-- ***************************************************************** -- FS-SECZONE-MIB.mib: FS security zone MIB file -- -- March 2009, rendh -- -- Copyright (c) 2009 by FS.COM Inc.. -- All rights reserved. -- -- ***************************************************************** -- FS-SECZONE-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, IpAddress, Integer32 FROM SNMPv2-SMI DisplayString, RowStatus FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF ConfigStatus FROM FS-TC fsMgmt FROM FS-SMI; fsSecZoneMIB MODULE-IDENTITY LAST-UPDATED "200908110000Z" ORGANIZATION "FS.COM Inc.." CONTACT-INFO " Tel: 400-865-2852 E-mail: https://www.fs.com/live_chat_service_mail.html" DESCRIPTION "This module defines my Security Zone mibs." REVISION "200908110000Z" DESCRIPTION "Initial version of this MIB module." ::= { fsMgmt 54} fsSecZoneMIBObjects OBJECT IDENTIFIER ::= { fsSecZoneMIB 1 } -- ***************************************************************************************** -- define Security Zone chain -- ***************************************************************************************** fsSecZoneChainTable OBJECT-TYPE SYNTAX SEQUENCE OF FSSecZoneChainEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of Security Zone Chain entries." ::= { fsSecZoneMIBObjects 1 } fsSecZoneChainEntry OBJECT-TYPE SYNTAX FSSecZoneChainEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry contains chain name and level." INDEX { fsSecZoneChainName } ::= { fsSecZoneChainTable 1 } FSSecZoneChainEntry ::= SEQUENCE { fsSecZoneChainName DisplayString, fsSecZoneLevel INTEGER, fsSecZoneAclName DisplayString, fsSecZoneViolationNotifyThresh INTEGER, fsSecZoneViolationNotifyAction INTEGER, fsSecZoneViolationBlockThresh INTEGER, fsSecZoneViolationBlockAction INTEGER, fsSecZoneViolationBlockTimeout INTEGER, fsSecZoneChainEntryStatus RowStatus } fsSecZoneChainName OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "security zone chain name of this entry.This value is unique for every entry When this string be used as an index,Value of a sub-identifier equal ASCII value of corresponding character(first sub-identifier corresponds first character of string). The number of sub-identifiers of this string must be 32,If length of string is less than 32 the sub-identifier(0x0) will be filled in tail." ::= { fsSecZoneChainEntry 1 } fsSecZoneLevel OBJECT-TYPE SYNTAX INTEGER(0..100) MAX-ACCESS read-write STATUS current DESCRIPTION " Config level of this Seczone" ::= { fsSecZoneChainEntry 2 } fsSecZoneAclName OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "Access list name of security zone belong to. When this string be used as an index,Value of a sub-identifier equal ASCII value of corresponding character(first sub-identifier corresponds first character of string). The number of sub-identifiers of this string must be 32,If length of string is less than 32 the sub-identifier(0x0) will be filled in tail." ::= { fsSecZoneChainEntry 3 } fsSecZoneViolationNotifyThresh OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Threshold of security zone access violation . value 0 means no notify." ::= {fsSecZoneChainEntry 4 } fsSecZoneViolationNotifyAction OBJECT-TYPE SYNTAX INTEGER{ log(1), trap(2), logtrap(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action of security zone access violation Notify:log (1), trap (2) , log and trap(3)." ::= {fsSecZoneChainEntry 5 } fsSecZoneViolationBlockThresh OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Threshold of security zone access violation Blocking. value 0 means no block." ::= {fsSecZoneChainEntry 6 } fsSecZoneViolationBlockAction OBJECT-TYPE SYNTAX INTEGER{ globalblock (1), zoneblock(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action of security zone access violation Blocking:globalblock(1),zoneblock(2) ." ::= {fsSecZoneChainEntry 7 } fsSecZoneViolationBlockTimeout OBJECT-TYPE SYNTAX INTEGER (0..3600) MAX-ACCESS read-write STATUS current DESCRIPTION "Timeout of security zone access violation Blocking . value 0 means block permanently" ::= {fsSecZoneChainEntry 8 } fsSecZoneChainEntryStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Status of this entry, set its value to invalid will delete this entry. set its value to valid has no