-- ***************************************************************** -- QTECH-SECZONE-MIB.mib: Qtech security zone MIB file -- -- March 2009, rendh -- -- Copyright (c) 2009 by Qtech Networks Co.,Ltd. -- All rights reserved. -- -- ***************************************************************** -- QTECH-SECZONE-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, IpAddress, Integer32 FROM SNMPv2-SMI DisplayString, RowStatus FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF ConfigStatus FROM QTECH-TC qtechMgmt FROM QTECH-SMI; qtechSecZoneMIB MODULE-IDENTITY LAST-UPDATED "200908110000Z" ORGANIZATION "Qtech Networks Co.,Ltd." CONTACT-INFO " Tel: 4008-111-000 E-mail: service@qtech.com.cn" DESCRIPTION "This module defines my Security Zone mibs." REVISION "200908110000Z" DESCRIPTION "Initial version of this MIB module." ::= { qtechMgmt 54} qtechSecZoneMIBObjects OBJECT IDENTIFIER ::= { qtechSecZoneMIB 1 } -- ***************************************************************************************** -- define Security Zone chain -- ***************************************************************************************** qtechSecZoneChainTable OBJECT-TYPE SYNTAX SEQUENCE OF QtechSecZoneChainEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of Security Zone Chain entries." ::= { qtechSecZoneMIBObjects 1 } qtechSecZoneChainEntry OBJECT-TYPE SYNTAX QtechSecZoneChainEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry contains chain name and level." INDEX { qtechSecZoneChainName } ::= { qtechSecZoneChainTable 1 } QtechSecZoneChainEntry ::= SEQUENCE { qtechSecZoneChainName DisplayString, qtechSecZoneLevel INTEGER, qtechSecZoneAclName DisplayString, qtechSecZoneViolationNotifyThresh INTEGER, qtechSecZoneViolationNotifyAction INTEGER, qtechSecZoneViolationBlockThresh INTEGER, qtechSecZoneViolationBlockAction INTEGER, qtechSecZoneViolationBlockTimeout INTEGER, qtechSecZoneChainEntryStatus RowStatus } qtechSecZoneChainName OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "security zone chain name of this entry.This value is unique for every entry When this string be used as an index,Value of a sub-identifier equal ASCII value of corresponding character(first sub-identifier corresponds first character of string). The number of sub-identifiers of this string must be 32,If length of string is less than 32 the sub-identifier(0x0) will be filled in tail." ::= { qtechSecZoneChainEntry 1 } qtechSecZoneLevel OBJECT-TYPE SYNTAX INTEGER(0..100) MAX-ACCESS read-write STATUS current DESCRIPTION " Config level of this Seczone" ::= { qtechSecZoneChainEntry 2 } qtechSecZoneAclName OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "Access list name of security zone belong to. When this string be used as an index,Value of a sub-identifier equal ASCII value of corresponding character(first sub-identifier corresponds first character of string). The number of sub-identifiers of this string must be 32,If length of string is less than 32 the sub-identifier(0x0) will be filled in tail." ::= { qtechSecZoneChainEntry 3 } qtechSecZoneViolationNotifyThresh OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Threshold of security zone access violation . value 0 means no notify." ::= {qtechSecZoneChainEntry 4 } qtechSecZoneViolationNotifyAction OBJECT-TYPE SYNTAX INTEGER{ log(1), trap(2), logtrap(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action of security zone access violation Notify:log (1), trap (2) , log and trap(3)." ::= {qtechSecZoneChainEntry 5 } qtechSecZoneViolationBlockThresh OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Threshold of security zone access violation Blocking. value 0 means no block." ::= {qtechSecZoneChainEntry 6 } qtechSecZoneViolationBlockAction OBJECT-TYPE SYNTAX INTEGER{ globalblock (1), zoneblock(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action of security zone access violation Blocking:globalblock(1),zoneblock(2) ." ::= {qtechSecZoneChainEntry 7 } qtechSecZoneViolationBlockTimeout OBJECT-TYPE SYNTAX INTEGER (0..3600) MAX-ACCESS read-write STATUS current DESCRIPTION "Timeout of security zone access violation Blocking . value 0 means block permanently" ::= {qtechSecZoneChainEntry 8 } qtechSecZoneChainEntryStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Status of this entry, set its value to invalid will delete this entry. set its value to valid has no effect." ::= { qtechSecZoneChainEntry 9 } -- ***************************************************************************************** -- define zone to zone policy -- ***************************************************************************************** qtechSecZone2ZoneTable OBJECT-TYPE SYNTAX SEQUENCE OF QtechSecZone2ZoneEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of Two Security Zone entries." ::= { qtechSecZoneMIBObjects 2 } qtechSecZone2ZoneEntry OBJECT-TYPE SYNTAX QtechSecZone2ZoneEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry contains policy from one Zone to another Zone ." INDEX { qtechZoneFirstName ,qtechZoneSecondName,qtechZone2ZoneAclName } ::= { qtechSecZone2ZoneTable 1 } QtechSecZone2ZoneEntry ::= SEQUENCE { qtechZoneFirstName DisplayString, qtechZoneSecondName DisplayString, qtechZone2ZoneAclName DisplayString, qtechZone2ZoneEntryStauts RowStatus } qtechZoneFirstName OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "First zone name of this entry.This value is unique for every entry When this string be used as an index,Value of a sub-identifier equal ASCII value of corresponding character(first sub-identifier corresponds first character of string). The number of sub-identifiers of this string must be 32,If length of string is less than 32 the sub-identifier(0x0) will be filled in tail." ::= { qtechSecZone2ZoneEntry 1 } qtechZoneSecondName OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "Second zone name of this entry.This value is unique for every entry When this string be used as an index,Value of a sub-identifier equal ASCII value of corresponding character(first sub-identifier corresponds first character of string). The number of sub-identifiers of this string must be 32,If length of string is less than 32 the sub-identifier(0x0) will be filled in tail." ::= { qtechSecZone2ZoneEntry 2 } qtechZone2ZoneAclName OBJECT-TYPE SYNTAX DisplayString(SIZE (1..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "Key chain name of this entry.This value is unique for every entry When this string be used as an index,Value of a sub-identifier equal ASCII value of corresponding character(first sub-identifier corresponds first character of string). The number of sub-identifiers of this string must be 32,If length of string is less than 32 the sub-identifier(0x0) will be filled in tail." ::= { qtechSecZone2ZoneEntry 3 } qtechZone2ZoneEntryStauts OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "entry status for this list." ::= { qtechSecZone2ZoneEntry 4 } -- ***************************************************************************************** -- blocking ip table -- ***************************************************************************************** qtechSecZoneBlockingTable OBJECT-TYPE SYNTAX SEQUENCE OF QtechSecZoneBlockingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of IP blocking entries." ::= { qtechSecZoneMIBObjects 3 } qtechSecZoneBlockingEntry OBJECT-TYPE SYNTAX QtechSecZoneBlockingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry contains blocking IP .value 0 mean all block IP for deleting all blocking IP" INDEX { qtechBockingIP } ::= { qtechSecZoneBlockingTable 1 } QtechSecZoneBlockingEntry ::= SEQUENCE { qtechBockingIP IpAddress , qtechBockingCurrentStatus INTEGER , qtechBockingTryAccessZoneName DisplayString, qtechBockingEntryStatus ConfigStatus } qtechBockingIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "ip address of Blocking table. " ::= { qtechSecZoneBlockingEntry 1 } qtechBockingCurrentStatus OBJECT-TYPE SYNTAX INTEGER{ globalblock (1), zoneblock(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "status of security zone access violation Blocking:globalblock(1),zoneblock(2)." ::= { qtechSecZoneBlockingEntry 2 } qtechBockingTryAccessZoneName OBJECT-TYPE SYNTAX DisplayString(SIZE (0..