7351 lines
244 KiB
Plaintext
7351 lines
244 KiB
Plaintext
-- **************************************************************************
|
|
-- * *
|
|
-- * *
|
|
-- * Hirschmann Automation and Control GmbH *
|
|
-- * *
|
|
-- * P.O. Box 1649 *
|
|
-- * D-72602 Nuertingen *
|
|
-- * Germany *
|
|
-- * *
|
|
-- * *
|
|
-- * Hirschmann Security Devices MIB Revision 2 *
|
|
-- * *
|
|
-- * Date: 08-dec-2008 *
|
|
-- * *
|
|
-- * *
|
|
-- * Dies ist die SNMP Security MIB fuer Hirschmann Eagle. *
|
|
-- * *
|
|
-- * Sollten Sie weitere Fragen haben, wenden Sie sich bitte an ihren *
|
|
-- * Hirschmann-Vertragspartner. *
|
|
-- * *
|
|
-- * Aktuelle Hirschmann-Infos zu unseren Produkten erhalten Sie ueber *
|
|
-- * unseren WWW-Server unter http://www.hirschmann-ac.com *
|
|
-- * *
|
|
-- * This is the SNMP Security MIB for the Hirschmann Eagle *
|
|
-- * *
|
|
-- * If you have any further questions please contact your *
|
|
-- * Hirschmann contractual partner. *
|
|
-- * *
|
|
-- * You can access current information about Hirschmann products *
|
|
-- * via our WWW server on http://www.hirschmann-ac.com *
|
|
-- * *
|
|
-- **************************************************************************
|
|
|
|
HMSECURITY2-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
NOTIFICATION-TYPE, OBJECT-IDENTITY, MODULE-IDENTITY, OBJECT-TYPE,
|
|
enterprises,
|
|
Integer32,
|
|
IpAddress,
|
|
Counter32,
|
|
TimeTicks FROM SNMPv2-SMI
|
|
PhysAddress,
|
|
DisplayString,
|
|
RowStatus,
|
|
MacAddress,
|
|
TEXTUAL-CONVENTION,
|
|
TestAndIncr FROM SNMPv2-TC
|
|
SnmpAdminString FROM SNMP-FRAMEWORK-MIB
|
|
SnmpTagValue,
|
|
SnmpTagList FROM SNMP-TARGET-MIB
|
|
InetPortNumber FROM INET-ADDRESS-MIB -- [RFC3291]
|
|
hmLastIpAddr FROM HMPRIV-MGMT-SNMP-MIB
|
|
hmLastLoginUserName FROM HMPRIV-MGMT-SNMP-MIB;
|
|
|
|
hmSecurity2 MODULE-IDENTITY
|
|
LAST-UPDATED "201601261200Z" -- Jan 26, 2016
|
|
ORGANIZATION "Hirschmann Automation and Control GmbH"
|
|
CONTACT-INFO
|
|
"Customer Support
|
|
Postal:
|
|
Hirschmann Automation and Control GmbH
|
|
Stuttgarter Str. 45-51
|
|
72654 Neckartenzlingen
|
|
Germany
|
|
Phone: +49 7127 - 14 -0
|
|
E-mail: hac.support@belden.com"
|
|
DESCRIPTION
|
|
"The Hirschmann Private Security MIB definitions."
|
|
|
|
REVISION "200812081200Z" -- December 08, 2008
|
|
DESCRIPTION
|
|
"Minor changes."
|
|
|
|
REVISION "200809301200Z" -- September 30, 2008
|
|
DESCRIPTION
|
|
"Minor changes."
|
|
|
|
REVISION "201005201200Z" -- May 20, 2010
|
|
DESCRIPTION
|
|
"Minor changes."
|
|
|
|
REVISION "201210021200Z" -- Oct 02, 2012
|
|
DESCRIPTION
|
|
"Published as is."
|
|
REVISION "201310221200Z" -- Oct 22, 2013
|
|
DESCRIPTION
|
|
"Published as is."
|
|
REVISION "201501231200Z" -- Jan 23, 2015
|
|
DESCRIPTION
|
|
"Published as is."
|
|
REVISION "201601261200Z" -- Jan 26, 2016
|
|
DESCRIPTION
|
|
"Published as is."
|
|
::= { hirschmann 52 }
|
|
|
|
--
|
|
-- Textual conventions for this MIB --
|
|
--
|
|
|
|
DIFwRuleActivate ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION "Digital-Input dependent Firewall rules activation"
|
|
SYNTAX INTEGER { high-active(1), low-active(2) }
|
|
|
|
|
|
--
|
|
-- hmSecurity2 / Hirschmann Security Devices MIB Revision 2 --
|
|
--
|
|
|
|
hirschmann OBJECT IDENTIFIER ::= { enterprises 248 }
|
|
|
|
hmSecurity2Objects OBJECT IDENTIFIER ::= { hmSecurity2 1 }
|
|
|
|
-- device related variables
|
|
hmSec2Device OBJECT IDENTIFIER ::= { hmSecurity2Objects 1 }
|
|
|
|
-- management agent variables
|
|
-- includes configuration storage, diagnosis and other features
|
|
hmSec2Agent OBJECT IDENTIFIER ::= { hmSecurity2Objects 2 }
|
|
|
|
-- security related variables
|
|
hmSec2Security OBJECT IDENTIFIER ::= { hmSecurity2Objects 3 }
|
|
|
|
-- firewall related variables
|
|
hmSec2Firewall OBJECT IDENTIFIER ::= { hmSecurity2Objects 11 }
|
|
|
|
-- network configuration variables
|
|
hmSec2Network OBJECT IDENTIFIER ::= { hmSecurity2Objects 12 }
|
|
|
|
-- VPN related variables
|
|
hmSec2Vpn OBJECT IDENTIFIER ::= { hmSecurity2Objects 13 }
|
|
|
|
-- redundancy related variables
|
|
hmSec2Redundancy OBJECT IDENTIFIER ::= { hmSecurity2Objects 14 }
|
|
|
|
-- NAT related variables
|
|
hmSec2Nat OBJECT IDENTIFIER ::= { hmSecurity2Objects 15 }
|
|
|
|
-- general related info variables
|
|
hmSec2Info OBJECT IDENTIFIER ::= { hmSecurity2Objects 20 }
|
|
|
|
|
|
--
|
|
-- Web Server Management Definitions --
|
|
--
|
|
hmSec2WebGroup OBJECT IDENTIFIER ::= { hmSec2Agent 3 }
|
|
|
|
hmSec2WebLoginAccessWeb OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable (1),
|
|
disable (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables/Disables Web access to the device."
|
|
DEFVAL { enable }
|
|
::= { hmSec2WebGroup 1 }
|
|
|
|
hmSec2WebLoginTimeoutWeb OBJECT-TYPE
|
|
SYNTAX INTEGER (0..120)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Timeout for Web connections in minutes."
|
|
DEFVAL { 5 }
|
|
::= { hmSec2WebGroup 2 }
|
|
|
|
hmSec2WebHttpsPortNumber OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port number of the https web server.
|
|
To activate the port number the device
|
|
has to be restarted."
|
|
DEFVAL { 443 }
|
|
::= { hmSec2WebGroup 6 }
|
|
|
|
hmSec2WebSNMPoverHTTPS OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable (1),
|
|
disable (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables/Disables Web tunneling SNMP over HTTPS."
|
|
DEFVAL { disable }
|
|
::= { hmSec2WebGroup 7 }
|
|
|
|
hmSec2WebHttpsCertFingerPrintType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
sha1(1),
|
|
sha256(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Controls HTTPS certificate fingerprint generation. If set to 'sha1' hmSec2WebHttpsCertFingerPrint
|
|
will show the SHA1 fingerprint of the certificate."
|
|
DEFVAL { sha256 }
|
|
::= { hmSec2WebGroup 8 }
|
|
|
|
hmSec2WebHttpsCertFingerPrint OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The HTTPS certificate fingerprint as hash. The type of the hash is defined with hmSec2WebHttpsCertFingerPrintType."
|
|
::= { hmSec2WebGroup 9 }
|
|
|
|
|
|
--
|
|
-- Command Line Interface Management Definitions --
|
|
--
|
|
hmSec2CliGroup OBJECT IDENTIFIER ::= { hmSec2Agent 4 }
|
|
|
|
hmSec2CliLoginPrompt OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..32))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Prompt string for the command line interface."
|
|
DEFVAL { "" }
|
|
::= { hmSec2CliGroup 1 }
|
|
|
|
|
|
|
|
hmSec2CliLoginTimeoutSerial OBJECT-TYPE
|
|
SYNTAX INTEGER (0..120)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Timeout for serial connections in minutes.
|
|
If the value is set to 0, there will be
|
|
no idle logout at all."
|
|
DEFVAL { 5 }
|
|
::= { hmSec2CliGroup 2 }
|
|
|
|
hmSec2CliLoginTimeoutSSH OBJECT-TYPE
|
|
SYNTAX INTEGER (1..120)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Timeout for SSH connections in minutes."
|
|
DEFVAL { 5 }
|
|
::= { hmSec2CliGroup 3 }
|
|
|
|
hmSec2CliLoginTimeoutTelnet OBJECT-TYPE
|
|
SYNTAX INTEGER (1..120)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Timeout for Telnet connections in minutes."
|
|
DEFVAL { 5 }
|
|
::= { hmSec2CliGroup 4 }
|
|
|
|
hmSec2CliLoginAccessSSH OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable (1),
|
|
disable (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables/Disables CLI access to the device over SSH."
|
|
DEFVAL { enable }
|
|
::= { hmSec2CliGroup 6 }
|
|
|
|
hmSec2CliLoginAccessTelnet OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable (1),
|
|
disable (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables/Disables CLI access to the device over Telnet."
|
|
DEFVAL { disable }
|
|
::= { hmSec2CliGroup 7 }
|
|
|
|
hmSec2CliLoginSshPortNumber OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port number of the ssh login server.
|
|
To activate the port number the device
|
|
has to be restarted."
|
|
DEFVAL { 22 }
|
|
::= { hmSec2CliGroup 8 }
|
|
|
|
hmSec2CliLoginFingerPrintDSA OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The local DSA fingerprint for SSH connections."
|
|
::= { hmSec2CliGroup 9 }
|
|
|
|
hmSec2CliLoginFingerPrintRSA OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The local RSA fingerprint for SSH connections."
|
|
::= { hmSec2CliGroup 10 }
|
|
|
|
hmSec2CliLoginDefaultPasswordActive OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable (1),
|
|
disable (2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This variable displays if there are currently default passwords
|
|
set for priviledged users."
|
|
::= { hmSec2CliGroup 11 }
|
|
|
|
|
|
|
|
--
|
|
-- File Management Definitions --
|
|
--
|
|
|
|
hmSec2FileManagementGroup OBJECT IDENTIFIER ::= { hmSec2Agent 5 }
|
|
|
|
hmSec2FileManagementActionGroup OBJECT IDENTIFIER ::= { hmSec2FileManagementGroup 1 }
|
|
|
|
|
|
hmSec2FMActionType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other (1),
|
|
copy (2),
|
|
clear (3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of the action to be performed."
|
|
DEFVAL { copy }
|
|
::= { hmSec2FileManagementActionGroup 1 }
|
|
|
|
|
|
hmSec2FMActionItemType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
config (1),
|
|
firmware (2),
|
|
eventlog (3),
|
|
certs (4),
|
|
sysinfo (5)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of the item to be processed."
|
|
DEFVAL { config }
|
|
::= { hmSec2FileManagementActionGroup 2 }
|
|
|
|
|
|
hmSec2FMActionSourceType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
nv (1),
|
|
aca (2),
|
|
running-config (3),
|
|
system (4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of the source object to be processed."
|
|
DEFVAL { running-config }
|
|
::= { hmSec2FileManagementActionGroup 3 }
|
|
|
|
|
|
hmSec2FMActionSourceData OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Additional Data for the source object. This could
|
|
be a profile name or URL"
|
|
DEFVAL { "" }
|
|
::= { hmSec2FileManagementActionGroup 4 }
|
|
|
|
|
|
hmSec2FMActionDestinationType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
nv (1),
|
|
aca (2),
|
|
running-config (3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of the destination object to be processed."
|
|
DEFVAL { nv }
|
|
::= { hmSec2FileManagementActionGroup 5 }
|
|
|
|
|
|
hmSec2FMActionDestinationData OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Additional Data for the source object. This could
|
|
be a profile name or URL"
|
|
DEFVAL { "" }
|
|
::= { hmSec2FileManagementActionGroup 6 }
|
|
|
|
|
|
hmSec2FMActionActivate OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other (1),
|
|
activate (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If set to activate(2), the action will be started.
|
|
When read, this variable returns always other(1)."
|
|
DEFVAL { other }
|
|
::= { hmSec2FileManagementActionGroup 7 }
|
|
|
|
|
|
hmSec2FMActionActivateResult OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ok (1),
|
|
param-error (2),
|
|
busy (3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Either returns ok(1) if the action is successfully
|
|
started or param-error(2) if there is some problem
|
|
with the given parameters or returns busy(3) if there
|
|
is still an action in progress."
|
|
DEFVAL { ok }
|
|
::= { hmSec2FileManagementActionGroup 8 }
|
|
|
|
|
|
hmSec2FMActionActivateResultText OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Text describing why the start of the operation
|
|
has failed."
|
|
::= { hmSec2FileManagementActionGroup 9 }
|
|
|
|
|
|
hmSec2FMActionStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
idle (1),
|
|
running (2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Returns the running status of the action."
|
|
::= { hmSec2FileManagementActionGroup 10 }
|
|
|
|
|
|
hmSec2FMActionPercentReady OBJECT-TYPE
|
|
SYNTAX INTEGER (0..100)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Estimation of how many percent of the operation
|
|
is done."
|
|
::= { hmSec2FileManagementActionGroup 11 }
|
|
|
|
|
|
hmSec2FMActionResult OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ok (1),
|
|
error (2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Error Status of the last action which has been performed."
|
|
::= { hmSec2FileManagementActionGroup 12 }
|
|
|
|
|
|
hmSec2FMActionResultText OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"either OK or a descriptive text giving
|
|
a reason why the last operation failed"
|
|
::= { hmSec2FileManagementActionGroup 13 }
|
|
|
|
|
|
|
|
hmSec2FileManagementProfileGroup OBJECT IDENTIFIER ::= { hmSec2FileManagementGroup 2 }
|
|
|
|
--
|
|
-- Profiles in non volative memory
|
|
--
|
|
hmSec2FMNvProfileTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2FMNvProfileEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of Profiles stored in NV memory."
|
|
::= { hmSec2FileManagementProfileGroup 1 }
|
|
|
|
hmSec2FMNvProfileEntry OBJECT-TYPE
|
|
SYNTAX HmSec2FMNvProfileEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "A profile entry."
|
|
INDEX { hmSec2FMNvProfileIndex }
|
|
::= { hmSec2FMNvProfileTable 1 }
|
|
|
|
HmSec2FMNvProfileEntry ::= SEQUENCE {
|
|
hmSec2FMNvProfileIndex INTEGER,
|
|
hmSec2FMNvProfileName DisplayString,
|
|
hmSec2FMNvProfileDateTime TimeTicks,
|
|
hmSec2FMNvProfileActive INTEGER,
|
|
hmSec2FMNvProfileAction INTEGER
|
|
}
|
|
|
|
|
|
hmSec2FMNvProfileIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (1..100)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the profile entry."
|
|
::= { hmSec2FMNvProfileEntry 1 }
|
|
|
|
|
|
hmSec2FMNvProfileName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"name of entry consisting of alphanumeric
|
|
characters plus hyphen and underscore."
|
|
::= { hmSec2FMNvProfileEntry 2 }
|
|
|
|
|
|
hmSec2FMNvProfileDateTime OBJECT-TYPE
|
|
SYNTAX TimeTicks
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Time and Date of last write access using the
|
|
content of the variable hmSystemTime."
|
|
::= { hmSec2FMNvProfileEntry 3 }
|
|
|
|
|
|
hmSec2FMNvProfileActive OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
active (1),
|
|
inactive (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting the variable to active(1) enables the profile
|
|
so that it will be used the next time the configuration
|
|
is reloaded. Setting the value to inactive(2) is not
|
|
allowed since there must be always one profile active."
|
|
::= { hmSec2FMNvProfileEntry 4 }
|
|
|
|
|
|
hmSec2FMNvProfileAction OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
other (1),
|
|
delete (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action to be performed on the profile entry. setting
|
|
the value to delete(2) erases the profile. If it was
|
|
the active profile then the first entry in the list
|
|
becomes the active entry if the list is not empty.
|
|
On reading the variable always returns other(1)."
|
|
::= { hmSec2FMNvProfileEntry 5 }
|
|
|
|
|
|
--
|
|
-- Profiles on auto configuration adapter
|
|
--
|
|
hmSec2FMAcaProfileTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2FMAcaProfileEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of Profiles stored in NV memory."
|
|
::= { hmSec2FileManagementProfileGroup 2 }
|
|
|
|
hmSec2FMAcaProfileEntry OBJECT-TYPE
|
|
SYNTAX HmSec2FMAcaProfileEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "A profile entry."
|
|
INDEX { hmSec2FMAcaProfileIndex }
|
|
::= { hmSec2FMAcaProfileTable 1 }
|
|
|
|
HmSec2FMAcaProfileEntry ::= SEQUENCE {
|
|
hmSec2FMAcaProfileIndex INTEGER,
|
|
hmSec2FMAcaProfileName DisplayString,
|
|
hmSec2FMAcaProfileDateTime TimeTicks,
|
|
hmSec2FMAcaProfileActive INTEGER,
|
|
hmSec2FMAcaProfileAction INTEGER
|
|
}
|
|
|
|
|
|
hmSec2FMAcaProfileIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (1..100)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the profile entry."
|
|
::= { hmSec2FMAcaProfileEntry 1 }
|
|
|
|
|
|
hmSec2FMAcaProfileName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"name of entry consisting of alphanumeric
|
|
characters plus hyphen and underscore."
|
|
::= { hmSec2FMAcaProfileEntry 2 }
|
|
|
|
|
|
hmSec2FMAcaProfileDateTime OBJECT-TYPE
|
|
SYNTAX TimeTicks
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Time and Date of last write access using the
|
|
content of the variable hmSystemTime."
|
|
::= { hmSec2FMAcaProfileEntry 3 }
|
|
|
|
|
|
hmSec2FMAcaProfileActive OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
active (1),
|
|
inactive (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting the variable to active(1) enables the profile
|
|
so that it will be used the next time the configuration
|
|
is reloaded. Setting the value to inactive(2) is not
|
|
allowed since there must be always one profile active."
|
|
::= { hmSec2FMAcaProfileEntry 4 }
|
|
|
|
|
|
hmSec2FMAcaProfileAction OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
other (1),
|
|
delete (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action to be performed on the profile entry. setting
|
|
the value to delete(2) erases the profile.
|
|
Reading the variable always returns other(1)."
|
|
::= { hmSec2FMAcaProfileEntry 5 }
|
|
|
|
|
|
|
|
hmSec2FileManagementStatusGroup OBJECT IDENTIFIER ::= { hmSec2FileManagementGroup 3 }
|
|
|
|
hmSec2FMNvState OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
ok (1),
|
|
out-of-sync (2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This variable returns ok(1) if the contents
|
|
of the running-config is the same as the currently,
|
|
out-of-sync(2) if there are any differences.
|
|
used configuration in NV memory."
|
|
::= { hmSec2FileManagementStatusGroup 1 }
|
|
|
|
|
|
hmSec2FMAcaState OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
ok (1),
|
|
out-of-sync (2),
|
|
absent (3),
|
|
autodisabled (4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This variable returns ok(1) if the contents
|
|
of the currently used configuration on the ACA
|
|
is the same than that stored in NV memory,
|
|
out-of-sync(2) if there are any differences.
|
|
If the value is absent(3), then the auto config
|
|
adapter is not connected.
|
|
In case of autodisabled(4) the USB port or the
|
|
auto configuration adapter has been disabled."
|
|
::= { hmSec2FileManagementStatusGroup 2 }
|
|
|
|
|
|
|
|
|
|
|
|
--
|
|
-- Logging Definitions --
|
|
--
|
|
|
|
hmSec2LoggingGroup OBJECT IDENTIFIER ::= { hmSec2Agent 10 }
|
|
hmSec2LoggingGeneral OBJECT IDENTIFIER ::= { hmSec2LoggingGroup 1 }
|
|
|
|
|
|
hmSec2SyslogServerIPAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP address of syslog server for logging.
|
|
Set this value to 0.0.0.0 to disable transmission to syslog server."
|
|
DEFVAL { '00000000'H } -- 0.0.0.0
|
|
|
|
::= { hmSec2LoggingGeneral 1 }
|
|
|
|
|
|
hmSec2SyslogServerUdpPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"UDP port used for syslog server transmission. If this value is
|
|
zero then the default port 514 is used."
|
|
DEFVAL { 514 }
|
|
|
|
::= { hmSec2LoggingGeneral 2 }
|
|
|
|
|
|
hmSec2LogPermFileSize OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Maximum persistent logfile size on ACA in Kbytes (0..4096).
|
|
If this value is zero logging is disabled."
|
|
DEFVAL { 0 }
|
|
|
|
::= { hmSec2LoggingGeneral 3 }
|
|
|
|
|
|
hmSec2LogPermFilesMax OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Maximum number of persistent logfiles on ACA (0..99).
|
|
If this value is zero logging and archiving is disabled."
|
|
DEFVAL { 0 }
|
|
|
|
::= { hmSec2LoggingGeneral 4 }
|
|
|
|
|
|
hmSec2LogPermFilesLock OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enable locking of persistent logfiles on ACA.
|
|
If it is enabled the ACA could be plugged-in/out securely."
|
|
DEFVAL { disable }
|
|
|
|
::= { hmSec2LoggingGeneral 5 }
|
|
|
|
hmSec2SyslogServer2IPAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP address of second syslog server for logging.
|
|
Set this value to 0.0.0.0 to disable transmission to syslog server."
|
|
DEFVAL { '00000000'H } -- 0.0.0.0
|
|
|
|
::= { hmSec2LoggingGeneral 6 }
|
|
|
|
|
|
hmSec2SyslogServer2UdpPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"UDP port used for second syslog server transmission. If this value is
|
|
zero then the default port 514 is used."
|
|
DEFVAL { 514 }
|
|
|
|
::= { hmSec2LoggingGeneral 7 }
|
|
|
|
|
|
|
|
|
|
--
|
|
-- Log level table
|
|
--
|
|
|
|
hmSec2LogLevelTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2LogLevelEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of log levels for various log categories"
|
|
::= { hmSec2LoggingGroup 2 }
|
|
|
|
hmSec2LogLevelEntry OBJECT-TYPE
|
|
SYNTAX HmSec2LogLevelEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2LogLevelIndex }
|
|
::= { hmSec2LogLevelTable 1 }
|
|
|
|
HmSec2LogLevelEntry ::= SEQUENCE {
|
|
hmSec2LogLevelIndex INTEGER, -- facility
|
|
hmSec2LogLevelUpto INTEGER, -- severity
|
|
hmSec2LogLevelName DisplayString, -- facility name
|
|
hmSec2LogLevelDesc DisplayString, -- facility description
|
|
hmSec2LogLevelPerm INTEGER -- facility logging
|
|
}
|
|
|
|
hmSec2LogLevelIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that uniquely identifies the entry
|
|
in the table and so the log facility."
|
|
::= { hmSec2LogLevelEntry 1 }
|
|
|
|
|
|
hmSec2LogLevelUpto OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
emergency(1),
|
|
alert(2),
|
|
critical(3),
|
|
error(4),
|
|
warning(5),
|
|
notice(6),
|
|
info(7),
|
|
debug(8)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Log level"
|
|
DEFVAL { warning }
|
|
::= { hmSec2LogLevelEntry 2 }
|
|
|
|
|
|
hmSec2LogLevelName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..15))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of log facility"
|
|
::= { hmSec2LogLevelEntry 3 }
|
|
|
|
hmSec2LogLevelDesc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..127))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Description of log facility"
|
|
::= { hmSec2LogLevelEntry 4 }
|
|
|
|
hmSec2LogLevelPerm OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enable logging to persistent logfile
|
|
on ACA for log facility"
|
|
DEFVAL { disable }
|
|
::= { hmSec2LogLevelEntry 5 }
|
|
|
|
|
|
--**************************************************************************************
|
|
-- hmSec2UserConfigGroup
|
|
--**************************************************************************************
|
|
|
|
hmSec2UserConfigGroup OBJECT IDENTIFIER ::= { hmSec2Agent 20 }
|
|
|
|
hmSec2UserConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2UserConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User Config Table.