effect." ::= { fsSecZoneChainEntry 9 } -- ***************************************************************************************** -- define zone to zone policy -- ***************************************************************************************** fsSecZone2ZoneTable OBJECT-TYPE SYNTAX SEQUENCE OF FSSecZone2ZoneEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of Two Security Zone entries." ::= { fsSecZoneMIBObjects 2 } fsSecZone2ZoneEntry OBJECT-TYPE SYNTAX FSSecZone2ZoneEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry contains policy from one Zone to another Zone ." INDEX { fsZoneFirstName ,fsZoneSecondName,fsZone2ZoneAclName } ::= { fsSecZone2ZoneTable 1 } FSSecZone2ZoneEntry ::= SEQUENCE { fsZoneFirstName DisplayString, fsZoneSecondName DisplayString, fsZone2ZoneAclName DisplayString, fsZone2ZoneEntryStauts RowStatus } fsZoneFirstName OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "First zone name of this entry.This value is unique for every entry When this string be used as an index,Value of a sub-identifier equal ASCII value of corresponding character(first sub-identifier corresponds first character of string). The number of sub-identifiers of this string must be 32,If length of string is less than 32 the sub-identifier(0x0) will be filled in tail." ::= { fsSecZone2ZoneEntry 1 } fsZoneSecondName OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "Second zone name of this entry.This value is unique for every entry When this string be used as an index,Value of a sub-identifier equal ASCII value of corresponding character(first sub-identifier corresponds first character of string). The number of sub-identifiers of this string must be 32,If length of string is less than 32 the sub-identifier(0x0) will be filled in tail." ::= { fsSecZone2ZoneEntry 2 } fsZone2ZoneAclName OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "Key chain name of this entry.This value is unique for every entry When this string be used as an index,Value of a sub-identifier equal ASCII value of corresponding character(first sub-identifier corresponds first character of string). The number of sub-identifiers of this string must be 32,If length of string is less than 32 the sub-identifier(0x0) will be filled in tail." ::= { fsSecZone2ZoneEntry 3 } fsZone2ZoneEntryStauts OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "entry status for this list." ::= { fsSecZone2ZoneEntry 4 } -- ***************************************************************************************** -- blocking ip table -- ***************************************************************************************** fsSecZoneBlockingTable OBJECT-TYPE SYNTAX SEQUENCE OF FSSecZoneBlockingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of IP blocking entries." ::= { fsSecZoneMIBObjects 3 } fsSecZoneBlockingEntry OBJECT-TYPE SYNTAX FSSecZoneBlockingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry contains blocking IP .value 0 mean all block IP for deleting all blocking IP" INDEX { fsBockingIP } ::= { fsSecZoneBlockingTable 1 } FSSecZoneBlockingEntry ::= SEQUENCE { fsBockingIP IpAddress , fsBockingCurrentStatus INTEGER , fsBockingTryAccessZoneName DisplayString, fsBockingEntryStatus ConfigStatus } fsBockingIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "ip address of Blocking table. " ::= { fsSecZoneBlockingEntry 1 } fsBockingCurrentStatus OBJECT-TYPE SYNTAX INTEGER{ globalblock (1), zoneblock(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "status of security zone access violation Blocking:globalblock(1),zoneblock(2)." ::= { fsSecZoneBlockingEntry 2 } fsBockingTryAccessZoneName OBJECT-TYPE SYNTAX DisplayString(SIZE (0..