summaryrefslogtreecommitdiff
path: root/MIBS/watchguard
diff options
context:
space:
mode:
authorDavid Leutgeb <david.leutgeb@mannundmouse.com>2023-12-05 12:25:34 +0100
committerDavid Leutgeb <david.leutgeb@mannundmouse.com>2023-12-05 12:25:34 +0100
commit98a672123c7872f6b9b75a9a2b6bb3aea504de6a (patch)
tree9b13bd7f563c3198047bd359195327cf28b3caf0 /MIBS/watchguard
downloadmibs-98a672123c7872f6b9b75a9a2b6bb3aea504de6a.tar.gz
mibs-98a672123c7872f6b9b75a9a2b6bb3aea504de6a.zip
Initial commitHEADmain
Diffstat (limited to 'MIBS/watchguard')
-rw-r--r--MIBS/watchguard/IPSEC-ISAKMP-IKE-DOI-TC712
-rw-r--r--MIBS/watchguard/WATCHGUARD-CLIENT-MIB313
-rw-r--r--MIBS/watchguard/WATCHGUARD-HA-MIB372
-rw-r--r--MIBS/watchguard/WATCHGUARD-INFO-SYSTEM-MIB65
-rw-r--r--MIBS/watchguard/WATCHGUARD-IPSEC-ENDPOINT-PAIR-MIB437
-rw-r--r--MIBS/watchguard/WATCHGUARD-IPSEC-SA-MON-MIB-EXT1831
-rw-r--r--MIBS/watchguard/WATCHGUARD-IPSEC-TUNNEL-MIB552
-rw-r--r--MIBS/watchguard/WATCHGUARD-MIB31
-rw-r--r--MIBS/watchguard/WATCHGUARD-POLICY-MIB320
-rw-r--r--MIBS/watchguard/WATCHGUARD-PRODUCTS-MIB108
-rw-r--r--MIBS/watchguard/WATCHGUARD-SMI43
-rw-r--r--MIBS/watchguard/WATCHGUARD-SYSTEM-CONFIG-MIB167
-rw-r--r--MIBS/watchguard/WATCHGUARD-SYSTEM-STATISTICS-MIB148
13 files changed, 5099 insertions, 0 deletions
diff --git a/MIBS/watchguard/IPSEC-ISAKMP-IKE-DOI-TC b/MIBS/watchguard/IPSEC-ISAKMP-IKE-DOI-TC
new file mode 100644
index 0000000..7c044f0
--- /dev/null
+++ b/MIBS/watchguard/IPSEC-ISAKMP-IKE-DOI-TC
@@ -0,0 +1,712 @@
+IPSEC-ISAKMP-IKE-DOI-TC DEFINITIONS ::= BEGIN
+
+ IMPORTS
+ -- make this mib a temporary watchguard extension before it becomes RFC
+ watchguard
+ FROM WATCHGUARD-MIB
+ -- delete next line before release
+ experimental,
+ MODULE-IDENTITY, Unsigned32 FROM SNMPv2-SMI
+ -- uncomment next line before release
+ mib-2 FROM RFC1213-MIB
+ TEXTUAL-CONVENTION FROM SNMPv2-TC;
+
+ ipsecIsakmpIkeDoiTC MODULE-IDENTITY
+ LAST-UPDATED "9907132145Z"
+ ORGANIZATION "Shiva"
+ CONTACT-INFO "John Shriver
+ Intel Corporation
+ 28 Crosby Drive
+ Bedford, MA 01730
+
+ Phone:
+ +1-781-687-1329
+
+ E-mail:
+ John.Shriver@intel.com"
+
+ DESCRIPTION "The MIB module which defines the textual conventions
+ used in IPSEC MIBs. This includes Internet DOI
+ numbers defined in RFC 2407, ISAKMP numbers defined
+ in RFC 2408, and IKE numbers defined in RFC 2409.
+
+ These Textual Conventions are defined in a seperate
+ MIB module since they are protocol numbers managed
+ by the IANA. Revision control after publication
+ will be under the authority of the IANA."
+ REVISION "9902181705Z"
+ DESCRIPTION "Added IsakmpDOI TEXTUAL-CONVENTION."
+ REVISION "9903051545Z"
+ DESCRIPTION "Changed CONTACT-INFO."
+ REVISION "9907132145Z"
+ DESCRIPTION "Put in real experimental branch number for module."
+ REVISION "9910051705Z"
+ DESCRIPTION "Added exchange types, tracked IKE standard. Split
+ IkeNotifyMessageType off of IsakmpNotifyMessageType."
+ REVISION "9910151950Z"
+ DESCRIPTION "Removed stray comma in IsakmpNotifyMessageType."
+
+ -- replace xxx in next line before release, uncomment before release
+ -- ::= { mib-2 xxx }
+ -- delete next line before release
+ -- ::= { experimental 100 }
+ ::= { watchguard 100 }
+ -- The first group of textual conventions are based on definitions
+ -- in the IPSEC DOI, RFC 2407.
+
+ IpsecDoiSituation ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "x"
+ STATUS current
+ DESCRIPTION "The IPSEC DOI Situation provides information that
+ can be used by the responder to make a policy
+ determination about how to process the incoming
+ Security Association request.
+
+ It is a four (4) octet bitmask, with the following
+ values:
+
+ sitIdentityOnly 0x01
+ sitSecrecy 0x02
+ sitIntegrity 0x04
+
+ The upper two bits (0x80000000 and 0x40000000) are
+ reserved for private use amongst cooperating
+ systems."
+ REFERENCE "RFC 2407 sections 4.2 and 6.2"
+ SYNTAX Unsigned32 (0..4294967295)
+ -- The syntax is not BITS, because we want the representation
+ -- to be the same here as it is in the ISAKMP/IKE protocols.
+
+
+ IpsecDoiSecProtocolId ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "These are the IPSEC DOI values for the Protocol-Id
+ field in an ISAKMP Proposal Payload, and in all
+ Notification Payloads.
+
+ They are also used as the Protocol-ID In the
+ Notification Payload and the Delete Payload.
+
+ The values 249-255 are reserved for private use
+ amongst cooperating systems."
+ REFERENCE "RFC 2407 section 4.4.1"
+ SYNTAX INTEGER {
+ reserved(0), -- reserved in DOI
+ protoIsakmp(1), -- message protection
+ -- required during Phase I
+ -- of the IKE protocol
+ protoIpsecAh(2), -- IP packet authentication
+ -- via Authentication Header
+ protoIpsecEsp(3), -- IP packet confidentiality
+ -- via Encapsulating
+ -- Security Payload
+ protoIpcomp(4) -- IP payload compression
+ }
+
+ IpsecDoiTransformIdent ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "The IPSEC DOI ISAKMP Transform Identifier is an
+ 8-bit value which identifies a key exchange protocol
+ to be used for the negotiation. It is used in the
+ Transform-Id field of an IKE Phase I Transform
+ Payload.
+
+ The values 249-255 are reserved for private use
+ amongst cooperating systems."
+ REFERENCE "RFC 2407 sections 4.4.2 and 6.3"
+ SYNTAX INTEGER {
+ reserved(0), -- reserved in DOI
+ keyIke(1) -- the hybrid ISAKMP/Oakley
+ -- Diffie-Hellman key
+ -- exchange
+ }
+
+ IpsecDoiAhTransform ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "The IPSEC DOI AH Transform Identifier is an 8-bit
+ value which identifies a particular algorithm to be
+ used to provide integrity protection for AH. It is
+ used in the Tranform-ID field of a ISAKMP Transform
+ Payload for the IPSEC DOI, when the Protocol-Id of
+ the associated Proposal Payload is 2 (AH).
+
+ The values 249-255 are reserved for private use
+ amongst cooperating systems."
+ REFERENCE "RFC 2407 sections 4.4.3 and 6.4"
+ SYNTAX INTEGER {
+ reserved(0), -- reserved in DOI
+ reserved1(1), -- reserved
+ ahMd5(2), -- generic AH transform
+ -- using MD5
+ ahSha(3), -- generic AH transform
+ -- using SHA-1
+ ahDes(4) -- generic AH transform
+ -- using DES
+ }
+
+ IpsecDoiEspTransform ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "The IPSEC DOI ESP Transform Identifier is an 8-bit
+ value which identifies a particular algorithm to be
+ used to provide secrecy protection for ESP. It is
+ used in the Tranform-ID field of a ISAKMP Transform
+ Payload for the IPSEC DOI, when the Protocol-Id of
+ the associated Proposal Payload is 2 (AH), 3 (ESP),
+ and 4 (IPCOMP).
+
+ The values 249-255 are reserved for private use
+ amongst cooperating systems."
+ REFERENCE "RFC 2407 sections 4.4.4 and 6.5"
+ SYNTAX INTEGER {
+ reserved(0), -- reserved in DOI
+ espDesIv64(1), -- DES-CBC transform defined
+ -- in RFC 1827 and RFC 1829
+ -- using a 64-bit IV
+ espDes(2), -- generic DES transform
+ -- using DES-CBC
+ esp3Des(3), -- generic triple-DES
+ -- transform
+ espRc5(4), -- RC5 transform
+ espIdea(5), -- IDEA transform
+ espCast(6), -- CAST transform
+ espBlowfish(7), -- BLOWFISH transform
+ esp3Idea(8), -- reserved for triple-IDEA
+ espDesIv32(9), -- DES-CBC transform defined
+ -- in RFC 1827 and RFC 1829
+ -- using a 32-bit IV
+ espRc4(10), -- reserved for RC4
+ espNull(11) -- no confidentiality
+ -- provided by ESP
+ }
+
+ IpsecDoiAuthAlgorithm ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "The ESP Authentication Algorithm used in the IPSEC
+ DOI as a SA Attributes definition in the Transform
+ Payload of Phase II of an IKE negotiation. This
+ set of values defines the AH authentication
+ algorithm, when the associated Proposal Payload has
+ a Protocol-ID of 2 (AH). This set of values
+ defines the ESP authentication algorithm, when the
+ associated Proposal Payload has a Protocol-ID
+ of 3 (ESP).
+
+ Values 5-61439 are reserved to IANA.
+
+ Values 61440-65535 are for private use.
+
+ In a MIB, a value of 0 indicates that ESP
+ has been negotiated without authentication."
+ REFERENCE "RFC 2407 section 4.5"
+ SYNTAX INTEGER {
+ reserved(0), -- reserved in DOI
+ hmacMd5(1),
+ hmacSha(2),
+ desMac(3),
+ kpdk(4)
+ }
+
+ IpsecDoiIpcompTransform ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "The IPSEC DOI IPCOMP Transform Identifier is an
+ 8-bit value which identifies a particular algorithm
+ to be used to provide IP-level compression before
+ ESP. It is used in the Tranform-ID field of a ISAKMP
+ Transform Payload for the IPSEC DOI, when the
+ Protocol-Id of the associated Proposal Payload
+ is 4 (IPCOMP).
+
+ The values 1-47 are reserved for algorithms for which
+ an RFC has been approved for publication.
+
+ The values 48-63 are reserved for private use amongst
+ cooperating systems.
+
+ The values 64-255 are reserved for future expansion."
+ REFERENCE "RFC 2407 sections 4.4.5 and 6.6"
+ SYNTAX INTEGER {
+ reserved(0), -- reserved in DOI
+ ipcompOui(1), -- proprietary compression
+ -- transform
+ ipcompDeflate(2), -- "zlib" deflate algorithm
+ ipcompLzs(3) -- Stac Electronics LZS
+ }
+
+ IpsecDoiEncapsulationMode ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "The Encapsulation Mode used as an IPSEC DOI
+ SA Attributes definition in the Transform Payload
+ of a Phase II IKE negotiation. This set of
+ values defines encapsulation modes used for AH,
+ ESP, and IPCOMP when the associated Proposal Payload
+ has a Protocol-ID of 3 (ESP).
+
+ Values 3-61439 are reserved to IANA.
+
+ Values 61440-65535 are for private use."
+ SYNTAX INTEGER {
+ reserved(0), -- reserved in DOI
+ tunnel(1),
+ transport(2)
+ }
+
+ IpsecDoiIdentType ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "The IPSEC DOI Identification Type is an 8-bit value
+ which is used in the ID Type field as a discriminant
+ for interpretation of the variable-length
+ Identification Payload.
+
+ The values 249-255 are reserved for private use
+ amongst cooperating systems."
+ REFERENCE "RFC 2407 sections 4.4.5, 4.6.2.1, and 6.9"
+ SYNTAX INTEGER {
+ reserved(0), -- reserved in DOI
+ idIpv4Addr(1), -- a single four (4) octet
+ -- IPv4 address
+ idFqdn(2), -- fully-qualified domain
+ -- name string
+ idUserFqdn(3), -- fully-qualified username
+ -- string
+ idIpv4AddrSubnet(4),
+ -- a range of IPv4 addresses,
+ -- represented by two
+ -- four (4) octet values,
+ -- where the first is an
+ -- address and the second
+ -- is a mask
+ idIpv6Addr(5), -- a single sixteen (16)
+ -- octet IPv6 address
+ idIpv6AddrSubnet(6),
+ -- a range of IPv6 addresses,
+ -- represented by two
+ -- sixteen (16) octet values,
+ -- where the first is an
+ -- address and the second
+ -- is a mask
+ idIpv4AddrRange(7), -- a range of IPv4 addresses,
+ -- represented by two
+ -- four (4) octet values,
+ -- where the first is the
+ -- beginning IPv4 address
+ -- and the second is the
+ -- ending IPv4 address
+ idIpv6AddrRange(8), -- a range of IPv6 addresses,
+ -- represented by two
+ -- sixteen (16) octet values,
+ -- where the first is the
+ -- beginning IPv6 address
+ -- and the second is the
+ -- ending IPv6 address
+ idDerAsn1Dn(9), -- the binary DER encoding of
+ -- ASN1 X.500
+ -- DistinguishedName
+ idDerAsn1Gn(10), -- the binary DER encoding of
+ -- ASN1 X.500 GeneralName
+ idKeyId(11) -- opaque byte stream which
+ -- may be used to pass
+ -- vendor-specific
+ -- information
+ }
+
+ -- The second group of textual conventions are based on defintions
+ -- the ISAKMP protocol, RFC 2408.
+
+ IsakmpDOI ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "These are the domain of interpretation values for
+ the ISAKMP Protocol. They are a 32-bit value
+ used in the Domain of Interpretation field of the
+ Security Association Payload.
+ Values 2-4294967295 are reserved to the IANA."
+ REFERENCE "RFC 2048 section 3.4."
+ SYNTAX INTEGER {
+ isakmp(0), -- generic ISAKMP SA in
+ -- Phase 1, which can be
+ -- used for any protocol
+ -- in Phase 2
+ ipsecDOI(1) -- the IPsec DOI as
+ -- specified in RFC 2407
+ }
+
+ IsakmpCertificateEncoding ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "These are the values for the types of
+ certificate-related information contained in the
+ Certificate Data field of a Certificate Payload.
+ They are used in the Cert Encoding field of the
+ Certificate Payload.
+
+ Values 11-255 are reserved."
+ REFERENCE "RFC 2408 section 3.9"
+ SYNTAX INTEGER {
+ pkcs7(1), -- PKCS #7 wrapped
+ -- X.509 certificate
+ pgp(2), -- PGP Certificate
+ dnsSignedKey(3), -- DNS Signed Key
+ x509Signature(4), -- X.509 Certificate:
+ -- Signature
+ x509KeyExchange(5), -- X.509 Certificate:
+ -- Key Exchange
+ kerberosTokens(6), -- Kerberos Tokens
+ crl(7), -- Certificate Revocation
+ -- List (CRL)
+ arl(8), -- Authority Revocation
+ -- List (ARL)
+ spki(9), -- SPKI Certificate
+ x509Attribute(10) -- X.509 Certificate:
+ -- Attribute
+ }
+
+ IsakmpExchangeType ::= TEXTUAL-CONVENTION
+ --
+ -- When revising IsakmpExchangeType, consider revising
+ -- IkeExchangeType as well.
+ --
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "These are the values used for the exchange types in
+ the ISAKMP header.
+
+ Values up to 31 are reserved for future
+ DOI-independent assignment for ISAKMP.
+
+ The values 240-255 are reserved for private use
+ amongst cooperating systems."
+ REFERENCE "RFC 2408 section 3.1"
+ SYNTAX INTEGER {
+ reserved(0),
+ base(1), -- base mode
+ identityProtect(2), -- identity protection
+ authOnly(3), -- authentication only
+ aggressive(4), -- aggressive mode
+ informational(5) -- informational
+ }
+
+ IsakmpNotifyMessageType ::= TEXTUAL-CONVENTION
+ --
+ -- If you change this, you probably want to
+ -- change IkeNotifyMessageType.
+ --
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "These are the values for the types of notification
+ messages. They are used as the Notify Message Type
+ field in the Notification Payload.
+
+ This textual convention merges the types
+ for error types (in the range 1-16386) and for
+ notification types (in the range 16384-65535).
+
+ The values 16001-16383 are reserved for private use
+ as error types amongst cooperating systems.
+
+ The values 24576-32767 are reserved for use in
+ each DOI. Each DOI should have a clone of this
+ textual convention adding local values.
+
+ The values 32768-40958 are reserved for private use
+ as notification types amongst cooperating systems."
+ REFERENCE "RFC 2408 section 3.14.1"
+ SYNTAX INTEGER {
+
+ -- Values defined for errors in ISAKMP
+ --
+ reserved(0), -- reserved in DOI
+ invalidPayloadType(1),
+ doiNotSupported(2),
+ situationNotSupported(3),
+ invalidCookie(4),
+ invalidMajorVersion(5),
+ invalidMinorVersion(6),
+ invalidExchangeType(7),
+ invalidFlags(8),
+ invalidMessageId(9),
+ invalidProtocolId(10),
+ invalidSpi(11),
+ invalidTransformId(12),
+ attributesNotSupported(13),
+ noProposalChosen(14),
+ badProposalSyntax(15),
+ payloadMalformed(16),
+ invalidKeyInformation(17),
+ invalidIdInformation(18),
+ invalidCertEncoding(19),
+ invalidCertificate(20),
+ certTypeUnsupported(21),
+ invalidCertAuthority(22),
+ invalidHashInformation(23),
+ authenticationFailed(24),
+ invalidSignature(25),
+ addressNotification(26),
+ notifySaLifetime(27),
+ certificateUnavailable(28),
+ unsupportedExchangeType(29),
+ unequalPayloadLengths(30)
+
+ -- values defined for errors in IPSEC DOI
+ -- (none)
+
+ -- values defined for notification in ISAKMP
+ -- (none)
+
+ -- values defined for notification in
+ -- each DOI (clone this TC)
+ }
+
+
+ -- The third group of textual conventions are based on defintions
+ -- the IKE key exchange protocol, RFC 2409.
