WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/nokia/ALU-SECURITY-MIB

6742 lines
251 KiB
Plaintext
Raw Permalink Blame History

ALU-SECURITY-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32,
Counter32, IpAddress, Counter64, Gauge32, Integer32,
NOTIFICATION-TYPE FROM SNMPv2-SMI
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF
TEXTUAL-CONVENTION, RowStatus, DisplayString,
TruthValue, TimeStamp, DateAndTime, MacAddress
FROM SNMPv2-TC
aluSARMIBModules, aluSARObjs, aluSARConfs,
aluSARNotifyPrefix
FROM ALU-SAR-GLOBAL-MIB
TItemDescription, TNamedItem, TNamedItemOrEmpty,
TmnxPortID, IpAddressPrefixLength, TmnxEncapVal,
TTcpUdpPort, TIpProtocol, TmnxAdminState, TmnxOperState,
TDSCPNameOrEmpty, TIpOption, TmnxVRtrIDOrZero, TmnxActionType,
TCpmProtPolicyID, TCIRRate, TPIRRate, TPIRRateOrZero,
TmnxServId, Dot1PPriority, Dot1PPriorityMask,
ServiceAccessPoint, TOperator, TmnxEnabledDisabled,
TBurstSize, InterfaceIndex, TTcpUdpPortOperator
FROM TIMETRA-TC-MIB
TItemMatch, TFilterLogId, TEntryId
FROM TIMETRA-FILTER-MIB
tmnxCpmFlashHwIndex, tmnxCpmFlashOperStatus
FROM TIMETRA-CHASSIS-MIB
InetAddressIPv6, InetAddressPrefixLength, InetAddressType,
InetAddress
FROM INET-ADDRESS-MIB
InterfaceIndexOrZero FROM IF-MIB
svcId, SdpId FROM TIMETRA-SERV-MIB
sdpBindId
FROM TIMETRA-SDP-MIB
vRtrID, vRtrIfIndex FROM TIMETRA-VRTR-MIB
tmnxMcPeerIpType, tmnxMcPeerIpAddr, tmnxMcPeerSrcIpAddr FROM TIMETRA-MC-REDUNDANCY-MIB
;
aluZoneModule MODULE-IDENTITY
LAST-UPDATED "1007010000Z"
ORGANIZATION "Nokia"
CONTACT-INFO
"Nokia 7705 Support
Web: http://www.nokia.com/comps/pages/carrier_support.jhtml"
DESCRIPTION
"This document is the SNMP MIB module to manage and provision the
hardware components of the Nokia 7705 device.
Copyright 2013-2015 Nokia. All rights reserved.
Reproduction of this document is authorized on the condition that
the foregoing copyright notice is included.
This SNMP MIB module (Specification) embodies Nokia's
proprietary intellectual property. Nokia retains
all title and ownership in the Specification, including any
revisions.
Nokia grants all interested parties a non-exclusive
license to use and distribute an unmodified copy of this
Specification in connection with management of Nokia
products, and without fee, provided this copyright notice and
license appear on all copies.
This Specification is supplied 'as is', and Nokia
makes no warranty, either express or implied, as to the use,
operation, condition, or performance of the Specification."
--
-- Revision History
--
REVISION "1107270000Z"
DESCRIPTION "Rev 1.0 27 July 2013 00:00
1.0 release of the ALU-SECURITY-MIB.mib."
::= { aluSARMIBModules 15 }
aluSecurityObjs OBJECT IDENTIFIER ::= { aluSARObjs 17 }
aluSecurityAdminObjs OBJECT IDENTIFIER ::= { aluSecurityObjs 1 }
aluSecurityOperObjs OBJECT IDENTIFIER ::= { aluSecurityObjs 2 }
aluSecurityStatsObjs OBJECT IDENTIFIER ::= { aluSecurityObjs 3 }
aluSecurityNotifyObjs OBJECT IDENTIFIER ::= { aluSecurityObjs 4 }
aluSecurityLogObjs OBJECT IDENTIFIER ::= { aluSecurityObjs 5 }
aluSecMcRedundancyObjs OBJECT IDENTIFIER ::= { aluSecurityObjs 6 }
aluSecMcRedStatsObjs OBJECT IDENTIFIER ::= { aluSecurityObjs 7 }
aluSecMcRedNotifObjs OBJECT IDENTIFIER ::= { aluSecurityObjs 8 }
aluSecurityMIBConformance OBJECT IDENTIFIER ::= { aluSARConfs 17 }
aluSecurityAdminConformance OBJECT IDENTIFIER ::= { aluSecurityMIBConformance 1 }
aluSecurityOperConformance OBJECT IDENTIFIER ::= { aluSecurityMIBConformance 2 }
aluSecurityStatsConformance OBJECT IDENTIFIER ::= { aluSecurityMIBConformance 3 }
aluSecurityNotifyPrefix OBJECT IDENTIFIER ::= { aluSARNotifyPrefix 14 }
aluSecurityNotification OBJECT IDENTIFIER ::= { aluSecurityNotifyPrefix 0 }
--
-- ALU-SECURITY-MIB at a glance
--
-- timetra (enterprises 6527)
-- timetraBasedProducts (6)
-- aluServiceAggrRouters (1)
-- aluSARMIB (2)
-- aluSARConfs (1)
-- aluSecurityMIBConformance (aluSARConfs 14)
-- aluSecurityAdminConformance (aluSecurityMIBConformance 1)
-- aluSecurityOperConformance (aluSecurityMIBConformance 2)
-- aluSecurityStatsConformance (aluSecurityMIBConformance 3)
-- aluSARObjs (2)
-- aluSecurityObjs (aluSARObjs 14)
-- aluSecurityAdminObjects (aluSecurityObjs 1)
-- aluSecurityOperObjects (aluSecurityObjs 2)
-- aluSecurityStatsObjects (aluSecurityObjs 3)
-- aluSARNotifyPrefix (3)
-- aluSecurityNotifyPrefix (aluSARNotifyPrefix 14)
--
-- Textual Conventions
--
TSecurityLogId ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The unique id of a security log.
A value of '0' indicates no log is configured."
SYNTAX Unsigned32 (0..100)
TSecurityLogProfileId ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The unique id of a security log profile"
SYNTAX Unsigned32 (1..100)
TIPOperator ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The operator used for checking ip address and ranges"
SYNTAX INTEGER {
none(0),
eq(1),
range(2)
}
TZoneType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "Indicates the type of zone."
SYNTAX INTEGER {
unknown (0),
network (1),
service (2),
global (3)
}
TPlcyState ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "Indicates the state of policy."
SYNTAX INTEGER {
unknown (0),
empty (1),
draft (2),
commited (3)
}
TPoolType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "Indicates the type of pool."
SYNTAX INTEGER {
unknown (0),
srcNatPool (1)
}
TAlgType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The type of ALG processing:
none - No ALG Processing on this flow
auto - Automatically identify ALG required
ftp - Flow requires FTP processing
tftp - Flow requires T-FTP processing"
SYNTAX INTEGER {
none (0),
auto (1),
ftp (2),
tftp (3)
}
TSecurityPolicerId ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The unique id of a security group policer.
A value of '0' indicates no policer-grp is configured."
SYNTAX Unsigned32 (0..1024)
AluMcFwAuthAlgorithm ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"AluMcFirewallAuthAlgorithm data type is an enumerated integer
that describes the values used to identify the
hashing algorithm.
Value Descriptions:
sha256 - Choosing this value configures the use of
hmac-sha256 algorithm for authentication.
sha512 - Choosing this value configures the use of
hmac-sha512 algorithm for authentication."
SYNTAX INTEGER {
sha256 (1),
sha512 (2)
}
AluMcFwEncrAlgorithm ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"AluMcFwEncrAlgorithm data type is an enumerated integer
that describes the values used to identify the encryption
algorithm.
Value Descriptions:
aes128 - Choosing this value configures the aes algorithm
with a block size of 128 bits. This is a
mandatory implementation size for aes. As of
today, this is a very strong algorithm choice.
aes256 - Choosing this value configures the aes algorithm
with a block size of 256 bits. This is the
strongest available version of aes."
SYNTAX INTEGER {
aes128 (1),
aes256 (2)
}
--
-- Configuration Objects
--
--
-- Scalar objects
--
aluSecPlcyAdminControlApply OBJECT-TYPE
SYNTAX INTEGER {
none(1),
initialize(2),
commit(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object controls the use of security tables.
This object always reads none(1).
When set to initialize(2), the objects in standby tables
are set to the current active Operational values, from the
corresponding active tables. Any uncommitted changes are
lost, so setting this value corresponds to both BEGIN-TRANSACTION
and ABORT-TRANSACTION.
When set to commit(3) (END-TRANSACTION), all of the objects from
standby tables are copied to the corresponding
active table objects."
::= { aluSecurityAdminObjs 1 }
aluSecPlcyBypass OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "If true, bypasses security processing"
DEFVAL { false }
::= { aluSecurityAdminObjs 2 }
--
-- Zone Configuration Table
--
aluZoneConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF TZoneConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluZoneConfigTable has an entry for each
zone configured on the system."
::= { aluSecurityAdminObjs 4 }
aluZoneConfigEntry OBJECT-TYPE
SYNTAX TZoneConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a zone entry."
INDEX { aluZoneConfigId }
::= { aluZoneConfigTable 1 }
TZoneConfigEntry ::= SEQUENCE {
aluZoneConfigId Unsigned32,
aluZoneConfigName TNamedItemOrEmpty,
aluZoneConfigRowStatus RowStatus,
aluZoneConfigDescription TItemDescription,
aluZoneConfigControlApply INTEGER,
aluZoneConfigType TZoneType,
aluZoneConfigSvcId TmnxServId,
aluZoneConfigState TPlcyState,
aluZoneConfigBypass TruthValue,
aluZoneConfigInTcpSessLimit Unsigned32,
aluZoneConfigInUdpSessLimit Unsigned32,
aluZoneConfigInIcmpSessLimit Unsigned32,
aluZoneConfigInOthSessLimit Unsigned32,
aluZoneConfigOutTcpSessLimit Unsigned32,
aluZoneConfigOutUdpSessLimit Unsigned32,
aluZoneConfigOutIcmpSessLimit Unsigned32,
aluZoneConfigOutOthSessLimit Unsigned32,
aluZoneConfigLogId TSecurityLogId,
aluZoneConfigAutoBind TruthValue
}
aluZoneConfigId OBJECT-TYPE
SYNTAX Unsigned32 (1..65534)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluZoneConfigId specifies
the unique id of the Zone. The Id must be
unique within the system."
::= { aluZoneConfigEntry 1 }
aluZoneConfigName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluZoneConfigName
specifies the name of the Zone."
DEFVAL { ''H }
::= { aluZoneConfigEntry 2 }
aluZoneConfigRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluZoneConfigRowStatus specifies the
row status. It allows entries to be created and deleted in the
aluZoneConfigTable. aluZoneConfigRowStatus does not support
createAndWait. The status can only be active
or notInService."
::= { aluZoneConfigEntry 3 }
aluZoneConfigDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Description of this zone."
DEFVAL { ''H }
::= { aluZoneConfigEntry 4 }
aluZoneConfigControlApply OBJECT-TYPE
SYNTAX INTEGER {
none(1),
initialize(2),
commit(3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object controls the use of commit of the Zone Policy.
This object always reads none(1).
When set to initialize(2), the objects in standby zone
are set to the current active Operational values, from the
corresponding active aluZoneConfigTable tables. Any uncommitted changes are
lost, so setting this value corresponds to both BEGIN-TRANSACTION
and ABORT-TRANSACTION.
When set to commit(3) (END-TRANSACTION), all of the objects from
standby zone tables are copied to the corresponding
active zone table objects."
::= { aluZoneConfigEntry 5 }
aluZoneConfigType OBJECT-TYPE
SYNTAX TZoneType
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Indicates the type of zone."
DEFVAL { network }
::= { aluZoneConfigEntry 6 }
aluZoneConfigSvcId OBJECT-TYPE
SYNTAX TmnxServId
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Specifies the service this zone belongs to when zone type is 'service'."
DEFVAL { 0 }
::= { aluZoneConfigEntry 7 }
aluZoneConfigState OBJECT-TYPE
SYNTAX TPlcyState
MAX-ACCESS read-only
STATUS current
DESCRIPTION "State of the Policy of this zone."
DEFVAL { ''H }
::= { aluZoneConfigEntry 8 }
aluZoneConfigBypass OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluZoneConfigBypass specifies whether this zone is being bypassed."
DEFVAL { false }
::= { aluZoneConfigEntry 9 }
aluZoneConfigInTcpSessLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluZoneConfigInTcpSessLimit
indicates the number of permitted active inbound sessions
with protocol TCP. A value of 0 indicates that there is no
limit."
DEFVAL { 0 }
::= { aluZoneConfigEntry 10 }
aluZoneConfigInUdpSessLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluZoneConfigInUdpSessLimit
indicates the number of permitted active inbound sessions
with protocol UDP. A value of 0 indicates that there is no
limit."
DEFVAL { 0 }
::= { aluZoneConfigEntry 11 }
aluZoneConfigInIcmpSessLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluZoneConfigInIcmpSessLimit
indicates the number of permitted active in sessions with
protocol ICMP. A value of 0 indicates that there is no
limit."
DEFVAL { 0 }
::= { aluZoneConfigEntry 12 }
aluZoneConfigInOthSessLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluZoneConfigOthSessLimit
indicates the number of permitted active in sessions of all
other protocols. A value of 0 indicates that there is no
limit."
DEFVAL { 0 }
::= { aluZoneConfigEntry 13 }
aluZoneConfigOutTcpSessLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluZoneConfigOutTcpSessLimit
indicates the number of permitted active outbound sessions
with protocol TCP. A value of 0 indicates that there is no
limit."
DEFVAL { 0 }
::= { aluZoneConfigEntry 14 }
aluZoneConfigOutUdpSessLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluZoneConfigOutUdpSessLimit
indicates the number of permitted active outbound sessions
with protocol UDP. A value of 0 indicates that there is no
limit."
DEFVAL { 0 }
::= { aluZoneConfigEntry 15 }
aluZoneConfigOutIcmpSessLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluZoneConfigOutIcmpSessLimit
indicates the number of permitted active out sessions with
protocol ICMP. A value of 0 indicates that there is no
limit."
DEFVAL { 0 }
::= { aluZoneConfigEntry 16 }
aluZoneConfigOutOthSessLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluZoneConfigOutOthSessLimit
indicates the number of permitted active out sessions of all
other protocols. A value of 0 indicates that there is no
limit."
DEFVAL { 0 }
::= { aluZoneConfigEntry 17 }
aluZoneConfigLogId OBJECT-TYPE
SYNTAX TSecurityLogId
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluZoneConfigLogId
indicates the log-id for security logging."
DEFVAL { 0 }
::= { aluZoneConfigEntry 18 }
aluZoneConfigAutoBind OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluZoneConfigAutoBind specifies whether this zone is being used to enforce policy
on traffic to/from MP-BGP auto-binding and spoke-sdps. This configuration is only permitted on
VPRN zones and can only be enabled when no other interfaces are provisioned inside this zone."
DEFVAL { false }
::= { aluZoneConfigEntry 19 }
--
-- Zone Policy Configuration Table
--
aluZonePlcyConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF TZonePlcyConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluZonePlcyConfigTable has an entry for each
policy configured on a particular zone."
::= { aluSecurityAdminObjs 5 }
aluZonePlcyConfigEntry OBJECT-TYPE
SYNTAX TZonePlcyConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular policy entry."
INDEX { aluZoneConfigId, aluZonePlcyConfigEntryId }
::= { aluZonePlcyConfigTable 1 }
TZonePlcyConfigEntry ::= SEQUENCE {
aluZonePlcyConfigEntryId Unsigned32,
aluZonePlcyConfigRowStatus RowStatus,
aluZonePlcyConfigSecPlcyId Unsigned32
}
aluZonePlcyConfigEntryId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluZonePlcyConfigEntryId
specifies the unique id of the Zone entries within the zone.
This value must always be 1 in this release."
::= { aluZonePlcyConfigEntry 1 }
aluZonePlcyConfigRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluZonePlcyConfigRowStatus specifies the
row status. It allows entries to be created and deleted in the
aluZonePlcyConfigTable. aluZonePlcyConfigRowStatus
does not support createAndWait. The status can only be active
or notInService."
::= { aluZonePlcyConfigEntry 2 }
aluZonePlcyConfigSecPlcyId OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluZonePlcyConfigSecPlcyId specifies the
id of the security policy defined globally in the system."
DEFVAL { 0 }
::= { aluZonePlcyConfigEntry 3 }
--
-- Zone NAT Pool Configuration Table
--
aluZoneNatPoolConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF TZoneNatPoolConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluZoneNatPoolConfigTable has an entry for each
nat-pool of ip addresses and ports configured on a particular zone."
::= { aluSecurityAdminObjs 6 }
aluZoneNatPoolConfigEntry OBJECT-TYPE
SYNTAX TZoneNatPoolConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular policy entry."
INDEX { aluZoneConfigId, aluZoneNatPoolConfigId }
::= { aluZoneNatPoolConfigTable 1 }
TZoneNatPoolConfigEntry ::= SEQUENCE {
aluZoneNatPoolConfigId Unsigned32,
aluZoneNatPoolConfigName TNamedItemOrEmpty,
aluZoneNatPoolConfigRowStatus RowStatus,
aluZoneNatPoolConfigDescription TItemDescription,
aluZoneNatPoolConfigType TPoolType,
aluZoneNatPoolConfigDirection INTEGER
}
aluZoneNatPoolConfigId OBJECT-TYPE
SYNTAX Unsigned32 (1..100)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluZoneNatPoolConfigId
specifies the unique id of the NAT-Pool entries within the zone."
::= { aluZoneNatPoolConfigEntry 1 }
aluZoneNatPoolConfigName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluZoneNatPoolConfigName
specifies the name of the NAT Pool."
::= { aluZoneNatPoolConfigEntry 2 }
aluZoneNatPoolConfigRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluZoneNatPoolConfigRowStatus specifies the
row status. It allows entries to be created and deleted in the
aluZoneNatPoolConfigTable. aluZoneNatPoolConfigRowStatus
does not support createAndWait. The status can only be active
or notInService."
::= { aluZoneNatPoolConfigEntry 3 }
aluZoneNatPoolConfigDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Description of this nat pool."
DEFVAL { ''H }
::= { aluZoneNatPoolConfigEntry 4 }
aluZoneNatPoolConfigType OBJECT-TYPE
SYNTAX TPoolType
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Specifies if this pool is direct-mapped or pooled."
DEFVAL { srcNatPool }
::= { aluZoneNatPoolConfigEntry 5 }
aluZoneNatPoolConfigDirection OBJECT-TYPE
SYNTAX INTEGER {
unknown (0),
zoneInbound (1),
zoneOutbound (2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Specifies the zone ."
DEFVAL { unknown }
::= { aluZoneNatPoolConfigEntry 6 }
--
-- NAT Pool Params Configuration Table
--
aluZoneNatPoolParamsConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF TZoneNatPoolParamsConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluZoneNatPoolParamsConfigTable has an entry NAT Pool
params entry configured on this system."
::= { aluSecurityAdminObjs 7 }
aluZoneNatPoolParamsConfigEntry OBJECT-TYPE
SYNTAX TZoneNatPoolParamsConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular NAT Pool params entry."
INDEX { aluZoneConfigId, aluZoneNatPoolConfigId,
aluZoneNatPoolParamsConfigEntryId }
::= { aluZoneNatPoolParamsConfigTable 1 }
TZoneNatPoolParamsConfigEntry ::= SEQUENCE {
aluZoneNatPoolParamsConfigEntryId Unsigned32,
aluZoneNatPoolParamsConfigRowStatus RowStatus,
aluZoneNatPoolParamsConfigIPAddrValue1 IpAddress,
aluZoneNatPoolParamsConfigIPAddrValue2 IpAddress,
aluZoneNatPoolParamsConfigIPOperator TIPOperator,
aluZoneNatPoolParamsConfigIPInterfaceIndex InterfaceIndexOrZero,
aluZoneNatPoolParamsConfigPortOperator TTcpUdpPortOperator,
aluZoneNatPoolParamsConfigPortValue1 TTcpUdpPort,
aluZoneNatPoolParamsConfigPortValue2 TTcpUdpPort
}
aluZoneNatPoolParamsConfigEntryId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of aluZoneNatPoolParamsConfigEntryId specifies the
3rd index for the entry."
::= { aluZoneNatPoolParamsConfigEntry 1 }
aluZoneNatPoolParamsConfigRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluZoneNatPoolParamsConfigRowStatus specifies the
row status. It allows entries to be created and deleted in the
aluZoneNatPoolParamsConfigTable."
::= { aluZoneNatPoolParamsConfigEntry 2 }
aluZoneNatPoolParamsConfigIPAddrValue1 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object
aluZoneNatPoolParamsConfigIPAddrValue1 specifies
the starting range of IP address of the NAT pool."
DEFVAL { '00000000'H }
::= { aluZoneNatPoolParamsConfigEntry 3 }
aluZoneNatPoolParamsConfigIPAddrValue2 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object
aluZoneNatPoolParamsConfigIPAddrValue2 specifies
the ending range of IP address of the NAT pool."
DEFVAL { '00000000'H }
::= { aluZoneNatPoolParamsConfigEntry 4 }
aluZoneNatPoolParamsConfigIPOperator OBJECT-TYPE
SYNTAX TIPOperator
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The operator specifies the manner in which
aluZoneNatPoolParamsConfigIPAddrValue1 and
aluZoneNatPoolParamsConfigIPAddrValue2
are to be used. The value of these below 2 objects and
aluZoneNatPoolParamsConfigIPOperator is used as described in
TIPOperator."
DEFVAL { none }
::= { aluZoneNatPoolParamsConfigEntry 5 }
aluZoneNatPoolParamsConfigIPInterfaceIndex OBJECT-TYPE
SYNTAX InterfaceIndexOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The aluZoneNatPoolParamsConfigIPInterfaceIndex specifies
the index of the interface that the primary-address of that
interface is to be used in the NAT pool.
The interface must exist in the same vRtr that the NAT pool
resides."
DEFVAL { 0 }
::= { aluZoneNatPoolParamsConfigEntry 6 }
aluZoneNatPoolParamsConfigPortOperator OBJECT-TYPE
SYNTAX TTcpUdpPortOperator
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The operator specifies the manner in which
aluZoneNatPoolParamsConfigPortValue1 and
aluZoneNatPoolParamsConfigPortValue2
are to be used. The value of these below 2 objects and
aluZoneNatPoolParamsConfigPortOperator is used as described in
TTcpUdpPortOperator."
DEFVAL { none }
::= { aluZoneNatPoolParamsConfigEntry 7 }
aluZoneNatPoolParamsConfigPortValue1 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION "TCP/UDP port value1. The value of this object is used as per the
description for aluZoneNatPoolParamsConfigPortOperator."
DEFVAL { 0 }
::= { aluZoneNatPoolParamsConfigEntry 8 }
aluZoneNatPoolParamsConfigPortValue2 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION "TCP/UDP port value2. The value of this object is used as per the
description for aluZoneNatPoolParamsConfigPortOperator."
DEFVAL { 0 }
::= { aluZoneNatPoolParamsConfigEntry 9 }
--
-- Security Policy Configuration Table
--
aluSecPlcyConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecPlcyConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecPlcyConfigTable has an entry for each
security policy configured globally on this system."
::= { aluSecurityAdminObjs 8 }
aluSecPlcyConfigEntry OBJECT-TYPE
SYNTAX TSecPlcyConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular security policy."
INDEX { aluSecPlcyConfigId }
::= { aluSecPlcyConfigTable 1 }
TSecPlcyConfigEntry ::= SEQUENCE {
aluSecPlcyConfigId Unsigned32,
aluSecPlcyConfigRowStatus RowStatus,
aluSecPlcyConfigName TNamedItemOrEmpty,
aluSecPlcyConfigDescription TItemDescription
}
aluSecPlcyConfigId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluSecPlcyConfigId
specifies the unique policy id."
::= { aluSecPlcyConfigEntry 1 }
aluSecPlcyConfigRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluSecPlcyConfigRowStatus specifies the
row status. It allows entries to be created and deleted in the
aluSecPlcyConfigTable."
