diff options
Diffstat (limited to 'MIBS/cisco/CISCO-FIREWALL-MIB')
| -rw-r--r-- | MIBS/cisco/CISCO-FIREWALL-MIB | 1378 |
1 files changed, 1378 insertions, 0 deletions
diff --git a/MIBS/cisco/CISCO-FIREWALL-MIB b/MIBS/cisco/CISCO-FIREWALL-MIB new file mode 100644 index 0000000..a21b413 --- /dev/null +++ b/MIBS/cisco/CISCO-FIREWALL-MIB @@ -0,0 +1,1378 @@ +-- ***************************************************************** +-- CISCO-FIREWALL-MIB +-- +-- April, 1999 Jim Fitzgerald +-- +-- Copyright (c) 1999-2005, 2020 by cisco Systems Inc. +-- All rights reserved. +-- ***************************************************************** + +CISCO-FIREWALL-MIB DEFINITIONS ::= BEGIN + +IMPORTS + OBJECT-GROUP, + NOTIFICATION-GROUP, + MODULE-COMPLIANCE + FROM SNMPv2-CONF + MODULE-IDENTITY, + OBJECT-TYPE, + NOTIFICATION-TYPE, + Counter32, + Gauge32, + Unsigned32, + IpAddress + FROM SNMPv2-SMI + DateAndTime, + TEXTUAL-CONVENTION, + RowPointer + FROM SNMPv2-TC + SnmpAdminString + FROM SNMP-FRAMEWORK-MIB + InterfaceIndexOrZero + FROM IF-MIB + ciscoMgmt + FROM CISCO-SMI; + + +ciscoFirewallMIB MODULE-IDENTITY + LAST-UPDATED "202010010000Z" + ORGANIZATION "Cisco Systems, Inc." + CONTACT-INFO + "Cisco Systems + Customer Service + + Postal: 170 W Tasman Drive + San Jose, CA 95134 + USA + + Tel: +1 800 553-NETS + + E-mail: cs-pix@cisco.com + cs-iosfw@cisco.com" + DESCRIPTION + "MIB module for monitoring Cisco Firewalls." + REVISION "202010010000Z" + DESCRIPTION + "Added the cps current and cps Peak under cfwSystem as + scalars." + REVISION "200512060000Z" + DESCRIPTION + "Added the copyright statement and updated the imports + such that Unsigned32 is imported from SNMPv2-SMI instead + of CISCO-TC. Added a new NOTIFICATION-GROUP + ciscoFirewallMIBNotificationGroupRev1 to include all the + notifications defined in the MIB. Obsoleted the + OBJECT-GROUP ciscoFirewallMIBNotificationGroup. Deprecated + the MODULE-COMPLIANCE ciscoFirewallMIBCompliance and added + a new MODULE-COMPLIANCE ciscoFirewallMIBComplianceRev1." + REVISION "9904291200Z" + DESCRIPTION + "Initial version of this MIB module." + ::= { ciscoMgmt 147 } + + +ciscoFirewallMIBObjects OBJECT IDENTIFIER + ::= { ciscoFirewallMIB 1 } + +cfwEvents OBJECT IDENTIFIER + ::= { ciscoFirewallMIBObjects 1 } + +cfwBasicEvents OBJECT IDENTIFIER + ::= { cfwEvents 1 } + +cfwNetEvents OBJECT IDENTIFIER + ::= { cfwEvents 2 } + +cfwSystem OBJECT IDENTIFIER + ::= { ciscoFirewallMIBObjects 2 } + +cfwStatus OBJECT IDENTIFIER + ::= { cfwSystem 1 } + +cfwStatistics OBJECT IDENTIFIER + ::= { cfwSystem 2 } + + +-- Textual Conventions + +ResourceStatistics ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to identify various statistics + that are related to the resources on a firewall. + + highUse : The highest load the resource has had for a + time period. The time period will be + implementation dependent. + highLoad : The highest load the resource has had since + startup. + maximum : The maximum amount of the resource that is + available. + minimum : The minimum amount of the resource that is + available. + low : The lowest amount of the resource that has been + available since startup. + high : The highest amount of the resource that has been + available since startup. + average : The average amount of the resource that has been + available since startup. + free : The amount of the resource that is currently + available since startup. + inUse : The amount of the resource that is currently + in use, eg. CPU usage, memory usage." + SYNTAX INTEGER { + highUse(1), + highLoad(2), + maximum(3), + minimum(4), + low(5), + high(6), + average(7), + free(8), + inUse(9) + } + +Hardware ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to describe various hardware + resouces that can be monitored by the firewall. + + memory - identifies memory. + disk - identifies disk. + power - identifies power. + netInterface - identifies a network interface. + tape - identifies a tape drive. + controller - identifies hardware controller. + cpu - identifies CPU. + primaryUnit - identifies the primary unit of the two + identical firewalls configured redundancy. + secondaryUnit - identifies the secondary unit of the two + identical firewalls configured redundancy. + other - identifies other hardware." + SYNTAX INTEGER { + memory(1), + disk(2), + power(3), + netInterface(4), + cpu(5), + primaryUnit(6), + secondaryUnit(7), + other(8) + } + +Services ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to describe various services + that are monitored by the firewall. + + otherFWService - a service that does not fit into any + other category. + fileXferFtp - identifies FTP, File Transfer Protocol. + fileXferTftp - identifies TFTP, Trivial File + Transfer Protocol + fileXferFtps - identifies FTP, File Transfer + Protocol running over Secure Sockets Layer. + loginTelnet - identifies telnet + loginRlogin - identifies rlogin. + loginTelnets - identifies telnet over + Secure