+
+ IkeExchangeType ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "These are the values used for the exchange types in
+ the ISAKMP header.
+
+ The values 32-239 are DOI-specific, these values are
+ for the IPSec DOI used by IKE.
+
+ The values 240-255 are reserved for private use
+ amongst cooperating systems."
+ REFERENCE "RFC 2409 Appendix A,
+ draft-ietf-ipsec-ike-01.txt appendix A"
+ SYNTAX INTEGER {
+ reserved(0),
+ base(1), -- base mode
+ mainMode(2), -- main mode
+ authOnly(3), -- authentication only
+ aggressive(4), -- aggressive mode
+ informational(5), -- informational
+ quickMode(32), -- quick mode
+ newGroupMode(33), -- new group mode
+ acknowledgedInfo(34)
+ -- acknowledged informational
+ }
+
+ IkeEncryptionAlgorithm ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "Values for encryption algorithms negotiated
+ for the ISAKMP SA by IKE in Phase I. These are
+ values for SA Attrbute type Encryption
+ Algorithm (1).
+
+ Values 7-65000 are reserved to IANA.
+
+ Values 65001-65535 are for private use among
+ mutually consenting parties."
+ REFERENCE "RFC 2409 appendix A"
+ SYNTAX INTEGER {
+ reserved(0), -- reserved in IKE
+ desCbc(1), -- RFC 2405
+ ideaCbc(2),
+ blowfishCbc(3),
+ rc5R16B64Cbc(4), -- RC5 R16 B64 CBC
+ tripleDesCbc(5), -- 3DES CBC
+ castCbc(6)
+ }
+
+ IkeHashAlgorithm ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "Values for hash algorithms negotiated
+ for the ISAKMP SA by IKE in Phase I. These are
+ values for SA Attrbute type Hash Algorithm (2).
+
+ Values 4-65000 are reserved to IANA.
+
+ Values 65001-65535 are for private use among
+ mutually consenting parties."
+ REFERENCE "RFC 2409 appendix A"
+ SYNTAX INTEGER {
+ reserved(0), -- reserved in IKE
+ md5(1), -- RFC 1321
+ sha(2), -- FIPS 180-1
+ tiger(3)
+ }
+
+ IkeAuthMethod ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "Values for authentication methods negotiated
+ for the ISAKMP SA by IKE in Phase I. These are
+ values for SA Attrbute type Authentication
+ Method (3).
+
+ Values 6-65000 are reserved to IANA.
+
+ Values 65001-65535 are for private use among
+ mutually consenting parties."
+ REFERENCE "RFC 2409 appendix A,
+ draft-ietf-ipsec-ike-01.txt appendix A"
+ SYNTAX INTEGER {
+ reserved(0), -- reserved in IKE
+ preSharedKey(1),
+ dssSignatures(2),
+ rsaSignatures(3),
+ encryptionWithRsa(4),
+ revisedEncryptionWithRsa(5),
+ encryptionWithElGamal(6),
+ revisedEncryptionWithElGamal(7)
+ }
+
+ IkeGroupDescription ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "Values for Oakley key computation groups for
+ Diffie-Hellman exchange negotiated for the ISAKMP
+ SA by IKE in Phase I. They are also used in Phase II
+ when perfect forward secrecy is in use. These are
+ values for SA Attrbute type Group Description (4)."
+ REFERENCE "RFC 2409 appendix A,
+ draft-ietf-ipsec-ike-01.txt appendix A"
+ SYNTAX INTEGER {
+ reserved(0), -- reserved in IKE
+ modp768(1), -- default 768-bit MODP group
+ modp1024(2), -- alternate 1024-bit MODP
+ -- group
+ ec2nGalois2P155(3), -- EC2N group on Galois
+ -- Field GF[2^155]
+ ec2nGalois2P185(4), -- EC2N group on Galois
+ -- Field GF[2^185]
+ modp1536(5) -- alternate 1536-bit MODP
+ -- group
+ }
+
+ IkeGroupType ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "Values for Oakley key computation group types
+ negotiated for the ISAKMP SA by IKE in Phase I.
+ They are also used in Phase II when perfect forward
+ secrecy is in use. These are values for SA Attribute
+ type Group Type (5)."
+ REFERENCE "RFC 2409 appendix A"
+ SYNTAX INTEGER {
+ reserved(0), -- reserved in IKE
+ modp(1), -- modular eponentiation
+
+ -- group
+ ecp(2), -- elliptic curve group over
+ -- Galois Field GF[P]
+ ec2n(3) -- elliptic curve group over
+ -- Galois Field GF[2^N]
+ }
+
+ IkePrf ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "Values for Pseudo-Random Functions used with
+ with the hash algorithm negotiated for the ISAKMP SA
+ by IKE in Phase I. There are currently no
+ pseudo-random functions defined, the default HMAC is
+ always used. These are values for SA Attribute type
+ PRF (13).
+
+ Values 1-65000 are reserved to IANA.
+
+ Values 65001-65535 are for private use among
+ mutually consenting parties."
+ REFERENCE "RFC 2409 appendix A"
+ SYNTAX Unsigned32 (0..65535)
+
+ IkeNotifyMessageType ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION "These are the values for the types of notification
+ messages. They are used as the Notify Message Type
+ field in the Notification Payload.
+
+ This textual convention merges the types
+ for error types (in the range 1-16386) and for
+ notification types (in the range 16384-65535).
+
+ This textual convention is a merge of values
+ defined by ISAKMP with the additional values
+ defined in the IPSEC DOI.
+
+ The values 16001-16383 are reserved for private use
+ as error types amongst cooperating systems.
+
+ The values 32001-32767 are reserved for private use
+ as notification types amongst cooperating systems."
+ REFERENCE "RFC 2408 section 3.14.1 and RFC 2407 sections 4.6.3
+ and 6.10"
+ SYNTAX INTEGER {
+
+ -- Values defined for errors in ISAKMP
+ --
+ reserved(0), -- reserved in DOI
+ invalidPayloadType(1),
+ doiNotSupported(2),
+ situationNotSupported(3),
+ invalidCookie(4),
+ invalidMajorVersion(5),
+ invalidMinorVersion(6),
+ invalidExchangeType(7),
+ invalidFlags(8),
+ invalidMessageId(9),
+ invalidProtocolId(10),
+ invalidSpi(11),
+ invalidTransformId(12),
+ attributesNotSupported(13),
+ noProposalChosen(14),
+ badProposalSyntax(15),
+ payloadMalformed(16),
+ invalidKeyInformation(17),
+ invalidIdInformation(18),
+ invalidCertEncoding(19),
+ invalidCertificate(20),
+ certTypeUnsupported(21),
+ invalidCertAuthority(22),
+ invalidHashInformation(23),
+ authenticationFailed(24),
+ invalidSignature(25),
+ addressNotification(26),
+ notifySaLifetime(27),
+ certificateUnavailable(28),
+ unsupportedExchangeType(29),
+ unequalPayloadLengths(30),
+
+ -- values defined for errors in IPSEC DOI
+ -- (none)
+
+ -- values defined for notification in ISAKMP
+ -- (none)
+
+ -- values defined for notification in IPSEC
+ -- DOI
+ responderLifetime(24576),
+ -- used to communicate IPSEC
+ -- SA lifetime chosen by the
+ -- responder
+
+ replayStatus(24577),
+ -- used for positive
+ -- confirmation of the
+ -- responder's election on
+ -- whether or not he is to
+ -- perform anti-replay
+ -- detection
+
+ initialContact(24578)
+ -- used when one side wishes
+ -- to inform the other that
+ -- this is the first SA being
+ -- established with the
+ -- remote system
+ }
+END
+
+
diff --git a/MIBS/watchguard/WATCHGUARD-CLIENT-MIB b/MIBS/watchguard/WATCHGUARD-CLIENT-MIB
new file mode 100644
index 0000000..957deed
--- /dev/null
+++ b/MIBS/watchguard/WATCHGUARD-CLIENT-MIB
@@ -0,0 +1,313 @@
+WATCHGUARD-CLIENT-MIB DEFINITIONS ::= BEGIN
+
+ IMPORTS
+ MODULE-IDENTITY, OBJECT-TYPE,
+ OBJECT-IDENTITY, enterprises,
+ IpAddress, Unsigned32, TimeTicks FROM SNMPv2-SMI
+ DateAndTime FROM SNMPv2-TC
+ watchguard FROM WATCHGUARD-SMI;
+
+ wgInfoModule MODULE-IDENTITY
+ LAST-UPDATED "200701251200Z"
+ ORGANIZATION "WatchGuard Technologies, Inc."
+ CONTACT-INFO
+ " WatchGuard Technologies, Inc.
+
+ 505 Fifth Avenue South
+ Suite 500
+ Seattle, WA 98104
+ United States
+
+ +1.206.613.6600 "
+
+ DESCRIPTION
+ "The MIB module describes client information
+ of WatchGuard system."
+
+ REVISION "200701251200Z"
+ DESCRIPTION
+ "Initial revision."
+ ::= { watchguard 6 }
+
+ wgClientMIB OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for DHCP Server, DHCP Client
+ and PPPoE Client"
+ ::= { wgInfoModule 2 }
+
+ wgClientDHCPServer OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all DHCP server related information."
+ ::= { wgClientMIB 1 }
+
+ wgClientDHCPClient OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all DHCP client related information."
+ ::= { wgClientMIB 2 }
+
+ wgClientPPPoEClient OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all PPPoE client related information."
+ ::= { wgClientMIB 3 }
+
+ wgClientDHCPServerEnable OBJECT-TYPE
+ SYNTAX INTEGER {
+ disabled(0),
+ enabled(1),
+ relay(2)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Indicates whether if DHCP Server has been enabled. "
+ ::= { wgClientDHCPServer 1 }
+
+ wgClientDHCPServerStartIpAddress OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The starting IP address of the range of IP addresses leased by the DHCP server."
+ ::= { wgClientDHCPServer 2 }
+
+ wgClientDHCPServerEndIpAddress OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The last IP address of the range of IP addresses leased by the DHCP Server. "
+ ::= { wgClientDHCPServer 3 }
+
+ wgClientDHCPServerLeaseTime OBJECT-TYPE
+ SYNTAX TimeTicks
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The lease time of an address assigned to a DHCP client. "
+ ::= { wgClientDHCPServer 4 }
+
+ wgClientDHCPServerNum OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of entries in the wgClientDHCPServerTable. "
+ ::= { wgClientDHCPServer 5 }
+
+ wgClientDHCPServerConnTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF WGClientDHCPServerConnEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "This is the client lease table of the DHCP Server."
+ ::= { wgClientDHCPServer 6 }
+
+ wgClientDHCPServerRelayServer OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address of remote DHCP server to which
+ DHCP requests should be relayed."
+ ::= { wgClientDHCPServer 7 }
+
+ wgClientDHCPServerConnEntry OBJECT-TYPE
+ SYNTAX WGClientDHCPServerConnEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "An entry (conceptual row) containing the leasing
+ information of an assigned address by the DHCP Server."
+ INDEX {
+ wgClientDHCPServerConnIPAddr
+ }
+ ::= { wgClientDHCPServerConnTable 1 }
+
+ WGClientDHCPServerConnEntry ::= SEQUENCE {
+
+ wgClientDHCPServerConnIPAddr IpAddress,
+
+ wgClientDHCPServerConnClientHostName OCTET STRING,
+ wgClientDHCPServerConnMACAddr OCTET STRING (SIZE(6)),
+ wgClientDHCPServerConnLeaseTimeStart DateAndTime,
+ wgClientDHCPServerConnLeaseTimeEnd DateAndTime
+
+ }
+
+ wgClientDHCPServerConnClientHostName OBJECT-TYPE
+ SYNTAX OCTET STRING
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The hostname of the client."
+ ::= { wgClientDHCPServerConnEntry 1 }
+
+ wgClientDHCPServerConnIPAddr OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address assigned to the client."
+ ::= { wgClientDHCPServerConnEntry 2 }
+
+ wgClientDHCPServerConnMACAddr OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(6))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The MAC address of the client."
+ ::= { wgClientDHCPServerConnEntry 3 }
+
+
+ wgClientDHCPServerConnLeaseTimeStart OBJECT-TYPE
+ SYNTAX DateAndTime
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The date and time when the lease starts."
+ ::= { wgClientDHCPServerConnEntry 4 }
+
+ wgClientDHCPServerConnLeaseTimeEnd OBJECT-TYPE
+ SYNTAX DateAndTime
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The date and time when the lease ends."
+ ::= { wgClientDHCPServerConnEntry 5 }
+
+ -- DHCP Client information
+
+ wgClientDHCPClientEnable OBJECT-TYPE
+ SYNTAX INTEGER {
+ disabled(0),
+ enabled(1)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Indicates whether interface 1 (public) is configured to obtain IP address through DHCP."
+ ::= { wgClientDHCPClient 1 }
+
+ wgClientDHCPClientDomainName OBJECT-TYPE
+ SYNTAX OCTET STRING
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The domain name of the DHCP Client."
+ ::= { wgClientDHCPClient 2 }
+
+ wgClientDHCPClientDefaultGateway OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address of the default gateway obtained by the DHCP client."
+ ::= { wgClientDHCPClient 3 }
+
+ wgClientDHCPClientDNSOne OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address of the primary DNS server obtained by the DHCP client."
+ ::= { wgClientDHCPClient 4 }
+
+ wgClientDHCPClientDNSTwo OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address of the secondary DNS server obtained by the DHCP client."
+ ::= { wgClientDHCPClient 5 }
+
+
+ -- PPPoE Client information
+
+ wgClientPPPoEClientEnable OBJECT-TYPE
+ SYNTAX INTEGER {
+ disabled(0),
+ enabled(1)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Indicates whether the interface 1 (public) is configured to use PPPoE."
+ ::= { wgClientPPPoEClient 1 }
+
+ wgClientPPPoEClientADSLStatus OBJECT-TYPE
+ SYNTAX INTEGER {
+ disconnect(0), -- ADSL is disconnected
+ initialize(1), -- ADSL is initializing
+ establish(2), -- ASDL is established
+ authenticate(3), -- ASDL is authenticated
+ network(4),
+ running(5) -- ASDL is running
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The current ADSL status of the PPPoE Client. "
+ ::= { wgClientPPPoEClient 2 }
+
+ wgClientPPPoEClientLocalIPAddr OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address obtained by the PPPoE Client."
+ ::= { wgClientPPPoEClient 3 }
+
+ wgClientPPPoEClientRemoteIPAddr OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP Address of the PPP server this PPPoE client connects to."
+ ::= { wgClientPPPoEClient 4 }
+
+ wgClientPPPoEClientNetMask OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+
+ DESCRIPTION
+ "The subnet mask of the PPPoE client."
+ ::= { wgClientPPPoEClient 5 }
+
+ wgClientPPPoEClientDNSOne OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address of the primary DNS server obtained."
+ ::= { wgClientPPPoEClient 6 }
+
+ wgClientPPPoEClientDNSTwo OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The IP address of the secondary DNS server obtained."
+ ::= { wgClientPPPoEClient 7 }
+
+ wgClientPPPoEADSLPeerMACAddr OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(6))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The MAC Address of the PPP server this client connects to."
+ ::= { wgClientPPPoEClient 8 }
+
+ wgClientPPPoEClientConnTime OBJECT-TYPE
+ SYNTAX TimeTicks
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The connection time of the PPPoE connection."
+ ::= { wgClientPPPoEClient 9 }
+
+END
diff --git a/MIBS/watchguard/WATCHGUARD-HA-MIB b/MIBS/watchguard/WATCHGUARD-HA-MIB
new file mode 100644
index 0000000..7c8107b
--- /dev/null
+++ b/MIBS/watchguard/WATCHGUARD-HA-MIB
@@ -0,0 +1,372 @@
+WATCHGUARD-HA-MIB DEFINITIONS ::= BEGIN
+
+ IMPORTS
+ MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Integer32, Counter64, Gauge32,
+ OBJECT-IDENTITY, enterprises,
+ IpAddress, TimeTicks FROM SNMPv2-SMI
+ DateAndTime FROM SNMPv2-TC
+ watchguard FROM WATCHGUARD-MIB;
+
+ wgInfoModule MODULE-IDENTITY
+ LAST-UPDATED "200701251200Z"
+ ORGANIZATION "WatchGuard Technologies, Inc."
+ CONTACT-INFO
+ " Ella Yu
+ WatchGuard Technologies, Inc.
+ 1841 Zanker Road
+ San Jose, CA 95112
+ USA
+
+ 408-519-4888
+ ella.yu@watchguard.com "
+
+ DESCRIPTION
+ "The MIB module describes general information
+ of WatchGuard system. Mainly, the information
+ obtained from this MIB is used by wgInfoSystemMIB,
+ wgClientMIB, wgSystemStatisticsMIB, wgIpsecTunnelMIB,
+ wgHAMIB."
+
+
+ REVISION "200701251200Z"
+ DESCRIPTION
+ "Initial revision."
+ ::= { watchguard 6 }
+
+ wgHAMIB OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all HA related
+ branches."
+ ::= { wgInfoModule 6 }
+
+ wgHALocal OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all objects which are
+ belong to local appliance."
+ ::= { wgHAMIB 1 }
+
+ wgHAPeer OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all objects which are
+ belong to peer appliance."
+ ::= { wgHAMIB 2 }
+
+ wgHAStatus OBJECT-TYPE
+ SYNTAX INTEGER {
+ disabled(0),
+ unknown(1),
+ as-primary-active(2),
+ as-secondary-active(3),
+ aa-primary-ative(4),
+ aa-secondary-active(5),
+ aa-primary-takeover(6),
+ aa-secondary-takeover(7),
+ standby(8),
+ admin(9),
+ failed(10),
+ unavailable(11)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Indicates current status of local appliance.
+ disabled: The local appliance of HA system is not enabled.
+ unknown: The local appliance of HA system is in initialization
+ as-primary-active: The local appliance that is the primary appliance of
+ HA/AS system is in active mode. This status is also called
+ MASTER in some systems.
+ as-secondary-active: The local appliance that is the secondary appliance of
+ HA/AS system is in active mode. This status is also called
+ BACKUP in some systems.
+ aa-primary-ative: The local appliance that is the primary appliance of
+ HA/AA system is in active mode.
