-- ***************************************************************** -- FS-SECZONE-CONTEXT-MIB.mib: FS security zone MIB file for multiple context -- -- December 2009, rendh -- -- Copyright (c) 2009 by FS.COM Inc.. -- All rights reserved. -- -- ***************************************************************** -- FS-SECZONE-CONTEXT-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, IpAddress FROM SNMPv2-SMI DisplayString, RowStatus FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF ConfigStatus FROM FS-TC fsMgmt FROM FS-SMI; fsSecZoneVCMIB MODULE-IDENTITY LAST-UPDATED "200912060000Z" ORGANIZATION "FS.COM Inc.." CONTACT-INFO " Tel: 400-865-2852 E-mail: https://www.fs.com/live_chat_service_mail.html" DESCRIPTION "This module defines my Security Zone mibs for multiple context." REVISION "200912060000Z" DESCRIPTION "Initial version of this MIB module." ::= { fsMgmt 68 } fsSecZoneVCMIBObjects OBJECT IDENTIFIER ::= { fsSecZoneVCMIB 1 } -- ***************************************************************************************** -- define Security Zone chain -- ***************************************************************************************** fsSecZoneChainVCTable OBJECT-TYPE SYNTAX SEQUENCE OF FSSecZoneChainVCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of Security Zone Chain entries." ::= { fsSecZoneVCMIBObjects 1 } fsSecZoneChainVCEntry OBJECT-TYPE SYNTAX FSSecZoneChainVCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry contains chain name and level." INDEX {fsSecZoneContextNameVC,fsSecZoneChainNameVC } ::= { fsSecZoneChainVCTable 1 } FSSecZoneChainVCEntry ::= SEQUENCE { fsSecZoneContextNameVC DisplayString, fsSecZoneChainNameVC DisplayString, fsSecZoneLevelVC INTEGER, fsSecZoneAclNameVC DisplayString, fsSecZoneViolationNotifyThreshVC INTEGER, fsSecZoneViolationNotifyActionVC INTEGER, fsSecZoneViolationBlockThreshVC INTEGER, fsSecZoneViolationBlockActionVC INTEGER, fsSecZoneViolationBlockTimeoutVC INTEGER, fsSecZoneChainEntryStatusVC RowStatus } fsSecZoneContextNameVC OBJECT-TYPE SYNTAX DisplayString(SIZE (1..31)) MAX-ACCESS read-only STATUS current DESCRIPTION "context name of this entry." ::= { fsSecZoneChainVCEntry 1 } fsSecZoneChainNameVC OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "security zone chain name of this entry." ::= { fsSecZoneChainVCEntry 2 } fsSecZoneLevelVC OBJECT-TYPE SYNTAX INTEGER(0..100) MAX-ACCESS read-create STATUS current DESCRIPTION "Config level of this Seczone. value 0 means level is not defined so cannot use for comparing two zones's level " DEFVAL{ 0 } ::= { fsSecZoneChainVCEntry 3 } fsSecZoneAclNameVC OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Access list name of security zone belong to. " ::= { fsSecZoneChainVCEntry 4 } fsSecZoneViolationNotifyThreshVC OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Threshold of security zone access violation . value 0 means no notify." DEFVAL{ 0 } ::= {fsSecZoneChainVCEntry 5 } fsSecZoneViolationNotifyActionVC OBJECT-TYPE SYNTAX INTEGER{ nologtrap(0), log(1), trap(2), logtrap(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "Action of security zone access violation Notify:nologtrap(0),log (1), trap (2) , log and trap(3)." DEFVAL{ 0 } ::= {fsSecZoneChainVCEntry 6 } fsSecZoneViolationBlockThreshVC OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Threshold of security zone access violation Blocking. value 0 means no block." DEFVAL{ 0 } ::= {fsSecZoneChainVCEntry 7 } fsSecZoneViolationBlockActionVC OBJECT-TYPE SYNTAX INTEGER{ globalblock (1), zoneblock(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Action of security zone access violation Blocking:globalblock(1),zoneblock(2) ." DEFVAL{ 1 } ::= {fsSecZoneChainVCEntry 8 } fsSecZoneViolationBlockTimeoutVC OBJECT-TYPE SYNTAX INTEGER (0..3600) MAX-ACCESS read-create STATUS current DESCRIPTION "Timeout(minutes)of security zone access violation Blocking . value 0 means block permanently" DEFVAL{ 1 } ::= {fsSecZoneChainVCEntry 9 } fsSecZoneChainEntryStatusVC OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Status of this entry, set its value to invalid will delete this entry. set its value to valid has no effect." ::= { fsSecZoneChainVCEntry 10 } -- ***************************************************************************************** -- define zone to zone policy for multi context -- ***************************************************************************************** fsSecZone2ZoneVCTable OBJECT-TYPE SYNTAX SEQUENCE OF