1-- *------------------------------------------------------------------ 2-- * CISCO-UNIFIED-FIREWALL-MIB.my: Cisco Firewall MIB. 3-- * 4-- * Sep 2005, fw-mib-dev@cisco.com 5-- * 6-- * Copyright (c) 2005 by cisco Systems, Inc. 7-- * All rights reserved. 8-- * 9-- *------------------------------------------------------------------ 10 11CISCO-UNIFIED-FIREWALL-MIB DEFINITIONS ::= BEGIN 12 13IMPORTS 14 MODULE-IDENTITY, 15 OBJECT-TYPE, 16 NOTIFICATION-TYPE, 17 Counter64, 18 Gauge32, 19 Integer32 20 FROM SNMPv2-SMI 21 22 TruthValue, 23 TimeStamp 24 FROM SNMPv2-TC 25 26 InetAddressType, 27 InetAddress, 28 InetPortNumber 29 FROM INET-ADDRESS-MIB 30 31 MODULE-COMPLIANCE, 32 OBJECT-GROUP, 33 NOTIFICATION-GROUP 34 FROM SNMPv2-CONF 35 36 ciscoMgmt 37 FROM CISCO-SMI 38 39 CFWNetworkProtocol, 40 CFWApplicationProtocol, 41 CFWPolicy, 42 CFWPolicyTarget, 43 CFWPolicyTargetType, 44 CFWUrlfVendorId, 45 CFWUrlServerStatus 46 FROM CISCO-FIREWALL-TC 47 48 dot1dTpFdbPort, 49 dot1dTpFdbStatus 50 FROM BRIDGE-MIB; 51 52ciscoUnifiedFirewallMIB MODULE-IDENTITY 53 LAST-UPDATED "200509220000Z" 54 ORGANIZATION "Cisco Systems" 55 CONTACT-INFO 56 " Cisco Systems 57 Customer Service 58 59 Postal: 170 W Tasman Drive 60 San Jose, CA 95134 61 USA 62 63 Tel: +1 800 553-NETS 64 E-mail: cs-firewalls@cisco.com" 65 66 DESCRIPTION 67 "Overview of Cisco Firewall MIB 68 ============================== 69 This MIB Module models status and performance 70 statistics pertaining to the common features supported 71 by Cisco firewall implementations. For each firewall 72 feature, capability (if applicable) and statistics are 73 defined. Supporting the configuration of firewall 74 features is outside the scope of this MIB. 75 76 Following are the major firewall features: 77 78 1) 'Stateful Packet Filtering' 79 Creating and maintaining the state of authorized 80 traffic flows dynamically to permit only 81 flows authorized by the policy is a mandatory 82 function of a firewall. 83 This MIB instruments the activity and memory 84 usage by this function. 85 86 2) 'Application Inspection' 87 This refers to the function of inspecting the 88 headers of layer 3 and layer 4 protocols and 89 creating dynamic entries in the connection 90 table for traffic flows spawned by an already 91 established traffic flow. 92 93 This MIB reflects the protocols that are being 94 inspected. 95 96 3) 'URL Filtering' 97 This refers to the function of facilitating 98 or restricting URL access requests through 99 the firewall by consulting either local policy 100 or that configured on a dedicated URL filtering 101 server. 102 103 This MIB instruments the URL filtering activity, 104 the status and activity of distinct URL filtering 105 servers configured on the firewall and the 106 impact of the performance of the URL filtering 107 servers on the latency and throughput of the 108 firewall. 109 110 4) 'Proxy Authentication' 111 This refers to the function of authenticating 112 and/or authorizing users on behalf of servers 113 on the secure side of the firewall. This operation 114 could affect the throughput of the firewall. 115 116 The MIB objects pertaining to Proxy Authentication 117 will be defined in a subsequent revision of this 118 MIB. 119 120 121 5) 'Transparent Mode Operation' 122 A firewall could operate as a bridge and yet 123 filter traffic based on layer 3-layer 7 control 124 and payload information. Operating in this mode 125 makes it easy to implement a firewall without 126 fragmenting existing subnets. Another advantage 127 of this mode of operation is enhanced security. 128 129 This MIB instruments the status, activity, 130 and performance of the firewall in this mode. 131 Please note that to fully manage a firewall 132 operating in this mode, the firewall must also 133 support the bridge MIB (BRIDGE-MIB). 134 135 136 6) 'Advanced Application Inspection and Control' 137 This function is also termed 'Application 138 Firewall' and pertains to inspecting payload and 139 headers of application traffic to make sure the 140 traffic flows conform to the configured security 141 policy. 