|
|
This table provides the functionality the system uses
|
|
for any interaction started by the user - Authentication,
|
|
Encryption - changing authentication, password and access mode
|
|
for login purposes through CLI, SSH, SNMPv3 ,.
|
|
The authentication is done through a policy defined in the
|
|
hmSec2UserAuthenticationList for CLI, SSH, ... ,. For SNMPv3
|
|
the standard SNMPv3 authentication/encryption methods are used.
|
|
To create a new user set hmSec2UserStatus to 'createAndWait,
|
|
and set the corresponding objects to their values. Setting
|
|
hmSec2UserStatus to 'active' activates the user. To delete a
|
|
user set hmSec2UserStatus to 'destroy'. Creating a new user
|
|
in the hmSec2UserConfigTable also creates a new user in the
|
|
SNMPv3 tables.
|
|
All objects in this table can be set while a row is 'active'."
|
|
::= { hmSec2UserConfigGroup 1 }
|
|
|
|
hmSec2UserConfigEntry OBJECT-TYPE
|
|
SYNTAX HmSec2UserConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User Config Entry"
|
|
INDEX { IMPLIED hmSec2UserName }
|
|
::= { hmSec2UserConfigTable 1 }
|
|
|
|
HmSec2UserConfigEntry ::= SEQUENCE {
|
|
hmSec2UserName
|
|
SnmpAdminString,
|
|
hmSec2UserPassword
|
|
DisplayString,
|
|
hmSec2UserAccessMode
|
|
INTEGER,
|
|
hmSec2UserSnmpAuthenticationType
|
|
INTEGER,
|
|
hmSec2UserSnmpEncryptionType
|
|
INTEGER,
|
|
hmSec2UserAuthenticationList
|
|
SnmpTagList,
|
|
hmSec2UserStatus
|
|
RowStatus
|
|
}
|
|
|
|
hmSec2UserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(1..128))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Agent User Name."
|
|
::= { hmSec2UserConfigEntry 1 }
|
|
|
|
hmSec2UserPassword OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(4..32))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Agent User Password
|
|
This object will always return '********' even if a password is set.
|
|
The User Password can be set while the row is active."
|
|
DEFVAL { "" }
|
|
::= { hmSec2UserConfigEntry 2 }
|
|
|
|
hmSec2UserAccessMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
no-access(0),
|
|
read-access(1),
|
|
read-write-access(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Agent User Access Mode.
|
|
The User Access Mode can be set while the row is active."
|
|
DEFVAL { no-access }
|
|
::= { hmSec2UserConfigEntry 3 }
|
|
|
|
hmSec2UserSnmpAuthenticationType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(0),
|
|
hmacmd5(1),
|
|
hmacsha(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"SNMPv3 User Authentication. The user passsword must be set
|
|
to a string greater than or equal to 8 characters for this to be
|
|
set to anything but none(0).
|
|
|
|
- none(0) -> no authentication used
|
|
- hmacmd5(1) -> Use HMAC-MD5 authentication
|
|
- hmacsha(2) -> Use HMAC-SHA authentication
|
|
|
|
The User Authentication Type can be set while the row is active ."
|
|
DEFVAL { none }
|
|
::= { hmSec2UserConfigEntry 4 }
|
|
|
|
hmSec2UserSnmpEncryptionType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(0),
|
|
des(1),
|
|
aes-cfb-128(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"SNMPv3 User Encryption
|
|
Can not be set to des(2) or aes-cfb-128(3) if
|
|
hmSec2UserSnmpAuthenticationType is set to none(0).
|
|
- none(0) -> no encryption used
|
|
- des(1) -> DES encryption used
|
|
- aes-cfb-128(2) -> AES-128 encryption used
|
|
The User Encryption Type can be set while the row is active."
|
|
DEFVAL { none }
|
|
::= { hmSec2UserConfigEntry 5 }
|
|
|
|
hmSec2UserAuthenticationList OBJECT-TYPE
|
|
SYNTAX SnmpTagList (SIZE(1..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication list used for this user to authenticate
|
|
to the system.
|
|
The User Authentication List can be set while the row is active."
|
|
DEFVAL { "systemLoginDefaultList" }
|
|
::= { hmSec2UserConfigEntry 6 }
|
|
|
|
|
|
hmSec2UserStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Agent User Status.
|
|
active(1) - This user account is active.
|
|
notInService(2) - Row has been suspended.
|
|
notReady(3) - Row has incomplete values.
|
|
createAndGo(4) - Accept row values and activate.
|
|
createAndWait(5) - Accept row values and wait.
|
|
destroy(6) - Set to this value to remove this user account."
|
|
::= { hmSec2UserConfigEntry 7 }
|
|
|
|
--**************************************************************************************
|
|
-- hmSec2UserAuthListGroup
|
|
--**************************************************************************************
|
|
|
|
hmSec2UserAuthListGroup OBJECT IDENTIFIER ::= { hmSec2Agent 30 }
|
|
|
|
hmSec2UserAuthListTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2UserAuthListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The hmSec2UserAuthListTable holds up to 3 policies
|
|
a user authenticates to the system."
|
|
::= { hmSec2UserAuthListGroup 1 }
|
|
|
|
hmSec2UserAuthListEntry OBJECT-TYPE
|
|
SYNTAX HmSec2UserAuthListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The hmSec2UserAuthListEntry."
|
|
INDEX { IMPLIED hmSec2UserAuthListName }
|
|
::= { hmSec2UserAuthListTable 1 }
|
|
|
|
HmSec2UserAuthListEntry ::=
|
|
SEQUENCE {
|
|
hmSec2UserAuthListName
|
|
SnmpTagValue,
|
|
hmSec2UserAuthListPolicy1
|
|
INTEGER,
|
|
hmSec2UserAuthListPolicy2
|
|
INTEGER,
|
|
hmSec2UserAuthListPolicy3
|
|
INTEGER,
|
|
hmSec2UserAuthListStatus
|
|
RowStatus
|
|
}
|
|
|
|
hmSec2UserAuthListName OBJECT-TYPE
|
|
SYNTAX SnmpTagValue (SIZE(1..128))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Authentication List Index
|
|
Unique name used for indexing into this table."
|
|
::= { hmSec2UserAuthListEntry 1 }
|
|
|
|
hmSec2UserAuthListPolicy1 OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
local(2),
|
|
radius(3),
|
|
deny(4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Authenticion List Policy 1
|
|
Configures the first authentication policy to use when this list is
|
|
specified.
|
|
- none -> no authentication policy set
|
|
- local -> authentication is done through local user DB
|
|
- radius -> authentication is done through a RADIUS server
|
|
- deny -> no authentication is ever allowed for this user name"
|
|
::= { hmSec2UserAuthListEntry 2 }
|
|
|
|
hmSec2UserAuthListPolicy2 OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
local(2),
|
|
radius(3),
|
|
deny(4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Authenticion List Policy 2
|
|
Configures the second authentication policy to use when this list is
|
|
specified.
|
|
- none -> no authentication policy set
|
|
- local -> authentication is done through local user DB
|
|
- radius -> authentication is done through a RADIUS server
|
|
- deny -> no authentication is ever allowed for this user name"
|
|
::= { hmSec2UserAuthListEntry 3 }
|
|
|
|
hmSec2UserAuthListPolicy3 OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
local(2),
|
|
radius(3),
|
|
deny(4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Authenticion List Policy 3
|
|
Configures the third authentication policy to use when this list is
|
|
specified.
|
|
- none -> no authentication policy set
|
|
- local -> authentication is done through local user DB
|
|
- radius -> authentication is done through a RADIUS server
|
|
- deny -> no authentication is ever allowed for this user name"
|
|
::= { hmSec2UserAuthListEntry 4 }
|
|
|
|
hmSec2UserAuthListStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of the Authentication List.
|
|
active(1) - This auth list is active.
|
|
notInService(2) - Row has been suspended.
|
|
notReady(3) - Row has incomplete values.
|
|
createAndGo(4) - Accept row values and activate.
|
|
createAndWait(5) - Accept row values and wait.
|
|
destroy(6) - Set to this value to remove this auth list."
|
|
::= { hmSec2UserAuthListEntry 5 }
|
|
|
|
|
|
hmSec2UserAuthListDefault OBJECT-TYPE
|
|
SYNTAX SnmpTagValue (SIZE(0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Default System Login Authentication List
|
|
This object configures the Authentication List to be used for
|
|
non-configured users for System Login. An empty string means
|
|
this object is not configured -> non-configured users never
|
|
grant System Login access.
|
|
The list must be configured in the hmSec2UserAuthListTable before setting."
|
|
::= { hmSec2UserAuthListGroup 2 }
|
|
|
|
|
|
hmSec2UserFirewallAuthListDefault OBJECT-TYPE
|
|
SYNTAX SnmpTagValue (SIZE(0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Default User Firewall Login Authentication List
|
|
This object configures the Authentication List to be used for
|
|
non-configured users for User Firewall Login. An empty string means
|
|
this object is not configured -> non-configured users never
|
|
grant User Firewall Login access.
|
|
The list must be configured in the hmSec2UserAuthListTable before setting."
|
|
::= { hmSec2UserAuthListGroup 3 }
|
|
|
|
--**************************************************************************************
|
|
-- hmSec2UsrFwUserGroup
|
|
--**************************************************************************************
|
|
|
|
hmSec2UsrFwUserGroup OBJECT IDENTIFIER ::= { hmSec2Agent 40 }
|
|
|
|
hmSec2UsrFwUserGroupAuth OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable (1),
|
|
disable (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables/Disables Group Authentication for User Firewall users."
|
|
DEFVAL { disable }
|
|
::= { hmSec2UsrFwUserGroup 1 }
|
|
|
|
hmSec2UsrFwUserTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2UsrFwUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Firewall User Config Table.
|
|
This table provides the functionality the system uses
|
|
for Firewal Users management.
|
|
To create a new user set hmSec2UsrFwUserStatus to 'createAndWait',
|
|
and set the corresponding objects to their values.
|
|
Setting hmSec2UsrFwUserStatus to 'active' activates the user.
|
|
To delete a user set hmSec2UsrFwUserStatus to 'destroy'.
|
|
Creating a new user in the hmSec2UsrFwUserTable also
|
|
creates a new user in the SNMPv3 tables.
|
|
All objects in this table can be set while a row is 'active'."
|
|
::= { hmSec2UsrFwUserGroup 2 }
|
|
|
|
hmSec2UsrFwUserEntry OBJECT-TYPE
|
|
SYNTAX HmSec2UsrFwUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User Config Entry"
|
|
INDEX { IMPLIED hmSec2UsrFwUserName }
|
|
::= { hmSec2UsrFwUserTable 1 }
|
|
|
|
HmSec2UsrFwUserEntry ::= SEQUENCE {
|
|
hmSec2UsrFwUserName SnmpAdminString,
|
|
hmSec2UsrFwUserPassword DisplayString,
|
|
hmSec2UsrFwUserAuthList SnmpTagValue,
|
|
hmSec2UsrFwUserLoginStatus INTEGER,
|
|
hmSec2UsrFwUserLoginAddr DisplayString,
|
|
hmSec2UsrFwUserStatus RowStatus
|
|
}
|
|
|
|
hmSec2UsrFwUserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(1..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Firewall User Name."
|
|
::= { hmSec2UsrFwUserEntry 1 }
|
|
|
|
hmSec2UsrFwUserPassword OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(5..32))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Firewall User Password
|
|
This object will always return '********' even if a
|
|
password is set.
|
|
The User Password can be set while the row is active."
|
|
DEFVAL { "" }
|
|
::= { hmSec2UsrFwUserEntry 2 }
|
|
|
|
hmSec2UsrFwUserAuthList OBJECT-TYPE
|
|
SYNTAX SnmpTagValue (SIZE(1..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication list used for this user to authenticate
|
|
to the system.
|
|
The User Authentication List can be set while the row is active."
|
|
DEFVAL { "systemLoginDefaultList" }
|
|
::= { hmSec2UsrFwUserEntry 3 }
|
|
|
|
hmSec2UsrFwUserLoginStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
logout (1),
|
|
login (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Log-in status of the firewall user."
|
|
::= { hmSec2UsrFwUserEntry 4 }
|
|
|
|
hmSec2UsrFwUserLoginAddr OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address the firewall user logged in from,
|
|
or epty string if the user isn't logged in."
|
|
::= { hmSec2UsrFwUserEntry 5 }
|
|
|
|
hmSec2UsrFwUserStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Firewall User Status.
|
|
active(1) - This user account is active.
|
|
notInService(2) - Row has been suspended.
|
|
notReady(3) - Row has incomplete values.
|
|
createAndGo(4) - Accept row values and activate.
|
|
createAndWait(5) - Accept row values and wait.
|
|
destroy(6) - Set to this value to remove this user account."
|
|
::= { hmSec2UsrFwUserEntry 6 }
|
|
|
|
hmSec2UsrFwUserStateRemoval OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
remove (1),
|
|
keep (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set to remove or keep the Firewall state entries
|
|
for User Firewall users at Logout."
|
|
DEFVAL { keep }
|
|
::= { hmSec2UsrFwUserGroup 3 }
|
|
|
|
|
|
--
|
|
-- Radius client support
|
|
--
|
|
|
|
hmSec2Radius OBJECT IDENTIFIER ::= { hmSec2Security 1 }
|
|
hmSec2RadiusClient OBJECT IDENTIFIER ::= { hmSec2Radius 1 }
|
|
|
|
hmSec2RadiusMaxRetries OBJECT-TYPE
|
|
SYNTAX Integer32 (1..15)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Maximum number of retransmissions of a radius request packet"
|
|
DEFVAL { 3 }
|
|
::= { hmSec2RadiusClient 1 }
|
|
|
|
hmSec2RadiusTimeout OBJECT-TYPE
|
|
SYNTAX Integer32 (1..30)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Time out duration (in seconds) before packets are retransmitted"
|
|
DEFVAL { 3 }
|
|
::= { hmSec2RadiusClient 2 }
|
|
|
|
|
|
--
|
|
-- Radius Authentication Servers
|
|
--
|
|
|
|
hmSec2RadiusAuthServerTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2RadiusAuthServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"List of radius authentication servers.
|
|
The priority of a server depends on the position in the table,
|
|
i.e. the primary server is the first one in the table,
|
|
the secondary is the second one, etc."
|
|
::= { hmSec2RadiusClient 10 }
|
|
|
|
hmSec2RadiusAuthServerEntry OBJECT-TYPE
|
|
SYNTAX HmSec2RadiusAuthServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A radius authentication server entry."
|
|
INDEX { hmSec2RadiusAuthServerIndex }
|
|
::= { hmSec2RadiusAuthServerTable 1 }
|
|
|
|
HmSec2RadiusAuthServerEntry ::=
|
|
SEQUENCE {
|
|
hmSec2RadiusAuthServerIndex Integer32,
|
|
hmSec2RadiusAuthServerAddress IpAddress,
|
|
hmSec2RadiusAuthServerPort Integer32,
|
|
hmSec2RadiusAuthServerSecret DisplayString,
|
|
hmSec2RadiusAuthServerStatus RowStatus
|
|
}
|
|
|
|
hmSec2RadiusAuthServerIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..3)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table index."
|
|
::= { hmSec2RadiusAuthServerEntry 1 }
|
|
|
|
hmSec2RadiusAuthServerAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP address of the radius authentication server."
|
|
::= { hmSec2RadiusAuthServerEntry 2 }
|
|
|
|
hmSec2RadiusAuthServerPort OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port number of the radius authentication server."
|
|
DEFVAL { 1812 }
|
|
::= { hmSec2RadiusAuthServerEntry 3 }
|
|
|
|
hmSec2RadiusAuthServerSecret OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Shared secret for the radius authentication server."
|
|
::= { hmSec2RadiusAuthServerEntry 4 }
|
|
|
|
hmSec2RadiusAuthServerStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Row status of this entry:
|
|
active(1) - Authentication entry is active.
|
|
notInService(2) - Entry has been suspended."
|
|
::= { hmSec2RadiusAuthServerEntry 5 }
|
|
|
|
|
|
--
|
|
-- Firewall Definitions --
|
|
--
|
|
|
|
--
|
|
-- Denial of Service variables --
|
|
--
|
|
hmSec2FirewallDenialOfServiceGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 1 }
|
|
|
|
hmSec2FirewallDenialOfServiceVars OBJECT IDENTIFIER ::= { hmSec2FirewallDenialOfServiceGroup 1 }
|
|
|
|
|
|
hmSec2FwDosInSynLimit OBJECT-TYPE
|
|
SYNTAX Integer32 (1..999999)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Maximum number of new incoming TCP connections (SYN) per second."
|
|
DEFVAL { 25 }
|
|
::= { hmSec2FirewallDenialOfServiceVars 1 }
|
|
|
|
hmSec2FwDosOutSynLimit OBJECT-TYPE
|
|
SYNTAX Integer32 (1..999999)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Maximum number of new outgoing TCP connections (SYN) per second."
|
|
DEFVAL { 75 }
|
|
::= { hmSec2FirewallDenialOfServiceVars 2 }
|
|
|
|
hmSec2FwDosInPingLimit OBJECT-TYPE
|
|
SYNTAX Integer32 (1..999999)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Maximum number of incoming ping frames (ICMP Echo Request) per second."
|
|
DEFVAL { 3 }
|
|
::= { hmSec2FirewallDenialOfServiceVars 3 }
|
|
|
|
hmSec2FwDosOutPingLimit OBJECT-TYPE
|
|
SYNTAX Integer32 (1..999999)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Maximum number of outgoing ping frames (ICMP Echo Request) per second"
|
|
DEFVAL { 5 }
|
|
::= { hmSec2FirewallDenialOfServiceVars 4 }
|
|
|
|
hmSec2FwDosInArpLimit OBJECT-TYPE
|
|
SYNTAX Integer32 (1..999999)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Maximum number of incoming ARP frames per second."
|
|
DEFVAL { 500 }
|
|
::= { hmSec2FirewallDenialOfServiceVars 5 }
|
|
|
|
hmSec2FwDosOutArpLimit OBJECT-TYPE
|
|
SYNTAX Integer32 (1..999999)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Maximum number of outgoing ARP frames per second."
|
|
DEFVAL { 500 }
|
|
::= { hmSec2FirewallDenialOfServiceVars 6 }
|
|
|
|
hmSec2FwDosInSynLimitLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for incoming DOS rules."
|
|
DEFVAL { enable }
|
|
::= { hmSec2FirewallDenialOfServiceVars 7 }
|
|
|
|
hmSec2FwDosOutSynLimitLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for outgoing DOS rules."
|
|
DEFVAL { enable }
|
|
::= { hmSec2FirewallDenialOfServiceVars 8 }
|
|
|
|
hmSec2FwDosInPingLimitLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for incoming DOS rules."
|
|
DEFVAL { enable }
|
|
::= { hmSec2FirewallDenialOfServiceVars 9 }
|
|
|
|
hmSec2FwDosOutPingLimitLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for outgoing DOS rules."
|
|
DEFVAL { enable }
|
|
::= { hmSec2FirewallDenialOfServiceVars 10 }
|
|
|
|
hmSec2FwDosInArpLimitLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for incoming DOS rules."
|
|
DEFVAL { enable }
|
|
::= { hmSec2FirewallDenialOfServiceVars 11 }
|
|
|
|
hmSec2FwDosOutArpLimitLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for outgoing DOS rules."
|
|
DEFVAL { enable }
|
|
::= { hmSec2FirewallDenialOfServiceVars 12 }
|
|
|
|
--
|
|
-- MAC Rules for incoming traffic variables --
|
|
--
|
|
hmSec2FirewallL2PacketFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 2 }
|
|
hmSec2FirewallL2PfIncomingGroup OBJECT IDENTIFIER ::= { hmSec2FirewallL2PacketFilterGroup 1 }
|
|
hmSec2FirewallL2PfOutgoingGroup OBJECT IDENTIFIER ::= { hmSec2FirewallL2PacketFilterGroup 2 }
|
|
|
|
|
|
--
|
|
-- MAC Rules for incoming traffic table --
|
|
--
|
|
hmSec2FwL2PfInTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2FwL2PfInEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of MAC rules for incoming traffic."
|
|
::= { hmSec2FirewallL2PfIncomingGroup 1 }
|
|
|
|
hmSec2FwL2PfInEntry OBJECT-TYPE
|
|
SYNTAX HmSec2FwL2PfInEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2FwL2PfInIndex }
|
|
::= { hmSec2FwL2PfInTable 1 }
|
|
|
|
HmSec2FwL2PfInEntry ::= SEQUENCE {
|
|
hmSec2FwL2PfInIndex Integer32,
|
|
hmSec2FwL2PfInSrcAddr DisplayString,
|
|
hmSec2FwL2PfInDstAddr DisplayString,
|
|
hmSec2FwL2PfInProto DisplayString,
|
|
hmSec2FwL2PfInAction INTEGER,
|
|
hmSec2FwL2PfInLog INTEGER,
|
|
hmSec2FwL2PfInDesc DisplayString,
|
|
hmSec2FwL2PfInErrorText DisplayString,
|
|
hmSec2FwL2PfInRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2FwL2PfInIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that uniquely identifies the entry in the table. The
|
|
index must be choosen in ascending and compact order. It may
|
|
change if a rule (not the last in list) is deleted or a new
|
|
row is inserted."
|
|
::= { hmSec2FwL2PfInEntry 1 }
|
|
|
|
hmSec2FwL2PfInSrcAddr OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single MAC address aa:bb:cc:dd:ee:ff or address with
|
|
wildcards aa:bb:??:dd:ee:ff or the keywords 'me'
|
|
or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL2PfInEntry 2 }
|
|
|
|
hmSec2FwL2PfInDstAddr OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single MAC address aa:bb:cc:dd:ee:ff or address with
|
|
wildcards aa:bb:??:dd:ee:ff or the keywords 'me'
|
|
or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL2PfInEntry 4 }
|
|
|
|
hmSec2FwL2PfInProto OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..10))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Ethernet protocol as a hexadecimal number
|
|
in range 0000 - FFFF or the keyword 'any' for
|
|
protocol-independent filtering."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL2PfInEntry 6 }
|
|
|
|
hmSec2FwL2PfInAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
accept(1),
|
|
drop(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action to be performed if the filter rule matches"
|
|
DEFVAL { accept }
|
|
::= { hmSec2FwL2PfInEntry 7 }
|
|
|
|
hmSec2FwL2PfInLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2),
|
|
logAndTrap(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for packets matching this rule."
|
|
DEFVAL { disable }
|
|
::= { hmSec2FwL2PfInEntry 8 }
|
|
|
|
hmSec2FwL2PfInDesc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"user defined text"
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwL2PfInEntry 9 }
|
|
|
|
hmSec2FwL2PfInErrorText OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"error text"
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwL2PfInEntry 10 }
|
|
|
|
hmSec2FwL2PfInRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"the row status for the table entry"
|
|
::= { hmSec2FwL2PfInEntry 11 }
|
|
|
|
|
|
--
|
|
-- MAC Rules for outgoing traffic table --
|
|
--
|
|
hmSec2FwL2PfOutTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2FwL2PfOutEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of the MAC rules for outgoing traffic"
|
|
::= { hmSec2FirewallL2PfOutgoingGroup 1 }
|
|
|
|
hmSec2FwL2PfOutEntry OBJECT-TYPE
|
|
SYNTAX HmSec2FwL2PfOutEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2FwL2PfOutIndex }
|
|
::= { hmSec2FwL2PfOutTable 1 }
|
|
|
|
HmSec2FwL2PfOutEntry ::= SEQUENCE {
|
|
hmSec2FwL2PfOutIndex Integer32,
|
|
hmSec2FwL2PfOutSrcAddr DisplayString,
|
|
hmSec2FwL2PfOutDstAddr DisplayString,
|
|
hmSec2FwL2PfOutProto DisplayString,
|
|
hmSec2FwL2PfOutAction INTEGER,
|
|
hmSec2FwL2PfOutLog INTEGER,
|
|
hmSec2FwL2PfOutDesc DisplayString,
|
|
hmSec2FwL2PfOutErrorText DisplayString,
|
|
hmSec2FwL2PfOutRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2FwL2PfOutIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that uniquely identifies the entry in the table. The
|
|
index must be choosen in ascending and compact order. It may
|
|
change if a rule (not the last in list) is deleted or a new
|
|
row is inserted."