Sockets Layer(SSL). + remoteExecSunRPC - identifies Sun Remote + Procedure Call Protocol. + remoteExecMSRPC - identifies Microsoft Remote + Procedure Call Protocol. + remoteExecRsh - identifies the remote shell. + remoteExecXserver - identifies the Xwindows server. + webHttp - identifies Hyper Text Transfer Protocol. + webHttps - identifies the secure HTTP protocol. + mailSmtp - identifies SMTP, Simple Mail Transfer Protocol. + mailSmtps - identifies SMTP, Simple Mail Transfer Protocol + running over Secure Sockets Layer (SSL). + multimediaStreamworks - identifies streamworks. + multimediaH323 - identifies H323. + multimediaNetShow - identifies NetShow. + multimediaVDOLive - identifies vDOLive. + multimediaRealAV - identifies RealAV. + multimediaRTSP - identifies Real Time Streaming Protocol + dbOracle - identifies Oracle's SQL*Net. + dbMSsql - identifies MicroSoft SQL. + contInspProgLang - identifies a payload as a programming + language such as Java or ActiveX. + contInspUrl - identifies a payload as a URL. + directoryNis - identifies NIS, Network Information Service. + directoryDns - identifies DNS, Domain Name Service. + directoryNetbiosns - identifies NetBIOSNS - NetBIOS Name Service. + directoryNetbiosdgm - identifies NetBIOSNS - NetBIOS + datagram Service. + directoryNetbiosssn - identifies NetBIOSNS - NetBIOS + Session Service. + directoryWins - identifies Windows Internet Naming + Service (WINS). + qryWhois - identifies WhoIs service. + qryFinger - identifies finger. + qryIdent - identifies Ident. + fsNfsStatus - identifies Network File System (NFS) Status. + fsNfs - identifies Network File System (NFS). + fsCifs - identifies CIFS, Common Internet + File Service. + protoIcmp - identifies ICMP, Internet Control Message Protocol. + protoTcp - identifies TCP, Transmission Control Protocol. + protoUdp - identifies UDP, User Datagram Protocol. + protoIp - identifies IP, Internet Protocol. + protoSnmp - identifies SNMP, Simple Network Management Protocol." + SYNTAX INTEGER { + otherFWService(1), + fileXferFtp(2), + fileXferTftp(3), + fileXferFtps(4), + loginTelnet(5), + loginRlogin(6), + loginTelnets(7), + remoteExecSunRPC(8), + remoteExecMSRPC(9), + remoteExecRsh(10), + remoteExecXserver(11), + webHttp(12), + webHttps(13), + mailSmtp(14), + multimediaStreamworks(15), + multimediaH323(16), + multimediaNetShow(17), + multimediaVDOLive(18), + multimediaRealAV(19), + multimediaRTSP(20), + dbOracle(21), + dbMSsql(22), + contInspProgLang(23), + contInspUrl(24), + directoryNis(25), + directoryDns(26), + directoryNetbiosns(27), + directoryNetbiosdgm(28), + directoryNetbiosssn(29), + directoryWins(30), + qryWhois(31), + qryFinger(32), + qryIdent(33), + fsNfsStatus(34), + fsNfs(35), + fsCifs(36), + protoIcmp(37), + protoTcp(38), + protoUdp(39), + protoIp(40), + protoSnmp(41) + } + +HardwareStatus ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to describe various events + that are related to the resources on a firewall. + other : Generic resource event. + up : The resource is in service. + down : The resource is not in service. + error : There has been an error for this resource. + overTemp : The resource is overheating. + busy : The resource is busy. + noMedia : A device doesn't have its needed media. + backup : Processing has switched to the backup. + active : This is the active unit. + standby : This is the standby unit." + SYNTAX INTEGER { + other(1), + up(2), + down(3), + error(4), + overTemp(5), + busy(6), + noMedia(7), + backup(8), + active(9), + standby(10) + } + +SecurityEvent ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to describe various + security-related events and statistics on a firewall. + + other : Generic attack event. + none : No attack is occurring, an informational + event. + dos : A denial of service attack has been detected. + recon : A pattern of reconnaissance activity has been + detected. + pakFwd : A packet forwarding attack has been detected. + addrSpoof : A spoofed address has been detected. + svcSpoof : A spoofed service (eg., DNS) has been detected. + thirdParty : This site is being used as a third-party for + an attack on another network. For example, the + 'smurf' attack or email spamming. + complete : An attack has terminated + invlPak : An invalid packet with attack characteristics + has been detected. + illegCmd : An illegal command has been found. + policy : An attempt has reen made to violate a security + policy." + SYNTAX INTEGER { + other(1), + none(2), + dos(3), + recon(4), + pakFwd(5), + addrSpoof(6), + svcSpoof(7), + thirdParty(8), + complete(9), + invalPak(10), + illegCom(11), + policy(12) + } + +ContentInspectionEvent ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Content inspection events, these events report that + something was found in the application payload. The + details entry in the event can report on what was + found (eg., virus, company private info., etc), what it + was found in (eg., html, win32 