508 lines
18 KiB
Plaintext
508 lines
18 KiB
Plaintext
-- *****************************************************************
|
|
-- FS-SECZONE-MIB.mib: FS security zone MIB file
|
|
--
|
|
-- March 2009, rendh
|
|
--
|
|
-- Copyright (c) 2009 by FS.COM Inc..
|
|
-- All rights reserved.
|
|
--
|
|
-- *****************************************************************
|
|
--
|
|
FS-SECZONE-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
NOTIFICATION-TYPE,
|
|
IpAddress,
|
|
Integer32
|
|
FROM SNMPv2-SMI
|
|
DisplayString,
|
|
RowStatus
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP,
|
|
NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
ConfigStatus
|
|
FROM FS-TC
|
|
fsMgmt
|
|
FROM FS-SMI;
|
|
|
|
fsSecZoneMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200908110000Z"
|
|
ORGANIZATION "FS.COM Inc.."
|
|
CONTACT-INFO
|
|
"
|
|
Tel: 400-865-2852
|
|
|
|
E-mail: https://www.fs.com/live_chat_service_mail.html"
|
|
DESCRIPTION
|
|
"This module defines my Security Zone mibs."
|
|
REVISION "200908110000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { fsMgmt 54}
|
|
|
|
fsSecZoneMIBObjects OBJECT IDENTIFIER ::= { fsSecZoneMIB 1 }
|
|
|
|
|
|
-- *****************************************************************************************
|
|
-- define Security Zone chain
|
|
-- *****************************************************************************************
|
|
fsSecZoneChainTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FSSecZoneChainEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of Security Zone Chain entries."
|
|
::= { fsSecZoneMIBObjects 1 }
|
|
|
|
fsSecZoneChainEntry OBJECT-TYPE
|
|
SYNTAX FSSecZoneChainEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry contains chain name and level."
|
|
INDEX { fsSecZoneChainName }
|
|
::= { fsSecZoneChainTable 1 }
|
|
|
|
FSSecZoneChainEntry ::=
|
|
SEQUENCE {
|
|
fsSecZoneChainName DisplayString,
|
|
fsSecZoneLevel INTEGER,
|
|
fsSecZoneAclName DisplayString,
|
|
fsSecZoneViolationNotifyThresh INTEGER,
|
|
fsSecZoneViolationNotifyAction INTEGER,
|
|
fsSecZoneViolationBlockThresh INTEGER,
|
|
fsSecZoneViolationBlockAction INTEGER,
|
|
fsSecZoneViolationBlockTimeout INTEGER,
|
|
fsSecZoneChainEntryStatus RowStatus
|
|
}
|
|
|
|
fsSecZoneChainName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (1..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"security zone chain name of this entry.This value is unique for every entry
|
|
When this string be used as an index,Value of a sub-identifier equal
|
|
ASCII value of corresponding character(first sub-identifier corresponds
|
|
first character of string). The number of sub-identifiers of this string
|
|
must be 32,If length of string is less than 32 the sub-identifier(0x0)
|
|
will be filled in tail."
|
|
::= { fsSecZoneChainEntry 1 }
|
|
|
|
fsSecZoneLevel OBJECT-TYPE
|
|
SYNTAX INTEGER(0..100)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
" Config level of this Seczone"
|
|
::= { fsSecZoneChainEntry 2 }
|
|
|
|
fsSecZoneAclName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (1..32))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Access list name of security zone belong to.
|
|
When this string be used as an index,Value of a sub-identifier equal
|
|
ASCII value of corresponding character(first sub-identifier corresponds
|
|
first character of string). The number of sub-identifiers of this string
|
|
must be 32,If length of string is less than 32 the sub-identifier(0x0)
|
|
will be filled in tail."
|
|
::= { fsSecZoneChainEntry 3 }
|
|
|
|
fsSecZoneViolationNotifyThresh OBJECT-TYPE
|
|
SYNTAX INTEGER(0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Threshold of security zone access violation . value 0 means no notify."
|
|
::= {fsSecZoneChainEntry 4 }
|
|
|
|
fsSecZoneViolationNotifyAction OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
log(1),
|
|
trap(2),
|
|
logtrap(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action of security zone access violation Notify:log (1), trap (2) , log and trap(3)."
|
|
::= {fsSecZoneChainEntry 5 }
|
|
|
|
fsSecZoneViolationBlockThresh OBJECT-TYPE
|
|
SYNTAX INTEGER(0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Threshold of security zone access violation Blocking. value 0 means no block."
|
|
::= {fsSecZoneChainEntry 6 }
|
|
|
|
fsSecZoneViolationBlockAction OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
globalblock (1),
|
|
zoneblock(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action of security zone access violation Blocking:globalblock(1),zoneblock(2) ."
|
|
::= {fsSecZoneChainEntry 7 }
|
|
|
|
fsSecZoneViolationBlockTimeout OBJECT-TYPE
|
|
SYNTAX INTEGER (0..3600)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Timeout of security zone access violation Blocking . value 0 means block permanently"
|
|
::= {fsSecZoneChainEntry 8 }
|
|
|
|
fsSecZoneChainEntryStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this entry, set its value to invalid will delete this entry.
