WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/hirschmann/HM2-FW-MIB

5659 lines
187 KiB
Plaintext
Raw Permalink Blame History

--******************************************************************************
-- HM-FW-MIB: Managed objects for
--
-- May 2011
--
-- Copyright (c) Hirschmann Automation & Control GmbH 2011
--******************************************************************************
HM2-FW-MIB DEFINITIONS ::= BEGIN
IMPORTS
OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-IDENTITY,
Integer32, Unsigned32, Counter64
FROM SNMPv2-SMI
RowStatus, DisplayString, TruthValue, MacAddress
FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB
InterfaceIndex
FROM IF-MIB
hm2ConfigurationMibs, HmActionValue, HmTimeSeconds1970, HmEnabledStatus,
HmLargeDisplayString, HmExtraLargeDisplayString
FROM HM2-TC-MIB
AclBurstSize
FROM HM2-PLATFORM-QOS-ACL-MIB
EtypeValue
FROM HM2-PLATFORM-QOS-ACL-MIB;
hm2FwMib MODULE-IDENTITY
LAST-UPDATED "201109130000Z"
ORGANIZATION "Hirschmann Automation and Control GmbH"
CONTACT-INFO
"Postal: Stuttgarter Str. 45-51
72654 Neckartenzlingen
Germany
Phone: +49 - 7127 -14 -0
E-mail: hac.support@belden.com"
DESCRIPTION
"SNMP interface for Hirschmann Firewall modules.
Copyright (C) "
REVISION "202005260000Z" -- May 26, 2020
DESCRIPTION
"- Added Table for Intrusion Detection System"
REVISION "201109130000Z" -- Sep 13, 2011
DESCRIPTION
"- Modified Interface Mapping Table for L3 and DynFw
- Use HmActionValue instead of TruthValue
"
REVISION "201107010000Z" -- July 1, 2011
DESCRIPTION
"- Modifications to address representation
"
REVISION "201106140000Z" -- June 14, 2011
DESCRIPTION
"- Restructured IF mapping tables
- Added variable for pending actions"
REVISION "201105310000Z" -- May 31, 2011
DESCRIPTION
"Initial version."
::= { hm2ConfigurationMibs 79 }
EnipClassId ::= TEXTUAL-CONVENTION
DISPLAY-HINT "x"
STATUS current
DESCRIPTION
"Class ID value of an ENIP Class Object.
The allowed value is 0x00 to 0xFFFFFFFF."
SYNTAX Unsigned32 -- hex value 0x00 to 0xFFFFFFFF
hm2FwNotifications OBJECT IDENTIFIER ::= { hm2FwMib 0 }
hm2FwObjects OBJECT IDENTIFIER ::= { hm2FwMib 1 }
hm2FwConformance OBJECT IDENTIFIER ::= { hm2FwMib 2 }
hm2FwSNMPExtensionGroup OBJECT IDENTIFIER ::= { hm2FwMib 3 }
hm2FwGeneralSettings OBJECT IDENTIFIER ::= { hm2FwObjects 1 }
hm2DynFw OBJECT IDENTIFIER ::= { hm2FwObjects 2 }
hm2L3Fw OBJECT IDENTIFIER ::= { hm2FwObjects 3 }
hm2FwLearningMode OBJECT IDENTIFIER ::= { hm2FwObjects 4 }
hm2FwIdsGroup OBJECT IDENTIFIER ::= { hm2FwObjects 5 }
hm2L2FwGroup OBJECT IDENTIFIER ::= { hm2FwObjects 6 }
hm2FwAssetMgmtGroup OBJECT IDENTIFIER ::= { hm2FwObjects 7 }
--******************************************************************************
-- General Settings Objects
--******************************************************************************
hm2DynFwMaxRules OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Maximum number of allowed rules for dynamic firewalling."
::= { hm2FwGeneralSettings 1 }
hm2L3MaxRules OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Maximum number of allowed rules for L3 firewalling."
::= { hm2FwGeneralSettings 2 }
hm2ResetStatistics OBJECT-TYPE
SYNTAX HmActionValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this value to action(2) will reset the statistics of the
whole firewall module. It will be set to noop(1) automatically
after reset."
::= { hm2FwGeneralSettings 3 }
hm2FlushTables OBJECT-TYPE
SYNTAX HmActionValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this value to action(2) will flush all connection tracking states.
It will be set to noop(1) automatically after table flush."
::= { hm2FwGeneralSettings 4 }
hm2DefaultPolicy OBJECT-TYPE
SYNTAX INTEGER {
accept(1),
drop(2),
reject(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The default policy for forwarding packets:
o accept(1): Packets matching this rule are accepted and will
be forwarded
o drop(2): Packets matching this rule will be silently
discarded
o reject(3): Packets matching this rule will be dropped and
the originator gets informed by an ICMP message"
DEFVAL { accept }
::= { hm2FwGeneralSettings 5 }
hm2ConnTrackValidateCheckSum OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This value describes, whether the Firewall connection tracking
in the Linux kernel shall validate the protocol checksums.
Disable this validation (false) improves routing throughput."
DEFVAL { true }
::={ hm2FwGeneralSettings 6 }
--******************************************************************************
-- Dynamic Firewall
--******************************************************************************
hm2DynFwRuleAppliedTrap NOTIFICATION-TYPE
OBJECTS { hm2DynFwRuleIndex }
STATUS current
DESCRIPTION
"A rule of the dynamic firewall was applied. The rule is
identified by the given rule index of the rule table."
::= { hm2FwNotifications 1 }
hm2DynFwRuleAppliedAndLoggedTrap NOTIFICATION-TYPE
OBJECTS { hm2DynFwRuleIndex }
STATUS current
DESCRIPTION
"A rule of the dynamic firewall was applied and logged according to
the current logging mechanism. The rule is identified by the
given rule index of the rule table."
::= { hm2FwNotifications 2 }
hm2DynFwRuleObjects OBJECT IDENTIFIER ::= { hm2DynFw 1 }
hm2DynFwRuleCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of current dynamic firewalls rules"
::= { hm2DynFwRuleObjects 1 }
hm2DynFwIfMappingRuleCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of current DynFw IF mapping entries."
::={ hm2DynFwRuleObjects 2 }
hm2DynFwRulePendingActions OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value describes, whether the DynFW rule table was modified
but not yet written to the firewall implementation (set to
true). After writing all modifications to the firewall, the
value switches automatically back to false."
DEFVAL { false }
::={ hm2DynFwRuleObjects 3 }
hm2DynFwCommitPendingActions OBJECT-TYPE
SYNTAX HmActionValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this value to action(2) writes not yet committed changes
to the firewall (DynFW and Interface Mapping Table). After
writing all modifications, the value switches automatically
back to noop(1)."
DEFVAL { noop }
::={ hm2DynFwRuleObjects 4 }
hm2DynFwRuleTables OBJECT IDENTIFIER ::= { hm2DynFw 2 }
hm2DynFwRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2DynFwRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The list of rules for this dynamic firewall"
::= { hm2DynFwRuleTables 1 }
hm2DynFwRuleEntry OBJECT-TYPE
SYNTAX Hm2DynFwRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Dynamic firewall rule entry."
INDEX { hm2DynFwRuleIndex }
::= { hm2DynFwRuleTable 1 }
Hm2DynFwRuleEntry ::=
SEQUENCE {
hm2DynFwRuleIndex Integer32,
hm2DynFwSourceAddress DisplayString,
hm2DynFwSourcePort DisplayString,
hm2DynFwTargetAddress DisplayString,
hm2DynFwTargetPort DisplayString,
hm2DynFwProto INTEGER,
hm2DynFwRuleParams DisplayString,
hm2DynFwAction INTEGER,
hm2DynFwLog TruthValue,
hm2DynFwTrap TruthValue,
hm2DynFwRowStatus RowStatus,
hm2DynFwDescription DisplayString
}
hm2DynFwRuleIndex OBJECT-TYPE
SYNTAX Integer32 ( 1..512 )
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Rule index of this dynamic firewall rule"
::= { hm2DynFwRuleEntry 1 }
hm2DynFwSourceAddress OBJECT-TYPE
SYNTAX DisplayString ( SIZE(1..20) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The source address of the packet to filter. Allowed formats are:
- keyword 'any'
- single address ('10.0.0.1')
- CIDR address range ('10.0.0.0/8')
- netobject ('$name')
"
DEFVAL { "any" }
::= { hm2DynFwRuleEntry 2 }
hm2DynFwSourcePort OBJECT-TYPE
SYNTAX DisplayString ( SIZE(1..50) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The source port of the packet to filter. Allowed formats are:
- keyword 'any'
- single port ('10')
- port range with first and last port separated by hyphen
('10-15')
- comma separated list of ports ('1235,25,123')
- combination of the points above ('10,25-30,125,1993')
The number of named ports (1 for each individual port, 2 for port
ranges) must not exceed 15.
"
DEFVAL { "any" }
::= { hm2DynFwRuleEntry 3 }
hm2DynFwTargetAddress OBJECT-TYPE
SYNTAX DisplayString ( SIZE(1..20) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The destination address of the packet to filter. Allowed formats are:
- keyword 'any'
- single address ('10.0.0.1')
- CIDR address range ('10.0.0.0/8')
- netobject ('$name')
"
DEFVAL { "any" }
::= { hm2DynFwRuleEntry 4 }
hm2DynFwTargetPort OBJECT-TYPE
SYNTAX DisplayString ( SIZE(1..50) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The destination port of the packet to filter. Allowed formats are:
- keyword 'any'
- single port ('10')
- port range with first and last port separated by hyphen
('10-15')
- comma separated list of ports ('1235,25,123')
- combination of the points above ('10,25-30,125,1993')
The number of named ports (1 for each individual port, 2 for port
ranges) must not exceed 15.
"
DEFVAL { "any" }
::= { hm2DynFwRuleEntry 5 }
hm2DynFwProto OBJECT-TYPE
SYNTAX INTEGER {
icmp(1),
igmp(2),
ipip(3),
tcp(4),
udp(5),
esp(6),
ah(7),
icmpv6(8),
any(9)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The IP protocol (RFC 791) for protocol-independent
filtering. The following values are currently
supported:
o icmp(1): internet control message protocol (RFC 792)
o igmp(2): internet group management protocol
o ipip(3): IP in IP tunnelling (RFC 1853)
o tcp(4): transmission control protocol (RFC 793)
o udp(5): user datagram protocol (RFC 768)
o esp(6): IPsec encapsulated security payload (RFC 2406)
o ah(7): IPsec authentication header (RFC 2402)
o icmpv6(8): internet control message protocol for IPv6
o any(9): apply to all protocols"
DEFVAL { any }
::= { hm2DynFwRuleEntry 6 }
hm2DynFwRuleParams OBJECT-TYPE
SYNTAX DisplayString ( SIZE(0..50) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Additional parameters to this rule as string.
A parameter has the syntax:
<param>=<val>
Parameters are separated by a comma.
If more than one value is given for a parameter, values are
separated by a |-sign
Following paramters are defined based on the different
protocols:
o icmp: type=<ICMP type> (specify ICMP type to filter)
code=<ICMP code> (specify ICMP code to filter)
o tcp: frag=<true/false> (apply to fragments)
flags=<SYN/ACK/FIN> (apply to packets with give flags
o udp/tcp: state=<new/rel/est> (apply to packets according
current state of connection>
o general: mac=<MAC> (specify source MAC address for this
rule)
"
::= { hm2DynFwRuleEntry 7 }
hm2DynFwAction OBJECT-TYPE
SYNTAX INTEGER { accept(1), drop(2), reject(3) }
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The action of the corresponding rule:
o accept(1): Packets matching this rule are accepted and will
be forwarded
o drop(2): Packets matching this rule will be silently
discarded
o reject(3): Packets matching this rule will be dropped and
the originator gets informed by an ICMP message"
::= { hm2DynFwRuleEntry 8 }
hm2DynFwLog OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to true if application of this rule shall be logged"
DEFVAL { false }
::={ hm2DynFwRuleEntry 9 }
hm2DynFwTrap OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to true if application of this rule shall send a trap."
DEFVAL { false }
::={ hm2DynFwRuleEntry 10 }
hm2DynFwRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is a standard row status value:
- active(1): The rule is active. Note that until committed, the rule
will not be applied.
- notInService(2): The rule is inactive because of user action.
- notReady(3): The rule is inactive because of agent action.
- createAndGo(4): Create the rule with default parameters
activated.
- createAndWait(5): Create the rule inactive.
- destroy(6): Delete the rule. You cannot delete a rule with
interface mappings to it."
::= { hm2DynFwRuleEntry 11 }
hm2DynFwDescription OBJECT-TYPE
SYNTAX DisplayString ( SIZE(0..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"User defined textual description related to this rule."
DEFVAL { "" }
::= { hm2DynFwRuleEntry 12 }
hm2DynFwRuleIfMappingTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2DynFwRuleIfMappingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table for mapping L3 rules to interfaces"
::={ hm2DynFwRuleTables 2 }
hm2DynFwRuleIfMappingEntry OBJECT-TYPE
SYNTAX Hm2DynFwRuleIfMappingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry in rule interface mapping table"
INDEX { hm2DynFwIfmInterface, hm2DynFwIfmDirection,
hm2DynFwIfmRuleIndex }
::={ hm2DynFwRuleIfMappingTable 1 }
Hm2DynFwRuleIfMappingEntry ::= SEQUENCE {
hm2DynFwIfmRuleIndex Integer32,
hm2DynFwIfmDirection INTEGER,
hm2DynFwIfmPriority Unsigned32,
hm2DynFwIfmInterface InterfaceIndex,
hm2DynFwIfmRowStatus RowStatus
}
hm2DynFwIfmRuleIndex OBJECT-TYPE
SYNTAX Integer32 (1..2048)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of the DynFw rule this mapping entry is assigned to.
The DynFw rule must exist before creation of mapping entry."
::={ hm2DynFwRuleIfMappingEntry 1 }
hm2DynFwIfmDirection OBJECT-TYPE
SYNTAX INTEGER {
ingress(1),
egress(2),
both(3)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Meanings:
- ingress(1): Apply this rule to packets arriving on this interface
- egress(2): Apply this rule to packets leaving from this interface
- both(3): Apply this rule to packets coming in and going out on this
interface.
If an ingress and an egress interface are given, this is taken to mean
that the rule shall apply to packets arriving on the ingress interface
AND to be leaving on the egress interface. A rule without ingress
interface matches on all packets going out to the egress interface
given, and vice versa."
::={ hm2DynFwRuleIfMappingEntry 2 }
hm2DynFwIfmPriority OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The priority is the sorting key for rules in to this interface. They
don't need to be unique, but no clear order can be assumed among rules
with the same priority.
Priorities are processed in ascending order (0 highest priority)."
::={ hm2DynFwRuleIfMappingEntry 3 }
hm2DynFwIfmInterface OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The interface this mapping entry is applied to. This has to be either
an hm2AgentSwitchIpInterfaceIfIndex or an hm2AgentSwitchIpVlanIfIndex.
Note that for physical interfaces this only works if the corresponding
hm2AgentSwitchIpInterfaceRoutingMode is set to enable."
::={ hm2DynFwRuleIfMappingEntry 4 }
hm2DynFwIfmRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The RowStatus value for this entry with the usual meanings:
- active(1): The interface mapping is in place
- notInService(2): The interface mapping is not in place because the
user said so
- notReady(3): The interface mapping is not in place because the
agent said so
- createAndGo(4): Create this mapping with the default priority and
activate it.
- createAndWait(5): Create this mapping deactivated.
- destroy(6): Destroy this interface mapping."
::={ hm2DynFwRuleIfMappingEntry 5 }
hm2DynFwStats OBJECT IDENTIFIER ::={ hm2DynFw 4 }
hm2DynFwGeneralStats OBJECT IDENTIFIER ::={ hm2DynFwStats 1 }
hm2DynFwStatsTtPck OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of packets processed by the dynamic firewall"
::= { hm2DynFwGeneralStats 1 }
hm2DynFwStatsTtPckSize OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of bytes processed by the dynamic firewall"
::= { hm2DynFwGeneralStats 2 }
hm2DynFwStatsTtPckDenDrop OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of packets dropped or denied by the dynamic
firewall"
::={ hm2DynFwGeneralStats 3 }
hm2DynFwStatsTtPckAccepted OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of packets accepted by the dynamic firewall"
::={ hm2DynFwGeneralStats 4 }
hm2DynFwStatsTables OBJECT IDENTIFIER ::= { hm2DynFwStats 2 }
hm2DynFwStatsRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2DynFwStatsRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of per-rule statistics of the dynamic firewall"
::= { hm2DynFwStatsTables 1 }
hm2DynFwStatsRuleEntry OBJECT-TYPE
SYNTAX Hm2DynFwStatsRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Statistics table entry for the dynamic firewall"
INDEX { hm2DynFwRuleIndex }
::={ hm2DynFwStatsRuleTable 1 }
Hm2DynFwStatsRuleEntry ::= SEQUENCE {
hm2DynFwStatsPacketCount Counter64,
hm2DynFwStatsPacketSize Counter64,
hm2DynFwStatsLastApplied HmTimeSeconds1970
}
hm2DynFwStatsPacketCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets matched by this rule"
::={ hm2DynFwStatsRuleEntry 1 }
hm2DynFwStatsPacketSize OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of bytes processed by this rule"
::={ hm2DynFwStatsRuleEntry 2 }
hm2DynFwStatsLastApplied OBJECT-TYPE
SYNTAX HmTimeSeconds1970
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Local system time (hm2SystemLocalTime) when the rule was applied the last time"
::={ hm2DynFwStatsRuleEntry 3 }
--******************************************************************************
-- L3 Firewall
--******************************************************************************
hm2L3RuleAppliedTrap NOTIFICATION-TYPE
OBJECTS { hm2L3RuleIndex }
STATUS current
DESCRIPTION
"A rule of the L3 firewall was applied. The rule is
identified by the given rule index of the rule table."
::= { hm2FwNotifications 3 }
hm2L3RuleAppliedAndLoggedTrap NOTIFICATION-TYPE
OBJECTS { hm2L3RuleIndex }
STATUS current
DESCRIPTION
"A rule of the L3 firewall was applied and logged according
the current logging mechanism. The rule is identified by the
given rule index of the rule table."
::= { hm2FwNotifications 4 }
hm2L3RuleObjects OBJECT IDENTIFIER ::= { hm2L3Fw 1 }
hm2L3RuleCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of current L3 rules"
::= { hm2L3RuleObjects 1 }
hm2L3IfMappingRuleCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of current L3 IF mapping entries."
::={ hm2L3RuleObjects 2 }
hm2L3RulePendingActions OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value describes, whether the L3 rule table was modified
but not yet written to the firewall implementation (set to
true). After writing all modifications to the firewall, the
value switches automatically back to false."
DEFVAL { false }
::={ hm2L3RuleObjects 3 }
hm2L3CommitPendingActions OBJECT-TYPE
SYNTAX HmActionValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this value to action(2) writes not yet committed changes
to the firewall (L3 and Interface Mapping Table). After writing
all modifications, the value switches automatically back to
noop(1)."
DEFVAL { noop }
::={ hm2L3RuleObjects 4 }
hm2L3RuleTables OBJECT IDENTIFIER ::= { hm2L3Fw 2 }
hm2L3RuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2L3RuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The list of L3 rules for this firewall"
::= { hm2L3RuleTables 1 }
hm2L3RuleEntry OBJECT-TYPE
SYNTAX Hm2L3RuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"L3 rule entry."
INDEX { hm2L3RuleIndex }
::= { hm2L3RuleTable 1 }
Hm2L3RuleEntry ::=
SEQUENCE {
hm2L3RuleIndex Integer32,
hm2L3SourceAddress DisplayString,
hm2L3SourcePort DisplayString,
hm2L3TargetAddress DisplayString,
hm2L3TargetPort DisplayString,
hm2L3Proto INTEGER,
hm2L3RuleParams DisplayString,
hm2L3Action INTEGER,
hm2L3Log TruthValue,
hm2L3Trap TruthValue,
hm2L3RowStatus RowStatus,
hm2L3Description DisplayString,
hm2DPIProfileIndex Integer32,
hm2L3ProtoName DisplayString,
hm2L3AppRuleName DisplayString
}
hm2L3RuleIndex OBJECT-TYPE
SYNTAX Integer32 ( 1..2048 )
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Rule index of this L3 rule"
::= { hm2L3RuleEntry 1 }
hm2L3SourceAddress OBJECT-TYPE
SYNTAX DisplayString ( SIZE(1..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The source address of the packet to filter. Allowed formats are:
- keyword 'any'
- single address ('10.0.0.1')
- CIDR address range ('10.0.0.0/8')
- Asset name from hm2AssetTable
- netobject ('$name')
- a prepending '!' selects the complement set
"
DEFVAL { "any" }
::= { hm2L3RuleEntry 2 }
hm2L3SourcePort OBJECT-TYPE
SYNTAX DisplayString ( SIZE(1..128) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The source port of the packet to reroute. Allowed formats are:
- keyword 'any'
- single port ('10')
- port range with first and last port separated by hyphen
('10-15')
- comma separated list of ports ('1235,25,123')
- combination of the points above ('10,25-30,125,1993')
The number of named ports (1 for each individual port, 2 for port
ranges) must not exceed 15.
