-- *------------------------------------------------------------------ -- * CISCO-UNIFIED-FIREWALL-MIB.my: Cisco Firewall MIB. -- * -- * Sep 2005, fw-mib-dev@cisco.com -- * -- * Copyright (c) 2005, 2019-2021 by cisco Systems Inc. -- * All rights reserved. -- * -- *------------------------------------------------------------------ CISCO-UNIFIED-FIREWALL-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Counter64, Gauge32, Counter32, Integer32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF TruthValue, DateAndTime, DisplayString, TEXTUAL-CONVENTION, TimeStamp FROM SNMPv2-TC InetAddressType, InetAddress, InetPortNumber FROM INET-ADDRESS-MIB dot1dTpFdbPort, dot1dTpFdbStatus FROM BRIDGE-MIB InterfaceIndex FROM IF-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB CFWNetworkProtocol, CFWApplicationProtocol, CFWPolicy, CFWPolicyTarget, CFWPolicyTargetType, CFWUrlfVendorId, CFWUrlServerStatus FROM CISCO-FIREWALL-TC Hardware, HardwareStatus FROM CISCO-FIREWALL-MIB ciscoMgmt FROM CISCO-SMI; ciscoUnifiedFirewallMIB MODULE-IDENTITY LAST-UPDATED "202103180000Z" ORGANIZATION "Cisco Systems" CONTACT-INFO "Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-firewalls@cisco.com" DESCRIPTION "Overview of Cisco Firewall MIB ============================== This MIB Module models status and performance statistics pertaining to the common features supported by Cisco firewall implementations. For each firewall feature, capability (if applicable) and statistics are defined. Supporting the configuration of firewall features is outside the scope of this MIB. Following are the major firewall features: 1) 'Stateful Packet Filtering' Creating and maintaining the state of authorized traffic flows dynamically to permit only flows authorized by the policy is a mandatory function of a firewall. This MIB instruments the activity and memory usage by this function. 2) 'Application Inspection' This refers to the function of inspecting the headers of layer 3 and layer 4 protocols and creating dynamic entries in the connection table for traffic flows spawned by an already established traffic flow. This MIB reflects the protocols that are being inspected. 3) 'URL Filtering' This refers to the function of facilitating or restricting URL access requests through the firewall by consulting either local policy or that configured on a dedicated URL filtering server. This MIB instruments the URL filtering activity, the status and activity of distinct URL filtering servers configured on the firewall and the impact of the performance of the URL filtering servers on the latency and throughput of the firewall. 4) 'Proxy Authentication' This refers to the function of authenticating and/or authorizing users on behalf of servers on the secure side of the firewall. This operation could affect the throughput of the firewall. The MIB objects pertaining to Proxy Authentication will be defined in a subsequent revision of this MIB. 5) 'Transparent Mode Operation' A firewall could operate as a bridge and yet filter traffic based on layer 3-layer 7 control and payload information. Operating in this mode makes it easy to implement a firewall without fragmenting existing subnets. Another advantage of this mode of operation is enhanced security. This MIB instruments the status, activity, and performance of the firewall in this mode. Please note that to fully manage a firewall operating in this mode, the firewall must also support the bridge MIB (BRIDGE-MIB). 6) 'Advanced Application Inspection and Control' This function is also termed 'Application Firewall' and pertains to inspecting payload and headers of application traffic to make sure the traffic flows conform to the configured security policy. Monitoring this function entails identifying the security alerts generated by this function and measuring the impact on firewall performance by this task. Application Firewall will be instrumented in a separate MIB dedicated for the function. 7) 'Failover' or 'Redundancy' Redundancy configuration is essential for business critical firewalls. Instrumenting this function entails reflecting the configuration of redundancy and identifying failover events. The MIB objects pertaining to Proxy Authentication will be defined in a subsequent revision of this MIB. The management information for each firewall feature is defined in a distinct module compliance unit. The compliance units corresponding to basic features of firewalls are defined as mandatory. Acronyms ======== Following are definitions of some terms used in this module. Please refer to the module conformance for a glossary of feature-specific terms. `Firewall' A firewall is a set of related programs, implemented on a host or a network device, that protects the resources of a private network from users from other networks. Common firewalling functions include stateful packet filtering, proxy authentication of users on behalf of applications on the secure side of the firewall, URL access control, inspection of payload of traffic streams to determine security threats. `Layer2 Firewall' or 'Transparent Firewall' A firewall device that operates as a bridge while performing firewalling function. `Connection' The record in the firewall of a traffic strean that has been authorized to flow through the firewall. `Half Open Connection' For a connection oriented protocol: a connection that has not reached the established on both the sides of the connection. For a connection-less protocol: the connection corresponding to a traffic stream where traffic flow has occurred (since the establishment of the connection entry) only on one direction. `Embryonic Connection' The connection entry corresponding to an application layer protocol in which the signaling channel has been established while the setup of the data channel is underway. `Policy' An element of firewall configuration that identifies the access rights to a resource by a traffic source. An example of a policy is an Access Control Rule. `Policy Target' An entity to which a policy is applied so that the action corresponding to the policy is taken only on traffic streams associated with the entity. An example of a policy target is an interface. `URL Filtering Server' A server which is employed by the firewall to enforce URL access policies. `Protocol Data Unit' or PDU An instance of the unit of information using which a protocol operates is called the Protocol Data Unit or the PDU of the protocol. `Deep Packet Inspection' The task of examining the contents of the payloads of one or more layer 7 application protocols with a view to enforcing the local security policies termed 'Deep Packet Inspection'. `Advanced Application Inspection and Control' An entity that performs deep packet inspection of layer 7 application protocol data units is termed an 'Application Firewall'." REVISION "202103180000Z" DESCRIPTION "Update includes defining cufwAspFlowDropsTable and cufwAspFrameDropsTable." REVISION "202010290000Z" DESCRIPTION "Update includes defining cufwAaicSnortEvRates and cufwAaicIntrusionEvtRate." REVISION "202003060000Z" DESCRIPTION "Update includes changing datatype from TimeStamp into String in cuFwClusterGrp & cuFwFailoverGrp." REVISION "202001070000Z" DESCRIPTION "Update includes defining cuFwClusterGrp." REVISION "201912120000Z" DESCRIPTION "Update includes defining cuFwFailoverGrp." REVISION "200509220000Z" DESCRIPTION "Initial version of this module." ::= { ciscoMgmt 491 } -- Tentative anchor under ciscoMgmt -- -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Cisco Firewall MIB Object Groups -- -- This MIB module contains the following groups: -- 1) Connection Activity Summary -- 2) Application Inspection group -- 3) URL Filtering group -- 4) Failover group -- 5) Advanced Application Inspection and Control group -- 6) Transparent firewall group -- 7) Notification and control group -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ciscoUnifiedFirewallMIBNotifs OBJECT IDENTIFIER ::= { ciscoUnifiedFirewallMIB 0 } ciscoUnifiedFirewallMIBObjects OBJECT IDENTIFIER ::= { ciscoUnifiedFirewallMIB 1 } ciscoUnifiedFirewallMIBConform OBJECT IDENTIFIER ::= { ciscoUnifiedFirewallMIB 2 } cuFwConnectionGrp OBJECT IDENTIFIER ::= { ciscoUnifiedFirewallMIBObjects 1 } cuFwApplInspectionGrp OBJECT IDENTIFIER ::= { ciscoUnifiedFirewallMIBObjects 2 } cuFwUrlFilterGrp OBJECT IDENTIFIER ::= { ciscoUnifiedFirewallMIBObjects 3 } cuFwFailoverGrp OBJECT IDENTIFIER ::= { ciscoUnifiedFirewallMIBObjects 4 } cuFwAaicGrp OBJECT IDENTIFIER ::= { ciscoUnifiedFirewallMIBObjects 5 } cuFwL2FwGrp OBJECT IDENTIFIER ::= { ciscoUnifiedFirewallMIBObjects 6 } cuFwNotifCntlGrp OBJECT IDENTIFIER ::= { ciscoUnifiedFirewallMIBObjects 7 } cuFwClusterGrp OBJECT IDENTIFIER ::= { ciscoUnifiedFirewallMIBObjects 8 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Firewall Connection Summary Table -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ cuFwConnectionGlobals OBJECT IDENTIFIER ::= { cuFwConnectionGrp 1 } cuFwConnectionResources OBJECT IDENTIFIER ::= { cuFwConnectionGrp 2 } cuFwConnectionReportSettings OBJECT IDENTIFIER ::= { cuFwConnectionGrp 3 } cuFwConnectionSummaryTables OBJECT IDENTIFIER ::= { cuFwConnectionGrp 4 } -- Connection Activity: Global summary cufwConnGlobalNumAttempted OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "Connection Statistics Aggregation Connection 1 +-----------+ ------------->| |-------> Global Connection Summary Connection 2 | | ------------->| | Connection 3 | | ------------->| First |------------> ConnSummary | Level | (i.e, L-3/4 Protocol Connection 4 |Aggregation| Connection Summary) ------------->| | . | | . | |---------------> PolicyConnSummary Connection N | | (i.e, L-3/4 Policy Target based ------------->| | Protocol Connection Summary) +-----------+ +-----------+ L-3/4 Protocol | | Connection Summary | | ------------------>| |---------> AppConnSummary | | (i.e, L-7 Protocol | Second | Connection Summary) |---Level---| L-3/4 Policy Target |Aggregation| based Protocol | | Connection Summary | | ------------------>| |---------------> PolicyAppConnSummary | | (i.e, L-7 Policy Target based | | Protocol Connection Summary) +-----------+ Specifically, the object 'cufwConnGlobalNumAttempted' models the number of connections which are attempted to be set up through the firewall. This value is accumulated from the last reboot of the firewall." ::= { cuFwConnectionGlobals 1 } cufwConnGlobalNumSetupsAborted OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connection setup attempts that were aborted before the connection could proceed to completion. The counter includes setup attempts aborted by the firewall as well as those aborted by the initiator and/or the responder(s) of/to the connection setup attempt. Consequently, this value subsumes the values of objects 'cufwConnGlobalNumPolicyDeclined' and 'cufwConnGlobalNumResDeclined'. This value is accumulated from the last reboot of the firewall." ::= { cuFwConnectionGlobals 2 } cufwConnGlobalNumPolicyDeclined OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections which were attempted to be setup but which were declined due to reasons of security policy. This includes the connections that failed authentication. This value is accumulated from the last reboot of the firewall." ::= { cuFwConnectionGlobals 3 } cufwConnGlobalNumResDeclined OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections which were attempted to be setup but which were declined due to non-availability of required resources. This value is accumulated from the last reboot of the firewall." ::= { cuFwConnectionGlobals 4 } cufwConnGlobalNumHalfOpen OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections which are in the process of being setup but which have not yet reached the established state in the connection table." ::= { cuFwConnectionGlobals 5 } cufwConnGlobalNumActive OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections which are currently active." ::= { cuFwConnectionGlobals 6 } cufwConnGlobalNumExpired OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections which were active but which were since normally terminated. This value is accumulated from the last reboot of the firewall." ::= { cuFwConnectionGlobals 7 } cufwConnGlobalNumAborted OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections which were active but which were aborted by the firewall due to reasons of policy or resource rationing. This value is accumulated from the last reboot of the