+ aa-secondary-active: The local appliance that is the secondary appliance of
+ HA/AA system is in active mode.
+ aa-primary-takeover: The local appliance that is the primary appliance of
+ HA/AA system has taken over the peer's duty.
+ aa-secondary-takeover: The local appliance of the secondary appliance of
+ HA/AA system has taken over the peer's duty.
+ standby: The local appliance of HA/AS system is in standby mode.
+ admin: The local appliance of HA system detects an mismatched
+ configuration and waits for system administrator to reslove
+ the conflict.
+ failed: The local appliance of the HA system is down due to forced failover
+ or other reasons.
+ unavailable: It's reported when local appliance of HA system is unabled
+ to get status information.
+ "
+ ::= { wgHALocal 1 }
+
+ wgHAPeerStatus OBJECT-TYPE
+ SYNTAX INTEGER {
+ unavailable(0),
+ active(1),
+ standby(2),
+ admin(3),
+ failed(4)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Indicates current status of peer appliance.
+ unavailable: It's reported when peer appliance of HA system is unabled
+ to get status information.
+ active: The peer applicance of HA system is in active mode.
+ standby: The peer applicance of HA system is in standby mode.
+ admin: The peer applicance of HA system dectects an mismatched
+ configuration and waits for system administrator to reslove the conflict.
+ failed: The peer appliance of HA system is down due to forced failover or other reasons.
+ "
+ ::= {wgHALocal 2 }
+
+ wgHALastDBSyncTime OBJECT-TYPE
+ SYNTAX DateAndTime
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The last DB synchronized time of local appliance."
+ ::= { wgHALocal 3 }
+
+ wgHAError OBJECT-TYPE
+ SYNTAX INTEGER {
+ no-error(0),
+ mismatched-ha-id(1),
+ mismatched-software(2),
+ mismatched-database(3),
+ mismatched-hardware(4),
+ forced-fail(5),
+ invalid-ha-role(6),
+ link-down(7),
+ lost-mia-heartbeat(8),
+ mia-not-responding(9),
+ admin-command-failed(10),
+ detect-ha-error(11),
+ unavailable(12),
+ hotsync-failed(13),
+ config-sync-failed(14)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Reports the current error that occurred in local appliance ."
+ ::= { wgHALocal 4 }
+
+ wgHAPeerError OBJECT-TYPE
+ SYNTAX INTEGER {
+ no-error(0),
+ mismatched-ha-id(1),
+ mismatched-software(2),
+ mismatched-database(3),
+ mismatched-hardware(4),
+ forced-fail(5),
+ invalid-ha-role(6),
+ link-down(7),
+ lost-mia-heartbeat(8),
+ mia-not-responding(9),
+ admin-command-failed(10),
+ detect-ha-error(11),
+ unavailable(12),
+ hotsync-failed(13),
+ config-sync-failed(14)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Reports the current error that occurred in peer appliance."
+ ::= { wgHALocal 5 }
+
+ wgHAPeerSerialNumber OBJECT-TYPE
+ SYNTAX OCTET STRING
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The serial number of peer appliance."
+ ::= { wgHAPeer 1 }
+
+ wgHAPeerLastDBSyncTime OBJECT-TYPE
+ SYNTAX DateAndTime
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The last DB synchronized time of peer appliance."
+ ::= { wgHAPeer 2}
+
+ wgHAPeerDevice OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object for parameters and configuration
+ data of devices in this entity."
+ ::= { wgHAPeer 3 }
+
+ wgHAPeerCounters OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object for parameters and configuration
+ data of devices in this entity."
+ ::= { wgHAPeer 4 }
+
+ wgHAPeerIfNumber OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of RapidCard installed in this entity."
+ ::= { wgHAPeerDevice 1 }
+
+ wgHAPeerIfTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF WGHAPeerIfEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A list of RapidCard entries. The number of
+ entries is given by the value of wgHAPeerDeviceNumber."
+ ::= { wgHAPeerDevice 2 }
+
+ wgHAPeerIfEntry OBJECT-TYPE
+ SYNTAX WGHAPeerIfEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A RapidCard entry containing objects for a
+ particular RapidCard."
+ INDEX { wgHAPeerIfIndex }
+ ::= { wgHAPeerIfTable 1 }
+
+ WGHAPeerIfEntry ::= SEQUENCE {
+ wgHAPeerIfIndex Unsigned32,
+ wgHAPeerIfIpAddr IpAddress,
+ wgHAPeerIfLinkStatus INTEGER
+ }
+
+ wgHAPeerIfIndex OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The unique value for each interface."
+ ::= { wgHAPeerIfEntry 1 }
+
+ wgHAPeerIfIpAddr OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The ip address of the interface."
+ ::= { wgHAPeerIfEntry 4 }
+
+ wgHAPeerIfLinkStatus OBJECT-TYPE
+ SYNTAX INTEGER {
+ down(0),
+ up(1),
+ other(2)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The current state of the interface."
+ ::= { wgHAPeerIfEntry 9 }
+
+ wgHAPeerSystemCpuUtil OBJECT-TYPE
+ SYNTAX Gauge32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The CPU utilization of the peer system in last 5
+ seconds."
+ ::= { wgHAPeerCounters 1 }
+
+ wgHAPeerSystemTotalSendBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of bytes sent since peer system
+ is up."
+ ::= { wgHAPeerCounters 2 }
+
+ wgHAPeerSystemTotalRecvBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of bytes received since peer system
+ is up."
+ ::= { wgHAPeerCounters 3 }
+
+ wgHAPeerSystemTotalSendPackets OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of packets sent since peer system is
+ up."
+ ::= { wgHAPeerCounters 4 }
+
+ wgHAPeerSystemTotalRecvPackets OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of packets received since peer
+ system is up."
+ ::= { wgHAPeerCounters 5 }
+
+ wgHAPeerSystemStreamReqTotal OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of the connection requests since
+ system is up."
+ ::= { wgHAPeerCounters 6 }
+
+ wgHAPeerSystemStreamReqDrop OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of the connection requests being
+ dropped since system is up."
+ ::= { wgHAPeerCounters 7 }
+
+ wgHAPeerSystemCurrIpsecTunnels OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of ipsec tunnels in the peer system
+ currently."
+ ::= {wgHAPeerCounters 8 }
+
+ wgHAPeerSystemCpuUtil1 OBJECT-TYPE
+ SYNTAX Gauge32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The CPU utilization of the peer system in last 1
+ minute."
+ ::= { wgHAPeerCounters 9 }
+
+ wgHAPeerSystemCpuUtil5 OBJECT-TYPE
+ SYNTAX Gauge32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The CPU utilization of the peer system in last 5
+ minutes."
+ ::= { wgHAPeerCounters 10 }
+
+ wgHAPeerSystemCpuUtil15 OBJECT-TYPE
+ SYNTAX Gauge32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The CPU utilization of the peer system in last 15
+ minutes."
+ ::= { wgHAPeerCounters 11 }
+
+END
+
diff --git a/MIBS/watchguard/WATCHGUARD-INFO-SYSTEM-MIB b/MIBS/watchguard/WATCHGUARD-INFO-SYSTEM-MIB
new file mode 100644
index 0000000..eb9cfbe
--- /dev/null
+++ b/MIBS/watchguard/WATCHGUARD-INFO-SYSTEM-MIB
@@ -0,0 +1,65 @@
+WATCHGUARD-INFO-SYSTEM-MIB DEFINITIONS ::= BEGIN
+
+ IMPORTS
+ MODULE-IDENTITY, OBJECT-TYPE,
+ OBJECT-IDENTITY, enterprises FROM SNMPv2-SMI
+ DateAndTime FROM SNMPv2-TC
+ watchguard FROM WATCHGUARD-SMI;
+
+ wgInfoModule MODULE-IDENTITY
+ LAST-UPDATED "200701251200Z"
+ ORGANIZATION "WatchGuard Technologies, Inc."
+ CONTACT-INFO
+ " WatchGuard Technologies, Inc.
+
+ 505 Fifth Avenue South
+ Suite 500
+ Seattle, WA 98104
+ United States
+
+ +1.206.613.6600 "
+
+ DESCRIPTION
+ "The MIB module describes general information
+ of WatchGuard system. Mainly, the information
+ obtained from this MIB is used by wgInfoSystemMIB,
+ wgClientMIB, wgSystemStatisticsMIB, wgIpsecTunnelMIB."
+
+
+ REVISION "200701251200Z"
+ DESCRIPTION
+ "Initial revision."
+ ::= { watchguard 6 }
+
+
+ wgInfoSystem OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base system information for all wg Client
+ branches."
+ ::= { wgInfoModule 1 }
+
+ wgInfoSystemCurrentTime OBJECT-TYPE
+ SYNTAX DateAndTime
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The host's notion of the local date and time of day."
+ ::= {wgInfoSystem 1}
+
+ wgInfoGavService OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..64))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Version and update time of Gateway Antivirus Service"
+ ::= {wgInfoSystem 3}
+
+ wgInfoIpsService OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..64))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Version and update time of Intrusion Prevention Service"
+ ::= {wgInfoSystem 4}
+END
diff --git a/MIBS/watchguard/WATCHGUARD-IPSEC-ENDPOINT-PAIR-MIB b/MIBS/watchguard/WATCHGUARD-IPSEC-ENDPOINT-PAIR-MIB
new file mode 100644
index 0000000..f747cb3
--- /dev/null
+++ b/MIBS/watchguard/WATCHGUARD-IPSEC-ENDPOINT-PAIR-MIB
@@ -0,0 +1,437 @@
+WATCHGUARD-IPSEC-ENDPOINT-PAIR-MIB DEFINITIONS ::= BEGIN
+
+ IMPORTS
+ MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Gauge32,
+ OBJECT-IDENTITY, enterprises,
+ IpAddress FROM SNMPv2-SMI
+ watchguard FROM WATCHGUARD-SMI;
+
+ wgIpsecEndpointPairModule MODULE-IDENTITY
+ LAST-UPDATED "200701251200Z"
+ ORGANIZATION "WatchGuard Technologies, Inc."
+ CONTACT-INFO
+ " WatchGuard Technologies, Inc.
+
+ 505 Fifth Avenue South
+ Suite 500
+ Seattle, WA 98104
+ United States
+
+ +1.206.613.6600 "
+
+ DESCRIPTION
+ "The MIB module describes generic Ipsec Endpoint Pair information
+ of WatchGuard system. Mainly, the information
+ obtained from this MIB is used to constructed topological
+ view of IPSec security gateways that are connected by
+ IPSec tunnels.
+
+ An IPSec Endpoint Pair is a pair of security gateways that
+ are connected with 0 or more IPSec SA's in tunnel mode.
+ It contains information of aggregated information
+ of tunnel mode SA's between two security gateways.
+
+ An IPSec Endpoint Pair is identified by a pair of IP addresses.
+ Therefore, if an IPSec security gateway X has 2 external
+ IP addresses while IPsec secruity gateway Y has 3 external
+ IP addresses, there are potentially 6 IPsec Endpoint Pairs
+ between X and Y."
+
+
+ REVISION "200701251200Z"
+ DESCRIPTION
+ "Initial revision."
+ ::= { watchguard 5 }
+
+
+ wgIpsecEndpointPairMIB OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all IPSec tunnel
+ branches."
+ ::= { wgIpsecEndpointPairModule 1 }
+
+ wgIpsecEndpointPair OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all IPSec
+ tunnel information."
+ ::= { wgIpsecEndpointPairMIB 1 }
+
+ wgIpsecEndpointPairStatistics OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all objects which
+ are global counters for IPSec tunnels."
+ ::= { wgIpsecEndpointPairMIB 2 }
+
+
+ wgIpsecEndpointPairNum OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of entries in the wgIpsecEndpointPairTable. "
+ ::= { wgIpsecEndpointPair 1 }
+
+ wgIpsecEndpointPairTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF WGIpsecEndpointPairEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "This is the connection table describing all current
+ IPSec tunnels exist on this entity."
+ ::= { wgIpsecEndpointPair 2 }
+
+
+ wgIpsecEndpointPairEntry OBJECT-TYPE
+ SYNTAX WGIpsecEndpointPairEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "An entry (conceptual row) containing the information on a
+ IPSec tunnel between two IPSec security gateways."
+ INDEX{ wgIpsecEndpointPairIndex }
+ ::= { wgIpsecEndpointPairTable 1 }
+
+ WGIpsecEndpointPairEntry ::= SEQUENCE {
+
+ wgIpsecEndpointPairIndex Integer32,
+
+ wgIpsecEndpointPairLocalAddr IpAddress,
+ wgIpsecEndpointPairPeerAddr IpAddress,
+
+
+ wgIpsecEndpointPairInSAs Unsigned32,
+ wgIpsecEndpointPairOutSAs Unsigned32,
+ wgIpsecEndpointPairInAccKbytes Counter32,
+ wgIpsecEndpointPairOutAccKbytes Counter32,
+ wgIpsecEndpointPairInPackets Counter32,
+ wgIpsecEndpointPairOutPackets Counter32,
+ wgIpsecEndpointPairDecryptErrors Counter32,
+ wgIpsecEndpointPairAuthErrors Counter32,
+ wgIpsecEndpointPairReplayErrors Counter32,
+ wgIpsecEndpointPairPolicyErrors Counter32,
+ wgIpsecEndpointPairPadErrors Counter32,
+ wgIpsecEndpointPairOtherReceiveErrors Counter32,
+ wgIpsecEndpointPairSendErrors Counter32
+
+ }
+
+ wgIpsecEndpointPairIndex OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The running index of this IPSec endpoint pair."
+ ::= { wgIpsecEndpointPairEntry 1 }
+
+ wgIpsecEndpointPairLocalAddr OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The local IP address of the current IPSec ednpoint pair."
+ ::= { wgIpsecEndpointPairEntry 2 }
+
+ wgIpsecEndpointPairPeerAddr OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The remote IP address of the current IPSec endpoint pair."
+ ::= { wgIpsecEndpointPairEntry 3 }
+
+
+ wgIpsecEndpointPairInSAs OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of inbound IPSEC SA's within this
+ IPSec endpoint pair.If IKE rekeys and no data
+ stream to activate new SA, the SA statistics
+ may be include the old SA, then the total number
+ is the double of the active SA"
+ ::= { wgIpsecEndpointPairEntry 4 }
+
+ wgIpsecEndpointPairOutSAs OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of outbound IPSEC SA's within this
+ IPSec endpoint pair.If IKE rekeys and no data
+ stream to activate new SA, the SA statistics
+ may be include the old SA, then the total number
+ is the double of the active SA"
+ ::= { wgIpsecEndpointPairEntry 5 }
+
+ wgIpsecEndpointPairInAccKbytes OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "Kbytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total inbound traffic in Kbytes since the establish of
+ this connection."
+ ::= { wgIpsecEndpointPairEntry 6 }
+
+ wgIpsecEndpointPairOutAccKbytes OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "Kbytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total outound traffic in Kbytes since the establish of
+ this connection."
+ ::= { wgIpsecEndpointPairEntry 7 }
+
+ wgIpsecEndpointPairInPackets OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of inbound packets since the establish of
+ this connection."
+ ::= { wgIpsecEndpointPairEntry 8 }
+
+ wgIpsecEndpointPairOutPackets OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of outound packets since the establish of
+ this connection."
+ ::= { wgIpsecEndpointPairEntry 9 }
+
+ wgIpsecEndpointPairDecryptErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecEndpointPairEntry 10 }
+
+ wgIpsecEndpointPairAuthErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets discarded due to authentication
+ error since the establish of this connection."
+ ::= { wgIpsecEndpointPairEntry 11 }
+
+ wgIpsecEndpointPairReplayErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets discarded due to replay
+ error since the establish of this connection."
+ ::= { wgIpsecEndpointPairEntry 12}
+
+ wgIpsecEndpointPairPolicyErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecEndpointPairEntry 13 }
+
+ wgIpsecEndpointPairPadErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecEndpointPairEntry 14 }
+
+ wgIpsecEndpointPairOtherReceiveErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecEndpointPairEntry 15 }
+
+ wgIpsecEndpointPairSendErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecEndpointPairEntry 16 }
+
+
+ -- global statistics
+
+ wgIpsecEndpointPairTotalInSAs OBJECT-TYPE
+ SYNTAX Gauge32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of active inbound SA's in the entity."
+ ::= { wgIpsecEndpointPairStatistics 1 }
+
+ wgIpsecEndpointPairTotalOutSAs OBJECT-TYPE
+ SYNTAX Gauge32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of active outbound SA's in the entity."
+ ::= { wgIpsecEndpointPairStatistics 2 }
+
+ wgIpsecEndpointPairTotalInAccKbytes OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "Kbytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total inbound IPsec traffic of this entity."
+ ::= { wgIpsecEndpointPairStatistics 3 }
+
+ wgIpsecEndpointPairTotalOutAccKbytes OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total outbound IPsec traffic of this entity."
+ ::= { wgIpsecEndpointPairStatistics 4 }
+
+ wgIpsecEndpointPairTotalInPackets OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "Kbytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total inbound IPsec packets of this entity."
+ ::= { wgIpsecEndpointPairStatistics 5 }
+
+ wgIpsecEndpointPairTotalOutPackets OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total outbound IPsec packets of this entity."
+ ::= { wgIpsecEndpointPairStatistics 6 }
+
+
+ wgIpsecEndpointPairTotalDecryptErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecEndpointPairStatistics 7 }
+
+ wgIpsecEndpointPairTotalAuthErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets on this entity discarded
+ due to authentication errors."
+ ::= { wgIpsecEndpointPairStatistics 8 }
+
+ wgIpsecEndpointPairTotalReplayErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets discarded due to replay
+ errors on this entity."
+ ::= { wgIpsecEndpointPairStatistics 9 }
+
+ wgIpsecEndpointPairTotalPolicyErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecEndpointPairStatistics 10 }
+
+ wgIpsecEndpointPairTotalPadErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecEndpointPairStatistics 11 }
+
+ wgIpsecEndpointPairTotalOtherReceiveErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecEndpointPairStatistics 12 }
+
+ wgIpsecEndpointPairTotalSendErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecEndpointPairStatistics 13 }
+
+ wgIpsecEndpointPairPeerIPToTunnel OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all tunnels
+ information of the policies."
