WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/aricent/FIREWALL-MIB

2721 lines
84 KiB
Plaintext
Raw Blame History

-- Copyright (C) 2006-2012 Aricent Group . All Rights Reserved
-- $Id: fsfwl.mib,v 1.19 2016/02/27 10:05:05 siva Exp $
-- This document explains the proprietary MIB implemented
-- for FutureFirewall product.
-- The FS proprietary MIB definitions, which mostly contains extra
-- statistic objects and objects that can enable or disable certain features
-- of a protocol or the protocol itself. The various groups that are present
-- in the proprietary MIB are :
-- FutureFirewall MIB.
-- The MIB contains scalars and tables used to configure
-- FutureFirewall .
-- The different groups in FutureFirewall MIB are as follows:
-- 1) fwlGlobal group :
-- It contains scalar objects used to configure FutureFirewall.
-- The objects in this group are used to control Firewall
-- services and prevent against potential attacks. The objects in this
-- group are fwlGlobalMasterControlSwitch, fwlGlobalIcmpControlSwitch,
-- fwlGlobalTrace, fwlGlobalDebug,
-- fwlGlobalIpSpoofFiltering, fwlGlobalSrcRouteFiltering, fwlGlobalTrap,
-- fwlGlobalTinyFragmentFiltering, fwlGlobalTcpIntercept,
-- fwlGlobalUrlFiltering, fwlGlobalIpv6SpoofFiltering,
-- fwlGlobalICMPv6ControlSwitch, fwlGlobalLogFileSize,
-- fwlGlobalLogSizeThreshold, fwlGlobalIdsLogSize, fwlGlobalIdsLogThreshold.
-- 2) fwlDefinition group :
-- This contains tables used to configure Filters and Rules and to apply
-- them on a particular interface. It contains a table to configure
-- interface specific Filters and a table to view dynamically created
-- filters. It also provides an authentication table for configuring
-- authorized users and services.
-- a) fwlDefnTcpInterceptThreshold : This is a scalar object used to define
-- the rate of TCP connection requests allowed.
-- b) fwlDefnInterceptTimeout : This is a scalar object used to define
-- the time interval for allowing the connections within threshold.
-- c) fwlDefnFiltertable : This table is used to configure filters. The
-- objects in this table are fwlFilterFilterName, fwlFilterSrcAddress,
-- fwlFilterDestAddress, fwlFilterSrcPort, fwlFilterDestPort,
-- fwlFilterProtocol and fwlFilterTos, fwlFilterAddrType,fwlFilterFlowId
-- fwlFilterDscp.
-- d) fwlDefnRuleTable : This table is used to configure rules(combination
-- of Filters). The objects in this table are fwlRuleRuleName and
-- fwlRuleFilterSet.
-- e) fwlDefnAclTable : This table is used to apply a filter or a rule on
-- a particular interface. The objects include fwlAclAclName,
-- fwlAclIfIndex, fwlAclDirection, fwlAclAction and
-- fwlAclSequenceNumber.
-- f) fwlDefnIfTable : This table is used to configure interface specific
-- filters. The objects in the table include fwlIfIpOptions,
-- fwlIfFragments, fwlIfIcmpType, fwlIfIcmpCode ,fwlIfIfType and
-- fwlIfICMPv6MsgType.
-- g) fwlDefnDmzTable : This table is used to configure the DMZ hosts on an
-- interface. The objects in the table include fwlDmzIpSubnet and
-- fwlDmzSubnetMask.
-- h) fwlDefnIPv6DmzTable : This table is used to configure the IPv6 DMZ hosts on an
-- interface. The object in the table include fwlDmzIpv6Index.
-- 3) fwlStatistics group :
-- This contains scalar objects used to specify the global statistics.
-- It also contains an interface table used to specify interface specific
-- statistics. The objects that specify the global statistics are
-- fwlStatTotalPacketsInspectedCount, fwlStatTotalPacketsDenied,
-- fwlStatTotalPacketsAccepted, fwlStatTotalIcmpPacketsDenied,
-- fwlStatTotalIpOptionPacketsDenied, fwlStatTotalFragmentedPacketsDenied,
-- fwlStatMemoryAllocationFailCount, fwlStatTotalSynPacketsReceived,
-- fwlStatTotalIpSpoofedPacketsDenied,fwlStatIPv6InspectedPacketsCount,
-- fwlStatIPv6TotalPacketsDenied,fwlStatIPv6TotalPacketsAccepted,
-- fwlStatIPv6TotalIcmpPacketsDenied,fwlStatIPv6TotalSpoofedPacketsDenied
-- The following table is used to specify interface specific statistics.
-- fwlStatIfTable : The objects in this table are fwlStatIfFilterCount,
-- fwlStatIfPacketsDenied, fwlStatIfPacketsAccepted,
-- fwlStatIfIcmpPacketsDenied, fwlStatIfFragmentPacketsDenied and
-- fwlStatIfIpOptionPacketsDenied,fwlStatIfIPv6PacketsDenied,
-- fwlStatIfIPv6PacketsAccepted, fwlStatIfIcmpv6PacketsDenied
-- fwlStatIfIpOptionPacketsDenied.
-- 4) fwlTraps Group :
-- This group contains the different types of Traps used by the Firewall
-- The trap control is fwlTrapMessage.
-- The trap types are fwlTrapMemoryFailure and fwlTrapAttackSummary.
-- fwlTrapThresholdExceeded would be triggered when the Discard limit
-- exceeds the threshold set. fwlTrapIfIndex object specifies the
-- Interface Index in which the limit is exceeded. It could be a Global
-- or a particular Interface Index. fwlTrapMessage would be called for
-- traps related to Firewall logs such as sizeexceeded and sizethresholdhit.
-- fwlIdsTrapLogging would be called for traps related to IDS logs such as
-- sizeexceeded and sizethresholdhit. fwlIdsTrapAttackPktFromIds would be
-- called when an attack-packet is identified by IDS.
FIREWALL-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE,
Integer32, Unsigned32, Counter32, enterprises,
IpAddress, NOTIFICATION-TYPE,
TimeTicks FROM SNMPv2-SMI
RowStatus, TruthValue, DisplayString, RowPointer,
TimeStamp, TEXTUAL-CONVENTION FROM SNMPv2-TC
InetAddress, InetAddressType,
InetAddressPrefixLength FROM INET-ADDRESS-MIB;
-- enterprises OBJECT IDENTIFIER ::= { private 1 }
-- futuresoftware OBJECT IDENTIFIER ::= { enterprises 2076 }
firewall MODULE-IDENTITY
LAST-UPDATED "201209050000Z"
ORGANIZATION "ARICENT COMMUNICATIONS SOFTWARE"
CONTACT-INFO "support@aricent.com"
DESCRIPTION
" The MIB module to describe the Firewall . "
REVISION "201209050000Z"
DESCRIPTION
" The MIB module to describe the Firewall . "
::= { enterprises futuresoftware(2076) 16}
-- Textual Conventions
-- These Textual Conventions enhance the readability of the specification.
-- The Status is an integer value which specifies whether the Firewall
-- AccessList control switches are enabled or disabled.
Status ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
" The status of the Firewall AccessList control switches. "
SYNTAX INTEGER {
enabled(1),
disabled(2)
}
-- The ProtocolType is an integer value that specifies the type of
-- protocol.