|
|
set its value to valid has no effect."
|
|
::= { fsSecZoneChainEntry 9 }
|
|
|
|
-- *****************************************************************************************
|
|
-- define zone to zone policy
|
|
-- *****************************************************************************************
|
|
|
|
|
|
fsSecZone2ZoneTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FSSecZone2ZoneEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of Two Security Zone entries."
|
|
::= { fsSecZoneMIBObjects 2 }
|
|
|
|
fsSecZone2ZoneEntry OBJECT-TYPE
|
|
SYNTAX FSSecZone2ZoneEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry contains policy from one Zone to another Zone ."
|
|
INDEX { fsZoneFirstName ,fsZoneSecondName,fsZone2ZoneAclName }
|
|
::= { fsSecZone2ZoneTable 1 }
|
|
|
|
FSSecZone2ZoneEntry ::=
|
|
SEQUENCE {
|
|
fsZoneFirstName DisplayString,
|
|
fsZoneSecondName DisplayString,
|
|
fsZone2ZoneAclName DisplayString,
|
|
fsZone2ZoneEntryStauts RowStatus
|
|
}
|
|
|
|
fsZoneFirstName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (1..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"First zone name of this entry.This value is unique for every entry
|
|
When this string be used as an index,Value of a sub-identifier equal
|
|
ASCII value of corresponding character(first sub-identifier corresponds
|
|
first character of string). The number of sub-identifiers of this string
|
|
must be 32,If length of string is less than 32 the sub-identifier(0x0)
|
|
will be filled in tail."
|
|
::= { fsSecZone2ZoneEntry 1 }
|
|
|
|
fsZoneSecondName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (1..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Second zone name of this entry.This value is unique for every entry
|
|
When this string be used as an index,Value of a sub-identifier equal
|
|
ASCII value of corresponding character(first sub-identifier corresponds
|
|
first character of string). The number of sub-identifiers of this string
|
|
must be 32,If length of string is less than 32 the sub-identifier(0x0)
|
|
will be filled in tail."
|
|
::= { fsSecZone2ZoneEntry 2 }
|
|
|
|
fsZone2ZoneAclName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (1..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Key chain name of this entry.This value is unique for every entry
|
|
When this string be used as an index,Value of a sub-identifier equal
|
|
ASCII value of corresponding character(first sub-identifier corresponds
|
|
first character of string). The number of sub-identifiers of this string
|
|
must be 32,If length of string is less than 32 the sub-identifier(0x0)
|
|
will be filled in tail."
|
|
::= { fsSecZone2ZoneEntry 3 }
|
|
|
|
fsZone2ZoneEntryStauts OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"entry status for this list."
|
|
::= { fsSecZone2ZoneEntry 4 }
|
|
|
|
-- *****************************************************************************************
|
|
-- blocking ip table
|
|
-- *****************************************************************************************
|
|
|
|
fsSecZoneBlockingTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FSSecZoneBlockingEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of IP blocking entries."
|
|
::= { fsSecZoneMIBObjects 3 }
|
|
|
|
fsSecZoneBlockingEntry OBJECT-TYPE
|
|
SYNTAX FSSecZoneBlockingEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry contains blocking IP .value 0 mean all block IP for deleting all blocking IP"
|
|
INDEX { fsBockingIP }
|
|
::= { fsSecZoneBlockingTable 1 }
|
|
|
|
FSSecZoneBlockingEntry ::=
|
|
SEQUENCE {
|
|
fsBockingIP IpAddress ,
|
|
fsBockingCurrentStatus INTEGER ,
|
|
fsBockingTryAccessZoneName DisplayString,
|
|
fsBockingEntryStatus ConfigStatus
|
|
}
|
|
|
|
fsBockingIP OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ip address of Blocking table. "
|
|
::= { fsSecZoneBlockingEntry 1 }
|
|
|
|
fsBockingCurrentStatus OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
globalblock (1),
|
|
zoneblock(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"status of security zone access violation Blocking:globalblock(1),zoneblock(2)."
|
|
::= { fsSecZoneBlockingEntry 2 }
|
|
|
|
fsBockingTryAccessZoneName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (0..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Try access Zone name of blocking IP.It indicate that
|
|
this doesn't match any Zone if this string is null"
|
|
::= { fsSecZoneBlockingEntry 3 }
|
|
|
|
fsBockingEntryStatus OBJECT-TYPE
|
|
SYNTAX ConfigStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this entry, set its value to invalid (2)will delete this entry.
|
|
set its value to valid(1)has no effect."
|
|
::= { fsSecZoneBlockingEntry 4 }
|
|
|
|
-- *****************************************************************************************
|
|
-- define Global Violation policy parameter
|
|
-- *****************************************************************************************
|
|
|
|
|
|
fsGlobalViolationNotifyThresh OBJECT-TYPE
|
|
SYNTAX INTEGER(0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Threshold of Global parameter access violation . value 0 means no notify."