firewall." ::= { cuFwConnectionGlobals 8 } cufwConnGlobalNumEmbryonic OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of embryonic application layer connections (that is, connections in which the signaling channel has been established while the data channel is awaiting setup). This value is accumulated from the last reboot of the firewall." ::= { cuFwConnectionGlobals 9 } cufwConnGlobalConnSetupRate1 OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections per second" MAX-ACCESS read-only STATUS current DESCRIPTION "The averaged number of connections which the firewall establishing per second, averaged over the last 60 seconds." ::= { cuFwConnectionGlobals 10 } cufwConnGlobalConnSetupRate5 OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections per second" MAX-ACCESS read-only STATUS current DESCRIPTION "The averaged number of connections which the firewall establishing per second, averaged over the last 300 seconds." ::= { cuFwConnectionGlobals 11 } cufwConnGlobalNumRemoteAccess OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of active connections which correspond to remote access applications. Specifically, the protocol for which the connection is established must be one of PPP, PPTP, L2TP or remote access IPsec (IPsec connections employing extended authentication). This value is accumulated from the last reboot of the firewall." ::= { cuFwConnectionGlobals 12 } -- Resource consumption by connection activity cufwConnResMemoryUsage OBJECT-TYPE SYNTAX Gauge32 UNITS "KBytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of memory occupied by all structures required to maintain the state of all connections which are either being established or are active." ::= { cuFwConnectionResources 1 } cufwConnResActiveConnMemoryUsage OBJECT-TYPE SYNTAX Gauge32 UNITS "KBytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of memory occupied by all structures required to maintain the state of all active connections." ::= { cuFwConnectionResources 2 } cufwConnResHOConnMemoryUsage OBJECT-TYPE SYNTAX Gauge32 UNITS "KBytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of memory occupied by all structures required to maintain the state of all half open connections." ::= { cuFwConnectionResources 3 } cufwConnResEmbrConnMemoryUsage OBJECT-TYPE SYNTAX Gauge32 UNITS "KBytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of memory occupied by all structures required to maintain the state of all embryonic connections." ::= { cuFwConnectionResources 4 } -- Connection Activity Report Settings: Controls to -- configure the MIB to change connection activity reporting -- settings. cufwConnReptAppStats OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to 'true' enables the MIB to report connection activity statistics pertaining to application protocols. If this object is set to 'false', the agent should stop updating the objects defined in this module pertaining to application protocols. Application monitoring could be a resource intensive operation. It is expected that the administrators would use this control to disable application monitoring when the performance of the firewall is degrading." DEFVAL { false } ::= { cuFwConnectionReportSettings 1 } cufwConnReptAppStatsLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The time at which the value of cufwConnReptAppStats was last changed." ::= { cuFwConnectionReportSettings 2 } -- Connection Activity: Protocol-based summary cufwConnSummaryTable OBJECT-TYPE SYNTAX SEQUENCE OF CufwConnSummaryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table summarizes the connection activity on the firewall per layer3-layer 4 protocol instance. Each entry in the table lists the connection summary of a distinct network protocol. For instance, the conceptual row corresponding to the index cufwConnProtocol = fwpTcp yields the summary of TCP connection activity on the firewall since its reboot." ::= { cuFwConnectionSummaryTables 1 } cufwConnSummaryEntry OBJECT-TYPE SYNTAX CufwConnSummaryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the summary of connection activity for a layer3-layer4 network protocol." INDEX { cufwConnProtocol } ::= { cufwConnSummaryTable 1 } CufwConnSummaryEntry ::= SEQUENCE { cufwConnProtocol CFWNetworkProtocol, cufwConnNumAttempted Counter64, cufwConnNumSetupsAborted Counter64, cufwConnNumPolicyDeclined Counter64, cufwConnNumResDeclined Counter64, cufwConnNumHalfOpen Gauge32, cufwConnNumActive Gauge32, cufwConnNumAborted Counter64, cufwConnSetupRate1 Gauge32, cufwConnSetupRate5 Gauge32 } cufwConnProtocol OBJECT-TYPE SYNTAX CFWNetworkProtocol MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (L3-L4) protocol for which this conceptual row summarizes the connection activity on the managed entity." ::= { cufwConnSummaryEntry 1 } cufwConnNumAttempted OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections attempted since the last reboot of the firewall, corresponding to the protocol denoted by 'cufwConnProtocol'. This value is accumulated from the last reboot of the firewall." ::= { cufwConnSummaryEntry 2 } cufwConnNumSetupsAborted OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connection setup attempts, corresponding to the protocol denoted by 'cufwConnProtocol', that were aborted before the connection could proceed to completion. The counter includes setup attempts aborted by the firewall as well as those aborted by the initiator and/or the responder(s) of/to the connection setup attempt. Consequently, this value subsumes the values of objects 'cufwConnNumPolicyDeclined' and 'cufwConnNumResDeclined'. This value is accumulated from the last reboot of the firewall." ::= { cufwConnSummaryEntry 3 } cufwConnNumPolicyDeclined OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connection attempts that were declined due to security policy, corresponding to the protocol denoted by 'cufwConnProtocol'. This value is accumulated from the last reboot of the firewall." ::= { cufwConnSummaryEntry 4 } cufwConnNumResDeclined OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connection attempts that were declined due to resource unavailability, corresponding to the protocol denoted by 'cufwConnProtocol'. This value is accumulated from the last reboot of the firewall." ::= { cufwConnSummaryEntry 5 } cufwConnNumHalfOpen OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections that are currently in the process of being established, corresponding to the protocol denoted by 'cufwConnProtocol'." ::= { cufwConnSummaryEntry 6 } cufwConnNumActive OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections that are currently active, corresponding to the protocol denoted by 'cufwConnProtocol'." ::= { cufwConnSummaryEntry 7 } cufwConnNumAborted OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections that were abnormally terminated after successful establishment, corresponding to the protocol denoted by 'cufwConnProtocol'. This value is accumulated from the last reboot of the firewall." ::= { cufwConnSummaryEntry 8 } cufwConnSetupRate1 OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections Per Second" MAX-ACCESS read-only STATUS current DESCRIPTION "The connection setup rate averaged over the last 60 seconds corresponding to the protocol denoted by 'cufwConnProtocol'." ::= { cufwConnSummaryEntry 9 } cufwConnSetupRate5 OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections Per Second" MAX-ACCESS read-only STATUS current DESCRIPTION "The connection setup rate averaged over the last 300 seconds corresponding to the protocol denoted by 'cufwConnProtocol'." ::= { cufwConnSummaryEntry 10 } -- Layer 7 protocol based connection summary cufwAppConnSummaryTable OBJECT-TYPE SYNTAX SEQUENCE OF CufwAppConnSummaryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists the summary of firewall connections pertaining to Layer 7 protocols, catalogued by distinct application protocols. Each entry in the table lists the connection summary corresponding to a distinct application protocol. For instance, to obtain the connection summary for SMTP on the firewall since the last reboot of the device, use the conceptual row corresponding to cufwAppConnProtocol = fwApSmtp" ::= { cuFwConnectionSummaryTables 2 } cufwAppConnSummaryEntry OBJECT-TYPE SYNTAX CufwAppConnSummaryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the summary of connection activity for a distinct layer 7 protocol identified by the index element 'cufwAppConnProtocol'." INDEX { cufwAppConnProtocol } ::= { cufwAppConnSummaryTable 1 } CufwAppConnSummaryEntry ::= SEQUENCE { cufwAppConnProtocol CFWApplicationProtocol, cufwAppConnNumAttempted Counter64, cufwAppConnNumSetupsAborted Counter64, cufwAppConnNumPolicyDeclined Counter64, cufwAppConnNumResDeclined Counter64, cufwAppConnNumHalfOpen Gauge32, cufwAppConnNumActive Gauge32, cufwAppConnNumAborted Counter64, cufwAppConnSetupRate1 Gauge32, cufwAppConnSetupRate5 Gauge32 } cufwAppConnProtocol OBJECT-TYPE SYNTAX CFWApplicationProtocol MAX-ACCESS not-accessible STATUS current DESCRIPTION "The layer7 protocol for which this conceptual row summarizes the connection activity for this firewall." ::= { cufwAppConnSummaryEntry 1 } cufwAppConnNumAttempted OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections attempted since the last reboot of the firewall, corresponding to the protocol denoted by 'cufwAppConnProtocol'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats." ::= { cufwAppConnSummaryEntry 2 } cufwAppConnNumSetupsAborted OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connection setup attempts, corresponding to the protocol denoted by 'cufwAppConnProtocol', that were aborted before the connection could proceed to completion. The counter includes setup attempts aborted by the firewall as well as those aborted by the initiator and/or the responder(s) of/to the connection setup attempt. Consequently, this value subsumes the values of objects 'cufwAppConnNumPolicyDeclined' and 'cufwAppConnNumResDeclined'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats." ::= { cufwAppConnSummaryEntry 3 } cufwAppConnNumPolicyDeclined OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connection attempts that were declined due to security policy, corresponding to the protocol denoted by 'cufwAppConnProtocol'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats." ::= { cufwAppConnSummaryEntry 4 } cufwAppConnNumResDeclined OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connection attempts that were declined due to resource unavailability, corresponding to the protocol denoted by 'cufwAppConnProtocol'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats." ::= { cufwAppConnSummaryEntry 5 } cufwAppConnNumHalfOpen OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections that are currently in the process of being established, corresponding to the protocol denoted by 'cufwAppConnProtocol'." ::= { cufwAppConnSummaryEntry 6 } cufwAppConnNumActive OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections that are currently active, corresponding to the protocol denoted by 'cufwAppConnProtocol'." ::= { cufwAppConnSummaryEntry 7 } cufwAppConnNumAborted OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections that were terminated by the firewall successful establishment, corresponding to the protocol denoted by 'cufwAppConnProtocol'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats." ::= { cufwAppConnSummaryEntry 8 } cufwAppConnSetupRate1 OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections Per Second" MAX-ACCESS read-only STATUS current DESCRIPTION "The connection setup rate averaged over the last 60 seconds corresponding to the protocol denoted by 'cufwAppConnProtocol'." ::= { cufwAppConnSummaryEntry 9 } cufwAppConnSetupRate5 OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections Per Second" MAX-ACCESS read-only STATUS current DESCRIPTION "The connection setup rate averaged over the last 300 seconds corresponding to the protocol denoted by 'cufwAppConnProtocol'." ::= { cufwAppConnSummaryEntry 10 } -- Connection Activity: Policy-based summary cufwPolicyConnSummaryTable OBJECT-TYPE SYNTAX SEQUENCE OF CufwPolicyConnSummaryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists the summary of firewall connections for layer3-layer 4 protocols catalogued on a per policy basis. Each entry in the table lists the connection summary of a distinct network protocol, configured on the specified policy on the firewall, and pertaining to a specified target to