ProtocolType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
" Enumeration of protocols that are commonly used on Firewall
AccessList. "
SYNTAX INTEGER {
icmp(1),
igmp(2),
ggp(3),
ip(4),
tcp(6),
egp(8),
igp(9),
nvp(11),
udp(17),
irtp(28),
idpr(35),
rsvp(46),
mhrp(48),
igrp(88),
ospfigp(89),
any(255)
}
-- Groups in Firewall AccessList
fwlGlobal OBJECT IDENTIFIER ::= { firewall 1 }
fwlDefinition OBJECT IDENTIFIER ::= { firewall 2 }
fwlStatistics OBJECT IDENTIFIER ::= { firewall 3 }
fwlTraps OBJECT IDENTIFIER ::= { firewall 4 }
fwlState OBJECT IDENTIFIER ::= { firewall 5 }
fwlRateLimit OBJECT IDENTIFIER ::= { firewall 6 }
fwlSnork OBJECT IDENTIFIER ::= { firewall 7 }
fwlRpf OBJECT IDENTIFIER ::= { firewall 8 }
-- SCALAR_TABLE_BEGIN fwlGlobal 13
-- Firewall Global Group
-- This group defines variables, which applies globally to the Firewall.
fwlGlobalMasterControlSwitch OBJECT-TYPE
SYNTAX Status
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This switch is used to enable or disable the entire firewall
service. The default value for this switch is 'enabled' (1). "
DEFVAL { enabled }
::= { fwlGlobal 1 }
fwlGlobalICMPControlSwitch OBJECT-TYPE
SYNTAX INTEGER {
generate(1),
suppress(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This switch is used to generate or suppress the ICMP generation
when a packet is rejected by the firewall. The default value for
this switch is 'suppress'(2). "
DEFVAL { suppress }
::= { fwlGlobal 2 }
fwlGlobalIpSpoofFiltering OBJECT-TYPE
SYNTAX Status
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This switch is used to determine whether the inbound packets
(packets arriving on the external interface or the interface
connected to the Internet)are to be examined for a potential
source IP Spoofing attack. The default value for this switch
is 'enabled'(1). "
DEFVAL { enabled }
::= { fwlGlobal 3 }
fwlGlobalSrcRouteFiltering OBJECT-TYPE
SYNTAX Status
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"**************** THIS OBJECT IS DEPRECATED ****************
This switch is used to determine whether the inbound packets
(packets arriving on the external interface or the interface
connected to the Internet)containing the IP source route option
are filtered or not through the Firewall. The default
value for this switch is 'enabled'(1). "
DEFVAL { enabled }
::= { fwlGlobal 4 }
fwlGlobalTinyFragmentFiltering OBJECT-TYPE
SYNTAX Status
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"**************** THIS OBJECT IS DEPRECATED ****************
This switch is used to determine whether the inbound packets
(packets arriving on the external interface or the interface
connected to the Internet)containing Tiny IP Fragments are
allowed or discarded through the Firewall. The default value
for this switch is 'enabled'(1). "
DEFVAL { enabled }
::= { fwlGlobal 5 }
fwlGlobalTcpIntercept OBJECT-TYPE
SYNTAX Status
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This switch is used to determine whether packets are to be
examined for a potential Denial of service attack (TCP SYN
Flooding attack). The default value for this switch is
'enabled'(1). "
DEFVAL { enabled }
::= { fwlGlobal 6 }
fwlGlobalTrap OBJECT-TYPE
SYNTAX Status
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This switch is used to control the different types of Trap
sent to the administrator in case of memory failure or any
attacks has occurred. If this switch is enabled then Trap will
be sent for the above mentioned reasons. The default value for
this switch is 'disabled'(2)."
DEFVAL { disabled }
::= { fwlGlobal 7 }
fwlGlobalTrace OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This is used to enable trace statements in Firewall Module.
A four byte integer value is specified for enabling the level
of tracing. Each Bit in the four byte integer variable represents
a level of Trace. The bits represents the levels as
follows: 0 - Init and Shutdown, 1 - Management, 2 - Data Path,
3 - Control Plane, 4 - packet Dump, 5 - All resources except
buffer, 6 - All Failures, 7 - Buffer, 16 - Action taken by
firewall, 17 - Inspection of Packet, 18 - error and 19 - Trap.
The remaining bits are unused. The combination of levels are also
allowed. For example if the bits 1 and 2 are set, then the Trace
statements related to management and Data Path will be printed.
The user have to enter the corresponding integer value for the
bits set. For example if bits 1 and 2 are set then he has to
give the value 6."
DEFVAL { 0 }
::= { fwlGlobal 8 }
fwlGlobalDebug OBJECT-TYPE
SYNTAX Status
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This is used to enable/disable Debug Statements in Firewall Module."
DEFVAL { disabled }
::= { fwlGlobal 9 }
fwlGlobalMaxFilters OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This specifies the maximum number of memory blocks
that can be allocated for filters."
DEFVAL { 100 }
::= { fwlGlobal 10 }
fwlGlobalMaxRules OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" This specifies the maximum number of memory blocks
that can be allocated for rules."
DEFVAL { 100 }
::= { fwlGlobal 11 }
fwlGlobalUrlFiltering OBJECT-TYPE
SYNTAX Status
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This enables or disables URL filtering.
The default value for this switch is 'disable'(2). "
DEFVAL { disabled }
::= { fwlGlobal 12 }
fwlGlobalNetBiosFiltering OBJECT-TYPE
SYNTAX Status
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This enables or disables NETBIOS filtering.
The default value for this switch is 'disable'(2). "
DEFVAL { disabled }
::= { fwlGlobal 13 }
fwlGlobalNetBiosLan2Wan OBJECT-TYPE
SYNTAX Status
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This enables or disables NETBIOS LAN to WAN control switch.
The default value for this switch is 'disable'(2). "
DEFVAL { disabled }
::= { fwlGlobal 14 }
fwlGlobalICMPv6ControlSwitch OBJECT-TYPE
SYNTAX INTEGER {
generate(1),
suppress(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This switch is used to generate or suppress the ICMPv6 generation
when a packet is rejected by the firewall. When this is enabled,
ICMPv6 error message is generated whenever a ICMPv6 packet is denied.
The default value for this switch is 'suppress'(2). "
DEFVAL { suppress }
::= { fwlGlobal 15 }
fwlGlobalIpv6SpoofFiltering OBJECT-TYPE
SYNTAX Status
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This switch is used to determine whether the inbound packets
(packets arriving on the external interface or the interface
connected to the Internet)are to be examined for a potential
source IPv6 Spoofing attack. The default value for this switch
is 'enabled'(1). "
DEFVAL { enabled }
::= { fwlGlobal 16 }
fwlGlobalLogFileSize OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This is the maximum file size in bytes of the firewall log file."
DEFVAL { 1048576 }
::= { fwlGlobal 17 }
fwlGlobalLogSizeThreshold OBJECT-TYPE
SYNTAX Unsigned32 (1..99)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This is the threshold value of the Log storage space with respect
to the maximum Log Storage Space. It is entered as a percentage value. "
DEFVAL { 70 }
::= { fwlGlobal 18 }
fwlGlobalIdsLogSize OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This is the maximum file size in bytes of the IDS log file. "
DEFVAL { 1048576 }
::= { fwlGlobal 19 }
fwlGlobalIdsLogThreshold OBJECT-TYPE
SYNTAX Unsigned32 (1..99)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This is the threshold value of the Log storage space with respect
to the maximum Log Storage Space. It is entered as a percentage value."
DEFVAL { 70 }
::= { fwlGlobal 20 }
fwlGlobalIdsVersionInfo OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..64))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This Object shows the Current version of IDS (Intrusion Detection System)"
DEFVAL {""}
::= {fwlGlobal 21}
fwlGlobalReloadIds OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This Object reload IDS process (Intrusion Detection System) with the
new set of rules/configurations."
::= {fwlGlobal 22}
fwlGlobalIdsStatus OBJECT-TYPE
SYNTAX Status
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This Object is used to enable or disable IDS (Intrusion Detection
System) service in the system. By default IDS is enabled."
DEFVAL { enabled }
::= {fwlGlobal 23}
fwlGlobalLoadIdsRules OBJECT-TYPE
SYNTAX INTEGER {
load (1),
unload (2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This Object loads the existing regular expressions of rules to Pattern
Matching Engine (PME) if exists. Also reloads IDS process
(Intrusion Detection System). While rules load in progress IDS status
would be disabled."
::= {fwlGlobal 24}
fwlDosAttackAcceptRedirect OBJECT-TYPE
SYNTAX INTEGER {
enable (1),
disable (0)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object stores the status of the Accept Redirect Dos attack "
::= {fwlGlobal 25}
fwlDosAttackAcceptSmurfAttack OBJECT-TYPE
SYNTAX INTEGER {
enable (1),
disable (0)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object stores the status of the Smurf Dos attack "
::= {fwlGlobal 26}
fwlDosLandAttack OBJECT-TYPE
SYNTAX INTEGER {
enable (1),
disable (0)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object stores the status of the Land Dos attack "
::= {fwlGlobal 27}
fwlDosShortHeaderAttack OBJECT-TYPE
SYNTAX Integer32 (1..1000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object stores the status of the ShortHeader Dos attack "
DEFVAL { 10 }
::= {fwlGlobal 28}
-- SCALAR_TABLE_END
-- Firewall Definition Group
-- The Definition group defines the variables used to configure the
-- filters an rules for the Firewall . It also defines the
-- variables used to prevent all types of attacks.