"
DEFVAL { "any" }
::= { hm2L3RuleEntry 3 }
hm2L3TargetAddress OBJECT-TYPE
SYNTAX DisplayString ( SIZE(1..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The destination address of the packet to filter. Allowed formats are:
- keyword 'any'
- single address ('10.0.0.1')
- CIDR address range ('10.0.0.0/8')
- Asset name from hm2AssetTable
- netobject ('$name')
"
DEFVAL { "any" }
::= { hm2L3RuleEntry 4 }
hm2L3TargetPort OBJECT-TYPE
SYNTAX DisplayString ( SIZE(1..128) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The destination port of the packet to. Allowed formats are:
- keyword 'any'
- single port ('10')
- port range with first and last port separated by hyphen
('10-15')
- comma separated list of ports ('1235,25,123')
- combination of the points above ('10,25-30,125,1993')
The number of named ports (1 for each individual port, 2 for port
ranges) must not exceed 15.
"
DEFVAL { "any" }
::= { hm2L3RuleEntry 5 }
hm2L3Proto OBJECT-TYPE
SYNTAX INTEGER {
icmp(1),
igmp(2),
ipip(3),
tcp(4),
udp(5),
esp(6),
ah(7),
icmpv6(8),
any(9)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The IP protocol (RFC 791) for protocol-independent
filtering. The following values are currently
supported:
o icmp(1): internet control message protocol (RFC 792)
o igmp(2): internet group management protocol
o ipip(3): IP in IP tunnelling (RFC 1853)
o tcp(4): transmission control protocol (RFC 793)
o udp(5): user datagram protocol (RFC 768)
o esp(6): IPsec encapsulated security payload (RFC 2406)
o ah(7): IPsec authentication header (RFC 2402)
o icmpv6(8): internet control message protocol for IPv6
o any(9): apply to all protocols"
DEFVAL { any }
::= { hm2L3RuleEntry 6 }
hm2L3RuleParams OBJECT-TYPE
SYNTAX DisplayString ( SIZE(0..50) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Additional parameters to this rule as string.
A parameter has the syntax:
<param>=<val>
Parameters are separated by a comma.
If more than one value is given for a parameter, values are
separated by a |-sign (pipe).
Following parameters are defined based on the different
protocols:
o icmp: type=<ICMP type> (specify ICMP type to filter)
code=<ICMP code> (specify ICMP code to filter)
o tcp: flags=<SYN/ACK/FIN> (apply to packets with given flags)
o general: state=<new/rel/est> (apply to packets according to
current state of connection>)
mac=<MAC> (specify source MAC address for this rule)
frag=<true/false> (apply to fragments)
"
::= { hm2L3RuleEntry 7 }
hm2L3Action OBJECT-TYPE
SYNTAX INTEGER {
accept(1),
drop(2),
reject(3),
enforce-modbus(4),
enforce-opc(5),
enforce-iec104(6),
enforce-ethernetip(7),
enforce-dnp3(8)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The action of the corresponding rule:
o accept(1): Packets matching this rule are accepted and will
be forwarded
o drop(2): Packets matching this rule will be silently
discarded
o reject(3): Packets matching this rule will be dropped and
the originator gets informed by an ICMP message
o enforce-modbus(4): Packets matching this rule are enforced by
modbus enforcer and will be forwarded or discarded.
The selected protocol should be tcp or udp
o enforce-opc(5): Packets matching this rule are enforced by
opc enforcer and will be forwarded or discarded.
The selected protocol should be tcp
o enforce-iec104(6): Packets matching this rule are enforced by
IEC104 enforcer and will be forwarded or discarded.
The selected protocol should be tcp
o enforce-ethernetip(7): Packets matching this rule are enforced by
EtherNet/IP enforcer and will be forwarded or discarded.
The selected protocol should be tcp
o enforce-dnp3(8): Packets matching this rule are enforced by
dnp3 enforcer and will be forwarded or discarded.
The selected protocol should be tcp"
::= { hm2L3RuleEntry 8 }
hm2L3Log OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to true if application of this rule shall be logged"
DEFVAL { false }
::={ hm2L3RuleEntry 9 }
hm2L3Trap OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to true if application of this rule shall send a trap."
DEFVAL { false }
::={ hm2L3RuleEntry 10 }
hm2L3RowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is a standard row status value:
- active(1): The rule is active. Note that until committed, the rule
will not be applied. You cannot activate the rule
if an enforcer mappings to an inactive profile.
- notInService(2): The rule is inactive because of user action.
- notReady(3): The rule is inactive because of agent action.
- createAndGo(4): Create the rule with default parameters
activated.
- createAndWait(5): Create the rule inactive.
- destroy(6): Delete the rule. You cannot delete a rule with
interface mappings to it."
::= { hm2L3RuleEntry 11 }
hm2L3Description OBJECT-TYPE
SYNTAX DisplayString ( SIZE(0..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"User defined textual description related to this rule."
DEFVAL { "" }
::= { hm2L3RuleEntry 12 }
hm2DPIProfileIndex OBJECT-TYPE
SYNTAX Integer32 (0..32)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The index of the DPI profile this rule is assigned to
depending on enforcer action.
Value 0 no DPI profile this rule is assigned to.
You cannot assign the rule to an inactive profile
if an active enforcer will mapping to it."
DEFVAL { 0 }
::= { hm2L3RuleEntry 13 }
hm2L3ProtoName OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Following values are supported:
- Protocol name from hm2ProtocolTable
- icmp: internet control message protocol (RFC 792)
- igmp: internet group management protocol
- ipip: IP in IP tunnelling (RFC 1853)
- tcp: transmission control protocol (RFC 793)
- udp: user datagram protocol (RFC 768)
- esp: IPsec encapsulated security payload (RFC 2406)
- ah: IPsec authentication header (RFC 2402)
- icmpv6: internet control message protocol for IPv6
- any: apply to all protocols
"
DEFVAL { "any" }
::= { hm2L3RuleEntry 14 }
hm2L3AppRuleName OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..128))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Application rule name from hm2AppRuleTable"
DEFVAL { "manual" }
::= { hm2L3RuleEntry 15 }
hm2L3RuleIfMappingTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2L3RuleIfMappingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table for mapping L3 rules to interfaces"
::={ hm2L3RuleTables 2 }
hm2L3RuleIfMappingEntry OBJECT-TYPE
SYNTAX Hm2L3RuleIfMappingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry in rule interface mapping table"
INDEX { hm2L3IfmInterface, hm2L3IfmDirection, hm2L3IfmRuleIndex }
::={ hm2L3RuleIfMappingTable 1 }
Hm2L3RuleIfMappingEntry ::= SEQUENCE {
hm2L3IfmRuleIndex Integer32,
hm2L3IfmDirection INTEGER,
hm2L3IfmPriority Unsigned32,
hm2L3IfmInterface InterfaceIndex,
hm2L3IfmRowStatus RowStatus
}
hm2L3IfmRuleIndex OBJECT-TYPE
SYNTAX Integer32 (1..2048)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of the L3 rule this mapping entry is assigned to.
The rule must exist before the mapping entry can be created."
::={ hm2L3RuleIfMappingEntry 1 }
hm2L3IfmDirection OBJECT-TYPE
SYNTAX INTEGER {
ingress(1),
egress(2),
both(3)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Meanings:
- ingress(1): Apply this rule to packets arriving on this interface
- egress(2): Apply this rule to packets leaving from this interface
- both(3): Apply this rule to packets coming in and going out on this
interface.
If an ingress and an egress interface are given, this is taken to mean
that the rule shall apply to packets arriving on the ingress interface
AND to-be leaving on the egress interface. A rule without ingress
interface matches on all packets going out to the egress interface
given, and vice versa."
::={ hm2L3RuleIfMappingEntry 2 }
hm2L3IfmPriority OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The priority is the sorting key for rules in to this interface. They
don't need to be unique, but no clear order can be assumed among rules
with the same priority.
Priorities are processed in ascending order (0 highest
priority."
::={ hm2L3RuleIfMappingEntry 3 }
hm2L3IfmInterface OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The interface this mapping entry is assigned to. This has to be either
an hm2AgentSwitchIpInterfaceIfIndex or an hm2AgentSwitchIpVlanIfIndex.
Note that for physical interfaces this only works if the corresponding
hm2AgentSwitchIpInterfaceRoutingMode is set to enable."
::={ hm2L3RuleIfMappingEntry 4 }
hm2L3IfmRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The RowStatus value for this entry with the usual meanings:
- active(1): The interface mapping is in place
- notInService(2): The interface mapping is not in place because the
user said so
- notReady(3): The interface mapping is not in place because the
agent said so
- createAndGo(4): Create this mapping with the default priority and
activate it.
- createAndWait(5): Create this mapping deactivated.
- destroy(6): Destroy this interface mapping."
::={ hm2L3RuleIfMappingEntry 5 }
hm2L3Stats OBJECT IDENTIFIER ::={ hm2L3Fw 4 }
hm2L3GeneralStats OBJECT IDENTIFIER ::= { hm2L3Stats 1 }
hm2L3StatsTotalPck OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of packets processed by the L3 firewall"
::= { hm2L3GeneralStats 1 }
hm2L3StatsTotalPckSize OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of bytes processed by the L3 firewall"
::= { hm2L3GeneralStats 2 }
hm2L3StatsTotalPckDenDrop OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of packets dropped or denied by the L3 firewall"
::={ hm2L3GeneralStats 3 }
hm2L3StatsTotalPckAccepted OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of packets accepted by the L3 firewall"
::={ hm2L3GeneralStats 4 }
hm2L3StatsTables OBJECT IDENTIFIER ::= { hm2L3Stats 2 }
hm2L3StatsRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2L3StatsRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of per-rule statistics of the L3 firewall"
::= { hm2L3StatsTables 1 }
hm2L3StatsRuleEntry OBJECT-TYPE
SYNTAX Hm2L3StatsRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Statistics table entry for the L3 firewall"
INDEX { hm2L3RuleIndex }
::={ hm2L3StatsRuleTable 1 }
Hm2L3StatsRuleEntry ::= SEQUENCE {
hm2L3StatsPacketCount Counter64,
hm2L3StatsPacketSize Counter64,
hm2L3StatsLastApplied HmTimeSeconds1970
}
hm2L3StatsPacketCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets matched by this rule"
::={ hm2L3StatsRuleEntry 1 }
hm2L3StatsPacketSize OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of bytes processed by this rule"
::={ hm2L3StatsRuleEntry 2 }
hm2L3StatsLastApplied OBJECT-TYPE
SYNTAX HmTimeSeconds1970
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Time of last application of the rule in seconds since the Unix epoch."
::={ hm2L3StatsRuleEntry 3 }
hm2DPIProfileModbusObjects OBJECT IDENTIFIER ::= { hm2L3Fw 11 }
hm2DPIProfileModbusPendingActions OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value describes, whether the DPI MODBUS profile table was modified
but not yet written to the enforcer implementation (set to
true). After writing all modifications to the enforcer, the
value switches automatically back to false."
DEFVAL { false }
::= { hm2DPIProfileModbusObjects 1 }
hm2DPIProfileModbusCommitPendingActions OBJECT-TYPE
SYNTAX HmActionValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this value to action(2) writes not yet committed changes
to the enforcer (DPI MODBUS Profile Table). After writing
all modifications, the value switches automatically back to
noop(1)."
DEFVAL { noop }
::= { hm2DPIProfileModbusObjects 2 }
hm2DPIProfileOpcObjects OBJECT IDENTIFIER ::= { hm2L3Fw 12 }
hm2DPIProfileOpcPendingActions OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value describes, whether the L3 OPC profile table was modified
but not yet written to the enforcer implementation (set to
true). After writing all modifications to the enforcer, the
value switches automatically back to false."
DEFVAL { false }
::= { hm2DPIProfileOpcObjects 1 }
hm2DPIProfileOpcCommitPendingActions OBJECT-TYPE
SYNTAX HmActionValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this value to action(2) writes not yet committed changes
to the enforcer (DPI OPC Profile Table). After writing
all modifications, the value switches automatically back to
noop(1)."
DEFVAL { noop }
::= { hm2DPIProfileOpcObjects 2 }
hm2DPIProfileIEC104Objects OBJECT IDENTIFIER ::= { hm2L3Fw 13 }
hm2DPIProfileIEC104PendingActions OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value describes, whether the DPI IEC104 profile table was modified
but not yet written to the enforcer implementation (set to
true). After writing all modifications to the enforcer, the
value switches automatically back to false."
::= { hm2DPIProfileIEC104Objects 1 }
hm2DPIProfileIEC104CommitPendingActions OBJECT-TYPE
SYNTAX HmActionValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this value to action(2) writes not yet committed changes
to the enforcer (DPI IEC104 Profile Table). After writing
all modifications, the value switches automatically back to
noop(1)."
DEFVAL { noop }
::= { hm2DPIProfileIEC104Objects 2 }
hm2DPIProfileEnipObjects OBJECT IDENTIFIER ::= { hm2L3Fw 14 }
hm2DPIProfileEnipPendingActions OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value describes, whether the DPI EtherNet/IP profile table was modified
but not yet written to the enforcer implementation (set to
true). After writing all modifications to the enforcer, the
value switches automatically back to false."
::= { hm2DPIProfileEnipObjects 1 }
hm2DPIProfileEnipCommitPendingActions OBJECT-TYPE
SYNTAX HmActionValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this value to action(2) writes not yet committed changes
to the enforcer (DPI EtherNet/IP Profile Table). After writing
all modifications, the value switches automatically back to
noop(1)."
DEFVAL { noop }
::= { hm2DPIProfileEnipObjects 2 }
hm2DPIProfileDnp3Objects OBJECT IDENTIFIER ::= { hm2L3Fw 16 }
hm2DPIProfileDnp3PendingActions OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value describes, whether the DPI DNP3 profile table was modified
but not yet written to the enforcer implementation (set to
true). After writing all modifications to the enforcer, the
value switches automatically back to false."
DEFVAL { false }
::= { hm2DPIProfileDnp3Objects 1 }
hm2DPIProfileDnp3CommitPendingActions OBJECT-TYPE
SYNTAX HmActionValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this value to action(2) writes not yet committed changes
to the enforcer (DPI DNP3 Profile Table). After writing
all modifications, the value switches automatically back to
noop(1)."
DEFVAL { noop }
::= { hm2DPIProfileDnp3Objects 2 }
hm2DPIProfileTables OBJECT IDENTIFIER ::= { hm2L3Fw 21 }
hm2DPIProfileModbusTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2DPIProfileModbusEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The list of DPI MODBUS profiles for this enforcer"
::= { hm2DPIProfileTables 1 }
hm2DPIProfileModbusEntry OBJECT-TYPE
SYNTAX Hm2DPIProfileModbusEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"DPI MODBUS profile entry."
INDEX { hm2DPIProfileModbusIndex }
::= { hm2DPIProfileModbusTable 1 }
Hm2DPIProfileModbusEntry ::=
SEQUENCE {
hm2DPIProfileModbusIndex Integer32,
hm2DPIProfileModbusDescription DisplayString,
hm2DPIProfileModbusFunctionType INTEGER,
hm2DPIProfileModbusFunctionCodeList HmExtraLargeDisplayString,
hm2DPIProfileModbusUnitIdentifierList HmExtraLargeDisplayString,
hm2DPIProfileModbusSanityCheck TruthValue,
hm2DPIProfileModbusException TruthValue,
hm2DPIProfileModbusReset TruthValue,
hm2DPIProfileModbusRowStatus RowStatus
}
hm2DPIProfileModbusIndex OBJECT-TYPE
SYNTAX Integer32 ( 1..32 )
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Profile index of this DPI MODBUS profile"
::= { hm2DPIProfileModbusEntry 1 }
hm2DPIProfileModbusDescription OBJECT-TYPE
SYNTAX DisplayString ( SIZE(0..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"User defined textual description related to this profile."
DEFVAL { "modbus" }
::= { hm2DPIProfileModbusEntry 2 }
hm2DPIProfileModbusFunctionType OBJECT-TYPE
SYNTAX INTEGER {
readonly(1),
readwrite(2),
programming(3),
all(4),
advanced(5)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The function types of the corresponding function codes:
o readonly(1): Selects read only function codes for the function code list.
o readwrite(2): Selects read write function codes for the function code list.
o programming(3): Selects programming function codes for the function code list.
o all(4): Selects all possible function codes for the function code list. Any function code will be allowed.
o advanced(5): Keeps the function code list from the previous selection and makes it editable by the user."
DEFVAL { readonly }
::= { hm2DPIProfileModbusEntry 3 }
hm2DPIProfileModbusFunctionCodeList OBJECT-TYPE
SYNTAX HmExtraLargeDisplayString ( SIZE(1..1400) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The function codes for this enforcer as string.
A function code has the syntax:
<val>
Function codes are separated by a comma.
If more than one value is given for a function code, values are
separated by a | -sign (pipe).
Following function codes are defined:
<1..255>|<0-65535>|<0-65535> (apply to packets with given function codes <1..255>, address range <0-65535>, address range <0-65535>)
1|<0-65535> (apply to packets with given function code read coils, coil address range <0-65535>)
2|<0-65535> (apply to packets with given function code read discrete inputs, input address range <0-65535>)
3|<0-65535> (apply to packets with given function code read holding registers, register address range <0-65535>)
4|<0-65535> (apply to packets with given function code read input registers, register address range <0-65535>)
5|<0-65535> (apply to packets with given function code write single coil, coil address range <0-65535>)
6|<0-65535> (apply to packets with given function code write single register, register address range <0-65535>)
7 (apply to packets with given function code read exception status)
8 (apply to packets with given function code diagnostic)
11 (apply to packets with given function code get com event counter)
12 (apply to packets with given function code get comm event log)
13 (apply to packets with given function code program (584/984))
14 (apply to packets with given function code poll (584/984))
15|<0-65535> (apply to packets with given function code write multiple coils, coil address range <0-65535>)
16|<0-65535> (apply to packets with given function code write multiple registers, register address range <0-65535>)
17 (apply to packets with given function code report slave id)
20 (apply to packets with given function code read file record)
21 (apply to packets with given function code write file record)
22|<0-65535> (apply to packets with given function code mask write register, register address range <0-65535>)
23|<0-65535>|<0-65535> (apply to packets with given function code read/write multiple registers, read address range <0-65535>, write address range <0-65535>)
24|<0-65535> (apply to packets with given function code read fifo queue, pointer address range <0-65535>)
40 (apply to packets with given function code program (concept))
42 (apply to packets with given function code concept symbol table)
43 (apply to packets with given function code encapsulated interface transport)
48 (apply to packets with given function code advantech co. ltd. - management functions)
66 (apply to packets with given function code scan data inc. - expanded read holding registers)
67 (apply to packets with given function code scan data inc. - expanded write holding registers)
90 (apply to packets with given function code unity programming/ofs)
100 (apply to packets with given function code scattered register read)
125 (apply to packets with given function code schneider electric - firmware replacement)
126 (apply to packets with given function code schneider electric - program)"
DEFVAL { "1,2,3,4,7,11,12,17,20,24" }
::= { hm2DPIProfileModbusEntry 4 }
hm2DPIProfileModbusUnitIdentifierList OBJECT-TYPE
SYNTAX HmExtraLargeDisplayString ( SIZE(1..1400) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Unit identifiers for this enforcer as string.
A unit identifier has the syntax:
<val>
To specify no options, the value 'none' must be given.
Unit identifiers are separated by a comma.
Following unit identifiers are defined:
<0..255> (apply to packets for which a
unit identifier is set)"
DEFVAL { "none" }
::= { hm2DPIProfileModbusEntry 5 }
hm2DPIProfileModbusSanityCheck OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to true if apply to packets for which a
sanity check including format and specification shall be done"
DEFVAL { true }
::= { hm2DPIProfileModbusEntry 6 }
hm2DPIProfileModbusException OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to true if apply to packets for which a
device exception message shall be sent"
DEFVAL { false }
::= { hm2DPIProfileModbusEntry 7 }
hm2DPIProfileModbusReset OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to true if apply to packets for which a
reset connection message shall be sent"
DEFVAL { true }
::= { hm2DPIProfileModbusEntry 8 }
hm2DPIProfileModbusRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is a standard row status value:
- active(1): The profile is active. You cannot modify it.