executable, e-mail), and + what was done with it (eg., the quarantine location). + + other : A content inspection event. Used to indicate + that some content inspection has occurred that + is not covered by the other content inspection + enumerations. + okay : The check of the content was okay, nothing 'bad' + was found. + error : There was an error while checking the content. + found : Something was found that the content inspection + engine has determined merits attention. + clean : The content inspection engine has found something + that violates the security policy and has + neutralized the content in the data flow. + reject : The content inspection engine has found something + that violates the security policy and has discarded + the content. + saved : The content inspection engine has found something + that violates the security policy and has stored + it in a quarentine storage area." + SYNTAX INTEGER { + other(1), + okay(2), + error(3), + found(4), + clean(5), + reject(6), + saved(7) + } + +ConnectionEvent ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to describe various events + and statistics that are related to the connections that + occur on a firewall. + + other : A generic connection event. + accept : A connection has been acccepted. + error : An error has occurred for a connection. + drop : The connection has been dropped. + close : A connection has been closed. + timeout : A connection has been timed out. + refused : A connection has been refused. + reset : A connection has been reset. + noResp : A connection has received no response." + SYNTAX INTEGER { + other(1), + accept(2), + error(3), + drop(4), + close(5), + timeout(6), + refused(7), + reset(8), + noResp(9) + } + +ConnectionStat ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to describe various + connections statistics. + + other : A generic connection event. + totalOpen : Total open connections since reboot. + currentOpen : The number of connections currently open. + currentClosing : The number of connections currently closing. + currentHalfOpen : The number of connections currently half-open. + currentInUse : The number of connections currently in use. + high : The highest number of connections in use at + any one time since system startup." + SYNTAX INTEGER { + other(1), + totalOpen(2), + currentOpen(3), + currentClosing(4), + currentHalfOpen(5), + currentInUse(6), + high(7) + } + +AccessEvent ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to describe various events + and statistics that are related to the access control on a + firewall. + + other : Miscellaneous access event. + grant : A service has allowed access based on all + of its access checks. + deny : a client was denied use of a service. + denyMult : A client was denied use of a service + multiple times. + error : An error has ocurred during the access + control process." + SYNTAX INTEGER { + other(1), + grant(2), + deny(3), + denyMult(4), + error(5) + } + +AuthenticationEvent ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention is used to describe various events + and statistics that are related to authorization. + + other : Miscellaneous authentication event. + succ : A client successfuly authenticated. + error : Error while authenticating. + fail : A client failed an authenticating. + succPriv : A client accessed a service with special + privileges. + failPriv : A client failed to access a service with + special privileges. + failMult : Multiple failed authentication attempts by + a client." + SYNTAX INTEGER { + other(1), + succ(2), + error(3), + fail(4), + succPriv(5), + failPriv(6), + failMult(7) + } + +GenericEvent ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "Generic Events - events for which there is no more specific + enumeration + abnormal : An abnormal event has occurred that is neither + 'okay' nor an 'error'. + okay : A normal event occurred or the system has changed + from an abnormal state to a normal state + error : An error event occurred" + SYNTAX INTEGER { + abnormal(1), + okay(2), + error(3) + } + +-- The cfwBasicEventsGroup +-- +-- This group defines the table containing information that is +-- for every logged event on the firewall. The table is +-- defined along with one variable to obtain the index value of +-- the last row in the table. The table is indexed by the +-- integer-valued cfwBasicEventIndex which is assigned to events +-- in ascending chronological order, such that the oldest event +-- stored in the table has the numerically smallest value of +-- cfwBasicEventIndex." +-- +-- The index of the last row also indicates the total number +-- modulo 2**32 of events logged in the table since reboot. +-- Events are not retained across reboots. + +cfwBasicEventsTableLastRow OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index value of the most recently created row + in the cfwBasicEventsTable. This number starts at + 1 and increase by one with each new log