142 143 Monitoring this function entails identifying the 144 security alerts generated by this function and 145 measuring the impact on firewall performance by 146 this task. Application Firewall will be 147 instrumented in a separate MIB dedicated for the 148 function. 149 150 7) 'Failover' or 'Redundancy' 151 Redundancy configuration is essential for business 152 critical firewalls. 153 154 Instrumenting this function entails reflecting 155 the configuration of redundancy and identifying 156 failover events. 157 158 The MIB objects pertaining to Proxy Authentication 159 will be defined in a subsequent revision of this 160 MIB. 161 162 163 The management information for each firewall feature 164 is defined in a distinct module compliance unit. The 165 compliance units corresponding to basic features of 166 firewalls are defined as mandatory. 167 168 Acronyms 169 ======== 170 Following are definitions of some terms used in this 171 module. Please refer to the module conformance for a 172 glossary of feature-specific terms. 173 174 `Firewall' 175 A firewall is a set of related programs, 176 implemented on a host or a network device, that 177 protects the resources of a private network from 178 users from other networks. Common firewalling 179 functions include stateful packet filtering, 180 proxy authentication of users on behalf of 181 applications on the secure side of the firewall, 182 URL access control, inspection of payload of 183 traffic streams to determine security threats. 184 185 `Layer2 Firewall' or 'Transparent Firewall' 186 A firewall device that operates as a bridge 187 while performing firewalling function. 188 189 `Connection' 190 The record in the firewall of a traffic strean 191 that has been authorized to flow through the 192 firewall. 193 194 `Half Open Connection' 195 For a connection oriented protocol: a connection 196 that has not reached the established on both the 197 sides of the connection. 198 For a connection-less protocol: the connection 199 corresponding to a traffic stream where traffic 200 flow has occurred (since the establishment of the 201 connection entry) only on one direction. 202 203 `Embryonic Connection' 204 The connection entry corresponding to an 205 application layer protocol in which the signaling 206 channel has been established while the setup of 207 the data channel is underway. 208 209 `Policy' 210 An element of firewall configuration that 211 identifies the access rights to a resource by a 212 traffic source. An example of a policy is an 213 Access Control Rule. 214 215 `Policy Target' 216 An entity to which a policy is applied so that 217 the action corresponding to the policy is taken 218 only on traffic streams associated with the 219 entity. An example of a policy target is an 220 interface. 221 222 `URL Filtering Server' 223 A server which is employed by the firewall to 224 enforce URL access policies. 225 226 `Protocol Data Unit' or PDU 227 An instance of the unit of information using which 228 a protocol operates is called the Protocol Data 229 Unit or the PDU of the protocol. 230 231 `Deep Packet Inspection' 232 The task of examining the contents of the payloads 233 of one or more layer 7 application protocols 234 with a view to enforcing the local security 235 policies termed 'Deep Packet Inspection'. 236 237 `Advanced Application Inspection and Control' 238 An entity that performs deep packet inspection 239 of layer 7 application protocol data units is 240 termed an 'Application Firewall'. 241 " 242 243 REVISION "200509220000Z" 244 DESCRIPTION 245 "Initial version of this module. 