- notInService(2): The profile is inactive because of user action.
You cannot inactivate the profile if an active enforcer mappings to it.
- notReady(3): The profile is inactive because of agent action.
- createAndGo(4): Create the profile with default parameters
activated.
- createAndWait(5): Create the profile inactive.
- destroy(6): Delete the profile.
You cannot delete the active profile or if an enforcer mappings to it."
::= { hm2DPIProfileModbusEntry 9 }
hm2DPIProfileOpcTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2DPIProfileOpcEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The list of DPI OPC profiles for this enforcer"
::= { hm2DPIProfileTables 2 }
hm2DPIProfileOpcEntry OBJECT-TYPE
SYNTAX Hm2DPIProfileOpcEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"DPI OPC profile entry."
INDEX { hm2DPIProfileOpcIndex }
::= { hm2DPIProfileOpcTable 1 }
Hm2DPIProfileOpcEntry ::=
SEQUENCE {
hm2DPIProfileOpcIndex Integer32,
hm2DPIProfileOpcDescription DisplayString,
hm2DPIProfileOpcSanityCheck TruthValue,
hm2DPIProfileOpcFragmentCheck TruthValue,
hm2DPIProfileOpcTimeoutConnect Unsigned32,
hm2DPIProfileOpcRowStatus RowStatus
}
hm2DPIProfileOpcIndex OBJECT-TYPE
SYNTAX Integer32 ( 1..32 )
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Profile index of this DPI OPC profile"
::= { hm2DPIProfileOpcEntry 1 }
hm2DPIProfileOpcDescription OBJECT-TYPE
SYNTAX DisplayString ( SIZE(0..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"User defined textual description related to this profile."
DEFVAL { "opc" }
::= { hm2DPIProfileOpcEntry 2 }
hm2DPIProfileOpcSanityCheck OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to true if apply to packets for which a
sanity check including format and specification shall be done"
DEFVAL { true }
::= { hm2DPIProfileOpcEntry 3 }
hm2DPIProfileOpcFragmentCheck OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to true if apply to packets for which a
fragment check shall be done"
DEFVAL { true }
::= { hm2DPIProfileOpcEntry 4 }
hm2DPIProfileOpcTimeoutConnect OBJECT-TYPE
SYNTAX Unsigned32 (0..300)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to nonzero if apply to packets for which a
timeout at connect in seconds shall be done.
Value 0 disables this match criteria."
DEFVAL { 5 }
::= { hm2DPIProfileOpcEntry 5 }
hm2DPIProfileOpcRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is a standard row status value:
- active(1): The profile is active. You cannot modify it.
- notInService(2): The profile is inactive because of user action.
You cannot inactivate the profile if an active enforcer mappings to it.
- notReady(3): The profile is inactive because of agent action.
- createAndGo(4): Create the profile with default parameters
activated.
- createAndWait(5): Create the profile inactive.
- destroy(6): Delete the profile.
You cannot delete the active profile or if an enforcer mappings to it."
::= { hm2DPIProfileOpcEntry 6 }
hm2DPIProfileIEC104Table OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2DPIProfileIEC104Entry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The list of DPI IEC104 profiles for this enforcer"
::= { hm2DPIProfileTables 3 }
hm2DPIProfileIEC104Entry OBJECT-TYPE
SYNTAX Hm2DPIProfileIEC104Entry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"DPI IEC104 profile entry."
INDEX { hm2DPIProfileIEC104Index }
::= { hm2DPIProfileIEC104Table 1 }
Hm2DPIProfileIEC104Entry ::=
SEQUENCE {
hm2DPIProfileIEC104Index Integer32,
hm2DPIProfileIEC104Description SnmpAdminString,
hm2DPIProfileIEC104FunctionType INTEGER,
hm2DPIProfileIEC104TypeIDList BITS,
hm2DPIProfileIEC104OriginatorAddressList BITS,
hm2DPIProfileIEC104CommonAddressList HmLargeDisplayString,
hm2DPIProfileIEC104SanityCheck HmEnabledStatus,
hm2DPIProfileIEC104Reset HmEnabledStatus,
hm2DPIProfileIEC104Debug HmEnabledStatus,
hm2DPIProfileIEC104RowStatus RowStatus,
hm2DPIProfileIEC104AdvancedTypeIDList HmExtraLargeDisplayString,
hm2DPIProfileIEC104OriginatorAddrList HmExtraLargeDisplayString,
hm2DPIProfileIEC104CauseOfTransmissionSize Integer32,
hm2DPIProfileIEC104CommonAddressSize Integer32,
hm2DPIProfileIEC104IOAddressSize Integer32,
hm2DPIProfileIEC104AllowIEC101 HmEnabledStatus
}
hm2DPIProfileIEC104Index OBJECT-TYPE
SYNTAX Integer32 ( 1..32 )
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Profile index of this DPI IEC104 profile"
::= { hm2DPIProfileIEC104Entry 1 }
hm2DPIProfileIEC104Description OBJECT-TYPE
SYNTAX SnmpAdminString ( SIZE(0..128) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"User defined textual description related to this profile."
DEFVAL { "iec104" }
::= { hm2DPIProfileIEC104Entry 2 }
hm2DPIProfileIEC104FunctionType OBJECT-TYPE
SYNTAX INTEGER {
readonly(1),
readwrite(2),
common(3),
any(4),
advanced(5)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The function types of the corresponding type IDs:
o readonly(1): Selects read only type IDs for the type ID list.
o readwrite(2): Selects read write type IDs for the type ID list.
o common(3): Selects common type IDs for the type ID list.
o any(4): Selects all possible type IDs for the type ID list. Any type ID will be allowed.
o advanced(5): Keeps the type ID list from the previous selection and makes it editable by the user."
DEFVAL { any }
::= { hm2DPIProfileIEC104Entry 3 }
hm2DPIProfileIEC104TypeIDList OBJECT-TYPE
SYNTAX BITS {
invalid-0(0),
m-sp-na-1(1),
m-sp-ta-1(2),
m-dp-na-1(3),
m-dp-ta-1(4),
m-st-na-1(5),
m-st-ta-1(6),
m-bo-na-1(7),
m-bo-ta-1(8),
m-me-na-1(9),
m-me-ta-1(10),
m-me-nb-1(11),
m-me-tb-1(12),
m-me-nc-1(13),
m-me-tc-1(14),
m-it-na-1(15),
m-it-ta-1(16),
m-ep-ta-1(17),
m-ep-tb-1(18),
m-ep-tc-1(19),
m-ps-na-1(20),
m-me-nd-1(21),
reserved-22(22),
reserved-23(23),
reserved-24(24),
reserved-25(25),
reserved-26(26),
reserved-27(27),
reserved-28(28),
reserved-29(29),
m-sp-tb-1(30),
m-dp-tb-1(31),
m-st-tb-1(32),
m-bo-tb-1(33),
m-me-td-1(34),
m-me-te-1(35),
m-me-tf-1(36),
m-it-tb-1(37),
m-ep-td-1(38),
m-ep-te-1(39),
m-ep-tf-1(40),
reserved-41(41),
reserved-42(42),
reserved-43(43),
reserved-44(44),
c-sc-na-1(45),
c-dc-na-1(46),
c-rc-na-1(47),
c-se-na-1(48),
c-se-nb-1(49),
c-se-nc-1(50),
c-bo-na-1(51),
reserved-52(52),
reserved-53(53),
reserved-54(54),
reserved-55(55),
reserved-56(56),
reserved-57(57),
c-sc-ta-1(58),
c-dc-ta-1(59),
c-rc-ta-1(60),
c-se-ta-1(61),
c-se-tb-1(62),
c-se-tc-1(63),
c-bo-ta-1(64),
reserved-65(65),
reserved-66(66),
reserved-67(67),
reserved-68(68),
reserved-69(69),
m-ei-na-1(70),
reserved-71(71),
reserved-72(72),
reserved-73(73),
reserved-74(74),
reserved-75(75),
reserved-76(76),
reserved-77(77),
reserved-78(78),
reserved-79(79),
reserved-80(80),
reserved-81(81),
reserved-82(82),
reserved-83(83),
reserved-84(84),
reserved-85(85),
reserved-86(86),
reserved-87(87),
reserved-88(88),
reserved-89(89),
reserved-90(90),
reserved-91(91),
reserved-92(92),
reserved-93(93),
reserved-94(94),
reserved-95(95),
reserved-96(96),
reserved-97(97),
reserved-98(98),
reserved-99(99),
c-ic-na-1(100),
c-ci-na-1(101),
c-rd-na-1(102),
c-cs-na-1(103),
c-ts-nb-1(104),
c-rp-nc-1(105),
c-cd-na-1(106),
c-ts-ta-1(107),
reserved-108(108),
reserved-109(109),
p-me-na-1(110),
p-me-nb-1(111),
p-me-nc-1(112),
p-ac-na-1(113),
reserved-114(114),
reserved-115(115),
reserved-116(116),
reserved-117(117),
reserved-118(118),
reserved-119(119),
f-fr-na-1(120),
f-sr-na-1(121),
f-sc-na-1(122),
f-ls-na-1(123),
f-af-na-1(124),
f-sg-na-1(125),
f-dr-ta-1(126),
f-sc-nb-1(127),
custom-128(128),
custom-129(129),
custom-130(130),
custom-131(131),
custom-132(132),
custom-133(133),
custom-134(134),
custom-135(135),
custom-136(136),
custom-137(137),
custom-138(138),
custom-139(139),
custom-140(140),
custom-141(141),
custom-142(142),
custom-143(143),
custom-144(144),
custom-145(145),
custom-146(146),
custom-147(147),
custom-148(148),
custom-149(149),
custom-150(150),
custom-151(151),
custom-152(152),
custom-153(153),
custom-154(154),
custom-155(155),
custom-156(156),
custom-157(157),
custom-158(158),
custom-159(159),
custom-160(160),
custom-161(161),
custom-162(162),
custom-163(163),
custom-164(164),
custom-165(165),
custom-166(166),
custom-167(167),
custom-168(168),
custom-169(169),
custom-170(170),
custom-171(171),
custom-172(172),
custom-173(173),
custom-174(174),
custom-175(175),
custom-176(176),
custom-177(177),
custom-178(178),
custom-179(179),
custom-180(180),
custom-181(181),
custom-182(182),
custom-183(183),
custom-184(184),
custom-185(185),
custom-186(186),
custom-187(187),
custom-188(188),
custom-189(189),
custom-190(190),
custom-191(191),
custom-192(192),
custom-193(193),
custom-194(194),
custom-195(195),
custom-196(196),
custom-197(197),
custom-198(198),
custom-199(199),
custom-200(200),
custom-201(201),
custom-202(202),
custom-203(203),
custom-204(204),
custom-205(205),
custom-206(206),
custom-207(207),
custom-208(208),
custom-209(209),
custom-210(210),
custom-211(211),
custom-212(212),
custom-213(213),
custom-214(214),
custom-215(215),
custom-216(216),
custom-217(217),
custom-218(218),
custom-219(219),
custom-220(220),
custom-221(221),
custom-222(222),
custom-223(223),
custom-224(224),
custom-225(225),
custom-226(226),
custom-227(227),
custom-228(228),
custom-229(229),
custom-230(230),
custom-231(231),
custom-232(232),
custom-233(233),
custom-234(234),
custom-235(235),
custom-236(236),
custom-237(237),
custom-238(238),
custom-239(239),
custom-240(240),
custom-241(241),
custom-242(242),
custom-243(243),
custom-244(244),
custom-245(245),
custom-246(246),
custom-247(247),
custom-248(248),
custom-249(249),
custom-250(250),
custom-251(251),
custom-252(252),
custom-253(253),
custom-254(254),
custom-255(255)
}
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"**NOTE: This object is obsolete in favour of hm2DPIProfileIEC104AdvancedTypeIDList.**
The type IDs for this enforcer as bit string.
Each type ID bit can either be set (allowed) or cleared (blocked).
Following type IDs are defined:
1 Single point information m-sp-na-1
2 Single point information with time tag m-sp-ta-1
3 Double point information m-dp-na-1
4 Double point information with time tag m-dp-ta-1
5 Step position information m-st-na-1
6 Step position information with time tag m-st-ta-1
7 Bit string of 32 bit m-bo-na-1
8 Bit string of 32 bit with time tag m-bo-ta-1
9 Measured value, normalized value m-me-na-1
10 Measured value, normalized value with time tag m-me-ta-1
11 Measured value, scaled value m-me-nb-1
12 Measured value, scaled value with time tag m-me-tb-1
13 Measured value, short floating point value m-me-nc-1
14 Measured value, short floating point value with time tag m-me-tc-1
15 Integrated totals m-it-na-1
16 Integrated totals with time tag m-it-ta-1
17 Event of protection equipment with time tag m-ep-ta-1
18 Packed start events of protection equipment with time tag m-ep-tb-1
19 Packed output circuit information of protection equipment with time tag m-ep-tc-1
20 Packed single-point information with status change detection m-ps-na-1
21 Measured value, normalized value without quality descriptor m-me-nd-1
30 Single point information with time tag cp56time2a m-sp-tb-1
31 Double point information with time tag cp56time2a m-dp-tb-1
32 Step position information with time tag cp56time2a m-st-tb-1
33 Bit string of 32 bit with time tag cp56time2a m-bo-tb-1
34 Measured value, normalized value with time tag cp56time2a m-me-td-1
35 Measured value, scaled value with time tag cp56time2a m-me-te-1
36 Measured value, short floating point value with time tag cp56time2a m-me-tf-1
37 Integrated totals with time tag cp56time2a m-it-tb-1
38 Event of protection equipment with time tag cp56time2a m-ep-td-1
39 Packed start events of protection equipment with time tag cp56time2a m-ep-te-1
40 Packed output circuit information of protection equipment with time tag cp56time2a m-ep-tf-1
45 Single command c-sc-na-1
46 Double command c-dc-na-1
47 Regulating step command c-rc-na-1
48 Setpoint command, normalized value c-se-na-1
49 Setpoint command, scaled value c-se-nb-1
50 Setpoint command, short floating point value c-se-nc-1
51 Bit string 32 bit c-bo-na-1
58 Single command with time tag cp56time2a c-sc-ta-1
59 Double command with time tag cp56time2a c-dc-ta-1
60 Regulating step command with time tag cp56time2a c-rc-ta-1
61 Setpoint command, normalized value with time tag cp56time2a c-se-ta-1
62 Setpoint command, scaled value with time tag cp56time2a c-se-tb-1
63 Setpoint command, short floating point value with time tag cp56time2a c-se-tc-1
64 Bit string 32 bit with time tag cp56time2a c-bo-ta-1
70 End of initialization m-ei-na-1
100 (General-) Interrogation command c-ic-na-1
101 Counter interrogation command c-ci-na-1
102 Read command c-rd-na-1
103 Clock synchronization command c-cs-na-1
104 ( IEC 101 ) Test command c-ts-nb-1
105 Reset process command c-rp-nc-1
106 ( IEC 101 ) Delay acquisition command c-cd-na-1
107 Test command with time tag cp56time2a c-ts-ta-1
110 Parameter of measured value, normalized value p-me-na-1
111 Parameter of measured value, scaled value p-me-nb-1
112 Parameter of measured value, short floating point value p-me-nc-1
113 Parameter activation p-ac-na-1
120 File ready f-fr-na-1
121 Section ready f-sr-na-1
122 Call directory, select file, call file, call section f-sc-na-1
123 Last section, last segment f-ls-na-1
124 Ack file, Ack section f-af-na-1
125 Segment f-sg-na-1
126 f-dr-ta-1
127 QueryLog - Request archive file f-sc-nb-1
128-255 Custom type IDs accessible via custom-<ID>
All undefined type IDs are accessible via reserverd-<ID>"
DEFVAL { {m-sp-na-1,m-sp-ta-1,m-dp-na-1} }
::= { hm2DPIProfileIEC104Entry 4 }
hm2DPIProfileIEC104OriginatorAddressList OBJECT-TYPE
SYNTAX BITS {
oa-0(0),
oa-1(1),
oa-2(2),
oa-3(3),
oa-4(4),
oa-5(5),
oa-6(6),
oa-7(7),
oa-8(8),
oa-9(9),
oa-10(10),
oa-11(11),
oa-12(12),
oa-13(13),
oa-14(14),
oa-15(15),
oa-16(16),
oa-17(17),
oa-18(18),
oa-19(19),
oa-20(20),
oa-21(21),
oa-22(22),
oa-23(23),
oa-24(24),
oa-25(25),
oa-26(26),
oa-27(27),
oa-28(28),
oa-29(29),
oa-30(30),
oa-31(31),
oa-32(32),
oa-33(33),
oa-34(34),
oa-35(35),
oa-36(36),
oa-37(37),
oa-38(38),
oa-39(39),
oa-40(40),
oa-41(41),
oa-42(42),
oa-43(43),
oa-44(44),
oa-45(45),
oa-46(46),
oa-47(47),
oa-48(48),
oa-49(49),
oa-50(50),
oa-51(51),
oa-52(52),
oa-53(53),
oa-54(54),
oa-55(55),
oa-56(56),
oa-57(57),
oa-58(58),
oa-59(59),
oa-60(60),
oa-61(61),
oa-62(62),
oa-63(63),
oa-64(64),
oa-65(65),
oa-66(66),
oa-67(67),
oa-68(68),
oa-69(69),
oa-70(70),
oa-71(71),
oa-72(72),
oa-73(73),
oa-74(74),
oa-75(75),
oa-76(76),
oa-77(77),
oa-78(78),
oa-79(79),
oa-80(80),
oa-81(81),
oa-82(82),
oa-83(83),
oa-84(84),
oa-85(85),
oa-86(86),
oa-87(87),
oa-88(88),
oa-89(89),
oa-90(90),
oa-91(91),
oa-92(92),
oa-93(93),
oa-94(94),
oa-95(95),
oa-96(96),
oa-97(97),
oa-98(98),
oa-99(99),
oa-100(100),
oa-101(101),
oa-102(102),
oa-103(103),
oa-104(104),
oa-105(105),
oa-106(106),
oa-107(107),
oa-108(108),
oa-109(109),
oa-110(110),
oa-111(111),
oa-112(112),
oa-113(113),
oa-114(114),
oa-115(115),
oa-116(116),
oa-117(117),
oa-118(118),
oa-119(119),
oa-120(120),
oa-121(121),
oa-122(122),
oa-123(123),
oa-124(124),
oa-125(125),
oa-126(126),
oa-127(127),
oa-128(128),
oa-129(129),
oa-130(130),
oa-131(131),
oa-132(132),
oa-133(133),
oa-134(134),
oa-135(135),
oa-136(136),
oa-137(137),
oa-138(138),
oa-139(139),
oa-140(140),
oa-141(141),
oa-142(142),
oa-143(143),
oa-144(144),
oa-145(145),
oa-146(146),
oa-147(147),
oa-148(148),
oa-149(149),
oa-150(150),
oa-151(151),
oa-152(152),
oa-153(153),
oa-154(154),
oa-155(155),
oa-156(156),
oa-157(157),
oa-158(158),
oa-159(159),
oa-160(160),
oa-161(161),
oa-162(162),
oa-163(163),
oa-164(164),
oa-165(165),
oa-166(166),
oa-167(167),
oa-168(168),
oa-169(169),
oa-170(170),
oa-171(171),
oa-172(172),
oa-173(173),
oa-174(174),
oa-175(175),
oa-176(176),
oa-177(177),
oa-178(178),
oa-179(179),
oa-180(180),
oa-181(181),
oa-182(182),
oa-183(183),
oa-184(184),
oa-185(185),
oa-186(186),
oa-187(187),
oa-188(188),
oa-189(189),
oa-190(190),
oa-191(191),
oa-192(192),
oa-193(193),
oa-194(194),
oa-195(195),
oa-196(196),
oa-197(197),
oa-198(198),
oa-199(199),
oa-200(200),
oa-201(201),
oa-202(202),
oa-203(203),
oa-204(204),
oa-205(205),
oa-206(206),
oa-207(207),
oa-208(208),
oa-209(209),
oa-210(210),
oa-211(211),
oa-212(212),
oa-213(213),
oa-214(214),
oa-215(215),
oa-216(216),
oa-217(217),
oa-218(218),
oa-219(219),
oa-220(220),
oa-221(221),
oa-222(222),
oa-223(223),
oa-224(224),
oa-225(225),
oa-226(226),
oa-227(227),
oa-228(228),
oa-229(229),
oa-230(230),
oa-231(231),
oa-232(232),
oa-233(233),
oa-234(234),
oa-235(235),
oa-236(236),
oa-237(237),
oa-238(238),
oa-239(239),
oa-240(240),
oa-241(241),
oa-242(242),
oa-243(243),
oa-244(244),
oa-245(245),
oa-246(246),
oa-247(247),
oa-248(248),
oa-249(249),
oa-250(250),
oa-251(251),
oa-252(252),
oa-253(253),
oa-254(254),
oa-255(255)
}
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"**NOTE: This object is obsolete in favour of hm2DPIProfileIEC104OriginatorAddrList.**
Allowed Originator addresses for this enforcer as bit string.