::= { aluSecPlcyConfigEntry 2 }
aluSecPlcyConfigName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Name of the security policy."
DEFVAL { ''H }
::= { aluSecPlcyConfigEntry 3 }
aluSecPlcyConfigDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Description of this security policy."
DEFVAL { ''H }
::= { aluSecPlcyConfigEntry 4 }
--
-- Security Policy Params Configuration Table
--
aluSecPlcyParamsConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecPlcyParamsConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecPlcyParamsConfigTable has an entry for each
rule configured as part of a security policy."
::= { aluSecurityAdminObjs 9 }
aluSecPlcyParamsConfigEntry OBJECT-TYPE
SYNTAX TSecPlcyParamsConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular rule entry."
INDEX { aluSecPlcyConfigId,
aluSecPlcyParamsConfigRuleId }
::= { aluSecPlcyParamsConfigTable 1 }
TSecPlcyParamsConfigEntry ::= SEQUENCE {
aluSecPlcyParamsConfigRuleId Unsigned32,
aluSecPlcyParamsConfigRowStatus RowStatus,
aluSecPlcyParamsConfigDescription TItemDescription,
aluSecPlcyParamsConfigMatchSrcIPAddrValue1 IpAddress,
aluSecPlcyParamsConfigMatchSrcIPAddrValue2 IpAddress,
aluSecPlcyParamsConfigMatchSrcIPOperator TIPOperator,
aluSecPlcyParamsConfigMatchSrcIPHostGroup Unsigned32,
aluSecPlcyParamsConfigMatchDstIPAddrValue1 IpAddress,
aluSecPlcyParamsConfigMatchDstIPAddrValue2 IpAddress,
aluSecPlcyParamsConfigMatchDstIPOperator TIPOperator,
aluSecPlcyParamsConfigMatchDstIPHostGroup Unsigned32,
aluSecPlcyParamsConfigMatchProtocol TIpProtocol,
aluSecPlcyParamsConfigMatchSrcPortValue1 TTcpUdpPort,
aluSecPlcyParamsConfigMatchSrcPortValue2 TTcpUdpPort,
aluSecPlcyParamsConfigMatchSrcPortOp TOperator,
aluSecPlcyParamsConfigMatchDstPortValue1 TTcpUdpPort,
aluSecPlcyParamsConfigMatchDstPortValue2 TTcpUdpPort,
aluSecPlcyParamsConfigMatchDstPortOp TOperator,
aluSecPlcyParamsConfigMatchAppGroup Unsigned32,
aluSecPlcyParamsConfigMatchIcmpCode INTEGER,
aluSecPlcyParamsConfigMatchIcmpType INTEGER,
aluSecPlcyParamsConfigMatchIgmpType INTEGER,
aluSecPlcyParamsConfigMatchFlowDirection INTEGER,
aluSecPlcyParamsConfigProfileId Unsigned32,
aluSecPlcyParamsConfigConcurrentFlowLimit Unsigned32,
aluSecPlcyParamsConfigCreateRevDirFlow TruthValue,
aluSecPlcyParamsConfigAction INTEGER,
aluSecPlcyParamsConfigMatchLocal TruthValue,
aluSecPlcyParamsConfigActionNatDstIPAddr IpAddress,
aluSecPlcyParamsConfigActionNatDstPort TTcpUdpPort,
aluSecPlcyParamsConfigLogControl INTEGER,
aluSecPlcyParamsConfigLogId TSecurityLogId
}
aluSecPlcyParamsConfigRuleId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of aluSecPlcyParamsConfigRuleId specifies the
index of the rule within the security policy."
::= { aluSecPlcyParamsConfigEntry 1 }
aluSecPlcyParamsConfigRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluSecPlcyParamsConfigRowStatus specifies the
row status. It allows entries to be created and deleted in the
aluSecPlcyParamsConfigTable."
::= { aluSecPlcyParamsConfigEntry 2 }
aluSecPlcyParamsConfigDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Description of this rule."
DEFVAL { ''H }
::= { aluSecPlcyParamsConfigEntry 3 }
aluSecPlcyParamsConfigMatchSrcIPAddrValue1 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecPlcyParamsConfigMatchSrcIPAddrValue1
specifies the source IP address of the packets to be filltered.
When configured and activated, This filter will be
applied to all IP packets whose source-ip must match the Value"
DEFVAL { '00000000'H }
::= { aluSecPlcyParamsConfigEntry 4 }
aluSecPlcyParamsConfigMatchSrcIPAddrValue2 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecPlcyParamsConfigMatchSrcIPAddrValue2
specifies the source IP address of the packets to be filltered.
When configured and activated, This filter will be
applied to all IP packets whose source-ip must match the Value"
DEFVAL { '00000000'H }
::= { aluSecPlcyParamsConfigEntry 5 }
aluSecPlcyParamsConfigMatchSrcIPOperator OBJECT-TYPE
SYNTAX TIPOperator
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The operator specifies the manner in which
aluSecPlcyParamsConfigMatchSrcIPAddrValue1 and
aluSecPlcyParamsConfigMatchSrcIPAddrValue2
are to be used. The value of these below 2 objects and
aluSecPlcyParamsConfigMatchSrcIPOperator is used as described in
TIPOperator."
DEFVAL { none }
::= { aluSecPlcyParamsConfigEntry 6 }
aluSecPlcyParamsConfigMatchSrcIPHostGroup OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecPlcyParamsConfigMatchSrcIPHostGroup
specifies the host group name, where the group name is a collection
of IP addresses. When configured and activated, filter
policy will be applied to all IP packets whose
source-ip must be within this host group name's IP addresses"
DEFVAL { 0 }
::= { aluSecPlcyParamsConfigEntry 7 }
aluSecPlcyParamsConfigMatchDstIPAddrValue1 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecPlcyParamsConfigMatchDstIPAddrValue1
specifies the source IP address of the packets to be filltered.
When configured and activated, This filter will be
applied to all IP packets whose source-ip must match the Value"
DEFVAL { '00000000'H }
::= { aluSecPlcyParamsConfigEntry 8 }
aluSecPlcyParamsConfigMatchDstIPAddrValue2 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecPlcyParamsConfigMatchDstIPAddrValue2
specifies the source IP address of the packets to be filltered.
When configured and activated, This filter will be
applied to all IP packets whose source-ip must match the Value"
DEFVAL { '00000000'H }
::= { aluSecPlcyParamsConfigEntry 9 }
aluSecPlcyParamsConfigMatchDstIPOperator OBJECT-TYPE
SYNTAX TIPOperator
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The operator specifies the manner in which
aluSecPlcyParamsConfigMatchDstIPAddrValue1 and
aluSecPlcyParamsConfigMatchDstIPAddrValue2
are to be used. The value of these below 2 objects and
aluSecPlcyParamsConfigMatchDstIPOperator is used as described in
TIPOperator."
DEFVAL { none }
::= { aluSecPlcyParamsConfigEntry 10 }
aluSecPlcyParamsConfigMatchDstIPHostGroup OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecPlcyParamsConfigMatchDstIPHostGroup
specifies the host group name, where the group name is a collection
of IP addresses. When configured and activated, filter
policy will be applied to all IP packets whose
source-ip must be within this host group name's IP addresses"
DEFVAL { 0 }
::= { aluSecPlcyParamsConfigEntry 11 }
aluSecPlcyParamsConfigMatchProtocol OBJECT-TYPE
SYNTAX TIpProtocol
MAX-ACCESS read-create
STATUS current
DESCRIPTION "IP protocol to match. set to -1 to disable matching IP protocol. If
the protocol is changed the protocol specific parameters are reset."
DEFVAL { -1 }
::= { aluSecPlcyParamsConfigEntry 12 }
aluSecPlcyParamsConfigMatchSrcPortValue1 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Source TCP/UDP port value."
DEFVAL { 0 }
::= { aluSecPlcyParamsConfigEntry 13 }
aluSecPlcyParamsConfigMatchSrcPortValue2 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Source TCP/UDP port value."
DEFVAL { 0 }
::= { aluSecPlcyParamsConfigEntry 14 }
aluSecPlcyParamsConfigMatchSrcPortOp OBJECT-TYPE
SYNTAX TOperator
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Source TCP/UDP port operator."
DEFVAL { none }
::= { aluSecPlcyParamsConfigEntry 15 }
aluSecPlcyParamsConfigMatchDstPortValue1 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Destination TCP/UDP port value."
DEFVAL { 0 }
::= { aluSecPlcyParamsConfigEntry 16 }
aluSecPlcyParamsConfigMatchDstPortValue2 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Destination TCP/UDP port value."
DEFVAL { 0 }
::= { aluSecPlcyParamsConfigEntry 17 }
aluSecPlcyParamsConfigMatchDstPortOp OBJECT-TYPE
SYNTAX TOperator
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Destination TCP/UDP port operator."
DEFVAL { none }
::= { aluSecPlcyParamsConfigEntry 18 }
aluSecPlcyParamsConfigMatchAppGroup OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecPlcyParamsConfigMatchAppGroup
specifies the application group name, where the group name is a
collection of protocol-id/src port/dest port. When configured
and activated, this filter will be applied for
all IP packets whose protocol value, src port and dest port
must match this service group tuple"
DEFVAL { 0 }
::= { aluSecPlcyParamsConfigEntry 19 }
aluSecPlcyParamsConfigMatchIcmpCode OBJECT-TYPE
SYNTAX INTEGER (-1|0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Icmp code to be matched. aluSecPlcyParamsConfigMatchIcmpCode
complements the object aluSecPlcyParamsConfigMatchIcmpType.
Both of them need to be set to actually
enable ICMP matching. The value -1 means Icmp code matching is not
enabled."
DEFVAL { -1 }
::= { aluSecPlcyParamsConfigEntry 20 }
aluSecPlcyParamsConfigMatchIcmpType OBJECT-TYPE
SYNTAX INTEGER (-1|0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Icmp type to be matched. aluSecPlcyParamsConfigMatchIcmpType
complements the object aluSecPlcyParamsConfigMatchIcmpCode.
Both of them need to be set to actually
enable ICMP matching. The value -1 means Icmp code matching is not
enabled."
DEFVAL { -1 }
::= { aluSecPlcyParamsConfigEntry 21 }
aluSecPlcyParamsConfigMatchIgmpType OBJECT-TYPE
SYNTAX INTEGER (-1|0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Type of IGMP to be configured"
DEFVAL { -1 }
::= { aluSecPlcyParamsConfigEntry 22 }
aluSecPlcyParamsConfigMatchFlowDirection OBJECT-TYPE
SYNTAX INTEGER {
zoneInbound (1),
zoneOutbound (2),
both (3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION "This object specifies the direction of the packet flow
for which the security filter is to be applied.
in is equivalent to ingress flow,
out is equivalent to egress flow,
both is equivalent to both ingress and egress flow"
DEFVAL { both }
::= { aluSecPlcyParamsConfigEntry 23 }
aluSecPlcyParamsConfigProfileId OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies profile of this flow"
DEFVAL { 1 }
::= { aluSecPlcyParamsConfigEntry 24 }
aluSecPlcyParamsConfigConcurrentFlowLimit OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies the number of sessions (flows)
that can be active concurrently."
DEFVAL { 0 }
::= { aluSecPlcyParamsConfigEntry 25 }
aluSecPlcyParamsConfigCreateRevDirFlow OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluSecPlcyParamsConfigCreateRevDirFlow specifies
whether return direction of the session is created or not"
DEFVAL { true }
::= { aluSecPlcyParamsConfigEntry 26 }
aluSecPlcyParamsConfigAction OBJECT-TYPE
SYNTAX INTEGER {
forward (0),
drop (1),
nat (2),
reject (3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION "This object specifies whether the packet needs to be
passed or dropped if it satisfies the rule condition."
DEFVAL { reject }
::= { aluSecPlcyParamsConfigEntry 27 }
aluSecPlcyParamsConfigMatchLocal OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluSecPlcyParamsConfigMatchLocal specifies
whether to match traffic destined to node"
DEFVAL { false }
::= { aluSecPlcyParamsConfigEntry 28 }
aluSecPlcyParamsConfigActionNatDstIPAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecPlcyParamsConfigActionNatDstIPAddr
specifies the Dst IP address of the packet after NAT has been
performed"
DEFVAL { '00000000'H }
::= { aluSecPlcyParamsConfigEntry 29 }
aluSecPlcyParamsConfigActionNatDstPort OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION "NAT Destination TCP/UDP port value."
DEFVAL { 0 }
::= { aluSecPlcyParamsConfigEntry 30 }
aluSecPlcyParamsConfigLogControl OBJECT-TYPE
SYNTAX INTEGER {
suppress (1),
zone (2),
log (3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Log control for this rule. There are three options:
(1) suppress - (DEFAULT) Any events generated from this
rule will be suppressed.
(2) zone - Send any events generated from this rule
to the zone log-id (if configured).
(3) log-id - Send this rule to a specific log-id."
DEFVAL { suppress }
::= { aluSecPlcyParamsConfigEntry 31 }
aluSecPlcyParamsConfigLogId OBJECT-TYPE
SYNTAX TSecurityLogId
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Log for policy to be logged. This can only be set"
DEFVAL { 0 }
::= { aluSecPlcyParamsConfigEntry 32 }
--
-- Security Profile Configuration Table
--
aluSecProfileConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecProfileConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecProfileConfigTable has an entry for each
security profile configured globally on this system."
::= { aluSecurityAdminObjs 10 }
aluSecProfileConfigEntry OBJECT-TYPE
SYNTAX TSecProfileConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular security profile."
INDEX { aluSecProfileConfigId }
::= { aluSecProfileConfigTable 1 }
TSecProfileConfigEntry ::= SEQUENCE {
aluSecProfileConfigId Unsigned32,
aluSecProfileConfigRowStatus RowStatus,
aluSecProfileConfigName TNamedItemOrEmpty,
aluSecProfileConfigDescription TItemDescription,
aluSecProfileConfigTcpSynTimeout Unsigned32,
aluSecProfileConfigTcpWaitTimeout Unsigned32,
aluSecProfileConfigTcpTransTimeout Unsigned32,
aluSecProfileConfigTcpEstTimeout Unsigned32,
aluSecProfileConfigUdpTimeout Unsigned32,
aluSecProfileConfigUdpInitTimeout Unsigned32,
aluSecProfileConfigUdpDnsTimeout Unsigned32,
aluSecProfileConfigIcmpTimeout Unsigned32,
aluSecProfileConfigOtherTimeout Unsigned32,
aluSecProfileConfigAppInspect TruthValue,
aluSecProfileConfigInspectTcp TruthValue,
aluSecProfileConfigInspectIpOpt TruthValue,
aluSecProfileConfigAllowedIpOpt Unsigned32,
aluSecProfileConfigAllowPktFrag TruthValue,
aluSecProfileConfigAlg TAlgType,
aluSecProfileConfigIcmpReqLimit Unsigned32,
aluSecProfileConfigIcmpErrLimit TruthValue,
aluSecProfileConfigDnsReplyOnly TruthValue,
aluSecProfileConfigTcpTmoStrict TruthValue,
aluSecProfileConfigUdpTmoStrict TruthValue,
aluSecProfileConfigIcmpTmoStrict TruthValue,
aluSecProfileConfigDnsTmoStrict TruthValue,
aluSecProfileConfigOthTmoStrict TruthValue,
aluSecProfileConfigFwdPolicerId TSecurityPolicerId,
aluSecProfileConfigRevPolicerId TSecurityPolicerId
}
aluSecProfileConfigId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluSecProfileConfigId
specifies the unique profile id."
::= { aluSecProfileConfigEntry 1 }
aluSecProfileConfigRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluSecProfileConfigRowStatus specifies the
row status. It allows entries to be created and deleted in the
aluSecProfileConfigTable."
::= { aluSecProfileConfigEntry 2 }
aluSecProfileConfigName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Name of the security profile."
DEFVAL { ''H }
::= { aluSecProfileConfigEntry 3 }
aluSecProfileConfigDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Description of this security profile."
DEFVAL { ''H }
::= { aluSecProfileConfigEntry 4 }
aluSecProfileConfigTcpSynTimeout OBJECT-TYPE
SYNTAX Unsigned32 (6..86400)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds a
TCP session can wait for a SYN before being cleaned up."
DEFVAL { 15 }
::= { aluSecProfileConfigEntry 5 }
aluSecProfileConfigTcpWaitTimeout OBJECT-TYPE
SYNTAX Unsigned32 (0..240)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds a
TCP session can remain in time wait before being cleaned up."
DEFVAL { 0 }
::= { aluSecProfileConfigEntry 6 }
aluSecProfileConfigTcpTransTimeout OBJECT-TYPE
SYNTAX Unsigned32 (60..86400)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds a
TCP session can remain be transitory before being cleaned up."
DEFVAL { 240 }
::= { aluSecProfileConfigEntry 7 }
aluSecProfileConfigTcpEstTimeout OBJECT-TYPE
SYNTAX Unsigned32 (60..86400)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds a
TCP session has to reach established before being cleaned up."
DEFVAL { 7440 }
::= { aluSecProfileConfigEntry 8 }
aluSecProfileConfigUdpTimeout OBJECT-TYPE
SYNTAX Unsigned32 (60..86400)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds a
UDP session can remain idle before being cleaned up."
DEFVAL { 300 }
::= { aluSecProfileConfigEntry 9 }
aluSecProfileConfigUdpInitTimeout OBJECT-TYPE
SYNTAX Unsigned32 (10..300)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds a
UDP session can remain idle after recieving the first packet
before being cleaned up."
DEFVAL { 15 }
::= { aluSecProfileConfigEntry 10 }
aluSecProfileConfigUdpDnsTimeout OBJECT-TYPE
SYNTAX Unsigned32 (15..86400)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds a
DNS request can take to recieve a response
before being cleaned up."
DEFVAL { 15 }
::= { aluSecProfileConfigEntry 11 }
aluSecProfileConfigIcmpTimeout OBJECT-TYPE
SYNTAX Unsigned32 (60..240)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds an
ICMP request can take to recieve a response
before being cleaned up."
DEFVAL { 60 }
::= { aluSecProfileConfigEntry 12}
aluSecProfileConfigOtherTimeout OBJECT-TYPE
SYNTAX Unsigned32 (10..86400)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds other
protocol sessions can remain idle before being cleaned up.
This also includes all drop sessions regardless of protocol."
DEFVAL { 600 }
::= { aluSecProfileConfigEntry 13 }
aluSecProfileConfigAppInspect OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object indicates whether application assurance inspection
should be performed on all active connections with this profile."
DEFVAL { false }
::= { aluSecProfileConfigEntry 14 }
aluSecProfileConfigInspectTcp OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object indicates whether stict TCP inspection
should be performed on all active TCP connections with this profile.
aluSecProfileConfigAppInspect must be enabled before TCP inspection
can be enabled."
DEFVAL { false }
::= { aluSecProfileConfigEntry 15 }
aluSecProfileConfigInspectIpOpt OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object indicates whether IP options inspection
is to be performed. When 'true' the object aluSecProfileConfigAllowedIpOpt
is used to specify permitted options.
aluSecProfileConfigAppInspect must be enabled before IP inspection
can be enabled."
DEFVAL { false }
::= { aluSecProfileConfigEntry 16 }
aluSecProfileConfigAllowedIpOpt OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object indicates the bitmask of allowed IP options when IP
option inspection is enabled.
aluSecProfileConfigAppInspect must be enabled before IP inspection
can be enabled."
::= { aluSecProfileConfigEntry 17 }
aluSecProfileConfigAllowPktFrag OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object indicates whether fragmented IP packets are
permitted through connections with this profile."
DEFVAL { true }
::= { aluSecProfileConfigEntry 18 }
aluSecProfileConfigAlg OBJECT-TYPE
SYNTAX TAlgType
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object indicates the application layer
gateway processing to be performed on this connection."
DEFVAL { auto}
::= { aluSecProfileConfigEntry 19 }
aluSecProfileConfigIcmpReqLimit OBJECT-TYPE
SYNTAX Unsigned32 (0..254)
UNITS "packets"
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies the number of ICMP packets permitted
to travese the ICMP request session in each direction.
A value of 0 specifies that there is no packet limit.
aluSecProfileConfigAppInspect must be enabled before ICMP inspection
can be enabled."
DEFVAL { 0 }
::= { aluSecProfileConfigEntry 20}
aluSecProfileConfigIcmpErrLimit OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies the whether to limit the number of ICMP Type 3
packets that are permitted to travese the session in each direction.
aluSecProfileConfigAppInspect must be enabled before ICMP inspection
can be enabled."
DEFVAL { false }
::= { aluSecProfileConfigEntry 21}
aluSecProfileConfigDnsReplyOnly OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies whether to limit the number of DNS
packets that are permitted to travese a DNS session in each direction.
aluSecProfileConfigAppInspect must be enabled before DNS inspection
can be enabled."
DEFVAL { false }
::= { aluSecProfileConfigEntry 22}
aluSecProfileConfigTcpTmoStrict OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies if a TCP Session in the Established
state is strictly enforced to timeout after the Timeout setting regardless of
session activity. When'false' the session will not timeout until the session
has been idle for the timeout period."
DEFVAL { false }
::= { aluSecProfileConfigEntry 23}
aluSecProfileConfigUdpTmoStrict OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies if a UDP Session in the Established
state is strictly enforced to timeout after the Timeout setting regardless of
session activity. When'false' the session will not timeout until the session
has been idle for the timeout period."
DEFVAL { false }
::= { aluSecProfileConfigEntry 24}
aluSecProfileConfigIcmpTmoStrict OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies if a ICMP Request Session
is strictly enforced to timeout after the Timeout setting regardless of
session activity. When'false' the session will not timeout until the session
has been idle for the timeout period."
DEFVAL { true }
::= { aluSecProfileConfigEntry 25}
aluSecProfileConfigDnsTmoStrict OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies if a DNS Request Session
is strictly enforced to timeout after the Timeout setting regardless of
session activity. When'false' the session will not timeout until the session
has been idle for the timeout period."
DEFVAL { true }
::= { aluSecProfileConfigEntry 26}
aluSecProfileConfigOthTmoStrict OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies if a Other protocol session
is strictly enforced to timeout after the Timeout setting regardless of
session activity. When'false' the session will not timeout until the session
has been idle for the timeout period."
DEFVAL { false }
::= { aluSecProfileConfigEntry 27}
aluSecProfileConfigFwdPolicerId OBJECT-TYPE
SYNTAX TSecurityPolicerId
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies the policer group that the forward direction
of the session should be rate-limited with."
DEFVAL { 0 }
::= { aluSecProfileConfigEntry 28}
aluSecProfileConfigRevPolicerId OBJECT-TYPE
SYNTAX TSecurityPolicerId
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object specifies the policer group that the reverse direction
of the session should be rate-limited with."
DEFVAL { 0 }
::= { aluSecProfileConfigEntry 29}
--
-- System Level Information
--
aluSecPlcyLastCommit OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The last time the security policies were committed"
::= { aluSecurityAdminObjs 11 }
aluSecPlcyCount OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The number of security policies provisioned"
::= { aluSecurityAdminObjs 12 }
aluSecPlcyProfileCount OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The number of security profiles provisioned"
::= { aluSecurityAdminObjs 13 }
aluSecPlcyZoneCount OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The number of security zones provisioned"
::= { aluSecurityAdminObjs 14 }
aluSecActiveSessionCount OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The number of security sessions currently active"
::= { aluSecurityAdminObjs 15 }
aluSecActiveSessionLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The max number of concurrent security sessions
supported"
::= { aluSecurityAdminObjs 16 }
aluSecActiveSessionHiWtrMrk OBJECT-TYPE
SYNTAX Unsigned32 (0..100)
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The high water mark percentage for concurrent
security sessions"
DEFVAL { 0 }
::= { aluSecurityAdminObjs 17 }
aluSecActiveSessionLoWtrMrk OBJECT-TYPE
SYNTAX Unsigned32 (0..100)
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The low water mark percentage for concurrent
security sessions"
DEFVAL { 0 }
::= { aluSecurityAdminObjs 18 }
aluSecPlcyState OBJECT-TYPE
SYNTAX TPlcyState
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The state of the global security policy objects"
::= { aluSecurityAdminObjs 19 }
aluSecSessionResourceState OBJECT-TYPE
SYNTAX INTEGER {
unknown (0),
ok (1),
alarm (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The state of the security session resources.