which the policy is currently applied. If a policy is bound to a target, it would have one or more entries in this table. If the policy is detached from the target, all entries corresponding to the association between the policy and the target are elminated from this table. Although the information is indexed by policy targets as well, one may aggregate the connection summary for a specific policy across all the target to which the policy is currently applied by setting cufwConnPolicyTargetType = 'targetAll'" ::= { cuFwConnectionSummaryTables 3 } cufwPolicyConnSummaryEntry OBJECT-TYPE SYNTAX CufwPolicyConnSummaryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the summary of connection activity for a specific protocol in a specific policy applied to the specified policy target." INDEX { cufwPolConnPolicy, cufwPolConnPolicyTargetType, cufwPolConnPolicyTarget, cufwPolConnProtocol } ::= { cufwPolicyConnSummaryTable 1 } CufwPolicyConnSummaryEntry ::= SEQUENCE { cufwPolConnPolicy CFWPolicy, cufwPolConnPolicyTargetType CFWPolicyTargetType, cufwPolConnPolicyTarget CFWPolicyTarget, cufwPolConnProtocol CFWNetworkProtocol, cufwPolConnNumAttempted Counter64, cufwPolConnNumSetupsAborted Counter64, cufwPolConnNumPolicyDeclined Counter64, cufwPolConnNumResDeclined Counter64, cufwPolConnNumHalfOpen Gauge32, cufwPolConnNumActive Gauge32, cufwPolConnNumAborted Counter64 } cufwPolConnPolicy OBJECT-TYPE SYNTAX CFWPolicy MAX-ACCESS not-accessible STATUS current DESCRIPTION "The identity of the firewall policy for which this conceptual row contains the connection activity summary." ::= { cufwPolicyConnSummaryEntry 1 } cufwPolConnPolicyTargetType OBJECT-TYPE SYNTAX CFWPolicyTargetType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of the entity to which the firewall policy 'cufwPolConnPolicy' has been applied. This could be an interface type (most commonly), the type of another object or a group of objects defined in the firewall configuration. When this object is set to 'targetALL', the value of index object cufwConnPolicyTarget is ignored." ::= { cufwPolicyConnSummaryEntry 2 } cufwPolConnPolicyTarget OBJECT-TYPE SYNTAX CFWPolicyTarget (SIZE (0..128)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The identity of the entity to which the firewall policy 'cufwPolConnPolicy' is applied. This could be an interface object (most commonly), another object or group of objects defined in the firewall configuration." ::= { cufwPolicyConnSummaryEntry 3 } cufwPolConnProtocol OBJECT-TYPE SYNTAX CFWNetworkProtocol MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (L3-L4) protocol corresponding to which this conceptual row summarizes the connection activity on the firewall." ::= { cufwPolicyConnSummaryEntry 4 } cufwPolConnNumAttempted OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections attempted since the last reboot of the firewall, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'." ::= { cufwPolicyConnSummaryEntry 5 } cufwPolConnNumSetupsAborted OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connection setup attempts, corresponding to the protocol denoted by 'cufwPolConnProtocol', associated with the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget', that were aborted before the connection could proceed to completion. The counter includes setup attempts aborted by the firewall as well as those aborted by the initiator and/or the responder(s) of/to the connection setup attempt. Consequently, this value subsumes the values of objects 'cufwPolConnNumPolicyDeclined' and 'cufwPolConnNumResDeclined'." ::= { cufwPolicyConnSummaryEntry 6 } cufwPolConnNumPolicyDeclined OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connection attempts that were declined due to security policy, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'." ::= { cufwPolicyConnSummaryEntry 7 } cufwPolConnNumResDeclined OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connection attempts that were declined due to resource unavailability, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'." ::= { cufwPolicyConnSummaryEntry 8 } cufwPolConnNumHalfOpen OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections that are currently in the process of being established, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'." ::= { cufwPolicyConnSummaryEntry 9 } cufwPolConnNumActive OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections that are currently active, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'." ::= { cufwPolicyConnSummaryEntry 10 } cufwPolConnNumAborted OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections that were abnormally terminated after successful establishment, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'." ::= { cufwPolicyConnSummaryEntry 11 } -- Layer 7 protocol policy based connection summary cufwPolicyAppConnSummaryTable OBJECT-TYPE SYNTAX SEQUENCE OF CufwPolicyAppConnSummaryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists the summary of firewall connections pertaining to Layer 7 protocols, catalogued on a per policy basis Each entry in the table lists the connection summary of a distinct application protocol, configured on the specified policy on the firewall, and pertaining to a specified target to which the policy has been applied. If a policy is bound to a target, it would have one or more entries in this table. If the policy is detached from the target, all entries corresponding to the association between the policy and the target are elminated from this table. Although the information is indexed by policy targets as well, one may aggregate the connection summary for a specific policy across all the target to which the policy is currently applied by setting cufwAppConnPolicyTargetType = 'targetALL'" ::= { cuFwConnectionSummaryTables 4 } cufwPolicyAppConnSummaryEntry OBJECT-TYPE SYNTAX CufwPolicyAppConnSummaryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the summary of connection activity for a specific layer 7 protocol in a specific policy applied to the specified policy target." INDEX { cufwPolAppConnPolicy, cufwPolAppConnPolicyTargetType, cufwPolAppConnPolicyTarget, cufwPolAppConnProtocol } ::= { cufwPolicyAppConnSummaryTable 1 } CufwPolicyAppConnSummaryEntry ::= SEQUENCE { cufwPolAppConnPolicy CFWPolicy, cufwPolAppConnPolicyTargetType CFWPolicyTargetType, cufwPolAppConnPolicyTarget CFWPolicyTarget, cufwPolAppConnProtocol CFWApplicationProtocol, cufwPolAppConnNumAttempted Counter64, cufwPolAppConnNumSetupsAborted Counter64, cufwPolAppConnNumPolicyDeclined Counter64, cufwPolAppConnNumResDeclined Counter64, cufwPolAppConnNumHalfOpen Gauge32, cufwPolAppConnNumActive Gauge32, cufwPolAppConnNumAborted Counter64 } cufwPolAppConnPolicy OBJECT-TYPE SYNTAX CFWPolicy MAX-ACCESS not-accessible STATUS current DESCRIPTION "The identity of the firewall policy for which this conceptual row contains the connection activity summary." ::= { cufwPolicyAppConnSummaryEntry 1 } cufwPolAppConnPolicyTargetType OBJECT-TYPE SYNTAX CFWPolicyTargetType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of the entity to which the firewall policy 'cufwPolAppConnPolicy' has been applied. This could be an interface type (most commonly), the type of another object or a group of objects defined in the firewall configuration. When this object is set to 'targetALL', the value of index object cufwAppConnPolicyTarget is ignored." ::= { cufwPolicyAppConnSummaryEntry 2 } cufwPolAppConnPolicyTarget OBJECT-TYPE SYNTAX CFWPolicyTarget (SIZE (0..128)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The identity of the entity to which the firewall policy 'cufwPolAppProtocol' refers. This could be an interface object (most commonly), another object or group of objects defined in the firewall configuration." ::= { cufwPolicyAppConnSummaryEntry 3 } cufwPolAppConnProtocol OBJECT-TYPE SYNTAX CFWApplicationProtocol MAX-ACCESS not-accessible STATUS current DESCRIPTION "The layer7 protocol for which this conceptual row summarizes the connection activity for this firewall." ::= { cufwPolicyAppConnSummaryEntry 4 } cufwPolAppConnNumAttempted OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections attempted since the last reboot of the firewall, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats." ::= { cufwPolicyAppConnSummaryEntry 5 } cufwPolAppConnNumSetupsAborted OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connection setup attempts, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', associated with the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget', that were aborted before the connections could proceed to completion. The counter includes setup attempts aborted by the firewall as well as those aborted by the initiator and/or the responder(s) of/to the connection setup attempt. Consequently, this value subsumes the values of objects 'cufwPolAppConnNumPolicyDeclined' and 'cufwPolAppConnNumResDeclined'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats." ::= { cufwPolicyAppConnSummaryEntry 6 } cufwPolAppConnNumPolicyDeclined OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connection attempts that were declined due to security policy, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats." ::= { cufwPolicyAppConnSummaryEntry 7 } cufwPolAppConnNumResDeclined OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connection attempts that were declined due to resource unavailability, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats." ::= { cufwPolicyAppConnSummaryEntry 8 } cufwPolAppConnNumHalfOpen OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections that are currently in the process of being established, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'." ::= { cufwPolicyAppConnSummaryEntry 9 } cufwPolAppConnNumActive OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections that are currently active, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'." ::= { cufwPolicyAppConnSummaryEntry 10 } cufwPolAppConnNumAborted OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections that were abnormally terminated after successful establishment, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'." ::= { cufwPolicyAppConnSummaryEntry 11 } -- Application Inspection Group cufwAIAuditTrailEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value identifies if audit trail in application inspection has been globally enabled or disabled." ::= { cuFwApplInspectionGrp 1 } cufwAIAlertEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value identifies if application inspection alerts have been globally enabled or disabled." ::= { cuFwApplInspectionGrp 2 } -- Application Inspection configuration table cufwInspectionTable OBJECT-TYPE SYNTAX SEQUENCE OF CufwInspectionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table identifies if an application protocol has been configured for inspection and if so, the name of the firewall policy or the inspection configuration that configures the specified protocol for inspection. The table also identifies if the specified protocol is actively being inspected. This table may be used by an administrator to quickly identify if a protocol is being subjected to application inspection by the managed firewall." ::= { cuFwApplInspectionGrp 3 } cufwInspectionEntry OBJECT-TYPE SYNTAX CufwInspectionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the configuration of a specific application inspection element." INDEX { cufwInspectionPolicyName, cufwInspectionProtocol } ::= { cufwInspectionTable 1 } CufwInspectionEntry ::= SEQUENCE { cufwInspectionPolicyName CFWPolicy, cufwInspectionProtocol CFWApplicationProtocol, cufwInspectionStatus TruthValue } cufwInspectionPolicyName OBJECT-TYPE SYNTAX CFWPolicy (SIZE (0..128)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The name of the policy that configures the device inspect the protocol specified by 'cufwInspectionProtocol'." ::= { cufwInspectionEntry 1 } cufwInspectionProtocol OBJECT-TYPE SYNTAX CFWApplicationProtocol MAX-ACCESS not-accessible STATUS current DESCRIPTION "The application protocol that is configured for inspection." ::= { cufwInspectionEntry 2 } cufwInspectionStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This MIB object identifies if the directive to inspect the protocol specified by 'cufwInspectionProtocol' by the policy corresponding to this conceptual row is enabled or disabled." ::= { cufwInspectionEntry 3 } -- URL Filter group cufwUrlFilterGlobals OBJECT IDENTIFIER ::= { cuFwUrlFilterGrp 1 } cufwUrlFilterResourceUsage OBJECT IDENTIFIER ::= { cuFwUrlFilterGrp 2 } cufwUrlFilterServers OBJECT IDENTIFIER ::= { cuFwUrlFilterGrp 3 } -- URL Filter global group cufwUrlfFunctionEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "URL Filtering Operation _________ 2.2 Request | | |---------->| Server | | | | _________ __|_ |_________| | |<--(5. Response )---| | 3. Response | | | | |<-------------| | Client |---(1. Request )--->|FW | |_________| |____|<--------------| | 4. URLF Resp ____|______ | | | |------------>|URLF Server| 2.1 URLF Req |___________| 1) Client sends a Request containing a URL to the Server 2.1) FW extracts the URL from the Request and sends it to URL Filtering Server (or Verifies the URL locally) 2.2) FW also forwards the original Request from the Client to the Server 3) Any Responses from the Server received before receiving a response from URLF Server are cached by the FW 4) URLF Response indicates whether the URL access should be allowed or denied 5) If the URLF Response allows the URL, FW forwards the URL Access responses from the Server to the Client 6) If the URLF Response indicates that the URL access should be denied, FW drops all the cached URL responses and forces the connection between the Client and the Server to be terminated Specifically, the object cufwUrlfFunctionEnabled indicates if the URL filtering function is enabled. When this MIB object contains the value 'false', the firewall device will not perform URL filtering function, even if it contains configuration pertaining to other aspects of URL filtering." ::= { cufwUrlFilterGlobals 1 } cufwUrlfRequestsNumProcessed OBJECT-TYPE SYNTAX Counter64 UNITS "Requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of URL access requests processed by this firewall. This value is accumulated from the last reboot of the firewall." ::= { cufwUrlFilterGlobals 2 } cufwUrlfRequestsProcRate1 OBJECT-TYPE SYNTAX Gauge32 UNITS "Requests per second" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of URL access requests processed per seconds by this firewall averaged over the last 60 seconds." ::= { cufwUrlFilterGlobals 3 } cufwUrlfRequestsProcRate5 OBJECT-TYPE SYNTAX Gauge32 UNITS "Requests per second" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of URL access requests processed per second by this firewall averaged over the last 300 seconds." ::= { cufwUrlFilterGlobals 4 } cufwUrlfRequestsNumAllowed OBJECT-TYPE SYNTAX Counter64 UNITS "Requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of URL access requests allowed by this firewall, due to a directive from a URL filtering server or a static policy configured on the firewall. This value is accumulated from the last reboot of the firewall." ::= { cufwUrlFilterGlobals 5 } cufwUrlfRequestsNumDenied OBJECT-TYPE SYNTAX Counter64 UNITS "Requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of URL access requests declined by this firewall, due to a directive from a URL filtering server, a static policy configured on the firewall, due to resource constraints or any other reason. This value is accumulated from the last reboot of the firewall." ::= { cufwUrlFilterGlobals 6 } cufwUrlfRequestsDeniedRate1 OBJECT-TYPE SYNTAX Gauge32 UNITS "Requests per second" MAX-ACCESS read-only STATUS current DESCRIPTION "The rate at which URL access requests were denied by this firewall, due to a directive from a URL filtering server, a static policy configured on the firewall, due to resource constraints or any other reason, averaged over the last 60 seconds." ::= { cufwUrlFilterGlobals 7 } cufwUrlfRequestsDeniedRate5 OBJECT-TYPE SYNTAX Gauge32 UNITS "Requests Per Second" MAX-ACCESS read-only STATUS current DESCRIPTION "The rate at which URL access requests were denied by this firewall, due to a directive from a URL filtering server, a static policy configured on the firewall, due to resource constraints or any other reason, averaged over the last 300 seconds." ::= { cufwUrlFilterGlobals 8 } cufwUrlfRequestsNumCacheAllowed OBJECT-TYPE SYNTAX Counter64 UNITS "Requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of URL access requests allowed by the firewall because of a cached entry holding the result from a previous URL access request that was handled either by a URLF Server or exclusive domain configuration. This value is accumulated from the last reboot of the firewall." ::= { cufwUrlFilterGlobals 9 } cufwUrlfRequestsNumCacheDenied OBJECT-TYPE SYNTAX Counter64 UNITS "Requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of URL access requests denied by the firewall because of a cached entry holding the result from a previous URL access request that was handled either by a URLF Server or exclusive domain configuration. This value is accumulated from the last reboot of the firewall." ::= { cufwUrlFilterGlobals 10 } cufwUrlfAllowModeReqNumAllowed OBJECT-TYPE SYNTAX Counter64 UNITS "Requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of URL access requests that were allowed by the firewall when the URL filtering server was not available. This value is accumulated from the last reboot of the firewall." ::= { cufwUrlFilterGlobals 11 } cufwUrlfAllowModeReqNumDenied OBJECT-TYPE SYNTAX Counter64 UNITS "Requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of URL access requests that were declined by the firewall when the URL filtering server was not available. This value is accumulated from the last reboot of the firewall." ::= { cufwUrlFilterGlobals 12 } cufwUrlfRequestsNumResDropped OBJECT-TYPE SYNTAX Counter64 UNITS "Requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of incoming URL access requests that were dropped by the firewall because of resource constraints. This value is accumulated from the last reboot of the firewall." ::= { cufwUrlFilterGlobals 13 } cufwUrlfRequestsResDropRate1 OBJECT-TYPE SYNTAX Gauge32 UNITS "Requests Per Second" MAX-ACCESS read-only STATUS current DESCRIPTION "The rate at which incoming URL access requests were dropped by the firewall because of resource constraints, averaged over the last 60 seconds." ::= { cufwUrlFilterGlobals 14 } cufwUrlfRequestsResDropRate5 OBJECT-TYPE SYNTAX Gauge32 UNITS "Requests Per Second" MAX-ACCESS read-only STATUS current DESCRIPTION "The rate at which incoming URL access requests were dropped by the firewall because of resource constraints, averaged over the last 300 seconds." ::= { cufwUrlFilterGlobals 15 } cufwUrlfNumServerTimeouts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the firewall failed to receive a response from the configured URL filtering servers for a request to authorize a URL access request. This is equal to the number of times a firewall removed a URL access request from the queue of pending requests because no response was received from the URL filtering server(s). This value is accumulated from the last reboot of the firewall." ::= { cufwUrlFilterGlobals 16 } cufwUrlfNumServerRetries OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of URL access authorization requests re-sent by the firewall to the URL Filtering Servers because a response was not received within the configured time interval. This value is accumulated from the last reboot of the firewall." ::= { cufwUrlFilterGlobals 17 } cufwUrlfResponsesNumLate OBJECT-TYPE SYNTAX Counter64 UNITS "Responses" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of responses from URL filtering servers which were received after the original URL access request was removed from the queue of pending requests. This value is accumulated from the last reboot of the firewall." ::= { cufwUrlFilterGlobals 18 } cufwUrlfUrlAccRespsNumResDropped OBJECT-TYPE SYNTAX Counter64 UNITS "Responses" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of transport packets constituting responses to URL access requests that were dropped by the firewall due to resource constraints waiting for a response from the filtering server. This value is accumulated from the last reboot of the firewall." ::= { cufwUrlFilterGlobals 19 } -- Resource consumption by URL filtering activity cufwUrlfResTotalRequestCacheSize OBJECT-TYPE SYNTAX Gauge32 UNITS "KBytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of memory occupied by all the caches used in the firewall to cache pending URL access requests." ::= { cufwUrlFilterResourceUsage 1 } cufwUrlfResTotalRespCacheSize OBJECT-TYPE SYNTAX Gauge32 UNITS "KBytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of memory occupied by all the caches used in the firewall to cache responses for URL requests received from servers while awaiting a response from URL filter server." ::= { cufwUrlFilterResourceUsage 2 } -- URL Filter server table cufwUrlfServerTable OBJECT-TYPE SYNTAX SEQUENCE OF CufwUrlfServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists the URL filtering servers configured on the managed device and their performance statistics. This table is not meant as a device to configure URL filtering servers." ::= { cufwUrlFilterServers 1 } cufwUrlfServerEntry OBJECT-TYPE SYNTAX CufwUrlfServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the configuration of a specific URL filtering server." INDEX { cufwUrlfServerAddrType, cufwUrlfServerAddress, cufwUrlfServerPort } ::= { cufwUrlfServerTable 1 } CufwUrlfServerEntry ::= SEQUENCE { cufwUrlfServerAddrType InetAddressType, cufwUrlfServerAddress InetAddress, cufwUrlfServerPort InetPortNumber, cufwUrlfServerVendor CFWUrlfVendorId, cufwUrlfServerStatus CFWUrlServerStatus, cufwUrlfServerReqsNumProcessed Counter64, cufwUrlfServerReqsNumAllowed Counter64, cufwUrlfServerReqsNumDenied Counter64, cufwUrlfServerNumTimeouts Counter64, cufwUrlfServerNumRetries Counter64, cufwUrlfServerRespsNumReceived Counter64, cufwUrlfServerRespsNumLate Counter64, cufwUrlfServerAvgRespTime1 Gauge32, cufwUrlfServerAvgRespTime5 Gauge32 } cufwUrlfServerAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of the IP address of the URL filtering server." ::= { cufwUrlfServerEntry 1 } cufwUrlfServerAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the IP address of the URL filtering server." ::= { cufwUrlfServerEntry 2 } cufwUrlfServerPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the port at which the URL filtering server listens for incoming requests." ::= { cufwUrlfServerEntry 3 } cufwUrlfServerVendor OBJECT-TYPE SYNTAX CFWUrlfVendorId MAX-ACCESS read-only STATUS current DESCRIPTION "The vendor type of the URL filtering server." ::= { cufwUrlfServerEntry 4 } cufwUrlfServerStatus OBJECT-TYPE SYNTAX CFWUrlServerStatus MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the URL filtering server corresponding to this conceptual row." ::= { cufwUrlfServerEntry 5 } cufwUrlfServerReqsNumProcessed OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of URL access requests forwarded by the managed firewall device to the URL filtering server corresponding to this conceptual row. This value is counted from the last reboot of the managed device." ::= { cufwUrlfServerEntry 6 } cufwUrlfServerReqsNumAllowed OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of URL access requests allowed by the URL filtering server corresponding to this conceptual row. This counter does not include late responses. This value is counted from the last reboot of the managed device." ::= { cufwUrlfServerEntry 7 } cufwUrlfServerReqsNumDenied OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of URL access requests denied by the URL filtering server corresponding to this conceptual row. This counter does not include late responses. This value is counted from the last reboot of the managed device." ::= { cufwUrlfServerEntry 8 } cufwUrlfServerNumTimeouts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the firewall failed to receive a response from the URL filtering server corresponding to this conceptual row, for a request to authorize a URL access request. This is equal to the number of times a firewall removed a URL access request from the queue of pending requests because no response was received from the URL filtering server. This value is accumulated from the last reboot of the firewall." ::= { cufwUrlfServerEntry 9 } cufwUrlfServerNumRetries OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of URL access authorization requests re-sent by the firewall to the URL Filtering Server corresponding to this conceptual row, because a response was not received within the configured time interval from the server. This value is counted from the last reboot