-- SCALAR_TABLE_BEGIN fwlDefinition 7
-- The following two scalar variables are used to prevent the Denial
-- of Service attack.
fwlDefnTcpInterceptThreshold OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" The number of TCP Connection requests (TCP SYN packets)
entering into the firewall module within a timeout
period. The default value is 50 connections. "
DEFVAL { 50 }
::= { fwlDefinition 1 }
fwlDefnInterceptTimeout OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" The interval after which the Connection requests
exceeding the threshold will be discarded. The default
value is 1 second. This timeout value applies for TCP,UDP
and ICMP"
DEFVAL { 1 }
::= { fwlDefinition 2 }
-- SCALAR_TABLE_END
-- Filter Table
-- This is the first level of configuration where the Filters are defined.
-- These Filters specify the parameters that has to be checked against the
-- packet. The parameters include source address, destination address,
-- source port, destination port, protocol type, etc.
fwlDefnFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF FwlDefnFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This table is used to configure the Filters in the Firewall.
The Filters can be configured as 'Filter1 10.0.0.0/24
108.0.4.1/32 6'. It means that in Filter1, the source address
can range from 10.0.0.0 to 10.0.0.255 and destination address
is 108.0.4.1 and protocol is TCP. The mask used is not wild-card
mask. If a configured Filter is to be deleted, it must ensure
that the Rules using this particular filter or this Filter
applied on a particular interface, must be deleted first. "
::= { fwlDefinition 3 }
fwlDefnFilterEntry OBJECT-TYPE
SYNTAX FwlDefnFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The individual entry in the above table. "
INDEX { fwlFilterFilterName }
::= { fwlDefnFilterTable 1 }
FwlDefnFilterEntry ::=
SEQUENCE {
fwlFilterFilterName
OCTET STRING,
fwlFilterSrcAddress
DisplayString,
fwlFilterDestAddress
DisplayString,
fwlFilterProtocol
INTEGER,
fwlFilterSrcPort
DisplayString,
fwlFilterDestPort
DisplayString,
fwlFilterAckBit
INTEGER,
fwlFilterRstBit
INTEGER,
fwlFilterTos
Integer32,
fwlFilterAccounting
Status,
fwlFilterHitClear
TruthValue,
fwlFilterHitsCount
Counter32,
fwlFilterAddrType
InetAddressType,
fwlFilterFlowId
Unsigned32,
fwlFilterDscp
Integer32,
fwlFilterRowStatus
RowStatus
}
fwlFilterFilterName OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..35))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This Filter name uniquely identifies the particular Filter
configured. "
::= { fwlDefnFilterEntry 1 }
fwlFilterSrcAddress OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The source IP address and the source mask to be checked
against the packet. The default value is 0.0.0.0/0.
The address value should not be specified without the mask
value. ('10.0.14.23') "
DEFVAL {''h}
::= { fwlDefnFilterEntry 2 }
fwlFilterDestAddress OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The destination IP address and the destination mask to be
checked against the packet. The default value is 0.0.0.0/0.
The address value should not be specified without the mask
value. ('10.0.14.23') "
DEFVAL { ''h }
::= { fwlDefnFilterEntry 3 }
fwlFilterProtocol OBJECT-TYPE
SYNTAX ProtocolType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The type of protocol to be checked against the packet. The
default value is 'any' (255). If the value is 'any' (255), it
means that the protocol type can be anything and it will not be
checked to decide the action. "
DEFVAL { any }
::= { fwlDefnFilterEntry 4 }
fwlFilterSrcPort OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The source port to be checked against the packet. The range
of port can be specified by using the symbols like '>', '<',
'!=', '=', '<=', '>='. For example the port value will be
specified as '>1023', '=23', etc. This value is parsed into
MIN and MAX port value. The string '>1023' will be parsed as
MIN port value = 1024 and MAX port value = 65536. The default
value for the MIN and MAX port value is 0. If the value is 0,
it means that the port number can be anything and it will not
be checked to decide the action. "
DEFVAL { ''h }
::= { fwlDefnFilterEntry 5 }
fwlFilterDestPort OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The destination port to be checked against the packet. The
range of port can be specified by using the symbols like '>',
'<', '!=', '=', '<=', '>='. For example the port value will be
specified as '>1023', '=23', etc. This value is parsed into
MIN and MAX port value. The string '>1023' will be parsed as
MIN port value = 1024 and MAX port value = 65536. The default
value for the MIN and MAX port value is 0. If the value is 0,
it means that the port number can be anything and it will not
be checked to decide the action. "
DEFVAL { ''h }
::= { fwlDefnFilterEntry 6 }
fwlFilterAckBit OBJECT-TYPE
SYNTAX INTEGER {
establish(1),
notEstablish(2),
any(3)
}
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"**************** THIS OBJECT IS DEPRECATED ****************
The TCP ACK bit to be checked against the packet. The default
value is 'any'(3). It means that ACK bit will not be checked
to decide the action. "
DEFVAL { any }
::= { fwlDefnFilterEntry 7 }
fwlFilterRstBit OBJECT-TYPE
SYNTAX INTEGER {
set(1),
notSet(2),
any(3)
}
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"**************** THIS OBJECT IS DEPRECATED ****************
The TCP RST bit to be checked against the packet. The default
value is 'any'(3). It means that RST bit will not be checked to
decide the action. "
DEFVAL { any }
::= { fwlDefnFilterEntry 8 }
fwlFilterTos OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The IP TOS bit to be checked against the packet. This is a
single byte integer of which the last three bits (least
significant bits) indicate Delay, Throughput and Reliability
i.e. 'uuuuudtr', u-unused, d-delay, t-throughput, r-reliability.
For example '6' indicates low delay and high throughput. "
DEFVAL { 0 }
::= { fwlDefnFilterEntry 9 }
fwlFilterAccounting OBJECT-TYPE
SYNTAX Status
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object is used to enable or disable the filter accounting of this
filter. If this object is enabled then the Hit count of this filter will
be incremented when the traffic matches this filter. If this object is
disabled then the Hit counter of the filter will not be incremented when
the traffic matches this filter. The default value of this
object is 'disabled'(2)."
DEFVAL { disabled }
::= { fwlDefnFilterEntry 10 }
fwlFilterHitClear OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object is used to clear the hit count of this filter. The default
value is 'false'. When this object is true, the Hit count for the
respective filter will be cleared and the object value will be reset to
false. The get routine for this object always returns 'false'."
DEFVAL { false }
::= { fwlDefnFilterEntry 11 }
fwlFilterHitsCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of times this Filter is matched while processing
the packet. "
::= { fwlDefnFilterEntry 12 }
fwlFilterAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The address type of the source and destination address.
This object is limited to IPv4 and IPv6 addresses."