The resource alarm state is detected when either the
high-watermark is crossed (if configured) or all
session resources have been exausted.
The resource alarm state is cleared when either the
low-watermark is crossed (if configured) or all
session have been cleared."
::= { aluSecurityAdminObjs 20 }
--
-- Security Host Group Configuration Table
--
aluSecHostGrpConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecHostGrpConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecHostGrpConfigTable has an entry for each
security host group configured globally on this system."
::= { aluSecurityAdminObjs 21}
aluSecHostGrpConfigEntry OBJECT-TYPE
SYNTAX TSecHostGrpConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular security host group."
INDEX { aluSecHostGrpConfigId }
::= { aluSecHostGrpConfigTable 1 }
TSecHostGrpConfigEntry ::= SEQUENCE {
aluSecHostGrpConfigId Unsigned32,
aluSecHostGrpConfigRowStatus RowStatus,
aluSecHostGrpConfigName TNamedItemOrEmpty,
aluSecHostGrpConfigDescription TItemDescription
}
aluSecHostGrpConfigId OBJECT-TYPE
SYNTAX Unsigned32 (1..100)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluSecHosTGrpConfigId
specifies the unique host group id."
::= { aluSecHostGrpConfigEntry 1 }
aluSecHostGrpConfigRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluSecHostGrpConfigRowStatus specifies the
row status. It allows entries to be created and deleted in the
aluSecHostGrpConfigTable."
::= { aluSecHostGrpConfigEntry 2 }
aluSecHostGrpConfigName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Name of the security host group."
DEFVAL { ''H }
::= { aluSecHostGrpConfigEntry 3 }
aluSecHostGrpConfigDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Description of this security host group."
DEFVAL { ''H }
::= { aluSecHostGrpConfigEntry 4 }
--
-- Security Host Table
--
aluSecHostConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecHostConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecHostConfigTable has an entry for each
rule configured as part of a security host."
::= { aluSecurityAdminObjs 22 }
aluSecHostConfigEntry OBJECT-TYPE
SYNTAX TSecHostConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular host entry."
INDEX { aluSecHostGrpConfigId,
aluSecHostConfigIPAddrValue1 }
::= { aluSecHostConfigTable 1 }
TSecHostConfigEntry ::= SEQUENCE {
aluSecHostConfigIPAddrValue1 IpAddress,
aluSecHostConfigRowStatus RowStatus,
aluSecHostConfigIPAddrValue2 IpAddress,
aluSecHostConfigIPOperator TIPOperator
}
aluSecHostConfigIPAddrValue1 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluSecHostConfigIPAddrValue1
specifies the IP address of hosts in this group."
::= { aluSecHostConfigEntry 1 }
aluSecHostConfigRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluSecHostConfigRowStatus specifies the
row status. It allows entries to be created and deleted in the
aluSecHostConfigTable."
::= { aluSecHostConfigEntry 2 }
aluSecHostConfigIPAddrValue2 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecHostConfigIPAddrValue2
specifies the 2nd IP address of a range of hosts."
DEFVAL { '00000000'H }
::= { aluSecHostConfigEntry 3 }
aluSecHostConfigIPOperator OBJECT-TYPE
SYNTAX TIPOperator
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The operator specifies the manner in which
aluSecHostConfigIPAddrValue1 and
aluSecHostConfigIPAddrValue2
are to be used. The value of these below 2 objects and
aluSecHostConfigIPOperator is used as described in
TIPOperator."
DEFVAL { none }
::= { aluSecHostConfigEntry 4 }
--
-- Security Application Group Configuration Table
--
aluSecAppGrpConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecAppGrpConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecAppGrpConfigTable has an entry for each
security application group configured globally on this system."
::= { aluSecurityAdminObjs 23}
aluSecAppGrpConfigEntry OBJECT-TYPE
SYNTAX TSecAppGrpConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular security app group."
INDEX { aluSecAppGrpConfigId }
::= { aluSecAppGrpConfigTable 1 }
TSecAppGrpConfigEntry ::= SEQUENCE {
aluSecAppGrpConfigId Unsigned32,
aluSecAppGrpConfigRowStatus RowStatus,
aluSecAppGrpConfigName TNamedItemOrEmpty,
aluSecAppGrpConfigDescription TItemDescription
}
aluSecAppGrpConfigId OBJECT-TYPE
SYNTAX Unsigned32 (1..100)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluSecAppGrpConfigId
specifies the unique application group id."
::= { aluSecAppGrpConfigEntry 1 }
aluSecAppGrpConfigRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluSecAppGrpConfigRowStatus specifies the
row status. It allows entries to be created and deleted in the
aluSecAppGrpConfigTable."
::= { aluSecAppGrpConfigEntry 2 }
aluSecAppGrpConfigName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Name of the security application group."
DEFVAL { ''H }
::= { aluSecAppGrpConfigEntry 3 }
aluSecAppGrpConfigDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Description of this security application group."
DEFVAL { ''H }
::= { aluSecAppGrpConfigEntry 4 }
--
-- Security Application Table
--
aluSecAppConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecAppConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecAppConfigTable has an entry for each
rule configured as part of a security application."
::= { aluSecurityAdminObjs 24 }
aluSecAppConfigEntry OBJECT-TYPE
SYNTAX TSecAppConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular host entry."
INDEX { aluSecAppGrpConfigId,
aluSecAppConfigEntryId }
::= { aluSecAppConfigTable 1 }
TSecAppConfigEntry ::= SEQUENCE {
aluSecAppConfigEntryId Unsigned32,
aluSecAppConfigRowStatus RowStatus,
aluSecAppConfigMatchProtocol TIpProtocol,
aluSecAppConfigMatchSrcPortValue1 TTcpUdpPort,
aluSecAppConfigMatchSrcPortValue2 TTcpUdpPort,
aluSecAppConfigMatchSrcPortOp TOperator,
aluSecAppConfigMatchDstPortValue1 TTcpUdpPort,
aluSecAppConfigMatchDstPortValue2 TTcpUdpPort,
aluSecAppConfigMatchDstPortOp TOperator,
aluSecAppConfigMatchIcmpCode INTEGER,
aluSecAppConfigMatchIcmpType INTEGER
}
aluSecAppConfigEntryId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of aluSecAppConfigEntryId specifies the
index of the entry within the security app group."
::= { aluSecAppConfigEntry 1 }
aluSecAppConfigRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluSecAppConfigRowStatus specifies the
row status. It allows entries to be created and deleted in the
aluSecAppConfigTable."
::= { aluSecAppConfigEntry 2 }
aluSecAppConfigMatchProtocol OBJECT-TYPE
SYNTAX TIpProtocol
MAX-ACCESS read-create
STATUS current
DESCRIPTION "IP protocol to match. set to -1 to disable matching IP protocol. If
the protocol is changed the protocol specific parameters are reset."
DEFVAL { -1 }
::= { aluSecAppConfigEntry 3 }
aluSecAppConfigMatchSrcPortValue1 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Source TCP/UDP port value."
DEFVAL { 0 }
::= { aluSecAppConfigEntry 4 }
aluSecAppConfigMatchSrcPortValue2 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Source TCP/UDP port value."
DEFVAL { 0 }
::= { aluSecAppConfigEntry 5 }
aluSecAppConfigMatchSrcPortOp OBJECT-TYPE
SYNTAX TOperator
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Source TCP/UDP port operator."
DEFVAL { none }
::= { aluSecAppConfigEntry 6 }
aluSecAppConfigMatchDstPortValue1 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Destination TCP/UDP port value."
DEFVAL { 0 }
::= { aluSecAppConfigEntry 7 }
aluSecAppConfigMatchDstPortValue2 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Destination TCP/UDP port value."
DEFVAL { 0 }
::= { aluSecAppConfigEntry 8 }
aluSecAppConfigMatchDstPortOp OBJECT-TYPE
SYNTAX TOperator
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Destination TCP/UDP port operator."
DEFVAL { none }
::= { aluSecAppConfigEntry 9 }
aluSecAppConfigMatchIcmpCode OBJECT-TYPE
SYNTAX INTEGER (-1|0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Icmp code to be matched. aluSecAppConfigMatchIcmpCode
complements the object aluSecAppConfigMatchIcmpType.
Both of them need to be set to actually
enable ICMP matching. The value -1 means Icmp code matching is not
enabled."
DEFVAL { -1 }
::= { aluSecAppConfigEntry 10 }
aluSecAppConfigMatchIcmpType OBJECT-TYPE
SYNTAX INTEGER (-1|0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Icmp type to be matched. aluSecAppConfigMatchIcmpType
complements the object aluSecPlcyParamsConfigMatchIcmpCode.
Both of them need to be set to actually
enable ICMP matching. The value -1 means Icmp code matching is not
enabled."
DEFVAL { -1 }
::= { aluSecAppConfigEntry 11 }
--
-- Security Policer Group Configuration Table
--
aluSecPolicerGrpConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecPolicerGrpConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecPolcierGrpConfigTable has an entry for each
security policer group configured globally on this system."
::= { aluSecurityAdminObjs 25}
aluSecPolicerGrpConfigEntry OBJECT-TYPE
SYNTAX TSecPolicerGrpConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular security app group."
INDEX { aluSecPolicerGrpConfigId }
::= { aluSecPolicerGrpConfigTable 1 }
TSecPolicerGrpConfigEntry ::= SEQUENCE {
aluSecPolicerGrpConfigId Unsigned32,
aluSecPolicerGrpConfigRowStatus RowStatus,
aluSecPolicerGrpConfigName TNamedItemOrEmpty,
aluSecPolicerGrpConfigDescription TItemDescription,
aluSecPolicerGrpConfigRate Integer32,
aluSecPolicerGrpConfigRateCbs Unsigned32
}
aluSecPolicerGrpConfigId OBJECT-TYPE
SYNTAX Unsigned32 (1..1024)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluSecPolicerGrpConfigId
specifies the unique policer group id."
::= { aluSecPolicerGrpConfigEntry 1 }
aluSecPolicerGrpConfigRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluSecPolicerGrpConfigRowStatus specifies the
row status. It allows entries to be created and deleted in the
aluSecPolicerGrpConfigTable."
::= { aluSecPolicerGrpConfigEntry 2 }
aluSecPolicerGrpConfigName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Name of the security policer group."
DEFVAL { ''H }
::= { aluSecPolicerGrpConfigEntry 3 }
aluSecPolicerGrpConfigDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Description of this security policer group."
DEFVAL { ''H }
::= { aluSecPolicerGrpConfigEntry 4 }
aluSecPolicerGrpConfigRate OBJECT-TYPE
SYNTAX Integer32 (-1 | 1..10000)
UNITS "mega-bits per second"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The aluSecPolicerGrpConfigRate object specifies the maximum ingress
bandwidth (in mega-bits per second) that the policer can receive.
A value of -1 means that no policing will be performed."
DEFVAL { -1 }
::= { aluSecPolicerGrpConfigEntry 14 }
aluSecPolicerGrpConfigRateCbs OBJECT-TYPE
SYNTAX Unsigned32 (1..130816)
UNITS "bytes"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"aluSecPolicerGrpConfigRateCbs specifies the committed burst size that hard policer can accept while complying
to the ingress rate aluSecPolicerGrpConfigRate.
aluSecPolicerGrpConfigRateCbs is not applicable when aluSecPolicerGrpConfigRate is -1.
Setting aluSecPolicerGrpConfigRate to -1 causes aluPortEtherIngressRateCbs of the port
to revert back to its default value.
aluSecPolicerGrpConfigRateCbs be configured in multiples of 256 bytes."
DEFVAL { 130816 }
::= { aluSecPolicerGrpConfigEntry 17}
aluSecTotalSessionCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The number of security sessions ever created"
::= { aluSecurityAdminObjs 26 }
--
-- Operational Table
--
aluZoneOperTable OBJECT-TYPE
SYNTAX SEQUENCE OF TZoneOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluZoneOperTable has an entry for each zone
configured on this system."
::= { aluSecurityOperObjs 1 }
aluZoneOperEntry OBJECT-TYPE
SYNTAX TZoneOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular zone."
INDEX { aluZoneOperId }
::= { aluZoneOperTable 1 }
TZoneOperEntry ::= SEQUENCE {
aluZoneOperId Unsigned32,
aluZoneOperName TNamedItemOrEmpty,
aluZoneOperBypass TruthValue,
aluZoneOperDescription TItemDescription,
aluZoneOperPlcyRuleCount Gauge32,
aluZoneOperType TZoneType,
aluZoneOperSvcId TmnxServId,
aluZoneOperInSessionCount Counter64,
aluZoneOperInActiveSessions Gauge32,
aluZoneOperOutSessionCount Counter64,
aluZoneOperOutActiveSessions Gauge32,
aluZoneOperInPktsDropped Counter64,
aluZoneOperInBytesDropped Counter64,
aluZoneOperOutPktsDropped Counter64,
aluZoneOperOutBytesDropped Counter64,
aluZoneOperInPktsDefAction Counter64,
aluZoneOperInBytesDefAction Counter64,
aluZoneOperOutPktsDefAction Counter64,
aluZoneOperOutBytesDefAction Counter64,
aluZoneOperPlcyLastCommit TimeStamp,
aluZoneOperInTcpSessLimit Unsigned32,
aluZoneOperInUdpSessLimit Unsigned32,
aluZoneOperInIcmpSessLimit Unsigned32,
aluZoneOperInOthSessLimit Unsigned32,
aluZoneOperOutTcpSessLimit Unsigned32,
aluZoneOperOutUdpSessLimit Unsigned32,
aluZoneOperOutIcmpSessLimit Unsigned32,
aluZoneOperOutOthSessLimit Unsigned32,
aluZoneOperInTcpActSessions Gauge32,
aluZoneOperInUdpActSessions Gauge32,
aluZoneOperInIcmpActSessions Gauge32,
aluZoneOperInOthActSessions Gauge32,
aluZoneOperOutTcpActSessions Gauge32,
aluZoneOperOutUdpActSessions Gauge32,
aluZoneOperOutIcmpActSessions Gauge32,
aluZoneOperOutOthActSessions Gauge32,
aluZoneOperLogId Unsigned32,
aluZoneOperAutoBind TruthValue,
aluZoneOperInFwdAction Counter64,
aluZoneOperOutFwdAction Counter64,
aluZoneOperInNatAction Counter64,
aluZoneOperOutNatAction Counter64,
aluZoneOperInDropAction Counter64,
aluZoneOperOutDropAction Counter64
}
aluZoneOperId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluZoneOperId
specifies the unique id of the Zone in the system."
::= { aluZoneOperEntry 1 }
aluZoneOperName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperName
specifies the name of the Zone in the system."
::= { aluZoneOperEntry 2 }
aluZoneOperBypass OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZoneOperBypass specifies whether this zone is being bypassed."
::= { aluZoneOperEntry 3 }
aluZoneOperDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Description about this zone."
::= { aluZoneOperEntry 4 }
aluZoneOperPlcyRuleCount OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZoneOperPlcyRuleCount indicates the number of rules that
this policy contains based on the security policies activated on this zone."
::= { aluZoneOperEntry 5 }
aluZoneOperType OBJECT-TYPE
SYNTAX TZoneType
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Indicates the type of zone."
::= { aluZoneOperEntry 6 }
aluZoneOperSvcId OBJECT-TYPE
SYNTAX TmnxServId
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Specifies the service this zone belongs to when zone type is 'service'."
::= { aluZoneOperEntry 7 }
aluZoneOperInSessionCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperInSessionCount
indicates the total number of inbound sessions ever established for
this zone."
::= { aluZoneOperEntry 8 }
aluZoneOperInActiveSessions OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperInActiveSessions
indicates the number of currently active inbound sessions for
this zone."
::= { aluZoneOperEntry 9 }
aluZoneOperOutSessionCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperOutSessionCount
indicates the total number of outbound sessions ever established for
this zone."
::= { aluZoneOperEntry 10 }
aluZoneOperOutActiveSessions OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperOutActiveSessions
indicates the number of currently active outbound sessions for
this zone."
::= { aluZoneOperEntry 11 }
aluZoneOperInPktsDropped OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The number of inbound packets dropped due to policy."
::= { aluZoneOperEntry 12 }
aluZoneOperInBytesDropped OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION "The number of inbound bytes dropped due to policy."
::= { aluZoneOperEntry 13 }
aluZoneOperOutPktsDropped OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The number of outbound packets dropped due to policy."
::= { aluZoneOperEntry 14 }
aluZoneOperOutBytesDropped OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION "The number of outbound bytes dropped due to policy."
::= { aluZoneOperEntry 15 }
aluZoneOperInPktsDefAction OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The number of inbound packets that the default
action was applied."
::= { aluZoneOperEntry 16 }
aluZoneOperInBytesDefAction OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION "The number of inbound bytes that the default
action was applied."
::= { aluZoneOperEntry 17 }
aluZoneOperOutPktsDefAction OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The number of outbound packets that the default
action was applied."
::= { aluZoneOperEntry 18 }
aluZoneOperOutBytesDefAction OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION "The number of outbound bytes that the default
action was applied."
::= { aluZoneOperEntry 19 }
aluZoneOperPlcyLastCommit OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The last time a commit was performed on this zone."
::= { aluZoneOperEntry 20 }
aluZoneOperInTcpSessLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperInTcpSessLimit
indicates the number of permitted active in sessions with
protocol TCP."
::= { aluZoneOperEntry 21 }
aluZoneOperInUdpSessLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperInUdpSessLimit
indicates the number of permitted active in sessions with
protocol UDP."
::= { aluZoneOperEntry 22 }
aluZoneOperInIcmpSessLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOpeInrIcmpSessLimit
indicates the number of permitted active in sessions with
protocol ICMP."
::= { aluZoneOperEntry 23 }
aluZoneOperInOthSessLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperInOthSessLimit
indicates the number of permitted active in sessions of all
other protocols."
::= { aluZoneOperEntry 24 }
aluZoneOperOutTcpSessLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperInTcpSessLimit
indicates the number of permitted active outsessions with
protocol TCP."
::= { aluZoneOperEntry 25 }
aluZoneOperOutUdpSessLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperInUdpSessLimit
indicates the number of permitted active out sessions with
protocol UDP."
::= { aluZoneOperEntry 26 }
aluZoneOperOutIcmpSessLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOpeInrIcmpSessLimit
indicates the number of permitted active out sessions with
protocol ICMP."
::= { aluZoneOperEntry 27 }
aluZoneOperOutOthSessLimit OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperInOthSessLimit
indicates the number of permitted active out sessions of all
other protocols."
::= { aluZoneOperEntry 28 }
aluZoneOperInTcpActSessions OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneInOperTcpActSessions
indicates the number of active sessions with
protocol TCP."
::= { aluZoneOperEntry 29 }
aluZoneOperInUdpActSessions OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneInOperUdpActSessions
indicates the number of active sessions with
protocol UDP."
::= { aluZoneOperEntry 30 }
aluZoneOperInIcmpActSessions OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperInIcmpActSessions
indicates the number of active sessions with
protocol ICMP."
::= { aluZoneOperEntry 31 }
aluZoneOperInOthActSessions OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperInOthActiveSessions
indicates the number of active sessions of all
other protocols."
::= { aluZoneOperEntry 32 }
aluZoneOperOutTcpActSessions OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperOutTcpActSessions
indicates the number of active sessions with
protocol TCP."
::= { aluZoneOperEntry 33 }
aluZoneOperOutUdpActSessions OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperUdpActSessions
indicates the number of active sessions with
protocol UDP."
::= { aluZoneOperEntry 34 }
aluZoneOperOutIcmpActSessions OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperOutIcmpActSessions
indicates the number of active sessions with
protocol ICMP."
::= { aluZoneOperEntry 35 }
aluZoneOperOutOthActSessions OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneOperOutOthActSessions
indicates the number of active sessions of all
other protocols."
::= { aluZoneOperEntry 36 }
aluZoneOperLogId OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneConfigLogId
indicates the log-id for security logging."
::= { aluZoneOperEntry 38 }
aluZoneOperAutoBind OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZoneConfigAutoBind specifies whether this zone is being used to enforce policy
on traffic to/from MP-BGP auto-binding and spoke-sdps. This configuration is only permitted on
VPRN zones and can only be enabled when no other interfaces are provisioned inside this zone."
::= { aluZoneOperEntry 39 }
aluZoneOperInFwdAction OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The accumulated number of inbound sessions with forward action."
::= { aluZoneOperEntry 40 }
aluZoneOperOutFwdAction OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The accumulated number of outbound sessions with forward action."
::= { aluZoneOperEntry 41 }
aluZoneOperInNatAction OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The accumulated number of inbound sessions with NAT action."
::= { aluZoneOperEntry 42 }
aluZoneOperOutNatAction OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The accumulated number of outbound sessions with NAT action."
::= { aluZoneOperEntry 43 }
aluZoneOperInDropAction OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The accumulated number of inbound sessions with drop action."
::= { aluZoneOperEntry 44 }
aluZoneOperOutDropAction OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The accumulated number of outbound sessions with drop action."
::= { aluZoneOperEntry 45 }
--
-- Zone Policy Operational Table
--
aluZonePlcyOperTable OBJECT-TYPE
SYNTAX SEQUENCE OF TZonePlcyOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluZonePlcyOperTable describes the active policy of this
zone. This table is a flattened ordered list of rules for this zone based
on the security policies that have been activated."
::= { aluSecurityOperObjs 2 }
aluZonePlcyOperEntry OBJECT-TYPE
SYNTAX TZonePlcyOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular zone entry."
INDEX { aluZoneOperId,
aluZonePlcyOperRuleId }
::= { aluZonePlcyOperTable 1 }
TZonePlcyOperEntry ::= SEQUENCE {
aluZonePlcyOperRuleId Unsigned32,
aluZonePlcyOperEntryId Unsigned32,
aluZonePlcyOperActive TruthValue,
aluZonePlcyOperFlags BITS,
aluZonePlcyOperSecPlcyId Unsigned32,
aluZonePlcyOperSecPlcyRuleId Unsigned32,
aluZonePlcyOperNatPoolId Unsigned32,
aluZonePlcyOperRuleHitCount Counter64,
aluZonePlcyOperRuleActiveSessions Gauge32
}
aluZonePlcyOperRuleId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluZonePlcyOperRuleId
rule id of each operational rule in the Zone.
The rule id is assigned by the system based on the
security policies that have been activated on this zone."
::= { aluZonePlcyOperEntry 1 }
aluZonePlcyOperEntryId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZonePlcyOperEntryId
specifies the zone policy entry this rule is associated with."
::= { aluZonePlcyOperEntry 2 }
aluZonePlcyOperActive OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZonePlcyOperActive
indicates whether this rule is active for rule parsing
in the zone policy."
::= { aluZonePlcyOperEntry 3 }
aluZonePlcyOperFlags OBJECT-TYPE
SYNTAX BITS {
noNatPool (0) -- NAT Pool is not active
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object specifies all the conditions that
affect the active status of this Zone Policy."
::= { aluZonePlcyOperEntry 4 }
aluZonePlcyOperSecPlcyId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZonePlcyOperSecPlcyId specifies the security policy
that this rule was derived from."
::= { aluZonePlcyOperEntry 5 }
aluZonePlcyOperSecPlcyRuleId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZonePlcyOperSecPlcyRuleId specifies the rule from the
security policy specified by aluZonePlcyOperSecPlcyId that defines this
zone policy rule."
::= { aluZonePlcyOperEntry 6 }
aluZonePlcyOperNatPoolId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZonePlcyOperNatPoolId specifies the NAT Pool to be used
for this rule when the action is NAT."
::= { aluZonePlcyOperEntry 7 }
aluZonePlcyOperRuleHitCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZonePlcyOperRuleHitCount specifies the number of times this
rule has been matched."
::= { aluZonePlcyOperEntry 8 }
aluZonePlcyOperRuleActiveSessions OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZonePlcyOperRuleActiveSessions specifies the number of currently
active sessions this rule has outstanding."
::= { aluZonePlcyOperEntry 9 }
--
-- Zone NAT Pool Operational Table
--
aluZoneNatPoolOperTable OBJECT-TYPE
SYNTAX SEQUENCE OF TZoneNatPoolOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluZoneNatPoolOperTable has an entry for each
nat-pool of ip addresses and ports configured on a particular zone."