of the managed device." ::= { cufwUrlfServerEntry 10 } cufwUrlfServerRespsNumReceived OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of URL access responses received by the firewall from the URL filtering server corresponding to this conceptual row. This counter does not include late responses. This value is counted from the last reboot of the managed device." ::= { cufwUrlfServerEntry 11 } cufwUrlfServerRespsNumLate OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of URL access responses received by the managed firewall from the URL filtering server corresponding to this conceptual row after the original URL access request was removed from the queue of pending requests. This value is counted from the last reboot of the managed device." ::= { cufwUrlfServerEntry 12 } cufwUrlfServerAvgRespTime1 OBJECT-TYPE SYNTAX Gauge32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The average round-trip response time of the URL filtering server computed over the last 60 seconds. A value of zero indicates that there was insufficient data to compute this value over the last time interval." ::= { cufwUrlfServerEntry 13 } cufwUrlfServerAvgRespTime5 OBJECT-TYPE SYNTAX Gauge32 UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The average round-trip response time of the URL filtering server computed over the last 300 seconds. A value of zero indicates that there was insufficient data to compute this value over the last time interval." ::= { cufwUrlfServerEntry 14 } -- Failover group cuFwFailoverGlobals OBJECT IDENTIFIER ::= { cuFwFailoverGrp 1 } cuFwFailoverStatus OBJECT IDENTIFIER ::= { cuFwFailoverGrp 2 } cuFwFailoverStatistics OBJECT IDENTIFIER ::= { cuFwFailoverGrp 3 } cuFwFailoverHistory OBJECT IDENTIFIER ::= { cuFwFailoverGrp 4 } -- Textual Conventions CUfwFOState ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This type denotes possible HA states. init : Establishing any platform dependant capabilities required for redundancy disabled : Failover is disabled failed : Unit is disabled for some reason negotiation : Negotiating to identify the peer standbyCold : Verifing compatibility with the peer device standbyConfig : Config sync with Active standbyFilesys: Syncing its file system with Active standbyBulk : Executing a bulk sync for some HA clients standby : Unit progression to standby complete activeFast : HA clients are completing time critical platform dependent processing activeDrain : HA clients are notified to drain already queued messages activePreConf : HA clients are preparing for system configuration active : Unit is Active" SYNTAX INTEGER { init(0), disabled(1), failed(2), negotiation(3), standbyCold(4), standbyConfig(5), standbyFilesys(6), standbyBulk(7), standby(8), activeFast(9), activeDrain(10), activePreConf(11), activePostConf(12), active(13), invalid(14) } CUfwInterfaceMonitor ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This type denotes possible interface monitor states. monitored : interface monitoring is enabled. notMonitored : interface monitoring is not enabled. waiting : interface tests are going on and awaiting results. autostateDown: Applies only to ASASM interfaces. Supervisor informs when last physical interface of that vlan goes down. shutdown : interface is administratively down" SYNTAX INTEGER { unknown(0), monitored(1), notMonitored(2), waiting(3), autostateDown(4), shutdown(5) } CUfwInterfaceHealth ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This type denotes possible Interface health-check outcomes. normal : interface is monitored and in healthy state. testing : Ongoing testing. linkDown : interface link is administratively down. failed : interface link is physically up, but not able to pass the tests. Declared as failed. noLink : interface link is down." SYNTAX INTEGER { unknown(0), normal(1), testing(2), linkDown(3), failed(4), noLink(5) } CUfwFOGroupId ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This type denotes possible HA group identifiers. A failover group is simply a logical group of one or more security contexts. One group is assigned to be active on the primary ASA, and the other group is assigned to be active on the secondary ASA. When a failover occurs, it occurs at the failover group level. Use value 0, if not applicable." SYNTAX INTEGER { default(0), group1(1), group2(2) } cuFwFOMaxStateEvents OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The max count of history logs for FO state transitions that can be saved on the device." ::= { cuFwFailoverHistory 1 } cufwFOHistoryEvTable OBJECT-TYPE SYNTAX SEQUENCE OF CUfwFOHistoryEvEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table summarizes the failover state of a logical group of ASA contexts." ::= { cuFwFailoverHistory 3 } cufwFOHistoryEvEntry OBJECT-TYPE SYNTAX CUfwFOHistoryEvEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the table." INDEX { cufwFOGrpIndex, cufwFOHistoryIndex } ::= { cufwFOHistoryEvTable 1 } CUfwFOHistoryEvEntry ::= SEQUENCE { cufwFOGrpIndex CUfwFOGroupId, cufwFOHistoryIndex Integer32, cufwFOGrpHAFromState CUfwFOState, cufwFOGrpHAToState CUfwFOState, cufwFOGrpTransitionAt DisplayString, cufwFOGrpTransitionReason DisplayString } cufwFOGrpIndex OBJECT-TYPE SYNTAX CUfwFOGroupId MAX-ACCESS read-only STATUS current DESCRIPTION "A distinct HA group identifier for which this conceptual row summarizes time-tale history of failover events." ::= { cufwFOHistoryEvEntry 1 } cufwFOHistoryIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "A distinct index that points to an entry in the table for an HA group." ::= { cufwFOHistoryEvEntry 2 } cufwFOGrpHAFromState OBJECT-TYPE SYNTAX CUfwFOState MAX-ACCESS read-only STATUS current DESCRIPTION "The log entry points to the HA state that this event transitioned from." ::= { cufwFOHistoryEvEntry 3 } cufwFOGrpHAToState OBJECT-TYPE SYNTAX CUfwFOState MAX-ACCESS read-only STATUS current DESCRIPTION "The log entry points to the HA state that this event transitioned to." ::= { cufwFOHistoryEvEntry 4 } cufwFOGrpTransitionAt OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The date&time at which this transition happened for an HA group." ::= { cufwFOHistoryEvEntry 5 } cufwFOGrpTransitionReason OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The reason for this transition event for an HA group." ::= { cufwFOHistoryEvEntry 6 } -- Failover Status cufwFOGrpStatusTable OBJECT-TYPE SYNTAX SEQUENCE OF CUfwFOGrpStatusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table summarizes the failover state of a logical group of ASA contexts. The HA switchover happens at the group level." ::= { cuFwFailoverStatus 1 } cufwFOGrpStatusEntry OBJECT-TYPE SYNTAX CUfwFOGrpStatusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the table lists necessary HA status of a group." INDEX { cufwFOGroupIndex } ::= { cufwFOGrpStatusTable 1 } CUfwFOGrpStatusEntry ::= SEQUENCE { cufwFOGroupIndex CUfwFOGroupId, cufwFOGrpLastFailoverAt DisplayString, cufwFOGrpHAstate HardwareStatus, cufwFOGrpUpTime Gauge32, cufwFOGrpContextCount Gauge32 } cufwFOGroupIndex OBJECT-TYPE SYNTAX CUfwFOGroupId MAX-ACCESS read-only STATUS current DESCRIPTION "A distinct HA group identifier for which this conceptual row summarizes critical failover data." ::= { cufwFOGrpStatusEntry 1 } cufwFOGrpLastFailoverAt OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The date&time at which the last switchover was triggered for an HA group." ::= { cufwFOGrpStatusEntry 2 } cufwFOGrpHAstate OBJECT-TYPE SYNTAX HardwareStatus MAX-ACCESS read-only STATUS current DESCRIPTION "The current HA role of a group on the unit being polled. Allowed values are active or standby or unknown." ::= { cufwFOGrpStatusEntry 3 } cufwFOGrpUpTime OBJECT-TYPE SYNTAX Gauge32 UNITS "Seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The Uptime of a group in the current HA role on the unit being polled." ::= { cufwFOGrpStatusEntry 4 } cufwFOGrpContextCount OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of virtual contexts part of the group on the unit being polled." ::= { cufwFOGrpStatusEntry 5 } cufwFOInterfaceTable OBJECT-TYPE SYNTAX SEQUENCE OF CUfwFOInterfaceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table summarizes the interface health check status of each interface in a group per context." ::= { cuFwFailoverStatus 2 } cufwFOInterfaceEntry OBJECT-TYPE SYNTAX CUfwFOInterfaceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the table pertains to an interface in a context." INDEX { cufwFOGroupIndex, cufwContextId, cufwContextifIndex } ::= { cufwFOInterfaceTable 1 } CUfwFOInterfaceEntry ::= SEQUENCE { cufwFOGrpId CUfwFOGroupId, cufwContextId Integer32, cufwContextifIndex InterfaceIndex, cufwFOInterfaceMonitoring CUfwInterfaceMonitor, cufwFOInterfaceStatus CUfwInterfaceHealth } cufwFOGrpId OBJECT-TYPE SYNTAX CUfwFOGroupId MAX-ACCESS read-only STATUS current DESCRIPTION "A distinct HA group identifier for which this conceptual row summarizes the interface health." ::= { cufwFOInterfaceEntry 1 } cufwContextId OBJECT-TYPE SYNTAX Integer32 (1..250) MAX-ACCESS read-only STATUS current DESCRIPTION "The virtual context-id of the ASA context for which this conceptual row summarizes an interface's health within a logical HA group." ::= { cufwFOInterfaceEntry 2 } cufwContextifIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The ifIndex from the IF-MIB for an interface in a context." ::= { cufwFOInterfaceEntry 3 } cufwFOInterfaceMonitoring OBJECT-TYPE SYNTAX CUfwInterfaceMonitor MAX-ACCESS read-only STATUS current DESCRIPTION "The monitoring state of the interface being addressed in a context." ::= { cufwFOInterfaceEntry 4 } cufwFOInterfaceStatus OBJECT-TYPE SYNTAX CUfwInterfaceHealth MAX-ACCESS read-only STATUS current DESCRIPTION "The health-check outcome of the interface being addressed in a context." ::= { cufwFOInterfaceEntry 5 } -- Failover Statistics Info cufwFOStatefulUpdateEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This value depicts if failover has enabled stateful updates for all HA clients on the device." ::= { cuFwFailoverStatistics 1 } cufwFOLogicalUpdatesTable OBJECT-TYPE SYNTAX SEQUENCE OF CUfwFOLogicalUpdateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table summarizes the statistics of every HA client's logical updates to and from its peer." ::= { cuFwFailoverStatistics 2 } cufwFOLogicalUpdateEntry OBJECT-TYPE SYNTAX CUfwFOLogicalUpdateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the table lists the transmit and receive stats summary of a distinct HA client in the system." INDEX { cufwFOGroupIdx, cufwFOCLientId } ::= { cufwFOLogicalUpdatesTable 1 } CUfwFOLogicalUpdateEntry ::= SEQUENCE { cufwFOGroupIdx CUfwFOGroupId, cufwFOCLientId Integer32, cufwFOCLientName DisplayString, cufwFOLUTransmitCount Counter32, cufwFOLUTransmitErrors Counter32, cufwFOLUReceiveCount Counter32, cufwFOLUReceiveErrors Counter32 } cufwFOGroupIdx OBJECT-TYPE SYNTAX CUfwFOGroupId MAX-ACCESS read-only STATUS current DESCRIPTION "A distinct HA group identifier for which this conceptual row summarizes the sync statistics." ::= { cufwFOLogicalUpdateEntry 1 } cufwFOCLientId OBJECT-TYPE SYNTAX Integer32 (1..64) MAX-ACCESS read-only STATUS current DESCRIPTION "A distinct HA client identifier for which this conceptual row summarizes the sync statistics." ::= { cufwFOLogicalUpdateEntry 2 } cufwFOCLientName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The HA client's name for which this conceptual row summarizes the sync statistics." ::= { cufwFOLogicalUpdateEntry 3 } cufwFOLUTransmitCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of transmitted updates sent to peer for the HA client." ::= { cufwFOLogicalUpdateEntry 4 } cufwFOLUTransmitErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of transmit errors for updates sent to peer for the HA client." ::= { cufwFOLogicalUpdateEntry 5 } cufwFOLUReceiveCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of received updates from peer for the HA client." ::= { cufwFOLogicalUpdateEntry 6 } cufwFOLUReceiveErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of receive errors for updates from peer for the HA client." ::= { cufwFOLogicalUpdateEntry 7 } -- Failover Globals cufwFOEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This value depicts if failover is enabled or not on the device." ::= { cuFwFailoverGlobals 1 } cufwFOUnitDesignation OBJECT-TYPE SYNTAX Hardware MAX-ACCESS read-only STATUS current DESCRIPTION "The hardware type that points to designation