|
|
::= { hmSec2FwL2PfOutEntry 1 }
|
|
|
|
hmSec2FwL2PfOutSrcAddr OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address aa:bb:cc:dd:ee:ff or address with
|
|
wildcards aa:bb:??:dd:ee:ff or the keywords 'me'
|
|
or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL2PfOutEntry 2 }
|
|
|
|
hmSec2FwL2PfOutDstAddr OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address aa:bb:cc:dd:ee:ff or address with
|
|
wildcards aa:bb:??:dd:ee:ff or the keywords 'me'
|
|
or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL2PfOutEntry 4 }
|
|
|
|
hmSec2FwL2PfOutProto OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..10))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Ethernet protocol as a hexdecimal number
|
|
in range 0000 - FFFF or the keyword 'any' for
|
|
protocol-independent filtering."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL2PfOutEntry 6 }
|
|
|
|
hmSec2FwL2PfOutAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
accept(1),
|
|
drop(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action to be performed if the firewall rule matches"
|
|
DEFVAL { drop }
|
|
::= { hmSec2FwL2PfOutEntry 7 }
|
|
|
|
hmSec2FwL2PfOutLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2),
|
|
logAndTrap(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for packets matching this rule"
|
|
DEFVAL { disable }
|
|
::= { hmSec2FwL2PfOutEntry 8 }
|
|
|
|
hmSec2FwL2PfOutDesc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User defined text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwL2PfOutEntry 9 }
|
|
|
|
hmSec2FwL2PfOutErrorText OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Error text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwL2PfOutEntry 10 }
|
|
|
|
hmSec2FwL2PfOutRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status for this table entry."
|
|
::= { hmSec2FwL2PfOutEntry 11 }
|
|
|
|
|
|
|
|
|
|
|
|
--
|
|
-- IP Rules for incoming traffic variables --
|
|
--
|
|
hmSec2FirewallL3PacketFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 3 }
|
|
hmSec2FirewallL3PfIncomingGroup OBJECT IDENTIFIER ::= { hmSec2FirewallL3PacketFilterGroup 1 }
|
|
hmSec2FirewallL3PfOutgoingGroup OBJECT IDENTIFIER ::= { hmSec2FirewallL3PacketFilterGroup 2 }
|
|
|
|
|
|
--
|
|
-- IP Rules for incoming traffic table --
|
|
--
|
|
hmSec2FwL3PfInTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2FwL3PfInEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of the IP rules for incoming traffic."
|
|
::= { hmSec2FirewallL3PfIncomingGroup 1 }
|
|
|
|
hmSec2FwL3PfInEntry OBJECT-TYPE
|
|
SYNTAX HmSec2FwL3PfInEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2FwL3PfInIndex }
|
|
::= { hmSec2FwL3PfInTable 1 }
|
|
|
|
HmSec2FwL3PfInEntry ::= SEQUENCE {
|
|
hmSec2FwL3PfInIndex Integer32,
|
|
hmSec2FwL3PfInSrcNet DisplayString,
|
|
hmSec2FwL3PfInSrcPort DisplayString,
|
|
hmSec2FwL3PfInDstNet DisplayString,
|
|
hmSec2FwL3PfInDstPort DisplayString,
|
|
hmSec2FwL3PfInProto DisplayString,
|
|
hmSec2FwL3PfInAction INTEGER,
|
|
hmSec2FwL3PfInLog INTEGER,
|
|
hmSec2FwL3PfInDesc DisplayString,
|
|
hmSec2FwL3PfInErrorText DisplayString,
|
|
hmSec2FwL3PfInRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2FwL3PfInIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that uniquely identifies the entry in the table. The
|
|
index must be choosen in ascending and compact order. It may
|
|
change if a rule (not the last in list) is deleted or a new
|
|
row is inserted."
|
|
::= { hmSec2FwL3PfInEntry 1 }
|
|
|
|
hmSec2FwL3PfInSrcNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address (a.b.c.d) or address range in
|
|
CIDR notation (a.b.c.d/n) or the keywords 'me'
|
|
or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfInEntry 2 }
|
|
|
|
hmSec2FwL3PfInSrcPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port expression or the keyword 'any'. A port expressions is
|
|
structured as 'port' (default), 'op port' or 'port1 op port2',
|
|
where 'op' is a mathematical operator for:
|
|
o equal (default) =
|
|
o unequal !=
|
|
o less than <
|
|
o less than or equal <=
|
|
o greater than >
|
|
o greater than or equal to >=
|
|
o outside range <>
|
|
o inside range ><
|
|
|
|
The port must be specified as a decimal number or one of the
|
|
aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)
|
|
|
|
For ICMP only:
|
|
ICMP type and code can be specified as:
|
|
o 'type <i>'
|
|
o 'type <i> code <j>'
|
|
where <i> and <j> are decimal numbers (0..255)."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfInEntry 3 }
|
|
|
|
hmSec2FwL3PfInDstNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address (a.b.c.d) or address range in CIDR notation
|
|
(a.b.c.d/n) or the keywords 'me' or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfInEntry 4 }
|
|
|
|
hmSec2FwL3PfInDstPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port expression or the keyword 'any'. A port expressions is
|
|
structured as 'port' (default), 'op port' or 'port1 op port2',
|
|
where 'op' is a mathematical operator for:
|
|
o equal (default) =
|
|
o unequal !=
|
|
o less than <
|
|
o less than or equal <=
|
|
o greater than >
|
|
o greater than or equal to >=
|
|
o outside range <>
|
|
o inside range ><
|
|
|
|
The port must be specified as a decimal number or one of the
|
|
aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)"
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfInEntry 5 }
|
|
|
|
hmSec2FwL3PfInProto OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..10))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP protocol (RFC 791) as a decimal number (in range 1 -
|
|
255), a name or the keyword 'any' for protocol-independent
|
|
filtering. The following protocol names are currently
|
|
supported:
|
|
o 'icmp': internet control message protocol (RFC 792)
|
|
o 'igmp': internet group management protocol
|
|
o 'ipip': IP in IP tunneling (RFC 1853)
|
|
o 'tcp': transmission control protocol (RFC 793)
|
|
o 'udp': user datagram protocol (RFC 768)
|
|
o 'esp': IPsec encapsulated security payload (RFC 2406)
|
|
o 'ah': IPsec authentication header (RFC 2402)
|
|
o 'ipv6-icmp': internet control message protocol for IPv6"
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfInEntry 6 }
|
|
|
|
hmSec2FwL3PfInAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
accept(1),
|
|
drop(2),
|
|
reject(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action to be performed if the firewall rule matches."
|
|
DEFVAL { accept }
|
|
::= { hmSec2FwL3PfInEntry 7 }
|
|
|
|
hmSec2FwL3PfInLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2),
|
|
logAndTrap(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for packets matching this rule."
|
|
DEFVAL { disable }
|
|
::= { hmSec2FwL3PfInEntry 8 }
|
|
|
|
hmSec2FwL3PfInDesc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User defined text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwL3PfInEntry 9 }
|
|
|
|
hmSec2FwL3PfInErrorText OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Error text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwL3PfInEntry 10 }
|
|
|
|
hmSec2FwL3PfInRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status of this table entry."
|
|
::= { hmSec2FwL3PfInEntry 11 }
|
|
|
|
|
|
hmSec2FwL3PfInLogNonMatching OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Log incoming packets not matching any rule."
|
|
DEFVAL { disable }
|
|
::= { hmSec2FirewallL3PfIncomingGroup 2 }
|
|
|
|
--
|
|
-- IP Rules for incoming traffic table dependent on Digital Input --
|
|
--
|
|
hmSec2FwL3PfDIInTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2FwL3PfDIInEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of the IP rules for incoming traffic
|
|
controlled by the digital input to
|
|
activate or deactivate the rules."
|
|
::= { hmSec2FirewallL3PfIncomingGroup 3 }
|
|
|
|
hmSec2FwL3PfDIInEntry OBJECT-TYPE
|
|
SYNTAX HmSec2FwL3PfDIInEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2FwL3PfDIInIndex }
|
|
::= { hmSec2FwL3PfDIInTable 1 }
|
|
|
|
HmSec2FwL3PfDIInEntry ::= SEQUENCE {
|
|
hmSec2FwL3PfDIInIndex Integer32,
|
|
hmSec2FwL3PfDIInSrcNet DisplayString,
|
|
hmSec2FwL3PfDIInSrcPort DisplayString,
|
|
hmSec2FwL3PfDIInDstNet DisplayString,
|
|
hmSec2FwL3PfDIInDstPort DisplayString,
|
|
hmSec2FwL3PfDIInProto DisplayString,
|
|
hmSec2FwL3PfDIInAction INTEGER,
|
|
hmSec2FwL3PfDIInLog INTEGER,
|
|
hmSec2FwL3PfDIInDesc DisplayString,
|
|
hmSec2FwL3PfDIInErrorText DisplayString,
|
|
hmSec2FwL3PfDIInRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2FwL3PfDIInIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that uniquely identifies the entry in the table. The
|
|
index must be choosen in ascending and compact order. It may
|
|
change if a rule (not the last in list) is deleted or a new
|
|
row is inserted."
|
|
::= { hmSec2FwL3PfDIInEntry 1 }
|
|
|
|
hmSec2FwL3PfDIInSrcNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address (a.b.c.d) or address range in
|
|
CIDR notation (a.b.c.d/n) or the keywords 'me'
|
|
or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfDIInEntry 2 }
|
|
|
|
hmSec2FwL3PfDIInSrcPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port expression or the keyword 'any'. A port expressions is
|
|
structured as 'port' (default), 'op port' or 'port1 op port2',
|
|
where 'op' is a mathematical operator for:
|
|
o equal (default) =
|
|
o unequal !=
|
|
o less than <
|
|
o less than or equal <=
|
|
o greater than >
|
|
o greater than or equal to >=
|
|
o outside range <>
|
|
o inside range ><
|
|
|
|
The port must be specified as a decimal number or one of the
|
|
aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)
|
|
|
|
For ICMP only:
|
|
ICMP type and code can be specified as:
|
|
o 'type <i>'
|
|
o 'type <i> code <j>'
|
|
where <i> and <j> are decimal numbers (0..255)."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfDIInEntry 3 }
|
|
|
|
hmSec2FwL3PfDIInDstNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address (a.b.c.d) or address range in CIDR notation
|
|
(a.b.c.d/n) or the keywords 'me' or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfDIInEntry 4 }
|
|
|
|
hmSec2FwL3PfDIInDstPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port expression or the keyword 'any'. A port expressions is
|
|
structured as 'port' (default), 'op port' or 'port1 op port2',
|
|
where 'op' is a mathematical operator for:
|
|
o equal (default) =
|
|
o unequal !=
|
|
o less than <
|
|
o less than or equal <=
|
|
o greater than >
|
|
o greater than or equal to >=
|
|
o outside range <>
|
|
o inside range ><
|
|
|
|
The port must be specified as a decimal number or one of the
|
|
aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)"
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfDIInEntry 5 }
|
|
|
|
hmSec2FwL3PfDIInProto OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..10))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP protocol (RFC 791) as a decimal number (in range 1 -
|
|
255), a name or the keyword 'any' for protocol-independent
|
|
filtering. The following protocol names are currently
|
|
supported:
|
|
o 'icmp': internet control message protocol (RFC 792)
|
|
o 'igmp': internet group management protocol
|
|
o 'ipip': IP in IP tunneling (RFC 1853)
|
|
o 'tcp': transmission control protocol (RFC 793)
|
|
o 'udp': user datagram protocol (RFC 768)
|
|
o 'esp': IPsec encapsulated security payload (RFC 2406)
|
|
o 'ah': IPsec authentication header (RFC 2402)
|
|
o 'ipv6-icmp': internet control message protocol for IPv6"
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfDIInEntry 6 }
|
|
|
|
hmSec2FwL3PfDIInAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
accept(1),
|
|
drop(2),
|
|
reject(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action to be performed if the firewall rule matches."
|
|
DEFVAL { accept }
|
|
::= { hmSec2FwL3PfDIInEntry 7 }
|
|
|
|
hmSec2FwL3PfDIInLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2),
|
|
logAndTrap(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for packets matching this rule."
|
|
DEFVAL { disable }
|
|
::= { hmSec2FwL3PfDIInEntry 8 }
|
|
|
|
hmSec2FwL3PfDIInDesc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User defined text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwL3PfDIInEntry 9 }
|
|
|
|
hmSec2FwL3PfDIInErrorText OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Error text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwL3PfDIInEntry 10 }
|
|
|
|
hmSec2FwL3PfDIInRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status of this table entry."
|
|
::= { hmSec2FwL3PfDIInEntry 11 }
|
|
|
|
hmSec2FwL3PfDIInLevel OBJECT-TYPE
|
|
SYNTAX DIFwRuleActivate
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set this variable to change the behavior of
|
|
the digital input to activate the Firewall
|
|
rules in the Digital Input Rule table when
|
|
the digital input value is high (high-active)
|
|
or low (low-active)."
|
|
DEFVAL { high-active }
|
|
::= { hmSec2FirewallL3PfIncomingGroup 4 }
|
|
|
|
hmSec2FwL3PfDIInStateRemoval OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
remove (1),
|
|
keep (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set to remove or keep the Firewall state entries
|
|
for Digital Input Firewall rules when the state switches."
|
|
DEFVAL { remove }
|
|
::= { hmSec2FirewallL3PfIncomingGroup 5 }
|
|
|
|
hmSec2FwL3PfDIInOperStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
inactive(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value shows if the rules for digital input
|
|
are currently active or inactive (depends on the
|
|
activation level hmSec2FwL3PfDIInLevel)."
|
|
::= { hmSec2FirewallL3PfIncomingGroup 6 }
|
|
|
|
|
|
--
|
|
-- IP Rules for outgoing traffic table --
|
|
--
|
|
hmSec2FwL3PfOutTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2FwL3PfOutEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of the IP rules for outgoing traffic."
|
|
::= { hmSec2FirewallL3PfOutgoingGroup 1 }
|
|
|
|
hmSec2FwL3PfOutEntry OBJECT-TYPE
|
|
SYNTAX HmSec2FwL3PfOutEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2FwL3PfOutIndex }
|
|
::= { hmSec2FwL3PfOutTable 1 }
|
|
|
|
HmSec2FwL3PfOutEntry ::= SEQUENCE {
|
|
hmSec2FwL3PfOutIndex Integer32,
|
|
hmSec2FwL3PfOutSrcNet DisplayString,
|
|
hmSec2FwL3PfOutSrcPort DisplayString,
|
|
hmSec2FwL3PfOutDstNet DisplayString,
|
|
hmSec2FwL3PfOutDstPort DisplayString,
|
|
hmSec2FwL3PfOutProto DisplayString,
|
|
hmSec2FwL3PfOutAction INTEGER,
|
|
hmSec2FwL3PfOutLog INTEGER,
|
|
hmSec2FwL3PfOutDesc DisplayString,
|
|
hmSec2FwL3PfOutErrorText DisplayString,
|
|
hmSec2FwL3PfOutRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2FwL3PfOutIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that uniquely identifies the entry in the table. The
|
|
index must be choosen in ascending and compact order. It may
|
|
change if a rule (not the last in list) is deleted or a new
|
|
row is inserted."
|
|
::= { hmSec2FwL3PfOutEntry 1 }
|
|
|
|
hmSec2FwL3PfOutSrcNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address (a.b.c.d) or address range in CIDR notation
|
|
(a.b.c.d/n) or the keywords 'me' or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfOutEntry 2 }
|
|
|
|
hmSec2FwL3PfOutSrcPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port expression or the keyword 'any'. A port expressions is
|
|
structured as 'port' (default), 'op port' or 'port1 op port2',
|
|
where 'op' is a mathematical operator for:
|
|
o equal (default) =
|
|
o unequal !=
|
|
o less than <
|
|
o less than or equal <=
|
|
o greater than >
|
|
o greater than or equal to >=
|
|
o outside range <>
|
|
o inside range ><
|
|
|
|
The port must be specified as a decimal number or one of the
|
|
aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)
|
|
|
|
For ICMP only:
|
|
ICMP type and code can be specified as:
|
|
o 'type <i>'
|
|
o 'type <i> code <j>'
|
|
where <i> and <j> are decimal numbers (0..255)."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfOutEntry 3 }
|
|
|
|
hmSec2FwL3PfOutDstNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address (a.b.c.d) or address range in
|
|
CIDR notation (a.b.c.d/n) or the keywords 'me'
|
|
or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfOutEntry 4 }
|
|
|
|
hmSec2FwL3PfOutDstPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port expression or the keyword 'any'. A port expressions is
|
|
structured as 'port' (default), 'op port' or 'port1 op port2',
|
|
where 'op' is a mathematical operator for:
|
|
o equal (default) =
|
|
o unequal !=
|
|
o less than <
|
|
o less than or equal <=
|
|
o greater than >
|
|
o greater than or equal to >=
|
|
o outside range <>
|
|
o inside range ><
|
|
|
|
The port must be specified as a decimal number or one of the
|
|
aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)"
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfOutEntry 5 }
|
|
|
|
hmSec2FwL3PfOutProto OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..10))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP protocol (RFC 791) as a decimal number (in range 1 -
|
|
255), a name or the keyword 'any' for protocol-independent
|
|
filtering. The following protocol names are currently
|
|
supported:
|
|
o 'icmp': internet control message protocol (RFC 792)
|
|
o 'igmp': internet group management protocol
|
|
o 'ipip': IP in IP tunneling (RFC 1853)
|
|
o 'tcp': transmission control protocol (RFC 793)
|
|
o 'udp': user datagram protocol (RFC 768)
|
|
o 'esp': IPsec encapsulated security payload (RFC 2406)
|
|
o 'ah': IPsec authentication header (RFC 2402)
|
|
o 'ipv6-icmp': internet control message protocol for IPv6"
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfOutEntry 6 }
|
|
|
|
hmSec2FwL3PfOutAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
accept(1),
|
|
drop(2),
|
|
reject(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action to be performed if the firewall rule matches."
|
|
DEFVAL { drop }
|
|
::= { hmSec2FwL3PfOutEntry 7 }
|
|
|
|
hmSec2FwL3PfOutLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2),
|
|
logAndTrap(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for packets matching this rule."
|
|
DEFVAL { disable }
|
|
::= { hmSec2FwL3PfOutEntry 8 }
|
|
|
|
hmSec2FwL3PfOutDesc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User defined text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwL3PfOutEntry 9 }
|
|
|
|
hmSec2FwL3PfOutErrorText OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Error text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwL3PfOutEntry 10 }
|
|
|
|
hmSec2FwL3PfOutRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status for this table entry."
|
|
::= { hmSec2FwL3PfOutEntry 11 }
|
|
|
|
|
|
hmSec2FwL3PfOutLogNonMatching OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Log incoming packets not matching any rule."
|
|
DEFVAL { disable }
|
|
::= { hmSec2FirewallL3PfOutgoingGroup 2 }
|
|
|
|
--
|
|
-- IP Rules for outgoing traffic table dependent on Digital Input --
|
|
--
|
|
hmSec2FwL3PfDIOutTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2FwL3PfDIOutEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of the IP rules for outgoing traffic
|
|
controlled by the digital input to
|
|
activate or deactivate the rules."
|
|
::= { hmSec2FirewallL3PfOutgoingGroup 3 }
|
|
|
|
hmSec2FwL3PfDIOutEntry OBJECT-TYPE
|
|
SYNTAX HmSec2FwL3PfDIOutEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2FwL3PfDIOutIndex }
|
|
::= { hmSec2FwL3PfDIOutTable 1 }
|
|
|
|
HmSec2FwL3PfDIOutEntry ::= SEQUENCE {
|
|
hmSec2FwL3PfDIOutIndex Integer32,
|
|
hmSec2FwL3PfDIOutSrcNet DisplayString,
|
|
hmSec2FwL3PfDIOutSrcPort DisplayString,
|
|
hmSec2FwL3PfDIOutDstNet DisplayString,
|
|
hmSec2FwL3PfDIOutDstPort DisplayString,
|
|
hmSec2FwL3PfDIOutProto DisplayString,
|
|
hmSec2FwL3PfDIOutAction INTEGER,
|
|
hmSec2FwL3PfDIOutLog INTEGER,
|
|
hmSec2FwL3PfDIOutDesc DisplayString,
|
|
hmSec2FwL3PfDIOutErrorText DisplayString,
|
|
hmSec2FwL3PfDIOutRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2FwL3PfDIOutIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that uniquely identifies the entry in the table. The
|
|
index must be choosen in ascending and compact order. It may
|
|
change if a rule (not the last in list) is deleted or a new
|
|
row is inserted."
|
|
::= { hmSec2FwL3PfDIOutEntry 1 }
|
|
|
|
hmSec2FwL3PfDIOutSrcNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address (a.b.c.d) or address range in CIDR notation
|
|
(a.b.c.d/n) or the keywords 'me' or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfDIOutEntry 2 }
|
|
|
|
hmSec2FwL3PfDIOutSrcPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port expression or the keyword 'any'. A port expressions is
|
|
structured as 'port' (default), 'op port' or 'port1 op port2',
|
|
where 'op' is a mathematical operator for:
|
|
o equal (default) =
|
|
o unequal !=
|
|
o less than <
|
|
o less than or equal <=
|
|
o greater than >
|
|
o greater than or equal to >=
|
|
o outside range <>
|
|
o inside range ><
|
|
|
|
The port must be specified as a decimal number or one of the
|
|
aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)
|
|
|
|
For ICMP only:
|
|
ICMP type and code can be specified as:
|
|
o 'type <i>'
|
|
o 'type <i> code <j>'
|
|
where <i> and <j> are decimal numbers (0..255)."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfDIOutEntry 3 }
|
|
|
|
hmSec2FwL3PfDIOutDstNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address (a.b.c.d) or address range in
|
|
CIDR notation (a.b.c.d/n) or the keywords 'me'
|
|
or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfDIOutEntry 4 }
|
|
|
|
hmSec2FwL3PfDIOutDstPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port expression or the keyword 'any'. A port expressions is
|
|
structured as 'port' (default), 'op port' or 'port1 op port2',
|
|
where 'op' is a mathematical operator for:
|
|
o equal (default) =
|
|
o unequal !=
|
|
o less than <
|
|
o less than or equal <=
|
|
o greater than >
|
|
o greater than or equal to >=
|
|
o outside range <>
|
|
o inside range ><
|
|
|
|
The port must be specified as a decimal number or one of the
|
|
aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)"
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfDIOutEntry 5 }
|
|
|
|
hmSec2FwL3PfDIOutProto OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..10))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP protocol (RFC 791) as a decimal number (in range 1 -
|
|
255), a name or the keyword 'any' for protocol-independent
|
|
filtering. The following protocol names are currently
|
|
supported:
|
|
o 'icmp': internet control message protocol (RFC 792)
|
|
o 'igmp': internet group management protocol
|
|
o 'ipip': IP in IP tunneling (RFC 1853)
|
|
o 'tcp': transmission control protocol (RFC 793)
|
|
o 'udp': user datagram protocol (RFC 768)
|
|
o 'esp': IPsec encapsulated security payload (RFC 2406)
|
|
o 'ah': IPsec authentication header (RFC 2402)
|
|
o 'ipv6-icmp': internet control message protocol for IPv6"
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3PfDIOutEntry 6 }
|
|
|
|
hmSec2FwL3PfDIOutAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
accept(1),
|
|
drop(2),
|
|
reject(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action to be performed if the firewall rule matches."
|
|
DEFVAL { drop }
|
|
::= { hmSec2FwL3PfDIOutEntry 7 }
|
|
|
|
hmSec2FwL3PfDIOutLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2),
|
|
logAndTrap(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for packets matching this rule."