|
|
::= { fsSecZoneMIBObjects 4 }
|
|
|
|
fsGlobalViolationNotifyAction OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
log(1),
|
|
trap(2),
|
|
logtrap(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action of Global parameter access violation Notify:log (1), trap (2) , log and trap(3)."
|
|
::= { fsSecZoneMIBObjects 5 }
|
|
|
|
fsGlobalViolationBlockThresh OBJECT-TYPE
|
|
SYNTAX INTEGER(0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Threshold of Global parameter access violation Blocking. value 0 means no block."
|
|
::= {fsSecZoneMIBObjects 6 }
|
|
|
|
fsGlobalViolationBlockAction OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
globalblock (1),
|
|
zoneblock(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action of Global parameter access violation Blocking:globalblock(1),zoneblock(2) ."
|
|
::= {fsSecZoneMIBObjects 7 }
|
|
|
|
fsGlobalViolationBlockTimeout OBJECT-TYPE
|
|
SYNTAX INTEGER (0..3600)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Timeout of Global parameter access violation Blocking . value 0 means block permanently"
|
|
::= {fsSecZoneMIBObjects 8 }
|
|
|
|
|
|
-- *****************************************************************************************
|
|
-- trap define
|
|
-- *****************************************************************************************
|
|
|
|
fsSecZoneMIBTraps OBJECT IDENTIFIER ::= { fsSecZoneMIB 2 }
|
|
|
|
violationTime OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time of packet violation. Used by trap."
|
|
::= { fsSecZoneMIBObjects 9 }
|
|
|
|
violationSrcIP OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source IP address of packet violation. Used by trap."
|
|
::= { fsSecZoneMIBObjects 10 }
|
|
|
|
violationDestIP OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The dest IP address of packet violation. Used by trap."
|
|
::= { fsSecZoneMIBObjects 11 }
|
|
|
|
violationProtocol OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol of packet violation. Used by trap."
|
|
::= { fsSecZoneMIBObjects 12 }
|
|
|
|
violationL4Key OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The tcp/udp port or icmp type&code of packet violation. Used by trap."
|
|
::= { fsSecZoneMIBObjects 13 }
|
|
|
|
fsSecZoneViolationTrap NOTIFICATION-TYPE
|
|
OBJECTS { violationTime,
|
|
violationSrcIP,
|
|
violationDestIP,
|
|
violationProtocol,
|
|
violationL4Key,
|
|
fsZoneFirstName,
|
|
fsZoneSecondName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security zone access Violation trap."
|
|
::= { fsSecZoneMIBTraps 1 }
|
|
|
|
-- *****************************************************************************************
|
|
|
|
|
|
fsSecZoneMIBConformance OBJECT IDENTIFIER ::= { fsSecZoneMIB 3 }
|
|
fsSecZoneMIBCompliances OBJECT IDENTIFIER ::= { fsSecZoneMIBConformance 1 }
|
|
fsSecZoneMIBGroups OBJECT IDENTIFIER ::= { fsSecZoneMIBConformance 2 }
|
|
|
|
|
|
-- compliance statements
|
|
|
|
fsSecZoneMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement
|
|
the FS SecZone MIB"
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
fsSecZoneMIBGroup,
|
|
fsSecZoneNotifObjectsGroup,
|
|
fsSecZoneNotificationsGroup
|
|
}
|
|
|
|
::= { fsSecZoneMIBCompliances 1 }
|
|
|
|
-- units of conformance
|
|
|
|
fsSecZoneMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
fsSecZoneChainName,
|
|
fsSecZoneLevel,
|
|
fsSecZoneAclName,
|
|
fsSecZoneViolationNotifyThresh,
|
|
fsSecZoneViolationNotifyAction,
|
|
fsSecZoneViolationBlockThresh,
|
|
fsSecZoneViolationBlockAction,
|
|
fsSecZoneViolationBlockTimeout,
|
|
fsSecZoneChainEntryStatus,
|
|
fsZoneFirstName,
|
|
fsZoneSecondName,
|
|
fsZone2ZoneAclName,
|
|
fsZone2ZoneEntryStauts,
|
|
fsBockingIP,
|
|
fsBockingCurrentStatus,
|
|
fsBockingTryAccessZoneName,
|
|
fsBockingEntryStatus,
|
|
fsGlobalViolationNotifyThresh,
|
|
fsGlobalViolationNotifyAction,
|
|
fsGlobalViolationBlockThresh,
|
|
fsGlobalViolationBlockAction,
|
|
fsGlobalViolationBlockTimeout
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing seczone managment."
|
|
::= { fsSecZoneMIBGroups 1 }
|
|
|
|
fsSecZoneNotifObjectsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
violationTime,
|
|
violationSrcIP,
|
|
violationDestIP,
|
|
violationProtocol,
|
|
violationL4Key
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that specify information for
|
|
TRIP notifications."
|
|
::= { fsSecZoneMIBGroups 2 }
|
|
|
|
fsSecZoneNotificationsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
fsSecZoneViolationTrap
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of security zone access Violation traps."
|
|
::= { fsSecZoneMIBGroups 3 }
|
|
END
|