::= { fwlDefnFilterEntry 13 }
fwlFilterFlowId OBJECT-TYPE
SYNTAX Unsigned32 (0..1048575)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The flow label identifier is specific to an IPv6 header
as its to classify the same flow of packets between a source
and destination in IPv6"
DEFVAL { 0 }
::= { fwlDefnFilterEntry 14 }
fwlFilterDscp OBJECT-TYPE
SYNTAX Integer32 (0..63)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The IP DSCP value is applicable for both IPv4 and IPv6,
but when DSCP is specified TOS value(fwlFilterTos) should not
be configured. Also TOS value (fwlFilterTos) is not applicable
for IPv6 traffic and its filters"
DEFVAL { 0 }
::= { fwlDefnFilterEntry 15 }
fwlFilterRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object allows entries to be created or deleted in this
table. "
::= { fwlDefnFilterEntry 16 }
-- Rule Table
-- This is the second and optional level of configuration. Here the
-- Filters are grouped to form Rules. They are grouped
-- using the '&' or ','(or) operation. A set of Filters
-- combined using '&' or ','(or) operation can form a Rule.
fwlDefnRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF FwlDefnRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The table used to configure the Rules by assigning a set of
Filters.(Rule1 = Filter1 & Filter2; Rule2 = Filter1 , Filter2;
etc.). "
::= { fwlDefinition 4 }
fwlDefnRuleEntry OBJECT-TYPE
SYNTAX FwlDefnRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The individual entry in the above table. "
INDEX { fwlRuleRuleName }
::= { fwlDefnRuleTable 1 }
FwlDefnRuleEntry ::=
SEQUENCE {
fwlRuleRuleName
OCTET STRING,
fwlRuleFilterSet
DisplayString,
fwlRuleRowStatus
RowStatus
}
fwlRuleRuleName OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..35))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The name that identifies the particular Rule configured
in the Firewall . "
::= { fwlDefnRuleEntry 1 }
fwlRuleFilterSet OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" A set of Filters combined to form a Rule and this Rule is
configured globally or on a particular interface. "
::= { fwlDefnRuleEntry 2 }
fwlRuleRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object allows entries to be created or deleted in
this table. "
::= { fwlDefnRuleEntry 3 }
-- Acl table
-- This is the final level of configuration. The configured Filter or rule
-- to be applied on an interface is specified. The action to be taken
-- against the packet is specified. The direction in which filters
-- are to be applied, either to inbound packets or outbound
-- packets is also specified.
fwlDefnAclTable OBJECT-TYPE
SYNTAX SEQUENCE OF FwlDefnAclEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The ACL table will associate the filter or a combination of filters
to a specific Action. The ACL name should map with the rule name"
::= { fwlDefinition 5 }
fwlDefnAclEntry OBJECT-TYPE
SYNTAX FwlDefnAclEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The individual entry in the above table. "
INDEX {
fwlAclIfIndex,
fwlAclAclName,
fwlAclDirection
}
::= { fwlDefnAclTable 1 }
FwlDefnAclEntry ::=
SEQUENCE {
fwlAclIfIndex
Integer32,
fwlAclAclName
OCTET STRING,
fwlAclDirection
INTEGER,
fwlAclAction
INTEGER,
fwlAclSequenceNumber
Integer32,
fwlAclAclType
INTEGER,
fwlAclLogTrigger
INTEGER,
fwlAclFragAction
INTEGER,
fwlAclRowStatus
RowStatus
}
fwlAclIfIndex OBJECT-TYPE
SYNTAX Integer32 (0..1000)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The interface number in which the filters are to be
configured. The value ranges from 0 to 1000. If the value
specified is 0, it means that the filters will be
configured globally.(i.e. : filters or rules specified with
Global interface number are applicable to all interfaces.)"
::= { fwlDefnAclEntry 1 }
fwlAclAclName OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..35))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The name that uniquely identifies the particular Filter or
Rule configured in the Firewall . "
::= { fwlDefnAclEntry 2 }
fwlAclDirection OBJECT-TYPE
SYNTAX INTEGER {
in (1),
out (2)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This specifies in which direction the Filters or Rules are to
be applied on the packets, either to incoming or outgoing
packets. "
::= { fwlDefnAclEntry 3 }
fwlAclAction OBJECT-TYPE
SYNTAX INTEGER {
permit(1),
reject(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This specifies the action to be taken against the packet.
If the action value is 'permit', then the packet will be
permitted if the filter or rule matches. If it is 'reject',
then the packet will be rejected and an ICMP message will be
sent as response, if the global Switch for generation of ICMP
message is enabled. "
::= { fwlDefnAclEntry 4 }
fwlAclSequenceNumber OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This specifies the order in which the Filters are to be
matched against the packets from a particular interface. The
sequence number should not be zero. The sequence numbers are
unique."
::= { fwlDefnAclEntry 5 }
fwlAclAclType OBJECT-TYPE
SYNTAX INTEGER {
filter(1),
rule(2)
}
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"**************** THIS OBJECT IS DEPRECATED ****************
This specifies whether the access list configured on a
particular interface is a Filter or a Rule (Combination of
Filters). The default value is 'rule'(2). "
DEFVAL { rule }
::= { fwlDefnAclEntry 6 }
fwlAclLogTrigger OBJECT-TYPE
SYNTAX INTEGER {
none(0),
brief(1),
detail(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This specifies whether the log details should be in brief or detail or none .The default value is 'brief(1)'."
DEFVAL { brief }
::= { fwlDefnAclEntry 7 }
fwlAclFragAction OBJECT-TYPE
SYNTAX INTEGER{
permit(1),
deny(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This specifies whether the fragmentation has to permitted or denied."
::= { fwlDefnAclEntry 8 }
fwlAclRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object allows entries to be created or deleted in this
table. "
::= { fwlDefnAclEntry 9 }
-- Interface Table
-- This table is used to control packet filtering on interface basis.
fwlDefnIfTable OBJECT-TYPE
SYNTAX SEQUENCE OF FwlDefnIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This table is used for interface specific filtering like
filtering based on IP options, Fragments, ICMP Type and Code,
etc. "
::= { fwlDefinition 6 }
fwlDefnIfEntry OBJECT-TYPE
SYNTAX FwlDefnIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The individual entry in the above table. "
INDEX { fwlIfIfIndex }
::= { fwlDefnIfTable 1 }
FwlDefnIfEntry ::=
SEQUENCE {
fwlIfIfIndex
Integer32,
fwlIfIfType
INTEGER,
fwlIfIpOptions
INTEGER,
fwlIfFragments
INTEGER,
fwlIfFragmentSize
Unsigned32,
fwlIfICMPType
INTEGER,
fwlIfICMPCode
INTEGER,
fwlIfICMPv6MsgType
Integer32,
fwlIfRowStatus
RowStatus
}
fwlIfIfIndex OBJECT-TYPE
SYNTAX Integer32 (0..1000)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The interface number in which the filters or rules are to be
configured. "
::= { fwlDefnIfEntry 1 }
fwlIfIfType OBJECT-TYPE
SYNTAX INTEGER {
internal(1),
external(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This specifies whether the interface is an external interface
(interface connected to the internet) or internal interface. The
default value is 'external'(2). "
DEFVAL { external }
::= { fwlDefnIfEntry 2 }
fwlIfIpOptions OBJECT-TYPE
SYNTAX INTEGER {
sourceRoute (1),
recordRoute (2),
timestamp (3),
anyOptions (4),
noOptions (5),
traceRoute(6)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The IP options to be checked against the packet. If the
packet matches with the IP option specified, then the packet
will be dropped. The default value is 'anyOptions' (4). To disable
checking for IP options set the value to noOptions (5). "
DEFVAL { anyOptions }
::= { fwlDefnIfEntry 3 }
fwlIfFragments OBJECT-TYPE
SYNTAX INTEGER {
tinyFragment(1),
largeFragment(2),
anyFragment(3),
noFragment(4)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The Fragment type to be checked against the packet. If
the packet matches with the fragment type, then the packet
will be dropped. The default value is anyFragment(3) ensures that
all fragments are dropped. The value 'noFragment' (4) ensures that
fragmentation checks are disabled. "
DEFVAL { anyFragment }
::= { fwlDefnIfEntry 4 }
fwlIfFragmentSize OBJECT-TYPE
SYNTAX Unsigned32 (1..65500)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The maximum size of each fragment when the fragment type 'fwlIfFragments'
is large."
DEFVAL { 30000 }
::= { fwlDefnIfEntry 5 }
fwlIfICMPType OBJECT-TYPE
SYNTAX INTEGER {
echoReply(0),
destinationUnreachable(3),
sourceQuench(4),
redirect(5),
echoRequest(8),
timeExceeded(11),
prameterProblem(12),
timestampRequest(13),
timestampReply(14),
informationRequest(15),
informationReply(16),
addressMaskRequest(17),
addressMaskReply (18),
noICMPType(255)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The ICMP type to be checked against the packet. If the
ICMP Type matches with the packet, then the packet will be
dropped. The default value is 'noICMPType' (255). It means
that ICMP Type is not configured and need not be checked.