|
|
DEFVAL { disable }
|
|
::= { hmSec2FwL3PfDIOutEntry 8 }
|
|
|
|
hmSec2FwL3PfDIOutDesc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User defined text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwL3PfDIOutEntry 9 }
|
|
|
|
hmSec2FwL3PfDIOutErrorText OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Error text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwL3PfDIOutEntry 10 }
|
|
|
|
hmSec2FwL3PfDIOutRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status for this table entry."
|
|
::= { hmSec2FwL3PfDIOutEntry 11 }
|
|
|
|
hmSec2FwL3PfDIOutLevel OBJECT-TYPE
|
|
SYNTAX DIFwRuleActivate
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set this variable to change the behavior of
|
|
the digital input to activate the Firewall
|
|
rules in the Digital Input Rule table when
|
|
the digital input value is high (high-active)
|
|
or low (low-active)."
|
|
DEFVAL { high-active }
|
|
::= { hmSec2FirewallL3PfOutgoingGroup 4 }
|
|
|
|
hmSec2FwL3PfDIOutStateRemoval OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
remove (1),
|
|
keep (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set to remove or keep the Firewall state entries
|
|
for Digital Input Firewall rules when the state switches."
|
|
DEFVAL { remove }
|
|
::= { hmSec2FirewallL3PfOutgoingGroup 5 }
|
|
|
|
hmSec2FwL3PfDIOutOperStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
inactive(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value shows if the rules for digital input
|
|
are currently active or inactive (depends on the
|
|
activation level hmSec2FwL3PfDIOutLevel)."
|
|
::= { hmSec2FirewallL3PfOutgoingGroup 6 }
|
|
|
|
|
|
--
|
|
-- IP template definitions
|
|
--
|
|
hmSec2FirewallL3TemplateGroup OBJECT IDENTIFIER ::= { hmSec2FirewallL3PacketFilterGroup 3 }
|
|
|
|
-- Id to Name mapping
|
|
|
|
hmSec2FwL3TplIdTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2FwL3TplIdEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of IP templates."
|
|
::= { hmSec2FirewallL3TemplateGroup 1 }
|
|
|
|
hmSec2FwL3TplIdEntry OBJECT-TYPE
|
|
SYNTAX HmSec2FwL3TplIdEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2FwL3TplIdIndex }
|
|
::= { hmSec2FwL3TplIdTable 1 }
|
|
|
|
HmSec2FwL3TplIdEntry ::= SEQUENCE {
|
|
hmSec2FwL3TplIdIndex Integer32,
|
|
hmSec2FwL3TplIdName DisplayString,
|
|
hmSec2FwL3TplIdRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2FwL3TplIdIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table index."
|
|
::= { hmSec2FwL3TplIdEntry 1 }
|
|
|
|
hmSec2FwL3TplIdName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..19))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The (unique) name of the template."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3TplIdEntry 2 }
|
|
|
|
hmSec2FwL3TplIdRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status of this table entry.
|
|
This object can be set to createAndGo(4) or destroy(6)."
|
|
::= { hmSec2FwL3TplIdEntry 3 }
|
|
|
|
-- Template network table
|
|
|
|
hmSec2FwL3TplNetTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2FwL3TplNetEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Holds the addresses/networks of the templates."
|
|
::= { hmSec2FirewallL3TemplateGroup 2 }
|
|
|
|
hmSec2FwL3TplNetEntry OBJECT-TYPE
|
|
SYNTAX HmSec2FwL3TplNetEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2FwL3TplNetIdIndex, hmSec2FwL3TplNetIndex }
|
|
::= { hmSec2FwL3TplNetTable 1 }
|
|
|
|
HmSec2FwL3TplNetEntry ::= SEQUENCE {
|
|
hmSec2FwL3TplNetIdIndex Integer32,
|
|
hmSec2FwL3TplNetIndex Integer32,
|
|
hmSec2FwL3TplNetAddr DisplayString,
|
|
hmSec2FwL3TplNetRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2FwL3TplNetIdIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The corresponding index in the hmSec2FwL3TplIdTable."
|
|
::= { hmSec2FwL3TplNetEntry 1 }
|
|
|
|
hmSec2FwL3TplNetIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the net entry within a template."
|
|
::= { hmSec2FwL3TplNetEntry 2 }
|
|
|
|
hmSec2FwL3TplNetAddr OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address (a.b.c.d) or address range in
|
|
CIDR notation (a.b.c.d/n) or the keywords 'me'
|
|
or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwL3TplNetEntry 3 }
|
|
|
|
hmSec2FwL3TplNetRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status of this table entry."
|
|
::= { hmSec2FwL3TplNetEntry 4 }
|
|
|
|
|
|
--
|
|
-- IP Rules for incoming PPP traffic variables --
|
|
--
|
|
hmSec2FirewallPppFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 4 }
|
|
hmSec2FirewallPppIncomingGroup OBJECT IDENTIFIER ::= { hmSec2FirewallPppFilterGroup 1 }
|
|
|
|
|
|
--
|
|
-- IP Rules for incoming PPP traffic table --
|
|
--
|
|
hmSec2FwPppInTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2FwPppInEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of the IP rules for incoming traffic from the PPP interface."
|
|
::= { hmSec2FirewallPppIncomingGroup 1 }
|
|
|
|
hmSec2FwPppInEntry OBJECT-TYPE
|
|
SYNTAX HmSec2FwPppInEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2FwPppInIndex }
|
|
::= { hmSec2FwPppInTable 1 }
|
|
|
|
HmSec2FwPppInEntry ::= SEQUENCE {
|
|
hmSec2FwPppInIndex Integer32,
|
|
hmSec2FwPppInSrcNet DisplayString,
|
|
hmSec2FwPppInSrcPort DisplayString,
|
|
hmSec2FwPppInDstNet DisplayString,
|
|
hmSec2FwPppInDstPort DisplayString,
|
|
hmSec2FwPppInProto DisplayString,
|
|
hmSec2FwPppInAction INTEGER,
|
|
hmSec2FwPppInLog INTEGER,
|
|
hmSec2FwPppInDesc DisplayString,
|
|
hmSec2FwPppInErrorText DisplayString,
|
|
hmSec2FwPppInRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2FwPppInIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that uniquely identifies the entry in the table. The
|
|
index must be choosen in ascending and compact order. It may
|
|
change if a rule (not the last in list) is deleted or a new
|
|
row is inserted."
|
|
::= { hmSec2FwPppInEntry 1 }
|
|
|
|
hmSec2FwPppInSrcNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address (a.b.c.d) or address range in
|
|
CIDR notation (a.b.c.d/n) or the keywords 'me'
|
|
or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwPppInEntry 2 }
|
|
|
|
hmSec2FwPppInSrcPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port expression or the keyword 'any'. A port expressions is
|
|
structured as 'port' (default), 'op port' or 'port1 op port2',
|
|
where 'op' is a mathematical operator for:
|
|
o equal (default) =
|
|
o unequal !=
|
|
o less than <
|
|
o less than or equal <=
|
|
o greater than >
|
|
o greater than or equal to >=
|
|
o outside range <>
|
|
o inside range ><
|
|
|
|
The port must be specified as a decimal number or one of the
|
|
aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)
|
|
|
|
For ICMP only:
|
|
ICMP type and code can be specified as:
|
|
o 'type <i>'
|
|
o 'type <i> code <j>'
|
|
where <i> and <j> are decimal numbers (0..255)."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwPppInEntry 3 }
|
|
|
|
hmSec2FwPppInDstNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address (a.b.c.d) or address range in CIDR notation
|
|
(a.b.c.d/n) or the keywords 'me' or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwPppInEntry 4 }
|
|
|
|
hmSec2FwPppInDstPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port expression or the keyword 'any'. A port expressions is
|
|
structured as 'port' (default), 'op port' or 'port1 op port2',
|
|
where 'op' is a mathematical operator for:
|
|
o equal (default) =
|
|
o unequal !=
|
|
o less than <
|
|
o less than or equal <=
|
|
o greater than >
|
|
o greater than or equal to >=
|
|
o outside range <>
|
|
o inside range ><
|
|
|
|
The port must be specified as a decimal number or one of the
|
|
aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)"
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwPppInEntry 5 }
|
|
|
|
hmSec2FwPppInProto OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..10))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP protocol (RFC 791) as a decimal number (in range 1 -
|
|
255), a name or the keyword 'any' for protocol-independent
|
|
filtering. The following protocol names are currently
|
|
supported:
|
|
o 'icmp': internet control message protocol (RFC 792)
|
|
o 'igmp': internet group management protocol
|
|
o 'ipip': IP in IP tunneling (RFC 1853)
|
|
o 'tcp': transmission control protocol (RFC 793)
|
|
o 'udp': user datagram protocol (RFC 768)
|
|
o 'esp': IPsec encapsulated security payload (RFC 2406)
|
|
o 'ah': IPsec authentication header (RFC 2402)
|
|
o 'ipv6-icmp': internet control message protocol for IPv6"
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwPppInEntry 6 }
|
|
|
|
hmSec2FwPppInAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
accept(1),
|
|
drop(2),
|
|
reject(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action to be performed if the firewall rule matches."
|
|
DEFVAL { accept }
|
|
::= { hmSec2FwPppInEntry 7 }
|
|
|
|
hmSec2FwPppInLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2),
|
|
logAndTrap(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for packets matching this rule."
|
|
DEFVAL { disable }
|
|
::= { hmSec2FwPppInEntry 8 }
|
|
|
|
hmSec2FwPppInDesc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User defined text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwPppInEntry 9 }
|
|
|
|
hmSec2FwPppInErrorText OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Error text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwPppInEntry 10 }
|
|
|
|
hmSec2FwPppInRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status of this table entry."
|
|
::= { hmSec2FwPppInEntry 11 }
|
|
|
|
|
|
hmSec2FwPppInLogNonMatching OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Log incoming packets not matching any rule."
|
|
DEFVAL { disable }
|
|
::= { hmSec2FirewallPppIncomingGroup 2 }
|
|
|
|
|
|
--
|
|
-- IP Rules for SNMP filter variables --
|
|
--
|
|
hmSec2FirewallSnmpFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 5 }
|
|
|
|
|
|
--
|
|
-- IP Rules for incoming traffic table --
|
|
--
|
|
hmSec2FwSnmpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2FwSnmpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of firewall rules for SNMP traffic."
|
|
::= { hmSec2FirewallSnmpFilterGroup 1 }
|
|
|
|
hmSec2FwSnmpEntry OBJECT-TYPE
|
|
SYNTAX HmSec2FwSnmpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2FwSnmpIndex }
|
|
::= { hmSec2FwSnmpTable 1 }
|
|
|
|
HmSec2FwSnmpEntry ::= SEQUENCE {
|
|
hmSec2FwSnmpIndex Integer32,
|
|
hmSec2FwSnmpInterface INTEGER,
|
|
hmSec2FwSnmpSrcNet DisplayString,
|
|
hmSec2FwSnmpAction INTEGER,
|
|
hmSec2FwSnmpLog INTEGER,
|
|
hmSec2FwSnmpDesc DisplayString,
|
|
hmSec2FwSnmpErrorText DisplayString,
|
|
hmSec2FwSnmpRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2FwSnmpIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that uniquely identifies the entry in the table. The
|
|
index must be choosen in ascending and compact order. It may
|
|
change if a rule (not the last in list) is deleted or a new
|
|
row is inserted."
|
|
::= { hmSec2FwSnmpEntry 1 }
|
|
|
|
hmSec2FwSnmpInterface OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
int (1),
|
|
ext (2),
|
|
ppp (3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Interface for which this firewall rule applies"
|
|
DEFVAL { ext }
|
|
::= { hmSec2FwSnmpEntry 2 }
|
|
|
|
|
|
hmSec2FwSnmpSrcNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address (a.b.c.d) or address range in
|
|
CIDR notation (a.b.c.d/n) or the keywords 'me'
|
|
or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwSnmpEntry 3 }
|
|
|
|
hmSec2FwSnmpAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
accept(1),
|
|
drop(2),
|
|
reject(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action to be performed if the firewall rule matches."
|
|
DEFVAL { accept }
|
|
::= { hmSec2FwSnmpEntry 4 }
|
|
|
|
hmSec2FwSnmpLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2),
|
|
logAndTrap(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for packets matching this rule."
|
|
DEFVAL { disable }
|
|
::= { hmSec2FwSnmpEntry 5 }
|
|
|
|
hmSec2FwSnmpDesc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User defined text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwSnmpEntry 6 }
|
|
|
|
hmSec2FwSnmpErrorText OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Error text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwSnmpEntry 7 }
|
|
|
|
hmSec2FwSnmpRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status of this table entry."
|
|
::= { hmSec2FwSnmpEntry 8 }
|
|
|
|
|
|
--
|
|
-- IP Rules for SSH filter variables --
|
|
--
|
|
hmSec2FirewallSshFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 6 }
|
|
|
|
|
|
--
|
|
-- IP Rules for incoming traffic table --
|
|
--
|
|
hmSec2FwSshTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2FwSshEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of firewall rules for SSH traffic."
|
|
::= { hmSec2FirewallSshFilterGroup 1 }
|
|
|
|
hmSec2FwSshEntry OBJECT-TYPE
|
|
SYNTAX HmSec2FwSshEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2FwSshIndex }
|
|
::= { hmSec2FwSshTable 1 }
|
|
|
|
HmSec2FwSshEntry ::= SEQUENCE {
|
|
hmSec2FwSshIndex Integer32,
|
|
hmSec2FwSshInterface INTEGER,
|
|
hmSec2FwSshSrcNet DisplayString,
|
|
hmSec2FwSshAction INTEGER,
|
|
hmSec2FwSshLog INTEGER,
|
|
hmSec2FwSshDesc DisplayString,
|
|
hmSec2FwSshErrorText DisplayString,
|
|
hmSec2FwSshRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2FwSshIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that uniquely identifies the entry in the table. The
|
|
index must be choosen in ascending and compact order. It may
|
|
change if a rule (not the last in list) is deleted or a new
|
|
row is inserted."
|
|
::= { hmSec2FwSshEntry 1 }
|
|
|
|
hmSec2FwSshInterface OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
int (1),
|
|
ext (2),
|
|
ppp (3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Interface for which this firewall rule applies"
|
|
DEFVAL { ext }
|
|
::= { hmSec2FwSshEntry 2 }
|
|
|
|
|
|
hmSec2FwSshSrcNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address (a.b.c.d) or address range in
|
|
CIDR notation (a.b.c.d/n) or the keywords 'me'
|
|
or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwSshEntry 3 }
|
|
|
|
hmSec2FwSshAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
accept(1),
|
|
drop(2),
|
|
reject(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action to be performed if the firewall rule matches."
|
|
DEFVAL { accept }
|
|
::= { hmSec2FwSshEntry 4 }
|
|
|
|
hmSec2FwSshLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2),
|
|
logAndTrap(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for packets matching this rule."
|
|
DEFVAL { disable }
|
|
::= { hmSec2FwSshEntry 5 }
|
|
|
|
hmSec2FwSshDesc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User defined text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwSshEntry 6 }
|
|
|
|
hmSec2FwSshErrorText OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Error text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwSshEntry 7 }
|
|
|
|
hmSec2FwSshRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status of this table entry."
|
|
::= { hmSec2FwSshEntry 8 }
|
|
|
|
|
|
--
|
|
-- IP Rules for HTTPS filter variables --
|
|
--
|
|
hmSec2FirewallHttpsFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 7 }
|
|
|
|
|
|
--
|
|
-- IP Rules for incoming traffic table --
|
|
--
|
|
hmSec2FwHttpsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2FwHttpsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of firewall rules for HTTPS traffic."
|
|
::= { hmSec2FirewallHttpsFilterGroup 1 }
|
|
|
|
hmSec2FwHttpsEntry OBJECT-TYPE
|
|
SYNTAX HmSec2FwHttpsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2FwHttpsIndex }
|
|
::= { hmSec2FwHttpsTable 1 }
|
|
|
|
HmSec2FwHttpsEntry ::= SEQUENCE {
|
|
hmSec2FwHttpsIndex Integer32,
|
|
hmSec2FwHttpsInterface INTEGER,
|
|
hmSec2FwHttpsSrcNet DisplayString,
|
|
hmSec2FwHttpsAction INTEGER,
|
|
hmSec2FwHttpsLog INTEGER,
|
|
hmSec2FwHttpsDesc DisplayString,
|
|
hmSec2FwHttpsErrorText DisplayString,
|
|
hmSec2FwHttpsRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2FwHttpsIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that uniquely identifies the entry in the table. The
|
|
index must be choosen in ascending and compact order. It may
|
|
change if a rule (not the last in list) is deleted or a new
|
|
row is inserted."
|
|
::= { hmSec2FwHttpsEntry 1 }
|
|
|
|
hmSec2FwHttpsInterface OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
int (1),
|
|
ext (2),
|
|
ppp (3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Interface for which this firewall rule applies"
|
|
DEFVAL { ext }
|
|
::= { hmSec2FwHttpsEntry 2 }
|
|
|
|
|
|
hmSec2FwHttpsSrcNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address (a.b.c.d) or address range in
|
|
CIDR notation (a.b.c.d/n) or the keywords 'me'
|
|
or 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2FwHttpsEntry 3 }
|
|
|
|
hmSec2FwHttpsAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
accept(1),
|
|
drop(2),
|
|
reject(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action to be performed if the firewall rule matches."
|
|
DEFVAL { accept }
|
|
::= { hmSec2FwHttpsEntry 4 }
|
|
|
|
hmSec2FwHttpsLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2),
|
|
logAndTrap(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for packets matching this rule."
|
|
DEFVAL { disable }
|
|
::= { hmSec2FwHttpsEntry 5 }
|
|
|
|
hmSec2FwHttpsDesc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User defined text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwHttpsEntry 6 }
|
|
|
|
hmSec2FwHttpsErrorText OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Error text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2FwHttpsEntry 7 }
|
|
|
|
hmSec2FwHttpsRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status of this table entry."
|
|
::= { hmSec2FwHttpsEntry 8 }
|
|
|
|
|
|
--**************************************************************************************
|
|
-- UserFirewall group
|
|
--**************************************************************************************
|
|
|
|
hmSec2UsrFwConfigGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 8 }
|
|
|
|
hmSec2UsrFwStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
-- Comment out the next line to disable the error state
|
|
-- and USRFW_STATUS_ERROR_FLAG in usrfw/h/usrfw.h too
|
|
error (0),
|
|
enable (1),
|
|
disable (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables/Disables the User Firewall."
|
|
DEFVAL { enable }
|
|
::= { hmSec2UsrFwConfigGroup 1 }
|
|
|
|
hmSec2UsrFwTemplateTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2UsrFwTemplateEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of the User Firewall templates."
|
|
::= { hmSec2UsrFwConfigGroup 2 }
|
|
|
|
hmSec2UsrFwTemplateEntry OBJECT-TYPE
|
|
SYNTAX HmSec2UsrFwTemplateEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2UsrFwTemplateIndex }
|
|
::= { hmSec2UsrFwTemplateTable 1 }
|
|
|
|
HmSec2UsrFwTemplateEntry ::= SEQUENCE {
|
|
hmSec2UsrFwTemplateIndex Integer32,
|
|
hmSec2UsrFwTemplateName SnmpAdminString,
|
|
hmSec2UsrFwTemplateTimeout Integer32,
|
|
hmSec2UsrFwTemplateTimeoutType INTEGER,
|
|
hmSec2UsrFwTemplateComment DisplayString,
|
|
hmSec2UsrFwTemplateSrcAddr DisplayString,
|
|
hmSec2UsrFwTemplateStatus RowStatus
|
|
}
|
|
|
|
hmSec2UsrFwTemplateIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table index."
|
|
::= { hmSec2UsrFwTemplateEntry 1 }
|
|
|
|
hmSec2UsrFwTemplateName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(1..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The descriptive name of the template."
|
|
DEFVAL { "(unnamed)" }
|
|
::= { hmSec2UsrFwTemplateEntry 2 }
|
|
|
|
hmSec2UsrFwTemplateTimeout OBJECT-TYPE
|
|
SYNTAX Integer32 (30..604800)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Timeout in seconds after that the User Firewall user
|
|
will be logged out."
|
|
DEFVAL { 28800 }
|
|
::= { hmSec2UsrFwTemplateEntry 3 }
|
|
|
|
hmSec2UsrFwTemplateTimeoutType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
static (1),
|
|
dynamic (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of the User Firewall Timeout.
|
|
static - means the user will be logged out after the time
|
|
elapsed regardless of the user network activity.
|
|
dynamic - the countdown for logout will not start until
|
|
all user connections are closed and/or timed out."
|
|
DEFVAL { static }
|
|
::= { hmSec2UsrFwTemplateEntry 4 }
|
|
|
|
hmSec2UsrFwTemplateComment OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A comment for the template."
|
|
DEFVAL { "" }
|
|
::= { hmSec2UsrFwTemplateEntry 5 }
|
|
|
|
hmSec2UsrFwTemplateSrcAddr OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (2..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP address for the user firewall rules.
|
|
- single address (a.b.c.d)
|
|
- address range in CIDR notation (a.b.c.d/n)
|
|
- keyword 'me'
|
|
- keyword 'any'
|
|
- placeholder '%authorized_ip' the IP address user
|
|
logged in from."
|
|
DEFVAL { "%authorized_ip" }
|
|
::= { hmSec2UsrFwTemplateEntry 6 }
|
|
|
|
hmSec2UsrFwTemplateStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Template Status.
|
|
active(1) - This template is active.
|
|
notInService(2) - Row has been suspended.
|
|
notReady(3) - Row has incomplete values.
|
|
createAndGo(4) - Accept row values and activate.
|
|
createAndWait(5) - Accept row values and wait.
|
|
destroy(6) - Set to this value to remove this template."
|
|
::= { hmSec2UsrFwTemplateEntry 7 }
|
|
|
|
hmSec2UsrFwTemplateUserTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2UsrFwTemplateUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Users for the template."
|
|
::= { hmSec2UsrFwConfigGroup 3 }
|
|
|
|
hmSec2UsrFwTemplateUserEntry OBJECT-TYPE
|
|
SYNTAX HmSec2UsrFwTemplateUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX {
|
|
hmSec2UsrFwTemplateIndex,
|
|
IMPLIED hmSec2UsrFwTemplateUserName
|
|
}
|
|
::= { hmSec2UsrFwTemplateUserTable 1 }
|
|
|
|
HmSec2UsrFwTemplateUserEntry ::= SEQUENCE {
|
|
hmSec2UsrFwTemplateUserTemplateIndex Integer32,
|
|
hmSec2UsrFwTemplateUserName SnmpAdminString,
|
|
hmSec2UsrFwTemplateUserStatus RowStatus
|
|
}
|
|
|
|
hmSec2UsrFwTemplateUserTemplateIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Template index from the hmSec2UsrFwTemplateTable above."
|
|
::= { hmSec2UsrFwTemplateUserEntry 1 }
|
|
|
|
hmSec2UsrFwTemplateUserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE(1..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User name."
|
|
DEFVAL { "" }
|
|
::= { hmSec2UsrFwTemplateUserEntry 2 }
|
|
|
|
hmSec2UsrFwTemplateUserStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Template-User Entry Status.
|
|
active(1) - This entry is active.
|
|
notInService(2) - Row has been suspended.
|
|
notReady(3) - Row has incomplete values.
|
|
createAndGo(4) - Accept row values and activate.
|
|
createAndWait(5) - Accept row values and wait.
|
|
destroy(6) - Set to this value to remove this entry."
|
|
::= { hmSec2UsrFwTemplateUserEntry 3 }
|
|
|
|
hmSec2UsrFwTemplateRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2UsrFwTemplateRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Firewall rules for a template."