+ ::= {wgIpsecEndpointPairMIB 3}
+
+ wgIpsecEndpointPairPeerIPToTunnelNum OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of tunnels in the peeriptotunnel table. "
+ ::= { wgIpsecEndpointPairPeerIPToTunnel 1 }
+
+ wgIpsecEndpointPairPeerIPToTunnelTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF WGIpsecEndpointPairPeerIPToTunnelEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The peeriptotunnel table in the endpointpair mib."
+ ::= { wgIpsecEndpointPairPeerIPToTunnel 2 }
+
+ wgIpsecEndpointPairPeerIPToTunnelEntry OBJECT-TYPE
+ SYNTAX WGIpsecEndpointPairPeerIPToTunnelEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "An entry (conceptual row) containing the peer ip and tunnel
+ information."
+ INDEX {
+ wgIpsecEndpointPairPeerIPToTunnelPeerIP,
+ wgIpsecEndpointPairPeerIPToTunnelTunnelID
+ }
+ ::= { wgIpsecEndpointPairPeerIPToTunnelTable 1 }
+
+ WGIpsecEndpointPairPeerIPToTunnelEntry ::= SEQUENCE {
+
+ wgIpsecEndpointPairPeerIPToTunnelPeerIP IpAddress,
+ wgIpsecEndpointPairPeerIPToTunnelTunnelID Unsigned32
+ }
+
+ wgIpsecEndpointPairPeerIPToTunnelPeerIP OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The peer ip of the peeriptotunnel table."
+ ::= {wgIpsecEndpointPairPeerIPToTunnelEntry 1}
+
+ wgIpsecEndpointPairPeerIPToTunnelTunnelID OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The tunnel id of the peeriptotunnel table."
+ ::= {wgIpsecEndpointPairPeerIPToTunnelEntry 2}
+
+END
+
diff --git a/MIBS/watchguard/WATCHGUARD-IPSEC-SA-MON-MIB-EXT b/MIBS/watchguard/WATCHGUARD-IPSEC-SA-MON-MIB-EXT
new file mode 100644
index 0000000..da1f2d8
--- /dev/null
+++ b/MIBS/watchguard/WATCHGUARD-IPSEC-SA-MON-MIB-EXT
@@ -0,0 +1,1831 @@
+WATCHGUARD-IPSEC-SA-MON-MIB-EXT DEFINITIONS ::= BEGIN
+
+ IMPORTS
+ MODULE-IDENTITY, OBJECT-TYPE, Counter32, Gauge32,
+ Integer32, Integer32, NOTIFICATION-TYPE,
+ OBJECT-IDENTITY, enterprises
+ FROM SNMPv2-SMI
+ TEXTUAL-CONVENTION, TruthValue
+ FROM SNMPv2-TC
+ ifIndex FROM RFC1213-MIB
+ IpsecDoiIdentType,
+ IpsecDoiEncapsulationMode,
+ IpsecDoiEspTransform,
+ IpsecDoiAhTransform,
+ IpsecDoiAuthAlgorithm,
+ IpsecDoiIpcompTransform,
+ IpsecDoiSecProtocolId
+ FROM IPSEC-ISAKMP-IKE-DOI-TC
+ watchguard
+ FROM WATCHGUARD-SMI;
+
+ wgIpsecSaMonModule MODULE-IDENTITY
+ LAST-UPDATED "200701251200Z"
+ ORGANIZATION "WatchGuard Technologies, Inc."
+ CONTACT-INFO
+ " WatchGuard Technologies, Inc.
+ 505 Fifth Avenue South
+ Suite 500
+ Seattle, WA 98104
+ United States
+
+ +1.206.613.6600 "
+
+ DESCRIPTION
+ "The MIB module describes generic IPSec objects
+ defined in IETF working draft
+ 'draft-ieft-ipsec-monitor-mib-01' and WatchGuard's
+ extension."
+ REVISION "200701251200Z"
+ DESCRIPTION
+ "Initial revision."
+ ::= { watchguard 3 }
+
+ IpsecSaCreatorIdent ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "d"
+ STATUS current
+ DESCRIPTION
+ "A value indicating how an SA was created."
+ SYNTAX INTEGER {
+ unknown(0),
+ static(1), -- statically created
+ ike(2), -- IKE
+ other(3)
+ }
+
+ IpsecIpv6Address ::= TEXTUAL-CONVENTION
+ DISPLAY-HINT "2x:2x:2x:2x:2x:2x:1d.1d.1d.1d"
+ STATUS current
+ DESCRIPTION
+ "This data type is used to model IPv6 address prefixes. This
+ is a binary string of 16 octets in network byte-order."
+ SYNTAX OCTET STRING (SIZE (16))
+
+ wgIpsecSaMonitorMIB OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all IPSec branches."
+ ::= { wgIpsecSaMonModule 1 }
+
+ -- significant branches
+
+ wgSaTables OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all SA tables."
+ ::= { wgIpsecSaMonitorMIB 1 }
+
+ wgSaStatistics OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all objects which
+ are global counters for IPSec security associations."
+ ::= { wgIpsecSaMonitorMIB 2 }
+
+ wgSaErrors OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all objects which
+ are global error counters for IPSec security associations."
+ ::= { wgIpsecSaMonitorMIB 3 }
+
+ -- the IPSec Inbound ESP MIB-Group
+ --
+ -- a collection of objects providing information about
+ -- IPSec Inbound ESP SAs
+
+ wgIpsecSaEspInTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF WGIpsecSaEspInEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The (conceptual) table containing information on IPSec
+ inbound ESP SAs.
+
+ There should be one row for every inbound ESP security
+ association that exists in the entity. The maximum number of
+ rows is implementation dependent."
+ ::= { wgSaTables 1 }
+
+ wgIpsecSaEspInEntry OBJECT-TYPE
+ SYNTAX WGIpsecSaEspInEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "An entry (conceptual row) containing the information on a
+ particular IPSec inbound ESP SA.
+
+ A row in this table cannot be created or deleted by SNMP
+ operations on columns of the table."
+ INDEX{ wgIpsecSaEspInAddress, wgIpsecSaEspInSpi }
+ ::= { wgIpsecSaEspInTable 1 }
+
+ WGIpsecSaEspInEntry ::= SEQUENCE {
+
+ wgIpsecSaEspInAddress IpAddress,
+ wgIpsecSaEspInSpi Unsigned32,
+
+ wgIpsecSaEspInDestId OCTET STRING,
+ wgIpsecSaEspInDestIdType IpsecDoiIdentType,
+ wgIpsecSaEspInSourceId OCTET STRING,
+ wgIpsecSaEspInSourceIdType IpsecDoiIdentType,
+ wgIpsecSaEspInProtocol Integer32,
+ wgIpsecSaEspInDestPort Integer32,
+ wgIpsecSaEspInSourcePort Integer32,
+
+ wgIpsecSaEspInCreator IpsecSaCreatorIdent,
+
+ wgIpsecSaEspInEncapsulation IpsecDoiEncapsulationMode,
+ wgIpsecSaEspInEncAlg IpsecDoiEspTransform,
+ wgIpsecSaEspInEncKeyLength Integer32,
+ wgIpsecSaEspInAuthAlg IpsecDoiAuthAlgorithm,
+
+ wgIpsecSaEspInLimitSeconds Integer32,
+ wgIpsecSaEspInLimitKbytes Integer32,
+
+ wgIpsecSaEspInAccSeconds Counter32,
+ wgIpsecSaEspInAccKbytes Counter32,
+ wgIpsecSaEspInUserOctets Counter32,
+ wgIpsecSaEspInPackets Counter32,
+
+ wgIpsecSaEspInDecryptErrors Counter32,
+ wgIpsecSaEspInAuthErrors Counter32,
+ wgIpsecSaEspInReplayErrors Counter32,
+ wgIpsecSaEspInPolicyErrors Counter32,
+ wgIpsecSaEspInPadErrors Counter32,
+ wgIpsecSaEspInOtherReceiveErrors Counter32
+
+
+ }
+
+ wgIpsecSaEspInAddress OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The destination address of the SA.
+
+ For implementations that do not support IPv6, this address
+ should appear as one of the IPv4-mapped IPv6 addresses as
+ defined in Section 2.5.4 of [IPV6AA].
+
+ Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
+ used for IPv4 only nodes, while the prefix
+ '0000:0000:0000:0000:0000:0000:' is used for bi-lingual
+ nodes."
+ ::= { wgIpsecSaEspInEntry 1 }
+
+ wgIpsecSaEspInSpi OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The security parameters index of the SA."
+ REFERENCE "RFC 2406 Section 2.1"
+ ::= { wgIpsecSaEspInEntry 2 }
+
+ wgIpsecSaEspInDestId OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (1..255))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The destination identifier of the SA, or 0 if unknown or if
+ the SA uses transport mode encapsulation.
+
+ This value is taken directly from the optional ID payloads
+ that are exchanged during SA creation negotiation."
+ ::= { wgIpsecSaEspInEntry 3 }
+
+ wgIpsecSaEspInDestIdType OBJECT-TYPE
+ SYNTAX IpsecDoiIdentType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of identifier presented by 'wgIpsecSaEspInDestId',
+ or 0 if unknown or if the SA uses transport mode
+ encapsulation."
+ ::= { wgIpsecSaEspInEntry 4 }
+
+ wgIpsecSaEspInSourceId OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (1..255))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The source identifier of the SA, or 0 if unknown or if the
+ SA uses transport mode encapsulation.
+
+ This value is taken directly from the optional ID payloads
+ that are exchange during SA creation negotiation."
+ ::= { wgIpsecSaEspInEntry 5 }
+
+ wgIpsecSaEspInSourceIdType OBJECT-TYPE
+ SYNTAX IpsecDoiIdentType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of identifier presented by 'wgIpsecSaEspInSourceId',
+ or 0 if unknown or if the SA uses transport mode
+ encapsulation."
+ ::= { wgIpsecSaEspInEntry 6 }
+
+ wgIpsecSaEspInProtocol OBJECT-TYPE
+ SYNTAX Integer32 (0..255)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The transport-layer protocol number that this SA carries,
+ or 0 if it carries any protocol."
+ REFERENCE "RFC2401 section 4.4.2"
+ ::= { wgIpsecSaEspInEntry 7 }
+
+ wgIpsecSaEspInDestPort OBJECT-TYPE
+ SYNTAX Integer32 (0.. 65535)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The destination port number of the protocol that this SA
+ carries, or 0 if it carries any port number."
+ REFERENCE "RFC2401 section 4.4.2"
+ ::= { wgIpsecSaEspInEntry 8 }
+
+ wgIpsecSaEspInSourcePort OBJECT-TYPE
+ SYNTAX Integer32 (0.. 65535)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The source port number of the protocol that this SA
+ carries, or 0 if it carries any port number."
+ REFERENCE "RFC2401 section 4.4.2"
+ ::= { wgIpsecSaEspInEntry 9 }
+
+ wgIpsecSaEspInCreator OBJECT-TYPE
+ SYNTAX IpsecSaCreatorIdent
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The creator of this SA.
+
+ This MIB makes no assumptions about how the SAs are created.
+ They may be created statically, or by a key exchange
+ protocol such as IKE, or by some other method."
+ ::= { wgIpsecSaEspInEntry 10 }
+
+ wgIpsecSaEspInEncapsulation OBJECT-TYPE
+ SYNTAX IpsecDoiEncapsulationMode
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of encapsulation used by this SA."
+ ::= { wgIpsecSaEspInEntry 11 }
+
+ wgIpsecSaEspInEncAlg OBJECT-TYPE
+ SYNTAX IpsecDoiEspTransform
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "A unique value representing the encryption algorithm
+ applied to traffic or 0 if there is no encryption used."
+ ::= { wgIpsecSaEspInEntry 12 }
+
+ wgIpsecSaEspInEncKeyLength OBJECT-TYPE
+ SYNTAX Integer32 (0..65531)
+ UNITS "bits"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The length of the encryption key in bits used for the
+ algorithm specified in the 'wgIpsecSaEspInEncAlg' object, or 0
+ if the key length is implicit in the specified algorithm or
+ there is no encryption specified."
+ ::= { wgIpsecSaEspInEntry 13 }
+
+ wgIpsecSaEspInAuthAlg OBJECT-TYPE
+ SYNTAX IpsecDoiAuthAlgorithm
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "A unique value representing the hash algorithm applied to
+ traffic or 0 if there is no authentication used."
+ ::= { wgIpsecSaEspInEntry 14 }
+
+ wgIpsecSaEspInLimitSeconds OBJECT-TYPE
+ SYNTAX Integer32
+ UNITS "seconds"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The maximum lifetime in seconds of the SA, or 0 if there is
+ no time constraint on its expiration.
+ The display value is limited to 4294967295 seconds (more
+ than 136 years); values greater than that value will be
+ truncated."
+ ::= { wgIpsecSaEspInEntry 15 }
+
+ wgIpsecSaEspInLimitKbytes OBJECT-TYPE
+ SYNTAX Integer32
+ UNITS "kilobytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The maximum traffic in kilobytes that the SA is allowed to
+ support, or 0 if there is no traffic constraint on its
+ expiration.
+
+ The display value is limited to 4294967295 kilobytes; values
+ greater than that value will be truncated."
+ ::= { wgIpsecSaEspInEntry 16 }
+
+ wgIpsecSaEspInAccSeconds OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "seconds"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of seconds accumulated against the SA's
+ expiration by time.
+
+ This is also the number of seconds that the SA has existed."
+ ::= { wgIpsecSaEspInEntry 17 }
+
+ wgIpsecSaEspInAccKbytes OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "kilobytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The amount of traffic accumulated that counts against the
+ SA's expiration by traffic limitation, measured in Kbytes.
+
+ This value may be 0 if the SA does not expire based on
+ traffic."
+ ::= { wgIpsecSaEspInEntry 18 }
+
+ wgIpsecSaEspInUserOctets OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "bytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The amount of user level traffic measured in bytes handled
+ by the SA.
+
+ This is not necessarily the same as the amount of traffic
+ applied against the traffic expiration limit."
+ ::= { wgIpsecSaEspInEntry 19 }
+
+ wgIpsecSaEspInPackets OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of packets handled by the SA."
+ ::= { wgIpsecSaEspInEntry 20 }
+
+ wgIpsecSaEspInDecryptErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaEspInEntry 21 }
+
+ wgIpsecSaEspInAuthErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of packets discarded by the SA due to
+ authentication errors."
+ ::= { wgIpsecSaEspInEntry 22 }
+
+ wgIpsecSaEspInReplayErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of packets discarded by the SA due to replay
+ errors."
+ ::= { wgIpsecSaEspInEntry 23 }
+
+ wgIpsecSaEspInPolicyErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaEspInEntry 24 }
+
+ wgIpsecSaEspInPadErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaEspInEntry 25 }
+
+ wgIpsecSaEspInOtherReceiveErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaEspInEntry 26 }
+
+ -- the IPSec Inbound AH MIB-Group
+ --
+ -- a collection of objects providing information about
+ -- IPSec Inbound AH SAs
+
+ wgIpsecSaAhInTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF WGIpsecSaAhInEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The (conceptual) table containing information on IPSec
+ inbound AH SAs.
+ There should be one row for every inbound AH security
+ association that exists in the entity. The maximum number of
+ rows is implementation dependent."
+ ::= { wgSaTables 2 }
+
+ wgIpsecSaAhInEntry OBJECT-TYPE
+ SYNTAX WGIpsecSaAhInEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "An entry (conceptual row) containing the information on a
+ particular IPSec inbound AH SA.
+
+ A row in this table cannot be created or deleted by SNMP
+ operations on columns of the table."
+ INDEX{ wgIpsecSaAhInAddress, wgIpsecSaAhInSpi }
+ ::= { wgIpsecSaAhInTable 1 }
+
+ WGIpsecSaAhInEntry ::= SEQUENCE {
+
+ wgIpsecSaAhInAddress IpAddress,
+ wgIpsecSaAhInSpi Integer32,
+
+ wgIpsecSaAhInDestId OCTET STRING,
+ wgIpsecSaAhInDestIdType IpsecDoiIdentType,
+ wgIpsecSaAhInSourceId OCTET STRING,
+ wgIpsecSaAhInSourceIdType IpsecDoiIdentType,
+ wgIpsecSaAhInProtocol Integer32,
+ wgIpsecSaAhInDestPort Integer32,
+ wgIpsecSaAhInSourcePort Integer32,
+
+ wgIpsecSaAhInCreator IpsecSaCreatorIdent,
+
+ wgIpsecSaAhInEncapsulation IpsecDoiEncapsulationMode,
+ wgIpsecSaAhInAuthAlg IpsecDoiAhTransform,
+
+ wgIpsecSaAhInLimitSeconds Integer32,
+ wgIpsecSaAhInLimitKbytes Integer32,
+
+ wgIpsecSaAhInAccSeconds Counter32,
+ wgIpsecSaAhInAccKbytes Counter32,
+ wgIpsecSaAhInUserOctets Counter32,
+ wgIpsecSaAhInPackets Counter32,
+
+ -- error statistics
+ wgIpsecSaAhInAuthErrors Counter32,
+ wgIpsecSaAhInReplayErrors Counter32,
+ wgIpsecSaAhInPolicyErrors Counter32,
+ wgIpsecSaAhInOtherReceiveErrors Counter32
+ }
+
+ wgIpsecSaAhInAddress OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The destination address of the SA.
+
+ For implementations that do not support IPv6, this address
+ should appear as one of the IPv4-mapped IPv6 addresses as
+ defined in Section 2.5.4 of [IPV6AA].
+
+ Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
+ used for IPv4 only nodes, while the prefix
+ '0000:0000:0000:0000:0000:0000:' is used for bi-lingual
+ nodes."
+ ::= { wgIpsecSaAhInEntry 1 }
+
+ wgIpsecSaAhInSpi OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The security parameters index of the SA."
+ REFERENCE "RFC 2402 Section 2.4"
+ ::= { wgIpsecSaAhInEntry 2 }
+
+ wgIpsecSaAhInDestId OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (1..255))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The destination identifier of the SA, or 0 if unknown or if
+ the SA uses transport mode encapsulation.
+
+ This value is taken directly from the optional ID payloads
+ that are exchange during SA creation negotiation."
+ ::= { wgIpsecSaAhInEntry 3 }
+
+ wgIpsecSaAhInDestIdType OBJECT-TYPE
+ SYNTAX IpsecDoiIdentType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of identifier presented by 'wgIpsecSaAhInDestId', or
+ 0 if unknown or if the SA uses transport mode
+ encapsulation."
+ ::= { wgIpsecSaAhInEntry 4 }
+
+ wgIpsecSaAhInSourceId OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (1..255))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The source identifier of the SA, or 0 if unknown or if the
+ SA uses transport mode encapsulation.