Each bit corresponds to an orignator address which may either be
allowed (bit set) or blocked (bit cleared). If all bits are cleared,
no filtering on originator addresses is done (all addresses allowed).
Following Originator addresses are defined:
oa-<0..255> (only the selected Originator addresses will be allowed)"
DEFVAL { { } }
::= { hm2DPIProfileIEC104Entry 5 }
hm2DPIProfileIEC104CommonAddressList OBJECT-TYPE
SYNTAX HmLargeDisplayString ( SIZE(0..1024) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Allowed Common addresses for this enforcer as string.
Allowed format for common address list:
- index range with first and last index separated by hyphen
('10-15')
- comma separated list of index ('12,25,123')
- combination of the points above ('10,25-30,125,300')
If no address are specified, all Common addresses will be allowed.
Following Common addresses are defined:
<0..65535> (only the selected Common addresses will be allowed)"
DEFVAL { "" }
::= { hm2DPIProfileIEC104Entry 6 }
hm2DPIProfileIEC104SanityCheck OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to 'enable' if a sanity check including format and specification
for all packets shall be done"
DEFVAL { enable }
::= { hm2DPIProfileIEC104Entry 7 }
hm2DPIProfileIEC104Reset OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to 'enable' if reset connection message shall be sent in case a packet is dropped"
DEFVAL { enable }
::= { hm2DPIProfileIEC104Entry 8 }
hm2DPIProfileIEC104Debug OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to 'enable' if reset connection message shall contain debug information"
DEFVAL { disable }
::= { hm2DPIProfileIEC104Entry 9 }
hm2DPIProfileIEC104RowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is a standard row status value:
- active(1): The profile is active. You cannot modify it.
- notInService(2): The profile is inactive because of user action.
You cannot inactivate the profile if an active enforcer mappings to it.
- notReady(3): The profile is inactive because of agent action.
- createAndGo(4): Create the profile with default parameters
activated.
- createAndWait(5): Create the profile inactive.
- destroy(6): Delete the profile.
You cannot delete the active profile or if an enforcer mappings to it."
::= { hm2DPIProfileIEC104Entry 10 }
hm2DPIProfileIEC104AdvancedTypeIDList OBJECT-TYPE
SYNTAX HmExtraLargeDisplayString ( SIZE(0..1400) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type IDs for this enforcer as string.
A type ID list has the syntax:
<val>
If more than one value is given for type ID list, values are
separated by a , sign (comma).
Note: The user can define any number between 0-255. The type ID must be a
number (in decimal format).
All undefined type IDs are reserved for further compatible definitions.
Following type IDs are defined:
0 Invalid type id invalid-0
1 Single point information m-sp-na-1
2 Single point information with time tag m-sp-ta-1
3 Double point information m-dp-na-1
4 Double point information with time tag m-dp-ta-1
5 Step position information m-st-na-1
6 Step position information with time tag m-st-ta-1
7 Bit string of 32 bit m-bo-na-1
8 Bit string of 32 bit with time tag m-bo-ta-1
9 Measured value, normalized value m-me-na-1
10 Measured value, normalized value with time tag m-me-ta-1
11 Measured value, scaled value m-me-nb-1
12 Measured value, scaled value with time tag m-me-tb-1
13 Measured value, short floating point value m-me-nc-1
14 Measured value, short floating point value with time tag m-me-tc-1
15 Integrated totals m-it-na-1
16 Integrated totals with time tag m-it-ta-1
17 Event of protection equipment with time tag m-ep-ta-1
18 Packed start events of protection equipment with time tag m-ep-tb-1
19 Packed output circuit information of protection equipment with time tag m-ep-tc-1
20 Packed single-point information with status change detection m-ps-na-1
21 Measured value, normalized value without quality descriptor m-me-nd-1
30 Single point information with time tag cp56time2a m-sp-tb-1
31 Double point information with time tag cp56time2a m-dp-tb-1
32 Step position information with time tag cp56time2a m-st-tb-1
33 Bit string of 32 bit with time tag cp56time2a m-bo-tb-1
34 Measured value, normalized value with time tag cp56time2a m-me-td-1
35 Measured value, scaled value with time tag cp56time2a m-me-te-1
36 Measured value, short floating point value with time tag cp56time2a m-me-tf-1
37 Integrated totals with time tag cp56time2a m-it-tb-1
38 Event of protection equipment with time tag cp56time2a m-ep-td-1
39 Packed start events of protection equipment with time tag cp56time2a m-ep-te-1
40 Packed output circuit information of protection equipment with time tag cp56time2a m-ep-tf-1
45 Single command c-sc-na-1
46 Double command c-dc-na-1
47 Regulating step command c-rc-na-1
48 Setpoint command, normalized value c-se-na-1
49 Setpoint command, scaled value c-se-nb-1
50 Setpoint command, short floating point value c-se-nc-1
51 Bit string 32 bit c-bo-na-1
58 Single command with time tag cp56time2a c-sc-ta-1
59 Double command with time tag cp56time2a c-dc-ta-1
60 Regulating step command with time tag cp56time2a c-rc-ta-1
61 Setpoint command, normalized value with time tag cp56time2a c-se-ta-1
62 Setpoint command, scaled value with time tag cp56time2a c-se-tb-1
63 Setpoint command, short floating point value with time tag cp56time2a c-se-tc-1
64 Bit string 32 bit with time tag cp56time2a c-bo-ta-1
70 End of initialization m-ei-na-1
100 (General-) Interrogation command c-ic-na-1
101 Counter interrogation command c-ci-na-1
102 Read command c-rd-na-1
103 Clock synchronization command c-cs-na-1
104 ( IEC 101 ) Test command c-ts-nb-1
105 Reset process command c-rp-nc-1
106 ( IEC 101 ) Delay acquisition command c-cd-na-1
107 Test command with time tag cp56time2a c-ts-ta-1
110 Parameter of measured value, normalized value p-me-na-1
111 Parameter of measured value, scaled value p-me-nb-1
112 Parameter of measured value, short floating point value p-me-nc-1
113 Parameter activation p-ac-na-1
120 File ready f-fr-na-1
121 Section ready f-sr-na-1
122 Call directory, select file, call file, call section f-sc-na-1
123 Last section, last segment f-ls-na-1
124 Ack file, Ack section f-af-na-1
125 Segment f-sg-na-1
126 f-dr-ta-1
127 QueryLog - Request archive file f-sc-nb-1
128-135 reserved for routing of messages
136-255 reserved for special use"
DEFVAL { "" }
::= { hm2DPIProfileIEC104Entry 11 }
hm2DPIProfileIEC104OriginatorAddrList OBJECT-TYPE
SYNTAX HmExtraLargeDisplayString ( SIZE(0..1400) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Allowed Originator addresses for this enforcer as string.
Allowed format for originator address list:
- index range with first and last index separated by hyphen
('10-15')
- comma separated list of index ('12,25,123')
- combination of the points above ('10,25-30,125,300')
Note: The user can define any number between 0-255. The originator
address must be a number (in decimal format).
Following Originator addresses are defined:
<0..255> (only the selected Originator addresses will be allowed)"
DEFVAL { "" }
::= { hm2DPIProfileIEC104Entry 12 }
hm2DPIProfileIEC104CauseOfTransmissionSize OBJECT-TYPE
SYNTAX Integer32 ( 1..2 )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to default value 2 for the latest protocol, set to 1 for legacy protocol"
DEFVAL { 2 }
::= { hm2DPIProfileIEC104Entry 13 }
hm2DPIProfileIEC104CommonAddressSize OBJECT-TYPE
SYNTAX Integer32 ( 1..2 )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to default value 2 for the latest protocol, set to 1 for legacy protocol"
DEFVAL { 2 }
::= { hm2DPIProfileIEC104Entry 14 }
hm2DPIProfileIEC104IOAddressSize OBJECT-TYPE
SYNTAX Integer32 ( 1..3 )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to default value 3 for the latest protocol, set to 2 or 1 for legacy protocol"
DEFVAL { 3 }
::= { hm2DPIProfileIEC104Entry 15 }
hm2DPIProfileIEC104AllowIEC101 OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to 'enable' if Type IDs that are defined for the old IEC 101 standard have to be allowed"
DEFVAL { disable }
::= { hm2DPIProfileIEC104Entry 16 }
--******************************************************************************
-- Ethernet/IP Profile Table
--******************************************************************************
hm2DPIProfileEnipTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2DPIProfileEnipEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The list of DPI EtherNet/IP profiles for this enforcer"
::= { hm2DPIProfileTables 4 }
hm2DPIProfileEnipEntry OBJECT-TYPE
SYNTAX Hm2DPIProfileEnipEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"DPI EtherNet/IP profile entry."
INDEX { hm2DPIProfileEnipIndex }
::= { hm2DPIProfileEnipTable 1 }
Hm2DPIProfileEnipEntry ::=
SEQUENCE {
hm2DPIProfileEnipIndex Integer32,
hm2DPIProfileEnipDescription SnmpAdminString,
hm2DPIProfileEnipFunctionType INTEGER,
hm2DPIProfileEnipSanityCheck HmEnabledStatus,
hm2DPIProfileEnipDebug HmEnabledStatus,
hm2DPIProfileEnipRowStatus RowStatus,
hm2DPIProfileEnipDefaultObjectList HmExtraLargeDisplayString,
hm2DPIProfileEnipWildCardServices HmLargeDisplayString,
hm2DPIProfileEnipAllowEmbPCCC HmEnabledStatus,
hm2DPIProfileEnipTcpReset HmEnabledStatus
}
hm2DPIProfileEnipIndex OBJECT-TYPE
SYNTAX Integer32 ( 1..32 )
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Profile index of this DPI EtherNet/IP profile"
::= { hm2DPIProfileEnipEntry 1 }
hm2DPIProfileEnipDescription OBJECT-TYPE
SYNTAX SnmpAdminString ( SIZE(0..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"User defined textual description related to this profile."
DEFVAL { "enip" }
::= { hm2DPIProfileEnipEntry 2 }
hm2DPIProfileEnipFunctionType OBJECT-TYPE
SYNTAX INTEGER {
readonly(1),
readwrite(2),
any(3),
advanced(4)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The function types of the corresponding commands:
o readonly(1): Selects read only commands for the command list.
o readwrite(2): Selects read write commands for the command list.
o any(3): Selects all possible commands for the command list. Any command will be allowed.
o advanced(4): Keeps the command list from the previous selection and makes it editable by the user."
DEFVAL { any }
::= { hm2DPIProfileEnipEntry 3 }
hm2DPIProfileEnipSanityCheck OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If a sanity check including format and specification
for all packets shall be done, then it must be enabled."
DEFVAL { enable }
::= { hm2DPIProfileEnipEntry 4 }
hm2DPIProfileEnipDebug OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Enables or disables the debug information in a reset connection message.
If a reset connection message shall contain debug information, then it must be enabled."
DEFVAL { disable }
::= { hm2DPIProfileEnipEntry 5 }
hm2DPIProfileEnipRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is a standard row status value:
- active(1): The profile is active. You cannot modify it.
- notInService(2): The profile is inactive because of user action.
You cannot inactivate the profile if an active enforcer mappings to it.
- notReady(3): The profile is inactive because of agent action.
- createAndGo(4): Create the profile with default parameters
activated.
- createAndWait(5): Create the profile inactive.
- destroy(6): Delete the profile.
You cannot delete the active profile or if an enforcer mappings to it."
::= { hm2DPIProfileEnipEntry 6 }
hm2DPIProfileEnipDefaultObjectList OBJECT-TYPE
SYNTAX HmExtraLargeDisplayString( SIZE(1..1280) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Index of entries to be included from default object list
as per ENIP standard.
Allowed formats are: (Index range <1-347>)
- keyword 'none' for excluding and 'all' for including the default object list.
- any single index (e.g. 10)
- index range with first and last index separated by hyphen
(e.g. '10-15')
- comma separated list of index (e.g. 12,25,123)
- combination of the points above (e.g. 10,25-30,125,300)
- Total number of decimal values can be up to 347."
DEFVAL { "none" }
::= { hm2DPIProfileEnipEntry 7 }
hm2DPIProfileEnipWildCardServices OBJECT-TYPE
SYNTAX HmLargeDisplayString ( SIZE(0..640) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Multiple service codes can be listed separated by a comma (',')
- single service code (eg: 0x10)
- comma separated list of service codes (eg: 0x12,0x31,0x5F)
- Service code starts from 0x00 and cannot be greater than 0x7F
- Total number of hexa-decimal values can be specified upto 128."
DEFVAL { "" }
::= { hm2DPIProfileEnipEntry 8 }
hm2DPIProfileEnipAllowEmbPCCC OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Enables or disables the DPI on PCCC messages.
If DPI is required on PCCC messages that are encapsulated within CIP objects,
then Allow embedded PCCC must be enabled."
DEFVAL { disable }
::= { hm2DPIProfileEnipEntry 9 }
hm2DPIProfileEnipTcpReset OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Enables or disables the resetting of TCP connection.
The reset connection message shall be sent in case a packet is dropped, if TCP reset is enabled."
DEFVAL { enable }
::= { hm2DPIProfileEnipEntry 10 }
--******************************************************************************
-- Ethernet/IP Object Table
--******************************************************************************
hm2DPIObjectEnipTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2DPIObjectEnipEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The list of DPI EtherNet/IP objects and services for this enforcer"
::= { hm2DPIProfileTables 5 }
hm2DPIObjectEnipEntry OBJECT-TYPE
SYNTAX Hm2DPIObjectEnipEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"DPI EtherNet/IP object entry."
INDEX { hm2DPIProfileEnipIndex, hm2DPIObjectEnipClassId }
::= { hm2DPIObjectEnipTable 1 }
Hm2DPIObjectEnipEntry ::=
SEQUENCE {
hm2DPIObjectEnipClassId EnipClassId,
hm2DPIObjectEnipServices HmLargeDisplayString,
hm2DPIObjectEnipDescription DisplayString,
hm2DPIObjectEnipRowStatus RowStatus
}
hm2DPIObjectEnipClassId OBJECT-TYPE
SYNTAX EnipClassId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The object class ID values used in the class ID and service combination.
Values ranging from 0x00 to 0xFFFFFFFF (0 to 4294967295) are
interpreted as the Enip Class ID
Following classes are defined:
0x0000 - 0x0063 CIP Common
0x0064 - 0x00C7 Vendor Specific
0x00F0 - 0x02FF CIP Common
0x0300 - 0x04FF Vendor Specific
WARNING: The enip command, service and class codes will be combined to generate an
internal configuration file. Number of CIP objects created directly increases the
size of the configuration file, which may increase forwarding time."
::= { hm2DPIObjectEnipEntry 1 }
hm2DPIObjectEnipServices OBJECT-TYPE
SYNTAX HmLargeDisplayString ( SIZE(0..640) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The services codes are allowed as string.
A service has the syntax:
<0xval>
- Services are separated by a comma and are formated in hex (e.g. 0x00 to 0x7F).
- Services start from 0x00 and cannot be greater than 0x7F.
- Total number of hexa-decimal values can be specified upto 128.
A few of the defined service codes are listed below:
0x01 Get Attributes All
0x02 Set Attributes All
0x03 Get Attributes List
0x04 Set Attributes List
0x05 Reset
0x06 Start
0x07 Stop
0x08 Create
0x09 Delete
0x0A Multiple Service Packet
0x0D Apply Attributes
0x0E Get Attribute Single
0x10 Set Attribute Single
0x11 Find Next Object Instance
0x15 Restore
0x16 Save
0x17 Nop
0x18 Get Member
0x19 Set Member
0x1A Insert Member
0x1B Remove Member
0x1C Group Sync
0x32 - 0x4A Vendor Specific
0x4B - 0x63 Object Class Specific
WARNING: The command, service and class codes will be combined to generate an
internal configuration file. Number of CIP service codes created directly increases
the size of the configuration file, which may increase forwarding time."
DEFVAL { "" }
::= { hm2DPIObjectEnipEntry 2 }
hm2DPIObjectEnipDescription OBJECT-TYPE
SYNTAX DisplayString ( SIZE(0..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"User defined textual description related to the ENIP object class ID and services."
DEFVAL { "" }
::= { hm2DPIObjectEnipEntry 3 }
hm2DPIObjectEnipRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is a standard row status value:
- active(1): The profile is active. You cannot modify it.
- notInService(2): The profile is inactive because of user action.
You cannot inactivate the profile if an active enforcer mappings to it.
- notReady(3): The profile is inactive because of agent action.
- createAndGo(4): Create the profile with default parameters
activated.
- createAndWait(5): Create the profile inactive.
- destroy(6): Delete the profile.
You cannot delete the active profile or if an enforcer mappings to it."
::= { hm2DPIObjectEnipEntry 4 }
hm2DPIProfileDnp3Table OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2DPIProfileDnp3Entry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The list of DPI DNP3 profiles for this enforcer"
::= { hm2DPIProfileTables 6 }
hm2DPIProfileDnp3Entry OBJECT-TYPE
SYNTAX Hm2DPIProfileDnp3Entry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"DPI DNP3 profile entry."
INDEX { hm2DPIProfileDnp3Index }
::= { hm2DPIProfileDnp3Table 1 }
Hm2DPIProfileDnp3Entry ::=
SEQUENCE {
hm2DPIProfileDnp3Index Integer32,
hm2DPIProfileDnp3Description DisplayString,
hm2DPIProfileDnp3FunctionCodeList HmExtraLargeDisplayString,
hm2DPIProfileDnp3DefaultWhiteList HmExtraLargeDisplayString,
hm2DPIProfileDnp3CrcCheck TruthValue,
hm2DPIProfileDnp3SanityCheck TruthValue,
hm2DPIProfileDnp3CheckOutstationTraffic TruthValue,
hm2DPIProfileDnp3TcpReset TruthValue,
hm2DPIProfileDnp3RowStatus RowStatus
}
hm2DPIProfileDnp3Index OBJECT-TYPE
SYNTAX Integer32 ( 1..32 )
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Profile index of this DPI DNP3 profile"
::= { hm2DPIProfileDnp3Entry 1 }
hm2DPIProfileDnp3Description OBJECT-TYPE
SYNTAX DisplayString ( SIZE(0..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"User defined textual description related to this profile."
DEFVAL { "Dnp3" }
::= { hm2DPIProfileDnp3Entry 2 }
hm2DPIProfileDnp3FunctionCodeList OBJECT-TYPE
SYNTAX HmExtraLargeDisplayString ( SIZE(1..1400) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The function codes for this enforcer as string.
A function code has the syntax:
<val>
If more than one value is given for a function code, values are
separated by a , sign (comma).
Note: The user can define any number between 0-255. The code must be a number (in decimal format).
Following function codes are defined by the DNP3 standard IEEE 1815-2012:
0 confirm
1 read
2 write
3 select
4 operate
5 direct_operate
6 direct_operate_nr
7 immed_freeze
8 immed_freeze_nr
9 freeze_clear
10 freeze_clear_nr
11 freeze_at_time
12 freeze_at_time_nr
13 cold_restart
14 warm_restart
15 initialize_data
16 initialize_appl
17 start_appl
18 stop_appl
19 save_config
20 enable_unsolicited
21 disable_unsolicited
22 assign_class
23 delay_measure
24 record_current_time
25 open_file
26 close_file
27 delete_file
28 get_file_info
29 authenticate_file
30 abort_file
31 activate_config
32 authenticate_req
33 authenticate_err
129 response
130 unsolicited_response
131 authenticate_resp"
DEFVAL { "0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,
20,21,22,23,24,25,26,27,28,29,30,31,32,33,129,130,131" }
::= { hm2DPIProfileDnp3Entry 3 }
hm2DPIProfileDnp3DefaultWhiteList OBJECT-TYPE
SYNTAX HmExtraLargeDisplayString ( SIZE(1..1400) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Index of entries to be included from Default White list
of objects as per DNP3 standard IEEE 1815-2012.
Allowed formats are: (Index range <1-317>)
- keyword 'none' for excluding and 'all' for including default whitelist.
