508 lines
18 KiB
Plaintext
508 lines
18 KiB
Plaintext
-- *****************************************************************
|
|
-- QTECH-SECZONE-MIB.mib: Qtech security zone MIB file
|
|
--
|
|
-- March 2009, rendh
|
|
--
|
|
-- Copyright (c) 2009 by Qtech Networks Co.,Ltd.
|
|
-- All rights reserved.
|
|
--
|
|
-- *****************************************************************
|
|
--
|
|
QTECH-SECZONE-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
NOTIFICATION-TYPE,
|
|
IpAddress,
|
|
Integer32
|
|
FROM SNMPv2-SMI
|
|
DisplayString,
|
|
RowStatus
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP,
|
|
NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
ConfigStatus
|
|
FROM QTECH-TC
|
|
qtechMgmt
|
|
FROM QTECH-SMI;
|
|
|
|
qtechSecZoneMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200908110000Z"
|
|
ORGANIZATION "Qtech Networks Co.,Ltd."
|
|
CONTACT-INFO
|
|
"
|
|
Tel: 4008-111-000
|
|
|
|
E-mail: service@qtech.com.cn"
|
|
DESCRIPTION
|
|
"This module defines my Security Zone mibs."
|
|
REVISION "200908110000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { qtechMgmt 54}
|
|
|
|
qtechSecZoneMIBObjects OBJECT IDENTIFIER ::= { qtechSecZoneMIB 1 }
|
|
|
|
|
|
-- *****************************************************************************************
|
|
-- define Security Zone chain
|
|
-- *****************************************************************************************
|
|
qtechSecZoneChainTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF QtechSecZoneChainEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of Security Zone Chain entries."
|
|
::= { qtechSecZoneMIBObjects 1 }
|
|
|
|
qtechSecZoneChainEntry OBJECT-TYPE
|
|
SYNTAX QtechSecZoneChainEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry contains chain name and level."
|
|
INDEX { qtechSecZoneChainName }
|
|
::= { qtechSecZoneChainTable 1 }
|
|
|
|
QtechSecZoneChainEntry ::=
|
|
SEQUENCE {
|
|
qtechSecZoneChainName DisplayString,
|
|
qtechSecZoneLevel INTEGER,
|
|
qtechSecZoneAclName DisplayString,
|
|
qtechSecZoneViolationNotifyThresh INTEGER,
|
|
qtechSecZoneViolationNotifyAction INTEGER,
|
|
qtechSecZoneViolationBlockThresh INTEGER,
|
|
qtechSecZoneViolationBlockAction INTEGER,
|
|
qtechSecZoneViolationBlockTimeout INTEGER,
|
|
qtechSecZoneChainEntryStatus RowStatus
|
|
}
|
|
|
|
qtechSecZoneChainName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (1..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"security zone chain name of this entry.This value is unique for every entry
|
|
When this string be used as an index,Value of a sub-identifier equal
|
|
ASCII value of corresponding character(first sub-identifier corresponds
|
|
first character of string). The number of sub-identifiers of this string
|
|
must be 32,If length of string is less than 32 the sub-identifier(0x0)
|
|
will be filled in tail."
|
|
::= { qtechSecZoneChainEntry 1 }
|
|
|
|
qtechSecZoneLevel OBJECT-TYPE
|
|
SYNTAX INTEGER(0..100)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
" Config level of this Seczone"
|
|
::= { qtechSecZoneChainEntry 2 }
|
|
|
|
qtechSecZoneAclName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (1..32))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Access list name of security zone belong to.
|
|
When this string be used as an index,Value of a sub-identifier equal
|
|
ASCII value of corresponding character(first sub-identifier corresponds
|
|
first character of string). The number of sub-identifiers of this string
|
|
must be 32,If length of string is less than 32 the sub-identifier(0x0)
|
|
will be filled in tail."