::= { aluSecurityOperObjs 3 }
aluZoneNatPoolOperEntry OBJECT-TYPE
SYNTAX TZoneNatPoolOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular policy entry."
INDEX { aluZoneOperId, aluZoneNatPoolOperId }
::= { aluZoneNatPoolOperTable 1 }
TZoneNatPoolOperEntry ::= SEQUENCE {
aluZoneNatPoolOperId Unsigned32,
aluZoneNatPoolOperName TNamedItemOrEmpty,
aluZoneNatPoolOperDescription TItemDescription,
aluZoneNatPoolOperType TPoolType,
aluZoneNatPoolOperDirection INTEGER
}
aluZoneNatPoolOperId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluZoneNatPoolOperId
specifies the unique id of the NAT-Pool entries within the zone."
::= { aluZoneNatPoolOperEntry 1 }
aluZoneNatPoolOperName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluZoneNatPoolOperName
specifies the name of the NAT Pool."
::= { aluZoneNatPoolOperEntry 2 }
aluZoneNatPoolOperDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Description of this nat pool."
DEFVAL { ''H }
::= { aluZoneNatPoolOperEntry 3 }
aluZoneNatPoolOperType OBJECT-TYPE
SYNTAX TPoolType
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Specifies type of pool"
::= { aluZoneNatPoolOperEntry 4 }
aluZoneNatPoolOperDirection OBJECT-TYPE
SYNTAX INTEGER {
unknown (0),
zoneInbound (1),
zoneOutbound (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Specifies direction of the pool."
::= { aluZoneNatPoolOperEntry 5 }
--
-- NAT Pool Params Operational Table
--
aluZoneNatPoolParamsOperTable OBJECT-TYPE
SYNTAX SEQUENCE OF TZoneNatPoolParamsOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluZoneNatPoolParamsOperTable has an entry NAT Pool
params entry configured on this system."
::= { aluSecurityOperObjs 4 }
aluZoneNatPoolParamsOperEntry OBJECT-TYPE
SYNTAX TZoneNatPoolParamsOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular NAT Pool params entry."
INDEX { aluZoneOperId, aluZoneNatPoolOperId,
aluZoneNatPoolParamsOperEntryId }
::= { aluZoneNatPoolParamsOperTable 1 }
TZoneNatPoolParamsOperEntry ::= SEQUENCE {
aluZoneNatPoolParamsOperEntryId Unsigned32,
aluZoneNatPoolParamsOperIPAddrValue1 IpAddress,
aluZoneNatPoolParamsOperIPAddrValue2 IpAddress,
aluZoneNatPoolParamsOperIPOperator TIPOperator,
aluZoneNatPoolParamsOperIPInterfaceIndex InterfaceIndexOrZero,
aluZoneNatPoolParamsOperPortOperator TTcpUdpPortOperator,
aluZoneNatPoolParamsOperPortValue1 TTcpUdpPort,
aluZoneNatPoolParamsOperPortValue2 TTcpUdpPort
}
aluZoneNatPoolParamsOperEntryId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of aluZoneNatPoolParamsOperEntryId specifies the
3rd index for the entry."
::= { aluZoneNatPoolParamsOperEntry 1 }
aluZoneNatPoolParamsOperIPAddrValue1 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object
aluZoneNatPoolParamsOperIPAddrValue1 specifies
the starting range of IP address of the NAT pool."
DEFVAL { '00000000'H }
::= { aluZoneNatPoolParamsOperEntry 2 }
aluZoneNatPoolParamsOperIPAddrValue2 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object
aluZoneNatPoolParamsOperIPAddrValue2 specifies
the ending range of IP address of the NAT pool."
DEFVAL { '00000000'H }
::= { aluZoneNatPoolParamsOperEntry 3 }
aluZoneNatPoolParamsOperIPOperator OBJECT-TYPE
SYNTAX TIPOperator
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The operator specifies the manner in which
aluZoneNatPoolParamsOperIPAddrValue1 and
aluZoneNatPoolParamsOperIPAddrValue2
are to be used. The value of these below 2 objects and
aluZoneNatPoolParamsOperIPOperator is used as described in
TIPOperator."
DEFVAL { none }
::= { aluZoneNatPoolParamsOperEntry 4 }
aluZoneNatPoolParamsOperIPInterfaceIndex OBJECT-TYPE
SYNTAX InterfaceIndexOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The aluZoneNatPoolParamsOperIPInterfaceIndex specifies
the index of the interface that the primary-address of that
interface is to be used in the NAT pool.
The interface must exist in the same vRtr that the NAT pool
resides."
DEFVAL { 0 }
::= { aluZoneNatPoolParamsOperEntry 5 }
aluZoneNatPoolParamsOperPortOperator OBJECT-TYPE
SYNTAX TTcpUdpPortOperator
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The operator specifies the manner in which
aluZoneNatPoolParamsOperPortValue1 and
aluZoneNatPoolParamsOperPortValue2
are to be used. The value of these below 2 objects and
aluZoneNatPoolParamsOperPortOperator is used as described in
TTcpUdpPortOperator."
DEFVAL { none }
::= { aluZoneNatPoolParamsOperEntry 6 }
aluZoneNatPoolParamsOperPortValue1 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "TCP/UDP port value1. The value of this object is used as per the
description for aluZoneNatPoolParamsOperPortOperator."
DEFVAL { 0 }
::= { aluZoneNatPoolParamsOperEntry 7 }
aluZoneNatPoolParamsOperPortValue2 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "TCP/UDP port value2. The value of this object is used as per the
description for aluZoneNatPoolParamsOperPortOperator."
DEFVAL { 0 }
::= { aluZoneNatPoolParamsOperEntry 8 }
--
-- Security Policy Operational Table
--
aluSecPlcyOperTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecPlcyOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecPlcyOperTable has an entry for each
policy configured globally on this system."
::= { aluSecurityOperObjs 5 }
aluSecPlcyOperEntry OBJECT-TYPE
SYNTAX TSecPlcyOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a security policy."
INDEX { aluSecPlcyOperId }
::= { aluSecPlcyOperTable 1 }
TSecPlcyOperEntry ::= SEQUENCE {
aluSecPlcyOperId Unsigned32,
aluSecPlcyOperName TNamedItemOrEmpty,
aluSecPlcyOperDescription TItemDescription,
aluSecPlcyOperRuleCount Gauge32,
aluSecPlcyOperZoneRefCount Gauge32
}
aluSecPlcyOperId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluSecPlcyOperId
specifies the unique id in the for the policy in
the system."
::= { aluSecPlcyOperEntry 1 }
aluSecPlcyOperName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Name of the security policy."
::= { aluSecPlcyOperEntry 2 }
aluSecPlcyOperDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Description of this security policy."
::= { aluSecPlcyOperEntry 3 }
aluSecPlcyOperRuleCount OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluSecPlcyOperRuleCount indicates the current number of
rules that are part of the security policy."
::= { aluSecPlcyOperEntry 4 }
aluSecPlcyOperZoneRefCount OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluSecPlcyOperZoneRefCount indicates the number of
zones that are using this security policy."
::= { aluSecPlcyOperEntry 5 }
--
-- Security Policy Params Operational Table
--
aluSecPlcyParamsOperTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecPlcyParamsOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecPlcyParamsOperTable has an entry for each
rule configured in each security policy."
::= { aluSecurityOperObjs 6 }
aluSecPlcyParamsOperEntry OBJECT-TYPE
SYNTAX TSecPlcyParamsOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular rule parameters."
INDEX { aluSecPlcyOperId,
aluSecPlcyParamsOperRuleId }
::= { aluSecPlcyParamsOperTable 1 }
TSecPlcyParamsOperEntry ::= SEQUENCE {
aluSecPlcyParamsOperRuleId Unsigned32,
aluSecPlcyParamsOperDescription TItemDescription,
aluSecPlcyParamsOperMatchSrcIPAddrValue1 IpAddress,
aluSecPlcyParamsOperMatchSrcIPAddrValue2 IpAddress,
aluSecPlcyParamsOperMatchSrcIPOperator TIPOperator,
aluSecPlcyParamsOperMatchSrcIPHostGroup Unsigned32,
aluSecPlcyParamsOperMatchDstIPAddrValue1 IpAddress,
aluSecPlcyParamsOperMatchDstIPAddrValue2 IpAddress,
aluSecPlcyParamsOperMatchDstIPOperator TIPOperator,
aluSecPlcyParamsOperMatchDstIPHostGroup Unsigned32,
aluSecPlcyParamsOperMatchProtocol TIpProtocol,
aluSecPlcyParamsOperMatchSrcPortValue1 TTcpUdpPort,
aluSecPlcyParamsOperMatchSrcPortValue2 TTcpUdpPort,
aluSecPlcyParamsOperMatchSrcPortOp TOperator,
aluSecPlcyParamsOperMatchDstPortValue1 TTcpUdpPort,
aluSecPlcyParamsOperMatchDstPortValue2 TTcpUdpPort,
aluSecPlcyParamsOperMatchDstPortOp TOperator,
aluSecPlcyParamsOperMatchAppGroup Unsigned32,
aluSecPlcyParamsOperMatchIcmpCode INTEGER,
aluSecPlcyParamsOperMatchIcmpType INTEGER,
aluSecPlcyParamsOperMatchIgmpType INTEGER,
aluSecPlcyParamsOperMatchFlowDirection INTEGER,
aluSecPlcyParamsOperProfileId Unsigned32,
aluSecPlcyParamsOperConcurrentFlowLimit Unsigned32,
aluSecPlcyParamsOperCreateRevDirFlow TruthValue,
aluSecPlcyParamsOperAction INTEGER,
aluSecPlcyParamsOperMatchLocal TruthValue,
aluSecPlcyParamsOperActionNatDstIPAddr IpAddress,
aluSecPlcyParamsOperActionNatDstPort TTcpUdpPort,
aluSecPlcyParamsOperLogControl INTEGER,
aluSecPlcyParamsOperLogId TSecurityLogId
}
aluSecPlcyParamsOperRuleId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of aluSecPlcyParamsOperRuleId specifies the
rule index within the Security Policy."
::= { aluSecPlcyParamsOperEntry 1 }
aluSecPlcyParamsOperDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Description of this rule."
::= { aluSecPlcyParamsOperEntry 2 }
aluSecPlcyParamsOperMatchSrcIPAddrValue1 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluSecPlcyParamsOperMatchSrcIPAddrValue1
specifies the source IP address of the packets to be filltered.
When configured and activated, This filter will be
applied to all IP packets whose source-ip must match the Value"
DEFVAL { '00000000'H }
::= { aluSecPlcyParamsOperEntry 3 }
aluSecPlcyParamsOperMatchSrcIPAddrValue2 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluSecPlcyParamsOperMatchSrcIPAddrValue2
specifies the source IP address of the packets to be filltered.
When configured and activated, This filter will be
applied to all IP packets whose source-ip must match the Value"
DEFVAL { '00000000'H }
::= { aluSecPlcyParamsOperEntry 4 }
aluSecPlcyParamsOperMatchSrcIPOperator OBJECT-TYPE
SYNTAX TIPOperator
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The operator specifies the manner in which
aluSecPlcyParamsOperMatchSrcIPAddrValue1 and
aluSecPlcyParamsOperMatchSrcIPAddrValue2
are to be used. The value of these below 2 objects and
aluSecPlcyParamsOperMatchSrcIPOperator is used as described in
TIPOperator."
DEFVAL { none }
::= { aluSecPlcyParamsOperEntry 5 }
aluSecPlcyParamsOperMatchSrcIPHostGroup OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluSecPlcyParamsOperMatchSrcIPHostGroup
specifies the host group name, where the group name is a collection
of IP addresses."
::= { aluSecPlcyParamsOperEntry 6 }
aluSecPlcyParamsOperMatchDstIPAddrValue1 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluSecPlcyParamsOperMatchDstIPAddrValue1
specifies the source IP address of the packets to be filltered.
When configured and activated, This filter will be
applied to all IP packets whose source-ip must match the Value"
DEFVAL { '00000000'H }
::= { aluSecPlcyParamsOperEntry 7 }
aluSecPlcyParamsOperMatchDstIPAddrValue2 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluSecPlcyParamsOperMatchDstIPAddrValue2
specifies the source IP address of the packets to be filltered.
When configured and activated, This filter will be
applied to all IP packets whose source-ip must match the Value"
DEFVAL { '00000000'H }
::= { aluSecPlcyParamsOperEntry 8 }
aluSecPlcyParamsOperMatchDstIPOperator OBJECT-TYPE
SYNTAX TIPOperator
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The operator specifies the manner in which
aluSecPlcyParamsOperMatchDstIPAddrValue1 and
aluSecPlcyParamsOperMatchDstIPAddrValue2
are to be used. The value of these below 2 objects and
aluSecPlcyParamsOperMatchDstIPOperator is used as described in
TIPOperator."
DEFVAL { none }
::= { aluSecPlcyParamsOperEntry 9 }
aluSecPlcyParamsOperMatchDstIPHostGroup OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object
aluSecPlcyParamsOperMatchDstIPHostGroup specifies
the host group name, where the group name is a collection
of IP addresses."
::= { aluSecPlcyParamsOperEntry 10 }
aluSecPlcyParamsOperMatchProtocol OBJECT-TYPE
SYNTAX TIpProtocol
MAX-ACCESS read-only
STATUS current
DESCRIPTION "IP protocol to match. set to -1 to disable matching IP protocol. If
the protocol is changed the protocol specific parameters are reset."
::= { aluSecPlcyParamsOperEntry 11 }
aluSecPlcyParamsOperMatchSrcPortValue1 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "TCP/UDP port value."
::= { aluSecPlcyParamsOperEntry 12 }
aluSecPlcyParamsOperMatchSrcPortValue2 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "TCP/UDP port value."
::= { aluSecPlcyParamsOperEntry 13 }
aluSecPlcyParamsOperMatchSrcPortOp OBJECT-TYPE
SYNTAX TOperator
MAX-ACCESS read-only
STATUS current
DESCRIPTION "TCP/UDP port operator."
::= { aluSecPlcyParamsOperEntry 14 }
aluSecPlcyParamsOperMatchDstPortValue1 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "TCP/UDP port value."
::= { aluSecPlcyParamsOperEntry 15 }
aluSecPlcyParamsOperMatchDstPortValue2 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "TCP/UDP port value."
::= { aluSecPlcyParamsOperEntry 16 }
aluSecPlcyParamsOperMatchDstPortOp OBJECT-TYPE
SYNTAX TOperator
MAX-ACCESS read-only
STATUS current
DESCRIPTION "TCP/UDP port operator."
::= { aluSecPlcyParamsOperEntry 17 }
aluSecPlcyParamsOperMatchAppGroup OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluSecPlcyParamsOperMatchAppGroup
specifies the application group, where the app-group is a
collection of protocol-id/src port/dest port."
::= { aluSecPlcyParamsOperEntry 18 }
aluSecPlcyParamsOperMatchIcmpCode OBJECT-TYPE
SYNTAX INTEGER (-1|0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Icmp code to be matched."
::= { aluSecPlcyParamsOperEntry 19 }
aluSecPlcyParamsOperMatchIcmpType OBJECT-TYPE
SYNTAX INTEGER (-1|0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Icmp type to be matched."
::= { aluSecPlcyParamsOperEntry 20 }
aluSecPlcyParamsOperMatchIgmpType OBJECT-TYPE
SYNTAX INTEGER (-1|0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Type of IGMP to be configured"
::= { aluSecPlcyParamsOperEntry 21 }
aluSecPlcyParamsOperMatchFlowDirection OBJECT-TYPE
SYNTAX INTEGER {
zoneInbound (1),
zoneOutbound (2),
both (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object specifies the direction of the packet flow
for which the rule is matched.
in is equivalent to zone ingress flow,
out is equivalent to zone egress flow,
both is equivalent to both ingress and egress flow"
::= { aluSecPlcyParamsOperEntry 22 }
aluSecPlcyParamsOperProfileId OBJECT-TYPE
SYNTAX Unsigned32 (0..120)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies traffic profile."
::= { aluSecPlcyParamsOperEntry 23 }
aluSecPlcyParamsOperConcurrentFlowLimit OBJECT-TYPE
SYNTAX Unsigned32 (0..10000)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies max number of simultaneous
sessions allowed for this particular rule. Beyond this
limit, new sessions will not be created.
Sessions will be created internally for a packet with
unique 5 tuples (Src IP, Dst IP, Protocol number,
Src Port and Dst Port. 0 means no limit"
::= { aluSecPlcyParamsOperEntry 24 }
aluSecPlcyParamsOperCreateRevDirFlow OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluSecPlcyParamsOperCreateRevDirFlow specifies
whether return direction of the session is created or not"
::= { aluSecPlcyParamsOperEntry 25 }
aluSecPlcyParamsOperAction OBJECT-TYPE
SYNTAX INTEGER {
forward (0),
drop (1),
nat (2),
reject (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object specifies whether the packet needs to be
passed or dropped if it satisfies the rule condition."
::= { aluSecPlcyParamsOperEntry 26 }
aluSecPlcyParamsOperMatchLocal OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluSecPlcyParamsOperMatchLocal specifies
whether to match traffic destined to node"
DEFVAL { false }
::= { aluSecPlcyParamsOperEntry 27 }
aluSecPlcyParamsOperActionNatDstIPAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluSecPlcyParamsOperActionNatDstIPAddr
specifies the Dst IP address of the packet after NAT has been
performed"
DEFVAL { '00000000'H }
::= { aluSecPlcyParamsOperEntry 28 }
aluSecPlcyParamsOperActionNatDstPort OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "NAT Destination TCP/UDP port value."
DEFVAL { 0 }
::= { aluSecPlcyParamsOperEntry 39 }
aluSecPlcyParamsOperLogControl OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Log control for policy."
::= { aluSecPlcyParamsOperEntry 40 }
aluSecPlcyParamsOperLogId OBJECT-TYPE
SYNTAX TSecurityLogId
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Log Destination for policy."
::= { aluSecPlcyParamsOperEntry 41 }
--
-- Security Profile Operational Table
--
aluSecProfileOperTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecProfileOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecProfileOperTable has an entry for each
security profile configured globally on this system."
::= { aluSecurityOperObjs 7 }
aluSecProfileOperEntry OBJECT-TYPE
SYNTAX TSecProfileOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular security profile."
INDEX { aluSecProfileOperId }
::= { aluSecProfileOperTable 1 }
TSecProfileOperEntry ::= SEQUENCE {
aluSecProfileOperId Unsigned32,
aluSecProfileOperName TNamedItemOrEmpty,
aluSecProfileOperDescription TItemDescription,
aluSecProfileOperPlcyRefCount Unsigned32,
aluSecProfileOperTcpSynTimeout Unsigned32,
aluSecProfileOperTcpWaitTimeout Unsigned32,
aluSecProfileOperTcpTransTimeout Unsigned32,
aluSecProfileOperTcpEstTimeout Unsigned32,
aluSecProfileOperUdpTimeout Unsigned32,
aluSecProfileOperUdpInitTimeout Unsigned32,
aluSecProfileOperUdpDnsTimeout Unsigned32,
aluSecProfileOperIcmpTimeout Unsigned32,
aluSecProfileOperOtherTimeout Unsigned32,
aluSecProfileOperAppInspect TruthValue,
aluSecProfileOperInspectTcp TruthValue,
aluSecProfileOperInspectIpOpt TruthValue,
aluSecProfileOperAllowedIpOpt Unsigned32,
aluSecProfileOperAllowPktFrag TruthValue,
aluSecProfileOperAlg TAlgType,
aluSecProfileOperIcmpReqLimit Unsigned32,
aluSecProfileOperIcmpErrLimit TruthValue,
aluSecProfileOperDnsReplyOnly TruthValue,
aluSecProfileOperTcpTmoStrict TruthValue,
aluSecProfileOperUdpTmoStrict TruthValue,
aluSecProfileOperIcmpTmoStrict TruthValue,
aluSecProfileOperDnsTmoStrict TruthValue,
aluSecProfileOperOthTmoStrict TruthValue,
aluSecProfileOperFwdPolicerId TSecurityPolicerId,
aluSecProfileOperRevPolicerId TSecurityPolicerId
}
aluSecProfileOperId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluSecProfileOperId
specifies the unique profile id."
::= { aluSecProfileOperEntry 1 }
aluSecProfileOperName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Name of the security profile."
DEFVAL { ''H }
::= { aluSecProfileOperEntry 2 }
aluSecProfileOperDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Description of this security profile."
DEFVAL { ''H }
::= { aluSecProfileOperEntry 3 }
aluSecProfileOperPlcyRefCount OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies the number of times
this profile is referenced in security policies."
::= { aluSecProfileOperEntry 4 }
aluSecProfileOperTcpSynTimeout OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds a
TCP session can wait for a SYN before being cleaned up."
::= { aluSecProfileOperEntry 5 }
aluSecProfileOperTcpWaitTimeout OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds a
TCP session can remain in time wait before being cleaned up."
::= { aluSecProfileOperEntry 6 }
aluSecProfileOperTcpTransTimeout OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds a
TCP session can remain be transitory before being cleaned up."
::= { aluSecProfileOperEntry 7 }
aluSecProfileOperTcpEstTimeout OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds a
TCP session has to reach established before being cleaned up."
::= { aluSecProfileOperEntry 8 }
aluSecProfileOperUdpTimeout OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds a
UDP session can remain idle before being cleaned up."
::= { aluSecProfileOperEntry 9 }
aluSecProfileOperUdpInitTimeout OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds a
UDP session can remain idle after recieving the first packet
before being cleaned up."
::= { aluSecProfileOperEntry 10 }
aluSecProfileOperUdpDnsTimeout OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds a
DNS request can take to recieve a response
before being cleaned up."
::= { aluSecProfileOperEntry 11 }
aluSecProfileOperIcmpTimeout OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds an
ICMP request can take to recieve a response
before being cleaned up."
::= { aluSecProfileOperEntry 12 }
aluSecProfileOperOtherTimeout OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies the number of seconds other
protocol sessions can remain idle before being cleaned up."
::= { aluSecProfileOperEntry 13 }
aluSecProfileOperAppInspect OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object indicates whether application inspection
should be performed on all active connections with this profile."
DEFVAL { false }
::= { aluSecProfileOperEntry 14 }
aluSecProfileOperInspectTcp OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object indicates whether stict TCP inspection
should be performed on all active TCP connections with this profile."
DEFVAL { false }
::= { aluSecProfileOperEntry 15 }
aluSecProfileOperInspectIpOpt OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object indicates whether IP options inspection
is to be performed. When 'true' the object aluSecProfileOperAllowedIpOpt
is used to specify permitted options."
DEFVAL { false }
::= { aluSecProfileOperEntry 16 }
aluSecProfileOperAllowedIpOpt OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object indicates the bothmask of allowed IP options when IP
option inspection is enabled."
::= { aluSecProfileOperEntry 17 }
aluSecProfileOperAllowPktFrag OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object indicates whether fragmented IP packets are
permitted through connections with this profile."
DEFVAL { true }
::= { aluSecProfileOperEntry 18 }
aluSecProfileOperAlg OBJECT-TYPE
SYNTAX TAlgType
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object indicates the application layer
gateway processing to be performed on this connection."
DEFVAL { auto }
::= { aluSecProfileOperEntry 19 }
aluSecProfileOperIcmpReqLimit OBJECT-TYPE
SYNTAX Unsigned32 (0..254)
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies the number of ICMP packets permitted
to travese the ICMP request session in each direction.
A value of 0 specifies that there is no packet limit.
aluSecProfileConfigAppInspect must be enabled before ICMP inspection
can be enabled."
DEFVAL { 0 }
::= { aluSecProfileOperEntry 20}
aluSecProfileOperIcmpErrLimit OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies the whether to limit the number of ICMP Type 3
packets that are permitted to travese the session in each direction.
aluSecProfileConfigAppInspect must be enabled before ICMP inspection
can be enabled."
DEFVAL { false }
::= { aluSecProfileOperEntry 21}
aluSecProfileOperDnsReplyOnly OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies the whether to limit the number of DNS
packets that are permitted to travese a DNS session in each direction.
aluSecProfileConfigAppInspect must be enabled before DNS inspection
can be enabled."
DEFVAL { false }
::= { aluSecProfileOperEntry 22}
aluSecProfileOperTcpTmoStrict OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies if a TCP Session in the Established
state is strictly enforced to timeout after the Timeout setting regardless of
session activity. When'false' the session will not timeout until the session
has been idle for the timeout period."