246 " 247 ::= { ciscoMgmt 491 } 248 249-- Tentative anchor under ciscoMgmt 250 251-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 252-- Cisco Firewall MIB Object Groups 253-- 254-- This MIB module contains the following groups: 255-- 1) Connection Activity Summary 256-- 2) Application Inspection group 257-- 3) URL Filtering group 258-- 4) Failover group 259-- 5) Advanced Application Inspection and Control group 260-- 6) Transparent firewall group 261-- 7) Notification and control group 262-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 263 264ciscoUnifiedFirewallMIBNotifs OBJECT IDENTIFIER ::= 265 { ciscoUnifiedFirewallMIB 0 } 266ciscoUnifiedFirewallMIBObjects OBJECT IDENTIFIER ::= 267 { ciscoUnifiedFirewallMIB 1 } 268ciscoUnifiedFirewallMIBConform OBJECT IDENTIFIER ::= 269 { ciscoUnifiedFirewallMIB 2 } 270 271 272cuFwConnectionGrp OBJECT IDENTIFIER ::= 273 { ciscoUnifiedFirewallMIBObjects 1 } 274cuFwApplInspectionGrp OBJECT IDENTIFIER ::= 275 { ciscoUnifiedFirewallMIBObjects 2 } 276cuFwUrlFilterGrp OBJECT IDENTIFIER ::= 277 { ciscoUnifiedFirewallMIBObjects 3 } 278cuFwFailoverGrp OBJECT IDENTIFIER ::= 279 { ciscoUnifiedFirewallMIBObjects 4 } 280cuFwAaicGrp OBJECT IDENTIFIER ::= 281 { ciscoUnifiedFirewallMIBObjects 5 } 282cuFwL2FwGrp OBJECT IDENTIFIER ::= 283 { ciscoUnifiedFirewallMIBObjects 6 } 284cuFwNotifCntlGrp OBJECT IDENTIFIER ::= 285 { ciscoUnifiedFirewallMIBObjects 7 } 286 287-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 288-- Firewall Connection Summary Table 289-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 290 291cuFwConnectionGlobals OBJECT IDENTIFIER ::= 292 { cuFwConnectionGrp 1 } 293cuFwConnectionResources OBJECT IDENTIFIER ::= 294 { cuFwConnectionGrp 2 } 295cuFwConnectionReportSettings OBJECT IDENTIFIER ::= 296 { cuFwConnectionGrp 3 } 297cuFwConnectionSummaryTables OBJECT IDENTIFIER ::= 298 { cuFwConnectionGrp 4 } 299 300-- Connection Activity: Global summary 301 302cufwConnGlobalNumAttempted OBJECT-TYPE 303 SYNTAX Counter64 304 UNITS "Connections" 305 MAX-ACCESS read-only 306 STATUS current 307 DESCRIPTION 308 " 309 Connection Statistics Aggregation 310 311 Connection 1 +-----------+ 312 ------------->| |-------> Global Connection Summary 313 Connection 2 | | 314 ------------->| | 315 Connection 3 | | 316 ------------->| First |------------> ConnSummary 317 | Level | (i.e, L-3/4 Protocol 318 Connection 4 |Aggregation| Connection Summary) 319 ------------->| | 320 . | | 321 . | |---------------> PolicyConnSummary 322 Connection N | | (i.e, L-3/4 Policy Target based 323 ------------->| | Protocol Connection Summary) 324 +-----------+ 325 326 327 +-----------+ 328 L-3/4 Protocol | | 329 Connection Summary | | 330 ------------------>| |---------> AppConnSummary 331 | | (i.e, L-7 Protocol 332 | Second | Connection Summary) 333 |---Level---| 334 L-3/4 Policy Target |Aggregation| 335 based Protocol | | 336 Connection Summary | | 337 ------------------>| |---------------> PolicyAppConnSummary 338 | | (i.e, L-7 Policy Target based 339 | | Protocol Connection Summary) 340 +-----------+ 341 342 343 Specifically, the object 344 'cufwConnGlobalNumAttempted' models 345 the number of connections which are attempted to 346 be set up through the firewall. 347 348 This value is accumulated from the last reboot of 349 the firewall. 350 " 351 ::= { cuFwConnectionGlobals 1 } 352 353cufwConnGlobalNumSetupsAborted OBJECT-TYPE 354 SYNTAX Counter64 355 UNITS "Connections" 356 MAX-ACCESS read-only 357 STATUS current 358 DESCRIPTION 359 "The number of connection setup attempts that 360 were aborted before the connection could proceed 361 to completion. The counter includes setup 362 attempts aborted by the firewall as well as 363 those aborted by the initiator and/or the 364 responder(s) of/to the connection setup attempt. 365 366 Consequently, this value subsumes the values of 367 objects 'cufwConnGlobalNumPolicyDeclined' and 368 'cufwConnGlobalNumResDeclined'. 369 370 This value is accumulated from the last reboot of 371 the firewall. 372 " 373 ::= { cuFwConnectionGlobals 2 } 374 375cufwConnGlobalNumPolicyDeclined OBJECT-TYPE 376 SYNTAX Counter64 377 UNITS "Connections" 378 MAX-ACCESS read-only 379 STATUS current 380 DESCRIPTION 381 "The number of connections which were attempted to 382 be setup but which were declined due to reasons of 383 security policy. 384 385 This includes the connections that failed 386 authentication. 387 388 This value is accumulated from the last reboot of 389 the firewall. 390 " 391 ::= { cuFwConnectionGlobals 3 } 392 393cufwConnGlobalNumResDeclined OBJECT-TYPE 394 SYNTAX Counter64 395 UNITS "Connections" 396 MAX-ACCESS read-only 397 STATUS current 398 DESCRIPTION 399 "The number of connections which were attempted to 400 be setup but which were declined due to 401 non-availability of required resources. 