- single index ('10')
- index range with first and last index separated by hyphen
('10-15')
- comma separated list of index ('12,25,123')
- combination of the points above ('10,25-30,125,300')"
DEFVAL { "all" }
::= { hm2DPIProfileDnp3Entry 4 }
hm2DPIProfileDnp3CrcCheck OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This option makes DNP3 enforcer validate the
checksum contained in dnp3 link-layer frames.
Frames with invalid checksums will be ignored"
DEFVAL { true }
::= { hm2DPIProfileDnp3Entry 5 }
hm2DPIProfileDnp3SanityCheck OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to true for which all
sanity checks shall be done"
DEFVAL { true }
::= { hm2DPIProfileDnp3Entry 6 }
hm2DPIProfileDnp3CheckOutstationTraffic OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to true to make dnp3 enforcer check packets originating at an outstation"
DEFVAL { false }
::= { hm2DPIProfileDnp3Entry 7 }
hm2DPIProfileDnp3TcpReset OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to true if apply to packets for which a reset connection
message shall be sent on ingress and egress ports"
DEFVAL { true }
::= { hm2DPIProfileDnp3Entry 8 }
hm2DPIProfileDnp3RowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is a standard row status value:
- active(1): The profile is active. You cannot modify it.
- notInService(2): The profile is inactive because of user action.
You cannot inactivate the profile if an active enforcer mappings to it.
- notReady(3): The profile is inactive because of agent action.
- createAndGo(4): Create the profile with default parameters
activated.
- createAndWait(5): Create the profile inactive.
- destroy(6): Delete the profile.
You cannot delete the active profile or if an enforcer mappings to it."
::= { hm2DPIProfileDnp3Entry 9 }
hm2DPIProfileDnp3ObjectTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2DPIProfileDnp3ObjectEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The list of DPI DNP3 object codes"
::= { hm2DPIProfileTables 7 }
hm2DPIProfileDnp3ObjectEntry OBJECT-TYPE
SYNTAX Hm2DPIProfileDnp3ObjectEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"DPI DNP3 object code entry."
INDEX { hm2DPIProfileDnp3Index, hm2DPIProfileDnp3ObjectIndex }
::= { hm2DPIProfileDnp3ObjectTable 1 }
Hm2DPIProfileDnp3ObjectEntry ::=
SEQUENCE {
hm2DPIProfileDnp3ObjectIndex Integer32,
hm2DPIProfileDnp3ObjectType INTEGER,
hm2DPIProfileDnp3ObjectGroupno Integer32,
hm2DPIProfileDnp3ObjectVariation DisplayString,
hm2DPIProfileDnp3ObjectFunction Integer32,
hm2DPIProfileDnp3ObjectQualifier DisplayString,
hm2DPIProfileDnp3ObjectLength DisplayString,
hm2DPIProfileDnp3ObjectFuncName DisplayString,
hm2DPIProfileDnp3ObjectRowStatus RowStatus
}
hm2DPIProfileDnp3ObjectIndex OBJECT-TYPE
SYNTAX Integer32 ( 1..256 )
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"An index that (together with the DPI
index hm2DPIProfileDnp3Index) identifies the entry
in the object code list table. This index can
be choosen freely, but must be greater than 0."
::= { hm2DPIProfileDnp3ObjectEntry 1 }
hm2DPIProfileDnp3ObjectType OBJECT-TYPE
SYNTAX INTEGER {
request(1),
response(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Set the object type for DNP3 object code list."
::= { hm2DPIProfileDnp3ObjectEntry 2 }
hm2DPIProfileDnp3ObjectGroupno OBJECT-TYPE
SYNTAX Integer32 ( 0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Group number for object code list."
::= { hm2DPIProfileDnp3ObjectEntry 3 }
hm2DPIProfileDnp3ObjectVariation OBJECT-TYPE
SYNTAX DisplayString ( SIZE(0..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Variation number for object code list"
::= { hm2DPIProfileDnp3ObjectEntry 4 }
hm2DPIProfileDnp3ObjectFunction OBJECT-TYPE
SYNTAX Integer32 ( 0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Function code number for object code list."
::= { hm2DPIProfileDnp3ObjectEntry 5 }
hm2DPIProfileDnp3ObjectQualifier OBJECT-TYPE
SYNTAX DisplayString ( SIZE(0..255) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Qualifier codes for Object codes."
::= { hm2DPIProfileDnp3ObjectEntry 6 }
hm2DPIProfileDnp3ObjectLength OBJECT-TYPE
SYNTAX DisplayString ( SIZE(0..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Object length defined for corresponding object codes."
::= { hm2DPIProfileDnp3ObjectEntry 7 }
hm2DPIProfileDnp3ObjectFuncName OBJECT-TYPE
SYNTAX DisplayString ( SIZE(0..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Corresponding function name for function no in Object code."
::= { hm2DPIProfileDnp3ObjectEntry 8 }
hm2DPIProfileDnp3ObjectRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is a standard row status value:
- active(1): The profile is active. You cannot modify it.
- notInService(2): The profile is inactive because of user action.
You cannot inactivate the profile if an active enforcer mappings to it.
- notReady(3): The profile is inactive because of agent action.
- createAndGo(4): Create the profile with default parameters
activated.
- createAndWait(5): Create the profile inactive.
- destroy(6): Delete the profile.
You cannot delete the active profile or if an enforcer mappings to it.
The row status of this table entry. Only entries with an 'active'
row status will be considered if the dnp3 row status is set 'active'.
Independent of that dependency any value in this entry can be changed only if the row
status is not 'active'."
::= { hm2DPIProfileDnp3ObjectEntry 9 }
--******************************************************************************
-- Firewall Learning Mode
--******************************************************************************
hm2FLMObjects OBJECT IDENTIFIER ::= { hm2FwLearningMode 1 }
hm2FLMAdminState OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable or disable the Firewall Learning Mode."
DEFVAL { disable }
::= { hm2FLMObjects 1 }
hm2FLMAction OBJECT-TYPE
SYNTAX INTEGER {
none(1),
start(2),
stop(3),
continue(4),
clear(5)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Actions to control the Firewall Learning Mode."
DEFVAL { none }
::= { hm2FLMObjects 2 }
hm2FLMAppState OBJECT-TYPE
SYNTAX INTEGER {
off(1),
stopped-data-notpresent(2),
stopped-data-present(3),
learning(4),
pending(5)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"State of running FLM Application."
::= { hm2FLMObjects 3 }
hm2FLMAppInfoEnum OBJECT-TYPE
SYNTAX INTEGER {
none(1),
normal(2),
low-memory(3),
out-of-memory(4),
connection-drop(5)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Memory status of FLM Application."
::= { hm2FLMObjects 4 }
hm2FLMAppInfoString OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..80))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Special status message."
::= { hm2FLMObjects 5 }
hm2FLML3Entries OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of Layer 3 entries in the connection table."
::= { hm2FLMObjects 6 }
hm2FLMFreeMem OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Free memory(%) for learning data."
::= { hm2FLMObjects 7 }
hm2FLMMaxEntries OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of maximum interface entries that can be selected."
::= { hm2FLMObjects 8 }
hm2FLMTables OBJECT IDENTIFIER ::= { hm2FwLearningMode 2 }
hm2FLMInterfaceTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2FLMInterfaceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The list of interfaces selected for Firewall Learning Mode."
::= { hm2FLMTables 1 }
hm2FLMInterfaceEntry OBJECT-TYPE
SYNTAX Hm2FLMInterfaceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Interface selected for Firewall Learning Mode."
INDEX { hm2FLMInterfaceIndex }
::= { hm2FLMInterfaceTable 1 }
Hm2FLMInterfaceEntry ::=
SEQUENCE {
hm2FLMInterfaceIndex InterfaceIndex,
hm2FLMInterfaceRowStatus RowStatus
}
hm2FLMInterfaceIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Interface index of the entry."
::= { hm2FLMInterfaceEntry 1 }
hm2FLMInterfaceRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is a standard row status value:
- active(1): The interface is active.
- notInService(2): The interface is inactive because routing was disabled.
- notReady(3): The interface is inactive because of agent action.
- createAndGo(4): Create the interface with default parameters
activated.
- createAndWait(5): Create the interface inactive.
- destroy(6): Delete the interface."
::= { hm2FLMInterfaceEntry 2 }
--******************************************************************************
-- Intrusion Detection System
--******************************************************************************
hm2IDSObjects OBJECT IDENTIFIER ::= { hm2FwIdsGroup 1 }
hm2IDSUserName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"IDS Agent user name is an administrator privilege user from the
user database ."
::= { hm2IDSObjects 1 }
hm2IDSIsRunning OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value describes whether the IDS feature is running or not"
DEFVAL { false }
::= { hm2IDSObjects 2 }
hm2IDSAdminState OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable/Disable This value describes, whether the operator has enabled IDS feature
on the device or not"
DEFVAL { disable }
::= { hm2IDSObjects 3 }
--******************************************************************************
-- L2 General Settings Objects
--******************************************************************************
hm2L2FwGeneralSettings OBJECT IDENTIFIER ::= { hm2L2FwGroup 1 }
hm2L2MaxRules OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Maximum number of allowed rules for L2 filtering."
::= { hm2L2FwGeneralSettings 1 }
hm2L2DefaultPolicy OBJECT-TYPE
SYNTAX INTEGER {
accept(1),
drop(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The default policy for forwarding packets:
o accept(1): Packets matching this rule are accepted and will
be forwarded
o drop(2): Packets matching this rule will be silently
discarded"
DEFVAL { accept }
::= { hm2L2FwGeneralSettings 2 }
hm2L2ValidateFCS OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Activate/Deactivate the validation of FCS."
DEFVAL { true }
::={ hm2L2FwGeneralSettings 3 }
--**************************************************************
-- L2 Filter Rule
--**************************************************************
hm2L2RuleAppliedTrap NOTIFICATION-TYPE
OBJECTS { hm2L2RuleIndex }
STATUS current
DESCRIPTION
"A rule of the L2 firewall was applied. The rule is
identified by the given rule index of the rule table."
::= { hm2FwNotifications 5 }
hm2L2RuleAppliedAndLoggedTrap NOTIFICATION-TYPE
OBJECTS { hm2L2RuleIndex }
STATUS current
DESCRIPTION
"A rule of the L2 firewall was applied and logged according
the current logging mechanism. The rule is identified by the
given rule index of the rule table."
::= { hm2FwNotifications 6 }
hm2L2RuleObjects OBJECT IDENTIFIER ::= { hm2L2FwGroup 2 }
hm2L2RuleCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of current L2 rules"
::= { hm2L2RuleObjects 1 }
hm2L2IfMappingRuleCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of current L2 IF mapping entries."
::={ hm2L2RuleObjects 2 }
hm2L2RulePendingActions OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value describes, whether the L2 rule table was modified
but not yet written to the firewall implementation (set to
true). After writing all modifications to the firewall, the
value switches automatically back to false."
DEFVAL { false }
::={ hm2L2RuleObjects 3 }
hm2L2CommitPendingActions OBJECT-TYPE
SYNTAX HmActionValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this value to action(2) writes not yet committed changes
to the firewall (L2 and Interface Mapping Table). After writing
all modifications, the value switches automatically back to
noop(1)."
DEFVAL { noop }
::={ hm2L2RuleObjects 4 }
hm2L2RuleTables OBJECT IDENTIFIER ::= { hm2L2FwGroup 3 }
hm2L2RuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2L2RuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of layer 2 Filter rule instances."
::= { hm2L2RuleTables 1 }
hm2L2RuleEntry OBJECT-TYPE
SYNTAX Hm2L2RuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of layer 2 Filter classification rules."
INDEX { hm2L2RuleIndex }
::= { hm2L2RuleTable 1 }
Hm2L2RuleEntry ::= SEQUENCE {
hm2L2RuleIndex Integer32,
hm2L2RuleHitCount Counter64,
hm2L2RuleAction INTEGER,
hm2L2RuleDestMacAddr DisplayString,
hm2L2RuleSrcMacAddr DisplayString,
hm2L2RuleEtypeKey INTEGER,
hm2L2RuleEtypeValue EtypeValue,
hm2L2RuleVlanId Integer32,
hm2L2RuleDestIpAddr DisplayString,
hm2L2RuleSrcIpAddr DisplayString,
hm2L2RuleProtocol Integer32,
hm2L2RuleIpTosBits Integer32,
hm2L2RuleDestPort DisplayString,
hm2L2RuleSrcPort DisplayString,
hm2L2RuleAssignQueueId Unsigned32,
hm2L2RuleRateLimitCrate Unsigned32,
hm2L2RuleRateLimitCburst AclBurstSize,
hm2L2RuleRateLimitCrateUnit INTEGER,
hm2L2FwTrap TruthValue,
hm2L2RuleDescription DisplayString,
hm2L2RuleLog TruthValue,
hm2L2RuleStatsAction INTEGER,
hm2L2RowStatus RowStatus,
hm2L2DPIProfileIndex Integer32,
hm2L2RuleProtoName DisplayString,
hm2L2AppRuleName DisplayString
}
hm2L2RuleIndex OBJECT-TYPE
SYNTAX Integer32 (1..2048)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of this rule instance within an Filter."
::= { hm2L2RuleEntry 1 }
hm2L2RuleHitCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets that matched the L2 rule."
::= { hm2L2RuleEntry 2 }
hm2L2RuleAction OBJECT-TYPE
SYNTAX INTEGER {
accept(1),
drop(2),
enforce-modbus(4),
enforce-opc(5),
enforce-iec104(6),
enforce-ethernetip(7),
enforce-dnp3(8),
enforce-amp(9)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The action of the corresponding rule:
o accept(1): Packets matching this rule are accepted and will
be forwarded
o drop(2): Packets matching this rule will be silently discarded
o enforce-modbus(4): Packets matching this rule are enforced by
modbus enforcer and will be forwarded or discarded.
The selected protocol should be tcp or udp
o enforce-opc(5): Packets matching this rule are enforced by
opc enforcer and will be forwarded or discarded.
The selected protocol should be tcp
o enforce-iec104(6): Packets matching this rule are enforced by
IEC104 enforcer and will be forwarded or discarded.
The selected protocol should be tcp
o enforce-ethernetip(7): Packets matching this rule are enforced by
EtherNet/IP enforcer and will be forwarded or discarded.
The selected protocol should be TCP.
o enforce-dnp3(8): Packets matching this rule are enforced by
dnp3 enforcer and will be forwarded or discarded.
The selected protocol should be tcp.
o enforce-amp(9): Packets matching this rule will be forwarded or
discarded based on AMP enforcer rules.
The selected protocol must be TCP."
::= { hm2L2RuleEntry 3 }
hm2L2RuleDestMacAddr OBJECT-TYPE
SYNTAX DisplayString ( SIZE(1..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The destination MAC address used in the Filter classification
or Asset name from hm2AssetTable.
"
::= { hm2L2RuleEntry 4 }
hm2L2RuleSrcMacAddr OBJECT-TYPE
SYNTAX DisplayString ( SIZE(1..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The source MAC address used in the Filter classification
or Asset name from hm2AssetTable.
"
::= { hm2L2RuleEntry 5 }
hm2L2RuleEtypeKey OBJECT-TYPE
SYNTAX INTEGER {
custom(1),
appletalk(2),
arp(3),
ibmsna(4),
ipv4(5),
ipv6(6),
ipxold(7),
mplsmcast(8),
mplsucast(9),
netbios(10),
novell(11),
pppoedisc(12),
rarp(13),
pppoesess(14),
ipxnew(15),
profinet(16),
powerlink(17),
ethercat(18),
ieee8021q(19)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The Ethertype keyword used in the Filter classification.
A keyword of custom(1) requires that the hm2L2RuleEtypeValue
object also be set."
::= { hm2L2RuleEntry 6 }
hm2L2RuleEtypeValue OBJECT-TYPE
SYNTAX EtypeValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The Ethertype custom value used in the Filter classification.
This object is only valid if the hm2L2RuleEtypeKey is set to
custom(1). Values ranging from 0x0600 to 0xFFFF
(1536 to 65535) are interpreted as the Ethertype.
Lower values are interpreted as frame size.
A value of 0 indicates that this field is not used."
::= { hm2L2RuleEntry 7 }
hm2L2RuleVlanId OBJECT-TYPE
SYNTAX Integer32 (-1 | 1..4042)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The VLAN ID value used in the Filter classification.
The VLAN ID field is defined as the 12-bit VLAN identifier
in the 802.1Q tag header of a tagged Ethernet frame which is
contained in the first/outer tag of a double VLAN tagged frame.
-1 no VLAN or disabled"
::= { hm2L2RuleEntry 8 }
hm2L2RuleSrcIpAddr OBJECT-TYPE
SYNTAX DisplayString ( SIZE(1..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The source IP address in cidr or Asset name from hm2AssetTable."
::= { hm2L2RuleEntry 9 }
hm2L2RuleDestIpAddr OBJECT-TYPE
SYNTAX DisplayString ( SIZE(1..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The Destination IP address in cidr or Asset name from hm2AssetTable."
::= { hm2L2RuleEntry 10 }
hm2L2RuleProtocol OBJECT-TYPE
SYNTAX Integer32 {
icmp(1),
igmp(2),
ipip(3),
tcp(4),
udp(5),
esp(6),
ah(7),
icmpv6(8),
any(9)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The IP protocol (RFC 791) for protocol-independent
filtering. The following values are currently
supported:
o icmp(1): internet control message protocol (RFC 792)
o igmp(2): internet group management protocol
o ipip(3): IP in IP tunnelling (RFC 1853)
o tcp(4): transmission control protocol (RFC 793)
o udp(5): user datagram protocol (RFC 768)
o esp(6): IPsec encapsulated security payload (RFC 2406)
o ah(7): IPsec authentication header (RFC 2402)
o icmpv6(8): internet control message protocol for IPv6
o any(9): apply to all protocols"
::= { hm2L2RuleEntry 11 }
hm2L2RuleIpTosBits OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type of service (TOS) bits value."
::= { hm2L2RuleEntry 12 }
hm2L2RuleSrcPort OBJECT-TYPE
SYNTAX DisplayString ( SIZE(1..128) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The Source port number"
::= { hm2L2RuleEntry 13 }
hm2L2RuleDestPort OBJECT-TYPE
SYNTAX DisplayString ( SIZE(1..128) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The Destination port number"
::= { hm2L2RuleEntry 14 }
hm2L2RuleAssignQueueId OBJECT-TYPE
SYNTAX Unsigned32 (0..7 | 4294967295)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Queue identifier to which all inbound packets matching L2 packet filter rule.
This object defaults to the standard queue assignment for user priority 0
traffic per the IEEE 802.1D specification based on the number of assignable
queues in the system:
1-3 queues: 0
4-7 queues: 1
8 queues: 2
This default assignment is static and is not influenced by
other system configuration changes.
A value of 4294967295 indicates that this field is not used"
::= { hm2L2RuleEntry 15 }
hm2L2RuleRateLimitCrate OBJECT-TYPE
SYNTAX Unsigned32 (0..10000000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Committed rate attribute statement value, specified in kbps.
Value 0 disables this match criteria."
DEFVAL { 0 }
::= { hm2L2RuleEntry 16 }
hm2L2RuleRateLimitCburst OBJECT-TYPE
SYNTAX AclBurstSize
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Committed burst size attribute statement value, specified in kbytes.
Value 0 disables this match criteria."
DEFVAL { 0 }
::= { hm2L2RuleEntry 17 }
hm2L2RuleRateLimitCrateUnit OBJECT-TYPE
SYNTAX INTEGER {
pps(1),
kbps(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The unit of the L2RuleRateLimitCrate.
Can be either packets per second (pps)
or kilobits per second (kbps)."
DEFVAL { kbps }
::= { hm2L2RuleEntry 18 }
hm2L2FwTrap OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to true if application of this rule shall send a trap."
DEFVAL { false }
::={ hm2L2RuleEntry 19 }
hm2L2RuleDescription OBJECT-TYPE
SYNTAX DisplayString ( SIZE(0..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"User defined textual description related to this rule."
DEFVAL { "" }
::= { hm2L2RuleEntry 20 }
hm2L2RuleLog OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to true if application of this rule shall be logged"
DEFVAL { false }
::={ hm2L2RuleEntry 21 }
hm2L2RuleStatsAction OBJECT-TYPE
SYNTAX INTEGER {
other(1),
flushRuleHitCount(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Setting the object to 'flushRuleHitCount(2)' will reset hit counter statistics.
Reading the object always returns 'other'."
::= { hm2L2RuleEntry 22 }
hm2L2RowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is a standard row status value
- active(1): The rule is active. Note that until committed, the rule
will not be applied. You cannot activate the rule if an enforcer mappings to an inactive profile.
- notInService(2): The rule is inactive because of user action.
- notReady(3): The rule is inactive because of agent action.