::= { aluSecProfileOperEntry 23}
aluSecProfileOperUdpTmoStrict OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies if a UDP Session in the Established
state is strictly enforced to timeout after the Timeout setting regardless of
session activity. When'false' the session will not timeout until the session
has been idle for the timeout period."
::= { aluSecProfileOperEntry 24}
aluSecProfileOperIcmpTmoStrict OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies if a ICMP Request Session
is strictly enforced to timeout after the Timeout setting regardless of
session activity. When'false' the session will not timeout until the session
has been idle for the timeout period."
::= { aluSecProfileOperEntry 25}
aluSecProfileOperDnsTmoStrict OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies if a DNS Request Session
is strictly enforced to timeout after the Timeout setting regardless of
session activity. When'false' the session will not timeout until the session
has been idle for the timeout period."
::= { aluSecProfileOperEntry 26}
aluSecProfileOperOthTmoStrict OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies if a Other protocol session
is strictly enforced to timeout after the Timeout setting regardless of
session activity. When'false' the session will not timeout until the session
has been idle for the timeout period."
DEFVAL { false }
::= { aluSecProfileOperEntry 27}
aluSecProfileOperFwdPolicerId OBJECT-TYPE
SYNTAX TSecurityPolicerId
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies the policer group that the forward direction
of the session should be rate-limited with."
::= { aluSecProfileOperEntry 28}
aluSecProfileOperRevPolicerId OBJECT-TYPE
SYNTAX TSecurityPolicerId
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object specifies the policer group that the reverse direction
of the session should be rate-limited with."
::= { aluSecProfileOperEntry 29}
--
-- Zone Inbound Session Table
--
aluZoneInboundSessionTable OBJECT-TYPE
SYNTAX SEQUENCE OF TZoneInboundSessionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluZoneInboundSessionTable has an entry for each
session establish entering a zone."
::= { aluSecurityOperObjs 8 }
aluZoneInboundSessionEntry OBJECT-TYPE
SYNTAX TZoneInboundSessionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular inbound active session."
INDEX { aluZoneOperId,
aluZoneSessionId }
::= { aluZoneInboundSessionTable 1 }
TZoneInboundSessionEntry ::= SEQUENCE {
aluZoneSessionId Unsigned32,
aluZoneInboundSessionProtocol TIpProtocol,
aluZoneInboundSessionSrcZoneId Unsigned32,
aluZoneInboundSessionSrcIPAddrValue IpAddress,
aluZoneInboundSessionSrcPortValue TTcpUdpPort,
aluZoneInboundSessionDstIPAddrValue IpAddress,
aluZoneInboundSessionDstPortValue TTcpUdpPort,
aluZoneInboundSessionRevDirCreated TruthValue,
aluZoneInboundSessionAction INTEGER,
aluZoneInboundSessionNatSrcIPAddrValue IpAddress,
aluZoneInboundSessionNatSrcPortValue TTcpUdpPort,
aluZoneInboundSessionNatDstIPAddrValue IpAddress,
aluZoneInboundSessionNatDstPortValue TTcpUdpPort,
aluZoneInboundSessionEstablished TimeStamp,
aluZoneInboundSessionAlg INTEGER,
aluZoneInboundSessionInspect TruthValue,
aluZoneInboundSessionFwdPolicerId TSecurityPolicerId,
aluZoneInboundSessionRevPolicerId TSecurityPolicerId,
aluZoneInboundSessionCreator Unsigned32
}
aluZoneSessionId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of aluZoneSessionId specifies the
session index for this active session."
::= { aluZoneInboundSessionEntry 1 }
aluZoneInboundSessionProtocol OBJECT-TYPE
SYNTAX TIpProtocol
MAX-ACCESS read-only
STATUS current
DESCRIPTION "IP protocol of session."
::= { aluZoneInboundSessionEntry 2 }
aluZoneInboundSessionSrcZoneId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZoneInboundSessionSrcZoneId secifies the
source zone that established this session."
::= { aluZoneInboundSessionEntry 3 }
aluZoneInboundSessionSrcIPAddrValue OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZoneInboundSessionSrcIPAddrValue
specifies the source IP address of this flow."
::= { aluZoneInboundSessionEntry 4 }
aluZoneInboundSessionSrcPortValue OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Source TCP/UDP port value."
::= { aluZoneInboundSessionEntry 5 }
aluZoneInboundSessionDstIPAddrValue OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Destination IP address of this flow."
::= { aluZoneInboundSessionEntry 6 }
aluZoneInboundSessionDstPortValue OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Destination TCP/UDP port value."
::= { aluZoneInboundSessionEntry 7 }
aluZoneInboundSessionRevDirCreated OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZoneInboundSessionRevDirCreated indicates
whether return direction of the session was created or not"
::= { aluZoneInboundSessionEntry 8 }
aluZoneInboundSessionAction OBJECT-TYPE
SYNTAX INTEGER {
forward (0),
drop (1),
nat (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object specifies session action."
::= { aluZoneInboundSessionEntry 9 }
aluZoneInboundSessionNatSrcIPAddrValue OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZoneInboundSessionNatSrcIPAddrValue
specifies the source IP address of this flow has after NAT."
::= { aluZoneInboundSessionEntry 10 }
aluZoneInboundSessionNatSrcPortValue OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "NAT Source TCP/UDP port value."
::= { aluZoneInboundSessionEntry 11 }
aluZoneInboundSessionNatDstIPAddrValue OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZoneInboundSessionNatDstIPAddrValue
specifies the destination IP address of this flow has after NAT."
::= { aluZoneInboundSessionEntry 12 }
aluZoneInboundSessionNatDstPortValue OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "NAT Destination TCP/UDP port value."
::= { aluZoneInboundSessionEntry 13 }
aluZoneInboundSessionEstablished OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Time that this session was established."
::= { aluZoneInboundSessionEntry 14 }
aluZoneInboundSessionAlg OBJECT-TYPE
SYNTAX INTEGER {
none (0),
algRule (1),
ftp (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object specifies ALG being performed on session.
algRule - Dynamic Rule for ALG Data Sessions
ftp - FTP Control Session"
::= { aluZoneInboundSessionEntry 15 }
aluZoneInboundSessionInspect OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object specifies if session traffic is sent to central core."
::= { aluZoneInboundSessionEntry 16 }
aluZoneInboundSessionFwdPolicerId OBJECT-TYPE
SYNTAX TSecurityPolicerId
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object specifies policer-group that forward session traffic
is sent to."
::= { aluZoneInboundSessionEntry 17 }
aluZoneInboundSessionRevPolicerId OBJECT-TYPE
SYNTAX TSecurityPolicerId
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object specifies policer-group that reverse session traffic
is sent to."
::= { aluZoneInboundSessionEntry 18 }
aluZoneInboundSessionCreator OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object specifies the session-id that created this session via ALG."
::= { aluZoneInboundSessionEntry 19 }
--
-- Zone Outbound Session Table
--
aluZoneOutboundSessionTable OBJECT-TYPE
SYNTAX SEQUENCE OF TZoneOutboundSessionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluZoneOutboundSessionTable has an entry for each
session establish leaving a zone."
::= { aluSecurityOperObjs 9 }
aluZoneOutboundSessionEntry OBJECT-TYPE
SYNTAX TZoneOutboundSessionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular inbound active session."
INDEX { aluZoneOperId,
aluZoneSessionId }
::= { aluZoneOutboundSessionTable 1 }
TZoneOutboundSessionEntry ::= SEQUENCE {
aluZoneOutboundSessionProtocol TIpProtocol,
aluZoneOutboundSessionSrcIPAddrValue IpAddress,
aluZoneOutboundSessionSrcPortValue TTcpUdpPort,
aluZoneOutboundSessionDstIPAddrValue IpAddress,
aluZoneOutboundSessionDstPortValue TTcpUdpPort,
aluZoneOutboundSessionDstZoneId Unsigned32,
aluZoneOutboundSessionRevDirCreated TruthValue,
aluZoneOutboundSessionAction INTEGER,
aluZoneOutboundSessionNatSrcIPAddrValue IpAddress,
aluZoneOutboundSessionNatSrcPortValue TTcpUdpPort,
aluZoneOutboundSessionNatDstIPAddrValue IpAddress,
aluZoneOutboundSessionNatDstPortValue TTcpUdpPort,
aluZoneOutboundSessionEstablished TimeStamp,
aluZoneOutboundSessionAlg INTEGER,
aluZoneOutboundSessionInspect TruthValue,
aluZoneOutboundSessionFwdPolicerId TSecurityPolicerId,
aluZoneOutboundSessionRevPolicerId TSecurityPolicerId,
aluZoneOutboundSessionCreator Unsigned32
}
aluZoneOutboundSessionProtocol OBJECT-TYPE
SYNTAX TIpProtocol
MAX-ACCESS read-only
STATUS current
DESCRIPTION "IP protocol of session."
::= { aluZoneOutboundSessionEntry 1 }
aluZoneOutboundSessionSrcIPAddrValue OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZoneOutboundSessionSrcIPAddrValue
specifies the source IP address of this flow."
::= { aluZoneOutboundSessionEntry 2 }
aluZoneOutboundSessionSrcPortValue OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Source TCP/UDP port value."
::= { aluZoneOutboundSessionEntry 3 }
aluZoneOutboundSessionDstIPAddrValue OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Destination IP address of this flow."
::= { aluZoneOutboundSessionEntry 4 }
aluZoneOutboundSessionDstPortValue OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Destination TCP/UDP port value."
::= { aluZoneOutboundSessionEntry 5 }
aluZoneOutboundSessionDstZoneId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZoneOutboundSessionDstZoneId specifies the
destination zone for this session."
::= { aluZoneOutboundSessionEntry 6 }
aluZoneOutboundSessionRevDirCreated OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZoneOutboundSessionRevDirCreated indicates
whether return direction of the session was created or not"
::= { aluZoneOutboundSessionEntry 7 }
aluZoneOutboundSessionAction OBJECT-TYPE
SYNTAX INTEGER {
forward (0),
drop (1),
nat (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object specifies session action."
::= { aluZoneOutboundSessionEntry 8 }
aluZoneOutboundSessionNatSrcIPAddrValue OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZoneOutboundSessionNatSrcIPAddrValue
specifies the source IP address of this flow has after NAT."
::= { aluZoneOutboundSessionEntry 9 }
aluZoneOutboundSessionNatSrcPortValue OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "NAT Source TCP/UDP port value."
::= { aluZoneOutboundSessionEntry 10 }
aluZoneOutboundSessionNatDstIPAddrValue OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluZoneOutboundSessionNatDstIPAddrValue
specifies the destination IP address of this flow has after NAT."
::= { aluZoneOutboundSessionEntry 11 }
aluZoneOutboundSessionNatDstPortValue OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "NAT Destination TCP/UDP port value."
::= { aluZoneOutboundSessionEntry 12 }
aluZoneOutboundSessionEstablished OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Time that this session was established."
::= { aluZoneOutboundSessionEntry 13 }
aluZoneOutboundSessionAlg OBJECT-TYPE
SYNTAX INTEGER {
none (0),
algRule (1),
ftp (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object specifies ALG being performed on session.
algRule - Dynamic Rule for ALG Data Sessions
ftp - FTP Control Session"
::= { aluZoneOutboundSessionEntry 14 }
aluZoneOutboundSessionInspect OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object specifies if session traffic is sent to central core."
::= { aluZoneOutboundSessionEntry 15 }
aluZoneOutboundSessionFwdPolicerId OBJECT-TYPE
SYNTAX TSecurityPolicerId
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object specifies policer-group that forward session traffic
is sent to."
::= { aluZoneOutboundSessionEntry 16 }
aluZoneOutboundSessionRevPolicerId OBJECT-TYPE
SYNTAX TSecurityPolicerId
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object specifies policer-group that reverse session traffic
is sent to."
::= { aluZoneOutboundSessionEntry 17 }
aluZoneOutboundSessionCreator OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object specifies the session-id that created this session via ALG."
::= { aluZoneOutboundSessionEntry 18 }
--
-- Security Host Group Operational Table
--
aluSecHostGrpOperTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecHostGrpOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecHostGrpOperTable has an entry for each
security host group configured globally on this system."
::= { aluSecurityOperObjs 10}
aluSecHostGrpOperEntry OBJECT-TYPE
SYNTAX TSecHostGrpOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular security host group."
INDEX { aluSecHostGrpOperId }
::= { aluSecHostGrpOperTable 1 }
TSecHostGrpOperEntry ::= SEQUENCE {
aluSecHostGrpOperId Unsigned32,
aluSecHostGrpOperName TNamedItemOrEmpty,
aluSecHostGrpOperDescription TItemDescription,
aluSecHostGrpOperPlcyRefCount Unsigned32
}
aluSecHostGrpOperId OBJECT-TYPE
SYNTAX Unsigned32 (1..100)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluSecHosTGrpOperId
specifies the unique host group id."
::= { aluSecHostGrpOperEntry 1 }
aluSecHostGrpOperName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Name of the security host group."
DEFVAL { ''H }
::= { aluSecHostGrpOperEntry 2 }
aluSecHostGrpOperDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Description of this security host group."
DEFVAL { ''H }
::= { aluSecHostGrpOperEntry 3 }
aluSecHostGrpOperPlcyRefCount OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Number of policy references."
::= { aluSecHostGrpOperEntry 4 }
--
-- Security Host Table
--
aluSecHostOperTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecHostOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecHostOperTable has an entry for each
rule configured as part of a security host."
::= { aluSecurityOperObjs 11 }
aluSecHostOperEntry OBJECT-TYPE
SYNTAX TSecHostOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular host entry."
INDEX { aluSecHostGrpOperId,
aluSecHostOperIPAddrValue1 }
::= { aluSecHostOperTable 1 }
TSecHostOperEntry ::= SEQUENCE {
aluSecHostOperIPAddrValue1 IpAddress,
aluSecHostOperIPAddrValue2 IpAddress,
aluSecHostOperIPOperator TIPOperator
}
aluSecHostOperIPAddrValue1 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluSecHostOperIPAddrValue1
specifies the IP address of hosts in this group."
::= { aluSecHostOperEntry 1 }
aluSecHostOperIPAddrValue2 OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluSecHostOperIPAddrValue2
specifies the 2nd IP address of a range of hosts."
DEFVAL { '00000000'H }
::= { aluSecHostOperEntry 2 }
aluSecHostOperIPOperator OBJECT-TYPE
SYNTAX TIPOperator
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The operator specifies the manner in which
aluSecHostOperIPAddrValue1 and
aluSecHostOperIPAddrValue2
are to be used. The value of these below 2 objects and
aluSecHostOperIPOperator is used as described in
TIPOperator."
DEFVAL { none }
::= { aluSecHostOperEntry 3 }
--
-- Security Application Group Operation Table
--
aluSecAppGrpOperTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecAppGrpOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecAppGrpOperTable has an entry for each
security application group configured globally on this system."
::= { aluSecurityOperObjs 12 }
aluSecAppGrpOperEntry OBJECT-TYPE
SYNTAX TSecAppGrpOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular security app group."
INDEX { aluSecAppGrpOperId }
::= { aluSecAppGrpOperTable 1 }
TSecAppGrpOperEntry ::= SEQUENCE {
aluSecAppGrpOperId Unsigned32,
aluSecAppGrpOperName TNamedItemOrEmpty,
aluSecAppGrpOperDescription TItemDescription,
aluSecAppGrpOperPlcyRefCount Unsigned32
}
aluSecAppGrpOperId OBJECT-TYPE
SYNTAX Unsigned32 (1..100)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluSecAppGrpOperId
specifies the unique application group id."
::= { aluSecAppGrpOperEntry 1 }
aluSecAppGrpOperName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Name of the security application group."
DEFVAL { ''H }
::= { aluSecAppGrpOperEntry 2 }
aluSecAppGrpOperDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Description of this security application group."
DEFVAL { ''H }
::= { aluSecAppGrpOperEntry 3 }
aluSecAppGrpOperPlcyRefCount OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Number of policy references."
::= { aluSecAppGrpOperEntry 4 }
--
-- Security Application Table
--
aluSecAppOperTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecAppOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecAppOperTable has an entry for each
rule configured as part of a security application."
::= { aluSecurityOperObjs 13 }
aluSecAppOperEntry OBJECT-TYPE
SYNTAX TSecAppOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular host entry."
INDEX { aluSecAppGrpOperId,
aluSecAppOperEntryId }
::= { aluSecAppOperTable 1 }
TSecAppOperEntry ::= SEQUENCE {
aluSecAppOperEntryId Unsigned32,
aluSecAppOperMatchProtocol TIpProtocol,
aluSecAppOperMatchSrcPortValue1 TTcpUdpPort,
aluSecAppOperMatchSrcPortValue2 TTcpUdpPort,
aluSecAppOperMatchSrcPortOp TOperator,
aluSecAppOperMatchDstPortValue1 TTcpUdpPort,
aluSecAppOperMatchDstPortValue2 TTcpUdpPort,
aluSecAppOperMatchDstPortOp TOperator,
aluSecAppOperMatchIcmpCode INTEGER,
aluSecAppOperMatchIcmpType INTEGER
}
aluSecAppOperEntryId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of aluSecAppOperEntryId specifies the
index of the entry within the security app group."
::= { aluSecAppOperEntry 1 }
aluSecAppOperMatchProtocol OBJECT-TYPE
SYNTAX TIpProtocol
MAX-ACCESS read-only
STATUS current
DESCRIPTION "IP protocol to match. set to -1 to disable matching IP protocol. If
the protocol is changed the protocol specific parameters are reset."
DEFVAL { -1 }
::= { aluSecAppOperEntry 2 }
aluSecAppOperMatchSrcPortValue1 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Source TCP/UDP port value."
DEFVAL { 0 }
::= { aluSecAppOperEntry 3 }
aluSecAppOperMatchSrcPortValue2 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Source TCP/UDP port value."
DEFVAL { 0 }
::= { aluSecAppOperEntry 4 }
aluSecAppOperMatchSrcPortOp OBJECT-TYPE
SYNTAX TOperator
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Source TCP/UDP port operator."
DEFVAL { none }
::= { aluSecAppOperEntry 5 }
aluSecAppOperMatchDstPortValue1 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Destination TCP/UDP port value."
DEFVAL { 0 }
::= { aluSecAppOperEntry 6 }
aluSecAppOperMatchDstPortValue2 OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Destination TCP/UDP port value."
DEFVAL { 0 }
::= { aluSecAppOperEntry 7 }
aluSecAppOperMatchDstPortOp OBJECT-TYPE
SYNTAX TOperator
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Destination TCP/UDP port operator."
DEFVAL { none }
::= { aluSecAppOperEntry 8 }
aluSecAppOperMatchIcmpCode OBJECT-TYPE
SYNTAX INTEGER (-1|0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Icmp code to be matched. aluSecAppOperMatchIcmpCode
complements the object aluSecAppOperMatchIcmpType.
Both of them need to be set to actually
enable ICMP matching. The value -1 means Icmp code matching is not
enabled."
DEFVAL { -1 }
::= { aluSecAppOperEntry 9 }
aluSecAppOperMatchIcmpType OBJECT-TYPE
SYNTAX INTEGER (-1|0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Icmp type to be matched. aluSecAppOperMatchIcmpType
complements the object aluSecPlcyParamsOperMatchIcmpCode.
Both of them need to be set to actually
enable ICMP matching. The value -1 means Icmp code matching is not
enabled."
DEFVAL { -1 }
::= { aluSecAppOperEntry 10 }
--
-- Security Policer Group Operational Table
--
aluSecPolicerGrpOperTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecPolicerGrpOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecPolcierGrpOperTable has an entry for each
security policer group configured globally on this system."
::= { aluSecurityOperObjs 14}
aluSecPolicerGrpOperEntry OBJECT-TYPE
SYNTAX TSecPolicerGrpOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a particular security app group."
INDEX { aluSecPolicerGrpOperId }
::= { aluSecPolicerGrpOperTable 1 }
TSecPolicerGrpOperEntry ::= SEQUENCE {
aluSecPolicerGrpOperId Unsigned32,
aluSecPolicerGrpOperName TNamedItemOrEmpty,
aluSecPolicerGrpOperDescription TItemDescription,
aluSecPolicerGrpOperRate Integer32,
aluSecPolicerGrpOperRateCbs Unsigned32,
aluSecPolicerGrpOperPlcyRefCount Unsigned32,
aluSecPolicerGrpOperFwdPktsPassed Counter64,
aluSecPolicerGrpOperFwdBytesPassed Counter64,
aluSecPolicerGrpOperFwdPktsDrop Counter64,
aluSecPolicerGrpOperRevPktsPassed Counter64,
aluSecPolicerGrpOperRevBytesPassed Counter64,
aluSecPolicerGrpOperRevPktsDrop Counter64
}
aluSecPolicerGrpOperId OBJECT-TYPE
SYNTAX Unsigned32 (1..1024)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluSecPolicerGrpOperId
specifies the unique policer group id."
::= { aluSecPolicerGrpOperEntry 1 }
aluSecPolicerGrpOperName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Name of the security policer group."
DEFVAL { ''H }
::= { aluSecPolicerGrpOperEntry 2 }
aluSecPolicerGrpOperDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Description of this security policer group."
DEFVAL { ''H }
::= { aluSecPolicerGrpOperEntry 3 }
aluSecPolicerGrpOperRate OBJECT-TYPE
SYNTAX Integer32 (-1 | 1..100000)
UNITS "mega-bits per second"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The aluSecPolicerGrpOperRate object specifies the maximum ingress
bandwidth (in mega-bits per second) that the policer can receive.
A value of -1 means that no policing will be performed."
DEFVAL { -1 }
::= { aluSecPolicerGrpOperEntry 4 }
aluSecPolicerGrpOperRateCbs OBJECT-TYPE
SYNTAX Unsigned32 (1..130816)
UNITS "bytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"aluSecPolicerGrpOperRateCbs specifies the committed burst size that hard policer can accept while complying
to the ingress rate aluSecPolicerGrpOperRate."
DEFVAL { 130816 }
::= { aluSecPolicerGrpOperEntry 5}
aluSecPolicerGrpOperPlcyRefCount OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Number of policy references."
::= { aluSecPolicerGrpOperEntry 6 }
aluSecPolicerGrpOperFwdPktsPassed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Pkts passed thru policer in session forward direction."
::= { aluSecPolicerGrpOperEntry 7 }
aluSecPolicerGrpOperFwdBytesPassed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Bytes passed thru policer in session forward direction."
::= { aluSecPolicerGrpOperEntry 8 }
aluSecPolicerGrpOperFwdPktsDrop OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Pkts dropped by policer in session forward direction."
::= { aluSecPolicerGrpOperEntry 9 }
aluSecPolicerGrpOperRevPktsPassed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Pkts passed thru policer in session reverse direction."
::= { aluSecPolicerGrpOperEntry 10 }
aluSecPolicerGrpOperRevBytesPassed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Bytes passed thru policer in session reverse direction."
::= { aluSecPolicerGrpOperEntry 11 }
aluSecPolicerGrpOperRevPktsDrop OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Pkts dropped by policer in session reverse direction."
::= { aluSecPolicerGrpOperEntry 12 }
--
-- Security Session Statistics Table
--
aluSecSessionStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecSessionStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecSessionStatsTable has an entry for each
active session."
::= { aluSecurityStatsObjs 1 }
aluSecSessionStatsEntry OBJECT-TYPE
SYNTAX TSecSessionStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents an active session."
INDEX { aluSecSessionId }
::= { aluSecSessionStatsTable 1 }
TSecSessionStatsEntry ::= SEQUENCE {
aluSecSessionId Unsigned32,
aluSecSessionOutboundZoneId Unsigned32,
aluSecSessionInboundZoneId Unsigned32,
aluSecSessionFwdPktsPassed Counter64,
aluSecSessionFwdBytesPassed Counter64,
aluSecSessionRevPktsPassed Counter64,
aluSecSessionRevBytesPassed Counter64,
aluSecSessionFwdDropActionPkts Counter64,
aluSecSessionFwdDropIpOptPkts Counter64,
aluSecSessionRevDropIpOptPkts Counter64,
aluSecSessionFwdDropMaxPkts Counter64,
aluSecSessionRevDropMaxPkts Counter64,
aluSecSessionFwdDropMaxIcmpErr Counter64,
aluSecSessionRevDropMaxIcmpErr Counter64,
aluSecSessionFwdSecurityDrop Counter64,
aluSecSessionRevSecurityDrop Counter64,
aluSecSessionFwdPolicerDrop Counter64,
aluSecSessionRevPolicerDrop Counter64,
aluSecSessionRevDropActionPkts Counter64
}
aluSecSessionId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of aluSecSessionId specifies the
session index for this active session."