entry. When + this number wraps, all events are deleted." + ::= { cfwBasicEvents 1 } + +cfwBasicEventsTable OBJECT-TYPE + SYNTAX SEQUENCE OF CfwBasicEventsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table of basic data for firewall events. The agent + may choose to delete the instances of cfwBasicEventsEntry + as required because of lack of memory. The oldest Events + will be selected first for deletion." + ::= { cfwBasicEvents 2 } + +cfwBasicEventsEntry OBJECT-TYPE + SYNTAX CfwBasicEventsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table, containing general information + about an event. This table will always be sparse, i.e., + each row will instanciate only a subet of the columnar + objects." + INDEX { cfwBasicEventIndex } + ::= { cfwBasicEventsTable 1 } + +CfwBasicEventsEntry ::= SEQUENCE { + cfwBasicEventIndex Unsigned32, + cfwBasicEventTime DateAndTime, + cfwBasicSecurityEventType SecurityEvent, + cfwBasicContentInspEventType ContentInspectionEvent, + cfwBasicConnectionEventType ConnectionEvent, + cfwBasicAccessEventType AccessEvent, + cfwBasicAuthenticationEventType AuthenticationEvent, + cfwBasicGenericEventType GenericEvent, + cfwBasicEventDescription SnmpAdminString, + cfwBasicEventDetailsTableRow RowPointer +} + +cfwBasicEventIndex OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry in the + log table. These indices are assigned beginning + with 1 and increase by one with each new event logged." + ::= { cfwBasicEventsEntry 1 } + +cfwBasicEventTime OBJECT-TYPE + SYNTAX DateAndTime + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The time that the event occurred." + ::= { cfwBasicEventsEntry 2 } + +cfwBasicSecurityEventType OBJECT-TYPE + SYNTAX SecurityEvent + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of security-related event that this row contains. + If the event is not security-related this object will not + be instantiated." + ::= { cfwBasicEventsEntry 3 } + +cfwBasicContentInspEventType OBJECT-TYPE + SYNTAX ContentInspectionEvent + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of content inspection-related event that this row + contains. If the event is not content inspection-related + this object will not be instantiated." + ::= { cfwBasicEventsEntry 4 } + +cfwBasicConnectionEventType OBJECT-TYPE + SYNTAX ConnectionEvent + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of connection-related event that this row contains. + If the event is not connection-related this object will not + be instantiated." + ::= { cfwBasicEventsEntry 5 } + +cfwBasicAccessEventType OBJECT-TYPE + SYNTAX AccessEvent + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of access-related event that this row contains. + If the event is not access-related this object will not be + instantiated." + ::= { cfwBasicEventsEntry 6 } + +cfwBasicAuthenticationEventType OBJECT-TYPE + SYNTAX AuthenticationEvent + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of authentication-related event that this row + contains. If the event is not authentication-related this + object will not be instantiated." + ::= { cfwBasicEventsEntry 7 } + +cfwBasicGenericEventType OBJECT-TYPE + SYNTAX GenericEvent + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The type of generic event that this row contains. If the + event does not fall into one of the other categories this + object will be populated. Otherwise, this object will not + be instantiated." + ::= { cfwBasicEventsEntry 8 } + +cfwBasicEventDescription OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A description of the event. The value of the object may + be a zero-length string." + ::= { cfwBasicEventsEntry 9 } + +cfwBasicEventDetailsTableRow OBJECT-TYPE + SYNTAX RowPointer + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A pointer to a row in the table containing details + about this event. Generally, the table will be the + cfwNetEventsTable but a Cisco-defined table may also + appear here. If there there is no more detailed + information for this event the value of this object + will have the value {0 0}." + ::= { cfwBasicEventsEntry 10 } + + + +-- Network Events +-- +-- A details table with information related to network events +-- or events involving "users" of the firewall resources and services +-- (eg., traffic flows through the firewall or a user authenticating +-- to use a firewall service). + +cfwNetEventsTableLastRow OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index value of the last row in the + cfwNetEventsTable. This number starts at 1 and + increase by one with each new log entry. When this + number wraps, all events are deleted." + ::= { cfwNetEvents 1 } + +cfwNetEventsTable OBJECT-TYPE + SYNTAX SEQUENCE OF CfwNetEventsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table of detailed data for network events. The + agent may choose to delete the instances of + cfwBasicEventsEntry as required because of lack of + memory. It is an implementation-specific