- createAndGo(4): Create the rule with default parameters activated.
- createAndWait(5): Create the rule inactive.
- destroy(6): Delete the rule. You cannot delete a rule with
interface mappings to it."
::= { hm2L2RuleEntry 23 }
hm2L2DPIProfileIndex OBJECT-TYPE
SYNTAX Integer32 (0..32)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The index of the DPI profile, to which this rule is assigned,
depending on enforcer action.
Value 0 : This rule is not assigned to any DPI Profile.
You cannot assign the rule to an inactive profile,
if an active enforcer is mapping to it."
DEFVAL { 0 }
::= { hm2L2RuleEntry 24 }
hm2L2RuleProtoName OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Following values are supported:
- Protocol name from hm2ProtocolTable
- icmp: internet control message protocol (RFC 792)
- igmp: internet group management protocol
- ipip: IP in IP tunnelling (RFC 1853)
- tcp: transmission control protocol (RFC 793)
- udp: user datagram protocol (RFC 768)
- esp: IPsec encapsulated security payload (RFC 2406)
- ah: IPsec authentication header (RFC 2402)
- icmpv6: internet control message protocol for IPv6
- any: apply to all protocols
"
DEFVAL { "any" }
::= { hm2L2RuleEntry 25 }
hm2L2AppRuleName OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..128))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Application rule name from hm2AppRuleTable"
DEFVAL { "manual" }
::= { hm2L2RuleEntry 26 }
hm2L2RuleIfMappingTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2L2RuleIfMappingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table for mapping L2 rules to interfaces"
::={ hm2L2RuleTables 2 }
hm2L2RuleIfMappingEntry OBJECT-TYPE
SYNTAX Hm2L2RuleIfMappingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry in rule interface mapping table"
INDEX {hm2L2IfmType, hm2L2IfmInterface, hm2L2IfmDirection, hm2L2IfmRuleIndex }
::={ hm2L2RuleIfMappingTable 1 }
Hm2L2RuleIfMappingEntry ::= SEQUENCE {
hm2L2IfmType INTEGER,
hm2L2IfmInterface Integer32,
hm2L2IfmDirection INTEGER,
hm2L2IfmRuleIndex Integer32,
hm2L2IfmPriority Unsigned32,
hm2L2IfmRowStatus RowStatus
}
hm2L2IfmType OBJECT-TYPE
SYNTAX INTEGER {
port(1),
vlan(2)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Meanings:
- port(1): Apply this rule to packets arriving on non-routing physical
interface.
- vlan(2): Apply this rule to packets arriving on non-routing vlan interface."
::={ hm2L2RuleIfMappingEntry 1 }
hm2L2IfmInterface OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The interface this mapping entry is assigned to. This has to be either
an hm2AgentSwitchIpInterfaceIfIndex or an hm2AgentSwitchIpVlanIfIndex.
Note : Routing should be disabled on physical interfaces."
::={ hm2L2RuleIfMappingEntry 2 }
hm2L2IfmDirection OBJECT-TYPE
SYNTAX INTEGER {
ingress(1),
egress(2)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Meanings:
- ingress(1): Apply this rule to packets arriving on this interface
- egress(2): Apply this rule to packets leaving from this interface"
::={ hm2L2RuleIfMappingEntry 3 }
hm2L2IfmRuleIndex OBJECT-TYPE
SYNTAX Integer32 (1..2048)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of the L2 rule this mapping entry is assigned to.
The rule must exist before the mapping entry can be created."
::={ hm2L2RuleIfMappingEntry 4 }
hm2L2IfmPriority OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The priority is the sorting key for rules in to this interface. They
don't need to be unique, but no clear order can be assumed among rules
with the same priority.
Priorities are processed in ascending order (0)highest priority."
::={ hm2L2RuleIfMappingEntry 5 }
hm2L2IfmRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The RowStatus value for this entry with the usual meanings:
- active(1): The interface mapping is in place
- notInService(2): The interface mapping is not in place because the
user said so
- notReady(3): The interface mapping is not in place because the
agent said so
- createAndGo(4): Create this mapping with the default priority and
activate it.
- createAndWait(5): Create this mapping deactivated.
- destroy(6): Destroy this interface mapping."
::={ hm2L2RuleIfMappingEntry 6 }
hm2DPIProfileAmpGeneralSetting OBJECT IDENTIFIER ::= { hm2L3Fw 17 }
hm2DPIAmpDI OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"To activate/de-activate the DI (Digital Input), so that 'configuration,
program & mode protect' can be enable/disable with key-switch wired
to the DI of the DPI firewall device."
DEFVAL { enable }
::={ hm2DPIProfileAmpGeneralSetting 1 }
hm2DPIAmpProtectMode OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"To enable or disable 'configuration, program & mode protect'."
DEFVAL { enable }
::={ hm2DPIProfileAmpGeneralSetting 2 }
hm2DPIProfileAmpObjects OBJECT IDENTIFIER ::= { hm2L3Fw 18 }
hm2DPIProfileAmpPendingActions OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value describes, whether the DPI AMP profile table was modified
but not yet written to the enforcer implementation (set to
true). After writing all modifications to the enforcer, the
value switches automatically back to false."
::= { hm2DPIProfileAmpObjects 1 }
hm2DPIProfileAmpCommitPendingActions OBJECT-TYPE
SYNTAX HmActionValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this value to action(2) writes not yet committed changes
to the enforcer (DPI AMP Profile Table). After writing
all modifications, the value switches automatically back to
noop(1)."
DEFVAL { noop }
::= { hm2DPIProfileAmpObjects 2 }
hm2DPIProfileAmpTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2DPIProfileAmpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The list of DPI AMP profiles for this enforcer."
::= { hm2DPIProfileTables 8 }
hm2DPIProfileAmpEntry OBJECT-TYPE
SYNTAX Hm2DPIProfileAmpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"DPI AMP profile entry."
INDEX { hm2DPIProfileAmpIndex }
::= { hm2DPIProfileAmpTable 1 }
Hm2DPIProfileAmpEntry ::=
SEQUENCE {
hm2DPIProfileAmpIndex Integer32,
hm2DPIProfileAmpDescription DisplayString,
hm2DPIProfileAmpProtocol Integer32,
hm2DPIProfileAmpMsgType HmLargeDisplayString,
hm2DPIProfileAmpAddrClass HmLargeDisplayString,
hm2DPIProfileAmpDevClass HmLargeDisplayString,
hm2DPIProfileAmpAddress HmLargeDisplayString,
hm2DPIProfileAmpDataword HmLargeDisplayString,
hm2DPIProfileAmpTaskcode HmLargeDisplayString,
hm2DPIProfileAmpTaskcodedata HmLargeDisplayString,
hm2DPIProfileAmpProtectmode HmEnabledStatus,
hm2DPIProfileAmpEcc HmEnabledStatus,
hm2DPIProfileAmpBcc HmEnabledStatus,
hm2DPIProfileAmpDebug HmEnabledStatus,
hm2DPIProfileAmpTcpReset HmEnabledStatus,
hm2DPIProfileAmpSanityCheck HmEnabledStatus,
hm2DPIProfileAmpRowStatus RowStatus
}
hm2DPIProfileAmpIndex OBJECT-TYPE
SYNTAX Integer32 ( 1..32 )
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Profile index for the DPI AMP profile."
::= { hm2DPIProfileAmpEntry 1 }
hm2DPIProfileAmpDescription OBJECT-TYPE
SYNTAX DisplayString ( SIZE(0..32) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Textual description related to the DPI AMP profile."
DEFVAL { "amp" }
::= { hm2DPIProfileAmpEntry 2 }
hm2DPIProfileAmpProtocol OBJECT-TYPE
SYNTAX Integer32 {
camp(1),
nitp(2),
any(3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specify the AMP protocol for the DPI AMP profile.
The following values are currently supported:
o camp(1): Common ASCII Message Protocol.
o nitp(2): Non-Intelligent Terminal Protocol.
o any(3): Apply all the AMP protocols."
DEFVAL { any }
::= { hm2DPIProfileAmpEntry 3 }
hm2DPIProfileAmpMsgType OBJECT-TYPE
SYNTAX HmLargeDisplayString ( SIZE(0..764) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specify the message type for the DPI AMP profile.
This field specifies the type of data contained
in the message data area and also specifies if
the message is a command or a response.
Allowed formats are:
- comma seperated message types (02,03,FF)."
DEFVAL { "any" }
::= { hm2DPIProfileAmpEntry 4 }
hm2DPIProfileAmpAddrClass OBJECT-TYPE
SYNTAX HmLargeDisplayString ( SIZE(0..1024) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specify the particular type of the memory to be accessed.
Allowed formats are:
- keyword 'any'
- Address class range with first and last class seperated
by hyphen (0004-000A).
- Comma seperated address classes (0000,0003,FFFF).
- Combination of address class and address class
ranges (0000,0003,0004-000A).
Total number of hexa-decimal values can be specified
upto 205."
DEFVAL { "any" }
::= { hm2DPIProfileAmpEntry 5 }
hm2DPIProfileAmpDevClass OBJECT-TYPE
SYNTAX HmLargeDisplayString ( SIZE(0..1024) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specify the device class.
Allowed formats are:
- keyword 'any'
- Device class range with first and last class
seperated by hyphen (0004-000A).
- Comma seperated device classes (0000,0003,FFFF).
- Combination of device class and device class
ranges (0000,0003,0004-000A).
Total number of hexa-decimal values can be specified
upto 205."
DEFVAL { "any" }
::= { hm2DPIProfileAmpEntry 6 }
hm2DPIProfileAmpAddress OBJECT-TYPE
SYNTAX HmLargeDisplayString ( SIZE(0..1024) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specify the beginning address of the memory to be read
or written.
Allowed formats are:
- Keyword 'any'
- Memory address range with first and last address
seperated by hyphen (0004-000A).
- Comma seperated memory address (0000,0003,FFFF).
- Combination of memory address and memory address
ranges (0000,0003,0004-000A).
Total number of hexa-decimal values can be specified
upto 205."
DEFVAL { "any" }
::= { hm2DPIProfileAmpEntry 7 }
hm2DPIProfileAmpDataword OBJECT-TYPE
SYNTAX HmLargeDisplayString ( SIZE( 0..1024 ) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specify the address from which the data will be read.
It will only be used for the CAMP packets with the memory
exchange command or response.
Allowed formats are:
- Keyword 'any'
- Data word address range with first and last address seperated
by hyphen (0004-000A).
- Comma seperated data word address (0000,0003,FFFF).
- Combination of data word address and data word address
ranges (0000,0003,0004-000A).
Total number of hexa-decimal values can be specified
upto 205."
DEFVAL { "any" }
::= { hm2DPIProfileAmpEntry 8 }
hm2DPIProfileAmpTaskcode OBJECT-TYPE
SYNTAX HmLargeDisplayString ( SIZE(0..764) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specify the task code for the DPI AMP profile.
Allowed formats are:
- Comma seperated task code (00,03,FF)."
DEFVAL { "" }
::= { hm2DPIProfileAmpEntry 9 }
hm2DPIProfileAmpTaskcodedata OBJECT-TYPE
SYNTAX HmLargeDisplayString ( SIZE(0..1024) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specify the task code data for the DPI AMP profile.
Allowed formats are:
- Range with first and last task code seperated
by hyphen (0004-000A).
- Comma seprated task code data (0000,0003).
- Combination of task code data and task code data
ranges (0000,0003,0004-000A)
Total number of hexa-decimal values can be specified
upto 205."
DEFVAL { "" }
::= { hm2DPIProfileAmpEntry 10 }
hm2DPIProfileAmpProtectmode OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Forcefully enable/disable the protect mode for the
particular task code in the DPI AMP profile."
DEFVAL { enable }
::= { hm2DPIProfileAmpEntry 11 }
hm2DPIProfileAmpEcc OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Enable/disable the checking for the NITP Error Check
Characters (ECC) of the packets in the DPI AMP profile."
DEFVAL { enable }
::= { hm2DPIProfileAmpEntry 12 }
hm2DPIProfileAmpBcc OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Enable/disable the checking for the CAMP Block Check
Characters (BCC) of the AMP packets in the DPI AMP profile."
DEFVAL { enable }
::= { hm2DPIProfileAmpEntry 13 }
hm2DPIProfileAmpDebug OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Enable/disable the debugging in the DPI AMP profile.
If it is enabled then the reset connection message will
contain the debug information."
DEFVAL { disable }
::= { hm2DPIProfileAmpEntry 14 }
hm2DPIProfileAmpTcpReset OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Enable/disable the reseting of the TCP connection.
If it is enabled then the TCP reset connection message will
be sent in case a packet is dropped"
DEFVAL { enable }
::= { hm2DPIProfileAmpEntry 15 }
hm2DPIProfileAmpSanityCheck OBJECT-TYPE
SYNTAX HmEnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Enable/disable the sanity check including format and
specification of all the AMP packets."
DEFVAL { enable }
::= { hm2DPIProfileAmpEntry 16 }
hm2DPIProfileAmpRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is a standard row status value:
- active(1): The profile is active. You cannot modify it.
- notInService(2): The profile is inactive because of user action.
You cannot inactivate the profile if an active enforcer mappings to it.
- notReady(3): The profile is inactive because of agent action.
- createAndGo(4): Create the profile with default parameters
activated.
- createAndWait(5): Create the profile inactive.
- destroy(6): Delete the profile.
You cannot delete the active profile or if an enforcer mappings to it."
::= { hm2DPIProfileAmpEntry 17 }
hm2DPIAmpTaskCodeTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2DPIAmpTaskCodeEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The list of task code table."
::={ hm2DPIProfileTables 9 }
hm2DPIAmpTaskCodeEntry OBJECT-TYPE
SYNTAX Hm2DPIAmpTaskCodeEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Task code table entry."
INDEX { IMPLIED hm2DPIAmpTaskCode }
::={ hm2DPIAmpTaskCodeTable 1 }
Hm2DPIAmpTaskCodeEntry ::= SEQUENCE {
hm2DPIAmpTaskCode DisplayString,
hm2DPIAmpTaskCodeDescription DisplayString,
hm2DPIAmpTaskCodeType INTEGER,
hm2DPIAmpTaskCodeMode INTEGER,
hm2DPIAmpTaskCodeStatus RowStatus
}
hm2DPIAmpTaskCode OBJECT-TYPE
SYNTAX DisplayString ( SIZE(1..2) )
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Task code value for the new custom task codes
The value can be between 00 to FF."
DEFVAL { "" }
::= { hm2DPIAmpTaskCodeEntry 1 }
hm2DPIAmpTaskCodeDescription OBJECT-TYPE
SYNTAX DisplayString ( SIZE(0..64) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Description related to the task code."
DEFVAL { "" }
::= { hm2DPIAmpTaskCodeEntry 2 }
hm2DPIAmpTaskCodeType OBJECT-TYPE
SYNTAX INTEGER {
default(1),
custom(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specify the type of task code in the task code table if it is
default(i.e. default) or user defined(i.e. custom)."
::= { hm2DPIAmpTaskCodeEntry 3 }
hm2DPIAmpTaskCodeMode OBJECT-TYPE
SYNTAX INTEGER {
config(1),
non-config(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specify the mode of the task code if it is config or
nonconfig."
DEFVAL { config }
::= { hm2DPIAmpTaskCodeEntry 4 }
hm2DPIAmpTaskCodeStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is a standard row status value:
- active(1): The profile is active. You cannot modify it.
- notInService(2): The profile is inactive because of user action.
You cannot inactivate the profile if an active enforcer mappings to it.
- notReady(3): The profile is inactive because of agent action.
- createAndGo(4): Create the profile with default parameters
activated.
- createAndWait(5): Create the profile inactive.
- destroy(6): Delete the profile.
You cannot delete the active profile or if an enforcer mappings to it."
::= { hm2DPIAmpTaskCodeEntry 5 }
--******************************************************************************
-- hm2FwAssetMgmtGroup: Asset table
--******************************************************************************
hm2AssetTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2AssetEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A list of the Assets representing real world devices/systems"
::= { hm2FwAssetMgmtGroup 1 }
hm2AssetEntry OBJECT-TYPE
SYNTAX Hm2AssetEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Asset Entries"
INDEX { hm2AssetIndex }
::= { hm2AssetTable 1 }
Hm2AssetEntry ::=
SEQUENCE {
hm2AssetIndex Integer32,
hm2AssetName DisplayString,
hm2AssetDescription DisplayString,
hm2AssetType INTEGER,
hm2AssetManufacturer DisplayString,
hm2AssetModel DisplayString,
hm2AssetGeneralLocation DisplayString,
hm2AssetSpecificLocation DisplayString,
hm2AssetTag DisplayString,
hm2AssetIpAddress DisplayString,
hm2AssetMacAddress DisplayString,
hm2AssetStatus RowStatus
}
hm2AssetIndex OBJECT-TYPE
SYNTAX Integer32 (1..50)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Index number of this Asset table"
::= { hm2AssetEntry 1 }
hm2AssetName OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Descriptive name for the Asset"
DEFVAL { "New Asset" }
::= { hm2AssetEntry 2 }
hm2AssetDescription OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..128))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Logical description of the function of Asset"
DEFVAL { "" }
::= { hm2AssetEntry 3 }
hm2AssetType OBJECT-TYPE
SYNTAX INTEGER {
computer(1),
controller(2),
device(3),
network(4),
network-equipment(5),
broadcast(6),
multicast(7)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies type of the Asset"
DEFVAL { computer }
::= { hm2AssetEntry 4 }
hm2AssetManufacturer OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..128))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Make or company that manufacturerd the Asset"
DEFVAL { "" }
::= { hm2AssetEntry 5 }
hm2AssetModel OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..128))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Model version of the Asset"
DEFVAL { "" }
::= { hm2AssetEntry 6 }
hm2AssetGeneralLocation OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..128))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"General location of the Asset"
DEFVAL { "" }
::= { hm2AssetEntry 7 }
hm2AssetSpecificLocation OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..128))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specific location of the Asset"
DEFVAL { "" }
::= { hm2AssetEntry 8 }
hm2AssetTag OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..128))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"User defined field for corporate asset tags"
DEFVAL { "" }
::= { hm2AssetEntry 9 }
hm2AssetIpAddress OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..20))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The IP address associated to the Asset, allowed formats are:
- keyword 'any'
- single address ('10.0.0.1')
- CIDR address range ('10.0.0.0/8')
- a prepending '!' selects the complement set
"
DEFVAL { "any" }
::= { hm2AssetEntry 10 }
hm2AssetMacAddress OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..20))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Physical address associated with the Asset"
DEFVAL { "any" }
::= { hm2AssetEntry 11 }
hm2AssetStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"active(1) - This template is active.
notInService(2) - Row has been suspended.
notReady(3) - Row has incomplete values.
createAndGo(4) - Accept row values and activate.
createAndWait(5) - Accept row values and wait.
destroy(6) - Set to this value to remove this template."
::= { hm2AssetEntry 12 }
--******************************************************************************
-- Application rules
--******************************************************************************
hm2AppRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2AppRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Application rules"
::= { hm2FwAssetMgmtGroup 2 }
hm2AppRuleEntry OBJECT-TYPE
SYNTAX Hm2AppRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Application rule entry"
INDEX { hm2AppRuleIndex }
::= { hm2AppRuleTable 1 }
Hm2AppRuleEntry ::=
SEQUENCE {
hm2AppRuleIndex Integer32,
hm2AppRuleName DisplayString,
hm2AppRuleProtocol DisplayString,
hm2AppRulePort DisplayString,
hm2AppRuleDirection INTEGER,
hm2AppRuleIsDefault TruthValue,
hm2AppRuleStatus RowStatus
}
hm2AppRuleIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Index number of the Application rule"
::= { hm2AppRuleEntry 1 }
hm2AppRuleName OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..128))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Logical description of the Application rule"
DEFVAL { "New Rule" }
::= { hm2AppRuleEntry 2 }
hm2AppRuleProtocol OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Following values are supported:
- Protocol name from hm2ProtocolTable
- icmp: internet control message protocol (RFC 792)
- igmp: internet group management protocol
- ipip: IP in IP tunnelling (RFC 1853)
- tcp: transmission control protocol (RFC 793)
- udp: user datagram protocol (RFC 768)
- esp: IPsec encapsulated security payload (RFC 2406)
- ah: IPsec authentication header (RFC 2402)
- icmpv6: internet control message protocol for IPv6
- any: apply to all protocols
"
DEFVAL { "any" }
::= { hm2AppRuleEntry 3 }
hm2AppRulePort OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..128))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The ports used by the selected protocol. Allowed formats are:
- keyword 'any'
- single port ('10')
- port range with first and last port separated by hyphen
('10-15')
- comma separated list of ports ('1235,25,123')
- combination of the points above ('10,25-30,125,1993')
"
DEFVAL { "any" }
::= { hm2AppRuleEntry 4 }
hm2AppRuleDirection OBJECT-TYPE
SYNTAX INTEGER {
ingress(1),
egress(2),
both(3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"- ingress(1): Apply this rule to packets arriving on this interface
- egress(2): Apply this rule to packets leaving from this interface
- both(3): Apply this rule to packets coming in and going out on this
interface."