Generally the value zero is given as default. But here
zero is an ICMP Type value. Hence 255 is given as the
default value. "
DEFVAL { noICMPType }
::= { fwlDefnIfEntry 6 }
fwlIfICMPCode OBJECT-TYPE
SYNTAX INTEGER {
networkUnreachable(0),
hostUnreachable(1),
protocolUnreachable(2),
portUnreachable(3),
fragmentNeed(4),
sourceRouteFail(5),
destNetworkUnknown(6),
destHostUnknown(7),
srcHostIsolated(8),
destNetworkAdminProhibited(9),
destHostAdminProhibited(10),
networkUnreachableTOS(11),
hostUnreachableTOS(12),
noICMPCode(255)
}
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"**************** THIS OBJECT IS DEPRECATED ****************
The ICMP Code to be checked against the packet. If the
packet matches with the ICMP Code, then the packet will
be dropped. The default value is 'noICMPCode'(255). It
means that ICMP code is not configured and need not be
checked. Generally the value zero will be given as default.
But here, zero is an ICMP Code value. Hence 255 is given
as the default value. "
DEFVAL { noICMPCode }
::= { fwlDefnIfEntry 7 }
fwlIfICMPv6MsgType OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The ICMPv6 type to be checked against the packet. If the
ICMP Type matches with the packet, then the packet will be
dropped. The default value is 'noICMPv6Type' (0x0). It means
that ICMP Type is not configured and need not be checked.
This object is used to store the ICMPv6 message types that are enabled
by the user. The bit positions to enable specific message types
are as shown below :
Bit 0 - destinationUnreachable
Bit 1 - timeExceeded
Bit 2 - prameterProblem
Bit 3 - echoRequest
Bit 4 - echoReply
Bit 5 - redirect
Bit 6 - informationRequest
Bit 7 - informationReply
A value of zero(0x0) indicates that no ICMPv6 type is configured
and all bits set indicates that all the ICMPv6 message types are set"
DEFVAL { 0 }
::= { fwlDefnIfEntry 8 }
fwlIfRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object allows entries to be created or deleted in this
table. "
::= { fwlDefnIfEntry 9 }
-- DMZ Table
-- This table is used to define the De-Militarized Zone, where no restrictions
-- apply.
fwlDefnDmzTable OBJECT-TYPE
SYNTAX SEQUENCE OF FwlDefnDmzEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This table is used for defining the De-Militarized Zone (DMZ).
The host/hosts in this zone will have unrestricted access from the
public/external network (Internet)."
::= { fwlDefinition 7 }
fwlDefnDmzEntry OBJECT-TYPE
SYNTAX FwlDefnDmzEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The individual entry in the above table. "
INDEX { fwlDmzIpIndex }
::= { fwlDefnDmzTable 1 }
FwlDefnDmzEntry ::=
SEQUENCE {
fwlDmzIpIndex
IpAddress,
fwlDmzRowStatus
RowStatus
}
fwlDmzIpIndex OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The IP Address which the DMZ is to be configured."
::= { fwlDefnDmzEntry 1 }
fwlDmzRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object allows entries to be created or deleted in this
table. "
::= { fwlDefnDmzEntry 2 }
-- URL Filtering Table
-- This table is used to define URL filters
fwlUrlFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF FwlUrlFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This table is used for defining URL filters. Any http request
that matches the URL string will be filtered"
::= { fwlDefinition 8 }
fwlUrlFilterEntry OBJECT-TYPE
SYNTAX FwlUrlFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The individual entry in the above table. "
INDEX { fwlUrlString }
::= { fwlUrlFilterTable 1 }
FwlUrlFilterEntry ::=
SEQUENCE {
fwlUrlString
DisplayString,
fwlUrlHitCount
Counter32,
fwlUrlFilterRowStatus
RowStatus
}
fwlUrlString OBJECT-TYPE
SYNTAX DisplayString (SIZE(1..99))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The object specifies the URL string to be filtered"
::= { fwlUrlFilterEntry 1 }
fwlUrlHitCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of times this URL Filter is matched while processing
the packet"
::= { fwlUrlFilterEntry 2 }
fwlUrlFilterRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object allows entries to be created or deleted in this
table "
::= { fwlUrlFilterEntry 3 }
-- Firewall Statistics Group
-- Statistics group details about the general statistics of the packets
-- processed by the Firewall ( like packet rejected, inspected etc).
-- It also details the statistics about the packets
-- filtered per interface.
-- SCALAR_TABLE_BEGIN fwlStatistics 23
fwlStatInspectedPacketsCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of packets inspected by the Firewall
module. It includes the number of packets rejected and
accepted. "
::= { fwlStatistics 1 }
fwlStatTotalPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of packets dropped by the Firewall
module. This includes all fragmented packets, non-fragmented
packets, packets with IP Options, without IP options, etc. "
::= { fwlStatistics 2 }
fwlStatTotalPacketsAccepted OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of packets accepted by the Firewall
module. This includes all fragmented packets, non-fragmented
packets, packets with IP Options and packets without
IP options, etc. "
::= { fwlStatistics 3 }
fwlStatTotalIcmpPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of ICMP packets rejected by the Firewall
module. "
::= { fwlStatistics 4 }
fwlStatTotalSynPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of SYN packets denied over the external interfaces."
::= { fwlStatistics 5 }
fwlStatTotalIpSpoofedPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of packets rejected by the Firewall due to IP
Spoofing attack on the external interfaces. "
::= { fwlStatistics 6 }
fwlStatTotalSrcRoutePacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of packets rejected by the Firewall due to Source
Routing attack on the external interfaces. "
::= { fwlStatistics 7 }
fwlStatTotalTinyFragmentPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of packets rejected by the Firewall due to Tiny
Fragment attack on the external interfaces. "
::= { fwlStatistics 8 }
fwlStatTotalFragmentedPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of fragmented packets rejected by Firewall. "
::= { fwlStatistics 9 }
fwlStatTotalLargeFragmentPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of packets rejected by Firewall due to large
fragment attack on the external interface. "
::= { fwlStatistics 10 }
fwlStatTotalIpOptionPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of packets with IP options (source routing,
record routing, timestamp) rejected by the Firewall. "
::= { fwlStatistics 11 }
fwlStatTotalAttacksPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of packets rejected by firewall due to
suspicious attacks."
::= { fwlStatistics 12 }
fwlStatMemoryAllocationFailCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of times dynamic memory allocation failure
(malloc) has occurred. "
::= { fwlStatistics 13 }
fwlStatIPv6InspectedPacketsCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of IPv6 packets inspected by the Firewall
module. It includes the number of packets rejected and
accepted. "
::= { fwlStatistics 14 }
fwlStatIPv6TotalPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of IPv6 packets dropped by the Firewall
module."
::= { fwlStatistics 15 }
fwlStatIPv6TotalPacketsAccepted OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of IPv6 packets accepted by the Firewall
module."
::= { fwlStatistics 16 }
fwlStatIPv6TotalIcmpPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of ICMPv6 packets rejected by the Firewall
module. "
::= { fwlStatistics 17 }
fwlStatIPv6TotalSpoofedPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of IPv6 packets rejected by the Firewall due to IP
Spoofing attack on the external interfaces. "
::= { fwlStatistics 18 }
fwlStatIPv6TotalAttacksPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of IPv6 packets rejected by firewall due to
suspicious attacks."
::= { fwlStatistics 19 }
-- SCALAR_TABLE_END
-- Firewall State Table
-- This table gives information about the number of state entries
-- corresponding to the stateful table, partial Entry table and Init Flow
-- table.
fwlStateTable OBJECT-TYPE
SYNTAX SEQUENCE OF FwlStateEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This table contains the entries maintained by Firewall
during state full inspection of the connections passing through
the DUT from LAN to WAN or WAN to LAN."