as primary or secondary unit." ::= { cuFwFailoverGlobals 2 } cufwFOLink OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The ifIndex of the interface used for failover communication between the two units." ::= { cuFwFailoverGlobals 3 } cufwFOStateLink OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The ifIndex of the interface used for failover communication to pass connection state information." ::= { cuFwFailoverGlobals 4 } cufwFOStdbyConfigLocked OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object depicts if the the ability to make any configuration changes directly on the standby unit or context is enabled." ::= { cuFwFailoverGlobals 5 } cufwFOEncryption OBJECT-TYPE SYNTAX Integer32 (0..2) MAX-ACCESS read-only STATUS current DESCRIPTION "The type of encryption enabled on the failover links between the units to encrypt all failover communications. Value Type 0 none 1 IPSec LAN-to-LAN tunnels 2 Key Passphrase" ::= { cuFwFailoverGlobals 6 } cufwFOSerialNumOurs OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The vendor-specific serial number string for the current unit in pair." ::= { cuFwFailoverGlobals 7 } cufwFOSerialNumMate OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The vendor-specific serial number string for the peer unit in pair." ::= { cuFwFailoverGlobals 8 } cufwFOSwVersionOurs OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The vendor-specific software revision string for the current unit in pair." ::= { cuFwFailoverGlobals 9 } cufwFOSwVersionMate OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The vendor-specific software revision string for the peer unit in pair." ::= { cuFwFailoverGlobals 10 } cufwFOUnitPolltime OBJECT-TYPE SYNTAX Integer32 (200..15000) UNITS "millisec" MAX-ACCESS read-only STATUS current DESCRIPTION "The polling frequency of the Hello packets between the units in HA pair." ::= { cuFwFailoverGlobals 11 } cufwFOUnitHoldtime OBJECT-TYPE SYNTAX Integer32 (800..45000) UNITS "millisec" MAX-ACCESS read-only STATUS current DESCRIPTION "The hold time that each unit will wait before declaring the peer unit as dead. If the failed unit is the active unit, the standby unit takes over as the active unit." ::= { cuFwFailoverGlobals 12 } cufwFOUnitBfdEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object depicts if BFD protocol is enabled between the units for health monitoring." ::= { cuFwFailoverGlobals 13 } cufwFOLinkStatePolltime OBJECT-TYPE SYNTAX Integer32 (300..799) UNITS "millisec" MAX-ACCESS read-only STATUS current DESCRIPTION "The frequency at which the link-state of a unit's interfaces are polled to detect link failures." ::= { cuFwFailoverGlobals 14 } cufwFOInterfacePolicy OBJECT-TYPE SYNTAX Integer32 (1..1025) MAX-ACCESS read-only STATUS current DESCRIPTION "The count of interface failures set as threshold to trigger switchover when interfaces are declared as health-check failed." ::= { cuFwFailoverGlobals 15 } cufwFOMonitoredInterfaces OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of interfaces monitored on the HA units for interface health." ::= { cuFwFailoverGlobals 16 } cufwFOInterfacePolltime OBJECT-TYPE SYNTAX Integer32 (500..15000) UNITS "millisec" MAX-ACCESS read-only STATUS current DESCRIPTION "The polling frequency of the Hello packets on each interface between the units in HA pair." ::= { cuFwFailoverGlobals 17 } cufwFOInterfaceHoldtime OBJECT-TYPE SYNTAX Integer32 (5000..75000) UNITS "millisec" MAX-ACCESS read-only STATUS current DESCRIPTION "The hold time that each unit will wait before declaring the peer unit as dead due to interface check failure." ::= { cuFwFailoverGlobals 18 } cufwFOReplicationHttp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object depicts if the stateful replication of HTTP sessions is enabled in a Stateful Failover environment." ::= { cuFwFailoverGlobals 19 } cufwFOReplicationRate OBJECT-TYPE SYNTAX Gauge32 UNITS "Connections Per Second" MAX-ACCESS read-only STATUS current DESCRIPTION "The bulk-sync connection replication rate between the HA units." ::= { cuFwFailoverGlobals 20 } -- Application Firewall or Deep Packet Inspection Group cufwAaicGlobals OBJECT IDENTIFIER ::= { cuFwAaicGrp 1 } cufwAaicGlobalNumBadProtocolOps OBJECT-TYPE SYNTAX Counter64 UNITS "Protocol Data Units" MAX-ACCESS read-only STATUS current DESCRIPTION "'Protocol Operation' is the application protocol specific operation that the PDU is intended to perform. An example of 'protocol operation' is the HELO command of SMTP protocol. This MIB object records the number of application protocol data units that contained a protocol operation which was disallowed by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of application traffic payloads. This value is accumulated from the last reboot of the firewall." ::= { cufwAaicGlobals 1 } cufwAaicGlobalNumBadPDUSize OBJECT-TYPE SYNTAX Counter64 UNITS "Protocol Data Units" MAX-ACCESS read-only STATUS current DESCRIPTION "This MIB object records the number of application protocol data units (PDU) that had either an invalid header size or an invalid payload size, as determined by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of application traffic payloads. This value is accumulated from the last reboot of the firewall." ::= { cufwAaicGlobals 2 } cufwAaicGlobalNumBadPortRange OBJECT-TYPE SYNTAX Counter64 UNITS "Protocol Data Units" MAX-ACCESS read-only STATUS current DESCRIPTION "Number of application protocol units that attempted to advertise illegal port ranges for secondary connections. An example of such an occurrence would be a passive FTP connection, where the server advertises a disallowed port range for data connection. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of application traffic payloads. This value is accumulated from the last reboot of the firewall." ::= { cufwAaicGlobals 3 } -- Deep packet inspection: Protocol-specific statistics cufwAaicProtocolStats OBJECT IDENTIFIER ::= { cuFwAaicGrp 2 } cufwAaicHttpProtocolStats OBJECT IDENTIFIER ::= { cufwAaicProtocolStats 1 } cufwAaicHttpNumBadProtocolOps OBJECT-TYPE SYNTAX Counter64 UNITS "HTTP Protocol Data Units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of PDUs corresponding to HTTP protocol which were detected to be containing HTTP protocol methods which are disallowed by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall." ::= { cufwAaicHttpProtocolStats 1 } cufwAaicHttpNumBadPDUSize OBJECT-TYPE SYNTAX Counter64 UNITS "HTTP Protocol Data Units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of PDUs corresponding to HTTP protocol that had either an invalid header size or an invalid payload size, as determined by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall." ::= { cufwAaicHttpProtocolStats 2 } cufwAaicHttpNumTunneledConns OBJECT-TYPE SYNTAX Counter64 UNITS "Connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections corresponding to HTTP protocol which were detected to be tunneling other application traffic streams. An instance of this would be InstantMessenger traffic running on HTTP. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall." ::= { cufwAaicHttpProtocolStats 3 } cufwAaicHttpNumLargeURIs OBJECT-TYPE SYNTAX Counter64 UNITS "HTTP Protocol Data Units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of PDUs corresponding to HTTP protocol which were detected to be containing a URI of size not permitted by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall." ::= { cufwAaicHttpProtocolStats 4 } cufwAaicHttpNumBadContent OBJECT-TYPE SYNTAX Counter64 UNITS "HTTP Protocol Data Units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of PDUs corresponding to HTTP protocol which were detected to be containing content whose type disallowed by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall." ::= { cufwAaicHttpProtocolStats 5 } cufwAaicHttpNumMismatchContent OBJECT-TYPE SYNTAX Counter64 UNITS "HTTP Protocol Data Units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of PDUs corresponding to HTTP protocol which were detected to be containing content whose type was different from the content type specified in the header of the PDU. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall." ::= { cufwAaicHttpProtocolStats 6 } cufwAaicHttpNumDoubleEncodedPkts OBJECT-TYPE SYNTAX Counter64 UNITS "HTTP Protocol Data Units" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of PDUs corresponding to HTTP protocol which were detected to be containing double encoding. Double encoding is a mechanism to obfuscate content in which a encoded data is re-encoded so as to evade deep packet inspections. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall." ::= { cufwAaicHttpProtocolStats 7 } -- Deep packet inspection: Engine statistics cufwAaicEngineStats OBJECT IDENTIFIER ::= { cuFwAaicGrp 3 } cufwAaicLinaSnortStats OBJECT IDENTIFIER ::= { cufwAaicEngineStats 1 } cufwAaicPassedSnortCount OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets sent to Snort from Lina. These are packets with pass verdict." ::= { cufwAaicLinaSnortStats 1 } cufwAaicBlockedSnortCount OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets blocked in Snort." ::= { cufwAaicLinaSnortStats 2 } cufwAaicInjbySnortCount OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets Snort created and added to the traffic stream." ::= { cufwAaicLinaSnortStats 3 } cufwAaicBypassSnortDownCount OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets that bypassed inspection when Snort was Down." ::= { cufwAaicLinaSnortStats 4 } cufwAaicBypassSnortBusyCount OBJECT-TYPE SYNTAX Counter64 UNITS "Packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets that bypassed inspection when Snort was too busy to handle the packets." ::= { cufwAaicLinaSnortStats 5 } cufwAaicFastfwdFlowsCount OBJECT-TYPE SYNTAX Counter64 UNITS "Flow" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of flows that were fast forwarded both by policy, and as result of initial inspection due to say Whitelisting." ::= { cufwAaicLinaSnortStats 6 } cufwAaicBlacklistedFlowsCount OBJECT-TYPE SYNTAX Counter64 UNITS "Flow" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of flows from policy configuration that were black-listed by Snort after inspection." ::= { cufwAaicLinaSnortStats 7 } cufwAaicStartofFlowEvCount OBJECT-TYPE SYNTAX Counter64 UNITS "Event" MAX-ACCESS read-only STATUS current DESCRIPTION "The Lina process sends start-of-flow events to Snort when it fast paths a flow without sending it to Snort. These events help Snort keep track of the connections and report the connection events." ::= { cufwAaicLinaSnortStats 8 } cufwAaicEndofFlowEvCount OBJECT-TYPE SYNTAX Counter64 UNITS "Event" MAX-ACCESS read-only STATUS current DESCRIPTION "The Lina process sends end-of-flow events to Snort when a fast path flow ends." ::= { cufwAaicLinaSnortStats 9 } cufwAaicDeniedFlowEvCount OBJECT-TYPE SYNTAX Counter64 UNITS "Event" MAX-ACCESS read-only STATUS current DESCRIPTION "The Lina process sends denied flow events to Snort when it decides to drop a flow before sending it to Snort." ::= { cufwAaicLinaSnortStats 10 } cufwAaicFwdbeforeDropCount OBJECT-TYPE SYNTAX Counter64 UNITS "Packet" MAX-ACCESS read-only STATUS current DESCRIPTION "Valid for NGIPS interfaces only. This is the number of to-be-dropped packets forwarded to Snort. When the Lina process decides to drop the frame for some reason such as (Invalid TCP header length, Invalid UDP length or Invalid IP length), the frames are also sent to Snort for visibility." ::= { cufwAaicLinaSnortStats 11 } cufwAaicInjDropCount OBJECT-TYPE SYNTAX Counter64 UNITS "Packet" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets that Snort added to the traffic stream that were dropped." ::= { cufwAaicLinaSnortStats 12 } cufwAaicSnortEvRates OBJECT IDENTIFIER ::= { cufwAaicEngineStats 2 } cufwAaicIntrusionEvtRate OBJECT-TYPE SYNTAX Gauge32 UNITS "Events per second" MAX-ACCESS read-only STATUS current DESCRIPTION "The rate at which intrusion events were recorded by Snort on this firewall averaged over the last 300 seconds." ::= { cufwAaicSnortEvRates 1 } cufwAspFrameDropsTable OBJECT-TYPE SYNTAX SEQUENCE OF CUfwAspFrameDropsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists all the ASP frame drops on this firewall device." ::= { cufwAaicEngineStats 3 } cufwAspFrameDropsEntry OBJECT-TYPE SYNTAX CUfwAspFrameDropsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the table pertains to an ASP frame drop." INDEX { cufwAspFrameDropIndex } ::= { cufwAspFrameDropsTable 1 } CUfwAspFrameDropsEntry ::= SEQUENCE { cufwAspFrameDropIndex Integer32, cufwAspFrameDropName SnmpAdminString, cufwAspFrameDropDescription SnmpAdminString, cufwAspFrameDropValue Counter32 } cufwAspFrameDropIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index within the data-plane frame drop list of supported counters." ::= { cufwAspFrameDropsEntry 1 } cufwAspFrameDropName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "Name of the frame drop counter." ::= { cufwAspFrameDropsEntry 2 } cufwAspFrameDropDescription OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "Description of the frame drop counter." ::= { cufwAspFrameDropsEntry 3 } cufwAspFrameDropValue OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Frame drop counter value." ::= { cufwAspFrameDropsEntry 4 } cufwAspFlowDropsTable OBJECT-TYPE SYNTAX SEQUENCE OF CUfwAspFlowDropsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists all the ASP flow drops on this firewall device." ::= { cufwAaicEngineStats 4 } cufwAspFlowDropsEntry OBJECT-TYPE SYNTAX CUfwAspFlowDropsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the table pertains to an ASP flow drop." INDEX { cufwAspFlowDropIndex } ::= { cufwAspFlowDropsTable 1 } CUfwAspFlowDropsEntry ::= SEQUENCE { cufwAspFlowDropIndex Integer32, cufwAspFlowDropName SnmpAdminString, cufwAspFlowDropDescription SnmpAdminString, cufwAspFlowDropValue Counter32 } cufwAspFlowDropIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Index within the data-plane flow drop list of supported counters." ::= { cufwAspFlowDropsEntry 1 } cufwAspFlowDropName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "Name of the flow drop counter." ::= { cufwAspFlowDropsEntry 2 } cufwAspFlowDropDescription OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "Description of the flow drop counter." ::= { cufwAspFlowDropsEntry 3 } cufwAspFlowDropValue OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Flow drop counter value." ::= { cufwAspFlowDropsEntry 4 } -- Transparent or Layer 2 or Stealth Firewall group cufwL2FwGlobals OBJECT IDENTIFIER ::= { cuFwL2FwGrp 1 } cufwL2GlobalEnableStealthMode OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The value indicates if the firewall is operating in transparent (layer 2) mode or not. When operating in transparent mode, the firewall operates as a bridge while performing firewalling functions." ::= { cufwL2FwGlobals 1 } cufwL2GlobalArpCacheSize OBJECT-TYPE SYNTAX Integer32 (1..2147483647) UNITS "ARP entries" MAX-ACCESS read-only STATUS current DESCRIPTION "The value indicates the configured maximum size of the ARP cache used for management traffic." ::= { cufwL2FwGlobals 2 } cufwL2GlobalEnableArpInspection OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value indicates if ARP inspection, which is a security feature, is enabled globally on the managed firewall." ::= { cufwL2FwGlobals 3 } -- Transparent Firewall performance statistics cufwL2GlobalNumArpRequests OBJECT-TYPE SYNTAX Counter64 UNITS "ARP Requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of ARP requests issued by the transparent firewall to resolve a destination IP address. This counter is accumulated since the last reboot of the firewall." ::= { cufwL2FwGlobals 5 } cufwL2GlobalNumIcmpRequests OBJECT-TYPE SYNTAX Counter64 UNITS "ICMP Traceroute Requests" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of ICMP traceroute requests issued by the transparent firewall to resolve a destination IP address. This counter is accumulated since the last reboot of the firewall." ::= { cufwL2FwGlobals 6 } cufwL2GlobalNumFloods OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the firewall floods a frame to be forwarded to the egress interfaces because the destination MAC address is missing in the bridge table. This counter is accumulated since the last reboot of the firewall." ::= { cufwL2FwGlobals 7 } cufwL2GlobalNumDrops OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the firewall dropped an incoming frame because the destination MAC address is missing in the bridge table. This counter is accumulated since the last reboot of the firewall." ::= { cufwL2FwGlobals 8 } cufwL2GlobalArpOverflowRate5 OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times an existing entry from the ARP cache had to be ejected in order to insert a new entry in the last 300 seconds. This counter is accumulated since the last reboot of the firewall." ::= { cufwL2FwGlobals 9 } -- Transparent Firewall security incident statistics cufwL2GlobalNumBadArpResponses OBJECT-TYPE SYNTAX Counter64 UNITS "ARP Responses" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of malformed ARP responses received by the firewall in trying to resolve the MAC address of the destination IP address in an incoming frame. This counter is accumulated since the last reboot of the firewall." ::= { cufwL2FwGlobals 10 } cufwL2GlobalNumSpoofedArpResps OBJECT-TYPE SYNTAX Counter64 UNITS "ARP Responses" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of spoofed ARP responses received by the firewall. Such an event would occur when the firewall encounters an ARP response mapping an IP address to a different MAC Address from the one present in the local ARP cache. This counter is accumulated since the last reboot of the firewall." ::= { cufwL2FwGlobals 11 } -- Cluster group cuFwClusterGlobals OBJECT IDENTIFIER ::= { cuFwClusterGrp 1 } cuFwClusterStatus OBJECT IDENTIFIER ::= { cuFwClusterGrp 2 } cuFwClusterHistory OBJECT IDENTIFIER ::= { cuFwClusterGrp 3 } CUfwCluState ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This type denotes possible cluster unit states." SYNTAX INTEGER { disabled(0), election(1), onCall(2), slaveCold(3), slaveAppSync(4), slaveConfig(5), slaveFilesys(6), slaveBulkSync(7), slave(8), slavePending(9), deputyBulkSync(10), deputy(11), masterFast(12), masterDrain(13), masterConfig(14), masterPostConfig(15), master(16), masterDefer(17) } CUfwCluHealth ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This type denotes possible cluster interface/app health states." SYNTAX INTEGER { init(0), up(1), down(2), goingDown(3), goingUp(4), noLicense(5), none(6) } cuFwCluUnitHealth OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The string would show either healthy or un-healthy." ::= { cuFwClusterStatus 1 } cufwCluOverallHealth OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The string would show either healthy or un-healthy." ::= { cuFwClusterStatus 2 } cufwCluInterfaceTable OBJECT-TYPE SYNTAX SEQUENCE OF CufwCluInterfaceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table summarises the health of each interface in a cluster unit." ::= { cuFwClusterStatus 3 } cufwCluInterfaceEntry OBJECT-TYPE SYNTAX CufwCluInterfaceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the table depicts the health of a clustering interface." INDEX { cuCluIfcIndex } ::= { cufwCluInterfaceTable 1 } CufwCluInterfaceEntry ::= SEQUENCE { cuCluIfcIndex InterfaceIndex, cufwCluHealthCheck CUfwInterfaceMonitor, cufwCluHealthStatus CUfwCluHealth } cuCluIfcIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The ifIndex from the IF-MIB for an interface in a cluster unit." ::= { cufwCluInterfaceEntry 1 } cufwCluHealthCheck OBJECT-TYPE SYNTAX CUfwInterfaceMonitor MAX-ACCESS read-only STATUS current DESCRIPTION "The monitoring state of the interface being addressed in a cluster unit." ::= { cufwCluInterfaceEntry 3 } cufwCluHealthStatus OBJECT-TYPE SYNTAX CUfwCluHealth MAX-ACCESS read-only STATUS current DESCRIPTION "The health-check outcome of the interface being addressed in a cluster unit." ::= { cufwCluInterfaceEntry 2 } cuFwCluMaxStateEvents OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The max count of history logs for cluster state transitions that can be saved on the device." ::= { cuFwClusterHistory 1 } cufwCluHistEvTable OBJECT-TYPE SYNTAX SEQUENCE OF CufwCluHistEvEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table summarises the cluster state transitions' history in a unit." ::= { cuFwClusterHistory 2 } cufwCluHistEvEntry OBJECT-TYPE SYNTAX CufwCluHistEvEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the table lists details of a cluster state transition." INDEX { cufwCluHistIndex } ::= { cufwCluHistEvTable 1 } CufwCluHistEvEntry ::= SEQUENCE { cufwCluHistIndex INTEGER, cufwCluFromState CUfwCluState, cufwCluToState CUfwCluState, cufwCluTransitionAt DateAndTime, cufwCluTransitionReason DisplayString } cufwCluHistIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "A distinct index that points to an entry in the cluster history table for this unit." ::= { cufwCluHistEvEntry 1 } cufwCluFromState OBJECT-TYPE SYNTAX CUfwCluState MAX-ACCESS read-only STATUS current DESCRIPTION "The log entry points to the cluster state that this event transitioned from." ::= { cufwCluHistEvEntry 2 } cufwCluToState OBJECT-TYPE SYNTAX CUfwCluState MAX-ACCESS read-only STATUS current DESCRIPTION "The log entry points to the cluster state that this event transitioned to." ::= { cufwCluHistEvEntry 3 } cufwCluTransitionAt OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The date&time at which this transition happened for the cluster unit." ::= { cufwCluHistEvEntry 4 } cufwCluTransitionReason OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The reason for this transition for the cluster unit." ::= { cufwCluHistEvEntry 5 } -- Cluster Globals cufwCluEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This value depicts if clustering is enabled or not on the device." ::= { cuFwClusterGlobals 1 } cufwCluInterfaceMode OBJECT-TYPE SYNTAX INTEGER (0..3) MAX-ACCESS read-only STATUS current DESCRIPTION "Mode of interface in clustering. Value Type 0 none 1 Spanned ether-channel 2 Individual 3 invalid" ::= { cuFwClusterGlobals 2 } cufwCluUnitState OBJECT-TYPE SYNTAX CUfwCluState MAX-ACCESS read-only STATUS current DESCRIPTION "The current state of the unit in cluster." ::= { cuFwClusterGlobals 3 } cufwCCLink OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The ifIndex of the interface used for cluster communication between the units." ::= { cuFwClusterGlobals 4 } cufwCluGroupName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The group name uniquely identifying this cluster." ::= { cuFwClusterGlobals 5 } cufwCluUnitName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The name uniquely identifying this cluster member." ::= { cuFwClusterGlobals 6 } cufwCluConsoleReplicate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The console replication feature is enabled on this slave. Slave units send the console messages to the master unit so that you only need to monitor one console port for the cluster." ::= { cuFwClusterGlobals 7 } cufwCluSiteID OBJECT-TYPE SYNTAX INTEGER (0..8) MAX-ACCESS read-only STATUS current DESCRIPTION "The site ID for this unit used in inter-site clustering." ::= { cuFwClusterGlobals 8 } cufwCluPriority OBJECT-TYPE SYNTAX INTEGER (1..100) MAX-ACCESS read-only STATUS current DESCRIPTION "The priority of this unit for master unit elections (1 being highest)." ::= { cuFwClusterGlobals 9 } cufwCluSerialNum OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The vendor-specific serial number string for the current unit in cluster." ::= { cuFwClusterGlobals 10 } cufwCCLipAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The ip address used on the interface for CCL communication." ::= { cuFwClusterGlobals 11 } cufwCCLmacAddr OBJECT-TYPE SYNTAX PhysAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The MAC address on the CCL link." ::= { cuFwClusterGlobals 12 } cufwCluSwVersion OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The vendor-specific software revision string for the current unit in cluster." ::= { cuFwClusterGlobals 13 } cufwCluUnitHoldtime OBJECT-TYPE SYNTAX INTEGER (800..45000) UNITS "millisec" MAX-ACCESS read-only STATUS current DESCRIPTION "To determine unit health, the ASA cluster units send keepalive messages on the cluster control link to other units. The hold time that each unit will wait before declaring a peer unit as dead." ::= { cuFwClusterGlobals 14 } cufwCluLastJoinAt OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The date&time at which this unit last joined the cluster." ::= { cuFwClusterGlobals 15 } cufwCluLastLeaveAt OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The date&time at which this unit last left the cluster." ::= { cuFwClusterGlobals 16 } -- Cisco Firewall MIB