::= { aluSecSessionStatsEntry 1 }
aluSecSessionOutboundZoneId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluSecSessionOutboundZoneId specifies the
zone this session is leaving."
::= { aluSecSessionStatsEntry 2 }
aluSecSessionInboundZoneId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluSecSessionInboundZoneId specifies the
zone this session is entering."
::= { aluSecSessionStatsEntry 3 }
aluSecSessionFwdPktsPassed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Pkts passed thru session in forward direction."
::= { aluSecSessionStatsEntry 4 }
aluSecSessionFwdBytesPassed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Bytes passed thru session in forward direction."
::= { aluSecSessionStatsEntry 5 }
aluSecSessionRevPktsPassed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Pkts passed thru session in reverse direction."
::= { aluSecSessionStatsEntry 6 }
aluSecSessionRevBytesPassed OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Bytes passed thru session in reverse direction."
::= { aluSecSessionStatsEntry 7 }
aluSecSessionFwdDropActionPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Packets/Fragments dropped due to session action being drop."
::= { aluSecSessionStatsEntry 8 }
aluSecSessionFwdDropIpOptPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Packets dropped due to containing prohibited IP Options
for this session."
::= { aluSecSessionStatsEntry 9 }
aluSecSessionRevDropIpOptPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Packets dropped due to containing prohibited IP Options
for this session."
::= { aluSecSessionStatsEntry 10 }
aluSecSessionFwdDropMaxPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Packets dropped due to exceeding the maximum number of packets
permitted for this session."
::= { aluSecSessionStatsEntry 11 }
aluSecSessionRevDropMaxPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Packets dropped due to exceeding the maximum number of packets
permitted for this session."
::= { aluSecSessionStatsEntry 12 }
aluSecSessionFwdDropMaxIcmpErr OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "ICMP Error Packets dropped due to exceeding the maximum number of errors
permitted for this session."
::= { aluSecSessionStatsEntry 13 }
aluSecSessionRevDropMaxIcmpErr OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "ICMP Error Packets dropped due to exceeding the maximum number of errors
permitted for this session."
::= { aluSecSessionStatsEntry 14 }
aluSecSessionFwdSecurityDrop OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Packets dropped due to applications insepctions."
::= { aluSecSessionStatsEntry 15 }
aluSecSessionRevSecurityDrop OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Packets dropped due to applications insepctions."
::= { aluSecSessionStatsEntry 16 }
aluSecSessionFwdPolicerDrop OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Packets dropped due to rate exceeded in policer."
::= { aluSecSessionStatsEntry 17 }
aluSecSessionRevPolicerDrop OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Packets dropped due to rate exceeded in policer."
::= { aluSecSessionStatsEntry 18 }
aluSecSessionRevDropActionPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Packets/Fragments dropped due to session action being drop."
::= { aluSecSessionStatsEntry 19 }
--%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
--
-- Security Logging Section
--
-- Log Configuration Table
--
aluSecLogTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecLogEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The alSecLogTable has an entry for each
security log configured on the system."
::= { aluSecurityLogObjs 1 }
aluSecLogEntry OBJECT-TYPE
SYNTAX TSecLogEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a log entry."
INDEX { aluSecLogId }
::= { aluSecLogTable 1 }
TSecLogEntry ::= SEQUENCE {
aluSecLogId TSecurityLogId,
aluSecLogName TNamedItemOrEmpty,
aluSecLogRowStatus RowStatus,
aluSecLogDescription TItemDescription,
aluSecLogEnabled TruthValue,
aluSecLogDestination INTEGER,
aluSecLogMemSize Unsigned32,
aluSecLogMemWrap TruthValue,
aluSecLogSysLogId Unsigned32,
aluSecLogLogProfileId TSecurityLogProfileId,
aluSecLogApplied TruthValue,
aluSecLogNextEventNum Unsigned32
}
aluSecLogId OBJECT-TYPE
SYNTAX TSecurityLogId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluSecLogId specifies
the unique id of the Log. The Id must be
unique within the system."
::= { aluSecLogEntry 1 }
aluSecLogName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecLogName
specifies the name of the Log."
DEFVAL { ''H }
::= { aluSecLogEntry 2 }
aluSecLogRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluSecLogRowStatus specifies the
row status. It allows entries to be created and deleted in the
aluSecLogTable. aluSecLogRowStatus does not support
createAndWait. The status can only be active
or notInService."
::= { aluSecLogEntry 3 }
aluSecLogDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Description of this log."
DEFVAL { ''H }
::= { aluSecLogEntry 4 }
aluSecLogEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecLogEnabled
indicates whether this Log is currently enabled
to log events."
DEFVAL { false }
::= { aluSecLogEntry 5 }
aluSecLogDestination OBJECT-TYPE
SYNTAX INTEGER {
none (0),
memory (1),
syslog (2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecLogDestination
specifies the destination of log."
DEFVAL { none }
::= { aluSecLogEntry 6 }
aluSecLogMemSize OBJECT-TYPE
SYNTAX Unsigned32 (1..1024)
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecLogMemSize
specifies the number of logs that are held in memory.
This value is only applicable when aluSecLogDestinations is
type 'memory'"
DEFVAL { 1024 }
::= { aluSecLogEntry 7 }
aluSecLogMemWrap OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecLogMemWrap
specifies if the log will overwrite the oldest logs once
the log has reached it's maximum size.
This value is only applicable when aluSecLogDestination is
type 'memory'"
DEFVAL { true }
::= { aluSecLogEntry 8 }
aluSecLogSysLogId OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecLogSysLogId
specifies the unigue ID of the SysLog destination for logs
generated to this log id.
This value is only applicable when aluSecLogDestinations is
type 'syslog'"
DEFVAL { 0 }
::= { aluSecLogEntry 9 }
aluSecLogLogProfileId OBJECT-TYPE
SYNTAX TSecurityLogProfileId
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecLogLogProfileId
specifies the unigue ID of the Logging Profile of this
log."
DEFVAL { 1 }
::= { aluSecLogEntry 10 }
aluSecLogApplied OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluSecLogApplied indicates
whether this log is in use."
::= { aluSecLogEntry 11 }
aluSecLogNextEventNum OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluSecLogNextEventNum indicates
the next event number to be used."
::= { aluSecLogEntry 12 }
--
-- Log Profile Configuration Table
--
aluSecLogProfileTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecLogProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The alSecLogProfileTable has an entry for each
each logging profile configured on the system."
::= { aluSecurityLogObjs 2 }
aluSecLogProfileEntry OBJECT-TYPE
SYNTAX TSecLogProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a log profile."
INDEX { aluSecLogProfileId }
::= { aluSecLogProfileTable 1 }
TSecLogProfileEntry ::= SEQUENCE {
aluSecLogProfileId TSecurityLogProfileId,
aluSecLogProfileName TNamedItemOrEmpty,
aluSecLogProfileRowStatus RowStatus,
aluSecLogProfileDescription TItemDescription,
aluSecLogProfileApplied TruthValue
}
aluSecLogProfileId OBJECT-TYPE
SYNTAX TSecurityLogProfileId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluSecLogProfileId
specifies the unigue ID of the Logging Profile of this
log."
::= { aluSecLogProfileEntry 1 }
aluSecLogProfileName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of the object aluSecLogProfileName
specifies the name of the Log Profile."
DEFVAL { ''H }
::= { aluSecLogProfileEntry 2 }
aluSecLogProfileRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The value of aluSecLogProfileRowStatus specifies the
row status. It allows entries to be created and deleted in the
aluSecLogProfileTable. aluSecLogProfileRowStatus does not support
createAndWait. The status can only be active
or notInService."
::= { aluSecLogProfileEntry 3 }
aluSecLogProfileDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Description of this log profile."
DEFVAL { ''H }
::= { aluSecLogProfileEntry 4 }
aluSecLogProfileApplied OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Indicates whether this profile is being used by any logs."
::= { aluSecLogProfileEntry 5 }
--
-- Log Event Configuration Table
--
aluSecLogEventTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecLogEventEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The alSecLogEventTable has an entry for each
each log event configurable with a security log profile
configured on the system."
::= { aluSecurityLogObjs 3 }
aluSecLogEventEntry OBJECT-TYPE
SYNTAX TSecLogEventEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a log event under a profile. All events
are auto-created when a Log Profile is created."
INDEX { aluSecLogProfileId, aluSecLogEventType, aluSecLogEventId }
::= { aluSecLogEventTable 1 }
TSecLogEventEntry ::= SEQUENCE {
aluSecLogEventType INTEGER,
aluSecLogEventId Unsigned32,
aluSecLogEventName TNamedItemOrEmpty,
aluSecLogEventControl INTEGER
}
aluSecLogEventType OBJECT-TYPE
SYNTAX INTEGER {
packet (1),
zone (2),
policy (3),
session (4),
application (5),
alg (6)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluSecLogEventType specifies
the type/category of the event."
::= { aluSecLogEventEntry 1 }
aluSecLogEventId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of the object aluSecLogEventId specifies
the unique id of the event within the Event Type/Category.
An Event-Id of 0 is used to set settings at the Event Type level.
These setting will be applied to all events within the Event Type."
::= { aluSecLogEventEntry 2 }
aluSecLogEventName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of the object aluSecLogEventName
specifies the name of the Log Event. This value is read-only."
::= { aluSecLogEventEntry 3 }
aluSecLogEventControl OBJECT-TYPE
SYNTAX INTEGER {
off (1),
throttled (2),
suppressed (3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION "Suppress/Throttle the generation of an event or event type.
- Each event can individually be suppressed.
- Throttling or disabling event control must be done at the event-type
level by setting aluSecLogEventControl using an Event-Id of '0'.
- Suppression of an entire event-type can also be done by setting
aluSecLogEventControl with an Event-Id og '0'."
::= { aluSecLogEventEntry 4 }
--
-- Security Zone Statistics Table
--
aluSecZoneStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecZoneStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecZoneStatsTable has an entry for each security zone"
::= { aluSecurityStatsObjs 2 }
aluSecZoneStatsEntry OBJECT-TYPE
SYNTAX TSecZoneStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents stats for a security zone."
INDEX { aluSecZoneId }
::= { aluSecZoneStatsTable 1 }
TSecZoneStatsEntry ::= SEQUENCE {
aluSecZoneId Unsigned32,
aluSecZoneRxCtrlQueueFwdPkts Counter64,
aluSecZoneRxCtrlQueueFwdBytes Counter64,
aluSecZoneRxCtrlQueueDroPkts Counter64,
aluSecZoneRxCtrlQueueDroBytes Counter64,
aluSecZoneRxCtrlQueueAutoBind TruthValue
}
aluSecZoneId OBJECT-TYPE
SYNTAX Unsigned32 (1..65534)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of aluSecZoneId specifies the
security zone index for this row entry."
::= { aluSecZoneStatsEntry 1 }
aluSecZoneRxCtrlQueueFwdPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Pkts forwarded from the Receiving Security Control Queue to security engine for further inspection"
::= { aluSecZoneStatsEntry 2 }
aluSecZoneRxCtrlQueueFwdBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Bytes forwarded from the Receiving Security Control Queue to security engine for further inspection"
::= { aluSecZoneStatsEntry 3 }
aluSecZoneRxCtrlQueueDroPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Pkts dropped from the Receiving Security Control Queue"
::= { aluSecZoneStatsEntry 4 }
aluSecZoneRxCtrlQueueDroBytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Bytes dropped from the Receiving Security Control Queue"
::= { aluSecZoneStatsEntry 5 }
aluSecZoneRxCtrlQueueAutoBind OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "All Auto-Bind zones share a single Rx Control Queue. This object indicates
whether this zone row is displaying the aggregates stats for all Auto-Bind Zones"
::= { aluSecZoneStatsEntry 6 }
--
-- Security Engine Statistics Table
--
aluSecEngineStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TSecEngineStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The aluSecEngineStatsTable has an entry for
security engine in the system."
::= { aluSecurityStatsObjs 3 }
aluSecEngineStatsEntry OBJECT-TYPE
SYNTAX TSecEngineStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Each row entry represents a security engine."
INDEX { aluSecEngineId }
::= { aluSecEngineStatsTable 1 }
TSecEngineStatsEntry ::= SEQUENCE {
aluSecEngineId Unsigned32,
aluSecEngineUtilization Unsigned32,
aluSecEngineRxQueueCtrlPkts Counter64,
aluSecEngineRxQueueDataPkts Counter64,
aluSecEngineRxQueueDropPkts Counter64,
aluSecEngineDropPkts Counter64
}
aluSecEngineId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The value of aluSecEngineId specifies the
identifier for security engine."
::= { aluSecEngineStatsEntry 1 }
aluSecEngineUtilization OBJECT-TYPE
SYNTAX Unsigned32
UNITS "percent"
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The value of aluSecEngineUtilization specifies the
percentage of the processing capacity in use over
the last second."
::= { aluSecEngineStatsEntry 2 }
aluSecEngineRxQueueCtrlPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Control Pkts forwarded to Engine from Rx Queue."
::= { aluSecEngineStatsEntry 3 }
aluSecEngineRxQueueDataPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Session Data Pkts forwarded to Engine from Rx Queue."
::= { aluSecEngineStatsEntry 4 }
aluSecEngineRxQueueDropPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Pkts dropped by Engine Rx Queue."
::= { aluSecEngineStatsEntry 5 }
aluSecEngineDropPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Pkts dropped by Engine due to security policy."
::= { aluSecEngineStatsEntry 6 }
--%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
--
-- Notification Definition section
--
-- Notification Objects
--
aluSecNotifyZoneId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Used by Security notifications, the OID indicates the
security zone."
::= { aluSecurityNotifyObjs 1 }
aluSecNotifyZoneRuleId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Used by Security notifications, the OID indicates the
security zone rule."
::= { aluSecurityNotifyObjs 2 }
aluSecNotifyPlcyAction OBJECT-TYPE
SYNTAX INTEGER {
draft (1),
commit (2),
abort (3)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Used by Security notifications, the OID indicates the
action that was performed on the policy."
::= { aluSecurityNotifyObjs 3 }
aluSecNotifyRuleActive OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Used by Security notifications, the OID indicates the
whether or not a rule is active."
::= { aluSecurityNotifyObjs 4 }
aluSecPlcyActionPerformed NOTIFICATION-TYPE
OBJECTS {
aluSecNotifyPlcyAction
}
STATUS current
DESCRIPTION
"Generated when a security policy action is performed."
::= { aluSecurityNotification 1 }
aluSecZonePlcyActionPerformed NOTIFICATION-TYPE
OBJECTS {
aluSecNotifyZoneId,
aluSecNotifyPlcyAction
}
STATUS current
DESCRIPTION
"Generated when a zone security policy action is performed."
::= { aluSecurityNotification 2 }
aluSecSessionWtrMrkModified NOTIFICATION-TYPE
OBJECTS {
aluSecActiveSessionHiWtrMrk,
aluSecActiveSessionLoWtrMrk
}
STATUS current
DESCRIPTION
"Generated when a the concurrent session alarm thresholds are
changed."
::= { aluSecurityNotification 3 }
aluSecSessionHiWtrMrkCrossed NOTIFICATION-TYPE
OBJECTS {
aluSecActiveSessionCount
}
STATUS current
DESCRIPTION
"Generated when the concurrent session count exceeds the
alarm threshold."
::= { aluSecurityNotification 4 }
aluSecSessionLoWtrMrkCrossed NOTIFICATION-TYPE
OBJECTS {
aluSecActiveSessionCount
}
STATUS current
DESCRIPTION
"Generated when the concurrent session count crosses the
threshold to clear the alarm."
::= { aluSecurityNotification 5 }
aluSecSessionsExhausted NOTIFICATION-TYPE
OBJECTS {
aluSecActiveSessionCount
}
STATUS current
DESCRIPTION
"Generated when the concurrent session count reaches the
system limit."
::= { aluSecurityNotification 6 }
aluSecZonePlcyRuleStateChange NOTIFICATION-TYPE
OBJECTS {
aluSecNotifyZoneId,
aluSecNotifyZoneRuleId,
aluSecNotifyRuleActive
}
STATUS current
DESCRIPTION
"Generated when a rule changes state."
::= { aluSecurityNotification 7 }
-- ------------------------------------------------
-- Multi-chassis peer Firewall table
-- ------------------------------------------------
aluMcPeerFwTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcPeerFwTableLastChanged indicates the
sysUpTime at the time of the last modification of an entry in the
aluMcPeerFwTable.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object
contains a zero value."
::= { aluSecMcRedundancyObjs 1 }
aluMcPeerFwTable OBJECT-TYPE
SYNTAX SEQUENCE OF AluMcPeerFWEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The aluMcPeerFwTable has an entry for each multi-chassis peer
end-point configured on this system."
::= { aluSecMcRedundancyObjs 2 }
aluMcPeerFwEntry OBJECT-TYPE
SYNTAX AluMcPeerFWEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents a particular multi-chassis firewall peer.
Entries are create/deleted by the user."
INDEX { tmnxMcPeerIpType, tmnxMcPeerIpAddr }
::= { aluMcPeerFwTable 1}
AluMcPeerFWEntry ::= SEQUENCE
{
aluMcPeerFwRowStatus RowStatus,
aluMcPeerFwLastChanged TimeStamp,
aluMcPeerFwAdminState TmnxAdminState,
aluMcPeerFwSysPriority Unsigned32,
aluMcPeerFwKeepAliveIntvl Unsigned32,
aluMcPeerFwHoldOnNbrFail Unsigned32,
aluMcPeerFwBootTimer Unsigned32,
aluMcPeerFwBfd TmnxEnabledDisabled,
aluMcPeerFwOperState INTEGER,
aluMcPeerFwPeerLastStateChge TimeStamp,
aluMcPeerFwRefCount Unsigned32,
aluMcPeerFwEncryption TmnxEnabledDisabled,
aluMcPeerFwEncryptionAuthAlg AluMcFwAuthAlgorithm,
aluMcPeerFwEncryptionEncrAlg AluMcFwEncrAlgorithm,
aluMcPeerFwEncryptionActOutSa Unsigned32,
aluMcPeerFwEncryptionSpi1 Unsigned32,
aluMcPeerFwEncryptionSpiAuthKey1 OCTET STRING,
aluMcPeerFwEncryptionSpiEncrKey1 OCTET STRING,
aluMcPeerFwEncryptionSpi2 Unsigned32,
aluMcPeerFwEncryptionSpiAuthKey2 OCTET STRING,
aluMcPeerFwEncryptionSpiEncrKey2 OCTET STRING,
aluMcPeerFwElectionRole INTEGER,
aluMcPeerFwPolicySync INTEGER,
aluMcPeerFwSessionDBSync INTEGER
}
aluMcPeerFwRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwRowStatus is used for creation/deletion of
multi-chassis peer end-points."
::= { aluMcPeerFwEntry 1 }
aluMcPeerFwLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcPeerFwLastChanged indicates the sysUpTime
at the time of the last modification of this entry.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains
a zero value."
::= { aluMcPeerFwEntry 2 }
aluMcPeerFwAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwAdminState specifies the administrative state
of this multi-chassis peer end-point."
DEFVAL { outOfService }
::= { aluMcPeerFwEntry 3 }
aluMcPeerFwSysPriority OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwSysPriority specifies the system priority
of this multi-chassis peer end-point."
DEFVAL { 0 }
::= { aluMcPeerFwEntry 4 }
aluMcPeerFwKeepAliveIntvl OBJECT-TYPE
SYNTAX Unsigned32 (5..500)
UNITS "deci-seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwKeepAliveIntvl specifies the interval at which
keep-alive messages are exchanged between two peers participating
in a multi-chassis end-point tunnel (MC-FW).
These keep-alive messages are used to determine remote-node failures."
DEFVAL { 10 }
::= { aluMcPeerFwEntry 5 }
aluMcPeerFwHoldOnNbrFail OBJECT-TYPE
SYNTAX Unsigned32 (2..25)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwHoldOnNbrFail specifies the number of
keep-alive intervals that the local peer will wait for packets from the
multi-chassis end-point peer before assuming failure."
DEFVAL { 3 }
::= { aluMcPeerFwEntry 6 }
aluMcPeerFwBootTimer OBJECT-TYPE
SYNTAX Unsigned32 (1..600)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwBootTimer specifies the time the multi-chassis
end-point protocol keeps trying the establish a connection before
assuming a failure of the remote-peer.
This object is used at the boot-time only."
DEFVAL { 300 }
::= { aluMcPeerFwEntry 7 }
aluMcPeerFwBfd OBJECT-TYPE
SYNTAX TmnxEnabledDisabled
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwBfd specifies whether bi-directional
forwarding detection (BFD) is configured for this multi-chassis
end-point peering tunnel."
DEFVAL { disabled }
::= { aluMcPeerFwEntry 8 }
aluMcPeerFwOperState OBJECT-TYPE
SYNTAX INTEGER {
inService (0),
outOfService (1)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcPeerFwOperState indicates the operational
status of this multi-chassis end-point peer."
::= { aluMcPeerFwEntry 9 }
aluMcPeerFwPeerLastStateChge OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcPeerFwPeerLastStateChge indicates the sysUpTime
at the time of the last operational state change for this
multi-chassis end-point peer.
If no changes were made since the last re-initialization
of the local network management subsystem, then this object contains
a zero value."
::= { aluMcPeerFwEntry 10 }
aluMcPeerFwRefCount OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcPeerFwRefCount indicates how many service end-points
are referencing this multi-chassis firewall peer."
::= { aluMcPeerFwEntry 11 }
aluMcPeerFwEncryption OBJECT-TYPE
SYNTAX TmnxEnabledDisabled
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwEncryption specifies whether encryption
is enabled for this multi-chassis firewall peer."
DEFVAL { disabled }
::= { aluMcPeerFwEntry 12 }
aluMcPeerFwEncryptionAuthAlg OBJECT-TYPE
SYNTAX AluMcFwAuthAlgorithm
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwEncryptionAuthAlg specifies the hashing
algorithm used for the AH (Authentication Header) protocol's
authentication function."
DEFVAL { sha256 }
::= { aluMcPeerFwEntry 13 }
aluMcPeerFwEncryptionEncrAlg OBJECT-TYPE
SYNTAX AluMcFwEncrAlgorithm
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwEncryptionEncrAlg specifies the
encryptiontion algorithm to be used. Encryptiontion only applies
to ESP(Encapsulating Security Payload) configurations."
DEFVAL { aes128 }
::= { aluMcPeerFwEntry 14 }
aluMcPeerFwEncryptionActOutSa OBJECT-TYPE
SYNTAX Unsigned32 (0..1023)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwEncryptionActOutSa specifies the SPI
to be used when performing encryption and authentication
on egressing packets using this MC firewall peer."
DEFVAL { 0 }
::= { aluMcPeerFwEntry 15 }
aluMcPeerFwEncryptionSpi1 OBJECT-TYPE
SYNTAX Unsigned32 (0..1023)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwEncryptionSpi1 specifies the spi of the first security association.
spi 0 means that this security association is invalid"
DEFVAL { 0 }
::= { aluMcPeerFwEntry 16 }
aluMcPeerFwEncryptionSpiAuthKey1 OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwEncryptionSpiAuthKey1 specifies the key used
for the authentication algorithm defined by the
aluMcPeerFwEncryptionAuthAlg.
The length of the key must match the length required by the
authentication algorithm. If a key of another length is set, the
request will fail with an 'inconsistentValue' error.
There is no default value for aluMcPeerFwEncryptionSpiAuthKey1 and
this is a required object when setting aluMcPeerFwEncryptionSpi1 to none zero value.
If aluMcPeerFwEncryptionSpiAuthKey1 is not specified
when aluMcPeerFwEncryptionSpi1 is set to none zero value, the request will fail with an
'inconsistentValue' error.
Any GET request on this object returns an empty string."