+
+ This value is taken directly from the optional ID payloads
+ that are exchange during SA creation negotiation."
+ ::= { wgIpsecSaAhInEntry 5 }
+
+ wgIpsecSaAhInSourceIdType OBJECT-TYPE
+ SYNTAX IpsecDoiIdentType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of identifier presented by 'wgIpsecSaAhInSourceId',
+ or 0 if unknown or if the SA uses transport mode
+ encapsulation."
+ ::= { wgIpsecSaAhInEntry 6 }
+
+ wgIpsecSaAhInProtocol OBJECT-TYPE
+ SYNTAX Integer32 (0..255)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The transport-layer protocol number that this SA carries,
+ or 0 if it carries any protocol."
+ REFERENCE "RFC2401 section 4.4.2"
+ ::= { wgIpsecSaAhInEntry 7 }
+
+ wgIpsecSaAhInDestPort OBJECT-TYPE
+ SYNTAX Integer32 (0.. 65535)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The destination port number of the protocol that this SA
+ carries, or 0 if it carries any port number."
+ REFERENCE "RFC2401 section 4.4.2"
+ ::= { wgIpsecSaAhInEntry 8 }
+
+ wgIpsecSaAhInSourcePort OBJECT-TYPE
+ SYNTAX Integer32 (0.. 65535)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The source port number of the protocol that this SA
+ carries, or 0 if it carries any port number."
+ REFERENCE "RFC2401 section 4.4.2"
+ ::= { wgIpsecSaAhInEntry 9 }
+
+ wgIpsecSaAhInCreator OBJECT-TYPE
+ SYNTAX IpsecSaCreatorIdent
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The creator of this SA.
+
+ This MIB makes no assumptions about how the SAs are created.
+ They may be created statically, or by a key exchange
+ protocol such as IKE, or by some other method."
+ ::= { wgIpsecSaAhInEntry 10 }
+
+ wgIpsecSaAhInEncapsulation OBJECT-TYPE
+ SYNTAX IpsecDoiEncapsulationMode
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of encapsulation used by this SA."
+ ::= { wgIpsecSaAhInEntry 11 }
+
+ wgIpsecSaAhInAuthAlg OBJECT-TYPE
+ SYNTAX IpsecDoiAhTransform
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "A unique value representing the hash algorithm applied to
+ traffic carried by this SA if it uses ESP or 0 if there is
+ no authentication applied by ESP."
+ ::= { wgIpsecSaAhInEntry 12 }
+
+ wgIpsecSaAhInLimitSeconds OBJECT-TYPE
+ SYNTAX Integer32
+ UNITS "seconds"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The maximum lifetime in seconds of the SA, or 0 if there is
+ no time constraint on its expiration.
+
+ The display value is limited to 4294967295 seconds (more
+ than 136 years); values greater than that value will be
+ truncated."
+ ::= { wgIpsecSaAhInEntry 13 }
+
+ wgIpsecSaAhInLimitKbytes OBJECT-TYPE
+ SYNTAX Integer32
+ UNITS "kilobytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The maximum traffic in Kbytes that the SA is allowed to
+ support, or 0 if there is no traffic constraint on its
+ expiration.
+
+ The display value is limited to 4294967295 kilobytes; values
+ greater than that value will be truncated."
+ ::= { wgIpsecSaAhInEntry 14 }
+
+ wgIpsecSaAhInAccSeconds OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "seconds"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of seconds accumulated against the SA's
+ expiration by time.
+
+ This is also the number of seconds that the SA has existed."
+ ::= { wgIpsecSaAhInEntry 15 }
+
+ wgIpsecSaAhInAccKbytes OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "kilobytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The amount of traffic accumulated that counts against the
+ SA's expiration by traffic limitation, measured in Kbytes.
+ This value may be 0 if the SA does not expire based on
+ traffic."
+ ::= { wgIpsecSaAhInEntry 16 }
+
+ wgIpsecSaAhInUserOctets OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "bytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The amount of user level traffic measured in bytes handled
+ by the SA.
+
+ This is not necessarily the same as the amount of traffic
+ applied against the traffic expiration limit."
+ ::= { wgIpsecSaAhInEntry 17 }
+
+ wgIpsecSaAhInPackets OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of packets handled by the SA."
+ ::= { wgIpsecSaAhInEntry 18 }
+
+ wgIpsecSaAhInAuthErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of packets discarded by the SA due to
+ authentication errors."
+ ::= { wgIpsecSaAhInEntry 19 }
+
+ wgIpsecSaAhInReplayErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of packets discarded by the SA due to replay
+ errors."
+ ::= { wgIpsecSaAhInEntry 20 }
+
+ wgIpsecSaAhInPolicyErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaAhInEntry 21 }
+
+ wgIpsecSaAhInOtherReceiveErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaAhInEntry 22 }
+
+
+ -- the IPSec Inbound IPCOMP MIB-Group
+ --
+ -- a collection of objects providing information about
+ -- IPSec Inbound IPCOMP SAs
+
+ wgIpsecSaIpcompInTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF WGIpsecSaIpcompInEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The (conceptual) table containing information on IPSec
+ inbound IPCOMP SAs.
+
+ There should be one row for every inbound IPCOMP (security)
+ association that exists in the entity. The maximum number of
+ rows is implementation dependent."
+ ::= { wgSaTables 3 }
+
+ wgIpsecSaIpcompInEntry OBJECT-TYPE
+ SYNTAX WGIpsecSaIpcompInEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "An entry (conceptual row) containing the information on a
+ particular IPSec inbound IPCOMP SA.
+ A row in this table cannot be created or deleted by SNMP
+ operations on columns of the table."
+ INDEX{ wgIpsecSaIpcompInAddress, wgIpsecSaIpcompInCpi }
+ ::= { wgIpsecSaIpcompInTable 1 }
+
+ WGIpsecSaIpcompInEntry ::= SEQUENCE {
+
+ wgIpsecSaIpcompInAddress IpAddress,
+ wgIpsecSaIpcompInCpi IpsecDoiIpcompTransform,
+
+ wgIpsecSaIpcompInDestId OCTET STRING,
+ wgIpsecSaIpcompInDestIdType IpsecDoiIdentType,
+ wgIpsecSaIpcompInSourceId OCTET STRING,
+ wgIpsecSaIpcompInSourceIdType IpsecDoiIdentType,
+ wgIpsecSaIpcompInProtocol Integer32,
+ wgIpsecSaIpcompInDestPort Integer32,
+ wgIpsecSaIpcompInSourcePort Integer32,
+
+ wgIpsecSaIpcompInCreator IpsecSaCreatorIdent,
+
+ wgIpsecSaIpcompInEncapsulation IpsecDoiEncapsulationMode,
+ wgIpsecSaIpcompInDecompAlg IpsecDoiIpcompTransform,
+
+ wgIpsecSaIpcompInSeconds Counter32,
+ wgIpsecSaIpcompInUserOctets Counter32,
+ wgIpsecSaIpcompInPackets Counter32,
+
+ wgIpsecSaIpcompInDecompErrors Counter32,
+ wgIpsecSaIpcompInOtherReceiveErrors Counter32
+ }
+
+ wgIpsecSaIpcompInAddress OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompInEntry 1 }
+
+ wgIpsecSaIpcompInCpi OBJECT-TYPE
+ SYNTAX IpsecDoiIpcompTransform
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ REFERENCE "RFC 2393 Section 3.3"
+ ::= { wgIpsecSaIpcompInEntry 2 }
+
+ wgIpsecSaIpcompInDestId OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (1..255))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompInEntry 3 }
+
+ wgIpsecSaIpcompInDestIdType OBJECT-TYPE
+ SYNTAX IpsecDoiIdentType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompInEntry 4 }
+
+ wgIpsecSaIpcompInSourceId OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (1..255))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompInEntry 5 }
+
+ wgIpsecSaIpcompInSourceIdType OBJECT-TYPE
+ SYNTAX IpsecDoiIdentType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompInEntry 6 }
+
+ wgIpsecSaIpcompInProtocol OBJECT-TYPE
+ SYNTAX Integer32 (0..255)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompInEntry 7 }
+
+ wgIpsecSaIpcompInDestPort OBJECT-TYPE
+ SYNTAX Integer32 (0.. 65535)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompInEntry 8 }
+
+ wgIpsecSaIpcompInSourcePort OBJECT-TYPE
+ SYNTAX Integer32 (0.. 65535)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompInEntry 9 }
+
+ wgIpsecSaIpcompInCreator OBJECT-TYPE
+ SYNTAX IpsecSaCreatorIdent
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompInEntry 10 }
+
+ wgIpsecSaIpcompInEncapsulation OBJECT-TYPE
+ SYNTAX IpsecDoiEncapsulationMode
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompInEntry 11 }
+
+ wgIpsecSaIpcompInDecompAlg OBJECT-TYPE
+ SYNTAX IpsecDoiIpcompTransform
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompInEntry 12 }
+
+ wgIpsecSaIpcompInSeconds OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "seconds"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompInEntry 13 }
+
+ wgIpsecSaIpcompInUserOctets OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "bytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompInEntry 14 }
+
+ wgIpsecSaIpcompInPackets OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompInEntry 15 }
+
+ wgIpsecSaIpcompInDecompErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompInEntry 16 }
+
+ wgIpsecSaIpcompInOtherReceiveErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompInEntry 17 }
+
+
+ -- the IPSec Outbound ESP MIB-Group
+ --
+ -- a collection of objects providing information about
+ -- IPSec Outbound ESP SAs
+
+ wgIpsecSaEspOutTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF WGIpsecSaEspOutEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The (conceptual) table containing information on IPSec
+ Outbound ESP SAs.
+
+ There should be one row for every outbound ESP security
+ association that exists in the entity. The maximum number of
+ rows is implementation dependent."
+ ::= { wgSaTables 4 }
+
+ wgIpsecSaEspOutEntry OBJECT-TYPE
+ SYNTAX WGIpsecSaEspOutEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "An entry (conceptual row) containing the information on a
+ particular IPSec Outbound ESP SA.
+
+ A row in this table cannot be created or deleted by SNMP
+ operations on columns of the table."
+ INDEX{ wgIpsecSaEspOutAddress, wgIpsecSaEspOutSpi }
+ ::= { wgIpsecSaEspOutTable 1 }
+
+ WGIpsecSaEspOutEntry ::= SEQUENCE {
+
+ wgIpsecSaEspOutAddress IpAddress,
+ wgIpsecSaEspOutSpi Unsigned32,
+
+ wgIpsecSaEspOutSourceId OCTET STRING,
+ wgIpsecSaEspOutSourceIdType IpsecDoiIdentType,
+ wgIpsecSaEspOutDestId OCTET STRING,
+ wgIpsecSaEspOutDestIdType IpsecDoiIdentType,
+ wgIpsecSaEspOutProtocol Integer32,
+ wgIpsecSaEspOutSourcePort Integer32,
+ wgIpsecSaEspOutDestPort Integer32,
+
+ wgIpsecSaEspOutCreator IpsecSaCreatorIdent,
+
+ wgIpsecSaEspOutEncapsulation IpsecDoiEncapsulationMode,
+ wgIpsecSaEspOutEncAlg IpsecDoiEspTransform,
+ wgIpsecSaEspOutEncKeyLength Integer32,
+ wgIpsecSaEspOutAuthAlg IpsecDoiAuthAlgorithm,
+
+ wgIpsecSaEspOutLimitSeconds Integer32,
+ wgIpsecSaEspOutLimitKbytes Integer32,
+
+ wgIpsecSaEspOutAccSeconds Counter32,
+ wgIpsecSaEspOutAccKbytes Counter32,
+ wgIpsecSaEspOutUserOctets Counter32,
+ wgIpsecSaEspOutPackets Counter32,
+
+ wgIpsecSaEspOutSendErrors Counter32
+ }
+
+
+ wgIpsecSaEspOutAddress OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The destination address of the SA.
+
+ For implementations that do not support IPv6, this address
+ should appear as one of the IPv4-mapped IPv6 addresses as
+ defined in Section 2.5.4 of [IPV6AA].
+
+ Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
+ used for IPv4 only nodes, while the prefix
+ '0000:0000:0000:0000:0000:0000:' is used for bi-lingual
+ nodes."
+ ::= { wgIpsecSaEspOutEntry 1 }
+
+ wgIpsecSaEspOutSpi OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The security parameters index of the SA."
+ REFERENCE "RFC 2406 Section 2.1"
+ ::= { wgIpsecSaEspOutEntry 2 }
+
+ wgIpsecSaEspOutSourceId OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (4..255))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The source identifier of the SA, or 0 if unknown or if the
+ SA uses transport mode encapsulation.
+
+ This value is taken directly from the optional ID payloads
+ that are exchange during phase 2 negotiations."
+ ::= { wgIpsecSaEspOutEntry 3 }
+
+ wgIpsecSaEspOutSourceIdType OBJECT-TYPE
+ SYNTAX IpsecDoiIdentType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of identifier presented by
+ 'wgIpsecSaEspOutSourceId', or 0 if unknown or if the SA uses
+ transport mode encapsulation."
+ ::= { wgIpsecSaEspOutEntry 4 }
+
+ wgIpsecSaEspOutDestId OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (4..255))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The destination identifier of the SA, or 0 if unknown or if
+ the SA uses transport mode encapsulation.
+
+ This value is taken directly from the optional ID payloads
+ that are exchange during phase 2 negotiations."
+ ::= { wgIpsecSaEspOutEntry 5 }
+
+ wgIpsecSaEspOutDestIdType OBJECT-TYPE
+ SYNTAX IpsecDoiIdentType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of identifier presented by 'wgIpsecSaEspOutDestId',
+ or 0 if unknown or if the SA uses transport mode
+ encapsulation."
+ ::= { wgIpsecSaEspOutEntry 6 }
+
+ wgIpsecSaEspOutProtocol OBJECT-TYPE
+ SYNTAX Integer32 (0..255)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The transport-layer protocol number that this SA carries,
+ or 0 if it carries any protocol."
+ REFERENCE "RFC2401 section 4.4.2"
+ ::= { wgIpsecSaEspOutEntry 7 }
+
+ wgIpsecSaEspOutSourcePort OBJECT-TYPE
+ SYNTAX Integer32 (0.. 65535)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The source port number of the protocol that this SA
+ carries, or 0 if it carries any port number."
+ REFERENCE "RFC2401 section 4.4.2"
+ ::= { wgIpsecSaEspOutEntry 8 }
+
+ wgIpsecSaEspOutDestPort OBJECT-TYPE
+ SYNTAX Integer32 (0.. 65535)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The destination port number of the protocol that this SA
+ carries, or 0 if it carries any port number."
+ REFERENCE "RFC2401 section 4.4.2"
+ ::= { wgIpsecSaEspOutEntry 9 }
+
+ wgIpsecSaEspOutCreator OBJECT-TYPE
+ SYNTAX IpsecSaCreatorIdent
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The creator of this SA.
+
+ This MIB makes no assumptions about how the SAs are created.
+ They may be created statically, or by a key exchange
+ protocol such as IKE, or by some other method."
+ ::= { wgIpsecSaEspOutEntry 10 }
+
+ wgIpsecSaEspOutEncapsulation OBJECT-TYPE
+ SYNTAX IpsecDoiEncapsulationMode
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of encapsulation used by this SA."
+ ::= { wgIpsecSaEspOutEntry 11 }
+
+ wgIpsecSaEspOutEncAlg OBJECT-TYPE
+ SYNTAX IpsecDoiEspTransform
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "A unique value representing the encryption algorithm
+ applied to traffic or 0 if there is no encryption used."
+ ::= { wgIpsecSaEspOutEntry 12 }
+
+ wgIpsecSaEspOutEncKeyLength OBJECT-TYPE
+ SYNTAX Integer32 (0..65531)
+ UNITS "bits"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The length of the encryption key in bits used for the
+ algorithm specified in the 'wgIpsecSaEspOutEncAlg' object, or
+ 0 if the key length is implicit in the specified algorithm
+ or there is no encryption specified."
+ ::= { wgIpsecSaEspOutEntry 13 }
+
+ wgIpsecSaEspOutAuthAlg OBJECT-TYPE
+ SYNTAX IpsecDoiAuthAlgorithm
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "A unique value representing the hash algorithm applied to
+ traffic or 0 if there is no authentication used."
+ ::= { wgIpsecSaEspOutEntry 14 }
+
+ wgIpsecSaEspOutLimitSeconds OBJECT-TYPE
+ SYNTAX Integer32
+ UNITS "seconds"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The maximum lifetime in seconds of the SA, or 0 if there is
+ no time constraint on its expiration.
+
+ The display value is limited to 4294967295 seconds (more
+ than 136 years); values greater than that value will be
+ truncated."
+ ::= { wgIpsecSaEspOutEntry 15 }
+
+ wgIpsecSaEspOutLimitKbytes OBJECT-TYPE
+ SYNTAX Integer32
+ UNITS "kilobytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The maximum traffic in kbytes that the SA is allowed to
+ support, or 0 if there is no traffic constraint on its
+ expiration.
+
+ The display value is limited to 4294967295 kilobytes; values
+ greater than that value will be truncated."
+ ::= { wgIpsecSaEspOutEntry 16 }
+
+ wgIpsecSaEspOutAccSeconds OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "seconds"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of seconds accumulated against the SA's
+ expiration by time.
+
+ This is also the number of seconds that the SA has existed."
+ ::= { wgIpsecSaEspOutEntry 17 }
+
+ wgIpsecSaEspOutAccKbytes OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "kilobytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The amount of traffic accumulated that counts against the
+ SA's expiration by traffic limitation, measured in Kbytes.
+
+ This value may be 0 if the SA does not expire based on
+ traffic."
+ ::= { wgIpsecSaEspOutEntry 18 }
+
+ wgIpsecSaEspOutUserOctets OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "bytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The amount of user level traffic measured in bytes handled
+ by the SA.
+
+ This is not necessarily the same as the amount of traffic
+ applied against the traffic expiration limit."
+ ::= { wgIpsecSaEspOutEntry 19 }
+
+ wgIpsecSaEspOutPackets OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of packets handled by the SA."
+ ::= { wgIpsecSaEspOutEntry 20 }
+
+ wgIpsecSaEspOutSendErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaEspOutEntry 21 }
+
+
+ -- the IPSec Outbound AH MIB-Group
+ --
+ -- a collection of objects providing information about
+ -- IPSec Outbound AH SAs
+
+ wgIpsecSaAhOutTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF WGIpsecSaAhOutEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "The (conceptual) table containing information on IPSec
+ Outbound AH SAs.