|
|
::= { qtechSecZoneChainEntry 3 }
|
|
|
|
qtechSecZoneViolationNotifyThresh OBJECT-TYPE
|
|
SYNTAX INTEGER(0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Threshold of security zone access violation . value 0 means no notify."
|
|
::= {qtechSecZoneChainEntry 4 }
|
|
|
|
qtechSecZoneViolationNotifyAction OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
log(1),
|
|
trap(2),
|
|
logtrap(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action of security zone access violation Notify:log (1), trap (2) , log and trap(3)."
|
|
::= {qtechSecZoneChainEntry 5 }
|
|
|
|
qtechSecZoneViolationBlockThresh OBJECT-TYPE
|
|
SYNTAX INTEGER(0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Threshold of security zone access violation Blocking. value 0 means no block."
|
|
::= {qtechSecZoneChainEntry 6 }
|
|
|
|
qtechSecZoneViolationBlockAction OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
globalblock (1),
|
|
zoneblock(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action of security zone access violation Blocking:globalblock(1),zoneblock(2) ."
|
|
::= {qtechSecZoneChainEntry 7 }
|
|
|
|
qtechSecZoneViolationBlockTimeout OBJECT-TYPE
|
|
SYNTAX INTEGER (0..3600)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Timeout of security zone access violation Blocking . value 0 means block permanently"
|
|
::= {qtechSecZoneChainEntry 8 }
|
|
|
|
qtechSecZoneChainEntryStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this entry, set its value to invalid will delete this entry.
|
|
set its value to valid has no effect."
|
|
::= { qtechSecZoneChainEntry 9 }
|
|
|
|
-- *****************************************************************************************
|
|
-- define zone to zone policy
|
|
-- *****************************************************************************************
|
|
|
|
|
|
qtechSecZone2ZoneTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF QtechSecZone2ZoneEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of Two Security Zone entries."
|
|
::= { qtechSecZoneMIBObjects 2 }
|
|
|
|
qtechSecZone2ZoneEntry OBJECT-TYPE
|
|
SYNTAX QtechSecZone2ZoneEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry contains policy from one Zone to another Zone ."
|
|
INDEX { qtechZoneFirstName ,qtechZoneSecondName,qtechZone2ZoneAclName }
|
|
::= { qtechSecZone2ZoneTable 1 }
|
|
|
|
QtechSecZone2ZoneEntry ::=
|
|
SEQUENCE {
|
|
qtechZoneFirstName DisplayString,
|
|
qtechZoneSecondName DisplayString,
|
|
qtechZone2ZoneAclName DisplayString,
|
|
qtechZone2ZoneEntryStauts RowStatus
|
|
}
|
|
|
|
qtechZoneFirstName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (1..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"First zone name of this entry.This value is unique for every entry
|
|
When this string be used as an index,Value of a sub-identifier equal
|
|
ASCII value of corresponding character(first sub-identifier corresponds
|
|
first character of string). The number of sub-identifiers of this string
|
|
must be 32,If length of string is less than 32 the sub-identifier(0x0)
|
|
will be filled in tail."
|
|
::= { qtechSecZone2ZoneEntry 1 }
|
|
|
|
qtechZoneSecondName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (1..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Second zone name of this entry.This value is unique for every entry
|
|
When this string be used as an index,Value of a sub-identifier equal
|
|
ASCII value of corresponding character(first sub-identifier corresponds
|
|
first character of string). The number of sub-identifiers of this string
|
|
must be 32,If length of string is less than 32 the sub-identifier(0x0)
|
|
will be filled in tail."
|
|
::= { qtechSecZone2ZoneEntry 2 }
|
|
|
|
qtechZone2ZoneAclName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (1..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Key chain name of this entry.This value is unique for every entry
|
|
When this string be used as an index,Value of a sub-identifier equal
|
|
ASCII value of corresponding character(first sub-identifier corresponds
|
|
first character of string). The number of sub-identifiers of this string
|
|
must be 32,If length of string is less than 32 the sub-identifier(0x0)
|
|
will be filled in tail."