::= { aluMcPeerFwEntry 17 }
aluMcPeerFwEncryptionSpiEncrKey1 OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwEncryptionSpiEncrKey1 specifies the key used
for the encryption algorithm defined by the
aluMcPeerFwEncryptionEncrAlg.
The length of the key must match the length required by the
encryption algorithm. If a key of another length is set, the
request will fail with an 'inconsistentValue' error.
There is no default value for aluMcPeerFwEncryptionSpiEncrKey1 and
this is a required object when setting aluMcPeerFwEncryptionSpi1 to none zero value.
If aluMcPeerFwEncryptionSpiEncrKey1 is not specified
when aluMcPeerFwEncryptionSpi1 is set to none zero value, the request will fail with an
'inconsistentValue' error.
Any GET request on this object returns an empty string."
::= { aluMcPeerFwEntry 18 }
aluMcPeerFwEncryptionSpi2 OBJECT-TYPE
SYNTAX Unsigned32 (0..1023)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwEncryptionSpi2 specifies the spi of the second security association.
spi 0 means that this security association is invalid"
DEFVAL { 0 }
::= { aluMcPeerFwEntry 19 }
aluMcPeerFwEncryptionSpiAuthKey2 OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwEncryptionSpiAuthKey2 specifies the key used
for the authentication algorithm defined by the
aluMcPeerFwEncryptionAuthAlg.
The length of the key must match the length required by the
authentication algorithm. If a key of another length is set, the
request will fail with an 'inconsistentValue' error.
There is no default value for aluMcPeerFwEncryptionSpiAuthKey2 and
this is a required object when setting aluMcPeerFwEncryptionSpi2 to none zero value.
If aluMcPeerFwEncryptionSpiAuthKey2 is not specified
when aluMcPeerFwEncryptionSpi2 is set to none zero value, the request will fail with an
'inconsistentValue' error.
Any GET request on this object returns an empty string."
::= { aluMcPeerFwEntry 20 }
aluMcPeerFwEncryptionSpiEncrKey2 OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of aluMcPeerFwEncryptionSpiEncrKey2 specifies the key used
for the encryption algorithm defined by the
aluMcPeerFwEncryptionEncrAlg.
The length of the key must match the length required by the
encryption algorithm. If a key of another length is set, the
request will fail with an 'inconsistentValue' error.
There is no default value for aluMcPeerFwEncryptionSpiEncrKey2 and
this is a required object when setting aluMcPeerFwEncryptionSpi2 to none zero value.
If aluMcPeerFwEncryptionSpiEncrKey2 is not specified
when aluMcPeerFwEncryptionSpi2 is set to none zero value, the request will fail with an
'inconsistentValue' error.
Any GET request on this object returns an empty string."
::= { aluMcPeerFwEntry 21 }
aluMcPeerFwElectionRole OBJECT-TYPE
SYNTAX INTEGER {
not-applicable (0),
master (1),
slave (2),
standalone-master (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcPeerFwElectionRole indicates the role
of this multi-chassis firewall peer."
::= { aluMcPeerFwEntry 22 }
aluMcPeerFwPolicySync OBJECT-TYPE
SYNTAX INTEGER {
not-applicable (0),
synced (1),
out-of-sync (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcPeerFwPolicySync indicates the state of the
Policy Synchronization flag on this multi-chassis firewall peer."
::= { aluMcPeerFwEntry 23 }
aluMcPeerFwSessionDBSync OBJECT-TYPE
SYNTAX INTEGER {
not-applicable (0),
synced (1),
out-of-sync (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcPeerFwSessionDBSync indicates the state of the
Session Database Synchronization flag on this multi-chassis firewall peer."
::= { aluMcPeerFwEntry 24 }
-- ------------------------------------------------
-- aluMcFwPeerStatsTable table
-- ------------------------------------------------
aluMcFwPeerStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF AluMcFwPeerStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The aluMcFwPeerStatsTable has an entry for each multi-chassis peer
configured on this system."
::= { aluSecMcRedStatsObjs 1 }
aluMcFwPeerStatsEntry OBJECT-TYPE
SYNTAX AluMcFwPeerStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents a collection of statistics for a
multi-chassis peer.
Entries cannot be created and deleted via SNMP SET operations."
INDEX { tmnxMcPeerIpType, tmnxMcPeerIpAddr }
::= { aluMcFwPeerStatsTable 1 }
AluMcFwPeerStatsEntry ::= SEQUENCE
{
aluMcFwPeerStatsPktsRx Counter32,
aluMcFwPeerStatsPktsRxKpalive Counter32,
aluMcFwPeerStatsPktsRxPeerCfg Counter32,
aluMcFwPeerStatsPktsRxPeerData Counter32,
aluMcFwPeerStatsDropRxPeerData Counter32,
aluMcFwPeerStatsDropStateDsbld Counter32,
aluMcFwPeerStatsDropPktTooShrt Counter32,
aluMcFwPeerStatsDropTlvInvldSz Counter32,
aluMcFwPeerStatsDropOutOfSeq Counter32,
aluMcFwPeerStatsDropUnknownTlv Counter32,
aluMcFwPeerStatsDropMD5 Counter32,
aluMcFwPeerStatsPktsTx Counter32,
aluMcFwPeerStatsPktsTxKpalive Counter32,
aluMcFwPeerStatsPktsTxPeerCfg Counter32,
aluMcFwPeerStatsPktsTxPeerData Counter32,
aluMcFwPeerStatsPktsTxFailed Counter32,
aluMcFwPeerStatsDropFwNoPeer Counter32
}
aluMcFwPeerStatsPktsRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsPktsRx indicates how many valid MC-Firewall
control packets were received on this system from the peer."
::= { aluMcFwPeerStatsEntry 1 }
aluMcFwPeerStatsPktsRxKpalive OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsPktsRxKpalive indicates how many valid
MC-Firewall control packets of type keepalive were received on this
system from the peer."
::= { aluMcFwPeerStatsEntry 2 }
aluMcFwPeerStatsPktsRxPeerCfg OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsPktsRxPeerCfg indicates how many valid
MC-Firewall control packets of type peer config were received on this
system from the peer."
::= { aluMcFwPeerStatsEntry 3}
aluMcFwPeerStatsPktsRxPeerData OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsPktsRxPeerData indicates how many valid
MC-Firewall control packets of type peer data were received on this
system from the peer."
::= { aluMcFwPeerStatsEntry 4 }
aluMcFwPeerStatsDropRxPeerData OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsDropRxPeerData indicates indicates how many MC-Firewall
control packets of type peer data were dropped on this system from the peer."
::= { aluMcFwPeerStatsEntry 5 }
aluMcFwPeerStatsDropStateDsbld OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsDropStateDsbld indicates how many
MC-Firewall control packets were dropped on this system from the peer
because the peer was administratively disabled."
::= { aluMcFwPeerStatsEntry 6 }
aluMcFwPeerStatsDropPktTooShrt OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsDropPktTooShrt indicates how many
MC-Firewall control packets were dropped on this system from the peer
because the packet was too short."
::= { aluMcFwPeerStatsEntry 7 }
aluMcFwPeerStatsDropTlvInvldSz OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsDropTlvInvldSz indicates how many
MC-Firewall control packets were dropped on this system from the peer
because the packet size was invalid."
::= { aluMcFwPeerStatsEntry 8 }
aluMcFwPeerStatsDropOutOfSeq OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsDropOutOfSeq indicates how many
MC-Firewall control packets were dropped on this system from the peer
because the packet was out of sequence."
::= { aluMcFwPeerStatsEntry 9 }
aluMcFwPeerStatsDropUnknownTlv OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsDropUnknownTlv indicates how many
MC-Firewall control packets were dropped on this system from the peer
because the packet contained an unknown TLV."
::= { aluMcFwPeerStatsEntry 10 }
aluMcFwPeerStatsDropMD5 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsDropMD5 indicates how many
MC-Firewall control packets were dropped on this system from the peer
because the packet failed MD5 authentication."
::= { aluMcFwPeerStatsEntry 11 }
aluMcFwPeerStatsPktsTx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsPktsTx indicates how many
MC-Firewall control packets were transmitted from this system to the peer."
::= { aluMcFwPeerStatsEntry 12 }
aluMcFwPeerStatsPktsTxKpalive OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsPktsTxKpalive indicates how many
MC-Firewall control packets of type keepalive were transmitted from
this system to the peer."
::= { aluMcFwPeerStatsEntry 13 }
aluMcFwPeerStatsPktsTxPeerCfg OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsPktsTxPeerCfg indicates how many
MC-Firewall control packets of type peer config were transmitted from
this system to the peer."
::= { aluMcFwPeerStatsEntry 14 }
aluMcFwPeerStatsPktsTxPeerData OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsPktsTxPeerData indicates how many
MC-Firewall control packets of type peer data were transmitted from
this system to the peer."
::= { aluMcFwPeerStatsEntry 15 }
aluMcFwPeerStatsPktsTxFailed OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsPktsTxFailed indicates how many
MC-Firewall control packets failed to be transmitted from
this system to the peer."
::= { aluMcFwPeerStatsEntry 16 }
aluMcFwPeerStatsDropFwNoPeer OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwPeerStatsDropFwNoPeer indicates how many
pkts were dropped because MC-Firewall does not have a MC-peer
assigned yet or MC-Firewall is attached to a different peer."
::= { aluMcFwPeerStatsEntry 17 }
-- ------------------------------------------------
-- aluMcFwGlobalStats
-- ------------------------------------------------
aluMcFwGlobalStats OBJECT IDENTIFIER ::= { aluSecMcRedStatsObjs 2}
aluMcFwStatsPktsRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsPktsRx indicates how many MC-FW control
packets with valid authentication were received on this system."
::= { aluMcFwGlobalStats 1 }
aluMcFwStatsPktsRxKeepalive OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsPktsRxKeepalive indicates how many valid
MC-FW control packets of type keepalive were received on this
system."
::= { aluMcFwGlobalStats 2 }
aluMcFwStatsPktsRxPeerConfig OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsPktsRxPeerConfig indicates how many valid
MC-FW control packets indicating the peer configuration were
received on this system."
::= { aluMcFwGlobalStats 3 }
aluMcFwStatsPktsRxPeerData OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsPktsRxPeerData indicates how many valid
MC-FW control packets indicating the peer data were
received on this system."
::= { aluMcFwGlobalStats 4 }
aluMcFwStatsDropRxPeerData OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsDropRxPeerData indicates indicates how many MC-Firewall
control packets of type peer data were dropped on this system from the peer."
::= { aluMcFwGlobalStats 5 }
aluMcFwStatsDropPktKpaliveTask OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsDropPktKpaliveTask indicates how many
MC-FW control packets were dropped on this system because of invalid
size, authentication or unknown peer."
::= { aluMcFwGlobalStats 6 }
aluMcFwStatsDropPktTooShort OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsDropPktTooShort indicates how many
MC-FW control packets were dropped on this system because the packet
was too small."
::= { aluMcFwGlobalStats 7 }
aluMcFwStatsDropPktVerifyFailed OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsDropPktVerifyFailed indicates how many
MC-FW control packets were dropped on this system because of invalid
formatting."
::= { aluMcFwGlobalStats 8 }
aluMcFwStatsDropTlvInvalidSize OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsDropTlvInvalidSize indicates how many
MC-FW control packets were dropped on this system because of invalid
size."
::= { aluMcFwGlobalStats 9 }
aluMcFwStatsDropOutOfSeq OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsDropOutOfSeq indicates how many
MC-FW control packets were dropped on this system because they were
out of sequence."
::= { aluMcFwGlobalStats 10 }
aluMcFwStatsDropUnknownTlv OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsDropUnknownTlv indicates how many
MC-FW control packets were dropped on this system because they
contained an unknown TLV."
::= { aluMcFwGlobalStats 11 }
aluMcFwStatsDropMD5 OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsDropMD5 indicates how many
MC-FW control packets were dropped on this system because they
failed MD5 authentication."
::= { aluMcFwGlobalStats 12 }
aluMcFwStatsDropUnknownPeer OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsDropUnknownPeer indicates how many
MC-FW control packets were dropped on this system because they
are coming from an unknown peer."
::= { aluMcFwGlobalStats 13 }
aluMcFwStatsPktsTx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsPktsTx indicates how many
MC-FW control packets were transmitted from this system."
::= { aluMcFwGlobalStats 14 }
aluMcFwStatsPktsTxKeepalive OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsPktsTxKeepalive indicates how many
MC-FW control packets were transmitted from this system of type
keepalive."
::= { aluMcFwGlobalStats 15 }
aluMcFwStatsPktsTxPeerConfig OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsPktsTxPeerConfig indicates how many
MC-FW control packets were transmitted from this system of type
peer config."
::= { aluMcFwGlobalStats 16 }
aluMcFwStatsPktsTxPeerData OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsPktsTxPeerData indicates how many
MC-FW control packets were transmitted from this system of type peer data."
::= { aluMcFwGlobalStats 17 }
aluMcFwStatsPktsTxFailed OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsPktsTxFailed indicates how many
MC-FW control packets failed to be transmitted."
::= { aluMcFwGlobalStats 18 }
aluMcFwStatsDropFwNoPeer OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of aluMcFwStatsDropFwNoPeer indicates how many
MC-FW control packets were dropped on this system because no peer
was assigned or peer did not match."
::= { aluMcFwGlobalStats 19 }
aluMcPeerFwBfdSessionOpenStatus OBJECT-TYPE
SYNTAX INTEGER {
ok (0),
invalidSrcAddr (1), -- bad src address. eg. non-ipV4, all 0
nonSysLoopbackIf (2), -- bfd interface is neither system nor loopback.
-- only central bfd is to be used
clientUseSessionFail (3), -- attempt to use bfd session failed.
-- eg. bfd is not enabled on the interface
clientAppUseIfFail (4) -- concerning bfd resources
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION "The value of aluMcPeerFwBfdSessionOpenStatus indicates the
status of multi-chassis firewall's attempt to open BFD
session to the multi-chassis firewall peer."
::= { aluSecMcRedNotifObjs 1 }
aluMcPeerFwBfdSessionOpen NOTIFICATION-TYPE
OBJECTS {
tmnxMcPeerSrcIpAddr,
aluMcPeerFwBfdSessionOpenStatus
}
STATUS current
DESCRIPTION "The aluMcPeerFwBfdSessionOpen notification is generated
when the multi-chassis firewall is attempting to open BFD
session to the multi-chassis firewall peer."
::= { aluSecurityNotification 8 }
aluMcPeerFwBfdSessionClose NOTIFICATION-TYPE
OBJECTS {
tmnxMcPeerSrcIpAddr
}
STATUS current
DESCRIPTION "The aluMcPeerFwBfdSessionClose notification is generated
when the multi-chassis firewall is closing BFD session to the
multi-chassis firewall peer."
::= { aluSecurityNotification 9 }
aluMcPeerFwBfdSessionUp NOTIFICATION-TYPE
OBJECTS {
tmnxMcPeerSrcIpAddr
}
STATUS current
DESCRIPTION "The aluMcPeerFwBfdSessionUp notification is generated
when operational state of the BFD session between the
multi-chassis firewall and its peer is changed to 'up'."
::= { aluSecurityNotification 10 }
aluMcPeerFwBfdSessionDown NOTIFICATION-TYPE
OBJECTS {
tmnxMcPeerSrcIpAddr
}
STATUS current
DESCRIPTION "The aluMcPeerFwBfdSessionDown notification is generated
when operational state of the BFD session between the
multi-chassis firewall and its peer is changed to 'down'."
::= { aluSecurityNotification 11 }
aluMcPeerFwOperDown NOTIFICATION-TYPE
OBJECTS {
tmnxMcPeerSrcIpAddr
}
STATUS current
DESCRIPTION "The aluMcPeerFwOperDown notification is generated
when the multi-chassis firewall detects time-out communicating
with the multi-chassis firewall peer."
::= { aluSecurityNotification 12 }
aluMcPeerFwOperUp NOTIFICATION-TYPE
OBJECTS {
tmnxMcPeerSrcIpAddr
}
STATUS current
DESCRIPTION "The aluMcPeerFwOperUp notification is generated
when the multi-chassis firewall clears time-out condition in
communicating with the multi-chassis firewall peer."
::= { aluSecurityNotification 13 }
aluMcPeerFwElectionMaster NOTIFICATION-TYPE
OBJECTS {
tmnxMcPeerSrcIpAddr
}
STATUS current
DESCRIPTION "The aluMcPeerFwElectionMaster notification is generated
when the multi-chassis firewall node is elected as a Master."
::= { aluSecurityNotification 14 }
aluMcPeerFwElectionSlave NOTIFICATION-TYPE
OBJECTS {
tmnxMcPeerSrcIpAddr
}
STATUS current
DESCRIPTION "The aluMcPeerFwElectionMaster notification is generated
when the multi-chassis firewall node is elected as a Slave."
::= { aluSecurityNotification 15 }
aluMcPeerFwMasterPolicySyncClr NOTIFICATION-TYPE
OBJECTS {
tmnxMcPeerSrcIpAddr
}
STATUS current
DESCRIPTION "The aluMcPeerFwMasterPolicySyncClr notification is generated on a multi-chassis firewall Master node
before initiating policy synchronization with its peer."
::= { aluSecurityNotification 16 }
aluMcPeerFwMasterPolicySyncSet NOTIFICATION-TYPE
OBJECTS {
tmnxMcPeerSrcIpAddr
}
STATUS current
DESCRIPTION "The aluMcPeerFwMasterPolicySyncSet notification is generated on a multi-chassis firewall Master node
after completing policy synchronization with its Slave peer."
::= { aluSecurityNotification 17 }
aluMcPeerFwSlavePolicySyncClr NOTIFICATION-TYPE
OBJECTS {
tmnxMcPeerSrcIpAddr
}
STATUS current
DESCRIPTION "The aluMcPeerFwSlavePolicySyncClr notification is generated on a multi-chassis firewall Slave node
before initiating policy synchronization with its peer."
::= { aluSecurityNotification 18 }
aluMcPeerFwSlavePolicySyncSet NOTIFICATION-TYPE
OBJECTS {
tmnxMcPeerSrcIpAddr
}
STATUS current
DESCRIPTION "The aluMcPeerFwSlavePolicySyncSet notification is generated on a multi-chassis firewall Slave node
after completing policy synchronization with its Master peer."
::= { aluSecurityNotification 19 }
aluMcPeerFwSessionDbSyncClr NOTIFICATION-TYPE
OBJECTS {
tmnxMcPeerSrcIpAddr
}
STATUS current
DESCRIPTION "The aluMcPeerFwSessionDbSyncClr notification is generated on a multi-chassis firewall node
before initiating Session Database synchronization with its peer."
::= { aluSecurityNotification 20 }
aluMcPeerFwSessionDbSyncSet NOTIFICATION-TYPE
OBJECTS {
tmnxMcPeerSrcIpAddr
}
STATUS current
DESCRIPTION "The aluMcPeerFwSessionDbSyncSet notification is generated on a multi-chassis firewall node
after completing Session Database synchronization with its peer."
::= { aluSecurityNotification 21 }
--%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
--
-- The compliance specifications.
--
--
-- Conformance Information
--
aluSecurityAdminCompliances OBJECT IDENTIFIER ::= { aluSecurityAdminConformance 1 }
aluSecurityAdminGroups OBJECT IDENTIFIER ::= { aluSecurityAdminConformance 2 }
aluSecurityLogGroups OBJECT IDENTIFIER ::= { aluSecurityAdminConformance 3 }
aluSecurityMcGroups OBJECT IDENTIFIER ::= { aluSecurityAdminConformance 4 }
aluSecurityOperCompliances OBJECT IDENTIFIER ::= { aluSecurityOperConformance 1 }
aluSecurityOperGroups OBJECT IDENTIFIER ::= { aluSecurityOperConformance 2 }
aluSecurityNotifyGroups OBJECT IDENTIFIER ::= { aluSecurityOperConformance 3 }
-- compliance statements
aluSecurity7705V6v1Compliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for management of security features
on Nokia 7705 SAR series systems release R6.1."
MODULE -- this module
MANDATORY-GROUPS {
aluSecPlcyAdminGroup,
aluZonePlcyConfigGroup,
aluSecPlcyConfigGroup,
aluZoneOperGroup,
aluSecPlcyOperGroup,
aluSecStatsGroup,
aluSecStatsV7v0Group,
aluSecNotificationGroup
}
::= { aluSecurityAdminCompliances 1 }
-- units of conformance
aluSecPlcyAdminGroup OBJECT-GROUP
OBJECTS {
aluSecPlcyAdminControlApply,
aluSecPlcyBypass,
aluSecPlcyLastCommit,
aluSecPlcyCount,
aluSecPlcyProfileCount,
aluSecPlcyZoneCount,
aluSecActiveSessionCount,
aluSecActiveSessionLimit,
aluSecActiveSessionHiWtrMrk,
aluSecActiveSessionLoWtrMrk,
aluSecPlcyState,
aluSecSessionResourceState
}
STATUS current
DESCRIPTION
"The group of objects to manage the Security Policy Administration
on Nokia 7705 SAR series systems."
::= { aluSecurityAdminGroups 1 }
aluZonePlcyConfigGroup OBJECT-GROUP
OBJECTS {
aluZoneConfigName,
aluZoneConfigRowStatus,
aluZoneConfigDescription,
aluZoneConfigControlApply,
aluZoneConfigType,
aluZoneConfigSvcId,
aluZoneConfigState,
aluZoneConfigBypass,
aluZonePlcyConfigRowStatus,
aluZonePlcyConfigSecPlcyId
}
STATUS current
DESCRIPTION
"The group of objects to manage the Security Zones
on Nokia 7705 SAR series systems."
::= { aluSecurityAdminGroups 2 }
aluSecPlcyConfigGroup OBJECT-GROUP
OBJECTS {
aluSecPlcyConfigRowStatus,
aluSecPlcyConfigName,
aluSecPlcyConfigDescription,
aluSecPlcyParamsConfigRowStatus,
aluSecPlcyParamsConfigDescription,
aluSecPlcyParamsConfigMatchSrcIPAddrValue1,
aluSecPlcyParamsConfigMatchSrcIPAddrValue2,
aluSecPlcyParamsConfigMatchSrcIPOperator,
aluSecPlcyParamsConfigMatchSrcIPHostGroup,
aluSecPlcyParamsConfigMatchDstIPAddrValue1,
aluSecPlcyParamsConfigMatchDstIPAddrValue2,
aluSecPlcyParamsConfigMatchDstIPOperator,
aluSecPlcyParamsConfigMatchDstIPHostGroup,
aluSecPlcyParamsConfigMatchProtocol,
aluSecPlcyParamsConfigMatchSrcPortValue1,
aluSecPlcyParamsConfigMatchSrcPortValue2,
aluSecPlcyParamsConfigMatchSrcPortOp,
aluSecPlcyParamsConfigMatchDstPortValue1,
aluSecPlcyParamsConfigMatchDstPortValue2,
aluSecPlcyParamsConfigMatchDstPortOp,
aluSecPlcyParamsConfigMatchAppGroup,
aluSecPlcyParamsConfigMatchIcmpCode,
aluSecPlcyParamsConfigMatchIcmpType,
aluSecPlcyParamsConfigMatchIgmpType,
aluSecPlcyParamsConfigMatchFlowDirection,
aluSecPlcyParamsConfigProfileId,
aluSecPlcyParamsConfigConcurrentFlowLimit,
aluSecPlcyParamsConfigCreateRevDirFlow,
aluSecPlcyParamsConfigAction,
aluZoneNatPoolConfigName,
aluZoneNatPoolConfigRowStatus,
aluZoneNatPoolConfigDescription,
aluZoneNatPoolConfigType,
aluZoneNatPoolConfigDirection,
aluZoneNatPoolParamsConfigRowStatus,
aluZoneNatPoolParamsConfigIPAddrValue1,
aluZoneNatPoolParamsConfigIPAddrValue2,
aluZoneNatPoolParamsConfigIPOperator,
aluZoneNatPoolParamsConfigIPInterfaceIndex,
aluZoneNatPoolParamsConfigPortOperator,
aluZoneNatPoolParamsConfigPortValue1,
aluZoneNatPoolParamsConfigPortValue2,
aluSecProfileConfigRowStatus,
aluSecProfileConfigName,
aluSecProfileConfigDescription,
aluSecProfileConfigTcpSynTimeout,
aluSecProfileConfigTcpWaitTimeout,
aluSecProfileConfigTcpTransTimeout,
aluSecProfileConfigTcpEstTimeout,
aluSecProfileConfigUdpTimeout,
aluSecProfileConfigUdpInitTimeout,
aluSecProfileConfigUdpDnsTimeout,
aluSecProfileConfigIcmpTimeout,
aluSecProfileConfigOtherTimeout
}
STATUS current
DESCRIPTION
"The group of objects to manage the Security Policies
on Nokia 7705 SAR series systems."