|
|
::= { hmSec2UsrFwConfigGroup 4 }
|
|
|
|
hmSec2UsrFwTemplateRuleEntry OBJECT-TYPE
|
|
SYNTAX HmSec2UsrFwTemplateRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX {
|
|
hmSec2UsrFwTemplateRuleTemplateIndex,
|
|
hmSec2UsrFwTemplateRuleIndex
|
|
}
|
|
::= { hmSec2UsrFwTemplateRuleTable 1 }
|
|
|
|
HmSec2UsrFwTemplateRuleEntry ::= SEQUENCE {
|
|
hmSec2UsrFwTemplateRuleTemplateIndex Integer32,
|
|
hmSec2UsrFwTemplateRuleIndex Integer32,
|
|
hmSec2UsrFwTemplateRuleProto DisplayString,
|
|
hmSec2UsrFwTemplateRuleSrcPort DisplayString,
|
|
hmSec2UsrFwTemplateRuleDstNet DisplayString,
|
|
hmSec2UsrFwTemplateRuleDstPort DisplayString,
|
|
hmSec2UsrFwTemplateRuleComment DisplayString,
|
|
hmSec2UsrFwTemplateRuleLog INTEGER,
|
|
hmSec2UsrFwTemplateRuleStatus RowStatus
|
|
}
|
|
|
|
hmSec2UsrFwTemplateRuleTemplateIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the hmSec2UsrFwTemplateTable above"
|
|
::= { hmSec2UsrFwTemplateRuleEntry 1 }
|
|
|
|
hmSec2UsrFwTemplateRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table index."
|
|
::= { hmSec2UsrFwTemplateRuleEntry 2 }
|
|
|
|
|
|
hmSec2UsrFwTemplateRuleProto OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..10))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP protocol (RFC 791) as a decimal number (in range 1 -
|
|
255), a name or the keyword 'any' for protocol-independent
|
|
filtering. The following protocol names are currently
|
|
supported:
|
|
o 'icmp': internet control message protocol (RFC 792)
|
|
o 'igmp': internet group management protocol
|
|
o 'ipip': IP in IP tunneling (RFC 1853)
|
|
o 'tcp': transmission control protocol (RFC 793)
|
|
o 'udp': user datagram protocol (RFC 768)
|
|
o 'esp': IPsec encapsulated security payload (RFC 2406)
|
|
o 'ah': IPsec authentication header (RFC 2402)
|
|
o 'ipv6-icmp': internet control message protocol for IPv6"
|
|
DEFVAL { "tcp" }
|
|
::= { hmSec2UsrFwTemplateRuleEntry 3 }
|
|
|
|
hmSec2UsrFwTemplateRuleSrcPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port expression or the keyword 'any'. A port expressions is
|
|
structured as 'port' (default), 'op port' or 'port1 op port2',
|
|
where 'op' is a mathematical operator for:
|
|
o equal (default) =
|
|
o unequal !=
|
|
o less than <
|
|
o less than or equal <=
|
|
o greater than >
|
|
o greater than or equal to >=
|
|
o outside range <>
|
|
o inside range ><
|
|
|
|
The port must be specified as a decimal number or one of the
|
|
aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)"
|
|
DEFVAL { "any" }
|
|
::= { hmSec2UsrFwTemplateRuleEntry 4 }
|
|
|
|
hmSec2UsrFwTemplateRuleDstNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Single address (a.b.c.d) or address range in
|
|
CIDR notation (a.b.c.d/n) or the keywords 'me'
|
|
or 'any'."
|
|
DEFVAL { "" }
|
|
::= { hmSec2UsrFwTemplateRuleEntry 5 }
|
|
|
|
hmSec2UsrFwTemplateRuleDstPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port expression or the keyword 'any'. A port expressions is
|
|
structured as 'port' (default), 'op port' or 'port1 op port2',
|
|
where 'op' is a mathematical operator for:
|
|
o equal (default) =
|
|
o unequal !=
|
|
o less than <
|
|
o less than or equal <=
|
|
o greater than >
|
|
o greater than or equal to >=
|
|
o outside range <>
|
|
o inside range ><
|
|
|
|
The port must be specified as a decimal number or one of the
|
|
aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)"
|
|
DEFVAL { "any" }
|
|
::= { hmSec2UsrFwTemplateRuleEntry 6 }
|
|
|
|
hmSec2UsrFwTemplateRuleComment OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A comment for the firewall rule."
|
|
DEFVAL { "" }
|
|
::= { hmSec2UsrFwTemplateRuleEntry 7 }
|
|
|
|
hmSec2UsrFwTemplateRuleLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables logging for packets matching this rule."
|
|
DEFVAL { disable }
|
|
::= { hmSec2UsrFwTemplateRuleEntry 8 }
|
|
|
|
hmSec2UsrFwTemplateRuleStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Firewall rule status.
|
|
active(1) - This rule is active.
|
|
notInService(2) - Row has been suspended.
|
|
notReady(3) - Row has incomplete values.
|
|
createAndGo(4) - Accept row values and activate.
|
|
createAndWait(5) - Accept row values and wait.
|
|
destroy(6) - Set to this value to remove this rule."
|
|
::= { hmSec2UsrFwTemplateRuleEntry 9 }
|
|
|
|
|
|
|
|
--
|
|
-- Firewall Diagnostics --
|
|
--
|
|
hmSec2FirewallDiagnosticsGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 9 }
|
|
|
|
|
|
--
|
|
-- List of all IP firewall rules --
|
|
--
|
|
hmSec2FwDiagL3Table OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2FwDiagL3Entry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Complete list of IP firewall rules."
|
|
::= { hmSec2FirewallDiagnosticsGroup 1 }
|
|
|
|
hmSec2FwDiagL3Entry OBJECT-TYPE
|
|
SYNTAX HmSec2FwDiagL3Entry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Firewall rule"
|
|
INDEX { hmSec2FwDiagL3Index }
|
|
::= { hmSec2FwDiagL3Table 1 }
|
|
|
|
HmSec2FwDiagL3Entry ::= SEQUENCE {
|
|
hmSec2FwDiagL3Index Integer32,
|
|
hmSec2FwDiagL3Group DisplayString,
|
|
hmSec2FwDiagL3Ref Integer32,
|
|
hmSec2FwDiagL3Interface DisplayString,
|
|
hmSec2FwDiagL3SrcNet DisplayString,
|
|
hmSec2FwDiagL3SrcPort DisplayString,
|
|
hmSec2FwDiagL3DstNet DisplayString,
|
|
hmSec2FwDiagL3DstPort DisplayString,
|
|
hmSec2FwDiagL3Proto DisplayString,
|
|
hmSec2FwDiagL3Action INTEGER,
|
|
hmSec2FwDiagL3Log INTEGER,
|
|
hmSec2FwDiagL3MatchCnt Counter32
|
|
}
|
|
|
|
hmSec2FwDiagL3Index OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Rule number in IP firewall table"
|
|
::= { hmSec2FwDiagL3Entry 1 }
|
|
|
|
hmSec2FwDiagL3Group OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of group this rule belongs to."
|
|
::= { hmSec2FwDiagL3Entry 2 }
|
|
|
|
hmSec2FwDiagL3Ref OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reference into group (typically the rule number).
|
|
If this value is -1, then no reference exist."
|
|
::= { hmSec2FwDiagL3Entry 3 }
|
|
|
|
|
|
hmSec2FwDiagL3Interface OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..15))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Interface (or type of traffic)."
|
|
::= { hmSec2FwDiagL3Entry 4 }
|
|
|
|
|
|
hmSec2FwDiagL3SrcNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source address."
|
|
::= { hmSec2FwDiagL3Entry 5 }
|
|
|
|
hmSec2FwDiagL3SrcPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source port (expression)."
|
|
::= { hmSec2FwDiagL3Entry 6 }
|
|
|
|
hmSec2FwDiagL3DstNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination address."
|
|
::= { hmSec2FwDiagL3Entry 7 }
|
|
|
|
hmSec2FwDiagL3DstPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination port (expression)"
|
|
::= { hmSec2FwDiagL3Entry 8 }
|
|
|
|
hmSec2FwDiagL3Proto OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..10))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP protocol"
|
|
::= { hmSec2FwDiagL3Entry 9 }
|
|
|
|
hmSec2FwDiagL3Action OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
accept(1),
|
|
drop(2),
|
|
reject(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action."
|
|
::= { hmSec2FwDiagL3Entry 10 }
|
|
|
|
hmSec2FwDiagL3Log OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2),
|
|
logAndTrap(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Logging."
|
|
::= { hmSec2FwDiagL3Entry 11 }
|
|
|
|
hmSec2FwDiagL3MatchCnt OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts the matches on this rule."
|
|
::= { hmSec2FwDiagL3Entry 12 }
|
|
|
|
--
|
|
-- Firewall Learning Mode --
|
|
--
|
|
hmSec2FirewallLearningModeGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 10 }
|
|
|
|
hmSec2FirewallLearningModeVars OBJECT IDENTIFIER ::= { hmSec2FirewallLearningModeGroup 1 }
|
|
|
|
--
|
|
-- List of States and Generic Vars for Firewall Learning Mode--
|
|
--
|
|
|
|
hmSec2FLMAdminState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enable or disable the Firewall Learning Mode "
|
|
DEFVAL { disable }
|
|
::= { hmSec2FirewallLearningModeVars 1 }
|
|
|
|
hmSec2FLMAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
start(2),
|
|
stop(3),
|
|
clear(4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Actions to control the Firewall Learning Mode "
|
|
DEFVAL { other }
|
|
::= { hmSec2FirewallLearningModeVars 2 }
|
|
|
|
hmSec2FLMInterfaces OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
both(1),
|
|
int(2),
|
|
ext(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines the Interface to learn from"
|
|
DEFVAL { both }
|
|
::= { hmSec2FirewallLearningModeVars 3 }
|
|
|
|
hmSec2FLMType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
learn(1),
|
|
test(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Learning or testing Mode"
|
|
DEFVAL { learn }
|
|
::= { hmSec2FirewallLearningModeVars 4 }
|
|
|
|
hmSec2FLMAppState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
off(1),
|
|
stoppeddatanotpresent(2),
|
|
stoppeddatapresent(3),
|
|
learning(4),
|
|
testing(5),
|
|
pending(6)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"State of running FLM Application"
|
|
::= { hmSec2FirewallLearningModeVars 5 }
|
|
|
|
hmSec2FLMAppInfoEnum OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
normal(2),
|
|
ramlow(3),
|
|
ramempty(4),
|
|
conndrop(5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enum for Infostring"
|
|
::= { hmSec2FirewallLearningModeVars 6 }
|
|
|
|
hmSec2FLMAppInfoString OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..80))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Special Statusmessage"
|
|
::= { hmSec2FirewallLearningModeVars 7 }
|
|
|
|
|
|
hmSec2FLML3Entries OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of Layer 3 entries in the connection table"
|
|
::= { hmSec2FirewallLearningModeVars 8 }
|
|
|
|
hmSec2FLMFreeMem OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Free Mem For Learning Data"
|
|
::= { hmSec2FirewallLearningModeVars 9 }
|
|
|
|
hmSec2FLMAnyRuleChange OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
automatic(1),
|
|
manual(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"How to handle detected accept-any rules during Learning Mode.
|
|
This can only be set during state: Data not present"
|
|
DEFVAL { automatic }
|
|
::= { hmSec2FirewallLearningModeVars 10 }
|
|
|
|
--
|
|
-- List of all MAC firewall rules --
|
|
--
|
|
hmSec2FwDiagL2Table OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2FwDiagL2Entry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Complete list of MAC firewall rules."
|
|
::= { hmSec2FirewallDiagnosticsGroup 2 }
|
|
|
|
hmSec2FwDiagL2Entry OBJECT-TYPE
|
|
SYNTAX HmSec2FwDiagL2Entry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Firewall rule"
|
|
INDEX { hmSec2FwDiagL2Index }
|
|
::= { hmSec2FwDiagL2Table 1 }
|
|
|
|
HmSec2FwDiagL2Entry ::= SEQUENCE {
|
|
hmSec2FwDiagL2Index Integer32,
|
|
hmSec2FwDiagL2Group DisplayString,
|
|
hmSec2FwDiagL2Ref Integer32,
|
|
hmSec2FwDiagL2Interface DisplayString,
|
|
hmSec2FwDiagL2SrcNet DisplayString,
|
|
hmSec2FwDiagL2DstNet DisplayString,
|
|
hmSec2FwDiagL2Proto DisplayString,
|
|
hmSec2FwDiagL2Action INTEGER,
|
|
hmSec2FwDiagL2Log INTEGER,
|
|
hmSec2FwDiagL2MatchCnt Counter32
|
|
}
|
|
|
|
hmSec2FwDiagL2Index OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Rule number in MAC firewall table"
|
|
::= { hmSec2FwDiagL2Entry 1 }
|
|
|
|
hmSec2FwDiagL2Group OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of group this rule belongs to."
|
|
::= { hmSec2FwDiagL2Entry 2 }
|
|
|
|
hmSec2FwDiagL2Ref OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reference into group (typically the rule number).
|
|
If this value is -1, then no reference exist."
|
|
::= { hmSec2FwDiagL2Entry 3 }
|
|
|
|
|
|
hmSec2FwDiagL2Interface OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..15))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Interface (or type of traffic)."
|
|
::= { hmSec2FwDiagL2Entry 4 }
|
|
|
|
|
|
hmSec2FwDiagL2SrcNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source address."
|
|
::= { hmSec2FwDiagL2Entry 5 }
|
|
|
|
hmSec2FwDiagL2DstNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination address."
|
|
::= { hmSec2FwDiagL2Entry 6 }
|
|
|
|
hmSec2FwDiagL2Proto OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..10))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Layer 2 (Ethernet) protocol"
|
|
::= { hmSec2FwDiagL2Entry 7 }
|
|
|
|
hmSec2FwDiagL2Action OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
accept(1),
|
|
drop(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action."
|
|
::= { hmSec2FwDiagL2Entry 8 }
|
|
|
|
hmSec2FwDiagL2Log OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2),
|
|
logAndTrap(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Logging."
|
|
::= { hmSec2FwDiagL2Entry 9 }
|
|
|
|
hmSec2FwDiagL2MatchCnt OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts the matches on this rule."
|
|
::= { hmSec2FwDiagL2Entry 10 }
|
|
|
|
hmSec2FwConfigGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 11 }
|
|
|
|
hmSec2FwStaticPacketCheck OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enable or disable static packet check
|
|
in the firewall (disable for performance reasons)."
|
|
DEFVAL { enable }
|
|
::= { hmSec2FwConfigGroup 1 }
|
|
|
|
hmSec2FwInternRemNumIPRules OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Remaining number of internally available IP firewall rules."
|
|
::= { hmSec2FwConfigGroup 2 }
|
|
|
|
--
|
|
-- Network group
|
|
--
|
|
hmSec2NetGeneralGroup OBJECT IDENTIFIER ::= { hmSec2Network 1 }
|
|
hmSec2NetTransparentGroup OBJECT IDENTIFIER ::= { hmSec2Network 2 }
|
|
hmSec2NetRouterGroup OBJECT IDENTIFIER ::= { hmSec2Network 3 }
|
|
hmSec2NetPPPoEGroup OBJECT IDENTIFIER ::= { hmSec2Network 4 }
|
|
hmSec2NetPPPGroup OBJECT IDENTIFIER ::= { hmSec2Network 5 }
|
|
hmSec2NetDNSClientGroup OBJECT IDENTIFIER ::= { hmSec2Network 6 }
|
|
hmSec2NetDynDNSGroup OBJECT IDENTIFIER ::= { hmSec2Network 7 }
|
|
hmSec2NetPingGroup OBJECT IDENTIFIER ::= { hmSec2Network 8 }
|
|
|
|
--
|
|
-- General Network variables
|
|
--
|
|
hmSec2NetworkMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
transparent(1),
|
|
router(2),
|
|
pppoe(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Network mode:
|
|
Transparent Mode or Routing Mode (PPPoE is also Routing Mode)"
|
|
::= { hmSec2NetGeneralGroup 1 }
|
|
|
|
hmSec2NetAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other (1),
|
|
activate (2),
|
|
flushstates (3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object, when read, always returns a value of other(1).
|
|
Setting the object to activate(2) causes a reconfiguration
|
|
of the IP protocol stack and network configuration with the
|
|
current value of hmSec2NetworkMode.
|
|
All of the further configuration depends on the used operating
|
|
mode, such as hmSec2LocalIPAddr, hmSec2GatewayIPAddr,
|
|
hmSec2NetMask, hmSec2UseVLAN and hmSec2MgmtVLANID in
|
|
Transparent Mode or the tables values out of
|
|
hmSec2NetIPInterfaceTable (defined by hmSec2NetIPInterfaceEntry)
|
|
in Router or PPPoE mode. In PPPoE mode also the PPPoE
|
|
configuration is taken into account. Additional routing
|
|
values will be used after the reconfiguration.
|
|
Setting the object to flushstates(3) causes a flush to the
|
|
Firewall and NAT state/mapping tables, which removes all
|
|
active mappings and connection entries. Clients behind the
|
|
Firewall or the NAT router will have to re-establish
|
|
their connections."
|
|
DEFVAL { other }
|
|
::= { hmSec2NetGeneralGroup 2 }
|
|
|
|
hmSec2NetDirectedBroadcasts OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enable or disable forwarding of net directed broadcasts
|
|
by the device. Remark: net directed broadcast can be used
|
|
for so called Smurf attacks.
|
|
Per default this feature is disabled
|
|
(do not allow Smurf attacks)."
|
|
DEFVAL { disable }
|
|
::= { hmSec2NetGeneralGroup 3 }
|
|
|
|
hmSec2NetIPFragmentsAllowed OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enable or disable forwarding of IP fragments
|
|
by the device.
|
|
Per default this feature is enabled."
|
|
DEFVAL { enable }
|
|
::= { hmSec2NetGeneralGroup 4 }
|
|
|
|
hmSec2NetICMPSendRedirects OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enable or disable sending of ICMP redirects
|
|
by the device, when the incoming subnet and interface
|
|
and the outgoing subnet and interface is the same
|
|
for the forwarded packet.
|
|
Per default this feature is enabled."
|
|
DEFVAL { enable }
|
|
::= { hmSec2NetGeneralGroup 5 }
|
|
|
|
hmSec2NetEtherBroadcastRoute OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Internal use only."
|
|
DEFVAL { disable }
|
|
::= { hmSec2NetGeneralGroup 6 }
|
|
|
|
hmSec2LocalIPAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP address of the management agent in transparent mode.
|
|
Changing this value will take effect after activating with hmNetAction."
|
|
DEFVAL { 'C0A80101'H } -- 192.168.1.1
|
|
::= { hmSec2NetTransparentGroup 1 }
|
|
|
|
hmSec2LocalPhysAddr OBJECT-TYPE
|
|
SYNTAX PhysAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Physical MAC-address of the agent."
|
|
::= { hmSec2NetTransparentGroup 2 }
|
|
|
|
hmSec2GatewayIPAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP address of the default gateway.
|
|
Changing this value will take effect after activating with hmNetAction."
|
|
DEFVAL { '00000000'H } -- 0.0.0.0
|
|
::= { hmSec2NetTransparentGroup 3 }
|
|
|
|
hmSec2NetMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Subnet mask.
|
|
Changing this value will take effect after activating with hmNetAction."
|
|
DEFVAL { 'FFFFFF00'H } -- 255.255.255.0
|
|
::= { hmSec2NetTransparentGroup 4 }
|
|
|
|
hmSec2UseVLAN OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Use VLAN Tag and Management VLAN ID."
|
|
DEFVAL { disable }
|
|
::= { hmSec2NetTransparentGroup 5 }
|
|
|
|
hmSec2MgmtVLANID OBJECT-TYPE
|
|
SYNTAX Integer32 (1..4094)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Management VLAN ID."
|
|
DEFVAL { 1 }
|
|
::= { hmSec2NetTransparentGroup 6 }
|
|
|
|
hmSec2NetProto OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none (1),
|
|
dhcp (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Network Protocol to obtain IP configuration.
|
|
(1) none means use fix configuration, (2) DHCP means
|
|
using DHCP in transparent mode to obtain a IP address from server."
|
|
DEFVAL { none }
|
|
::= { hmSec2NetTransparentGroup 7 }
|
|
|
|
hmSec2NetPassThroughSTP OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Passthorugh Spanning Tree Protocol BPDU frames
|
|
in Transparent Mode."
|
|
DEFVAL { enable }
|
|
::= { hmSec2NetTransparentGroup 8 }
|
|
|
|
hmSec2NetPassThroughGMRP OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Passthorugh GMRP (GARP Multicast registration protocol)
|
|
frames in Transparent Mode."
|
|
DEFVAL { disable }
|
|
::= { hmSec2NetTransparentGroup 9 }
|
|
|
|
hmSec2NetPassThroughDHCP OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Passthorugh DHCP (no DHCP server on the EAGLE)
|
|
frames in Transparent Mode."
|
|
DEFVAL { disable }
|
|
::= { hmSec2NetTransparentGroup 10 }
|
|
|
|
--
|
|
-- Network
|
|
--
|
|
|
|
hmSec2NetIPInterfaceTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2NetIPInterfaceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the IP Configuration table for
|
|
the IP interfaces."
|
|
::= { hmSec2NetRouterGroup 1 }
|
|
|
|
hmSec2NetIPInterfaceEntry OBJECT-TYPE
|
|
SYNTAX HmSec2NetIPInterfaceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the IP Configuration table for
|
|
the internal interface."
|
|
INDEX { hmSec2NetIPIfIndex }
|
|
::= { hmSec2NetIPInterfaceTable 1 }
|
|
|
|
HmSec2NetIPInterfaceEntry ::= SEQUENCE {
|
|
hmSec2NetIPIfIndex Integer32,
|
|
hmSec2NetIPIfAddr IpAddress,
|
|
hmSec2NetIPIfMask IpAddress,
|
|
hmSec2NetIPIfUseVLAN INTEGER,
|
|
hmSec2NetIPIfVLANID Integer32,
|
|
hmSec2NetIPIfNetProto INTEGER
|
|
}
|
|
|
|
hmSec2NetIPIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of IP interface in the table."
|
|
::= { hmSec2NetIPInterfaceEntry 1 }
|
|
|
|
hmSec2NetIPIfAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Internal IP address."
|
|
::= { hmSec2NetIPInterfaceEntry 2 }
|
|
|
|
|
|
hmSec2NetIPIfMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Subnet mask."
|
|
::= { hmSec2NetIPInterfaceEntry 3 }
|
|
|
|
hmSec2NetIPIfUseVLAN OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Use VLAN Tag and Management VLAN ID."
|
|
DEFVAL { disable }
|
|
::= { hmSec2NetIPInterfaceEntry 4 }
|
|
|
|
hmSec2NetIPIfVLANID OBJECT-TYPE
|
|
SYNTAX Integer32 (1..4094)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Management VLAN ID."
|
|
DEFVAL { 1 }
|
|
::= { hmSec2NetIPInterfaceEntry 5 }
|
|
|
|
hmSec2NetIPIfNetProto OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none (1),
|
|
dhcp (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Network Protocol to obtain IP configuration.
|
|
(1) none means use fix configuration, (2) DHCP means
|
|
using DHCP on this interface to obtain a IP address from server."
|
|
::= { hmSec2NetIPInterfaceEntry 6 }
|
|
|
|
|
|
--
|
|
-- Additional IP Addresses for the interfaces table
|
|
--
|
|
hmSec2NetIPAliasesTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2NetIPAliasesEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains additional IP Configuration for
|
|
the IP interfaces."
|
|
::= { hmSec2NetRouterGroup 2 }
|
|
|
|
hmSec2NetIPAliasesEntry OBJECT-TYPE
|
|
SYNTAX HmSec2NetIPAliasesEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains additional IP Configuration for
|
|
the IP interfaces."
|
|
INDEX { hmSec2NetIPAliasIfIndex, hmSec2NetIPAliasAddr }
|
|
::= { hmSec2NetIPAliasesTable 1 }
|
|
|
|
HmSec2NetIPAliasesEntry ::= SEQUENCE {
|
|
hmSec2NetIPAliasIfIndex Integer32,
|
|
hmSec2NetIPAliasAddr IpAddress,
|
|
hmSec2NetIPAliasMask IpAddress,
|
|
hmSec2NetIPAliasUseVLAN INTEGER,
|
|
hmSec2NetIPAliasVLANID Integer32,
|
|
hmSec2NetIPAliasRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2NetIPAliasIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of IP interface in the table."
|
|
::= { hmSec2NetIPAliasesEntry 1 }
|
|
|
|
hmSec2NetIPAliasAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Internal IP address."
|
|
::= { hmSec2NetIPAliasesEntry 2 }
|
|
|
|
|
|
hmSec2NetIPAliasMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Subnet mask."
|
|
::= { hmSec2NetIPAliasesEntry 3 }
|
|
|
|
hmSec2NetIPAliasUseVLAN OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Use VLAN Tag and Management VLAN ID."