matter as + to when this deletion may occur. It is recommended + that the oldest log instances are deleted first." + ::= { cfwNetEvents 2 } + +cfwNetEventsEntry OBJECT-TYPE + SYNTAX CfwNetEventsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table, containing detailed information + about an event. Note that this table may be sparse. + If Network Address Translation is not enabled + cfwNetEventInsideSrcIpAddress and + cfwNetEventInsideDstIpAddress will not be instantiated + in the row. If Port Address Translation is not enabled + cfwNetEventInsideSrcIpPort and + cfwNetEventInsideDstIpPort will not be instantiated + in the row. Entries are added to this table at the + same time that events are added to the cfwBasicEventsTable. + These two tables may be configured to be different + sizes so there may not be a one-to-one correspondence + between rows in the two tables." + INDEX { cfwNetEventIndex } + ::= { cfwNetEventsTable 1 } + +CfwNetEventsEntry ::= SEQUENCE { + cfwNetEventIndex Unsigned32, + cfwNetEventInterface InterfaceIndexOrZero, + cfwNetEventSrcIpAddress IpAddress, + cfwNetEventInsideSrcIpAddress IpAddress, + cfwNetEventDstIpAddress IpAddress, + cfwNetEventInsideDstIpAddress IpAddress, + cfwNetEventSrcIpPort INTEGER, + cfwNetEventInsideSrcIpPort INTEGER, + cfwNetEventDstIpPort INTEGER, + cfwNetEventInsideDstIpPort INTEGER, + cfwNetEventService Services, + cfwNetEventServiceInformation SnmpAdminString, + cfwNetEventIdentity SnmpAdminString, + cfwNetEventDescription SnmpAdminString +} + +cfwNetEventIndex OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An index that uniquely identifies an entry in the + log table. These indices are assigned beginning with + one and increase by one with each new log entry. When + this number wraps, all events are deleted in order to + allow the NMS to differentiate between old and new + events." + ::= { cfwNetEventsEntry 1 } + +cfwNetEventInterface OBJECT-TYPE + SYNTAX InterfaceIndexOrZero + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The interface most closely associated with this event. + For example, for an event that relates to the receipt of + a packet, this object identifies the interface on which + the packet was received. If there are multiple interfaces + associated with an event, the interface most closely + associated with the cause of the event will be used. + For example, for an event for the setup of a TCP + connection, the interface on the initiator's side + of the connection would be preferred. If there is no + associated interface, then this object has the value zero." + ::= { cfwNetEventsEntry 2 } + +cfwNetEventSrcIpAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Source IP address in the IP packet that caused the + event. If there is no packet associated with the + event this object has the value of zero. If the event is + the result of multiple packets with different source + addresses, this value may be zero or an address taken + from an arbitrarily chosen packet in the sequence of + packets causing the event." + ::= { cfwNetEventsEntry 3 } + +cfwNetEventInsideSrcIpAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Source IP address after Network Address Translation + has been applied. If NAT has not been applied to the + source address in this packet this object will not + be instantiated, resulting in a sparse table. If the + event is the result of multiple packets with different + source addresses, this value may be zero or an address + taken from an arbitrarily chosen packet in the sequence + of packets causing the event." + ::= { cfwNetEventsEntry 4 } + +cfwNetEventDstIpAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Destination IP address in the IP packet that caused + the event. If there is no packet associated with + the event this object has the value of zero. If the event + is the result of multiple packets with different destination + addresses, this value may be zero or an address taken + from an arbitrarily chosen packet in the sequence of + packets causing the event." + ::= { cfwNetEventsEntry 5 } + +cfwNetEventInsideDstIpAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Destination IP address after Network Address Translation + has been applied. If NAT has not been applied to the + destination address in this packet this object will not + be instantiated, resulting in a sparse table. If the event + is the result of multiple packets with different destination + addresses, this value may be zero or an address taken + from an arbitrarily chosen packet in the sequence of + packets causing the event." + ::= { cfwNetEventsEntry 6 } + +cfwNetEventSrcIpPort OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Source UDP/TCP port in the IP packet that caused + the event. If there is no packet associated with the + event this object has the value of zero. If the event + is the result of multiple packets with different source + ports, this value may be zero or a port