+
+ There should be one row for every outbound AH security
+ association that exists in the entity. The maximum number of
+ rows is implementation dependent."
+ ::= { wgSaTables 5 }
+
+ wgIpsecSaAhOutEntry OBJECT-TYPE
+ SYNTAX WGIpsecSaAhOutEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "An entry (conceptual row) containing the information on a
+ particular IPSec Outbound AH SA.
+
+ A row in this table cannot be created or deleted by SNMP
+ operations on columns of the table."
+ INDEX{ wgIpsecSaAhOutAddress, wgIpsecSaAhOutSpi }
+ ::= { wgIpsecSaAhOutTable 1 }
+
+ WGIpsecSaAhOutEntry ::= SEQUENCE {
+
+ wgIpsecSaAhOutAddress IpAddress,
+ wgIpsecSaAhOutSpi Integer32,
+
+ wgIpsecSaAhOutSourceId OCTET STRING,
+ wgIpsecSaAhOutSourceIdType IpsecDoiIdentType,
+ wgIpsecSaAhOutDestId OCTET STRING,
+ wgIpsecSaAhOutDestIdType IpsecDoiIdentType,
+ wgIpsecSaAhOutProtocol Integer32,
+ wgIpsecSaAhOutSourcePort Integer32,
+ wgIpsecSaAhOutDestPort Integer32,
+
+ wgIpsecSaAhOutCreator IpsecSaCreatorIdent,
+
+ wgIpsecSaAhOutEncapsulation IpsecDoiEncapsulationMode,
+ wgIpsecSaAhOutAuthAlg IpsecDoiAhTransform,
+
+ wgIpsecSaAhOutLimitSeconds Integer32,
+ wgIpsecSaAhOutLimitKbytes Integer32,
+
+ wgIpsecSaAhOutAccSeconds Counter32,
+ wgIpsecSaAhOutAccKbytes Counter32,
+ wgIpsecSaAhOutUserOctets Counter32,
+ wgIpsecSaAhOutPackets Counter32,
+
+ wgIpsecSaAhOutSendErrors Counter32
+ }
+
+
+ wgIpsecSaAhOutAddress OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The destination address of the SA.
+
+ For implementations that do not support IPv6, this address
+ should appear as one of the IPv4-mapped IPv6 addresses as
+ defined in Section 2.5.4 of [IPV6AA].
+
+ Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
+ used for IPv4 only nodes, while the prefix
+ '0000:0000:0000:0000:0000:0000:' is used for bi-lingual
+ nodes."
+ ::= { wgIpsecSaAhOutEntry 1 }
+
+ wgIpsecSaAhOutSpi OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The security parameters index of the SA."
+ REFERENCE "RFC 2402 Section 2.4"
+ ::= { wgIpsecSaAhOutEntry 2 }
+
+ wgIpsecSaAhOutSourceId OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (4..255))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The source identifier of the SA, or 0 if unknown or if the
+ SA uses transport mode encapsulation.
+
+ This value is taken directly from the optional ID payloads
+ that are exchange during phase 2 negotiations."
+ ::= { wgIpsecSaAhOutEntry 3 }
+
+ wgIpsecSaAhOutSourceIdType OBJECT-TYPE
+ SYNTAX IpsecDoiIdentType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of identifier presented by 'wgIpsecSaAhOutSourceId',
+ or 0 if unknown or if the SA uses transport mode
+ encapsulation."
+ ::= { wgIpsecSaAhOutEntry 4 }
+
+ wgIpsecSaAhOutDestId OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (4..255))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The destination identifier of the SA, or 0 if unknown or if
+ the SA uses transport mode encapsulation.
+
+ This value is taken directly from the optional ID payloads
+ that are exchange during phase 2 negotiations."
+ ::= { wgIpsecSaAhOutEntry 5 }
+
+ wgIpsecSaAhOutDestIdType OBJECT-TYPE
+ SYNTAX IpsecDoiIdentType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of identifier presented by 'wgIpsecSaAhOutDestId',
+ or 0 if unknown or if the SA uses transport mode
+ encapsulation."
+ ::= { wgIpsecSaAhOutEntry 6 }
+
+ wgIpsecSaAhOutProtocol OBJECT-TYPE
+ SYNTAX Integer32 (0..255)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The transport-layer protocol number that this SA carries,
+ or 0 if it carries any protocol."
+ REFERENCE "RFC2401 section 4.4.2"
+ ::= { wgIpsecSaAhOutEntry 7 }
+
+ wgIpsecSaAhOutSourcePort OBJECT-TYPE
+ SYNTAX Integer32 (0.. 65535)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The source port number of the protocol that this SA
+ carries, or 0 if it carries any port number."
+ REFERENCE "RFC2401 section 4.4.2"
+ ::= { wgIpsecSaAhOutEntry 8 }
+
+ wgIpsecSaAhOutDestPort OBJECT-TYPE
+ SYNTAX Integer32 (0.. 65535)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The destination port number of the protocol that this SA
+ carries, or 0 if it carries any port number."
+ REFERENCE "RFC2401 section 4.4.2"
+ ::= { wgIpsecSaAhOutEntry 9 }
+
+ wgIpsecSaAhOutCreator OBJECT-TYPE
+ SYNTAX IpsecSaCreatorIdent
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The creator of this SA.
+
+ This MIB makes no assumptions about how the SAs are created.
+ They may be created statically, or by a key exchange
+ protocol such as IKE, or by some other method."
+ ::= { wgIpsecSaAhOutEntry 10 }
+
+ wgIpsecSaAhOutEncapsulation OBJECT-TYPE
+ SYNTAX IpsecDoiEncapsulationMode
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of encapsulation used by this SA."
+ ::= { wgIpsecSaAhOutEntry 11 }
+
+ wgIpsecSaAhOutAuthAlg OBJECT-TYPE
+ SYNTAX IpsecDoiAhTransform
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "A unique value representing the hash algorithm applied to
+ traffic or 0 if there is no authentication used."
+ ::= { wgIpsecSaAhOutEntry 12 }
+
+ wgIpsecSaAhOutLimitSeconds OBJECT-TYPE
+ SYNTAX Integer32
+ UNITS "seconds"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The maximum lifetime in seconds of the SA, or 0 if there is
+ no time constraint on its expiration.
+
+ The display value is limited to 4294967295 seconds (more
+ than 136 years); values greater than that value will be
+ truncated."
+ ::= { wgIpsecSaAhOutEntry 13 }
+
+ wgIpsecSaAhOutLimitKbytes OBJECT-TYPE
+ SYNTAX Integer32
+ UNITS "kilobytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The maximum traffic in Kbytes that the SA is allowed to
+ support, or 0 if there is no traffic constraint on its
+ expiration.
+
+ The display value is limited to 4294967295 kilobytes; values
+ greater than that value will be truncated."
+ ::= { wgIpsecSaAhOutEntry 14 }
+
+ wgIpsecSaAhOutAccSeconds OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "seconds"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of seconds accumulated against the SA's
+ expiration by time.
+
+ This is also the number of seconds that the SA has existed."
+ ::= { wgIpsecSaAhOutEntry 15 }
+
+ wgIpsecSaAhOutAccKbytes OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "kilobytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The amount of traffic accumulated that counts against the
+ SA's expiration by traffic limitation, measured in Kbytes.
+
+ This value may be 0 if the SA does not expire based on
+ traffic."
+ ::= { wgIpsecSaAhOutEntry 16 }
+
+ wgIpsecSaAhOutUserOctets OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "bytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The amount of user level traffic measured in bytes handled
+ by the SA.
+
+ This is not necessarily the same as the amount of traffic
+ applied against the traffic expiration limit."
+ ::= { wgIpsecSaAhOutEntry 17 }
+
+ wgIpsecSaAhOutPackets OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of packets handled by the SA."
+ ::= { wgIpsecSaAhOutEntry 18 }
+
+ wgIpsecSaAhOutSendErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaAhOutEntry 19 }
+
+
+ -- the IPSec Outbound IPCOMP MIB-Group
+ --
+ -- a collection of objects providing information about
+ -- IPSec Outbound IPCOMP SAs
+
+ wgIpsecSaIpcompOutTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF WGIpsecSaIpcompOutEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSaTables 6 }
+
+ wgIpsecSaIpcompOutEntry OBJECT-TYPE
+ SYNTAX WGIpsecSaIpcompOutEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ INDEX{ wgIpsecSaIpcompOutAddress, wgIpsecSaIpcompOutCpi }
+ ::= { wgIpsecSaIpcompOutTable 1 }
+
+ WGIpsecSaIpcompOutEntry ::= SEQUENCE {
+
+ wgIpsecSaIpcompOutAddress IpAddress,
+ wgIpsecSaIpcompOutCpi IpsecDoiIpcompTransform,
+
+ wgIpsecSaIpcompOutSourceId OCTET STRING,
+ wgIpsecSaIpcompOutSourceIdType IpsecDoiIdentType,
+ wgIpsecSaIpcompOutDestId OCTET STRING,
+ wgIpsecSaIpcompOutDestIdType IpsecDoiIdentType,
+ wgIpsecSaIpcompOutProtocol Integer32,
+ wgIpsecSaIpcompOutSourcePort Integer32,
+ wgIpsecSaIpcompOutDestPort Integer32,
+
+ wgIpsecSaIpcompOutCreator IpsecSaCreatorIdent,
+
+ wgIpsecSaIpcompOutEncapsulation IpsecDoiEncapsulationMode,
+ wgIpsecSaIpcompOutCompAlg IpsecDoiIpcompTransform,
+
+ wgIpsecSaIpcompOutSeconds Counter32,
+ wgIpsecSaIpcompOutUserOctets Counter32,
+ wgIpsecSaIpcompOutPackets Counter32
+ }
+
+ wgIpsecSaIpcompOutAddress OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompOutEntry 1 }
+
+ wgIpsecSaIpcompOutCpi OBJECT-TYPE
+ SYNTAX IpsecDoiIpcompTransform
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompOutEntry 2 }
+
+ wgIpsecSaIpcompOutSourceId OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (4..255))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompOutEntry 3 }
+
+ wgIpsecSaIpcompOutSourceIdType OBJECT-TYPE
+ SYNTAX IpsecDoiIdentType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompOutEntry 4 }
+
+ wgIpsecSaIpcompOutDestId OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (4..255))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompOutEntry 5 }
+
+ wgIpsecSaIpcompOutDestIdType OBJECT-TYPE
+ SYNTAX IpsecDoiIdentType
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompOutEntry 6 }
+
+ wgIpsecSaIpcompOutProtocol OBJECT-TYPE
+ SYNTAX Integer32 (0..255)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The transport-layer protocol number that this SA carries,
+ or 0 if it carries any protocol."
+ REFERENCE "RFC2401 section 4.4.2"
+ ::= { wgIpsecSaIpcompOutEntry 7 }
+
+ wgIpsecSaIpcompOutSourcePort OBJECT-TYPE
+ SYNTAX Integer32 (0.. 65535)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompOutEntry 8 }
+
+ wgIpsecSaIpcompOutDestPort OBJECT-TYPE
+ SYNTAX Integer32 (0.. 65535)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompOutEntry 9 }
+
+ wgIpsecSaIpcompOutCreator OBJECT-TYPE
+ SYNTAX IpsecSaCreatorIdent
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompOutEntry 10 }
+
+ wgIpsecSaIpcompOutEncapsulation OBJECT-TYPE
+ SYNTAX IpsecDoiEncapsulationMode
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompOutEntry 11 }
+
+ wgIpsecSaIpcompOutCompAlg OBJECT-TYPE
+ SYNTAX IpsecDoiIpcompTransform
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompOutEntry 12 }
+
+ wgIpsecSaIpcompOutSeconds OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "seconds"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompOutEntry 13 }
+
+ wgIpsecSaIpcompOutUserOctets OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "bytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecSaIpcompOutEntry 14 }
+
+ wgIpsecSaIpcompOutPackets OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of packets handled by the SA."
+ ::= { wgIpsecSaIpcompOutEntry 15 }
+
+
+ --
+ -- entity IPSec statistics
+ --
+ wgIpsecEspCurrentInboundSAs OBJECT-TYPE
+ SYNTAX Gauge32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The current number of inbound ESP SAs in the entity."
+ ::= { wgSaStatistics 1 }
+
+ wgIpsecEspTotalInboundSAs OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSaStatistics 2 }
+
+ wgIpsecEspCurrentOutboundSAs OBJECT-TYPE
+ SYNTAX Gauge32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The current number of outbound ESP SAs in the entity."
+ ::= { wgSaStatistics 3 }
+
+ wgIpsecEspTotalOutboundSAs OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSaStatistics 4 }
+
+ wgIpsecAhCurrentInboundSAs OBJECT-TYPE
+ SYNTAX Gauge32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The current number of inbound AH SAs in the entity."
+ ::= { wgSaStatistics 5 }
+
+ wgIpsecAhTotalInboundSAs OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSaStatistics 6 }
+
+ wgIpsecAhCurrentOutboundSAs OBJECT-TYPE
+ SYNTAX Gauge32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The current number of outbound AH SAs in the entity."
+ ::= { wgSaStatistics 7 }
+
+ wgIpsecAhTotalOutboundSAs OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSaStatistics 8 }
+
+ wgIpsecIpcompCurrentInboundSAs OBJECT-TYPE
+ SYNTAX Gauge32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSaStatistics 9 }
+
+ wgIpsecIpcompTotalInboundSAs OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSaStatistics 10 }
+
+ wgIpsecIpcompCurrentOutboundSAs OBJECT-TYPE
+ SYNTAX Gauge32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSaStatistics 11 }
+
+ wgIpsecIpcompTotalOutboundSAs OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSaStatistics 12 }
+
+
+ --
+ -- IPSec error counts
+ --
+
+ wgIpsecDecryptionErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSaErrors 1 }
+
+ wgIpsecAuthenticationErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSaErrors 2 }
+
+ wgIpsecReplayErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSaErrors 3 }
+
+ wgIpsecPolicyErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSaErrors 4 }
+
+ wgIpsecOtherReceiveErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSaErrors 5 }
+
+ wgIpsecSendErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSaErrors 6 }
+
+ wgIpsecUnknownSpiErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSaErrors 7 }
+
+END
+
diff --git a/MIBS/watchguard/WATCHGUARD-IPSEC-TUNNEL-MIB b/MIBS/watchguard/WATCHGUARD-IPSEC-TUNNEL-MIB
new file mode 100644
index 0000000..14563ab
--- /dev/null
+++ b/MIBS/watchguard/WATCHGUARD-IPSEC-TUNNEL-MIB
@@ -0,0 +1,552 @@
+WATCHGUARD-IPSEC-TUNNEL-MIB DEFINITIONS ::= BEGIN
+
+ IMPORTS
+ MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter64,
+ OBJECT-IDENTITY, enterprises,
+ IpAddress, TimeTicks FROM SNMPv2-SMI
+ DateAndTime FROM SNMPv2-TC
+ watchguard FROM WATCHGUARD-SMI;
+
+ wgInfoModule MODULE-IDENTITY
+ LAST-UPDATED "200701251200Z"
+ ORGANIZATION "WatchGuard Technologies, Inc."
+ CONTACT-INFO
+ " WatchGuard Technologies, Inc.
+
+ 505 Fifth Avenue South
+ Suite 500
+ Seattle, WA 98104
+ United States
+
+ +1.206.613.6600 "
+
+ DESCRIPTION
+ "The MIB module describes various tunnel objects
+ of WatchGuard system."
+
+
+ REVISION "200701251200Z"
+ DESCRIPTION
+ "Initial revision."
+ ::= { watchguard 6 }
+
+ wgIpsecTunnelMIB OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all tunnel
+ branches."
+ ::= { wgInfoModule 5 }
+
+ wgIpsecTunnel OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all
+ tunnel information."
+ ::= { wgIpsecTunnelMIB 1 }
+
+ wgIpsecTunnelNum OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of entries in the wgIpsecTunnelTable. "
+ ::= { wgIpsecTunnel 1 }
+
+ wgIpsecTunnelTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF WGIpsecTunnelEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "This is the connection table describing all current
+ tunnels exist on this entity."
+ ::= { wgIpsecTunnel 2 }
+
+
+ wgIpsecTunnelEntry OBJECT-TYPE
+ SYNTAX WGIpsecTunnelEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "An entry (conceptual row) containing the information on a
+ tunnel between two security gateways."
+ INDEX{ wgIpsecTunnelID }
+ ::= { wgIpsecTunnelTable 1 }
+
+ WGIpsecTunnelEntry ::= SEQUENCE {
+
+ wgIpsecTunnelID Integer32,
+
+ wgIpsecTunnelLocalAddr IpAddress,
+ wgIpsecTunnelPeerAddr IpAddress,
+
+
+ wgIpsecTunnelInSpi Unsigned32,
+ wgIpsecTunnelOutSpi Unsigned32,
+ wgIpsecTunnelCreateTime DateAndTime,
+ wgIpsecTunnelDeviceID Unsigned32,
+ wgIpsecTunnelEspEncryptAlg INTEGER,
+ wgIpsecTunnelEspAuthAlg INTEGER,
+ wgIpsecTunnelAhAuthAlg INTEGER,
+ wgIpsecTunnelMode INTEGER,
+ wgIpsecTunnelKeyMode INTEGER,
+ wgIpsecTunnelLifeTime TimeTicks,
+ wgIpsecTunnelLifeLength Counter32,
+ wgIpsecTunnelInSaBytes Counter32,
+ wgIpsecTunnelOutSaBytes Counter32,
+ wgIpsecTunnelAccSecs Counter32,
+ wgIpsecTunnelSelectorProtocol INTEGER,
+ wgIpsecTunnelSelectorRemoteIPType INTEGER,
+ wgIpsecTunnelSelectorRemoteIPOne IpAddress,
+ wgIpsecTunnelSelectorRemoteIPTwo IpAddress,
+ wgIpsecTunnelSelectorRemotePort INTEGER,
+ wgIpsecTunnelSelectorLocalIPType INTEGER,
+ wgIpsecTunnelSelectorLocalIPOne IpAddress,
+ wgIpsecTunnelSelectorLocalIPTwo IpAddress,
+ wgIpsecTunnelSelectorLocalPort INTEGER,
+ wgIpsecTunnelNumRekey Counter32,
+ wgIpsecTunnelInKbytes Counter32,
+ wgIpsecTunnelOutKbytes Counter32,
+ wgIpsecTunnelInPackets Counter32,
+ wgIpsecTunnelOutPackets Counter32,
+ wgIpsecTunnelInDecryptErrors Counter32,
+ wgIpsecTunnelInAuthErrors Counter32,
+ wgIpsecTunnelInReplayErrors Counter32,
+ wgIpsecTunnelInOtherErrors Counter32,
+ wgIpsecTunnelOutDecryptErrors Counter32,
+ wgIpsecTunnelOutAuthErrors Counter32,
+ wgIpsecTunnelOutReplayErrors Counter32,
+ wgIpsecTunnelOutOtherErrors Counter32,
+ wgIpsecTunnelUdpEncap INTEGER,
+ wgIpsecTunnelPeerUdpPort INTEGER,
+ wgIpsecTunnelOrigPeerAddr IpAddress
+ }
+
+ wgIpsecTunnelID OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The running index of this tunnel."