|
|
::= { qtechSecZone2ZoneEntry 3 }
|
|
|
|
qtechZone2ZoneEntryStauts OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"entry status for this list."
|
|
::= { qtechSecZone2ZoneEntry 4 }
|
|
|
|
-- *****************************************************************************************
|
|
-- blocking ip table
|
|
-- *****************************************************************************************
|
|
|
|
qtechSecZoneBlockingTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF QtechSecZoneBlockingEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of IP blocking entries."
|
|
::= { qtechSecZoneMIBObjects 3 }
|
|
|
|
qtechSecZoneBlockingEntry OBJECT-TYPE
|
|
SYNTAX QtechSecZoneBlockingEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry contains blocking IP .value 0 mean all block IP for deleting all blocking IP"
|
|
INDEX { qtechBockingIP }
|
|
::= { qtechSecZoneBlockingTable 1 }
|
|
|
|
QtechSecZoneBlockingEntry ::=
|
|
SEQUENCE {
|
|
qtechBockingIP IpAddress ,
|
|
qtechBockingCurrentStatus INTEGER ,
|
|
qtechBockingTryAccessZoneName DisplayString,
|
|
qtechBockingEntryStatus ConfigStatus
|
|
}
|
|
|
|
qtechBockingIP OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ip address of Blocking table. "
|
|
::= { qtechSecZoneBlockingEntry 1 }
|
|
|
|
qtechBockingCurrentStatus OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
globalblock (1),
|
|
zoneblock(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"status of security zone access violation Blocking:globalblock(1),zoneblock(2)."
|
|
::= { qtechSecZoneBlockingEntry 2 }
|
|
|
|
qtechBockingTryAccessZoneName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (0..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Try access Zone name of blocking IP.It indicate that
|
|
this doesn't match any Zone if this string is null"
|
|
::= { qtechSecZoneBlockingEntry 3 }
|
|
|
|
qtechBockingEntryStatus OBJECT-TYPE
|
|
SYNTAX ConfigStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this entry, set its value to invalid (2)will delete this entry.
|
|
set its value to valid(1)has no effect."
|
|
::= { qtechSecZoneBlockingEntry 4 }
|
|
|
|
-- *****************************************************************************************
|
|
-- define Global Violation policy parameter
|
|
-- *****************************************************************************************
|
|
|
|
|
|
qtechGlobalViolationNotifyThresh OBJECT-TYPE
|
|
SYNTAX INTEGER(0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Threshold of Global parameter access violation . value 0 means no notify."
|
|
::= { qtechSecZoneMIBObjects 4 }
|
|
|
|
qtechGlobalViolationNotifyAction OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
log(1),
|
|
trap(2),
|
|
logtrap(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action of Global parameter access violation Notify:log (1), trap (2) , log and trap(3)."
|
|
::= { qtechSecZoneMIBObjects 5 }
|
|
|
|
qtechGlobalViolationBlockThresh OBJECT-TYPE
|
|
SYNTAX INTEGER(0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Threshold of Global parameter access violation Blocking. value 0 means no block."
|
|
::= {qtechSecZoneMIBObjects 6 }
|
|
|
|
qtechGlobalViolationBlockAction OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
globalblock (1),
|
|
zoneblock(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action of Global parameter access violation Blocking:globalblock(1),zoneblock(2) ."
|
|
::= {qtechSecZoneMIBObjects 7 }
|
|
|
|
qtechGlobalViolationBlockTimeout OBJECT-TYPE
|
|
SYNTAX INTEGER (0..3600)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Timeout of Global parameter access violation Blocking . value 0 means block permanently"
|
|
::= {qtechSecZoneMIBObjects 8 }
|
|
|
|
|
|
-- *****************************************************************************************
|
|
-- trap define
|
|
-- *****************************************************************************************
|
|
|
|
qtechSecZoneMIBTraps OBJECT IDENTIFIER ::= { qtechSecZoneMIB 2 }
|
|
|
|
violationTime OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time of packet violation. Used by trap."