taken from an + arbitrarily chosen packet in the sequence of packets + causing the event." + ::= { cfwNetEventsEntry 7 } + +cfwNetEventInsideSrcIpPort OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Source UDP/TCP port after Port Address Translation + has been applied. If PAT has not been applied to the + source port in this packet this object will not be + instantiated, resulting in a sparse table. If the + event is the result of multiple packets with different + source ports, this value may be zero or a port taken + from an arbitrarily chosen packet in the sequence of + packets causing the event." + ::= { cfwNetEventsEntry 8 } + +cfwNetEventDstIpPort OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Destination UDP/TCP port in the IP packet that caused + the event. If there is no packet associated with the + event this object has the value of zero. If the event is + the result of multiple packets with different destination + ports, this value may be zero or a port taken from an + arbitrarily chosen packet in the sequence of packets + causing the event." + ::= { cfwNetEventsEntry 9 } + +cfwNetEventInsideDstIpPort OBJECT-TYPE + SYNTAX INTEGER (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Destination UDP/TCP port after Port Address Translation + has been applied. If PAT has not been applied to the + Destination port in this packet this object will not be + instantiated, resulting in a sparse table. If the event + is the result of multiple packets with different + destination ports, this value may be zero or a port + taken from an arbitrarily chosen packet in the sequence + of packets causing the event." + ::= { cfwNetEventsEntry 10 } + +cfwNetEventService OBJECT-TYPE + SYNTAX Services + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The identification of the type of service involved + with this event." + ::= { cfwNetEventsEntry 11 } + +cfwNetEventServiceInformation OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Specific service information. This can be used to + describe the particular service indentified by + cfwNetEventService and can reflect whether the service + is a local service or a gateway service. For example, + if the value for cfwNetEventService is loginTelnet + then the string provided might be 'local telnet'." + ::= { cfwNetEventsEntry 12 } + +cfwNetEventIdentity OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object will contain a description of the entity that + caused the event. The entity could be a userid, username, + processid or other identifier for the entity using the service. + If there is no such information then this object will contain + a zero-length string." + ::= { cfwNetEventsEntry 13 } + +cfwNetEventDescription OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A detailed description of the event." + ::= { cfwNetEventsEntry 14 } + + +-- The cfwHardwareStatus +-- +-- The resource information related queries, this table is for +-- providing the status of the resources on the firewall. Resources +-- can include hardware or software modules on the firewall. + +cfwHardwareStatusTable OBJECT-TYPE + SYNTAX SEQUENCE OF CfwHardwareStatusEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table of firewall cfwHardwareStatusEntry entries." + ::= { cfwStatus 1 } + +cfwHardwareStatusEntry OBJECT-TYPE + SYNTAX CfwHardwareStatusEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table, containing status information + about a resource." + INDEX { cfwHardwareType } + ::= { cfwHardwareStatusTable 1 } + +CfwHardwareStatusEntry ::= SEQUENCE { + cfwHardwareType Hardware, + cfwHardwareInformation SnmpAdminString, + cfwHardwareStatusValue HardwareStatus, + cfwHardwareStatusDetail SnmpAdminString +} + +cfwHardwareType OBJECT-TYPE + SYNTAX Hardware + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The hardware type for which this row provides + status information." + ::= { cfwHardwareStatusEntry 1 } + +cfwHardwareInformation OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A detailed textual description of the resource + identified by cfwHardwareType." + ::= { cfwHardwareStatusEntry 2 } + +cfwHardwareStatusValue OBJECT-TYPE + SYNTAX HardwareStatus + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object contains the current status of the resource." + ::= { cfwHardwareStatusEntry 3 } + +cfwHardwareStatusDetail OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A detailed textual description of the current status of + the resource which may provide a more specific description + than cfwHardwareStatusValue." + ::= { cfwHardwareStatusEntry 4 } + + +-- The cfwBufferStatistics +-- +-- This table is for providing the statistics for the buffers +-- on the firewall. + +cfwBufferStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF CfwBufferStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table conatining status information about a firewall's + buffers." + ::= { cfwStatistics 1 } + +cfwBufferStatsEntry