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "Try access Zone name of blocking IP.It indicate that this doesn't match any Zone if this string is null" ::= { qtechSecZoneBlockingEntry 3 } qtechBockingEntryStatus OBJECT-TYPE SYNTAX ConfigStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Status of this entry, set its value to invalid (2)will delete this entry. set its value to valid(1)has no effect." ::= { qtechSecZoneBlockingEntry 4 } -- ***************************************************************************************** -- define Global Violation policy parameter -- ***************************************************************************************** qtechGlobalViolationNotifyThresh OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Threshold of Global parameter access violation . value 0 means no notify." ::= { qtechSecZoneMIBObjects 4 } qtechGlobalViolationNotifyAction OBJECT-TYPE SYNTAX INTEGER{ log(1), trap(2), logtrap(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action of Global parameter access violation Notify:log (1), trap (2) , log and trap(3)." ::= { qtechSecZoneMIBObjects 5 } qtechGlobalViolationBlockThresh OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Threshold of Global parameter access violation Blocking. value 0 means no block." ::= {qtechSecZoneMIBObjects 6 } qtechGlobalViolationBlockAction OBJECT-TYPE SYNTAX INTEGER{ globalblock (1), zoneblock(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action of Global parameter access violation Blocking:globalblock(1),zoneblock(2) ." ::= {qtechSecZoneMIBObjects 7 } qtechGlobalViolationBlockTimeout OBJECT-TYPE SYNTAX INTEGER (0..3600) MAX-ACCESS read-write STATUS current DESCRIPTION "Timeout of Global parameter access violation Blocking . value 0 means block permanently" ::= {qtechSecZoneMIBObjects 8 } -- ***************************************************************************************** -- trap define -- ***************************************************************************************** qtechSecZoneMIBTraps OBJECT IDENTIFIER ::= { qtechSecZoneMIB 2 } violationTime OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The time of packet violation. Used by trap." ::= { qtechSecZoneMIBObjects 9 } violationSrcIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The source IP address of packet violation. Used by trap." ::= { qtechSecZoneMIBObjects 10 } violationDestIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The dest IP address of packet violation. Used by trap." ::= { qtechSecZoneMIBObjects 11 } violationProtocol OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The protocol of packet violation. Used by trap." ::= { qtechSecZoneMIBObjects 12 } violationL4Key OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The tcp/udp port or icmp type&code of packet violation. Used by trap." ::= { qtechSecZoneMIBObjects 13 } qtechSecZoneViolationTrap NOTIFICATION-TYPE OBJECTS { violationTime, violationSrcIP, violationDestIP, violationProtocol, violationL4Key, qtechZoneFirstName, qtechZoneSecondName } STATUS current DESCRIPTION "Security zone access Violation trap." ::= { qtechSecZoneMIBTraps 1 } -- ***************************************************************************************** qtechSecZoneMIBConformance OBJECT IDENTIFIER ::= { qtechSecZoneMIB 3 } qtechSecZoneMIBCompliances OBJECT IDENTIFIER ::= { qtechSecZoneMIBConformance 1 } qtechSecZoneMIBGroups OBJECT IDENTIFIER ::= { qtechSecZoneMIBConformance 2 } -- compliance statements qtechSecZoneMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the Qtech SecZone MIB" MODULE -- this module MANDATORY-GROUPS { qtechSecZoneMIBGroup, qtechSecZoneNotifObjectsGroup, qtechSecZoneNotificationsGroup } ::= { qtechSecZoneMIBCompliances 1 } -- units of conformance qtechSecZoneMIBGroup OBJECT-GROUP OBJECTS { qtechSecZoneChainName, qtechSecZoneLevel, qtechSecZoneAclName, qtechSecZoneViolationNotifyThresh, qtechSecZoneViolationNotifyAction, qtechSecZoneViolationBlockThresh, qtechSecZoneViolationBlockAction, qtechSecZoneViolationBlockTimeout, qtechSecZoneChainEntryStatus, qtechZoneFirstName, qtechZoneSecondName, qtechZone2ZoneAclName, qtechZone2ZoneEntryStauts, qtechBockingIP, qtechBockingCurrentStatus, qtechBockingTryAccessZoneName, qtechBockingEntryStatus, qtechGlobalViolationNotifyThresh, qtechGlobalViolationNotifyAction, qtechGlobalViolationBlockThresh, qtechGlobalViolationBlockAction, qtechGlobalViolationBlockTimeout } STATUS current DESCRIPTION "A collection of objects providing seczone managment." ::= { qtechSecZoneMIBGroups 1 } qtechSecZoneNotifObjectsGroup OBJECT-GROUP OBJECTS { violationTime, violationSrcIP, violationDestIP, violationProtocol, violationL4Key } STATUS current DESCRIPTION "A collection of objects that specify information for TRIP notifications." ::= { qtechSecZoneMIBGroups 2 } qtechSecZoneNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { qtechSecZoneViolationTrap } STATUS current DESCRIPTION "A collection of security zone access Violation traps." ::= { qtechSecZoneMIBGroups 3 } END