DEFVAL { ingress }
::= { hm2AppRuleEntry 5 }
hm2AppRuleIsDefault OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set to true if this is a factory initialized rule"
DEFVAL { false }
::={ hm2AppRuleEntry 6 }
hm2AppRuleStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is a standard row status value:
- active(1): The rule is active. Note that until committed, the rule
will not be applied. You cannot activate the rule
if an enforcer mappings to an inactive profile.
- notInService(2): The rule is inactive because of user action.
- notReady(3): The rule is inactive because of agent action.
- createAndGo(4): Create the rule with default parameters
activated.
- createAndWait(5): Create the rule inactive.
- destroy(6): Delete the rule. You cannot delete a rule with
interface mappings to it."
::= { hm2AppRuleEntry 7 }
--******************************************************************************
-- Protocol table
--******************************************************************************
hm2ProtocolTable OBJECT-TYPE
SYNTAX SEQUENCE OF Hm2ProtocolEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A list of user defined Protocols for Packet Filter rules"
::= { hm2FwAssetMgmtGroup 3 }
hm2ProtocolEntry OBJECT-TYPE
SYNTAX Hm2ProtocolEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Protocol table entries"
INDEX { hm2ProtocolIndex }
::= { hm2ProtocolTable 1 }
Hm2ProtocolEntry ::=
SEQUENCE {
hm2ProtocolIndex Integer32,
hm2ProtocolName DisplayString,
hm2ProtocolDescription DisplayString,
hm2ProtocolType INTEGER,
hm2ProtocolEtypeKey INTEGER,
hm2ProtocolEtherType EtypeValue,
hm2ProtocolIPProtoNumber Integer32,
hm2ProtocolPort DisplayString,
hm2ProtocolStatus RowStatus
}
hm2ProtocolIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Index number of the Protocol entry"
::= { hm2ProtocolEntry 1 }
hm2ProtocolName OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The descriptive name for this protocol"
DEFVAL { "New Protocol" }
::= { hm2ProtocolEntry 2 }
hm2ProtocolDescription OBJECT-TYPE
SYNTAX DisplayString ( SIZE(0..128) )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"User defined textual description related to this protocol"
DEFVAL { "" }
::= { hm2ProtocolEntry 3 }
hm2ProtocolType OBJECT-TYPE
SYNTAX INTEGER {
any(1),
ethernet(2),
ip(3),
tcp(4),
udp(5),
tcp-udp(6)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specify the type used in the protocol"
DEFVAL { any }
::= { hm2ProtocolEntry 4 }
hm2ProtocolEtypeKey OBJECT-TYPE
SYNTAX INTEGER {
custom(1),
appletalk(2),
arp(3),
ibmsna(4),
ipv4(5),
ipv6(6),
ipxold(7),
mplsmcast(8),
mplsucast(9),
netbios(10),
novell(11),
pppoedisc(12),
rarp(13),
pppoesess(14),
ipxnew(15),
profinet(16),
powerlink(17),
ethercat(18),
ieee8021q(19)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The Ethertype keyword to be used in the L2 filter.
A keyword of custom(1) requires that the hm2ProtocolEtherType
object also be set."
DEFVAL { custom }
::= { hm2ProtocolEntry 5 }
hm2ProtocolEtherType OBJECT-TYPE
SYNTAX EtypeValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The Ethertype custom value to be used in the L2 filter.
This object is only valid if the hm2ProtocolEtypeKey is set to
custom(1). Values ranging from 0x0600 to 0xFFFF
(1536 to 65535) are interpreted as the Ethertype.
Lower values are interpreted as frame size.
A value of 0 indicates that this field is not used."
DEFVAL { 0 }
::= { hm2ProtocolEntry 6 }
hm2ProtocolIPProtoNumber OBJECT-TYPE
SYNTAX Integer32 (-1|0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"IP Protocol number for user defined protocols
- (-1) represents that no ip protocol is selected"
DEFVAL { -1 }
::= { hm2ProtocolEntry 7 }
hm2ProtocolPort OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..128))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The ports used by this protocol. Allowed formats are:
- keyword 'any'
- single port ('10')
- port range with first and last port separated by hyphen
('10-15')
- comma separated list of ports ('1235,25,123')
- combination of the points above ('10,25-30,125,1993')
"
DEFVAL { "any" }
::= { hm2ProtocolEntry 8 }
hm2ProtocolStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"active(1) - This template is active.
notInService(2) - Row has been suspended.
notReady(3) - Row has incomplete values.
createAndGo(4) - Accept row values and activate.
createAndWait(5) - Accept row values and wait.
destroy(6) - Set to this value to remove this template."
::= { hm2ProtocolEntry 9 }
--******************************************************************************
-- Compliance statements
--******************************************************************************
hm2FwCompliances OBJECT IDENTIFIER ::= { hm2FwConformance 1 }
hm2FwGroups OBJECT IDENTIFIER ::= { hm2FwConformance 2 }
hm2FwCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for an SNMP entity which
implements the Hirschmann firewall MIB."
MODULE -- this module
MANDATORY-GROUPS { hm2FwGeneralGroup, hm2FwNotificationsGroup }
::= { hm2FwCompliances 1 }
hm2FwGeneralGroup OBJECT-GROUP
OBJECTS {
hm2DynFwMaxRules,
hm2L3MaxRules,
hm2ResetStatistics,
hm2FlushTables,
hm2DefaultPolicy,
hm2DynFwRuleCount,
hm2DynFwIfMappingRuleCount,
hm2DynFwRulePendingActions,
hm2DynFwCommitPendingActions,
hm2DynFwRuleIndex,
hm2DynFwSourceAddress,
hm2DynFwSourcePort,
hm2DynFwTargetAddress,
hm2DynFwTargetPort,
hm2DynFwProto,
hm2DynFwRuleParams,
hm2DynFwAction,
hm2DynFwLog,
hm2DynFwTrap,
hm2DynFwDescription,
hm2DynFwRowStatus,
hm2DynFwIfmPriority,
hm2DynFwIfmRowStatus,
hm2DynFwStatsPacketCount,
hm2DynFwStatsPacketSize,
hm2DynFwStatsLastApplied,
hm2DynFwStatsTtPck,
hm2DynFwStatsTtPckSize,
hm2DynFwStatsTtPckDenDrop,
hm2DynFwStatsTtPckAccepted,
hm2L3RuleCount,
hm2L3IfMappingRuleCount,
hm2L3RulePendingActions,
hm2L3CommitPendingActions,
hm2L3RuleIndex,
hm2L3SourceAddress,
hm2L3SourcePort,
hm2L3TargetAddress,
hm2L3TargetPort,
hm2L3Proto,
hm2L3Action,
hm2L3RuleParams,
hm2L3Log,
hm2L3Trap,
hm2L3Description,
hm2L3RowStatus,
hm2DPIProfileIndex,
hm2L3ProtoName,
hm2L3AppRuleName,
hm2L3IfmPriority,
hm2L3IfmRowStatus,
hm2L3StatsPacketCount,
hm2L3StatsPacketSize,
hm2L3StatsLastApplied,
hm2L3StatsTotalPck,
hm2L3StatsTotalPckSize,
hm2L3StatsTotalPckDenDrop,
hm2L3StatsTotalPckAccepted,
hm2DPIProfileModbusPendingActions,
hm2DPIProfileModbusCommitPendingActions,
hm2DPIProfileModbusIndex,
hm2DPIProfileModbusDescription,
hm2DPIProfileModbusFunctionType,
hm2DPIProfileModbusFunctionCodeList,
hm2DPIProfileModbusUnitIdentifierList,
hm2DPIProfileModbusSanityCheck,
hm2DPIProfileModbusException,
hm2DPIProfileModbusReset,
hm2DPIProfileModbusRowStatus,
hm2DPIProfileOpcPendingActions,
hm2DPIProfileOpcCommitPendingActions,
hm2DPIProfileOpcIndex,
hm2DPIProfileOpcDescription,
hm2DPIProfileOpcSanityCheck,
hm2DPIProfileOpcFragmentCheck,
hm2DPIProfileOpcTimeoutConnect,
hm2DPIProfileOpcRowStatus,
hm2DPIProfileIEC104PendingActions,
hm2DPIProfileIEC104CommitPendingActions,
hm2DPIProfileIEC104Index,
hm2DPIProfileIEC104Description,
hm2DPIProfileIEC104FunctionType,
hm2DPIProfileIEC104TypeIDList,
hm2DPIProfileIEC104OriginatorAddressList,
hm2DPIProfileIEC104CommonAddressList,
hm2DPIProfileIEC104SanityCheck,
hm2DPIProfileIEC104Reset,
hm2DPIProfileIEC104Debug,
hm2DPIProfileIEC104RowStatus,
hm2DPIProfileIEC104AdvancedTypeIDList,
hm2DPIProfileIEC104OriginatorAddrList,
hm2DPIProfileIEC104CauseOfTransmissionSize,
hm2DPIProfileIEC104CommonAddressSize,
hm2DPIProfileIEC104IOAddressSize,
hm2DPIProfileIEC104AllowIEC101,
hm2DPIProfileEnipPendingActions,
hm2DPIProfileEnipCommitPendingActions,
hm2DPIProfileEnipIndex,
hm2DPIProfileEnipDescription,
hm2DPIProfileEnipFunctionType,
hm2DPIProfileEnipSanityCheck,
hm2DPIProfileEnipDebug,
hm2DPIProfileEnipRowStatus,
hm2DPIProfileEnipDefaultObjectList,
hm2DPIProfileEnipWildCardServices,
hm2DPIProfileEnipAllowEmbPCCC,
hm2DPIProfileEnipTcpReset,
hm2DPIObjectEnipClassId,
hm2DPIObjectEnipServices,
hm2DPIObjectEnipDescription,
hm2DPIObjectEnipRowStatus,
hm2DPIProfileDnp3PendingActions,
hm2DPIProfileDnp3CommitPendingActions,
hm2DPIProfileDnp3Index,
hm2DPIProfileDnp3Description,
hm2DPIProfileDnp3FunctionCodeList,
hm2DPIProfileDnp3DefaultWhiteList,
hm2DPIProfileDnp3CrcCheck,
hm2DPIProfileDnp3SanityCheck,
hm2DPIProfileDnp3CheckOutstationTraffic,
hm2DPIProfileDnp3TcpReset,
hm2DPIProfileDnp3RowStatus,
hm2DPIProfileDnp3ObjectIndex,
hm2DPIProfileDnp3ObjectType,
hm2DPIProfileDnp3ObjectGroupno,
hm2DPIProfileDnp3ObjectVariation,
hm2DPIProfileDnp3ObjectFunction,
hm2DPIProfileDnp3ObjectQualifier,
hm2DPIProfileDnp3ObjectLength,
hm2DPIProfileDnp3ObjectFuncName,
hm2DPIProfileDnp3ObjectRowStatus,
hm2L2MaxRules,
hm2L2DefaultPolicy,
hm2L2ValidateFCS,
hm2L2RuleIndex,
hm2L2RuleHitCount,
hm2L2RuleAction,
hm2L2RuleDestMacAddr,
hm2L2RuleSrcMacAddr,
hm2L2RuleEtypeKey,
hm2L2RuleEtypeValue,
hm2L2RuleVlanId,
hm2L2RuleDestIpAddr,
hm2L2RuleSrcIpAddr,
hm2L2RuleProtocol,
hm2L2RuleIpTosBits,
hm2L2RuleDestPort,
hm2L2RuleSrcPort,
hm2L2RuleAssignQueueId,
hm2L2RuleRateLimitCrate,
hm2L2RuleRateLimitCburst,
hm2L2RuleRateLimitCrateUnit,
hm2L2RuleDescription,
hm2L2RuleLog,
hm2L2RuleStatsAction,
hm2L2RowStatus,
hm2L2DPIProfileIndex,
hm2L2RuleProtoName,
hm2L2AppRuleName,
hm2DPIProfileAmpIndex,
hm2DPIProfileAmpDescription,
hm2DPIProfileAmpProtocol,
hm2DPIProfileAmpMsgType,
hm2DPIProfileAmpAddrClass,
hm2DPIProfileAmpDevClass,
hm2DPIProfileAmpAddress,
hm2DPIProfileAmpDataword,
hm2DPIProfileAmpTaskcode,
hm2DPIProfileAmpTaskcodedata,
hm2DPIProfileAmpProtectmode,
hm2DPIProfileAmpEcc,
hm2DPIProfileAmpBcc,
hm2DPIProfileAmpDebug,
hm2DPIProfileAmpTcpReset,
hm2DPIProfileAmpSanityCheck,
hm2DPIProfileAmpRowStatus,
hm2AssetIndex,
hm2AssetName,
hm2AssetDescription,
hm2AssetType,
hm2AssetManufacturer,
hm2AssetModel,
hm2AssetGeneralLocation,
hm2AssetSpecificLocation,
hm2AssetTag,
hm2AssetIpAddress,
hm2AssetMacAddress,
hm2AssetStatus,
hm2AppRuleIndex,
hm2AppRuleName,
hm2AppRuleProtocol,
hm2AppRulePort,
hm2AppRuleDirection,
hm2AppRuleIsDefault,
hm2AppRuleAction,
hm2AppRuleStatus,
hm2ProtocolIndex,
hm2ProtocolName,
hm2ProtocolDescription,
hm2ProtocolType,
hm2ProtocolEtypeKey,
hm2ProtocolEtherType,
hm2ProtocolIPProtoNumber,
hm2ProtocolPort,
hm2ProtocolStatus
}
STATUS current
DESCRIPTION
"A collection of all Hirschmann objects provided by the firewall
module."
::= { hm2FwGroups 1 }
hm2FwNotificationsGroup NOTIFICATION-GROUP
NOTIFICATIONS {
hm2DynFwRuleAppliedTrap,
hm2DynFwRuleAppliedAndLoggedTrap,
hm2L3RuleAppliedTrap,
hm2L3RuleAppliedAndLoggedTrap,
hm2L2RuleAppliedTrap,
hm2L2RuleAppliedAndLoggedTrap
}
STATUS current
DESCRIPTION
"A collection of all Hirschmann notifications provided by the
firewall module."
::= { hm2FwGroups 2 }
--
-- *************************************************************
-- FW SNMP Extension Group (extended error/event handling)
-- *************************************************************
--
hm2FwSNMPExtensionDPISESGroup OBJECT IDENTIFIER ::= { hm2FwSNMPExtensionGroup 11 }
hm2FwSNMPExtensionIEC104SESGroup OBJECT IDENTIFIER ::= { hm2FwSNMPExtensionGroup 12 }
hm2FwSNMPExtensionDNP3Group OBJECT IDENTIFIER ::= { hm2FwSNMPExtensionGroup 13 }
hm2FwSNMPExtensionOPCGroup OBJECT IDENTIFIER ::= { hm2FwSNMPExtensionGroup 14 }
hm2FwSNMPExtensionModbusGroup OBJECT IDENTIFIER ::= { hm2FwSNMPExtensionGroup 15 }
hm2FwSNMPExtensionAMPGroup OBJECT IDENTIFIER ::= { hm2FwSNMPExtensionGroup 17 }
hm2FwSNMPExtensionENIPGroup OBJECT IDENTIFIER ::= { hm2FwSNMPExtensionGroup 18 }
hm2FwSNMPExtensionIPGroup OBJECT IDENTIFIER ::= { hm2FwSNMPExtensionGroup 20 }
hm2FwTemplateSNMPExtensionGroup OBJECT IDENTIFIER ::= { hm2FwSNMPExtensionGroup 21 }
-- ***********************************************************
-- hm2FwSNMPExtensionDPISESGroup
-- ***********************************************************
hm2FwSNMPExtensionDPIEntryInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DPI profile contains the index value which is out of range
or contains invalid characters."
::= { hm2FwSNMPExtensionDPISESGroup 1 }
hm2FwSNMPExtensionDPIDescriptionInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DPI profile contains the description which has invalid
value that cannot be processed."
::= { hm2FwSNMPExtensionDPISESGroup 2 }
hm2FwSNMPExtensionDPISanityCheckInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DPI profile contains an invalid value for sanity check
that cannot be processed."
::= { hm2FwSNMPExtensionDPISESGroup 3 }
hm2FwSNMPExtensionDPITCPResetInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DPI profile contains an invalid value for TCP reset that
cannot be processed."
::= { hm2FwSNMPExtensionDPISESGroup 4 }
hm2FwSNMPExtensionDPIProfileInUse OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DPI profile cannot be deleted or deactivated since it is
currently used by atleast one L3 firewall rule."
::= { hm2FwSNMPExtensionDPISESGroup 5 }
hm2FwSNMPExtensionDPIProfileActive OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DPI profile cannot be deleted since it is active."
::= { hm2FwSNMPExtensionDPISESGroup 6 }
hm2FwSNMPExtensionDPIProfileUpdateError OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DPI profile cannot be modified since it is active."
::= { hm2FwSNMPExtensionDPISESGroup 7 }
hm2FwSNMPExtensionDPIFunctionCodeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DPI entry contains an invalid value for function
code that cannot be processed."
::= { hm2FwSNMPExtensionDPISESGroup 8 }
hm2FwSNMPExtensionDPIProfileNotPresent OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DPI profile does not exist."
::= { hm2FwSNMPExtensionDPISESGroup 9 }
hm2FwSNMPExtensionDPIProfileNotActive OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DPI profile is not active."
::= { hm2FwSNMPExtensionDPISESGroup 10 }
-- ***********************************************************
-- hm2FwSNMPExtensionIEC104SESGroup
-- ***********************************************************
hm2FwSNMPExtensionIEC104FunctionTypeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the IEC104 entry contains an invalid value for function type
that cannot be processed."
::= { hm2FwSNMPExtensionIEC104SESGroup 1 }
hm2FwSNMPExtensionIEC104CommonAddListInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the IEC104 entry contains an invalid value for common address
list that cannot be processed."
::= { hm2FwSNMPExtensionIEC104SESGroup 2 }
hm2FwSNMPExtensionIEC104DebugInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the IEC104 entry contains an invalid value for debug that
cannot be processed."
::= { hm2FwSNMPExtensionIEC104SESGroup 3 }
hm2FwSNMPExtensionIEC104AdvTypeIDListInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the IEC104 entry contains an invalid value for advance type
ID list that cannot be processed."
::= { hm2FwSNMPExtensionIEC104SESGroup 4 }
hm2FwSNMPExtensionIEC104OriginAddListInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the IEC104 entry contains an invalid value for originator
address list that cannot be processed."
::= { hm2FwSNMPExtensionIEC104SESGroup 5 }
hm2FwSNMPExtensionIEC104TransSizeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the IEC104 entry contains an invalid value for cause of
transmission size that cannot be processed."
::= { hm2FwSNMPExtensionIEC104SESGroup 6 }
hm2FwSNMPExtensionIEC104CommAddrSizeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the IEC104 entry contains an invalid value for common
address size that cannot be processed."
::= { hm2FwSNMPExtensionIEC104SESGroup 7 }
hm2FwSNMPExtensionIEC104IOAddrSizeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the IEC104 entry contains an invalid value for IO address
size that cannot be processed."
::= { hm2FwSNMPExtensionIEC104SESGroup 8 }
hm2FwSNMPExtensionIEC104AllowIEC101Invalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the IEC104 entry contains an invalid value for allow
IEC_60870_5_101 that cannot be processed."
::= { hm2FwSNMPExtensionIEC104SESGroup 9 }
-- ***********************************************************
-- hm2FwSNMPExtensionDNP3Group
-- ***********************************************************
hm2FwSNMPExtensionDNP3CRCInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DNP3 entry contains an invalid value for CRC check
that cannot be processed."
::= { hm2FwSNMPExtensionDNP3Group 1 }
hm2FwSNMPExtensionDNP3DefWhiteListInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DNP3 entry contains an invalid value for default
object list that cannot be processed."
::= { hm2FwSNMPExtensionDNP3Group 2 }
hm2FwSNMPExtensionDNP3FunctionCodeListInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DNP3 entry contains an invalid value for function
code list that cannot be processed."
::= { hm2FwSNMPExtensionDNP3Group 3 }
hm2FwSNMPExtensionDNP3OutTrafficInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DNP3 entry contains an invalid value for outstation
traffic check that cannot be processed."