OBJECT-TYPE + SYNTAX CfwBufferStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table, containing status information + about a particular statistic for the set of buffers + of a particular size." + INDEX { + cfwBufferStatSize, + cfwBufferStatType + } + ::= { cfwBufferStatsTable 1 } + +CfwBufferStatsEntry ::= SEQUENCE { + cfwBufferStatSize Unsigned32, + cfwBufferStatType ResourceStatistics, + cfwBufferStatInformation SnmpAdminString, + cfwBufferStatValue Gauge32 +} + +cfwBufferStatSize OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This object contains the size of the set of buffers + for which this row contains the statistics given by + cfwBufferStatType." + ::= { cfwBufferStatsEntry 1 } + +cfwBufferStatType OBJECT-TYPE + SYNTAX ResourceStatistics + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This object identifies the type of statistic given by + this row for the particular set of buffers identified by + cfwBufferStatSize." + ::= { cfwBufferStatsEntry 2 } + +cfwBufferStatInformation OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A detailed textual description of the statistic + identified by cfwBufferStatType." + ::= { cfwBufferStatsEntry 3 } + +cfwBufferStatValue OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of the buffer statistic." + ::= { cfwBufferStatsEntry 4 } + + +-- The Firewall Connection Statistics Table +-- +-- This table can be used to provide the statistics for firewall +-- connection events or services. These "connections" can be +-- connections in a loose sense of the word - a UDP transaction +-- would qualify as a connection if the firewall maintains +-- state information to monitor the packets traversing the firewall +-- for this "connection". A uni-directional UDP "connection" could be +-- described as being "half-open" by a value of 'halfOpen' in +-- cfwConnectionStatType. +-- +-- This table contains multiple rows for each service to which the +-- statistic applies. + +cfwConnectionStatTable OBJECT-TYPE + SYNTAX SEQUENCE OF CfwConnectionStatEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table of firewall statistic instances." + ::= { cfwStatistics 2 } + +cfwConnectionStatEntry OBJECT-TYPE + SYNTAX CfwConnectionStatEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table, containing information about a + firewall statistic." + INDEX { + cfwConnectionStatService, + cfwConnectionStatType + } + ::= { cfwConnectionStatTable 1 } + +CfwConnectionStatEntry ::= SEQUENCE { + cfwConnectionStatService Services, + cfwConnectionStatType ConnectionStat, + cfwConnectionStatDescription SnmpAdminString, + cfwConnectionStatCount Counter32, + cfwConnectionStatValue Gauge32 +} + +cfwConnectionStatService OBJECT-TYPE + SYNTAX Services + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The identification of the type of connection providing + statistics." + ::= { cfwConnectionStatEntry 1 } + +cfwConnectionStatType OBJECT-TYPE + SYNTAX ConnectionStat + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The state of the connections that this row contains + statistics for." + ::= { cfwConnectionStatEntry 2 } + +cfwConnectionStatDescription OBJECT-TYPE + SYNTAX SnmpAdminString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A detailed textual description of this statistic." + ::= { cfwConnectionStatEntry 3 } + +cfwConnectionStatCount OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This is an integer that contains the value of the + resource statistic. If a type of 'gauge' is more + appropriate this object will be omitted resulting + in a sparse table." + ::= { cfwConnectionStatEntry 4 } + +cfwConnectionStatValue OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This is an integer that contains the value of the + resource statistic. If a type of 'counter' is more + appropriate this object will be omitted resulting + in a sparse table." + ::= { cfwConnectionStatEntry 5 } + +cfwConnectionPerSecond OBJECT-TYPE + SYNTAX Gauge32 + UNITS "Connections per second" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current cps rate on the firewall." + ::= { cfwStatistics 3 } + +cfwConnectionPerSecondPeak OBJECT-TYPE + SYNTAX Gauge32 + UNITS "Connections per second" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The peak cps rate hit on the firewall." + ::= { cfwStatistics 4 } + +-- Notifications + +ciscoFirewallMIBNotificationPrefix OBJECT IDENTIFIER + ::= { ciscoFirewallMIB 2 } + +ciscoFirewallMIBNotifications OBJECT IDENTIFIER + ::= { ciscoFirewallMIBNotificationPrefix 0 } + + +cfwSecurityNotification NOTIFICATION-TYPE + OBJECTS { + cfwBasicEventTime, + cfwBasicSecurityEventType, + cfwBasicEventDescription, + cfwBasicEventDetailsTableRow + } + STATUS current + DESCRIPTION + "This notification is used for events involving security + events. The included objects provide more detailed + information about the event." + ::= { ciscoFirewallMIBNotifications 2 } + +cfwContentInspectNotification NOTIFICATION-TYPE + OBJECTS { + cfwBasicEventTime, + cfwBasicContentInspEventType, + cfwBasicEventDescription, + cfwBasicEventDetailsTableRow + } + STATUS current + DESCRIPTION + "This notification is used to notify the NMS of content + inspection events. The included objects provide more + detailed information about the event." + ::= { ciscoFirewallMIBNotifications 3 } + +cfwConnNotification NOTIFICATION-TYPE + OBJECTS { + cfwBasicEventTime, + cfwBasicConnectionEventType, + cfwBasicEventDescription, + cfwBasicEventDetailsTableRow + } + STATUS current + DESCRIPTION + "This notification is used to notify the NMS of + connection-oriented events. The included objects provide + more detailed information about the event." + ::= { ciscoFirewallMIBNotifications 4 } + +cfwAccessNotification NOTIFICATION-TYPE + OBJECTS { + cfwBasicEventTime, + cfwBasicAccessEventType, + cfwBasicEventDescription, + cfwBasicEventDetailsTableRow + } + STATUS current + DESCRIPTION + "This notification is used to notify the NMS of access + events. The included objects provide more detailed + information about the event." + ::= { ciscoFirewallMIBNotifications 5 } + +cfwAuthNotification NOTIFICATION-TYPE + OBJECTS { + cfwBasicEventTime, + cfwBasicAuthenticationEventType, + cfwBasicEventDescription, + cfwBasicEventDetailsTableRow + } + STATUS current + DESCRIPTION + "This notification is used to notify the NMS of + authentication events. The included objects provide + more detailed information about the event." + ::= { ciscoFirewallMIBNotifications 6 } + +cfwGenericNotification NOTIFICATION-TYPE + OBJECTS { + cfwBasicEventTime, + cfwBasicGenericEventType, + cfwBasicEventDescription, + cfwBasicEventDetailsTableRow + } + STATUS current + DESCRIPTION + "This notification is used to notify the NMS of events + that do not fall into the other categories. The included + objects provide more detailed information about the event." + ::= { ciscoFirewallMIBNotifications 7 } +-- Conformance + +ciscoFirewallMIBConformance OBJECT IDENTIFIER + ::= { ciscoFirewallMIB 3 } + +ciscoFirewallMIBCompliances OBJECT IDENTIFIER + ::= { ciscoFirewallMIBConformance 1 } + +ciscoFirewallMIBGroups OBJECT IDENTIFIER + ::= { ciscoFirewallMIBConformance 2 } + + +-- Conformance + +ciscoFirewallMIBCompliance MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for entities which implement + the Cisco FirewallMIB." + MODULE -- this module + MANDATORY-GROUPS { ciscoFirewallMIBStatisticsGroup } + ::= { ciscoFirewallMIBCompliances 1 } + +ciscoFirewallMIBComplianceRev1 MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for entities which implement + the Cisco FirewallMIB." + MODULE -- this module + MANDATORY-GROUPS { ciscoFirewallMIBStatisticsGroup } + + GROUP ciscoFirewallMIBEventsGroup + DESCRIPTION + "Implementation of these objects is not required." + + GROUP ciscoFirewallMIBNotificationGroupRev1 + DESCRIPTION + "Implementation of these notifications is not required." + ::= { ciscoFirewallMIBCompliances 2 } + +-- Units of Conformance + +ciscoFirewallMIBEventsGroup OBJECT-GROUP + OBJECTS { + cfwBasicEventsTableLastRow, + cfwBasicEventTime, + cfwBasicSecurityEventType, + cfwBasicContentInspEventType, + cfwBasicConnectionEventType, + cfwBasicAccessEventType, + cfwBasicAuthenticationEventType, + cfwBasicGenericEventType, + cfwBasicEventDescription, + cfwBasicEventDetailsTableRow, + cfwNetEventsTableLastRow, + cfwNetEventInterface, + cfwNetEventSrcIpAddress, + cfwNetEventInsideSrcIpAddress, + cfwNetEventDstIpAddress, + cfwNetEventInsideDstIpAddress, + cfwNetEventSrcIpPort, + cfwNetEventInsideSrcIpPort, + cfwNetEventDstIpPort, + cfwNetEventInsideDstIpPort, + cfwNetEventService, + cfwNetEventServiceInformation, + cfwNetEventIdentity, + cfwNetEventDescription + } + STATUS current + DESCRIPTION + "Firewall events" + ::= { ciscoFirewallMIBGroups 1 } + +ciscoFirewallMIBStatisticsGroup OBJECT-GROUP + OBJECTS { + cfwHardwareInformation, + cfwHardwareStatusValue, + cfwHardwareStatusDetail, + cfwBufferStatInformation, + cfwBufferStatValue, + cfwConnectionStatDescription, + cfwConnectionStatCount, + cfwConnectionStatValue + } + STATUS current + DESCRIPTION + "Firewall statistics" + ::= { ciscoFirewallMIBGroups 2 } + +ciscoFirewallMIBNotificationGroup OBJECT-GROUP + OBJECTS { + cfwBasicEventTime, + cfwBasicSecurityEventType, + cfwBasicContentInspEventType, + cfwBasicConnectionEventType, + cfwBasicAccessEventType, + cfwBasicAuthenticationEventType, + cfwBasicGenericEventType, + cfwBasicEventDescription, + cfwBasicEventDetailsTableRow + } + STATUS obsolete + DESCRIPTION + "Firewall Notifications" + ::= { ciscoFirewallMIBGroups 3 } + +ciscoFirewallMIBNotificationGroupRev1 NOTIFICATION-GROUP + NOTIFICATIONS { + cfwSecurityNotification, + cfwContentInspectNotification, + cfwConnNotification, + cfwAccessNotification, + cfwAuthNotification, + cfwGenericNotification + } + STATUS current + DESCRIPTION + "Firewall Notifications" + ::= { ciscoFirewallMIBGroups 4 } + +END + + |