+ ::= { wgIpsecTunnelEntry 1 }
+
+ wgIpsecTunnelLocalAddr OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The local gateway IP address of the current tunnel."
+ ::= { wgIpsecTunnelEntry 2 }
+
+ wgIpsecTunnelPeerAddr OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The remote gateway IP address of the current tunnel."
+ ::= { wgIpsecTunnelEntry 3 }
+
+ wgIpsecTunnelInSpi OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The security parameters index of inbound SA's within this
+ tunnel."
+ ::= { wgIpsecTunnelEntry 4 }
+
+ wgIpsecTunnelOutSpi OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The security parameters index of outbound SA's within this
+ tunnel."
+ ::= { wgIpsecTunnelEntry 5 }
+
+ wgIpsecTunnelCreateTime OBJECT-TYPE
+ SYNTAX DateAndTime
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The date and time when the tunnel is created."
+ ::= { wgIpsecTunnelEntry 6 }
+
+ wgIpsecTunnelDeviceID OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The identifier of target device where the SA resides."
+ ::= { wgIpsecTunnelEntry 7 }
+
+ wgIpsecTunnelEspEncryptAlg OBJECT-TYPE
+ SYNTAX INTEGER {
+ unknown(0),
+ des(2),
+ three-des(3),
+ aes(4)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The encryption algorithm used in the tunnel. It's 0
+ if ESP is not used."
+ ::= { wgIpsecTunnelEntry 8 }
+
+ wgIpsecTunnelEspAuthAlg OBJECT-TYPE
+ SYNTAX INTEGER {
+ unknown(0),
+ md5(2),
+ sha(3)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The authentication algorithm used in the tunnel. It's
+ 0 if ESP is not used."
+ ::= { wgIpsecTunnelEntry 9 }
+
+ wgIpsecTunnelAhAuthAlg OBJECT-TYPE
+ SYNTAX INTEGER {
+ unknown(0),
+ md5(2),
+ sha(3)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The AH authentication algorithm used in the tunnel.
+ It's 0 if AH is not used."
+ ::= { wgIpsecTunnelEntry 10 }
+
+ wgIpsecTunnelMode OBJECT-TYPE
+ SYNTAX INTEGER {
+ unknown(0),
+ tunnel(1),
+ transport(2)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The tunnel/transport mode of the tunnel."
+ ::= { wgIpsecTunnelEntry 11 }
+
+ wgIpsecTunnelKeyMode OBJECT-TYPE
+ SYNTAX INTEGER {
+ unknown(0),
+ manual(1),
+ auto-ike(2),
+ other(3)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The key mode of the tunnel."
+ ::= { wgIpsecTunnelEntry 12 }
+
+ wgIpsecTunnelLifeTime OBJECT-TYPE
+ SYNTAX TimeTicks
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The life time (in hundredths of a second) of the tunnel."
+ ::= { wgIpsecTunnelEntry 13 }
+
+ wgIpsecTunnelLifeLength OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The maximum traffic in bytes that the tunnel is allowed to support."
+ ::= { wgIpsecTunnelEntry 14 }
+
+ wgIpsecTunnelInSaBytes OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Current active inbound SA bytes of the tunnel."
+ ::= { wgIpsecTunnelEntry 15 }
+
+ wgIpsecTunnelOutSaBytes OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Current active outbound SA bytes of the tunnel."
+ ::= { wgIpsecTunnelEntry 16 }
+
+ wgIpsecTunnelAccSecs OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of seconds that the tunnel has existed."
+ ::= { wgIpsecTunnelEntry 17 }
+
+ wgIpsecTunnelSelectorProtocol OBJECT-TYPE
+ SYNTAX INTEGER {
+ any(0),
+ icmp(1),
+ igmp(2),
+ ipip(4),
+ tcp(6),
+ egp(8),
+ pup(12),
+ udp(17),
+ idp(22),
+ tp(29),
+ ipv6(41),
+ ipv6-routing(43),
+ ipv6-fragmentation(44),
+ rsvp(46),
+ gre(47),
+ esp(50),
+ ah(51),
+ icmpv6(58),
+ none(59),
+ dstopts(60),
+ mtp(92),
+ encap(98),
+ pim(103),
+ raw(255)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The ip protocol number that this SA(Tunnel) selector carries, or
+ 0 if it carries any protocol."
+ ::= { wgIpsecTunnelEntry 18 }
+
+ wgIpsecTunnelSelectorRemoteIPType OBJECT-TYPE
+ SYNTAX INTEGER {
+ ip-addr-single(1),
+ ip-addr-subnet(2),
+ ip-addr-range(3)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of remote IP address of the SA(Tunnel) selector in
+ the entity."
+ ::= { wgIpsecTunnelEntry 19 }
+
+ wgIpsecTunnelSelectorRemoteIPOne OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The first remote IP address of the SA(Tunnel) selector in the entity.
+ It's IP address if remote IP of this selector only has one address.
+ It's IP address of subnet if the remote IP of this selector is IP subnet.
+ It's the start IP address if the remote IP of this selector
+ has a range of addresses."
+ ::= { wgIpsecTunnelEntry 20 }
+
+ wgIpsecTunnelSelectorRemoteIPTwo OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The second remote IP address of the SA(Tunnel) selector in the entity.
+ It's 0 if remote IP of this selector only has one address.
+ It's netmask of subnet if the remote IP of this selector is IP subnet.
+ It's the end IP address if the remote IP of this selector
+ has a range of addresses."
+ ::= { wgIpsecTunnelEntry 21 }
+
+ wgIpsecTunnelSelectorRemotePort OBJECT-TYPE
+ SYNTAX INTEGER (0..65535)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The remote port used by the SA(Tunnel) selector in the entity."
+ ::= { wgIpsecTunnelEntry 22 }
+
+ wgIpsecTunnelSelectorLocalIPType OBJECT-TYPE
+ SYNTAX INTEGER {
+ ip-addr-single(1),
+ ip-addr-subnet(2),
+ ip-addr-range(3)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The type of local IP address of the SA(Tunnel) selector in
+ the entity."
+ ::= { wgIpsecTunnelEntry 23 }
+
+ wgIpsecTunnelSelectorLocalIPOne OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The first local IP address of the SA(Tunnel) selector in the entity.
+ It's IP address if local IP of this selector only has one address.
+ It's IP address of subnet if the local IP of this selector is IP subnet.
+ It's the start IP address if the local IP of this selector
+ has a range of IP addresses."
+ ::= { wgIpsecTunnelEntry 24 }
+
+ wgIpsecTunnelSelectorLocalIPTwo OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The second local IP address of the SA(Tunnel) selector in the entity.
+ It's 0 if local IP of this selector only has one address.
+ It's netmask of subnet if the local IP of this selector is IP subnet.
+ It's the end IP address if the local IP of this selector
+ has a range of IP addresses."
+ ::= { wgIpsecTunnelEntry 25 }
+
+ wgIpsecTunnelSelectorLocalPort OBJECT-TYPE
+ SYNTAX INTEGER (0..65535)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The local port used by the SA(Tunnel) selector in the entity."
+ ::= { wgIpsecTunnelEntry 26 }
+
+ wgIpsecTunnelNumRekey OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of rekeys of the tunnel."
+ ::= { wgIpsecTunnelEntry 27 }
+
+ wgIpsecTunnelInKbytes OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "Kbytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total inbound traffic in Kbytes since the establish of
+ this tunnel."
+ ::= { wgIpsecTunnelEntry 28 }
+
+ wgIpsecTunnelOutKbytes OBJECT-TYPE
+ SYNTAX Counter32
+ UNITS "Kbytes"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total outound traffic in Kbytes since the establish of
+ this connection."
+ ::= { wgIpsecTunnelEntry 29 }
+
+ wgIpsecTunnelInPackets OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of inbound packets since the establish of
+ this connection."
+ ::= { wgIpsecTunnelEntry 30 }
+
+ wgIpsecTunnelOutPackets OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of outound packets since the establish of
+ this connection."
+ ::= { wgIpsecTunnelEntry 31 }
+
+ wgIpsecTunnelInDecryptErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecTunnelEntry 32 }
+
+ wgIpsecTunnelInAuthErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets discarded due to authentication
+ error since the establish of this connection."
+ ::= { wgIpsecTunnelEntry 33 }
+
+ wgIpsecTunnelInReplayErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets discarded due to replay
+ error since the establish of this connection."
+ ::= { wgIpsecTunnelEntry 34}
+
+ wgIpsecTunnelInOtherErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecTunnelEntry 35 }
+
+ wgIpsecTunnelOutDecryptErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecTunnelEntry 36 }
+
+ wgIpsecTunnelOutAuthErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets discarded due to authentication
+ error since the establish of this connection."
+ ::= { wgIpsecTunnelEntry 37 }
+
+ wgIpsecTunnelOutReplayErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets discarded due to replay
+ error since the establish of this connection."
+ ::= { wgIpsecTunnelEntry 38 }
+
+ wgIpsecTunnelOutOtherErrors OBJECT-TYPE
+ SYNTAX Counter32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecTunnelEntry 39 }
+
+ wgIpsecTunnelUdpEncap OBJECT-TYPE
+ SYNTAX INTEGER {
+ disabled(0),
+ enabled(1)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecTunnelEntry 40 }
+
+ wgIpsecTunnelPeerUdpPort OBJECT-TYPE
+ SYNTAX INTEGER (0..65535)
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecTunnelEntry 41 }
+
+ wgIpsecTunnelOrigPeerAddr OBJECT-TYPE
+ SYNTAX IpAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgIpsecTunnelEntry 42 }
+
+END
diff --git a/MIBS/watchguard/WATCHGUARD-MIB b/MIBS/watchguard/WATCHGUARD-MIB
new file mode 100644
index 0000000..dad83cc
--- /dev/null
+++ b/MIBS/watchguard/WATCHGUARD-MIB
@@ -0,0 +1,31 @@
+WATCHGUARD-MIB DEFINITIONS ::= BEGIN
+
+ IMPORTS
+
+ enterprises FROM SNMPv2-SMI;
+
+
+ watchguard OBJECT IDENTIFIER ::= { enterprises 3097 }
+
+ wgProducts OBJECT IDENTIFIER ::= { watchguard 1 }
+ fbXSeries OBJECT IDENTIFIER ::= { wgProducts 4 }
+
+ -- fbX series
+ fbX500 OBJECT IDENTIFIER ::= { fbXSeries 1 }
+ fbX550e OBJECT IDENTIFIER ::= { fbXSeries 2 }
+ fbX700 OBJECT IDENTIFIER ::= { fbXSeries 3 }
+ fbX750e OBJECT IDENTIFIER ::= { fbXSeries 4 }
+ fbX750e-4 OBJECT IDENTIFIER ::= { fbXSeries 5 }
+ fbX1000 OBJECT IDENTIFIER ::= { fbXSeries 6 }
+ fbX1250e OBJECT IDENTIFIER ::= { fbXSeries 7 }
+ fbX1250e-4 OBJECT IDENTIFIER ::= { fbXSeries 8 }
+ fbX2500 OBJECT IDENTIFIER ::= { fbXSeries 9 }
+ fbX5000 OBJECT IDENTIFIER ::= { fbXSeries 10 }
+ fbX5500e OBJECT IDENTIFIER ::= { fbXSeries 11 }
+ fbX6000 OBJECT IDENTIFIER ::= { fbXSeries 12 }
+ fbX6500e OBJECT IDENTIFIER ::= { fbXSeries 13 }
+ fbX8000 OBJECT IDENTIFIER ::= { fbXSeries 14 }
+ fbX8500e OBJECT IDENTIFIER ::= { fbXSeries 15 }
+ fbX8500e-F OBJECT IDENTIFIER ::= { fbXSeries 16 }
+
+END
diff --git a/MIBS/watchguard/WATCHGUARD-POLICY-MIB b/MIBS/watchguard/WATCHGUARD-POLICY-MIB
new file mode 100644
index 0000000..3485a41
--- /dev/null
+++ b/MIBS/watchguard/WATCHGUARD-POLICY-MIB
@@ -0,0 +1,320 @@
+WATCHGUARD-POLICY-MIB DEFINITIONS ::= BEGIN
+
+ IMPORTS
+ MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter64,
+ OBJECT-IDENTITY, enterprises,
+ IpAddress, TimeTicks FROM SNMPv2-SMI
+ DateAndTime FROM SNMPv2-TC
+ watchguard FROM WATCHGUARD-SMI;
+
+ wgPolicyMIB MODULE-IDENTITY
+ LAST-UPDATED "200701251200Z"
+ ORGANIZATION "WatchGuard Technologies, Inc."
+ CONTACT-INFO
+ " WatchGuard Technologies, Inc.
+
+ 505 Fifth Avenue South
+ Suite 500
+ Seattle, WA 98104
+ United States
+
+ +1.206.613.6600 "
+
+ DESCRIPTION
+ "The MIB module describes various policy objects
+ of WatchGuard system."
+
+
+ REVISION "200701251200Z"
+ DESCRIPTION
+ "Initial revision."
+ ::= { watchguard 4 }
+
+ wgPolicyToTunnel OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all tunnels
+ information of the policies."
+ ::= {wgPolicyMIB 1}
+
+ wgPolicyStatistics OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all policy related
+ statistical counters."
+ ::= { wgPolicyMIB 2 }
+
+ wgPolicyToTunnelNum OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of tunnels in the policytotunnel table. "
+ ::= { wgPolicyToTunnel 1 }
+
+ wgPolicyToTunnelTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF WGPolicyToTunnelEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "This is the policytotunnel table of all the policies."
+ ::= { wgPolicyToTunnel 2 }
+
+ wgPolicyToTunnelEntry OBJECT-TYPE
+ SYNTAX WGPolicyToTunnelEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "An entry (conceptual row) containing the tunnels
+ information."
+ INDEX {
+ wgPolicyToTunnelPolicyID,
+ wgPolicyToTunnelTunnelID
+ }
+ ::= { wgPolicyToTunnelTable 1 }
+
+ WGPolicyToTunnelEntry ::= SEQUENCE {
+
+ wgPolicyToTunnelPolicyID Integer32,
+ wgPolicyToTunnelTunnelID Integer32
+ }
+
+ wgPolicyToTunnelPolicyID OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The policy identifier of this entity."
+ ::= {wgPolicyToTunnelEntry 1}
+
+ wgPolicyToTunnelTunnelID OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The tunnel identifier of this entity."
+ ::= {wgPolicyToTunnelEntry 2}
+
+-- counter ID
+-- per policy counter
+-- 1-24 is reserved
+
+ wgPolicyTableNum OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of policies in the policy table. "
+ ::= { wgPolicyStatistics 1 }
+
+ wgPolicyTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF WGPolicyEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "This is the policytotunnel table of the policies."
+ ::= { wgPolicyStatistics 2 }
+
+ wgPolicyEntry OBJECT-TYPE
+ SYNTAX WGPolicyEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "An entry (conceptual row) containing the policy
+ information."
+ INDEX{
+ wgPolicyID
+ }
+ ::= { wgPolicyTable 1 }
+
+ WGPolicyEntry ::= SEQUENCE {
+
+ wgPolicyID Integer32,
+ wgPolicyName OCTET STRING (SIZE(32)),
+ wgPolicyBytes Counter64,
+ wgPolicyPackets Counter64,
+ wgPolicyIpsecDecryptErr Counter64,
+ wgPolicyIpsecAuthErr Counter64,
+ wgPolicyIpsecReplayErr Counter64,
+ wgPolicyIpsecPadErr Counter64,
+ wgPolicyIpsecPolicyErr Counter64,
+ wgPolicyFwDisc Counter64,
+ wgPolicyOtherDisc Counter64,
+ wgPolicyActiveStreams Counter64,
+ wgPolicyIpsecDisc Counter64,
+ wgPolicyDisc Counter64,
+ wgPolicyNumTunl Counter64,
+ wgPolicySingleCntrNum Counter64,
+ wgPolicyLogging Unsigned32,
+ wgPolicyCurrActiveConns Counter64
+ }
+
+
+ wgPolicyID OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The policy identifier of this policy."
+ ::= {wgPolicyEntry 1}
+
+ wgPolicyName OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(32))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The policy name of this policy"
+ ::= {wgPolicyEntry 2}
+
+ wgPolicyL3PackageBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total traffic in bytes (counted from L3 head) since setting up this policy."
+ ::= {wgPolicyEntry 3}
+
+ wgPolicyPackets OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total traffic in packets since setting up this policy."
+ ::= {wgPolicyEntry 4}
+
+ wgPolicyIpsecDecryptErr OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets discarded due to decryption
+ errors since setting up this policy."
+ ::= {wgPolicyEntry 5}
+
+ wgPolicyIpsecAuthErr OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets discarded due to authentication
+ errors since setting up this policy."
+ ::= {wgPolicyEntry 6}
+
+ wgPolicyIpsecReplayErr OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets discarded due to replay
+ errors since setting up this policy."
+ ::= {wgPolicyEntry 7}
+
+ wgPolicyIpsecPadErr OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets discarded due to pad value
+ errors since setting up this policy."
+ ::= {wgPolicyEntry 8}
+
+ wgPolicyIpsecPolicyErr OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets discarded due to policy
+ errors since setting up this policy."
+ ::= {wgPolicyEntry 9}
+
+ wgPolicyFwDisc OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets discarded by firewall policies
+ since setting up this policy."
+ ::= {wgPolicyEntry 10}
+
+ wgPolicyOtherDisc OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets discarded due to errors
+ other than firewall errors, ipsec errors since setting up
+ this policy."