FSSecZone2ZoneVCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of Two Security Zone entries." ::= { fsSecZoneVCMIBObjects 2 } fsSecZone2ZoneVCEntry OBJECT-TYPE SYNTAX FSSecZone2ZoneVCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry contains policy from one Zone to another Zone ." INDEX { fsZone2ZoneContextNameVC, fsZoneFirstNameVC ,fsZoneSecondNameVC,fsZone2ZoneAclNameVC } ::= { fsSecZone2ZoneVCTable 1 } FSSecZone2ZoneVCEntry ::= SEQUENCE { fsZone2ZoneContextNameVC DisplayString, fsZoneFirstNameVC DisplayString, fsZoneSecondNameVC DisplayString, fsZone2ZoneAclNameVC DisplayString, fsZone2ZoneEntryStautsVC RowStatus } fsZone2ZoneContextNameVC OBJECT-TYPE SYNTAX DisplayString(SIZE (1..31)) MAX-ACCESS read-only STATUS current DESCRIPTION "context name of this entry." ::= { fsSecZone2ZoneVCEntry 1 } fsZoneFirstNameVC OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "First zone name of this entry." ::= { fsSecZone2ZoneVCEntry 2 } fsZoneSecondNameVC OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "Second zone name of this entry." ::= { fsSecZone2ZoneVCEntry 3 } fsZone2ZoneAclNameVC OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "Key chain name of this entry." ::= { fsSecZone2ZoneVCEntry 4 } fsZone2ZoneEntryStautsVC OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "entry status for this list." ::= { fsSecZone2ZoneVCEntry 5 } -- ***************************************************************************************** -- blocking ip table for multi context -- ***************************************************************************************** fsSecZoneBlockingVCTable OBJECT-TYPE SYNTAX SEQUENCE OF FSSecZoneBlockingVCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of IP blocking entries." ::= { fsSecZoneVCMIBObjects 3 } fsSecZoneBlockingVCEntry OBJECT-TYPE SYNTAX FSSecZoneBlockingVCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry contains blocking IPs ." INDEX { fsBockingContextNameVC , fsBockingIPVC } ::= { fsSecZoneBlockingVCTable 1 } FSSecZoneBlockingVCEntry ::= SEQUENCE {fsBockingContextNameVC DisplayString, fsBockingIPVC IpAddress, fsBockingCurrentStatusVC INTEGER, fsBockingTryAccessZoneNameVC DisplayString, fsBockingEntryStatusVC ConfigStatus } fsBockingContextNameVC OBJECT-TYPE SYNTAX DisplayString(SIZE (1..31)) MAX-ACCESS read-only STATUS current DESCRIPTION "context name of this entry." ::= { fsSecZoneBlockingVCEntry 1 } fsBockingIPVC OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "ip address of Blocking table.To clear all blocking IP use 0.0.0.0 " ::= { fsSecZoneBlockingVCEntry 2 } fsBockingCurrentStatusVC OBJECT-TYPE SYNTAX INTEGER{ globalblock (1), zoneblock(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "status of security zone access violation Blocking:globalblock(1),zoneblock(2)." ::= { fsSecZoneBlockingVCEntry 3 } fsBockingTryAccessZoneNameVC OBJECT-TYPE SYNTAX DisplayString(SIZE (0..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "Try access Zone name of blocking IP.It indicate that this doesn't match any Zone if this string is null" ::= { fsSecZoneBlockingVCEntry 4 } fsBockingEntryStatusVC OBJECT-TYPE SYNTAX ConfigStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Status of this entry, set its value to invalid (2)will delete this entry. set its value to valid(1)has no effect." ::= { fsSecZoneBlockingVCEntry 5 } -- compliance statements fsSecZoneVCMIBConformance OBJECT IDENTIFIER ::= { fsSecZoneVCMIB 3 } fsSecZoneVCMIBCompliances OBJECT IDENTIFIER ::= { fsSecZoneVCMIBConformance 1 } fsSecZoneVCMIBGroups OBJECT IDENTIFIER ::= { fsSecZoneVCMIBConformance 2 } fsSecZoneVCMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the security zone MIB for multiple context" MODULE -- this module MANDATORY-GROUPS { fsSecZoneVCMIBGroup } ::= { fsSecZoneVCMIBCompliances 1 } -- units of conformance fsSecZoneVCMIBGroup OBJECT-GROUP OBJECTS { fsSecZoneContextNameVC, fsSecZoneChainNameVC, fsSecZoneLevelVC, fsSecZoneAclNameVC, fsSecZoneViolationNotifyThreshVC, fsSecZoneViolationNotifyActionVC, fsSecZoneViolationBlockThreshVC, fsSecZoneViolationBlockActionVC, fsSecZoneViolationBlockTimeoutVC, fsSecZoneChainEntryStatusVC, fsZone2ZoneContextNameVC, fsZoneFirstNameVC, fsZoneSecondNameVC, fsZone2ZoneAclNameVC, fsZone2ZoneEntryStautsVC, fsBockingContextNameVC , fsBockingIPVC, fsBockingCurrentStatusVC, fsBockingTryAccessZoneNameVC, fsBockingEntryStatusVC } STATUS current DESCRIPTION "A collection of objects providing Security Zone management and opertion to a My agent." ::= { fsSecZoneVCMIBGroups 1 } -- END