|
|
DEFVAL { disable }
|
|
::= { hmSec2NetIPAliasesEntry 4 }
|
|
|
|
hmSec2NetIPAliasVLANID OBJECT-TYPE
|
|
SYNTAX Integer32 (1..4094)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Management VLAN ID."
|
|
DEFVAL { 1 }
|
|
::= { hmSec2NetIPAliasesEntry 5 }
|
|
|
|
hmSec2NetIPAliasRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status for the table entry
|
|
The configuration is been taken,
|
|
when the row status is set to active."
|
|
::= { hmSec2NetIPAliasesEntry 6 }
|
|
|
|
|
|
|
|
--
|
|
-- Some more Network Variables for the external interface
|
|
--
|
|
hmSec2NetRouterExternalGroup OBJECT IDENTIFIER ::= { hmSec2NetRouterGroup 3 }
|
|
|
|
hmSec2NetRtrExternalGateway OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP address of the default gateway for the external interface.
|
|
Changing this value will take effect after activating with hmNetAction."
|
|
DEFVAL { '00000000'H } -- 0.0.0.0
|
|
::= { hmSec2NetRouterExternalGroup 1 }
|
|
|
|
hmSec2NetRtrExtTrapAddr OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Use the external router IP address as agent address
|
|
for sending SNMP v1 traps."
|
|
DEFVAL { disable }
|
|
::= { hmSec2NetRouterExternalGroup 2 }
|
|
|
|
--
|
|
-- Additional Routing entries for the system routing table
|
|
--
|
|
hmSec2NetIPRouteTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2NetIPRouteEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains additional Routing Configuration for
|
|
the IP interfaces."
|
|
::= { hmSec2NetRouterGroup 4 }
|
|
|
|
hmSec2NetIPRouteEntry OBJECT-TYPE
|
|
SYNTAX HmSec2NetIPRouteEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains additional IP Configuration for
|
|
the IP interfaces."
|
|
INDEX { hmSec2NetIPRouteIfIndex, hmSec2NetIPRouteAddr, hmSec2NetIPRouteMask }
|
|
::= { hmSec2NetIPRouteTable 1 }
|
|
|
|
HmSec2NetIPRouteEntry ::= SEQUENCE {
|
|
hmSec2NetIPRouteIfIndex Integer32,
|
|
hmSec2NetIPRouteAddr IpAddress,
|
|
hmSec2NetIPRouteMask IpAddress,
|
|
hmSec2NetIPRouteGateway IpAddress,
|
|
hmSec2NetIPRouteRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2NetIPRouteIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of IP interface in the table."
|
|
::= { hmSec2NetIPRouteEntry 1 }
|
|
|
|
hmSec2NetIPRouteAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Network IP address."
|
|
::= { hmSec2NetIPRouteEntry 2 }
|
|
|
|
|
|
hmSec2NetIPRouteMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Network subnet mask."
|
|
::= { hmSec2NetIPRouteEntry 3 }
|
|
|
|
hmSec2NetIPRouteGateway OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Gateway to be used for this network."
|
|
::= { hmSec2NetIPRouteEntry 4 }
|
|
|
|
hmSec2NetIPRouteRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status for the table entry.
|
|
The configuration is been taken,
|
|
when the row status is set to active."
|
|
::= { hmSec2NetIPRouteEntry 5 }
|
|
|
|
|
|
--
|
|
-- PPPoE configuration
|
|
--
|
|
hmSec2PPPoEUsername OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"PPPoE login configuration user name"
|
|
::= { hmSec2NetPPPoEGroup 1 }
|
|
|
|
hmSec2PPPoEPassword OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..32))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"PPPoE login configuration password"
|
|
::= { hmSec2NetPPPoEGroup 2 }
|
|
|
|
hmSec2PPPoEMTU OBJECT-TYPE
|
|
SYNTAX INTEGER (60..1500)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"PPPoE Interface MTU preconfigured value."
|
|
DEFVAL { 1492 }
|
|
::= { hmSec2NetPPPoEGroup 3 }
|
|
|
|
hmSec2PPPoEIfAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Provider assigned IP address on PPPoE interface."
|
|
::= { hmSec2NetPPPoEGroup 4 }
|
|
|
|
hmSec2PPPoEIfMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Provider assigned subnet mask."
|
|
::= { hmSec2NetPPPoEGroup 5 }
|
|
|
|
hmSec2PPPoEGateway OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Provider assigned gateway address."
|
|
::= { hmSec2NetPPPoEGroup 6 }
|
|
|
|
hmSec2PPPoEStatus OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Current state of PPPoE interface."
|
|
::= { hmSec2NetPPPoEGroup 7 }
|
|
|
|
hmSec2PPPoEDisconAdminState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"PPPoE automatic disconnect admin state.
|
|
When enabled an automatic disconnect will be performed every
|
|
day at the specified hour (if PPPoE connection is up only)."
|
|
DEFVAL { disable }
|
|
::= { hmSec2NetPPPoEGroup 8 }
|
|
|
|
hmSec2PPPoEDisconHour OBJECT-TYPE
|
|
SYNTAX INTEGER (0..23)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"PPPoE automatic disconnect hour setting."
|
|
DEFVAL { 0 }
|
|
::= { hmSec2NetPPPoEGroup 9 }
|
|
|
|
--
|
|
-- PPP configuration
|
|
--
|
|
hmSec2PPPUsername OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"PPP login configuration user name"
|
|
::= { hmSec2NetPPPGroup 1 }
|
|
|
|
hmSec2PPPPassword OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..32))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"PPP login configuration password"
|
|
::= { hmSec2NetPPPGroup 2 }
|
|
|
|
hmSec2PPPLocalIPAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Local IP address for PPP configuration."
|
|
DEFVAL { 'C0A80201'H } -- 192.168.2.1
|
|
::= { hmSec2NetPPPGroup 3 }
|
|
|
|
hmSec2PPPRemoteIPAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Remote IP address for PPP configuration."
|
|
DEFVAL { 'C0A80202'H } -- 192.168.2.2
|
|
::= { hmSec2NetPPPGroup 4 }
|
|
|
|
hmSec2PPPModemAdminState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Allow Modem on serial interface or not.
|
|
The configuration will be taken, when
|
|
hmSec2NetAction variable is set to
|
|
activate."
|
|
DEFVAL { disable }
|
|
::= { hmSec2NetPPPGroup 5 }
|
|
|
|
hmSec2PPPModemBaudRate OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
b19200(1),
|
|
b38400(2),
|
|
b57600(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Modem speed on serial connection to be used."
|
|
DEFVAL { b57600 }
|
|
::= { hmSec2NetPPPGroup 6 }
|
|
|
|
hmSec2PPPMTU OBJECT-TYPE
|
|
SYNTAX INTEGER (60..1500)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"PPP Interface MTU preconfigured value."
|
|
DEFVAL { 1500 }
|
|
::= { hmSec2NetPPPGroup 7 }
|
|
|
|
hmSec2PPPStatus OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Current state of PPP interface."
|
|
::= { hmSec2NetPPPGroup 8 }
|
|
|
|
hmSec2PPPModemFlowControl OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
off(1),
|
|
rtscts(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Modem flow control on serial connection to be used.
|
|
Off disable all flow control options.
|
|
RTS/CTS means hardware flow control."
|
|
DEFVAL { off }
|
|
::= { hmSec2NetPPPGroup 9 }
|
|
|
|
--
|
|
-- DNS Client Definitions --
|
|
--
|
|
|
|
hmSec2DNSClientServer1 OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The first DNS Server to use."
|
|
DEFVAL { '00000000'H } -- 0.0.0.0
|
|
::= { hmSec2NetDNSClientGroup 1 }
|
|
|
|
hmSec2DNSClientServer2 OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The second DNS Server to use."
|
|
DEFVAL { '00000000'H } -- 0.0.0.0
|
|
::= { hmSec2NetDNSClientGroup 2 }
|
|
|
|
hmSec2DNSClientServer3 OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The third DNS Server to use."
|
|
DEFVAL { '00000000'H } -- 0.0.0.0
|
|
::= { hmSec2NetDNSClientGroup 3 }
|
|
|
|
hmSec2DNSClientServer4 OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth DNS Server to use."
|
|
DEFVAL { '00000000'H } -- 0.0.0.0
|
|
::= { hmSec2NetDNSClientGroup 4 }
|
|
|
|
hmSec2DNSClientConfigSource OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
user(1),
|
|
provider(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"DNS Client configuration source.
|
|
If the value is set to user(1),
|
|
then the variables hmSec2DNSClientServer1
|
|
to hmSec2DNSClientServer4 will be used.
|
|
If the value is set to provider(2), then
|
|
the DNS configuration comes from the
|
|
access protocol like PPP or PPPoE.
|
|
The configuration will be taken, when
|
|
hmSec2NetAction variable is set to
|
|
activate."
|
|
DEFVAL { provider }
|
|
::= { hmSec2NetDNSClientGroup 5 }
|
|
|
|
--
|
|
-- DynDNS configuration
|
|
--
|
|
hmSec2DynDNSProvider OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
dyndns-org (1),
|
|
other (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of DynDNS provider to be used."
|
|
DEFVAL { dyndns-org }
|
|
::= { hmSec2NetDynDNSGroup 1 }
|
|
|
|
hmSec2DynDNSRegister OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables or disables the DynDNS service. When enabled
|
|
the host is registered at the DynDNS server.
|
|
"
|
|
DEFVAL { disable }
|
|
::= { hmSec2NetDynDNSGroup 2 }
|
|
|
|
hmSec2DynDNSServer OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The DynDNS server which provides the service to register
|
|
the IP address of this host."
|
|
::= { hmSec2NetDynDNSGroup 3 }
|
|
|
|
hmSec2DynDNSLogin OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The DynDNS server login name for the registration to
|
|
the DynDNS service."
|
|
::= { hmSec2NetDynDNSGroup 4 }
|
|
|
|
hmSec2DynDNSPassword OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The DynDNS server password for the registration to
|
|
the DynDNS service."
|
|
::= { hmSec2NetDynDNSGroup 5 }
|
|
|
|
hmSec2DynDNSHostname OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The DynDNS host name to be registered with the IP address
|
|
to the DynDNS service."
|
|
::= { hmSec2NetDynDNSGroup 6 }
|
|
|
|
hmSec2DynDNSRefresh OBJECT-TYPE
|
|
SYNTAX Integer32 (1..6000)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Refresh interval for checking the IP address.
|
|
The refresh interval is counted in minutes."
|
|
DEFVAL { 10 }
|
|
::= { hmSec2NetDynDNSGroup 7 }
|
|
|
|
hmSec2DynDNSStatus OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The DynDNS registration status."
|
|
::= { hmSec2NetDynDNSGroup 8 }
|
|
|
|
hmSec2DynDNSCheckIPServer OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The CheckIP server which provides the service to detect
|
|
the IP address of this host seen from the outside."
|
|
::= { hmSec2NetDynDNSGroup 9 }
|
|
|
|
--
|
|
-- ping functionality
|
|
--
|
|
hmSec2NetPingSourceAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP address for ping command.
|
|
0.0.0.0 means no source address given."
|
|
DEFVAL { '00000000'H } -- 0.0.0.0
|
|
::= { hmSec2NetPingGroup 1 }
|
|
|
|
hmSec2NetPingDestAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP address for ping command."
|
|
DEFVAL { '00000000'H } -- 0.0.0.0
|
|
::= { hmSec2NetPingGroup 2 }
|
|
|
|
hmSec2NetPingAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other (1),
|
|
activate (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If set to activate(2), the ping will be started.
|
|
When read, this variable returns always other(1)."
|
|
DEFVAL { other }
|
|
::= { hmSec2NetPingGroup 3 }
|
|
|
|
hmSec2NetPingActionStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
idle (1),
|
|
pinging (2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Returns, if a ping command is running at the monent
|
|
(pinging) or if the ping functionality is not running (idle)."
|
|
::= { hmSec2NetPingGroup 4 }
|
|
|
|
hmSec2NetPingResult OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
init (1),
|
|
reachable (2),
|
|
unreachable (3),
|
|
pinging (4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Returns the result of the last ping operation.
|
|
If the ping has been successful
|
|
(host is reachable through ping) or ping has failed
|
|
(host is not reachable through ping)."
|
|
::= { hmSec2NetPingGroup 5 }
|
|
|
|
hmSec2NetPingResultText OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Returns the result of the last ping operation as text."
|
|
::= { hmSec2NetPingGroup 6 }
|
|
|
|
--
|
|
-- VPN Definitions --
|
|
--
|
|
hmSec2VpnGroup OBJECT IDENTIFIER ::= { hmSec2Vpn 1 }
|
|
hmSec2VpnGeneralGroup OBJECT IDENTIFIER ::= { hmSec2VpnGroup 1 }
|
|
hmSec2VpnConnGroup OBJECT IDENTIFIER ::= { hmSec2VpnGroup 2 }
|
|
hmSec2VpnTrafficSelGroup OBJECT IDENTIFIER ::= { hmSec2VpnGroup 3 }
|
|
hmSec2VpnCertificateGroup OBJECT IDENTIFIER ::= { hmSec2VpnGroup 4 }
|
|
--
|
|
-- VPN general group
|
|
--
|
|
|
|
hmSec2VpnRemoteCtlPwd OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..32))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"VPN Remote Control Password.
|
|
This object will always return '********' even if a password is set.
|
|
Setting this object to a 'zero' string deactivates the remote control
|
|
function."
|
|
::= { hmSec2VpnGeneralGroup 1 }
|
|
|
|
hmSec2VpnLEDIndication OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"LED indication for VPN connection active.
|
|
If at least one VPN connection is active und up,
|
|
the EAGLE will signalize this with its STATUS LED
|
|
blinking yellow and green when the feature is enabled."
|
|
::= { hmSec2VpnGeneralGroup 2 }
|
|
|
|
hmSec2VpnModeConfigPool OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { hmSec2VpnGeneralGroup 3 }
|
|
|
|
hmSec2VpnInputServiceMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
powersupply(1),
|
|
digitalinput-low(2),
|
|
digitalinput-high(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Select the source which shall be used to activate VPN
|
|
service mode connections.
|
|
Redundant power supply (power off -> service mode active),
|
|
low level on digital input (set to 0 -> service mode active)
|
|
or high level on digital input (set to 1 -> service mode active)."
|
|
DEFVAL { powersupply }
|
|
::= { hmSec2VpnGeneralGroup 4 }
|
|
|
|
|
|
--
|
|
-- VPN traffic selector group
|
|
--
|
|
|
|
hmSec2VpnTrafficSelTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2VpnTrafficSelEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of traffic selectors. For details on the
|
|
role of traffic selectors in IPsec protocol see
|
|
RFC 2409, section 5.5 and RFC 4306, section 2.9."
|
|
::= { hmSec2VpnTrafficSelGroup 1 }
|
|
|
|
hmSec2VpnTrafficSelEntry OBJECT-TYPE
|
|
SYNTAX HmSec2VpnTrafficSelEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A traffic selector entry. A traffic selector
|
|
defines the subnet/host addresses for which
|
|
this IPSec connection (SA) is responsible."
|
|
INDEX { hmSec2VpnConnIndex, hmSec2VpnTrafficSelIndex }
|
|
::= { hmSec2VpnTrafficSelTable 1 }
|
|
|
|
HmSec2VpnTrafficSelEntry ::= SEQUENCE {
|
|
hmSec2VpnTrafficSelIndex INTEGER,
|
|
hmSec2VpnTrafficSelSrcAddr DisplayString,
|
|
hmSec2VpnTrafficSelDstAddr DisplayString,
|
|
hmSec2VpnTrafficSelSrcPort DisplayString,
|
|
hmSec2VpnTrafficSelDstPort DisplayString,
|
|
hmSec2VpnTrafficSelProto DisplayString,
|
|
hmSec2VpnTrafficSelPolicy DisplayString,
|
|
hmSec2VpnTrafficSelDesc DisplayString,
|
|
hmSec2VpnTrafficSelRowStatus RowStatus,
|
|
hmSec2VpnTrafficSelSrcMapping DisplayString,
|
|
hmSec2VpnTrafficSelDstMapping DisplayString
|
|
}
|
|
|
|
hmSec2VpnTrafficSelIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that (together with the connection
|
|
index hmSec2VpnConnIndex) identifies the entry
|
|
in the traffic selector table. This index can
|
|
be choosen freely, but must be greater than 0."
|
|
::= { hmSec2VpnTrafficSelEntry 1 }
|
|
|
|
|
|
hmSec2VpnTrafficSelSrcAddr OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Host or subnet address in CIDR notation (a.b.c.d/n)
|
|
for which this traffic descriptor (and the
|
|
associated VPN connection) is responsible. This
|
|
address is compared to the source address of
|
|
IP packets sent, when determining the associated
|
|
IPsec and IKE-SA. The special keyword 'any' means
|
|
that the address comparision always matches."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2VpnTrafficSelEntry 3 }
|
|
|
|
|
|
hmSec2VpnTrafficSelDstAddr OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Host or subnet address in CIDR notation (a.b.c.d/n)
|
|
for which this traffic descriptor (and the
|
|
associated VPN connection) is responsible. This
|
|
address is compared to the destination address of
|
|
IP packets sent, when determining the associated
|
|
IPsec and IKE-SA. The special keyword 'any' means
|
|
that the address comparision always matches."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2VpnTrafficSelEntry 4 }
|
|
|
|
|
|
hmSec2VpnTrafficSelSrcPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source port as a decimal number in range 1 - 65535, the
|
|
keyword 'any' for a port-independent policy (equivalent to
|
|
port number 0), or one of the following aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)"
|
|
DEFVAL { "any" }
|
|
::= { hmSec2VpnTrafficSelEntry 5 }
|
|
|
|
|
|
hmSec2VpnTrafficSelDstPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination port as a decimal number in range 0 - 65535,
|
|
the keyword 'any' for a port-independent policy (equivalent to
|
|
port number 0), or one of the following aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)"
|
|
DEFVAL { "any" }
|
|
::= { hmSec2VpnTrafficSelEntry 6 }
|
|
|
|
|
|
hmSec2VpnTrafficSelProto OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..10))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP protocol (RFC 791) as a decimal number in range 0 - 255
|
|
or a hexadecimal number in range 0x00 - 0xff, a protocol name
|
|
or the keyword 'any' for a protocol-independent policy. The
|
|
following protocol names are currently supported:
|
|
o 'icmp': internet control message protocol (RFC 792)
|
|
o 'tcp': transmission control protocol (RFC 793)
|
|
o 'udp': user datagram protocol (RFC 768)
|
|
o 'icmpv6': internet control message protocol for IPv6"
|
|
DEFVAL { "any" }
|
|
::= { hmSec2VpnTrafficSelEntry 7 }
|
|
|
|
|
|
hmSec2VpnTrafficSelPolicy OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..10))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Policy to apply to the matching traffic.
|
|
The following policies are currently supported:
|
|
o 'require': require encryption of the traffic. If the tunnel or
|
|
traffic selector is down the traffic will discarded.
|
|
o 'use': use encryption if possible else route the traffic unencrypted."
|
|
DEFVAL { "require" }
|
|
::= { hmSec2VpnTrafficSelEntry 8 }
|
|
|
|
|
|
hmSec2VpnTrafficSelDesc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User defined text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2VpnTrafficSelEntry 9 }
|
|
|
|
|
|
hmSec2VpnTrafficSelRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status of this table entry. Only traffic
|
|
selector entries with an 'active' row status will
|
|
be considered if the connections row status is set
|
|
'active'. Independent of that dependency any value
|
|
in this entry can be changed only if the row
|
|
status is not 'active'."
|
|
::= { hmSec2VpnTrafficSelEntry 10 }
|
|
|
|
|
|
hmSec2VpnTrafficSelSrcMapping OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Optional mapping for the source address in CIDR
|
|
notation (a.b.c.d/n) for a given traffic descriptor.
|
|
If set, the IP source address of outgoing packets
|
|
will be replaced according to this MIB object.
|
|
For incoming packets the mapping will be reversed.
|
|
Default is a string of size 0, i.e. mapping disabled."
|
|
DEFVAL { "" }
|
|
::= { hmSec2VpnTrafficSelEntry 11 }
|
|
|
|
|
|
hmSec2VpnTrafficSelDstMapping OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Optional mapping for the destination address in CIDR
|
|
notation (a.b.c.d/n) for a given traffic descriptor.
|
|
If set, the IP destination address of outgoing packets
|
|
will be replaced according to this MIB object.
|
|
For incoming packets the mapping will be reversed.
|
|
Default is a string of size 0, i.e. mapping disabled."
|
|
DEFVAL { "" }
|
|
::= { hmSec2VpnTrafficSelEntry 12 }
|
|
|
|
|
|
--
|
|
-- VPN connection group
|
|
--
|
|
hmSec2VpnConnMax OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Maximum number of VPN connections
|
|
supported. Notice that the maximum number of
|
|
active and up VPN connections is limited
|
|
to 64."
|
|
DEFVAL { 256 }
|
|
::= { hmSec2VpnConnGroup 1 }
|
|
|
|
|
|
hmSec2VpnConnNext OBJECT-TYPE
|
|
SYNTAX INTEGER (0..256)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object always holds an appropriate value to be
|
|
used for hmSec2VpnConnIndex when creating entries
|
|
in the hmSec2VpnConnTable. The value 0 indicates
|
|
that no unassigned entries are available. To
|
|
obtain the hmSec2VpnConnIndex value for a new
|
|
entry, the management station issues a SNMP
|
|
retrieval operation to obtain the current value of
|
|
this object. After each row creation or deletion
|
|
the agent modifies the value to the next
|
|
unassigned index."
|
|
::= { hmSec2VpnConnGroup 2 }
|
|
|
|
|
|
hmSec2VpnConnTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2VpnConnEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of VPN connections."
|
|
::= { hmSec2VpnConnGroup 3 }
|
|
|
|
hmSec2VpnConnEntry OBJECT-TYPE
|
|
SYNTAX HmSec2VpnConnEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A VPN connection entry."
|
|
INDEX { hmSec2VpnConnIndex }
|
|
::= { hmSec2VpnConnTable 1 }
|
|
|
|
HmSec2VpnConnEntry ::= SEQUENCE {
|
|
hmSec2VpnConnIndex INTEGER,
|
|
hmSec2VpnConnIkeVersion INTEGER,
|
|
hmSec2VpnConnIkeStartup INTEGER,
|
|
hmSec2VpnConnIkeCompat INTEGER,
|
|
hmSec2VpnConnIkeLifetime INTEGER,
|
|
hmSec2VpnConnIkeDpdTimeout INTEGER,
|
|
hmSec2VpnConnIkeLocalAddr DisplayString,
|
|
hmSec2VpnConnIkeRemoteAddr DisplayString,
|
|
hmSec2VpnConnIkeAuthType INTEGER,
|
|
hmSec2VpnConnIkeAuthMode INTEGER,
|
|
hmSec2VpnConnIkeAuthCertCA OCTET STRING,
|
|
hmSec2VpnConnIkeAuthCertRemote OCTET STRING,
|
|
hmSec2VpnConnIkeAuthCertLocal OCTET STRING,
|
|
hmSec2VpnConnIkeAuthPrivKey OCTET STRING,
|
|
hmSec2VpnConnIkeAuthPasswd DisplayString, -- never saved
|
|
hmSec2VpnConnIkeAuthPsk DisplayString,
|
|
hmSec2VpnConnIkeAuthLocId DisplayString,
|
|
hmSec2VpnConnIkeAuthLocType INTEGER,
|
|
hmSec2VpnConnIkeAuthRemId DisplayString,
|
|
hmSec2VpnConnIkeAuthRemType INTEGER,
|
|
hmSec2VpnConnIkeAlgDh INTEGER,
|
|
hmSec2VpnConnIkeAlgHash INTEGER,
|
|
hmSec2VpnConnIkeAlgMac INTEGER,
|
|
hmSec2VpnConnIkeAlgEncr INTEGER,
|
|
hmSec2VpnConnIpsecMode INTEGER,
|
|
hmSec2VpnConnIpsecNatTraversal INTEGER,
|
|
hmSec2VpnConnIpsecLifetime INTEGER,
|
|
hmSec2VpnConnIpsecAlgDh INTEGER,
|
|
hmSec2VpnConnIpsecAlgMac INTEGER,
|
|
hmSec2VpnConnIpsecAlgEncr INTEGER,
|
|
hmSec2VpnConnOperStatus INTEGER,
|
|
hmSec2VpnConnDesc DisplayString,
|
|
hmSec2VpnConnRowStatus RowStatus,
|
|
hmSec2VpnConnServiceMode INTEGER
|
|
}
|
|
|
|
hmSec2VpnConnIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (1..256)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that uniquely identifies the entry in the
|
|
table."