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "Try access Zone name of blocking IP.It indicate that this doesn't match any Zone if this string is null" ::= { fsSecZoneBlockingEntry 3 } fsBockingEntryStatus OBJECT-TYPE SYNTAX ConfigStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Status of this entry, set its value to invalid (2)will delete this entry. set its value to valid(1)has no effect." ::= { fsSecZoneBlockingEntry 4 } -- ***************************************************************************************** -- define Global Violation policy parameter -- ***************************************************************************************** fsGlobalViolationNotifyThresh OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Threshold of Global parameter access violation . value 0 means no notify." ::= { fsSecZoneMIBObjects 4 } fsGlobalViolationNotifyAction OBJECT-TYPE SYNTAX INTEGER{ log(1), trap(2), logtrap(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action of Global parameter access violation Notify:log (1), trap (2) , log and trap(3)." ::= { fsSecZoneMIBObjects 5 } fsGlobalViolationBlockThresh OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Threshold of Global parameter access violation Blocking. value 0 means no block." ::= {fsSecZoneMIBObjects 6 } fsGlobalViolationBlockAction OBJECT-TYPE SYNTAX INTEGER{ globalblock (1), zoneblock(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action of Global parameter access violation Blocking:globalblock(1),zoneblock(2) ." ::= {fsSecZoneMIBObjects 7 } fsGlobalViolationBlockTimeout OBJECT-TYPE SYNTAX INTEGER (0..3600) MAX-ACCESS read-write STATUS current DESCRIPTION "Timeout of Global parameter access violation Blocking . value 0 means block permanently" ::= {fsSecZoneMIBObjects 8 } -- ***************************************************************************************** -- trap define -- ***************************************************************************************** fsSecZoneMIBTraps OBJECT IDENTIFIER ::= { fsSecZoneMIB 2 } violationTime OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The time of packet violation. Used by trap." ::= { fsSecZoneMIBObjects 9 } violationSrcIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The source IP address of packet violation. Used by trap." ::= { fsSecZoneMIBObjects 10 } violationDestIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The dest IP address of packet violation. Used by trap." ::= { fsSecZoneMIBObjects 11 } violationProtocol OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The protocol of packet violation. Used by trap." ::= { fsSecZoneMIBObjects 12 } violationL4Key OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The tcp/udp port or icmp type&code of packet violation. Used by trap." ::= { fsSecZoneMIBObjects 13 } fsSecZoneViolationTrap NOTIFICATION-TYPE OBJECTS { violationTime, violationSrcIP, violationDestIP, violationProtocol, violationL4Key, fsZoneFirstName, fsZoneSecondName } STATUS current DESCRIPTION "Security zone access Violation trap." ::= { fsSecZoneMIBTraps 1 } -- ***************************************************************************************** fsSecZoneMIBConformance OBJECT IDENTIFIER ::= { fsSecZoneMIB 3 } fsSecZoneMIBCompliances OBJECT IDENTIFIER ::= { fsSecZoneMIBConformance 1 } fsSecZoneMIBGroups OBJECT IDENTIFIER ::= { fsSecZoneMIBConformance 2 } -- compliance statements fsSecZoneMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the FS SecZone MIB" MODULE -- this module MANDATORY-GROUPS { fsSecZoneMIBGroup, fsSecZoneNotifObjectsGroup, fsSecZoneNotificationsGroup } ::= { fsSecZoneMIBCompliances 1 } -- units of conformance fsSecZoneMIBGroup OBJECT-GROUP OBJECTS { fsSecZoneChainName, fsSecZoneLevel, fsSecZoneAclName, fsSecZoneViolationNotifyThresh, fsSecZoneViolationNotifyAction, fsSecZoneViolationBlockThresh, fsSecZoneViolationBlockAction, fsSecZoneViolationBlockTimeout, fsSecZoneChainEntryStatus, fsZoneFirstName, fsZoneSecondName, fsZone2ZoneAclName, fsZone2ZoneEntryStauts, fsBockingIP, fsBockingCurrentStatus, fsBockingTryAccessZoneName, fsBockingEntryStatus, fsGlobalViolationNotifyThresh, fsGlobalViolationNotifyAction, fsGlobalViolationBlockThresh, fsGlobalViolationBlockAction, fsGlobalViolationBlockTimeout } STATUS current DESCRIPTION "A collection of objects providing seczone managment." ::= { fsSecZoneMIBGroups 1 } fsSecZoneNotifObjectsGroup OBJECT-GROUP OBJECTS { violationTime, violationSrcIP, violationDestIP, violationProtocol, violationL4Key } STATUS current DESCRIPTION "A collection of objects that specify information for TRIP notifications." ::= { fsSecZoneMIBGroups 2 } fsSecZoneNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { fsSecZoneViolationTrap } STATUS current DESCRIPTION "A collection of security zone access Violation traps." ::= { fsSecZoneMIBGroups 3 } END