+ ::= {wgPolicyEntry 11}
+
+ wgPolicyActiveStreams OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of the active connections since setting
+ up this policy."
+ ::= {wgPolicyEntry 12}
+
+ wgPolicyIpsecDisc OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets discarded by IPSEC errors
+ (decryption error, authentication error, replay error)
+ since setting up this policy."
+ ::= {wgPolicyEntry 13}
+
+ wgPolicyDisc OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of packets discarded since setting up
+ this policy."
+ ::= {wgPolicyEntry 14}
+
+ wgPolicyNumTunl OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of tunnels belong to this policy"
+ ::= {wgPolicyEntry 15}
+
+ wgPolicySingleCntrNum OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of single counters handled by this policy."
+ ::= {wgPolicyEntry 16}
+
+ wgPolicyLogging OBJECT-TYPE
+ SYNTAX Unsigned32 {
+ disabled(0),
+ enabled(1)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Indicates whether if the logging of this policy has been enabled. "
+ ::= { wgPolicyEntry 17 }
+
+ wgPolicyCurrActiveConns OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of currently active connections for this policy."
+ ::= {wgPolicyEntry 18}
+
+ wgPolicyL2PackageBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total traffic in bytes(counted from L2 head) since setting up this policy."
+ ::= {wgPolicyEntry 19}
+
+END
diff --git a/MIBS/watchguard/WATCHGUARD-PRODUCTS-MIB b/MIBS/watchguard/WATCHGUARD-PRODUCTS-MIB
new file mode 100644
index 0000000..a2e0f0c
--- /dev/null
+++ b/MIBS/watchguard/WATCHGUARD-PRODUCTS-MIB
@@ -0,0 +1,108 @@
+WATCHGUARD-PRODUCTS-MIB DEFINITIONS ::= BEGIN
+
+IMPORTS
+
+ MODULE-IDENTITY FROM SNMPv2-SMI
+ watchguard FROM WATCHGUARD-SMI;
+
+wgProducts MODULE-IDENTITY
+ LAST-UPDATED "200811100000Z"
+ ORGANIZATION "WatchGuard Technologies, Inc."
+ CONTACT-INFO
+ " WatchGuard Technologies, Inc.
+
+ 505 Fifth Avenue South
+ Suite 500
+ Seattle, WA 98104
+ United States
+
+ +1.206.613.6600 "
+
+ DESCRIPTION
+ "This MIB module definesthe object identifiers
+ for WatchGuard Technologies Products."
+ REVISION
+ "200811100000Z"
+ DESCRIPTION
+ "Initial version."
+ ::= { watchguard 1 }
+
+fbXSeries OBJECT IDENTIFIER ::= { wgProducts 4 }
+xtmSeries OBJECT IDENTIFIER ::= { wgProducts 5 }
+
+-- fbX series
+fbX500 OBJECT IDENTIFIER ::= { fbXSeries 1 }
+fbX550e OBJECT IDENTIFIER ::= { fbXSeries 2 }
+fbX700 OBJECT IDENTIFIER ::= { fbXSeries 3 }
+fbX750e OBJECT IDENTIFIER ::= { fbXSeries 4 }
+fbX750e-4 OBJECT IDENTIFIER ::= { fbXSeries 5 }
+fbX1000 OBJECT IDENTIFIER ::= { fbXSeries 6 }
+fbX1250e OBJECT IDENTIFIER ::= { fbXSeries 7 }
+fbX1250e-4 OBJECT IDENTIFIER ::= { fbXSeries 8 }
+fbX2500 OBJECT IDENTIFIER ::= { fbXSeries 9 }
+fbX5000 OBJECT IDENTIFIER ::= { fbXSeries 10 }
+fbX5500e OBJECT IDENTIFIER ::= { fbXSeries 11 }
+fbX6000 OBJECT IDENTIFIER ::= { fbXSeries 12 }
+fbX6500e OBJECT IDENTIFIER ::= { fbXSeries 13 }
+fbX8000 OBJECT IDENTIFIER ::= { fbXSeries 14 }
+fbX8500e OBJECT IDENTIFIER ::= { fbXSeries 15 }
+fbX8500e-F OBJECT IDENTIFIER ::= { fbXSeries 16 }
+fbX10e OBJECT IDENTIFIER ::= { fbXSeries 17 }
+fbX10e-W OBJECT IDENTIFIER ::= { fbXSeries 18 }
+fbX20e OBJECT IDENTIFIER ::= { fbXSeries 19 }
+fbX20e-W OBJECT IDENTIFIER ::= { fbXSeries 20 }
+fbX55e OBJECT IDENTIFIER ::= { fbXSeries 21 }
+fbX55e-W OBJECT IDENTIFIER ::= { fbXSeries 22 }
+
+-- xtm series
+xtm1050 OBJECT IDENTIFIER ::= { xtmSeries 1 }
+xtm1050-F OBJECT IDENTIFIER ::= { xtmSeries 2 }
+xtm830-F OBJECT IDENTIFIER ::= { xtmSeries 3 }
+xtm830 OBJECT IDENTIFIER ::= { xtmSeries 4 }
+xtm820 OBJECT IDENTIFIER ::= { xtmSeries 5 }
+xtm810 OBJECT IDENTIFIER ::= { xtmSeries 6 }
+xtm530 OBJECT IDENTIFIER ::= { xtmSeries 7 }
+xtm520 OBJECT IDENTIFIER ::= { xtmSeries 8 }
+xtm510 OBJECT IDENTIFIER ::= { xtmSeries 9 }
+xtm505 OBJECT IDENTIFIER ::= { xtmSeries 10 }
+xtm23 OBJECT IDENTIFIER ::= { xtmSeries 11 }
+xtm22 OBJECT IDENTIFIER ::= { xtmSeries 12 }
+xtm21 OBJECT IDENTIFIER ::= { xtmSeries 13 }
+xtm23-W OBJECT IDENTIFIER ::= { xtmSeries 14 }
+xtm22-W OBJECT IDENTIFIER ::= { xtmSeries 15 }
+xtm21-W OBJECT IDENTIFIER ::= { xtmSeries 16 }
+xtm2050 OBJECT IDENTIFIER ::= { xtmSeries 17 }
+xtm25 OBJECT IDENTIFIER ::= { xtmSeries 18 }
+xtm25-W OBJECT IDENTIFIER ::= { xtmSeries 19 }
+xtm26 OBJECT IDENTIFIER ::= { xtmSeries 20 }
+xtm26-W OBJECT IDENTIFIER ::= { xtmSeries 21 }
+xtm33 OBJECT IDENTIFIER ::= { xtmSeries 22 }
+xtm33-W OBJECT IDENTIFIER ::= { xtmSeries 23 }
+xtm330 OBJECT IDENTIFIER ::= { xtmSeries 24 }
+xtm545 OBJECT IDENTIFIER ::= { xtmSeries 25 }
+xtm535 OBJECT IDENTIFIER ::= { xtmSeries 26 }
+xtm525 OBJECT IDENTIFIER ::= { xtmSeries 27 }
+xtm515 OBJECT IDENTIFIER ::= { xtmSeries 28 }
+xtm2050A OBJECT IDENTIFIER ::= { xtmSeries 29 }
+xtm850 OBJECT IDENTIFIER ::= { xtmSeries 30 }
+xtm860 OBJECT IDENTIFIER ::= { xtmSeries 31 }
+xtm870 OBJECT IDENTIFIER ::= { xtmSeries 32 }
+xtm870-F OBJECT IDENTIFIER ::= { xtmSeries 33 }
+xtm1520 OBJECT IDENTIFIER ::= { xtmSeries 34 }
+xtm1525 OBJECT IDENTIFIER ::= { xtmSeries 35 }
+xtm2520 OBJECT IDENTIFIER ::= { xtmSeries 36 }
+xtmv-SM OBJECT IDENTIFIER ::= { xtmSeries 37 }
+xtmv-MED OBJECT IDENTIFIER ::= { xtmSeries 38 }
+xtmv-LG OBJECT IDENTIFIER ::= { xtmSeries 39 }
+xtmv-DC OBJECT IDENTIFIER ::= { xtmSeries 40 }
+xtmv-EXP OBJECT IDENTIFIER ::= { xtmSeries 41 }
+xtmv OBJECT IDENTIFIER ::= { xtmSeries 42 }
+xtm1520-RP OBJECT IDENTIFIER ::= { xtmSeries 43 }
+xtm1525-RP OBJECT IDENTIFIER ::= { xtmSeries 44 }
+T10 OBJECT IDENTIFIER ::= { xtmSeries 45 }
+M440 OBJECT IDENTIFIER ::= { xtmSeries 46 }
+T10-D OBJECT IDENTIFIER ::= { xtmSeries 47 }
+T10-W OBJECT IDENTIFIER ::= { xtmSeries 48 }
+M400 OBJECT IDENTIFIER ::= { xtmSeries 49 }
+M500 OBJECT IDENTIFIER ::= { xtmSeries 50 }
+END
diff --git a/MIBS/watchguard/WATCHGUARD-SMI b/MIBS/watchguard/WATCHGUARD-SMI
new file mode 100644
index 0000000..4d3d81e
--- /dev/null
+++ b/MIBS/watchguard/WATCHGUARD-SMI
@@ -0,0 +1,43 @@
+WATCHGUARD-SMI DEFINITIONS ::= BEGIN
+
+IMPORTS
+ MODULE-IDENTITY, OBJECT-IDENTITY, enterprises
+ FROM SNMPv2-SMI;
+
+
+watchguard MODULE-IDENTITY
+ LAST-UPDATED "200811100000Z"
+ ORGANIZATION "WatchGuard Technologies, Inc."
+ CONTACT-INFO
+ " WatchGuard Technologies, Inc.
+
+ 505 Fifth Avenue South
+ Suite 500
+ Seattle, WA 98104
+ United States
+
+ +1.206.613.6600 "
+
+ DESCRIPTION
+ "The Structure of Management Information for
+ the WatchGuard enterprise."
+ REVISION "200811100000Z"
+ DESCRIPTION
+ "Initial version."
+ ::= { enterprises 3097 }
+
+wgProducts OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "wgProducts is the root OBJECT IDENTIFIER of
+ WatchGuard Product OIDs."
+ ::= { watchguard 1 }
+
+wgSystemConfigMIB OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "wgSystemConfig is the root OBJECT IDENTIFIER of
+ WatchGuard Firebox system configurations."
+ ::= { watchguard 2 }
+
+END
diff --git a/MIBS/watchguard/WATCHGUARD-SYSTEM-CONFIG-MIB b/MIBS/watchguard/WATCHGUARD-SYSTEM-CONFIG-MIB
new file mode 100644
index 0000000..7dc460b
--- /dev/null
+++ b/MIBS/watchguard/WATCHGUARD-SYSTEM-CONFIG-MIB
@@ -0,0 +1,167 @@
+WATCHGUARD-SYSTEM-CONFIG-MIB DEFINITIONS ::= BEGIN
+
+IMPORTS
+ MODULE-IDENTITY, OBJECT-TYPE, Counter32,
+ Integer32, Unsigned32, IpAddress, Gauge32,
+ enterprises, NOTIFICATION-TYPE FROM SNMPv2-SMI
+ watchguard FROM WATCHGUARD-SMI;
+
+
+wgSystemConfigMIB MODULE-IDENTITY
+ LAST-UPDATED "200811100000Z"
+ ORGANIZATION "WatchGuard Technologies, Inc."
+ CONTACT-INFO
+ " WatchGuard Technologies, Inc.
+
+ 505 Fifth Avenue South
+ Suite 500
+ Seattle, WA 98104
+ United States
+
+ +1.206.613.6600 "
+
+ DESCRIPTION
+ "This MIB module defines WatchGuard Firebox system
+ configuration."
+ REVISION "200701251200Z"
+ DESCRIPTION
+ "Initial revision."
+ REVISION "200811100000Z"
+ DESCRIPTION
+ "Updated CONTACT-INFO."
+ ::= { watchguard 2 }
+
+ -- significant branches
+
+wgSysTraps OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object for system wide traps
+ in this entity."
+ ::= { wgSystemConfigMIB 3 }
+
+wgSysTrapObjects OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object for objects which are used
+ as part of traps."
+ ::= { wgSystemConfigMIB 4 }
+
+wgSysTrapControl OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base object identifier for all objects
+ which are trap control for the entity."
+ ::= { wgSystemConfigMIB 5 }
+
+ --
+ -- wgSysTraps
+ --
+ -- object used in trap reporting
+
+wgAlarmId OBJECT-TYPE
+ SYNTAX Integer32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The id of the alarm that generates a trap."
+ ::= { wgSysTrapObjects 1 }
+
+wgAlarmLabel OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..64))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The name of the alarm that generates a trap."
+ ::= { wgSysTrapObjects 2 }
+
+wgAlarmTime OBJECT-TYPE
+ SYNTAX OCTET STRING
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The date and time of the alarm that generates a trap."
+ ::= { wgSysTrapObjects 3 }
+
+wgAlarmLevel OBJECT-TYPE
+ SYNTAX INTEGER {
+ normal(4),
+ warning(3),
+ error(2),
+ critical(1)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The level of an alarm generated."
+ ::= { wgSysTrapObjects 4 }
+
+wgAlarmHostname OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..64))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The host name of the system where alarm occurred"
+ ::= { wgSysTrapObjects 5 }
+
+wgAlarmMsg OBJECT-TYPE
+ SYNTAX OCTET STRING
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The message describing the nature of this alarm."
+ ::= { wgSysTrapObjects 6 }
+
+
+ --
+ -- trap control
+ --
+wgAlarmTrapEnable OBJECT-TYPE
+ SYNTAX INTEGER {
+ false(0),
+ true(1)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Indicates whether wgAlarmTrap trap should be generated."
+ DEFVAL { true }
+ ::= { wgSysTrapControl 1 }
+
+ --
+ -- traps themselves
+ --
+
+wgSysTrapsPrefix OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION ""
+ ::= { wgSysTraps 0 }
+
+wgAlarmTrap NOTIFICATION-TYPE
+ OBJECTS {
+ wgAlarmId,
+ wgAlarmLabel,
+ wgAlarmTime,
+ wgAlarmLevel,
+ wgAlarmHostname,
+ wgAlarmMsg
+ }
+ STATUS current
+ DESCRIPTION
+ "An alarm was raised by Monitoring Agent of this
+ WatchGuard entity."
+ ::= { wgSysTrapsPrefix 1 }
+
+wgSnmpShutdown NOTIFICATION-TYPE
+ STATUS current
+ DESCRIPTION
+ "This trap is sent when the snmp terminates."
+ ::= { wgSysTrapsPrefix 2 }
+
+wgSnmpStart NOTIFICATION-TYPE
+ STATUS current
+ DESCRIPTION
+ "This trap is sent when the snmp starts."
+ ::= { wgSysTrapsPrefix 3 }
+
+END
diff --git a/MIBS/watchguard/WATCHGUARD-SYSTEM-STATISTICS-MIB b/MIBS/watchguard/WATCHGUARD-SYSTEM-STATISTICS-MIB
new file mode 100644
index 0000000..96d5f25
--- /dev/null
+++ b/MIBS/watchguard/WATCHGUARD-SYSTEM-STATISTICS-MIB
@@ -0,0 +1,148 @@
+WATCHGUARD-SYSTEM-STATISTICS-MIB DEFINITIONS ::= BEGIN
+
+ IMPORTS
+ MODULE-IDENTITY, OBJECT-TYPE, Counter64,
+ OBJECT-IDENTITY, enterprises,
+ IpAddress, TimeTicks FROM SNMPv2-SMI
+ watchguard FROM WATCHGUARD-SMI;
+
+ wgInfoModule MODULE-IDENTITY
+ LAST-UPDATED "200701251200Z"
+ ORGANIZATION "WatchGuard Technologies, Inc."
+ CONTACT-INFO
+ " WatchGuard Technologies, Inc.
+
+ 505 Fifth Avenue South
+ Suite 500
+ Seattle, WA 98104
+ United States
+
+ +1.206.613.6600 "
+
+
+ DESCRIPTION
+ "The MIB module describes various system statistics information
+ of WatchGuard system."
+
+
+ REVISION "200701251200Z"
+ DESCRIPTION
+ "Initial revision."
+ ::= { watchguard 6 }
+
+
+ wgSystemStatisticsMIB OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "This is the base system information for all system related
+ statistical counters."
+ ::= { wgInfoModule 3 }
+
+ wgSoftwareVersion OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE(0..64))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Software version of sysA and sysB"
+ ::= { wgSystemStatisticsMIB 1 }
+
+ wgSystemCpuUtil OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSystemStatisticsMIB 4 }
+
+ wgSystemTotalSendBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of bytes sent since system is up. This
+ number includes both cut through traffic and host traffic."
+ ::= { wgSystemStatisticsMIB 8 }
+
+ wgSystemTotalRecvBytes OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of bytes received since system is up. This
+ number includes both cut through traffic and host traffic."
+ ::= { wgSystemStatisticsMIB 9 }
+
+ wgSystemTotalSendPackets OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of the packets sent since system is up. This
+ number includes both cut through traffic and host traffic."
+ ::= { wgSystemStatisticsMIB 10 }
+
+ wgSystemTotalRecvPackets OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total number of the packets received since system is up.
+ The number includes both cut through traffic and host traffic."
+ ::= { wgSystemStatisticsMIB 11 }
+
+ wgSystemStreamReqTotal OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSystemStatisticsMIB 30 }
+
+ wgSystemStreamReqDrop OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Deprecated, currently unused."
+ ::= { wgSystemStatisticsMIB 34 }
+
+ wgSystemCpuUtil1 OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "CPU utilization of the system in last 1 minute. The value
+ is measured in 0.01%. For example, if the value is 234,
+ then CPU utilization is 2.34%."
+ ::= { wgSystemStatisticsMIB 77 }
+
+ wgSystemCpuUtil5 OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "CPU utilization of the system in last 5 minutes. The value
+ is measured in 0.01%. For example, if the value is 234,
+ then CPU utilization is 2.34%."
+ ::= { wgSystemStatisticsMIB 78 }
+
+ wgSystemCpuUtil15 OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "CPU utilization of the system in last 15 minutes. The value
+ is measured in 0.01%. For example, if the value is 234,
+ then CPU utilization is 2.34%."
+ ::= { wgSystemStatisticsMIB 79 }
+
+
+ wgSystemCurrActiveConns OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Total number of currently active connections of the system."
+ ::= { wgSystemStatisticsMIB 80 }
+
+END
generated by cgit v1.2.3 (git 2.46.0) at 2026-02-26 11:51:31 +0000