|
|
::= { hmSec2VpnConnEntry 1 }
|
|
|
|
|
|
hmSec2VpnConnIkeVersion OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
auto(1),
|
|
v1(2),
|
|
v2(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Version of the IKE protocol:
|
|
o auto: accept IKEv1/v2 as responder, start with IKEv1 as initiator
|
|
o v1: used protocol is IKE version 1 (ISAKMP)
|
|
o v2: used protocol is IKE version 2"
|
|
DEFVAL { auto }
|
|
::= { hmSec2VpnConnEntry 2 }
|
|
|
|
|
|
hmSec2VpnConnIkeStartup OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
initiator(1),
|
|
responder(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If this host acts as a responder it does not
|
|
initiate a key exchange (IKE) nor connection
|
|
parameters negotiation. Otherwise, this host acts
|
|
as an initiator - then it initiates an IKE
|
|
actively."
|
|
DEFVAL { responder }
|
|
::= { hmSec2VpnConnEntry 3 }
|
|
|
|
|
|
hmSec2VpnConnIkeCompat OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
on(1),
|
|
off(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Compatibility mode for older IPsec clients."
|
|
DEFVAL { off }
|
|
::= { hmSec2VpnConnEntry 4 }
|
|
|
|
|
|
hmSec2VpnConnIkeLifetime OBJECT-TYPE
|
|
SYNTAX INTEGER ( 1..86400)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Lifetime of IKE security association in seconds.
|
|
The maximum value is 24 hours (86400 seconds)."
|
|
DEFVAL { 28800 } -- 8 hours
|
|
::= { hmSec2VpnConnEntry 5 }
|
|
|
|
|
|
hmSec2VpnConnIkeDpdTimeout OBJECT-TYPE
|
|
SYNTAX INTEGER ( 0..86400) -- max. 24 hours
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If greater than zero, the local peer sends Dead
|
|
Peer Detection (DPD) messages (according to RFC
|
|
3706) to the remote peer. This value specifies
|
|
the timeout in seconds, the remote peer is
|
|
declared dead, if not responding. The value 0
|
|
disables this feature."
|
|
DEFVAL { 120 }
|
|
::= { hmSec2VpnConnEntry 6 }
|
|
|
|
|
|
hmSec2VpnConnIkeLocalAddr OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Hostname (FQDN) or IP address of local
|
|
security gateway. If the value is 'any', then the
|
|
primary IP address of external interface is
|
|
used. In the case that this address is assigned
|
|
dynamically by a DHCP server, the setup of the VPN
|
|
connection is delayed until a valid IP address is
|
|
assigned. Establishing the connection may also be
|
|
delayed until the hostname (if specified) can be
|
|
resolved."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2VpnConnEntry 7 }
|
|
|
|
|
|
hmSec2VpnConnIkeRemoteAddr OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Typically the hostname (FQDN) or IP address of
|
|
remote security gateway. If this value is 'any',
|
|
then any IP address is accepted when establishing
|
|
an IKE-SA as responder. Also a network in CIDR
|
|
notation, to be accepted when establishing the
|
|
IKE-SA, is allowed as responder. As initiator
|
|
such values are not allowed. Establishing the VPN
|
|
connection may be delayed until the hostname (if
|
|
specified) can be resolved."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2VpnConnEntry 8 }
|
|
|
|
|
|
hmSec2VpnConnIkeAuthType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
psk(1),
|
|
x509rsa(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of authentication to be used (X.509 RSA
|
|
certificates or pre-shared key)."
|
|
DEFVAL { psk }
|
|
::= { hmSec2VpnConnEntry 9 }
|
|
|
|
|
|
hmSec2VpnConnIkeAuthMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
mainaggressive(1),
|
|
main(2),
|
|
aggressive(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The phase 1 exchange mode to be used."
|
|
DEFVAL { mainaggressive }
|
|
::= { hmSec2VpnConnEntry 10 }
|
|
|
|
|
|
hmSec2VpnConnIkeAuthCertCA OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..6144))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"PEM encoded X.509 certificate (RFC 1422),
|
|
if authentication type in 'hmSec2VpnConnIkeAuthType'
|
|
is 'x509rsa'. This certificate is used for RSA based
|
|
signature verification in local and remote
|
|
certificates."
|
|
DEFVAL { "" }
|
|
::= { hmSec2VpnConnEntry 11 }
|
|
|
|
|
|
hmSec2VpnConnIkeAuthCertRemote OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..6144))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"PEM encoded X.509 certificate (RFC 1422),
|
|
if authentication type in 'hmSec2VpnConnIkeAuthType'
|
|
is 'x509rsa'. This certificate is used for RSA based
|
|
authentication of remote peer at the local side.
|
|
This certificate binds the identity of remote peer
|
|
to it's public key. It is optional because typically
|
|
send by the remote peer while negotiating an
|
|
ISAKMP/IKE security association."
|
|
DEFVAL { "" }
|
|
::= { hmSec2VpnConnEntry 12 }
|
|
|
|
|
|
hmSec2VpnConnIkeAuthCertLocal OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..6144))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"PEM encoded X.509 certificate (RFC 1422)
|
|
to be used, if authentication type in
|
|
'hmSec2VpnConnIkeAuthType' is 'x509rsa'. This
|
|
certificate is used for RSA based authentication
|
|
of local peer at the remote side. The
|
|
certificate binds the identity of local peer to
|
|
it's public key, signed by the certification
|
|
authority (CA) from 'hmSec2VpnConnIkeAuthCertCA'."
|
|
DEFVAL { "" }
|
|
::= { hmSec2VpnConnEntry 13 }
|
|
|
|
|
|
hmSec2VpnConnIkeAuthPrivKey OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..6144))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"PEM encoded RSA private key (PKCS 1) to be used, if
|
|
authentication type in 'hmSec2VpnConnIkeAuthType' is
|
|
'x509rsa'. Notice that this object is write-only
|
|
and encrypted with 'hmSec2VpnConnIkeAuthPasswd'."
|
|
DEFVAL { "" }
|
|
::= { hmSec2VpnConnEntry 14 }
|
|
|
|
hmSec2VpnConnIkeAuthPasswd OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Passphrase to be used for decryption of private key
|
|
from 'hmSec2VpnConnIkeAuthPrivKey'. The passphrase must
|
|
be set before the private key is set, else the SNMP
|
|
operation fails."
|
|
DEFVAL { "" }
|
|
::= { hmSec2VpnConnEntry 15 }
|
|
|
|
|
|
hmSec2VpnConnIkeAuthPsk OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Preshared key (passphrase) to be used if
|
|
authentication type in 'hmSec2VpnConnIkeAuthType'
|
|
is 'psk'."
|
|
DEFVAL { "" }
|
|
::= { hmSec2VpnConnEntry 16 }
|
|
|
|
|
|
hmSec2VpnConnIkeAuthLocId OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Local peer identifier to be sent within ID
|
|
payload during negotiation. The ID payload is
|
|
used to identify the initiator of the security
|
|
association. The identity is used by the
|
|
responder to determine the correct host system
|
|
security policy requirement for the association
|
|
(see RFC 2407, section 4.6.2 for details when
|
|
using IKEv1 and RFC 4306, section 3.5 for IKEv2).
|
|
Allowed formats for this object depend on
|
|
'hmSec2VpnConnIkeAuthLocType':
|
|
o default: don't care
|
|
o ipaddr: IPv4 address
|
|
o keyid: key identifier
|
|
o fqdn: fully qualified domain name
|
|
o email: fully qualified RFC 822 email address
|
|
o asn1dn: X.500 distinguished name (DN)
|
|
|
|
If 'hmSec2VpnConnIkeAuthLocType' is 'asn1dn':
|
|
o and 'hmSec2VpnConnIkeAuthLocId' a character
|
|
string, then a typical X.500 distinguished name
|
|
syntax has to be used, e.g. CN=XY-D,C=DE,L=NT,
|
|
ST=BW,O=COMPANY,OU=DEV,E=testuser@company.com);
|
|
o and 'hmSec2VpnConnIkeAuthLocId' is a hex string with prefix,
|
|
then the associated distinguished name must be
|
|
DER encoded (see RFC 2459);
|
|
o and 'hmSec2VpnConnIkeAuthLocId' is empty, then
|
|
the distinguished name from the certificate in
|
|
'hmSec2VpnConnIkeAuthCertLocal' is used here."
|
|
DEFVAL { "" }
|
|
::= { hmSec2VpnConnEntry 17 }
|
|
|
|
|
|
hmSec2VpnConnIkeAuthLocType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
default(1),
|
|
ipaddr(2),
|
|
keyid(3),
|
|
fqdn(4),
|
|
email(5),
|
|
asn1dn(6)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of local peer identifier in 'hmSec2VpnConnIkeAuthLocId':
|
|
o default: If 'hmSec2VpnConnIkeAuthType' is 'psk' then
|
|
use the IP address from 'hmSec2VpnConnIkeLocalAddr'
|
|
as local identifier. In case of 'x509rsa' use the
|
|
DN from local certificate in 'hmSec2VpnConnIkeAuthCertLocal'.
|
|
o ipaddr: IPv4 address
|
|
o keyid: key identifier
|
|
o fqdn: fully qualified domain name
|
|
o email: fully qualified RFC 822 email address
|
|
o asn1dn: X.500 distinguished name (DN).
|
|
|
|
For further information see RFC 2407, section 4.6.2"
|
|
DEFVAL { default }
|
|
::= { hmSec2VpnConnEntry 18 }
|
|
|
|
|
|
hmSec2VpnConnIkeAuthRemId OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Remote peer identifier to be compared with ID
|
|
payload during negotiation. The ID payload is
|
|
used to identify the initiator of the security
|
|
association. The identity is used by the
|
|
responder to determine the correct host system
|
|
security policy requirement for the association
|
|
(see RFC 2407, section 4.6.2 for details when
|
|
using IKEv1 and RFC 4306, section 3.5 for IKEv2).
|
|
Allowed formats for this entry depend on
|
|
'hmSec2VpnConnIkeAuthRemType':
|
|
o any: don't care
|
|
o ipaddr: IPv4 address
|
|
o keyid: key identifier
|
|
o fqdn: fully qualified domain name
|
|
o email: fully qualified RFC 822 email address
|
|
o asn1dn: X.500 distinguished name (DN)
|
|
|
|
If 'hmSec2VpnConnIkeAuthRemType' is 'asn1dn':
|
|
o and 'hmSec2VpnConnIkeAuthRemId' a character
|
|
string, then a typical X.500 distinguished name
|
|
syntax has to be used, e.g. CN=XY-D,C=DE,L=NT,
|
|
ST=BW,O=COMPANY,OU=DEV,E=testuser@company.com);
|
|
o and 'hmSec2VpnConnIkeAuthRemId' is a hex string with prefix 0x,
|
|
then the associated distinguished name must be
|
|
DER encoded (see RFC 2459);
|
|
o and 'hmSec2VpnConnIkeAuthRemId' is empty, then
|
|
the distinguished name from the certificate in
|
|
'hmSec2VpnConnIkeAuthCertRemote' is used here;
|
|
o then the subject from received certificate (remote
|
|
peer distinguished name) is compared against this
|
|
value."
|
|
DEFVAL { "" }
|
|
::= { hmSec2VpnConnEntry 19 }
|
|
|
|
|
|
hmSec2VpnConnIkeAuthRemType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
ipaddr(2),
|
|
keyid(3),
|
|
fqdn(4),
|
|
email(5),
|
|
asn1dn(6)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of remote peer identifier in hmSec2VpnConnIkeAuthRemId:
|
|
o any: received remote identifier is not checked
|
|
o ipaddr: IPv4 address
|
|
o keyid: key identifier
|
|
o fqdn: fully qualified domain name
|
|
o email: fully qualified RFC 822 email address
|
|
o asn1dn: X.500 distinguished name (DN).
|
|
|
|
For further information see RFC 2407, section 4.6.2"
|
|
DEFVAL { any }
|
|
::= { hmSec2VpnConnEntry 20 }
|
|
|
|
|
|
hmSec2VpnConnIkeAlgDh OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
modp768(2),
|
|
modp1024(3),
|
|
modp1536(4),
|
|
modp2048(5),
|
|
modp3072(6),
|
|
modp4096(7)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Diffie-Hellman key agreement algorithm to be used
|
|
for establishment of IKE-SA:
|
|
o any: accept all algorithms as responder, use default as initiator
|
|
o modp768: RSA with 768 bits modulus
|
|
o modp1024: RSA with 1024 bits modulus
|
|
o modp1536: RSA with 1536 bits modulus
|
|
o modp2048: RSA with 2048 bits modulus
|
|
o modp3072: RSA with 3072 bits modulus
|
|
o modp4096: RSA with 4096 bits modulus"
|
|
DEFVAL { modp1024 }
|
|
::= { hmSec2VpnConnEntry 21 }
|
|
|
|
|
|
hmSec2VpnConnIkeAlgHash OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
md5(2),
|
|
sha1(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Hash algorithm to be used in IKE:
|
|
o any: accept all algorithms as responder, use all
|
|
as IKEv2 initiator (not allowed as IKEv1 initiator)
|
|
o md5: MD5
|
|
o sha1: SHA-1"
|
|
DEFVAL { sha1 }
|
|
::= { hmSec2VpnConnEntry 22 }
|
|
|
|
|
|
hmSec2VpnConnIkeAlgMac OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
hmacmd5(2),
|
|
hmacsha1(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Integrity (MAC) algorithm to be used in IKEv2:
|
|
o any: accept all algorithms as responder, use all
|
|
as IKEv2 initiator (not allowed as IKEv1 initiator)
|
|
o hmacmd5: HMAC-MD5
|
|
o hmacsha1: HMAC-SHA1"
|
|
DEFVAL { hmacsha1 }
|
|
|
|
::= { hmSec2VpnConnEntry 23 }
|
|
|
|
|
|
hmSec2VpnConnIkeAlgEncr OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
des(2),
|
|
des3(3),
|
|
aes128(4),
|
|
aes192(5),
|
|
aes256(6)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Encryption algorithm to be used in IKE:
|
|
o any: accept all algorithms as responder, use all
|
|
as IKEv2 initiator (not allowed as IKEv1 initiator)
|
|
o des: DES
|
|
o des3: Triple-DES
|
|
o aes128: AES with 128 key bits
|
|
o aes192: AES with 192 key bits
|
|
o aes256: AES with 256 key bits"
|
|
DEFVAL { aes128 }
|
|
::= { hmSec2VpnConnEntry 24 }
|
|
|
|
|
|
hmSec2VpnConnIpsecMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
transport(1),
|
|
tunnel(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPsec encapsulation mode."
|
|
DEFVAL { tunnel }
|
|
::= { hmSec2VpnConnEntry 25 }
|
|
|
|
|
|
hmSec2VpnConnIpsecNatTraversal OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
on(1),
|
|
off(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If 'on', then it forces UDP encapsulation of ESP
|
|
payloads (NAT traversal). When 'off', then the
|
|
remote peer is allowed to negotiate normal ESP
|
|
encapsulation or UDP encapsulation via port
|
|
4500. A typical scenario is to turn this switch
|
|
'on' if it is a priori known, that the local peer
|
|
resides behind a NAT gateway (else turn it 'off')."
|
|
DEFVAL { off }
|
|
::= { hmSec2VpnConnEntry 26 }
|
|
|
|
|
|
hmSec2VpnConnIpsecLifetime OBJECT-TYPE
|
|
SYNTAX INTEGER ( 1..28800)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Lifetime of IPsec security association in seconds.
|
|
The maximum value is 8 hours (28800 seconds)."
|
|
DEFVAL { 3600 } -- 1 hour
|
|
::= { hmSec2VpnConnEntry 27 }
|
|
|
|
|
|
hmSec2VpnConnIpsecAlgDh OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
modp768(2),
|
|
modp1024(3),
|
|
modp1536(4),
|
|
modp2048(5),
|
|
modp3072(6),
|
|
modp4096(7),
|
|
none(8)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Diffie-Hellman key agreement algorithm to be used
|
|
for IPsec-SA session key establishment:
|
|
o any: accept all algorithms as responder, use all
|
|
as IKEv2 initiator (not allowed as IKEv1 initiator)
|
|
o modp768: RSA with 768 bits modulus
|
|
o modp1024: RSA with 1024 bits modulus
|
|
o modp1536: RSA with 1536 bits modulus
|
|
o modp2048: RSA with 2048 bits modulus
|
|
o modp3072: RSA with 3072 bits modulus
|
|
o modp4096: RSA with 4096 bits modulus
|
|
o none: no Perfect Forward Secrecy (PFS)"
|
|
DEFVAL { modp1024 }
|
|
::= { hmSec2VpnConnEntry 28 }
|
|
|
|
|
|
hmSec2VpnConnIpsecAlgMac OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
hmacmd5(2),
|
|
hmacsha1(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Integrity (MAC) algorithm to be used in IPsec:
|
|
o any: accept all algorithms as responder, use all
|
|
as IKEv2 initiator (not allowed as IKEv1 initiator)
|
|
o hmacmd5: HMAC-MD5
|
|
o hmacsha1: HMAC-SHA1"
|
|
DEFVAL { hmacsha1 }
|
|
::= { hmSec2VpnConnEntry 29 }
|
|
|
|
|
|
hmSec2VpnConnIpsecAlgEncr OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
des(2),
|
|
des3(3),
|
|
aes128(4),
|
|
aes192(5),
|
|
aes256(6)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Encryption algorithm to be used for payload
|
|
encryption in IPsec:
|
|
o any: accept all algorithms as responder, use all
|
|
as IKEv2 initiator (not allowed as IKEv1 initiator)
|
|
o des: DES
|
|
o des3: Triple-DES
|
|
o aes128: AES with 128 key bits
|
|
o aes192: AES with 192 key bits
|
|
o aes256: AES with 256 key bits"
|
|
DEFVAL { aes128 }
|
|
::= { hmSec2VpnConnEntry 30 }
|
|
|
|
|
|
hmSec2VpnConnOperStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
up (1),
|
|
down (2),
|
|
negotiation (3),
|
|
constructing (4),
|
|
dormant (5),
|
|
servicemode-up (6)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current operational status of the VPN
|
|
connection:
|
|
o 'up': the IKE-SA and all IPsec SAs are up;
|
|
o 'down': the IKE-SA and all IPsec SAs are down;
|
|
o 'negotiation': key exchange and algorithm
|
|
negotiation is in progress (or, as responder,
|
|
waiting to be contacted for that purpose);
|
|
o 'constructing': the IKE-SA is up, but at least one
|
|
IPsec-SA is not established so far;
|
|
o 'dormant': waiting for a precondition
|
|
to be fulfilled before connection setup, e.g.:
|
|
- a dynamically assigned IP address;
|
|
- successful hostname resolution;
|
|
- assignment of a valid system time.
|
|
o 'servicemode-up': the IKE-SA and all IPsec SAs are up in service mode;"
|
|
::= { hmSec2VpnConnEntry 31 }
|
|
|
|
|
|
hmSec2VpnConnDesc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User defined text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2VpnConnEntry 32 }
|
|
|
|
|
|
hmSec2VpnConnRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status of this table entry. If the row
|
|
status is 'active' then it is not allowed to
|
|
change any value (this applies also to active
|
|
traffic selectors). The maximum number of active
|
|
VPN connections is limited to 256. The maximum
|
|
number of up VPN connections is limited to 64."
|
|
::= { hmSec2VpnConnEntry 33 }
|
|
|
|
hmSec2VpnConnServiceMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The service mode can be enabled for connections
|
|
which shall be established only, when the device
|
|
enters service mode
|
|
(redundant power supply not connected).
|
|
The connection is down, when the device is not
|
|
in service mode (redundant power suply connected).
|
|
When the value is set to disable,
|
|
the functionality is independant of the service mode."
|
|
DEFVAL { disable }
|
|
::= { hmSec2VpnConnEntry 34 }
|
|
|
|
--
|
|
-- VPN certificate group
|
|
--
|
|
|
|
hmSec2VpnCertificateValidation OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Validation of certificates globally enabled or disabled.
|
|
This allows to use certificates even the system time is not set.
|
|
"
|
|
::= { hmSec2VpnCertificateGroup 4 }
|
|
|
|
|
|
--
|
|
-- Redundancy group
|
|
--
|
|
hmSec2RedRouterGroup OBJECT IDENTIFIER ::= { hmSec2Redundancy 1 }
|
|
hmSec2HostCheckGroup OBJECT IDENTIFIER ::= { hmSec2Redundancy 2 }
|
|
hmSec2RedLayer2Group OBJECT IDENTIFIER ::= { hmSec2Redundancy 3 }
|
|
hmSec2RedTransparentGroup OBJECT IDENTIFIER ::= { hmSec2Redundancy 4 }
|
|
|
|
hmSec2RedAdminState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Redundancy admin state (switch redundancy globally off or on).
|
|
The redundancy is a router redundancy using VRRP for
|
|
synchronising both devices (master and backup) and on all
|
|
interfaces. Thus the virtual router redundancy can be
|
|
used in router mode only. It defines a virtual IP address
|
|
for each interface."
|
|
DEFVAL { disable }
|
|
::= { hmSec2RedRouterGroup 1 }
|
|
|
|
hmSec2RedStartupState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
master(1),
|
|
backup(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Redundancy function of the device used at startup.
|
|
The device can be master or backup system."
|
|
DEFVAL { master }
|
|
::= { hmSec2RedRouterGroup 2 }
|
|
|
|
hmSec2RedPriority OBJECT-TYPE
|
|
SYNTAX INTEGER ( 1..254 )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Redundancy device priority as defined by VRRP."
|
|
DEFVAL { 100 }
|
|
::= { hmSec2RedRouterGroup 3 }
|
|
|
|
hmSec2RedOperState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
master(1),
|
|
backup(2),
|
|
outofservice(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Actual redundancy function of the device.
|
|
The device can be master or backup system, if it is in service."
|
|
DEFVAL { outofservice }
|
|
::= { hmSec2RedRouterGroup 4 }
|
|
|
|
hmSec2RedOperInfo OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Additional redundancy function information."
|
|
::= { hmSec2RedRouterGroup 5 }
|
|
|
|
hmSec2RedIfaceTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2RedIfaceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains additional Routing Configuration for
|
|
the IP interfaces."
|
|
::= { hmSec2RedRouterGroup 6 }
|
|
|
|
hmSec2RedSwitchCounter OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counter that counts the number of redundancy switches from
|
|
master to backup system and vice versa."
|
|
::= { hmSec2RedRouterGroup 7 }
|
|
|
|
hmSec2RedIfaceEntry OBJECT-TYPE
|
|
SYNTAX HmSec2RedIfaceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the per interface redundancy configuration."
|
|
INDEX { hmSec2RedIfIndex }
|
|
::= { hmSec2RedIfaceTable 1 }
|
|
|
|
HmSec2RedIfaceEntry ::= SEQUENCE {
|
|
hmSec2RedIfIndex Integer32,
|
|
hmSec2RedVirtualAddr IpAddress,
|
|
hmSec2RedVRID INTEGER,
|
|
hmSec2RedRemoteIPAddr IpAddress
|
|
}
|
|
|
|
hmSec2RedIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of IP interface in the table."
|
|
::= { hmSec2RedIfaceEntry 1 }
|
|
|
|
hmSec2RedVirtualAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Virtual IP address to be used for this Router IP interface."
|
|
::= { hmSec2RedIfaceEntry 2 }
|
|
|
|
hmSec2RedVRID OBJECT-TYPE
|
|
SYNTAX INTEGER ( 1..255 )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Virtual Router ID used on this network interface.
|
|
The VRIDs have to be different on all network
|
|
interfaces. There is no default value."
|
|
::= { hmSec2RedIfaceEntry 3 }
|
|
|
|
hmSec2RedRemoteIPAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP address of the remote system on this network
|
|
interface. On the master system the IP address of
|
|
the backup system and vice versa. The virtual IP
|
|
address must not be used here."