::= { fwlState 1 }
fwlStateEntry OBJECT-TYPE
SYNTAX FwlStateEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The individual entry in the above table. "
INDEX { fwlStateType,
fwlStateLocalIpAddrType,
fwlStateLocalIpAddress,
fwlStateRemoteIpAddrType,
fwlStateRemoteIpAddress,
fwlStateLocalPort,
fwlStateRemotePort,
fwlStateProtocol,
fwlStateDirection
}
::= { fwlStateTable 1 }
FwlStateEntry ::=
SEQUENCE {
fwlStateType INTEGER,
fwlStateLocalIpAddrType InetAddressType,
fwlStateLocalIpAddress OCTET STRING,
fwlStateRemoteIpAddrType InetAddressType,
fwlStateRemoteIpAddress OCTET STRING,
fwlStateLocalPort Integer32,
fwlStateRemotePort Integer32,
fwlStateProtocol Integer32,
fwlStateDirection INTEGER,
fwlStateEstablishedTime TimeStamp,
fwlStateLocalState INTEGER,
fwlStateRemoteState INTEGER,
fwlStateLogLevel INTEGER,
fwlStateCallStatus INTEGER
}
fwlStateType OBJECT-TYPE
SYNTAX INTEGER
{
stateful (1),
partialentry (2),
initflow (3)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This indicates the type of the the entry present in this
table. There can be state full entries or init flow entries
maintained for TCP connections or partial entries created
to create pin holes in firewall"
::= { fwlStateEntry 1 }
fwlStateLocalIpAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Address Family Identifier of the Local address"
::= { fwlStateEntry 2 }
fwlStateLocalIpAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..40))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The Local Ip Address of the session."
::= { fwlStateEntry 3 }
fwlStateRemoteIpAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Address Family Identifier of the remote address"
::= { fwlStateEntry 4 }
fwlStateRemoteIpAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..40))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The Remote Ip Address of the session."
::= { fwlStateEntry 5 }
fwlStateLocalPort OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object identifies the Local Port information of the session"
::= { fwlStateEntry 6 }
fwlStateRemotePort OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object identifies the remote Port information of the session"
::= { fwlStateEntry 7 }
fwlStateProtocol OBJECT-TYPE
SYNTAX Integer32 (1..255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The type of the protocol of the session."
::= { fwlStateEntry 8 }
fwlStateDirection OBJECT-TYPE
SYNTAX INTEGER {
in (1),
out (2)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The direction of the firewall state session."
::= { fwlStateEntry 9 }
fwlStateEstablishedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The time at which the firewall session has been established."
::= { fwlStateEntry 10 }
fwlStateLocalState OBJECT-TYPE
SYNTAX INTEGER {
new (1),
established (2),
related (3),
invalid (4),
listen (10),
synsent (11),
synrcvd (12),
synest (13),
finwait1 (14),
finwait2 (15),
closing (16),
timewait (17),
closewait (18),
lastack (19),
closed (20)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The state information of the local host. The states
new, established and related are used in stateful table.
The other states are used in TCP init flow table. The partial
entry table will not maintain the state of the entry so it
carries zero for partial entry table. The default value for
stateful table is new (1). The default value for init flow table
is listen (10)."
::= { fwlStateEntry 11 }
fwlStateRemoteState OBJECT-TYPE
SYNTAX INTEGER {
new (1),
established (2),
related (3),
invalid (4),
listen (10),
synsent (11),
synrcvd (12),
synest (13),
finwait1 (14),
finwait2 (15),
closing (16),
timewait (17),
closewait (18),
lastack (19),
closed (20)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The state information of the remote host. The states
new, established and related are used in stateful table.
The other states are used in TCP init flow table. The partial
entry table will not maitain the state of the entry so it
carries zero for partial entry table. The default value for
stateful table is new (1). The default value for init flow table
is listen (10)."
::= { fwlStateEntry 12 }
fwlStateLogLevel OBJECT-TYPE
SYNTAX INTEGER {
none (0),
brief (1),
detail (2),
must (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The logging details of the session.
Definition of Log level (0-3) with 3 being the highest level"
DEFVAL { brief }
::= { fwlStateEntry 13 }
fwlStateCallStatus OBJECT-TYPE
SYNTAX INTEGER {
nonsip (0),
hold (1),
unhold (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object is effective when SIP is enabled.
This indicates the status of the firewall session.
The values hold and unhold are effective only for SIP calls. "
DEFVAL { nonsip }
::= { fwlStateEntry 14 }
-- FIREWALL STATE TABLE END
-- Firewall Interface Statistics Table
-- This table gives information about the number of rules configured on
-- an interface, number of packets rejected, accepted on that
-- interface, etc.
fwlStatIfTable OBJECT-TYPE
SYNTAX SEQUENCE OF FwlStatIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This table is used to maintain the statistics of packets
per interface. "
::= { fwlStatistics 20 }
fwlStatIfEntry OBJECT-TYPE
SYNTAX FwlStatIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The individual entry in the above table . "
INDEX { fwlStatIfIfIndex }
::= { fwlStatIfTable 1 }
FwlStatIfEntry ::=
SEQUENCE {
fwlStatIfIfIndex
Integer32,
fwlStatIfFilterCount
Integer32,
fwlStatIfPacketsDenied
Counter32,
fwlStatIfPacketsAccepted
Counter32,
fwlStatIfSynPacketsDenied
Counter32,
fwlStatIfIcmpPacketsDenied
Counter32,
fwlStatIfIpSpoofedPacketsDenied
Counter32,
fwlStatIfSrcRoutePacketsDenied
Counter32,
fwlStatIfTinyFragmentPacketsDenied
Counter32,
fwlStatIfFragmentPacketsDenied
Counter32,
fwlStatIfIpOptionPacketsDenied
Counter32,
fwlStatIfClear
TruthValue,
fwlIfTrapThreshold
Integer32,
fwlStatIfIPv6PacketsDenied
Counter32,
fwlStatIfIPv6PacketsAccepted
Counter32,
fwlStatIfIPv6IcmpPacketsDenied
Counter32,
fwlStatIfIPv6SpoofedPacketsDenied
Counter32,
fwlStatIfClearIPv6
TruthValue
}
fwlStatIfIfIndex OBJECT-TYPE
SYNTAX Integer32 (1..1000)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The interface number that uniquely identifies an entry in
this table. The value ranges from 1 to 1000."
::= { fwlStatIfEntry 1 }
fwlStatIfFilterCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of filters configured on an interface. "
::= { fwlStatIfEntry 2 }
fwlStatIfPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of packets dropped by the Firewall on
a particular interface. This includes all fragmented packets,
non-fragmented packets, packets with IP Options and packets
without IP options, etc. "
::= { fwlStatIfEntry 3 }
fwlStatIfPacketsAccepted OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of packets accepted by the Firewall on
a particular interface. This includes all fragmented packets,
non-fragmented packets, packets with IP Options and packets
without IP options, etc. "
::= { fwlStatIfEntry 4 }
fwlStatIfSynPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of SYN packets denied on a particular interface. "
::= { fwlStatIfEntry 5 }
fwlStatIfIcmpPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of ICMP packets rejected by the Firewall
on a particular interface. "
::= { fwlStatIfEntry 6 }
fwlStatIfIpSpoofedPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of packets rejected by the Firewall on
a particular interface due to IP spoofing attack. "
::= { fwlStatIfEntry 7 }
fwlStatIfSrcRoutePacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of packets rejected by the Firewall on
a particular interface due to Source Routing attack. "
::= { fwlStatIfEntry 8 }
fwlStatIfTinyFragmentPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of packets rejected by the Firewall on
a particular interface due to Tiny Fragment attack. "
::= { fwlStatIfEntry 9 }
fwlStatIfFragmentPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of fragmented packets rejected by the Firewall
on a particular interface. "
::= { fwlStatIfEntry 10 }
fwlStatIfIpOptionPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of packets with IP options (source routing,
record routing, timestamp) rejected or dropped by the Firewall
on a particular interface. "
::= { fwlStatIfEntry 11 }
fwlStatIfClear OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This field is used to clear the statistics of packets
per interface. The default value is 'false'. When this object
is set to true , the statistics of packets per interface is
cleared and the value is reset to false. The get routine for
this object always returns 'false'."
DEFVAL { false }
::= { fwlStatIfEntry 12 }
fwlIfTrapThreshold OBJECT-TYPE
SYNTAX Integer32 (50..50000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This Object sets the Interface threshold value such that
traps will be generated when the number of packets denied
exceed the given threshold "
DEFVAL { 50 }
::= { fwlStatIfEntry 13 }
fwlStatIfIPv6PacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of IPv6 packets dropped by the Firewall on
a particular interface."
::= { fwlStatIfEntry 14 }
fwlStatIfIPv6PacketsAccepted OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of IPv6 packets accepted by the Firewall on
a particular interface."