::= { aluSecurityAdminGroups 3 }
aluSecPlcyDstNatGroup OBJECT-GROUP
OBJECTS {
aluSecPlcyParamsConfigMatchLocal,
aluSecPlcyParamsConfigActionNatDstIPAddr,
aluSecPlcyParamsConfigActionNatDstPort,
aluSecPlcyParamsOperMatchLocal,
aluSecPlcyParamsOperActionNatDstIPAddr,
aluSecPlcyParamsOperActionNatDstPort,
aluZoneInboundSessionNatDstIPAddrValue,
aluZoneInboundSessionNatDstPortValue,
aluZoneOutboundSessionNatDstIPAddrValue,
aluZoneOutboundSessionNatDstPortValue
}
STATUS current
DESCRIPTION
"The group of objects to manage the Security Policies
Dst NAT on Nokia 7705 SAR series systems."
::= { aluSecurityAdminGroups 4 }
aluSecFirewallAdminGroup OBJECT-GROUP
OBJECTS {
aluSecProfileConfigAppInspect,
aluSecProfileConfigInspectTcp,
aluSecProfileConfigInspectIpOpt,
aluSecProfileConfigAllowedIpOpt,
aluSecProfileConfigAllowPktFrag,
aluSecProfileConfigAlg,
aluSecProfileConfigIcmpReqLimit,
aluSecProfileConfigIcmpErrLimit,
aluSecProfileConfigDnsReplyOnly,
aluSecProfileConfigTcpTmoStrict,
aluSecProfileConfigUdpTmoStrict,
aluSecProfileConfigIcmpTmoStrict,
aluSecProfileConfigDnsTmoStrict,
aluSecProfileConfigOthTmoStrict,
aluSecProfileConfigFwdPolicerId,
aluSecProfileConfigRevPolicerId,
aluZoneConfigInTcpSessLimit,
aluZoneConfigInUdpSessLimit,
aluZoneConfigInIcmpSessLimit,
aluZoneConfigInOthSessLimit,
aluZoneConfigOutTcpSessLimit,
aluZoneConfigOutUdpSessLimit,
aluZoneConfigOutIcmpSessLimit,
aluZoneConfigOutOthSessLimit,
aluZoneConfigLogId,
aluZoneConfigAutoBind
}
STATUS current
DESCRIPTION
"The group of objects to provision firewall
on Nokia 7705 SAR series systems."
::= { aluSecurityAdminGroups 5 }
aluSecGroupConfigGroup OBJECT-GROUP
OBJECTS {
aluSecHostGrpConfigRowStatus,
aluSecHostGrpConfigName,
aluSecHostGrpConfigDescription,
aluSecHostConfigRowStatus,
aluSecHostConfigIPAddrValue2,
aluSecHostConfigIPOperator,
aluSecAppGrpConfigRowStatus,
aluSecAppGrpConfigName,
aluSecAppGrpConfigDescription,
aluSecAppConfigRowStatus,
aluSecAppConfigMatchProtocol,
aluSecAppConfigMatchSrcPortValue1,
aluSecAppConfigMatchSrcPortValue2,
aluSecAppConfigMatchSrcPortOp,
aluSecAppConfigMatchDstPortValue1,
aluSecAppConfigMatchDstPortValue2,
aluSecAppConfigMatchDstPortOp,
aluSecAppConfigMatchIcmpCode,
aluSecAppConfigMatchIcmpType,
aluSecPolicerGrpConfigRowStatus,
aluSecPolicerGrpConfigName,
aluSecPolicerGrpConfigDescription,
aluSecPolicerGrpConfigRate,
aluSecPolicerGrpConfigRateCbs
}
STATUS current
DESCRIPTION
"The group of objects to manage the Security Groups
on Nokia 7705 SAR series systems."
::= { aluSecurityAdminGroups 6 }
aluZoneOperGroup OBJECT-GROUP
OBJECTS {
aluZoneOperName,
aluZoneOperDescription,
aluZoneOperPlcyRuleCount,
aluZoneOperType,
aluZoneOperSvcId,
aluZoneOperBypass,
aluZoneOperInSessionCount,
aluZoneOperInActiveSessions,
aluZoneOperOutSessionCount,
aluZoneOperOutActiveSessions,
aluZoneOperInPktsDropped,
aluZoneOperInBytesDropped,
aluZoneOperOutPktsDropped,
aluZoneOperOutBytesDropped,
aluZoneOperInPktsDefAction,
aluZoneOperInBytesDefAction,
aluZoneOperOutPktsDefAction,
aluZoneOperOutBytesDefAction,
aluZoneOperPlcyLastCommit,
aluZonePlcyOperEntryId,
aluZonePlcyOperActive,
aluZonePlcyOperFlags,
aluZonePlcyOperSecPlcyId,
aluZonePlcyOperSecPlcyRuleId,
aluZonePlcyOperNatPoolId,
aluZonePlcyOperRuleHitCount,
aluZonePlcyOperRuleActiveSessions,
aluZoneInboundSessionProtocol,
aluZoneInboundSessionSrcZoneId,
aluZoneInboundSessionSrcIPAddrValue,
aluZoneInboundSessionSrcPortValue,
aluZoneInboundSessionDstIPAddrValue,
aluZoneInboundSessionDstPortValue,
aluZoneInboundSessionRevDirCreated,
aluZoneInboundSessionAction,
aluZoneInboundSessionNatSrcIPAddrValue,
aluZoneInboundSessionNatSrcPortValue,
aluZoneInboundSessionEstablished,
aluZoneOutboundSessionProtocol,
aluZoneOutboundSessionDstZoneId,
aluZoneOutboundSessionSrcIPAddrValue,
aluZoneOutboundSessionSrcPortValue,
aluZoneOutboundSessionDstIPAddrValue,
aluZoneOutboundSessionDstPortValue,
aluZoneOutboundSessionRevDirCreated,
aluZoneOutboundSessionAction,
aluZoneOutboundSessionNatSrcIPAddrValue,
aluZoneOutboundSessionNatSrcPortValue,
aluZoneOutboundSessionEstablished,
aluSecProfileOperName,
aluSecProfileOperDescription,
aluSecProfileOperPlcyRefCount,
aluSecProfileOperTcpSynTimeout,
aluSecProfileOperTcpWaitTimeout,
aluSecProfileOperTcpTransTimeout,
aluSecProfileOperTcpEstTimeout,
aluSecProfileOperUdpTimeout,
aluSecProfileOperUdpInitTimeout,
aluSecProfileOperUdpDnsTimeout,
aluSecProfileOperIcmpTimeout,
aluSecProfileOperOtherTimeout
}
STATUS obsolete
DESCRIPTION
"The group of objects to manage the Security Zone Groups
on Nokia 7705 SAR series systems."
::= { aluSecurityOperGroups 1 }
aluSecPlcyOperGroup OBJECT-GROUP
OBJECTS {
aluSecPlcyOperName,
aluSecPlcyOperDescription,
aluSecPlcyOperRuleCount,
aluSecPlcyOperZoneRefCount,
aluSecPlcyParamsOperDescription,
aluSecPlcyParamsOperMatchSrcIPAddrValue1,
aluSecPlcyParamsOperMatchSrcIPAddrValue2,
aluSecPlcyParamsOperMatchSrcIPOperator,
aluSecPlcyParamsOperMatchSrcIPHostGroup,
aluSecPlcyParamsOperMatchDstIPAddrValue1,
aluSecPlcyParamsOperMatchDstIPAddrValue2,
aluSecPlcyParamsOperMatchDstIPOperator,
aluSecPlcyParamsOperMatchDstIPHostGroup,
aluSecPlcyParamsOperMatchProtocol,
aluSecPlcyParamsOperMatchSrcPortValue1,
aluSecPlcyParamsOperMatchSrcPortValue2,
aluSecPlcyParamsOperMatchSrcPortOp,
aluSecPlcyParamsOperMatchDstPortValue1,
aluSecPlcyParamsOperMatchDstPortValue2,
aluSecPlcyParamsOperMatchDstPortOp,
aluSecPlcyParamsOperMatchAppGroup,
aluSecPlcyParamsOperMatchIcmpCode,
aluSecPlcyParamsOperMatchIcmpType,
aluSecPlcyParamsOperMatchIgmpType,
aluSecPlcyParamsOperMatchFlowDirection,
aluSecPlcyParamsOperProfileId,
aluSecPlcyParamsOperConcurrentFlowLimit,
aluSecPlcyParamsOperCreateRevDirFlow,
aluSecPlcyParamsOperAction,
aluZoneNatPoolOperName,
aluZoneNatPoolOperDescription,
aluZoneNatPoolOperType,
aluZoneNatPoolOperDirection,
aluZoneNatPoolParamsOperIPAddrValue1,
aluZoneNatPoolParamsOperIPAddrValue2,
aluZoneNatPoolParamsOperIPOperator,
aluZoneNatPoolParamsOperIPInterfaceIndex,
aluZoneNatPoolParamsOperPortOperator,
aluZoneNatPoolParamsOperPortValue1,
aluZoneNatPoolParamsOperPortValue2
}
STATUS current
DESCRIPTION
"The group of objects to manage the Security Policies
on Nokia 7705 SAR series systems."
::= { aluSecurityOperGroups 2 }
aluSecStatsGroup OBJECT-GROUP
OBJECTS {
aluSecSessionOutboundZoneId,
aluSecSessionInboundZoneId,
aluSecSessionFwdPktsPassed,
aluSecSessionFwdBytesPassed,
aluSecSessionRevPktsPassed,
aluSecSessionRevBytesPassed
}
STATUS current
DESCRIPTION
"The group of objects to retrieve stats
on Nokia 7705 SAR series systems."
::= { aluSecurityOperGroups 3 }
aluSecFirewallOperGroup OBJECT-GROUP
OBJECTS {
aluSecProfileOperAppInspect,
aluSecProfileOperInspectTcp,
aluSecProfileOperInspectIpOpt,
aluSecProfileOperAllowedIpOpt,
aluSecProfileOperAllowPktFrag,
aluSecProfileOperAlg,
aluSecProfileOperIcmpReqLimit,
aluSecProfileOperIcmpErrLimit,
aluSecProfileOperDnsReplyOnly,
aluSecProfileOperTcpTmoStrict,
aluSecProfileOperUdpTmoStrict,
aluSecProfileOperIcmpTmoStrict,
aluSecProfileOperDnsTmoStrict,
aluSecProfileOperOthTmoStrict,
aluSecProfileOperFwdPolicerId,
aluSecProfileOperRevPolicerId,
aluZoneOperInTcpSessLimit,
aluZoneOperInUdpSessLimit,
aluZoneOperInIcmpSessLimit,
aluZoneOperInOthSessLimit,
aluZoneOperInTcpActSessions,
aluZoneOperInUdpActSessions,
aluZoneOperInIcmpActSessions,
aluZoneOperInOthActSessions,
aluZoneOperOutTcpSessLimit,
aluZoneOperOutUdpSessLimit,
aluZoneOperOutIcmpSessLimit,
aluZoneOperOutOthSessLimit,
aluZoneOperOutTcpActSessions,
aluZoneOperOutUdpActSessions,
aluZoneOperOutIcmpActSessions,
aluZoneOperOutOthActSessions,
aluZoneOperLogId,
aluZoneOperAutoBind,
aluZoneInboundSessionAlg,
aluZoneInboundSessionInspect,
aluZoneInboundSessionCreator,
aluZoneOutboundSessionAlg,
aluZoneOutboundSessionInspect,
aluZoneInboundSessionFwdPolicerId,
aluZoneInboundSessionRevPolicerId,
aluZoneOutboundSessionFwdPolicerId,
aluZoneOutboundSessionRevPolicerId,
aluZoneOutboundSessionCreator
}
STATUS current
DESCRIPTION
"The group of objects to provision firewall
on Nokia 7705 SAR series systems."
::= { aluSecurityOperGroups 4 }
aluSecStatsV7v0Group OBJECT-GROUP
OBJECTS {
aluSecZoneRxCtrlQueueFwdPkts,
aluSecZoneRxCtrlQueueFwdBytes,
aluSecZoneRxCtrlQueueDroPkts,
aluSecZoneRxCtrlQueueDroBytes,
aluSecZoneRxCtrlQueueAutoBind,
aluSecSessionFwdDropActionPkts,
aluSecSessionFwdDropIpOptPkts,
aluSecSessionRevDropIpOptPkts,
aluSecSessionFwdDropMaxPkts,
aluSecSessionRevDropMaxPkts,
aluSecSessionFwdDropMaxIcmpErr,
aluSecSessionRevDropMaxIcmpErr,
aluSecSessionFwdSecurityDrop,
aluSecSessionRevSecurityDrop,
aluSecSessionFwdPolicerDrop,
aluSecSessionRevPolicerDrop,
aluSecEngineUtilization,
aluSecEngineRxQueueCtrlPkts,
aluSecEngineRxQueueDataPkts,
aluSecEngineRxQueueDropPkts,
aluSecEngineDropPkts,
aluSecTotalSessionCount,
aluSecSessionRevDropActionPkts
}
STATUS current
DESCRIPTION
"The group of objects to retrieve stats added
in Release 7.0 on Nokia 7705 SAR series systems."
::= { aluSecurityOperGroups 5 }
aluSecGroupOperGroup OBJECT-GROUP
OBJECTS {
aluSecHostGrpOperName,
aluSecHostGrpOperDescription,
aluSecHostGrpOperPlcyRefCount,
aluSecHostOperIPAddrValue2,
aluSecHostOperIPOperator,
aluSecAppGrpOperName,
aluSecAppGrpOperDescription,
aluSecAppGrpOperPlcyRefCount,
aluSecAppOperMatchProtocol,
aluSecAppOperMatchSrcPortValue1,
aluSecAppOperMatchSrcPortValue2,
aluSecAppOperMatchSrcPortOp,
aluSecAppOperMatchDstPortValue1,
aluSecAppOperMatchDstPortValue2,
aluSecAppOperMatchDstPortOp,
aluSecAppOperMatchIcmpCode,
aluSecAppOperMatchIcmpType,
aluSecPolicerGrpOperName,
aluSecPolicerGrpOperDescription,
aluSecPolicerGrpOperRate,
aluSecPolicerGrpOperRateCbs,
aluSecPolicerGrpOperPlcyRefCount,
aluSecPolicerGrpOperFwdPktsPassed,
aluSecPolicerGrpOperFwdBytesPassed,
aluSecPolicerGrpOperFwdPktsDrop,
aluSecPolicerGrpOperRevPktsPassed,
aluSecPolicerGrpOperRevBytesPassed,
aluSecPolicerGrpOperRevPktsDrop
}
STATUS current
DESCRIPTION
"The group of operational objects of the Security Groups
on Nokia 7705 SAR series systems."
::= { aluSecurityOperGroups 6 }
aluZoneOperGroupV7v0 OBJECT-GROUP
OBJECTS {
aluZoneOperName,
aluZoneOperDescription,
aluZoneOperPlcyRuleCount,
aluZoneOperType,
aluZoneOperSvcId,
aluZoneOperBypass,
aluZoneOperInSessionCount,
aluZoneOperInActiveSessions,
aluZoneOperOutSessionCount,
aluZoneOperOutActiveSessions,
aluZoneOperInPktsDropped,
aluZoneOperOutPktsDropped,
aluZoneOperInPktsDefAction,
aluZoneOperOutPktsDefAction,
aluZoneOperPlcyLastCommit,
aluZonePlcyOperEntryId,
aluZonePlcyOperActive,
aluZonePlcyOperFlags,
aluZonePlcyOperSecPlcyId,
aluZonePlcyOperSecPlcyRuleId,
aluZonePlcyOperNatPoolId,
aluZonePlcyOperRuleHitCount,
aluZonePlcyOperRuleActiveSessions,
aluZoneInboundSessionProtocol,
aluZoneInboundSessionSrcZoneId,
aluZoneInboundSessionSrcIPAddrValue,
aluZoneInboundSessionSrcPortValue,
aluZoneInboundSessionDstIPAddrValue,
aluZoneInboundSessionDstPortValue,
aluZoneInboundSessionRevDirCreated,
aluZoneInboundSessionAction,
aluZoneInboundSessionNatSrcIPAddrValue,
aluZoneInboundSessionNatSrcPortValue,
aluZoneInboundSessionEstablished,
aluZoneOutboundSessionProtocol,
aluZoneOutboundSessionDstZoneId,
aluZoneOutboundSessionSrcIPAddrValue,
aluZoneOutboundSessionSrcPortValue,
aluZoneOutboundSessionDstIPAddrValue,
aluZoneOutboundSessionDstPortValue,
aluZoneOutboundSessionRevDirCreated,
aluZoneOutboundSessionAction,
aluZoneOutboundSessionNatSrcIPAddrValue,
aluZoneOutboundSessionNatSrcPortValue,
aluZoneOutboundSessionEstablished,
aluSecProfileOperName,
aluSecProfileOperDescription,
aluSecProfileOperPlcyRefCount,
aluSecProfileOperTcpSynTimeout,
aluSecProfileOperTcpWaitTimeout,
aluSecProfileOperTcpTransTimeout,
aluSecProfileOperTcpEstTimeout,
aluSecProfileOperUdpTimeout,
aluSecProfileOperUdpInitTimeout,
aluSecProfileOperUdpDnsTimeout,
aluSecProfileOperIcmpTimeout,
aluSecProfileOperOtherTimeout,
aluZoneOperInFwdAction,
aluZoneOperOutFwdAction,
aluZoneOperInNatAction,
aluZoneOperOutNatAction,
aluZoneOperInDropAction,
aluZoneOperOutDropAction
}
STATUS current
DESCRIPTION
"The group of objects to manage the Security Zone Groups
on Nokia 7705 SAR series systems."
::= { aluSecurityOperGroups 7 }
aluSecNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS { aluSecPlcyActionPerformed,
aluSecZonePlcyActionPerformed,
aluSecSessionWtrMrkModified,
aluSecSessionHiWtrMrkCrossed,
aluSecSessionLoWtrMrkCrossed,
aluSecSessionsExhausted,
aluSecZonePlcyRuleStateChange
}
STATUS current
DESCRIPTION
"The group of notifications supporting the management of
security on Nokia SAR series systems."
::= { aluSecurityNotifyGroups 1 }
aluSecNotificationObjsGroup OBJECT-GROUP
OBJECTS {
aluSecNotifyPlcyAction,
aluSecNotifyRuleActive,
aluSecNotifyZoneId,
aluSecNotifyZoneRuleId
}
STATUS current
DESCRIPTION
"The group of objects to manage the Security Zone Groups
on Nokia 7705 SAR series systems."
::= { aluSecurityNotifyGroups 2 }
aluSecLogObjsGroup OBJECT-GROUP
OBJECTS {
aluSecLogName,
aluSecLogRowStatus,
aluSecLogDescription,
aluSecLogEnabled,
aluSecLogDestination,
aluSecLogMemSize,
aluSecLogMemWrap,
aluSecLogSysLogId,
aluSecLogLogProfileId,
aluSecLogApplied,
aluSecLogNextEventNum,
aluSecLogEventName,
aluSecLogEventControl,
aluSecLogProfileName,
aluSecLogProfileRowStatus,
aluSecLogProfileDescription,
aluSecLogProfileApplied,
aluSecPlcyParamsConfigLogControl,
aluSecPlcyParamsConfigLogId,
aluSecPlcyParamsOperLogControl,
aluSecPlcyParamsOperLogId
}
STATUS current
DESCRIPTION
"The group of objects to manage the Security Log Groups
on Nokia 7705 SAR series systems."
::= { aluSecurityLogGroups 1 }
aluMcPeerFwGroup OBJECT-GROUP
OBJECTS {
aluMcPeerFwAdminState,
aluMcPeerFwBootTimer,
aluMcPeerFwHoldOnNbrFail,
aluMcPeerFwKeepAliveIntvl,
aluMcPeerFwLastChanged,
aluMcPeerFwRefCount,
aluMcPeerFwBfd,
aluMcPeerFwRowStatus,
aluMcPeerFwSysPriority,
aluMcPeerFwTableLastChanged,
aluMcFwPeerStatsDropMD5,
aluMcFwPeerStatsDropRxPeerData,
aluMcFwPeerStatsDropOutOfSeq,
aluMcFwPeerStatsDropPktTooShrt,
aluMcFwPeerStatsDropStateDsbld,
aluMcFwPeerStatsDropTlvInvldSz,
aluMcFwPeerStatsDropUnknownTlv,
aluMcFwPeerStatsPktsRx,
aluMcFwPeerStatsPktsRxKpalive,
aluMcFwPeerStatsPktsRxPeerCfg,
aluMcFwPeerStatsPktsRxPeerData,
aluMcFwPeerStatsPktsTx,
aluMcFwPeerStatsPktsTxFailed,
aluMcFwPeerStatsPktsTxKpalive,
aluMcFwPeerStatsPktsTxPeerCfg,
aluMcFwPeerStatsPktsTxPeerData,
aluMcFwPeerStatsDropFwNoPeer,
aluMcPeerFwOperState,
aluMcPeerFwPeerLastStateChge,
aluMcFwStatsDropFwNoPeer,
aluMcFwStatsDropMD5,
aluMcFwStatsDropOutOfSeq,
aluMcFwStatsDropPktKpaliveTask,
aluMcFwStatsDropRxPeerData,
aluMcFwStatsDropPktTooShort,
aluMcFwStatsDropPktVerifyFailed,
aluMcFwStatsDropTlvInvalidSize,
aluMcFwStatsDropUnknownPeer,
aluMcFwStatsDropUnknownTlv,
aluMcFwStatsPktsRx,
aluMcFwStatsPktsRxKeepalive,
aluMcFwStatsPktsRxPeerConfig,
aluMcFwStatsPktsRxPeerData,
aluMcFwStatsPktsTx,
aluMcFwStatsPktsTxFailed,
aluMcFwStatsPktsTxKeepalive,
aluMcFwStatsPktsTxPeerConfig,
aluMcFwStatsPktsTxPeerData,
aluMcPeerFwRefCount,
aluMcPeerFwEncryption,
aluMcPeerFwEncryptionAuthAlg,
aluMcPeerFwEncryptionEncrAlg,
aluMcPeerFwEncryptionActOutSa,
aluMcPeerFwEncryptionSpi1,
aluMcPeerFwEncryptionSpiAuthKey1,
aluMcPeerFwEncryptionSpiEncrKey1,
aluMcPeerFwEncryptionSpi2,
aluMcPeerFwEncryptionSpiAuthKey2,
aluMcPeerFwEncryptionSpiEncrKey2
}
STATUS current
DESCRIPTION
"The group of notification objects supporting multi-chassis redundancy
peer group on Nokia SROS 7.0 series systems."
::= { aluSecurityMcGroups 1 }
aluMcPeerFwNotifyObjsV7v0Group OBJECT-GROUP
OBJECTS {
aluMcPeerFwBfdSessionOpenStatus
}
STATUS current
DESCRIPTION
"The group of objects supporting management of multi-chassis fw
notification objects on Nokia SROS series systems."
::= { aluSecurityMcGroups 2 }
aluMcPeerFwV7v0NotifGroup NOTIFICATION-GROUP
NOTIFICATIONS {
aluMcPeerFwBfdSessionClose,
aluMcPeerFwBfdSessionOpen,
aluMcPeerFwBfdSessionDown,
aluMcPeerFwBfdSessionUp,
aluMcPeerFwOperDown,
aluMcPeerFwOperUp,
aluMcPeerFwElectionMaster,
aluMcPeerFwElectionSlave,
aluMcPeerFwMasterPolicySyncClr,
aluMcPeerFwMasterPolicySyncSet,
aluMcPeerFwSlavePolicySyncClr,
aluMcPeerFwSlavePolicySyncSet,
aluMcPeerFwSessionDbSyncClr,
aluMcPeerFwSessionDbSyncSet
}
STATUS current
DESCRIPTION
"The group of notifications supporting multi-chassis fw on
the Nokia SROS series systems."
::= { aluSecurityMcGroups 3 }
END
View Git Blame Copy Permalink