|
|
::= { hmSec2RedIfaceEntry 4 }
|
|
|
|
hmSec2HostCheckAdminState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Redundancy ICMP host check (ping of host) admin state.
|
|
The host check function tries to find the configured
|
|
hosts in case of a network error (communication loss)
|
|
of the both redundancy systems."
|
|
DEFVAL { disable }
|
|
::= { hmSec2HostCheckGroup 1 }
|
|
|
|
hmSec2HostCheckNumAddrs OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Additional host check function information.
|
|
Shows the number of configured addresses."
|
|
::= { hmSec2HostCheckGroup 2 }
|
|
|
|
hmSec2HostCheckOperState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
running(1),
|
|
notchecking(2),
|
|
outofservice(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Actual redundancy host check function of the device.
|
|
The host check function is only running when packets
|
|
of the redundancy application have been lost."
|
|
DEFVAL { outofservice }
|
|
::= { hmSec2HostCheckGroup 3 }
|
|
|
|
hmSec2HostCheckOperInfo OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Additional host check function information."
|
|
::= { hmSec2HostCheckGroup 4 }
|
|
|
|
hmSec2HostCheckTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2HostCheckEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the hosts to be checked on
|
|
network errors by the redundancy application.
|
|
The order in the table is important for the host check algorithm."
|
|
::= { hmSec2HostCheckGroup 5 }
|
|
|
|
hmSec2HostCheckEntry OBJECT-TYPE
|
|
SYNTAX HmSec2HostCheckEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the per interface redundancy configuration.
|
|
The order in the table is important for the host check algorithm.
|
|
The table has a maximum of configurable hosts."
|
|
INDEX { hmSec2HostCheckIfIndex, hmSec2HostCheckTableIndex }
|
|
::= { hmSec2HostCheckTable 1 }
|
|
|
|
HmSec2HostCheckEntry ::= SEQUENCE {
|
|
hmSec2HostCheckIfIndex Integer32,
|
|
hmSec2HostCheckTableIndex Integer32,
|
|
hmSec2HostCheckAddr IpAddress,
|
|
hmSec2HostCheckRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2HostCheckIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of IP interface in the table."
|
|
::= { hmSec2HostCheckEntry 1 }
|
|
|
|
hmSec2HostCheckTableIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of entry in the table."
|
|
::= { hmSec2HostCheckEntry 2 }
|
|
|
|
hmSec2HostCheckAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Host IP address to be used for ICMP checks (pings)
|
|
in case of network errors (communication losses)."
|
|
::= { hmSec2HostCheckEntry 3 }
|
|
|
|
hmSec2HostCheckRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"the row status for the table entry"
|
|
::= { hmSec2HostCheckEntry 4 }
|
|
|
|
hmSec2RedLayer2AdminState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Redundancy Layer2 admin state (enable/disable Layer2 redundancy support).
|
|
The redundancy takes down the physical link automatically
|
|
when the Link on the non-redundancy port is lost."
|
|
DEFVAL { disable }
|
|
::= { hmSec2RedLayer2Group 1 }
|
|
|
|
hmSec2RedLayer2IfIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the physical interface where the Layer2 redundancy
|
|
is connected to."
|
|
::= { hmSec2RedLayer2Group 2 }
|
|
|
|
hmSec2RedLayer2Packetcounter OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of redundancy Layer 2 Ethernet packets sent
|
|
through the system and have been passed to the other port."
|
|
::= { hmSec2RedLayer2Group 3 }
|
|
|
|
hmSec2RedTPRemoteIPAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP address of the remote system in the transparent mode.
|
|
On the master system the IP address of
|
|
the backup system and vice versa.
|
|
This IP address is used to synchronize the
|
|
Firewall/NAT state tables of the system.
|
|
If the address is not set (set to 0.0.0.0)
|
|
the system disables Firewall/NAT synchronization."
|
|
::= { hmSec2RedTransparentGroup 1 }
|
|
|
|
hmSec2RedTPOperState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
master(1),
|
|
backup(2),
|
|
outofservice(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Actual redundancy transparent mode Firewall/NAT table
|
|
synchronization operation state."
|
|
DEFVAL { outofservice }
|
|
::= { hmSec2RedTransparentGroup 2 }
|
|
|
|
hmSec2RedTPOperInfo OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Actual redundancy transparent mode Firewall/NAT table
|
|
synchronization operation state information."
|
|
::= { hmSec2RedTransparentGroup 3 }
|
|
|
|
hmSec2RedTPCommunicationState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
active(1),
|
|
inactive(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Actual redundancy transparent mode Firewall/NAT table
|
|
synchronization communication state.
|
|
Inactive communication may indicate that the system
|
|
can not communicate or the nothing has to be exchanged.
|
|
Active communication shows that the system is operating
|
|
properly."
|
|
DEFVAL { inactive }
|
|
::= { hmSec2RedTransparentGroup 4 }
|
|
|
|
--
|
|
-- NAT definitions --
|
|
--
|
|
|
|
hmSec2NatGeneralGroup OBJECT IDENTIFIER ::= { hmSec2Nat 1 }
|
|
hmSec2NatRulesGroup OBJECT IDENTIFIER ::= { hmSec2Nat 2 }
|
|
|
|
|
|
--
|
|
-- NAT general group --
|
|
--
|
|
|
|
hmSec2NatMappingMax OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4096)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Maximum number of simultaneous NAT mappings."
|
|
DEFVAL { 1024 }
|
|
::= { hmSec2NatGeneralGroup 1 }
|
|
|
|
hmSec2NatTimeoutEstablished OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Timeout in the NAT mapping table for
|
|
established TCP connections."
|
|
DEFVAL { 432000 }
|
|
::= { hmSec2NatGeneralGroup 2 }
|
|
|
|
hmSec2NatAllowOutputSameIface OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If this value is enabled, the NAT component
|
|
checks the NAT rules on outgoing packets also
|
|
if the outgoing interface and the incoming
|
|
interface is the same.
|
|
Per default this is disabled."
|
|
DEFVAL { disable }
|
|
::= { hmSec2NatGeneralGroup 3 }
|
|
|
|
hmSec2NatAutoDuplicateInvert OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Internal usage only."
|
|
DEFVAL { disable }
|
|
::= { hmSec2NatGeneralGroup 4 }
|
|
|
|
hmSec2NatDisallowVRRPAddrs OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Internal usage only."
|
|
DEFVAL { disable }
|
|
::= { hmSec2NatGeneralGroup 5 }
|
|
|
|
--
|
|
-- NAT rules group --
|
|
--
|
|
|
|
|
|
--
|
|
-- NAPT rules table --
|
|
--
|
|
|
|
hmSec2NatTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2NatEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "A list of NAPT rules."
|
|
::= { hmSec2NatRulesGroup 1 }
|
|
|
|
hmSec2NatEntry OBJECT-TYPE
|
|
SYNTAX HmSec2NatEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2NatIndex }
|
|
::= { hmSec2NatTable 1 }
|
|
|
|
HmSec2NatEntry ::= SEQUENCE {
|
|
hmSec2NatIndex Integer32,
|
|
hmSec2NatSrcNet DisplayString,
|
|
hmSec2NatAlg BITS,
|
|
hmSec2NatDesc DisplayString,
|
|
hmSec2NatErrorText DisplayString,
|
|
hmSec2NatRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2NatIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "An index that uniquely identifies the entry in the table. The
|
|
index must be choosen in ascending and compact order. It may
|
|
change if a rule (not the last in list) is deleted or a new
|
|
row is inserted."
|
|
::= { hmSec2NatEntry 1 }
|
|
|
|
hmSec2NatSrcNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Network for NAPT transactions on local interface
|
|
in CIDR notation (a.b.c.d/n)"
|
|
DEFVAL { "192.168.1.0/24" }
|
|
::= { hmSec2NatEntry 2 }
|
|
|
|
hmSec2NatAlg OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
ftp(0)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Bitmask for application level gateway selections in this rule"
|
|
DEFVAL { {} }
|
|
::= { hmSec2NatEntry 3 }
|
|
|
|
hmSec2NatDesc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "User defined text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2NatEntry 4 }
|
|
|
|
hmSec2NatErrorText OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Error text"
|
|
DEFVAL { "" }
|
|
::= { hmSec2NatEntry 5 }
|
|
|
|
hmSec2NatRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "The row status of this table entry."
|
|
::= { hmSec2NatEntry 6 }
|
|
|
|
|
|
--
|
|
-- 1:1 NAT rules table --
|
|
--
|
|
|
|
hmSec2Nat1To1Table OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2Nat1To1Entry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "A list of 1:1 NAT rules."
|
|
::= { hmSec2NatRulesGroup 2 }
|
|
|
|
hmSec2Nat1To1Entry OBJECT-TYPE
|
|
SYNTAX HmSec2Nat1To1Entry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2Nat1To1Index }
|
|
::= { hmSec2Nat1To1Table 1 }
|
|
|
|
HmSec2Nat1To1Entry ::= SEQUENCE {
|
|
hmSec2Nat1To1Index Integer32,
|
|
hmSec2Nat1To1SrcNet DisplayString,
|
|
hmSec2Nat1To1DstNet DisplayString,
|
|
hmSec2Nat1To1NetMask Integer32,
|
|
hmSec2Nat1To1Desc DisplayString,
|
|
hmSec2Nat1To1ErrorText DisplayString,
|
|
hmSec2Nat1To1RowStatus RowStatus,
|
|
hmSec2Nat1To1Alg BITS,
|
|
hmSec2Nat1To1DoOutput INTEGER,
|
|
hmSec2Nat1To1InvertDirection INTEGER
|
|
}
|
|
|
|
hmSec2Nat1To1Index OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "An index that uniquely identifies the entry in the table. The
|
|
index must be choosen in ascending and compact order. It may
|
|
change if a rule (not the last in list) is deleted or a new
|
|
row is inserted."
|
|
::= { hmSec2Nat1To1Entry 1 }
|
|
|
|
hmSec2Nat1To1SrcNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Network for 1:1 NAT on internal interface."
|
|
DEFVAL { "192.168.1.1" }
|
|
::= { hmSec2Nat1To1Entry 2 }
|
|
|
|
hmSec2Nat1To1DstNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Network for 1:1 NAT on external interface."
|
|
DEFVAL { "10.0.1.1" }
|
|
::= { hmSec2Nat1To1Entry 3 }
|
|
|
|
hmSec2Nat1To1NetMask OBJECT-TYPE
|
|
SYNTAX Integer32 (0..32)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Netmask for 1:1 NAT"
|
|
DEFVAL { 32 }
|
|
::= { hmSec2Nat1To1Entry 4 }
|
|
|
|
hmSec2Nat1To1Desc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "User defined text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2Nat1To1Entry 5 }
|
|
|
|
hmSec2Nat1To1ErrorText OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Error text"
|
|
DEFVAL { "" }
|
|
::= { hmSec2Nat1To1Entry 6 }
|
|
|
|
hmSec2Nat1To1RowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "The row status of this table entry."
|
|
::= { hmSec2Nat1To1Entry 7 }
|
|
|
|
hmSec2Nat1To1Alg OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
ftp(0)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Bitmask for application level gateway selections in this rule"
|
|
DEFVAL { {} }
|
|
::= { hmSec2Nat1To1Entry 8 }
|
|
|
|
hmSec2Nat1To1DoOutput OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If this value is enabled, the 1:1 NAT does
|
|
the NAT operation also when sending the packet.
|
|
This means a twice NAT or destination NAT operation
|
|
will be additionally performaned.
|
|
This feature shall be used in special
|
|
cases only."
|
|
DEFVAL { disable }
|
|
::= { hmSec2Nat1To1Entry 9 }
|
|
|
|
hmSec2Nat1To1InvertDirection OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If this value is enabled, the 1:1 NAT does
|
|
the NAT operation in the opposite direction.
|
|
This means the NAT operation is done from
|
|
the view of the external interface, when
|
|
devices on the external side shall be
|
|
mapped to the internal side.
|
|
This feature shall be used in special
|
|
cases only."
|
|
DEFVAL { disable }
|
|
::= { hmSec2Nat1To1Entry 10 }
|
|
|
|
--
|
|
-- Port forwarding rules table --
|
|
--
|
|
|
|
hmSec2NatPortFwdTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HmSec2NatPortFwdEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "A list of port forwarding rules."
|
|
::= { hmSec2NatRulesGroup 3 }
|
|
|
|
hmSec2NatPortFwdEntry OBJECT-TYPE
|
|
SYNTAX HmSec2NatPortFwdEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION ""
|
|
INDEX { hmSec2NatPortFwdIndex }
|
|
::= { hmSec2NatPortFwdTable 1 }
|
|
|
|
HmSec2NatPortFwdEntry ::= SEQUENCE {
|
|
hmSec2NatPortFwdIndex Integer32,
|
|
hmSec2NatPortFwdSrcNet DisplayString,
|
|
hmSec2NatPortFwdSrcPort DisplayString,
|
|
hmSec2NatPortFwdDstNet DisplayString,
|
|
hmSec2NatPortFwdDstPort DisplayString,
|
|
hmSec2NatPortFwdFwdNet DisplayString,
|
|
hmSec2NatPortFwdFwdPort DisplayString,
|
|
hmSec2NatPortFwdProto DisplayString,
|
|
hmSec2NatPortFwdLog INTEGER,
|
|
hmSec2NatPortFwdDesc DisplayString,
|
|
hmSec2NatPortFwdErrorText DisplayString,
|
|
hmSec2NatPortFwdRowStatus RowStatus
|
|
}
|
|
|
|
hmSec2NatPortFwdIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "An index that uniquely identifies the entry in the table. The
|
|
index must be choosen in ascending and compact order. It may
|
|
change if a rule (not the last in list) is deleted or a new
|
|
row is inserted."
|
|
::= { hmSec2NatPortFwdEntry 1 }
|
|
|
|
hmSec2NatPortFwdSrcNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Source network in CIDR notation (a.b.c.d/n) thats allowed to
|
|
be forwarded by this rule or the keyword 'any'."
|
|
DEFVAL { "any" }
|
|
::= { hmSec2NatPortFwdEntry 2 }
|
|
|
|
hmSec2NatPortFwdSrcPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Source port expression or the keyword 'any'. A port expressions is
|
|
structured as 'op port' or 'port1 op port2', where 'op' is a
|
|
mathematical operator for:
|
|
o equal =
|
|
o unequal !=
|
|
o less than <
|
|
o less than or equal <=
|
|
o greater than >
|
|
o greater than or equal to >=
|
|
o outside range <>
|
|
o inside range ><
|
|
The port must be specified as a decimal number or one of the
|
|
aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)"
|
|
DEFVAL { "any" }
|
|
::= { hmSec2NatPortFwdEntry 3 }
|
|
|
|
hmSec2NatPortFwdDstNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Destination IP address to be forwarded or the keyword '%extern'.
|
|
This keyword stands for the first external IP address."
|
|
DEFVAL { "%extern" }
|
|
::= { hmSec2NatPortFwdEntry 4 }
|
|
|
|
hmSec2NatPortFwdDstPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Destination port expression in the form '= port'.
|
|
The port must be specified as a decimal number or one of the
|
|
aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)"
|
|
DEFVAL { "= 80" }
|
|
::= { hmSec2NatPortFwdEntry 5 }
|
|
|
|
hmSec2NatPortFwdFwdNet OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Redirect IP address."
|
|
DEFVAL { "127.0.0.1" }
|
|
::= { hmSec2NatPortFwdEntry 6 }
|
|
|
|
hmSec2NatPortFwdFwdPort OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Redirect port expression in the form '= port'.
|
|
The port must be specified as a decimal number or one of the
|
|
aliases:
|
|
o tcp/udp: echo (7)
|
|
o tcp/udp: discard, sink, null (9)
|
|
o tcp: ftp-data (20)
|
|
o tcp: ftp (21)
|
|
o tcp/udp: ssh (22)
|
|
o tcp: telnet (23)
|
|
o tcp/udp: domain, nameserver (53)
|
|
o tcp/udp: bootps (67)
|
|
o tcp/udp: bootpc (68)
|
|
o udp: tftp (69)
|
|
o tcp/udp: www, http (80)
|
|
o tcp/udp: kerberos, krb5 (88)
|
|
o tcp: sftp (115)
|
|
o tcp/udp: ntp (123)
|
|
o udp: snmp (161)
|
|
o udp: snmp-trap, snmptrap (162)
|
|
o tcp/udp: bgp (179)
|
|
o tcp/udp: ldap (389)
|
|
o tcp/udp: https (443)"
|
|
DEFVAL { "= 80" }
|
|
::= { hmSec2NatPortFwdEntry 7 }
|
|
|
|
hmSec2NatPortFwdProto OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "The protocol as a decimal number (in range 1 -
|
|
255) or a name. The following protocol names are currently
|
|
supported:
|
|
o 'icmp': internet control message protocol (RFC 792)
|
|
o 'igmp': internet group management protocol
|
|
o 'ip': internet protocol (RFC 791)
|
|
o 'tcp': transmission control protocol (RFC 793)
|
|
o 'udp': user datagram protocol (RFC 768)
|
|
o 'esp': IPsec encapsulated security payload (RFC 2406)
|
|
o 'ah': IPsec authentication header (RFC 2402)"
|
|
DEFVAL { "tcp" }
|
|
::= { hmSec2NatPortFwdEntry 8 }
|
|
|
|
hmSec2NatPortFwdLog OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Enables or disables logging for this port forwarding rule."
|
|
DEFVAL { disable }
|
|
::= { hmSec2NatPortFwdEntry 9 }
|
|
|
|
hmSec2NatPortFwdDesc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "User defined text."
|
|
DEFVAL { "" }
|
|
::= { hmSec2NatPortFwdEntry 10 }
|
|
|
|
hmSec2NatPortFwdErrorText OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Error text"
|
|
DEFVAL { "" }
|
|
::= { hmSec2NatPortFwdEntry 11 }
|
|
|
|
hmSec2NatPortFwdRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "The row status of this table entry."
|
|
::= { hmSec2NatPortFwdEntry 12 }
|
|
|
|
|
|
--
|
|
-- General info
|
|
--
|
|
|
|
hmSec2DHCPLastAccessMAC OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"MAC Address returns always 0:0:0:0:0:0."
|
|
::= { hmSec2Info 1 }
|
|
|
|
hmSec2MiscTrapText OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"MIB object to include a text message in a trap.
|
|
When read, it will always return an empty string."
|
|
::= { hmSec2Info 2 }
|
|
|
|
hmSec2DigitalInStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
high(1),
|
|
low(2),
|
|
not-available(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The status of the digital input or not-available,
|
|
if the status can not be determined or digtal-input
|
|
not available."
|
|
::= { hmSec2Info 3 }
|
|
|
|
-- **************************************************************************
|
|
-- * *
|
|
-- * Notifications (Traps) *
|
|
-- * *
|
|
-- **************************************************************************
|
|
-- * *
|
|
-- * Following Notifications are supported with enterprise = hmSecurity2 *
|
|
-- * hmSec2DHCPNewClientTrap (1) *
|
|
-- * hmSec2RedundSwitchTrap (2) *
|
|
-- * hmSec2VpnDownTrap (3) *
|
|
-- * hmSec2VpnUpTrap (4) *
|
|
-- * hmSec2UsrFwLogInTrap (10) *
|
|
-- * hmSec2UsrFwLogOutTrap (11) *
|
|
-- * *
|
|
-- **************************************************************************
|
|
|
|
hmSecurity2Event OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION "The events of hmSecurity2."
|
|
::= { hmSecurity2 0 }
|
|
|
|
--
|
|
-- Notifications (Traps) with enterprise = hmSecurity2
|
|
--
|
|
|
|
hmSec2DHCPNewClientTrap NOTIFICATION-TYPE
|
|
OBJECTS { hmSec2DHCPLastAccessMAC }
|
|
STATUS current
|
|
DESCRIPTION "This trap is sent when a DHCP request was received from an unknown
|
|
client using DHCP."
|
|
::= { hmSecurity2Event 1 }
|
|
|
|
|
|
--
|
|
-- Notifications (Traps) for Redundancy application
|
|
--
|
|
|
|
hmSec2RedundSwitchTrap NOTIFICATION-TYPE
|
|
OBJECTS { hmSec2RedOperState }
|
|
STATUS current
|
|
DESCRIPTION "This trap is sent when the redundancy state changes
|
|
on the device (Master <-> Backup)."
|
|
::= { hmSecurity2Event 2 }
|
|
|
|
|
|
hmSec2VpnDownTrap NOTIFICATION-TYPE
|
|
OBJECTS { hmSec2VpnConnOperStatus }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A hmSec2VpnDown trap signals that a VPN connection
|
|
is about to enter the down state from some other state
|
|
(see 'hmSec2VpnConnOperStatus')."
|
|
::= { hmSecurity2Event 3 }
|
|
|
|
|
|
hmSec2VpnUpTrap NOTIFICATION-TYPE
|
|
OBJECTS { hmSec2VpnConnOperStatus }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A hmSec2VpnUp trap signals that a VPN connection
|
|
is about to enter the up state from some other state
|
|
(see 'hmSec2VpnConnOperStatus')."
|
|
::= { hmSecurity2Event 4 }
|
|
|
|
hmSec2LoginSuccessTrap NOTIFICATION-TYPE
|
|
OBJECTS { hmLastLoginUserName, hmLastIpAddr }
|
|
STATUS current
|
|
DESCRIPTION "This trap is sent if a user successfully grants access via telnet, ssh
|
|
or serial connection to the device. hmLastIpAddr contains the IP address
|
|
of the login request. The value is 0.0.0.0, if the access was via serial
|
|
connection. hmLastLoginUserName contains the user name the user logged in
|
|
into the device."
|
|
::= { hmSecurity2Event 5 }
|
|
|
|
hmSec2LoginFailedTrap NOTIFICATION-TYPE
|
|
OBJECTS { hmLastLoginUserName, hmLastIpAddr }
|
|
STATUS current
|
|
DESCRIPTION "This trap is sent if a user tried to grant access via telnet, ssh
|
|
or serial connection to the device. hmLastIpAddr contains the IP address
|
|
of the login request. The value is 0.0.0.0, if the access was via serial
|
|
connection. hmLastLoginUserName contains the user name the user tried to
|
|
log in into the device."
|
|
::= { hmSecurity2Event 6 }
|
|
|
|
|
|
--
|
|
-- Notifications (Traps) for User Firewall
|
|
--
|
|
|
|
hmSec2UsrFwLogInTrap NOTIFICATION-TYPE
|
|
OBJECTS { hmSec2UsrFwUserName, hmSec2UsrFwUserLoginAddr }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A hmSec2UsrFwLogInTrap trap signals that a firewal user
|
|
is logged in (see 'hmSec2UsrFwUserName', 'hmSec2UsrFwUserLoginAddr')."
|
|
::= { hmSecurity2Event 10 }
|
|
|
|
hmSec2UsrFwLogOutTrap NOTIFICATION-TYPE
|
|
OBJECTS { hmSec2UsrFwUserName, hmSec2UsrFwUserLoginAddr }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A hmSec2UsrFwLogInTrap trap signals that a firewal user
|
|
is logged out (see 'hmSec2UsrFwUserName', 'hmSec2UsrFwUserLoginAddr')."
|
|
::= { hmSecurity2Event 11 }
|
|
|
|
hmSec2UsrFwLogErrTrap NOTIFICATION-TYPE
|
|
OBJECTS { hmSec2UsrFwUserName, hmSec2UsrFwUserLoginAddr }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A hmSec2UsrFwLogInTrap trap signals that a firewal user
|
|
login is failed (see 'hmSec2UsrFwUserName', 'hmSec2UsrFwUserLoginAddr')."
|
|
::= { hmSecurity2Event 12 }
|
|
|
|
|
|
--
|
|
-- Notification (Trap) for Firewall
|
|
--
|
|
|
|
hmSec2FirewallLogTrap NOTIFICATION-TYPE
|
|
OBJECTS { hmSec2MiscTrapText }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap is sent if the 'Log' object of a firewall rule has been set
|
|
to 'logAndTrap', and the rule matches. 'hmSec2MiscTrapText' is a copy
|
|
of the log message written to the system log."
|
|
::= { hmSecurity2Event 15 }
|
|
|
|
END
|