::= { fwlStatIfEntry 15 }
fwlStatIfIPv6IcmpPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of ICMPv6 packets rejected by the Firewall
on a particular interface. "
::= { fwlStatIfEntry 16 }
fwlStatIfIPv6SpoofedPacketsDenied OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The number of IPv6 spoofed packets rejected by the Firewall on
a particular interface due to spoofing attack. "
::= { fwlStatIfEntry 17 }
fwlStatIfClearIPv6 OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This field is used to clear the statistics of IPv6
packets per interface.The default value is 'false'.
When this object is set to true , the statictics for IPv6
packets per interface is cleared and the value is reset to
false.The get routine for this object always returns 'false'."
DEFVAL { false }
::= { fwlStatIfEntry 18 }
-- fwlStatIfTable ends here
fwlStatClear OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This Object clears the global statistics. The default value
is 'false'. When this object is set to true , the global
statistics is cleared and the value is reset to false.
The get routine for this object always returns 'false'."
DEFVAL { false }
::= { fwlStatistics 21 }
fwlStatClearIPv6 OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object clears the global ipv6 statistics. The default
value is 'false'. When this object is set to true , the global
ipv6 statistics is cleared and the value is reset to false.
The get routine for this object always returns 'false'."
DEFVAL { false }
::= { fwlStatistics 22 }
fwlTrapThreshold OBJECT-TYPE
SYNTAX Integer32 (50..50000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This Object sets the global threshold value such that
traps will be generated when the number of packets denied
exceed the given threshold "
DEFVAL { 50 }
::= { fwlStatistics 23 }
-- Firewall Traps Group.
-- This group defines the different types of Traps used by the Firewall Module.
fwlTrapControl OBJECT IDENTIFIER ::= { fwlTraps 1 }
fwlTrapTypes OBJECT IDENTIFIER ::= { fwlTraps 0 }
-- Trap Controls
fwlTrapMemFailMessage OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" The string to display where the memory failure has occurred.
It may happen during allocation of Memory pool or when dynamic
allocation fails. This string is also used to display message
about the number of attacks occurred. "
::= { fwlTrapControl 1 }
fwlTrapAttackMessage OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This string is also used to display message about the number
of attacks occurred. "
::= { fwlTrapControl 2 }
fwlIfIndex OBJECT-TYPE
SYNTAX RowPointer
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"fwlIfIfIndex is of type not-accessible and it cannot be used
as object for notifications. So this object is defined to
use for notifications.The value of this object is same as
that of OID of fwlIfIfIndex appended with the interface
index in which the Threshold has exceeded."
::= { fwlTrapControl 3 }
fwlTrapEvent OBJECT-TYPE
SYNTAX INTEGER{
sizeexceeded(1),
sizethresholdhit(2)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"sizeexceeded - Firewall Log Size Exceeded.
sizethreshold hit - Firewall Log Size hit the threshold value."
::= { fwlTrapControl 4 }
fwlTrapEventTime OBJECT-TYPE
SYNTAX DisplayString(SIZE (24))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This object specifies the date and time at which fwlTrapEvent
was performed."
::= { fwlTrapControl 5 }
fwlTrapFileName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Firewall Log filename in the trap message."
::= { fwlTrapControl 6 }
fwlIdsTrapEvent OBJECT-TYPE
SYNTAX INTEGER{
sizeexceeded(1),
sizethresholdhit(2)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"sizeexceeded - Firewall Log Size Exceeded.
sizethreshold hit - Firewall Log Size hit the threshold value."
::= { fwlTrapControl 7 }
fwlIdsTrapEventTime OBJECT-TYPE
SYNTAX DisplayString(SIZE (24))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This object specifies the date and time at which fwlTrapEvent
was performed."
::= { fwlTrapControl 8 }
fwlIdsTrapFileName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Firewall Log filename in the trap message."
::= { fwlTrapControl 9 }
fwlIdsAttackPktIp OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This object specifies the IP address of the attack-packet identified
by IDS."
::= { fwlTrapControl 10 }
-- Trap Types
fwlTrapMemoryFailure NOTIFICATION-TYPE
OBJECTS { fwlTrapMemFailMessage }
STATUS current
DESCRIPTION
" Trap which is send for memory initialization failure or when
Dynamic Allocation fails. "
::= { fwlTrapTypes 1 }
fwlTrapAttackSummary NOTIFICATION-TYPE
OBJECTS { fwlTrapAttackMessage }
STATUS current
DESCRIPTION
" Trap which is send when the number of attacks exceeds
the limit value. The limit value is configurable."
::= { fwlTrapTypes 2 }
fwlTrapThresholdExceeded NOTIFICATION-TYPE
OBJECTS {
fwlIfIndex,
fwlStatIfPacketsDenied
}
STATUS current
DESCRIPTION
"This Object specifies the Interface index in which the number of
packets denied exceeds the threshold configured."
::= { fwlTrapTypes 3 }
fwlTrapMessage NOTIFICATION-TYPE
OBJECTS {
fwlTrapEvent,
fwlTrapEventTime,
fwlTrapFileName
}
STATUS current
DESCRIPTION
"This trap notifies the errors in Firewall Log file."
::= {fwlTrapTypes 4 }
fwlIdsTrapLogging NOTIFICATION-TYPE
OBJECTS {
fwlIdsTrapEvent,
fwlIdsTrapEventTime,
fwlIdsTrapFileName
}
STATUS current
DESCRIPTION
"This trap notifies the errors in IDS logging."
::= {fwlTrapTypes 5}
fwlIdsTrapAttackPktFromIds NOTIFICATION-TYPE
OBJECTS { fwlIdsAttackPktIp }
STATUS current
DESCRIPTION
"This trap notifies the attack packet identified in IDS."
::= {fwlTrapTypes 6}
-- BLACKLIST IP ADDRESS Table
-- This table is used to list the IP Addresses which have been blacklisted It
-- supports both IPv4 and IPv6 addresses.
fwlDefnBlkListTable OBJECT-TYPE
SYNTAX SEQUENCE OF FwlDefnBlkListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is a user configurable table. It is used for listing
the IP Addresses that are black listed. The traffic from or to
a blacklisted IP Address shall be dropped."
::= { fwlDefinition 9 }
fwlDefnBlkListEntry OBJECT-TYPE
SYNTAX FwlDefnBlkListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The individual entry in the above table."
INDEX {
fwlBlkListIpAddressType,
fwlBlkListIpAddress,
fwlBlkListIpMask
}
::= { fwlDefnBlkListTable 1 }
FwlDefnBlkListEntry ::=
SEQUENCE {
fwlBlkListIpAddressType
InetAddressType,
fwlBlkListIpAddress
InetAddress,
fwlBlkListIpMask
InetAddressPrefixLength,
fwlBlkListHitsCount
Counter32,
fwlBlkListEntryType
INTEGER,
fwlBlkListRowStatus
RowStatus
}
fwlBlkListIpAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The address type of fwlBlkListIpAddress (IPv4/Ipv6)"
::= { fwlDefnBlkListEntry 1 }
fwlBlkListIpAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The IP Address is to be listed as Blacklist."
::= { fwlDefnBlkListEntry 2 }
fwlBlkListIpMask OBJECT-TYPE
SYNTAX InetAddressPrefixLength
UNITS "bits"
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The IP Subnet mask for the IP address to be blacklisted."
::= { fwlDefnBlkListEntry 3 }
fwlBlkListHitsCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of times BlackList is matched while processing
the packet."
::= { fwlDefnBlkListEntry 4 }
fwlBlkListEntryType OBJECT-TYPE
SYNTAX INTEGER {
static(0),
dynamic(1)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object is used to display whether the entry is created
by administrator or the entry is created dynamically through
snort module.
static(0) - BlkListEntry is added by adminstrator.
dynamic(1) - BlkListEntry is added dynamically through
snort module."
::= { fwlDefnBlkListEntry 5 }
fwlBlkListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object allows entries to be created or deleted in this
Table. The row status values are CREATE_AND_GO and DESTROY"
::= { fwlDefnBlkListEntry 6 }
-- WHITELIST IP ADDRESS Table
-- This table is used to list the IP Addresses which have been listed as White
-- list. It supports both IPv4 and IPv6 address.
fwlDefnWhiteListTable OBJECT-TYPE
SYNTAX SEQUENCE OF FwlDefnWhiteListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This is a user configurable table. This table is used for
listing the IP Addresses that are to be listed as White list.
The traffic from or to the IP Address in this White list shall
be forwarded bypassing the firewall."