Notification Control cufwCntlUrlfServerStatusChange OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the SNMP notification to signal the election of a new primary URL filtering server by this firewall. Such a change could occur either as a result of the current primary server becoming unavailable or as a result of explicit management action in nominating a filtering server the primary server." DEFVAL { false } ::= { cuFwNotifCntlGrp 1 } cufwCntlL2StaticMacAddressMoved OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the SNMP notification to signal the move of a statically configured MAC address to a new port. Such a change could occur either as a result of physical move of the device with the MAC Address to the new port or due to MAC address spoofing." DEFVAL { true } ::= { cuFwNotifCntlGrp 2 } cufwCntlFOstateChange OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the SNMP notification to signal the election of a new active or standby in an HA pair." DEFVAL { true } ::= { cuFwNotifCntlGrp 3 } cufwCntlCluStateChange OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the administrative state of sending the SNMP notification to signal the election of a new master in a cluster unit." DEFVAL { true } ::= { cuFwNotifCntlGrp 4 } -- Cisco Firewall MIB Notifications ciscoUFwUrlfServerStateChange NOTIFICATION-TYPE OBJECTS { cufwUrlfServerStatus } STATUS current DESCRIPTION "This notification is generated when the firewall elects a new primary URL filtering server from the existing set of configured servers. Such a change could occur either as a result of the current primary server becoming unavailable or as a result of explicit management action in nominating a filtering server the primary server. The notification is issued just before the change occurs. Consequently, the varbinds identify the attributes corresponding to the old primary server. This notification is issued if and only if the object 'cufwCntlUrlfServerStatusChange' has been set to 'true'." ::= { ciscoUnifiedFirewallMIBNotifs 1 } ciscoUFwL2StaticMacAddressMoved NOTIFICATION-TYPE OBJECTS { dot1dTpFdbPort, dot1dTpFdbStatus } STATUS current DESCRIPTION "This notification is generated when the firewall detects the move of a static MAC address to a new port. Such a change could occur either as a result of physical move of the device with the MAC Address to the new port, due to management action of relocating the MAC address at the new location or due to MAC address spoofing. The varbinds identify the new location (port) of the MAC Address and its status at the new location. This notification is issued if and only if the object 'cufwCntlL2StaticMacAddressMoved' has been set to 'true'." ::= { ciscoUnifiedFirewallMIBNotifs 2 } cufwFailoverStateChanged NOTIFICATION-TYPE OBJECTS { cufwFOGroupIndex, cufwFOGrpHAstate } STATUS current DESCRIPTION "This notification is generated when the firewall detects a state change in either units of an HA pair. This notification is issued if and only if the object 'cufwCntlFOstateChange' has been set to 'true'." ::= { ciscoUnifiedFirewallMIBNotifs 3 } cufwClusterStateChanged NOTIFICATION-TYPE OBJECTS { cufwCluUnitState } STATUS current DESCRIPTION "This notification is generated when the firewall detects a new master has been elected. This notification is issued if and only if the object 'cufwCntlCluStateChange' has been set to 'true'." ::= { ciscoUnifiedFirewallMIBNotifs 4 } -- Conformance Information ciscoUniFirewallMIBCompliances OBJECT IDENTIFIER ::= { ciscoUnifiedFirewallMIBConform 1 } ciscoUniFirewallMIBGroups OBJECT IDENTIFIER ::= { ciscoUnifiedFirewallMIBConform 2 } -- Compliance Statements ciscoUniFirewallMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities the Cisco Firewall MIB." MODULE -- this module MANDATORY-GROUPS { ciscoFwConnectionGroup, ciscoFwMibReportingControlGroup } GROUP ciscoFwApplInspectionGroup DESCRIPTION "This group is mandatory for a firewall implementation which implements application inspection of L7 protocols" GROUP ciscoFwConnResourceUsageGroup DESCRIPTION "This group is optional." GROUP ciscoFwFailoverGroup DESCRIPTION "This group is optional." GROUP ciscoFwPolicyConnectionGroup DESCRIPTION "This group is mandatory for a firewall implementation which implements the instrumentation of policy based connection statistics." GROUP ciscoFwUrlFilterGroup DESCRIPTION "This group is mandatory only if the firewall implements URL Filtering functionality." GROUP ciscoFwUrlFilterResourceGroup DESCRIPTION "This group is optional." GROUP ciscoFwTransparentFwGroup DESCRIPTION "This group is mandatory only if the firewall implements transparent or layer 2 mode of operation." GROUP ciscoFwTransparentNotifGroup DESCRIPTION "This group is mandatory only if the firewall implements transparent or layer 2 mode of operation." GROUP ciscoFwBasicAaicGroup DESCRIPTION "This group is mandatory only if the firewall implements the group 'ciscoFwAaicHttpGroup'." GROUP ciscoFwAaicHttpGroup DESCRIPTION "This group is mandatory only for a firewall implementation which implements Advanced Application Inspection and Control (deep packet inspection) of HTTP traffic. Further, any implementation that supports thsi group MUST implement group ciscoFwBasicAaicGroup." ::= { ciscoUniFirewallMIBCompliances 1 } -- Units of Conformance ciscoFwConnectionGroup OBJECT-GROUP OBJECTS { cufwConnGlobalNumAttempted, cufwConnGlobalNumSetupsAborted, cufwConnGlobalNumPolicyDeclined, cufwConnGlobalNumResDeclined, cufwConnGlobalNumHalfOpen, cufwConnGlobalNumActive, cufwConnGlobalNumAborted, cufwConnGlobalNumExpired, cufwConnGlobalNumEmbryonic, cufwConnGlobalConnSetupRate1, cufwConnGlobalConnSetupRate5, cufwConnGlobalNumRemoteAccess, cufwConnNumAttempted, cufwConnNumSetupsAborted, cufwConnNumPolicyDeclined, cufwConnNumResDeclined, cufwConnNumHalfOpen, cufwConnNumActive, cufwConnNumAborted, cufwConnSetupRate1, cufwConnSetupRate5, cufwAppConnNumAttempted, cufwAppConnNumSetupsAborted, cufwAppConnNumPolicyDeclined, cufwAppConnNumResDeclined, cufwAppConnNumHalfOpen, cufwAppConnNumActive, cufwAppConnNumAborted, cufwAppConnSetupRate1, cufwAppConnSetupRate5 } STATUS current DESCRIPTION "This group contains the MIB objects required to instrument the firewall stateful connection activity." ::= { ciscoUniFirewallMIBGroups 1 } ciscoFwConnResourceUsageGroup OBJECT-GROUP OBJECTS { cufwConnResMemoryUsage, cufwConnResActiveConnMemoryUsage, cufwConnResHOConnMemoryUsage, cufwConnResEmbrConnMemoryUsage } STATUS current DESCRIPTION "This group contains the MIB objects required to instrument the resource usage of the stateful packet filtering feature of the managed firewall." ::= { ciscoUniFirewallMIBGroups 2 } ciscoFwPolicyConnectionGroup OBJECT-GROUP OBJECTS { cufwPolConnNumAttempted, cufwPolConnNumSetupsAborted, cufwPolConnNumPolicyDeclined, cufwPolConnNumResDeclined, cufwPolConnNumHalfOpen, cufwPolConnNumActive, cufwPolConnNumAborted, cufwPolAppConnNumAttempted, cufwPolAppConnNumSetupsAborted, cufwPolAppConnNumPolicyDeclined, cufwPolAppConnNumResDeclined, cufwPolAppConnNumHalfOpen, cufwPolAppConnNumActive, cufwPolAppConnNumAborted } STATUS current DESCRIPTION "This group contains the MIB objects required to instrument policy based summary of firewall connection activity." ::= { ciscoUniFirewallMIBGroups 3 } ciscoFwApplInspectionGroup OBJECT-GROUP OBJECTS { cufwAIAuditTrailEnabled, cufwAIAlertEnabled, cufwInspectionStatus } STATUS current DESCRIPTION "This group contains the MIB objects required to instrument the firewall Application Inspection function." ::= { ciscoUniFirewallMIBGroups 4 } ciscoFwUrlFilterGroup OBJECT-GROUP OBJECTS { cufwUrlfFunctionEnabled, cufwUrlfRequestsNumProcessed, cufwUrlfRequestsProcRate1, cufwUrlfRequestsProcRate5, cufwUrlfRequestsNumAllowed, cufwUrlfRequestsNumDenied, cufwUrlfRequestsDeniedRate1, cufwUrlfRequestsDeniedRate5, cufwUrlfRequestsNumCacheAllowed, cufwUrlfRequestsNumCacheDenied, cufwUrlfAllowModeReqNumAllowed, cufwUrlfAllowModeReqNumDenied, cufwUrlfRequestsNumResDropped, cufwUrlfRequestsResDropRate1, cufwUrlfRequestsResDropRate5, cufwUrlfNumServerTimeouts, cufwUrlfNumServerRetries, cufwUrlfResponsesNumLate, cufwUrlfUrlAccRespsNumResDropped, cufwUrlfServerVendor, cufwUrlfServerStatus, cufwUrlfServerReqsNumProcessed, cufwUrlfServerReqsNumAllowed, cufwUrlfServerReqsNumDenied, cufwUrlfServerNumTimeouts, cufwUrlfServerNumRetries, cufwUrlfServerRespsNumReceived, cufwUrlfServerRespsNumLate, cufwUrlfServerAvgRespTime1, cufwUrlfServerAvgRespTime5, cufwCntlUrlfServerStatusChange } STATUS current DESCRIPTION "This group contains the MIB objects required to instrument the firewall URL filtering function." ::= { ciscoUniFirewallMIBGroups 5 } ciscoFwUrlFilterResourceGroup OBJECT-GROUP OBJECTS { cufwUrlfResTotalRequestCacheSize, cufwUrlfResTotalRespCacheSize } STATUS current DESCRIPTION "This group contains the MIB objects required to instrument the resource usage of the URL filtering feature of the managed firewall." ::= { ciscoUniFirewallMIBGroups 6 } ciscoFwTransparentFwGroup OBJECT-GROUP OBJECTS { cufwL2GlobalEnableStealthMode, cufwL2GlobalArpCacheSize, cufwL2GlobalEnableArpInspection, cufwL2GlobalNumArpRequests, cufwL2GlobalNumIcmpRequests, cufwL2GlobalNumFloods, cufwL2GlobalNumDrops, cufwL2GlobalArpOverflowRate5, cufwL2GlobalNumBadArpResponses, cufwL2GlobalNumSpoofedArpResps, cufwCntlL2StaticMacAddressMoved } STATUS current DESCRIPTION "This group contains the MIB objects required to instrument the transparent mode (or layer 2) operation of a firewall." ::= { ciscoUniFirewallMIBGroups 7 } ciscoFwNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { ciscoUFwUrlfServerStateChange } STATUS current DESCRIPTION "This group contains notifications defined in the Cisco Firewall MIB pertaining to basic firewall operations. Presently, the list include a notification pertaining to URL filtering alone." ::= { ciscoUniFirewallMIBGroups 8 } ciscoFwTransparentNotifGroup NOTIFICATION-GROUP NOTIFICATIONS { ciscoUFwL2StaticMacAddressMoved } STATUS current DESCRIPTION "This group contains the notifications that signal security critical events pertaining to the transparent mode operation of the firewall." ::= { ciscoUniFirewallMIBGroups 9 } ciscoFwBasicAaicGroup OBJECT-GROUP OBJECTS { cufwAaicGlobalNumBadProtocolOps, cufwAaicGlobalNumBadPDUSize, cufwAaicGlobalNumBadPortRange } STATUS current DESCRIPTION "This group contains the MIB objects required to instrument the basic elements of Advanced Application Inspection and Control (AAIC)." ::= { ciscoUniFirewallMIBGroups 10 } ciscoFwAaicHttpGroup OBJECT-GROUP OBJECTS { cufwAaicHttpNumBadProtocolOps, cufwAaicHttpNumBadPDUSize, cufwAaicHttpNumTunneledConns, cufwAaicHttpNumLargeURIs, cufwAaicHttpNumBadContent, cufwAaicHttpNumMismatchContent, cufwAaicHttpNumDoubleEncodedPkts } STATUS current DESCRIPTION "This group defines statistics pertaining to deep packet inspection of HTTP payloads. A firewall that implements this group must implement the group 'ciscoFwBasicAaicGroup'." ::= { ciscoUniFirewallMIBGroups 11 } ciscoFwMibReportingControlGroup OBJECT-GROUP OBJECTS { cufwConnReptAppStats, cufwConnReptAppStatsLastChanged } STATUS current DESCRIPTION "This group contains the MIB objects that allow the administrator to control the granularity of objects reported by the agent." ::= { ciscoUniFirewallMIBGroups 12 } ciscoFwFailoverGroup OBJECT-GROUP OBJECTS { cufwFOEnabled, cufwFOUnitDesignation, cufwFOLink, cufwFOStateLink, cufwFOStdbyConfigLocked, cufwFOEncryption, cufwFOSerialNumOurs, cufwFOSerialNumMate, cufwFOSwVersionOurs, cufwFOSwVersionMate, cufwFOUnitPolltime, cufwFOUnitHoldtime, cufwFOUnitBfdEnabled, cufwFOLinkStatePolltime, cufwFOInterfacePolicy, cufwFOMonitoredInterfaces, cufwFOInterfacePolltime, cufwFOInterfaceHoldtime, cufwFOReplicationHttp, cufwFOReplicationRate, cufwFOGroupIdx, cufwFOCLientId, cufwFOCLientName, cufwFOLUTransmitCount, cufwFOLUTransmitErrors, cufwFOLUReceiveCount, cufwFOLUReceiveErrors, cufwFOStatefulUpdateEnabled, cufwFOGroupIndex, cufwContextId, cufwContextifIndex, cufwFOInterfaceMonitoring, cufwFOInterfaceStatus, cufwFOGroupIndex, cufwFOGrpLastFailoverAt, cufwFOGrpHAstate, cufwFOGrpUpTime, cufwFOGrpContextCount, cufwFOGrpIndex, cufwFOHistoryIndex, cufwFOGrpHAFromState, cufwFOGrpHAToState, cufwFOGrpTransitionAt, cufwFOGrpTransitionReason } STATUS current DESCRIPTION "This group contains the MIB objects that allow the administrator to control the granularity of objects reported by the agent." ::= { ciscoUniFirewallMIBGroups 13 } END