktsTxPeerData,
       aluMcFwPeerStatsDropFwNoPeer,
       aluMcPeerFwOperState,
       aluMcPeerFwPeerLastStateChge,
       aluMcFwStatsDropFwNoPeer,
       aluMcFwStatsDropMD5,
       aluMcFwStatsDropOutOfSeq,
       aluMcFwStatsDropPktKpaliveTask,
       aluMcFwStatsDropRxPeerData,
       aluMcFwStatsDropPktTooShort,
       aluMcFwStatsDropPktVerifyFailed,
       aluMcFwStatsDropTlvInvalidSize,
       aluMcFwStatsDropUnknownPeer,
       aluMcFwStatsDropUnknownTlv,
       aluMcFwStatsPktsRx,
       aluMcFwStatsPktsRxKeepalive,
       aluMcFwStatsPktsRxPeerConfig,
       aluMcFwStatsPktsRxPeerData,
       aluMcFwStatsPktsTx,
       aluMcFwStatsPktsTxFailed,
       aluMcFwStatsPktsTxKeepalive,
       aluMcFwStatsPktsTxPeerConfig,
       aluMcFwStatsPktsTxPeerData,
       aluMcPeerFwRefCount,
       aluMcPeerFwEncryption,
       aluMcPeerFwEncryptionAuthAlg,
       aluMcPeerFwEncryptionEncrAlg,
       aluMcPeerFwEncryptionActOutSa,
       aluMcPeerFwEncryptionSpi1,
       aluMcPeerFwEncryptionSpiAuthKey1,
       aluMcPeerFwEncryptionSpiEncrKey1,
       aluMcPeerFwEncryptionSpi2,
       aluMcPeerFwEncryptionSpiAuthKey2,
       aluMcPeerFwEncryptionSpiEncrKey2
    }
    STATUS        current
    DESCRIPTION
        "The group of notification objects supporting multi-chassis redundancy
         peer group on Nokia SROS 7.0 series systems."
    ::= { aluSecurityMcGroups 1 }

aluMcPeerFwNotifyObjsV7v0Group OBJECT-GROUP
    OBJECTS {
        aluMcPeerFwBfdSessionOpenStatus
    }
    STATUS      current
    DESCRIPTION
        "The group of objects supporting management of multi-chassis fw
         notification objects on Nokia SROS series systems."
    ::= { aluSecurityMcGroups 2 }

aluMcPeerFwV7v0NotifGroup NOTIFICATION-GROUP
    NOTIFICATIONS {
        aluMcPeerFwBfdSessionClose,
        aluMcPeerFwBfdSessionOpen,
        aluMcPeerFwBfdSessionDown,
        aluMcPeerFwBfdSessionUp,
        aluMcPeerFwOperDown,
        aluMcPeerFwOperUp,
        aluMcPeerFwElectionMaster,
        aluMcPeerFwElectionSlave,
        aluMcPeerFwMasterPolicySyncClr,
        aluMcPeerFwMasterPolicySyncSet,
        aluMcPeerFwSlavePolicySyncClr,
        aluMcPeerFwSlavePolicySyncSet,
        aluMcPeerFwSessionDbSyncClr,
        aluMcPeerFwSessionDbSyncSet
    }
    STATUS      current
    DESCRIPTION
        "The group of notifications supporting multi-chassis fw on
        the Nokia SROS series systems."
    ::= { aluSecurityMcGroups 3 }

END