402 403 This value is accumulated from the last reboot of 404 the firewall. 405 " 406 ::= { cuFwConnectionGlobals 4 } 407 408cufwConnGlobalNumHalfOpen OBJECT-TYPE 409 SYNTAX Gauge32 410 UNITS "Connections" 411 MAX-ACCESS read-only 412 STATUS current 413 DESCRIPTION 414 "The number of connections which are in the process 415 of being setup but which have not yet reached the 416 established state in the connection table. 417 " 418 ::= { cuFwConnectionGlobals 5 } 419 420cufwConnGlobalNumActive OBJECT-TYPE 421 SYNTAX Gauge32 422 UNITS "Connections" 423 MAX-ACCESS read-only 424 STATUS current 425 DESCRIPTION 426 "The number of connections which are currently active. 427 " 428 ::= { cuFwConnectionGlobals 6 } 429 430cufwConnGlobalNumExpired OBJECT-TYPE 431 SYNTAX Counter64 432 UNITS "Connections" 433 MAX-ACCESS read-only 434 STATUS current 435 DESCRIPTION 436 "The number of connections which were active but 437 which were since normally terminated. 438 439 This value is accumulated from the last reboot of 440 the firewall. 441 " 442 ::= { cuFwConnectionGlobals 7 } 443 444cufwConnGlobalNumAborted OBJECT-TYPE 445 SYNTAX Counter64 446 UNITS "Connections" 447 MAX-ACCESS read-only 448 STATUS current 449 DESCRIPTION 450 "The number of connections which were active but 451 which were aborted by the firewall due to reasons 452 of policy or resource rationing. 453 454 This value is accumulated from the last reboot of 455 the firewall. 456 " 457 ::= { cuFwConnectionGlobals 8 } 458 459cufwConnGlobalNumEmbryonic OBJECT-TYPE 460 SYNTAX Gauge32 461 UNITS "Connections" 462 MAX-ACCESS read-only 463 STATUS current 464 DESCRIPTION 465 "The number of embryonic application layer connections 466 (that is, connections in which the signaling channel 467 has been established while the data channel is awaiting 468 setup). 469 470 This value is accumulated from the last reboot of 471 the firewall. 472 " 473 ::= { cuFwConnectionGlobals 9 } 474 475cufwConnGlobalConnSetupRate1 OBJECT-TYPE 476 SYNTAX Gauge32 477 UNITS "Connections per second" 478 MAX-ACCESS read-only 479 STATUS current 480 DESCRIPTION 481 "The averaged number of connections which the firewall 482 establishing per second, averaged over the last 60 483 seconds. 484 " 485 ::= { cuFwConnectionGlobals 10 } 486 487cufwConnGlobalConnSetupRate5 OBJECT-TYPE 488 SYNTAX Gauge32 489 UNITS "Connections per second" 490 MAX-ACCESS read-only 491 STATUS current 492 DESCRIPTION 493 "The averaged number of connections which the firewall 494 establishing per second, averaged over the last 300 495 seconds. 496 " 497 ::= { cuFwConnectionGlobals 11 } 498 499cufwConnGlobalNumRemoteAccess OBJECT-TYPE 500 SYNTAX Gauge32 501 UNITS "Connections" 502 MAX-ACCESS read-only 503 STATUS current 504 DESCRIPTION 505 "The number of active connections which correspond 506 to remote access applications. Specifically, the 507 protocol for which the connection is established 508 must be one of PPP, PPTP, L2TP or remote access IPsec 509 (IPsec connections employing extended authentication). 510 511 This value is accumulated from the last reboot of 512 the firewall. 513 " 514 ::= { cuFwConnectionGlobals 12 } 515 516-- Resource consumption by connection activity 517 518cufwConnResMemoryUsage OBJECT-TYPE 519 SYNTAX Gauge32 520 UNITS "KBytes" 521 MAX-ACCESS read-only 522 STATUS current 523 DESCRIPTION 524 "The amount of memory occupied by all structures 525 required to maintain the state of all connections 526 which are either being established or are active. 527 " 528 ::= { cuFwConnectionResources 1 } 529 530cufwConnResActiveConnMemoryUsage OBJECT-TYPE 531 SYNTAX Gauge32 532 UNITS "KBytes" 533 MAX-ACCESS read-only 534 STATUS current 535 DESCRIPTION 536 "The amount of memory occupied by all structures 537 required to maintain the state of all active 538 connections. 539 " 540 ::= { cuFwConnectionResources 2 } 541 542cufwConnResHOConnMemoryUsage OBJECT-TYPE 543 SYNTAX Gauge32 544 UNITS "KBytes" 545 MAX-ACCESS read-only 546 STATUS current 547 DESCRIPTION 548 "The amount of memory occupied by all structures 549 required to maintain the state of all half 550 open connections. 