|
|
::= { qtechSecZoneMIBObjects 9 }
|
|
|
|
violationSrcIP OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source IP address of packet violation. Used by trap."
|
|
::= { qtechSecZoneMIBObjects 10 }
|
|
|
|
violationDestIP OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The dest IP address of packet violation. Used by trap."
|
|
::= { qtechSecZoneMIBObjects 11 }
|
|
|
|
violationProtocol OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol of packet violation. Used by trap."
|
|
::= { qtechSecZoneMIBObjects 12 }
|
|
|
|
violationL4Key OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The tcp/udp port or icmp type&code of packet violation. Used by trap."
|
|
::= { qtechSecZoneMIBObjects 13 }
|
|
|
|
qtechSecZoneViolationTrap NOTIFICATION-TYPE
|
|
OBJECTS { violationTime,
|
|
violationSrcIP,
|
|
violationDestIP,
|
|
violationProtocol,
|
|
violationL4Key,
|
|
qtechZoneFirstName,
|
|
qtechZoneSecondName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security zone access Violation trap."
|
|
::= { qtechSecZoneMIBTraps 1 }
|
|
|
|
-- *****************************************************************************************
|
|
|
|
|
|
qtechSecZoneMIBConformance OBJECT IDENTIFIER ::= { qtechSecZoneMIB 3 }
|
|
qtechSecZoneMIBCompliances OBJECT IDENTIFIER ::= { qtechSecZoneMIBConformance 1 }
|
|
qtechSecZoneMIBGroups OBJECT IDENTIFIER ::= { qtechSecZoneMIBConformance 2 }
|
|
|
|
|
|
-- compliance statements
|
|
|
|
qtechSecZoneMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement
|
|
the Qtech SecZone MIB"
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
qtechSecZoneMIBGroup,
|
|
qtechSecZoneNotifObjectsGroup,
|
|
qtechSecZoneNotificationsGroup
|
|
}
|
|
|
|
::= { qtechSecZoneMIBCompliances 1 }
|
|
|
|
-- units of conformance
|
|
|
|
qtechSecZoneMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
qtechSecZoneChainName,
|
|
qtechSecZoneLevel,
|
|
qtechSecZoneAclName,
|
|
qtechSecZoneViolationNotifyThresh,
|
|
qtechSecZoneViolationNotifyAction,
|
|
qtechSecZoneViolationBlockThresh,
|
|
qtechSecZoneViolationBlockAction,
|
|
qtechSecZoneViolationBlockTimeout,
|
|
qtechSecZoneChainEntryStatus,
|
|
qtechZoneFirstName,
|
|
qtechZoneSecondName,
|
|
qtechZone2ZoneAclName,
|
|
qtechZone2ZoneEntryStauts,
|
|
qtechBockingIP,
|
|
qtechBockingCurrentStatus,
|
|
qtechBockingTryAccessZoneName,
|
|
qtechBockingEntryStatus,
|
|
qtechGlobalViolationNotifyThresh,
|
|
qtechGlobalViolationNotifyAction,
|
|
qtechGlobalViolationBlockThresh,
|
|
qtechGlobalViolationBlockAction,
|
|
qtechGlobalViolationBlockTimeout
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing seczone managment."
|
|
::= { qtechSecZoneMIBGroups 1 }
|
|
|
|
qtechSecZoneNotifObjectsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
violationTime,
|
|
violationSrcIP,
|
|
violationDestIP,
|
|
violationProtocol,
|
|
violationL4Key
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects that specify information for
|
|
TRIP notifications."
|
|
::= { qtechSecZoneMIBGroups 2 }
|
|
|
|
qtechSecZoneNotificationsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
qtechSecZoneViolationTrap
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of security zone access Violation traps."
|
|
::= { qtechSecZoneMIBGroups 3 }
|
|
END
|