::= { hm2FwSNMPExtensionDNP3Group 4 }
hm2FwSNMPExtensionDNP3GroupNumInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DNP3 entry contains an invalid value for group number
that cannot be processed."
::= { hm2FwSNMPExtensionDNP3Group 5 }
hm2FwSNMPExtensionDNP3FunctionLengthInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DNP3 entry contains an invalid value for function length
that cannot be processed."
::= { hm2FwSNMPExtensionDNP3Group 6 }
hm2FwSNMPExtensionDNP3FunctionNameInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DNP3 entry contains an invalid value for function name
that cannot be processed."
::= { hm2FwSNMPExtensionDNP3Group 7 }
hm2FwSNMPExtensionDNP3ObjectCreateError OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DNP3 object list cannot be created."
::= { hm2FwSNMPExtensionDNP3Group 8 }
hm2FwSNMPExtensionDNP3ObjectIndexInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DNP3 object index contains invalid characters or is out
of range."
::= { hm2FwSNMPExtensionDNP3Group 9 }
hm2FwSNMPExtensionDNP3ObjectProfileActive OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DNP3 object list cannot be modified since the DNP3 profile
corresponding to it is active."
::= { hm2FwSNMPExtensionDNP3Group 10 }
hm2FwSNMPExtensionDNP3ObjectProfileNotExist OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the DNP3 object list cannot be modified since the DNP3 profile
does not exist."
::= { hm2FwSNMPExtensionDNP3Group 11 }
hm2FwSNMPExtensionDNP3ObjectTypeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the object type contains an invalid value that cannot be
be processed."
::= { hm2FwSNMPExtensionDNP3Group 12 }
hm2FwSNMPExtensionDNP3QualifierCodeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the qualifier code contains an invalid value that cannot be
be processed."
::= { hm2FwSNMPExtensionDNP3Group 13 }
hm2FwSNMPExtensionDNP3VariationNumInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the variation number contains an invalid value that cannot be
be processed."
::= { hm2FwSNMPExtensionDNP3Group 14 }
-- ***********************************************************
-- hm2FwSNMPExtensionOPCGroup
-- ***********************************************************
hm2FwSNMPExtensionOPCFragmentCheckInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the OPC entry contains an invalid value for fragment check
that cannot be processed."
::= { hm2FwSNMPExtensionOPCGroup 1 }
hm2FwSNMPExtensionOPCTimeoutInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the OPC entry contains an invalid value for OPC data connection
timeout that cannot be processed."
::= { hm2FwSNMPExtensionOPCGroup 2 }
-- ***********************************************************
-- hm2FwSNMPExtensionModbusGroup
-- ***********************************************************
hm2FwSNMPExtensionModbusExceptionInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the modbus entry contains an invalid value for exception response
that cannot be processed."
::= { hm2FwSNMPExtensionModbusGroup 1 }
hm2FwSNMPExtensionModbusUnitIdentifierInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the modbus entry contains an invalid value for unit identifier
that cannot be processed."
::= { hm2FwSNMPExtensionModbusGroup 2 }
hm2FwSNMPExtensionModbusStatefullCheckInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the modbus entry contains an invalid value for statefull check
that cannot be processed."
::= { hm2FwSNMPExtensionModbusGroup 3 }
-- ***********************************************************
-- hm2FwSNMPExtensionAmpGroup
-- ***********************************************************
hm2FwSNMPExtensionAMPMessageTypeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the message type contains invalid characters or has a wrong length."
::= { hm2FwSNMPExtensionAMPGroup 1 }
hm2FwSNMPExtensionAMPAddressClassInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the address class contains invalid characters or has a wrong length."
::= { hm2FwSNMPExtensionAMPGroup 2 }
hm2FwSNMPExtensionAMPDeviceClassInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the device class contains invalid characters or has a wrong length."
::= { hm2FwSNMPExtensionAMPGroup 3 }
hm2FwSNMPExtensionAMPMemoryAddressInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the memory address contains invalid characters or has a wrong length."
::= { hm2FwSNMPExtensionAMPGroup 4 }
hm2FwSNMPExtensionAMPDataWordInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the data word contains invalid characters or has a wrong length."
::= { hm2FwSNMPExtensionAMPGroup 5 }
hm2FwSNMPExtensionAMPTaskCodeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the task code contains invalid characters or has a wrong length."
::= { hm2FwSNMPExtensionAMPGroup 6 }
hm2FwSNMPExtensionAMPTaskCodeDataInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the task code data contains invalid characters or has a wrong length."
::= { hm2FwSNMPExtensionAMPGroup 7 }
hm2FwSNMPExtensionAMPProtocolInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the protocol contains an invalid value that cannot be processed."
::= { hm2FwSNMPExtensionAMPGroup 8 }
hm2FwSNMPExtensionAMPECCInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the error check characters contains an invalid value that cannot be processed."
::= { hm2FwSNMPExtensionAMPGroup 9 }
hm2FwSNMPExtensionAMPBCCInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the block check characters contains an invalid value that cannot be processed."
::= { hm2FwSNMPExtensionAMPGroup 10 }
hm2FwSNMPExtensionAMPDebugInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the debug contains an invalid value that cannot be processed."
::= { hm2FwSNMPExtensionAMPGroup 11 }
hm2FwSNMPExtensionAMPDigitalInputInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the digital input contains an invalid value that cannot be processed."
::= { hm2FwSNMPExtensionAMPGroup 12 }
hm2FwSNMPExtensionAMPProtectModeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the protect mode contains an invalid value that cannot be processed."
::= { hm2FwSNMPExtensionAMPGroup 13 }
hm2FwSNMPExtensionAMPTaskCodeModeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the task code mode contains an invalid value that cannot be processed."
::= { hm2FwSNMPExtensionAMPGroup 14 }
hm2FwSNMPExtensionAMPAddressClassRangeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the address class is exceeding the maximum permissable range i.e. 0000-FFFF."
::= { hm2FwSNMPExtensionAMPGroup 15 }
hm2FwSNMPExtensionAMPDeviceClassRangeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the device class is exceeding the maximum permissable range i.e. 0000-FFFF."
::= { hm2FwSNMPExtensionAMPGroup 16 }
hm2FwSNMPExtensionAMPMemoryAddressRangeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the memory address is exceeding the maximum permissable range i.e. 0000-FFFF."
::= { hm2FwSNMPExtensionAMPGroup 17 }
hm2FwSNMPExtensionAMPDataWordRangeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the data word is exceeding the maximum permissable range i.e. 0000-FFFF."
::= { hm2FwSNMPExtensionAMPGroup 18 }
hm2FwSNMPExtensionAMPTaskCodeRangeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the task code is exceeding the maximum permissable range i.e. 00-FF."
::= { hm2FwSNMPExtensionAMPGroup 19 }
hm2FwSNMPExtensionAMPTaskCodeDataRangeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the task code data is exceeding the maximum permissable length i.e. 72 bytes."
::= { hm2FwSNMPExtensionAMPGroup 20 }
hm2FwSNMPExtensionAMPProtocolNITPMessageTypeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the message type is not available when the protocol is NITP."
::= { hm2FwSNMPExtensionAMPGroup 21 }
hm2FwSNMPExtensionAMPProtocolNITPAddressClassInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the address class is not available when the protocol is NITP."
::= { hm2FwSNMPExtensionAMPGroup 22 }
hm2FwSNMPExtensionAMPProtocolNITPDeviceClassInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the device class is not available when the protocol is NITP."
::= { hm2FwSNMPExtensionAMPGroup 23 }
hm2FwSNMPExtensionAMPProtocolNITPMemoryAddressInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the memory address is not available when the protocol is NITP."
::= { hm2FwSNMPExtensionAMPGroup 24 }
hm2FwSNMPExtensionAMPProtocolNITPDataWordInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the data word is not available when the protocol is NITP."
::= { hm2FwSNMPExtensionAMPGroup 25 }
hm2FwSNMPExtensionAMPProtocolNITPBCCInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the block check characters is not available when the protocol is NITP."
::= { hm2FwSNMPExtensionAMPGroup 26 }
hm2FwSNMPExtensionAMPProtocolCAMPAddressClassInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the address class is not available if the protocol is CAMP and the message type includes hexadecimal values 02 and/or 03."
::= { hm2FwSNMPExtensionAMPGroup 27 }
hm2FwSNMPExtensionAMPProtocolCAMPDataWordInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the data word is not available if the protocol is CAMP and the message type includes hexadecimal values between 02..07."
::= { hm2FwSNMPExtensionAMPGroup 28 }
hm2FwSNMPExtensionAMPProtocolCAMPDeviceClassInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the device class is not available if the protocol is CAMP and the message type includes hexadecimal values between 04..09."
::= { hm2FwSNMPExtensionAMPGroup 29 }
hm2FwSNMPExtensionAMPProtocolCAMPMemoryAddressInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the memory address is not available if the protocol is CAMP and the message type includes hexadecimal values between 04..09."
::= { hm2FwSNMPExtensionAMPGroup 30 }
hm2FwSNMPExtensionAMPProtocolCAMPTaskCodeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the task code is not available if the protocol is CAMP and the message type includes hexadecimal values between 04..09."
::= { hm2FwSNMPExtensionAMPGroup 31 }
hm2FwSNMPExtensionAMPProtocolCAMPTaskCodeDataInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the task code data is not available if the protocol is CAMP and the message type includes hexadecimal values between 04..09."
::= { hm2FwSNMPExtensionAMPGroup 32 }
hm2FwSNMPExtensionAMPProtocolCAMPECCInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the error check characters is not available if the protocol is CAMP and the message type includes hexadecimal values between 04..09."
::= { hm2FwSNMPExtensionAMPGroup 33 }
hm2FwSNMPExtensionAMPProtectModeDigitalInputInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that protect mode is not available if the digital input is enabled."
::= { hm2FwSNMPExtensionAMPGroup 34 }
hm2FwSNMPExtensionAMPMessageTypeInputInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the message type contains an invalid value that cannot be processed. Allowed message types are 02,03,04,05,06,07,08,09,FF."
::= { hm2FwSNMPExtensionAMPGroup 35 }
hm2FwSNMPExtensionAMPMessageTypeBothTogetherInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the message type can have either the value 'Packed Task Code Message' or the value 'Memory Transfer Command'. Both together are not allowed."
::= { hm2FwSNMPExtensionAMPGroup 36 }
hm2FwSNMPExtensionAMPTaskCodeDataMultipleInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the task code data is only available if a single task code is configured in the AMP profile."
::= { hm2FwSNMPExtensionAMPGroup 37 }
hm2FwSNMPExtensionAMPTaskCodeConfigureInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the AMP profile cannot be configured for the AMP profile. Task code is not present in the task code table."
::= { hm2FwSNMPExtensionAMPGroup 38 }
hm2FwSNMPExtensionAMPProfileDeleteInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the profile cannot be deleted or deactivated if the profile is associated with at least one L2 firewall rule."
::= { hm2FwSNMPExtensionAMPGroup 39 }
hm2FwSNMPExtensionAMPProfileEnableInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the profile cannot be activated if not all required parameters are set."
::= { hm2FwSNMPExtensionAMPGroup 40 }
hm2FwSNMPExtensionAMPTaskCodeTableInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the task code cannot be deleted or modified if it is associated with an AMP profile."
::= { hm2FwSNMPExtensionAMPGroup 41 }
hm2FwSNMPExtensionAMPDefaultTaskCode OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the default task codes connot be deleted or modified."
::= { hm2FwSNMPExtensionAMPGroup 42 }
hm2FwSNMPExtensionAMPMessageTypeTogetherInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the message type can have either the value 'Memory Exchange Command' or the value 'Memory Exchange Message'. Both together are not allowed."
::= { hm2FwSNMPExtensionAMPGroup 43 }
-- ***********************************************************
-- hm2FwSNMPExtensionIPGroup
-- ***********************************************************
hm2FwSNMPExtensionIPQueueIDInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the packet filter rule entry contains an invalid value for assigned
queue ID that cannot be processed."
::= { hm2FwSNMPExtensionIPGroup 1 }
hm2FwSNMPExtensionIPBurstSizeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the packet filter rule entry contains an invalid value
for burst size that cannot be processed."
::= { hm2FwSNMPExtensionIPGroup 2 }
hm2FwSNMPExtensionIPDirectionInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the packet filter assignment entry contains an invalid value
for direction that cannot be processed. It can only be ingress or egress."
::= { hm2FwSNMPExtensionIPGroup 3 }
hm2FwSNMPExtensionIPEthertypeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the packet filter rule entry contains an invalid value
for ethertype that cannot be processed."
::= { hm2FwSNMPExtensionIPGroup 4 }
hm2FwSNMPExtensionIPEthertypeValueInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the packet filter rule entry contains an invalid value
for ethertype custom value that cannot be processed."
::= { hm2FwSNMPExtensionIPGroup 5 }
hm2FwSNMPExtensionIPLogInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the packet filter rule entry contains an invalid value
for log that cannot be processed."
::= { hm2FwSNMPExtensionIPGroup 6 }
hm2FwSNMPExtensionIPParameterInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the packet filter rule entry contains an invalid value
for parameters that cannot be processed."
::= { hm2FwSNMPExtensionIPGroup 7 }
hm2FwSNMPExtensionIPPriorityInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the packet filter assignment entry contains an invalid value
for priority that cannot be processed."
::= { hm2FwSNMPExtensionIPGroup 8 }
hm2FwSNMPExtensionIPProfileIndexInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the packet filter rule entry contains an invalid value
for dpi profile index that cannot be processed."
::= { hm2FwSNMPExtensionIPGroup 9 }
hm2FwSNMPExtensionIPRateLimitInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the packet filter rule entry contains an invalid value
for rate limit that cannot be processed."
::= { hm2FwSNMPExtensionIPGroup 10 }
hm2FwSNMPExtensionIPRuleInUse OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the rule cannot be deleted as it is associated with interface."
::= { hm2FwSNMPExtensionIPGroup 11 }
hm2FwSNMPExtensionIPTOSPriorityInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the packet filter rule entry contains an invalid value
for TOS priority that cannot be processed."
::= { hm2FwSNMPExtensionIPGroup 12 }
hm2FwSNMPExtensionIPProtocolInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the assigned protocol for an entry is invalid."
::= { hm2FwSNMPExtensionIPGroup 13 }
hm2FwSNMPExtensionIPTrapInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the packet filter rule entry contains an invalid value
for trap that cannot be processed."
::= { hm2FwSNMPExtensionIPGroup 14 }
hm2FwSNMPExtensionIPUnitInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the packet filter rule entry contains an invalid value
for unit that cannot be processed. It can only has value 'pps' or 'kbps'."
::= { hm2FwSNMPExtensionIPGroup 15 }
hm2FwSNMPExtensionIPUnsupportedDPIL4Protocol OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the packet filter rule {0} specifies {1} DPI with an unsupported
L4 protocol. Only {2} is allowed."
::= { hm2FwSNMPExtensionIPGroup 16 }
hm2FwSNMPExtensionIPActionInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the assigned action for an entry is invalid."
::= { hm2FwSNMPExtensionIPGroup 17 }
hm2FwSNMPExtensionIPEntryActiveErrorReturn OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the radius authentication server entry cannot be activated as
an active entry with same IP address and same UDP port already exists."
::= { hm2FwSNMPExtensionIPGroup 18 }
hm2FwSNMPExtensionIPDestPortAny OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the destination port 'any' is invalid for the selected action
in the packet filter rule."
::= { hm2FwSNMPExtensionIPGroup 19 }
hm2FwSNMPExtensionIPPortProtoInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the source port and destination port can be assigned values
between 1 to 65535 only when protocol is tcp or udp."
::= { hm2FwSNMPExtensionIPGroup 20 }
hm2FwSNMPExtensionIPAppRuleNameInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the packet filter entry contains an invalid value
for application rule name that cannot be processed."
::= { hm2FwSNMPExtensionIPGroup 21 }
-- ***********************************************************
-- hm2FwSNMPExtensionENIPGroup
-- ***********************************************************
hm2FwSNMPExtensionENIPAllowPCCCInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the Allow embedded PCCC field contains a value which is out of range
or contains invalid characters."
::= { hm2FwSNMPExtensionENIPGroup 1 }
hm2FwSNMPExtensionENIPDefObjectListInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the default object list contains a value which is out of range
or contains invalid characters."
::= { hm2FwSNMPExtensionENIPGroup 2 }
hm2FwSNMPExtensionENIPDescriptionInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that description for object contains a value which is out of range
or contains invalid characters."
::= { hm2FwSNMPExtensionENIPGroup 3 }
hm2FwSNMPExtensionENIPFunctionTypeError OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that function type is 'any' thus the wildcard service code list and
default object list cannot be added or modified."
::= { hm2FwSNMPExtensionENIPGroup 4 }
hm2FwSNMPExtensionENIPObjectClassIdInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the class ID contains a value which is out of range
or contains invalid characters."
::= { hm2FwSNMPExtensionENIPGroup 5 }
hm2FwSNMPExtensionENIPObjectCreateError OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the object cannot be created due to general error."
::= { hm2FwSNMPExtensionENIPGroup 6 }
hm2FwSNMPExtensionENIPObjectFunctionTypeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the object cannot be created since the function type is 'any'."
::= { hm2FwSNMPExtensionENIPGroup 7 }
hm2FwSNMPExtensionENIPObjectCreateProfileActiveError OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the object cannot be created when the profile is
active."
::= { hm2FwSNMPExtensionENIPGroup 8 }
hm2FwSNMPExtensionENIPObjectCreateProfileNotExistError OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the object cannot be created when the profile does
not exist."
::= { hm2FwSNMPExtensionENIPGroup 9 }
hm2FwSNMPExtensionENIPObjectModifyProfileActiveError OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the object cannot be modified when the profile is
active."
::= { hm2FwSNMPExtensionENIPGroup 10 }
hm2FwSNMPExtensionENIPObjectModifyProfileNotExistError OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the object cannot be modified when the profile does
not exist."
::= { hm2FwSNMPExtensionENIPGroup 11 }
hm2FwSNMPExtensionENIPObjectServiceCodeInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the service code list contains a value which is out of
range or contains invalid characters."
::= { hm2FwSNMPExtensionENIPGroup 12 }
hm2FwSNMPExtensionENIPProfileActive OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the default object list or wildcard service code list
cannot be modified when the profile is active."
::= { hm2FwSNMPExtensionENIPGroup 13 }
hm2FwSNMPExtensionENIPProfileNotExist OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the default object list or wildcard service code list
cannot be modified since the profile does not exist."
::= { hm2FwSNMPExtensionENIPGroup 14 }
hm2FwSNMPExtensionENIPWildcardServiceListInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the Wild card service list contains a value which is
out of range or contains invalid characters."
::= { hm2FwSNMPExtensionENIPGroup 15 }
-- ***********************************************************
-- hm2FwTemplateSNMPExtensionGroup
-- ***********************************************************
hm2FwTemplateSNMPExtAssetTagInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the asset entry conatins an invalid value for
asset tag that cannot be processed."
::= { hm2FwTemplateSNMPExtensionGroup 1 }
hm2FwTemplateSNMPExtCannotDeleteDefaultRule OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the application rule cannot be deleted as it is
designated as 'default'."
::= { hm2FwTemplateSNMPExtensionGroup 2 }
hm2FwTemplateSNMPExtGenLocInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the asset entry contains an invalid value for
general location that cannot be processed."
::= { hm2FwTemplateSNMPExtensionGroup 3 }
hm2FwTemplateSNMPExtIPProtoNumberInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the protocol entry contains IP protocol number
value which is out of range. Permissable range is -1..255."
::= { hm2FwTemplateSNMPExtensionGroup 4 }
hm2FwTemplateSNMPExtManufacturerInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the asset entry contains an invalid value for
manufacturer that cannot be processed."
::= { hm2FwTemplateSNMPExtensionGroup 5 }
hm2FwTemplateSNMPExtModelInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the asset entry contains an invalid value for
model that cannot be processed."
::= { hm2FwTemplateSNMPExtensionGroup 6 }
hm2FwTemplateSNMPExtSpecLocInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the asset entry contains an invalid value for
specific location that cannot be processed."
::= { hm2FwTemplateSNMPExtensionGroup 7 }
hm2FwTemplateSNMPExtDeleteInvalid OBJECT-IDENTITY
STATUS current
DESCRIPTION "Indicates that the entry cannot be deleted or modified beacuse
it is associated with at least one application rule or L2/L3
firewall rule."
::= { hm2FwTemplateSNMPExtensionGroup 8 }
-- ***********************************************************
END
View Git Blame Copy Permalink