::= { fwlDefinition 10 }
fwlDefnWhiteListEntry OBJECT-TYPE
SYNTAX FwlDefnWhiteListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The individual entry in the above table."
INDEX {
fwlWhiteListIpAddressType,
fwlWhiteListIpAddress,
fwlWhiteListIpMask
}
::= { fwlDefnWhiteListTable 1 }
FwlDefnWhiteListEntry ::=
SEQUENCE {
fwlWhiteListIpAddressType
InetAddressType,
fwlWhiteListIpAddress
InetAddress,
fwlWhiteListIpMask
InetAddressPrefixLength,
fwlWhiteListHitsCount
Counter32,
fwlWhiteListRowStatus
RowStatus
}
fwlWhiteListIpAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The address type of fwlDefnWhiteListEntry (IPv4/Ipv6)"
::= { fwlDefnWhiteListEntry 1 }
fwlWhiteListIpAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The IP Address is to be listed as White List."
::= { fwlDefnWhiteListEntry 2 }
fwlWhiteListIpMask OBJECT-TYPE
SYNTAX InetAddressPrefixLength
UNITS "bits"
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The IP Subnet mask for the IP address to be added in White List."
::= { fwlDefnWhiteListEntry 3 }
fwlWhiteListHitsCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of times WhiteList is matched while processing
the packet."
::= { fwlDefnWhiteListEntry 4 }
fwlWhiteListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object allows entries to be created or deleted in this
Table. The row status values are CREATE_AND_GO and DESTROY."
::= { fwlDefnWhiteListEntry 5 }
-- IPv6 DMZ Table
-- This table is used to define the De-Militarized Zone for , where no restrictions
-- apply.
fwlDefnIPv6DmzTable OBJECT-TYPE
SYNTAX SEQUENCE OF FwlDefnIPv6DmzEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This table is used for defining the De-Militarized Zone (DMZ)for IPv6.
The host/hosts in this zone will have unrestricted access from the
public/external network (Internet)."
::= { fwlDefinition 11 }
fwlDefnIPv6DmzEntry OBJECT-TYPE
SYNTAX FwlDefnIPv6DmzEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The individual entry in the above table. "
INDEX { fwlDmzIpv6Index }
::= { fwlDefnIPv6DmzTable 1 }
FwlDefnIPv6DmzEntry ::=
SEQUENCE {
fwlDmzAddressType
InetAddressType,
fwlDmzIpv6Index
InetAddress,
fwlDmzIpv6RowStatus
RowStatus
}
fwlDmzAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The Address type of the ipv6 DMZ Host.
This object is limited to IPv6 addresses."
::= { fwlDefnIPv6DmzEntry 1 }
fwlDmzIpv6Index OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The IPv6 Address which the DMZ is to be configured."
::= { fwlDefnIPv6DmzEntry 2 }
fwlDmzIpv6RowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object allows entries to be created or deleted in this
table. "
::= { fwlDefnIPv6DmzEntry 3 }
-- Firewall Rate Table
-- This table gives information about the rate limiting entries
-- corresponding to Protocol Type TCP/UDP/ICMP and then rate values
-- table.
fwlRateLimitTable OBJECT-TYPE
SYNTAX SEQUENCE OF FwlRateLimitEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table gives information about the rate limiting entries
corresponding to Protocol Type TCP/UDP/ICMP and then rate values
applied on a particular interface, must be deleted first. "
::= { fwlRateLimit 1 }
fwlRateLimitEntry OBJECT-TYPE
SYNTAX FwlRateLimitEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The individual entry in the above table. "
INDEX { fwlRateLimitPortIndex }
::= { fwlRateLimitTable 1 }
FwlRateLimitEntry ::=
SEQUENCE {
fwlRateLimitPortIndex
Integer32 ,
fwlRateLimitPortNumber
Integer32 ,
fwlRateLimitPortType
INTEGER,
fwlRateLimitValue
Integer32,
fwlRateLimitBurstSize
Integer32,
fwlRateLimitTrafficMode
INTEGER,
fwlRateLimitRowStatus
RowStatus
}
fwlRateLimitPortIndex OBJECT-TYPE
SYNTAX Integer32 (0..100)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Configures interface Rate Limit (Packet that can be transferred
on a port at a particular second).
This object's value will take effect on the interface speed. Based
on the operating speed of the port, the rate limit will be applied.
This value can also be affected by the metering. A value of zero(0)
disable rate limiting i.e. sets the port to full speed."
::= {fwlRateLimitEntry 1}
fwlRateLimitPortNumber OBJECT-TYPE
SYNTAX Integer32 (0..1000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures the Port number for the protocol specified"
::= {fwlRateLimitEntry 2}
fwlRateLimitPortType OBJECT-TYPE
SYNTAX INTEGER {
tcp (1),
udp (2),
icmp (3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures the Protocol Type
TCP , UDP ,ICMP"
::= { fwlRateLimitEntry 3}
fwlRateLimitValue OBJECT-TYPE
SYNTAX Integer32 (0..80000000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures interface Rate Limit (Packet that can be transferred
on a port at a particular second).
This object's value will take effect on the interface speed. Based
on the operating speed of the port, the rate limit will be applied.
This value can also be affected by the metering. A value of zero(0)
disable rate limiting i.e. sets the port to full speed."
::= {fwlRateLimitEntry 4}
fwlRateLimitBurstSize OBJECT-TYPE
SYNTAX Integer32 (0..80000000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures interface Burst Pkt Rate. (Packet Burst that can be
transferred on a port at a particular second)
This object's value will take effect on the interface speed. Based
on the operating speed of the port, the burst size of the port
will be applied. This value can also be affected by the metering. A
value of zero(0) disable burst rate limiting i.e. sets the port burst
rate limit to full speed."
::= {fwlRateLimitEntry 5 }
fwlRateLimitTrafficMode OBJECT-TYPE
SYNTAX INTEGER {
pps (1),
kbps (2),
bps (3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures the Traffic mode
PPS , KBPS ,BPS"
::= { fwlRateLimitEntry 6}
fwlRateLimitRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object allows entries to be created or deleted in this
table. "
::= { fwlRateLimitEntry 7 }
-- Snork attack Table
-- This table gives information about the configured ports
-- for snork attack.
fwlSnorkTable OBJECT-TYPE
SYNTAX SEQUENCE OF FwlSnorkEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table gives information about the configured ports
for snork attack"
::= { fwlSnork 1 }
fwlSnorkEntry OBJECT-TYPE
SYNTAX FwlSnorkEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The individual entry in the above table. "
INDEX { fwlSnorkPortNo }
::= { fwlSnorkTable 1 }
FwlSnorkEntry ::=
SEQUENCE {
fwlSnorkPortNo
Integer32 ,
fwlSnorkRowStatus
RowStatus
}
fwlSnorkPortNo OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This mib holds the value of the port for which Snork
is configured"
::= {fwlSnorkEntry 1}
fwlSnorkRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object allows entries to be created or deleted in this
table. "
::= { fwlSnorkEntry 2 }
-- uRPF Table
-- This table gives information about the configured ports
-- for uRPF .
fwlRpfTable OBJECT-TYPE
SYNTAX SEQUENCE OF FwlRpfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table gives information about the configured ports
for uRPF attack"
::= { fwlRpf 1 }
fwlRpfEntry OBJECT-TYPE
SYNTAX FwlRpfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" The individual entry in the above table. "
INDEX { fwlRpfInIndex }
::= { fwlRpfTable 1 }
FwlRpfEntry ::=
SEQUENCE {
fwlRpfInIndex
Integer32 ,
fwlRpfMode
INTEGER ,
fwlRpfRowStatus
RowStatus
}
fwlRpfInIndex OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" This mib holds the value of the port interface index for which RPF
is configured"
::= {fwlRpfEntry 1}
fwlRpfMode OBJECT-TYPE
SYNTAX INTEGER {
disable(0),
loose(1),
strict(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This mib holds the value of the uRPF mode either strict or loose
The default value is 'disable'(0). "
DEFVAL { disable }
::= { fwlRpfEntry 2 }
fwlRpfRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" This object allows entries to be created or deleted in this
table. "
::= { fwlRpfEntry 3 }
END
View Git Blame Copy Permalink