551 " 552 ::= { cuFwConnectionResources 3 } 553 554cufwConnResEmbrConnMemoryUsage OBJECT-TYPE 555 SYNTAX Gauge32 556 UNITS "KBytes" 557 MAX-ACCESS read-only 558 STATUS current 559 DESCRIPTION 560 "The amount of memory occupied by all structures 561 required to maintain the state of all embryonic 562 connections. 563 " 564 ::= { cuFwConnectionResources 4 } 565 566-- 567-- Connection Activity Report Settings: Controls to 568-- configure the MIB to change connection activity reporting 569-- settings. 570-- 571cufwConnReptAppStats OBJECT-TYPE 572 SYNTAX TruthValue 573 MAX-ACCESS read-write 574 STATUS current 575 DESCRIPTION 576 "Setting this object to 'true' enables the MIB to 577 report connection activity statistics pertaining 578 to application protocols. 579 580 If this object is set to 'false', the agent 581 should stop updating the objects defined in this 582 module pertaining to application protocols. 583 584 Application monitoring could be a resource intensive 585 operation. It is expected that the administrators 586 would use this control to disable application 587 monitoring when the performance of the firewall is 588 degrading. 589 " 590 DEFVAL { false } 591 ::= { cuFwConnectionReportSettings 1 } 592 593cufwConnReptAppStatsLastChanged OBJECT-TYPE 594 SYNTAX TimeStamp 595 MAX-ACCESS read-only 596 STATUS current 597 DESCRIPTION 598 "The time at which the value of cufwConnReptAppStats 599 was last changed. 600 " 601 ::= { cuFwConnectionReportSettings 2 } 602 603-- Connection Activity: Protocol-based summary 604 605cufwConnSummaryTable OBJECT-TYPE 606 SYNTAX SEQUENCE OF CufwConnSummaryEntry 607 MAX-ACCESS not-accessible 608 STATUS current 609 DESCRIPTION 610 "This table summarizes the connection activity on 611 the firewall per layer3-layer 4 protocol instance. 612 613 Each entry in the table lists the connection 614 summary of a distinct network protocol. 615 616 For instance, the conceptual row corresponding to the 617 index 618 619 cufwConnProtocol = fwpTcp 620 621 yields the summary of TCP connection activity on the 622 firewall since its reboot. 623 " 624 ::= { cuFwConnectionSummaryTables 1 } 625 626cufwConnSummaryEntry OBJECT-TYPE 627 SYNTAX CufwConnSummaryEntry 628 MAX-ACCESS not-accessible 629 STATUS current 630 DESCRIPTION 631 "Each entry contains the summary of connection 632 activity for a layer3-layer4 network protocol. 633 " 634 INDEX { 635 cufwConnProtocol 636 } 637 ::= { cufwConnSummaryTable 1 } 638 639CufwConnSummaryEntry ::= SEQUENCE { 640 cufwConnProtocol CFWNetworkProtocol, 641 cufwConnNumAttempted Counter64, 642 cufwConnNumSetupsAborted Counter64, 643 cufwConnNumPolicyDeclined Counter64, 644 cufwConnNumResDeclined Counter64, 645 cufwConnNumHalfOpen Gauge32, 646 cufwConnNumActive Gauge32, 647 cufwConnNumAborted Counter64, 648 cufwConnSetupRate1 Gauge32, 649 cufwConnSetupRate5 Gauge32 650} 651 652cufwConnProtocol OBJECT-TYPE 653 SYNTAX CFWNetworkProtocol 654 MAX-ACCESS not-accessible 655 STATUS current 656 DESCRIPTION 657 "The (L3-L4) protocol for which this conceptual 658 row summarizes the connection activity on the 659 managed entity. 660 " 661 ::= { cufwConnSummaryEntry 1 } 662 663cufwConnNumAttempted OBJECT-TYPE 664 SYNTAX Counter64 665 UNITS "Connections" 666 MAX-ACCESS read-only 667 STATUS current 668 DESCRIPTION 669 "The number of connections attempted since the last 670 reboot of the firewall, corresponding to the protocol 671 denoted by 'cufwConnProtocol'. 672 673 This value is accumulated from the last reboot of 674 the firewall. 675 " 676 ::= { cufwConnSummaryEntry 2 } 677 678cufwConnNumSetupsAborted OBJECT-TYPE 679 SYNTAX Counter64 680 UNITS "Connections" 681 MAX-ACCESS read-only 682 STATUS current 683 DESCRIPTION 684 "The number of connection setup attempts, 685 corresponding to the protocol denoted by 686 'cufwConnProtocol', that were aborted before the 687 connection could proceed to completion. The 688 counter includes setup attempts aborted by the 689 firewall as well as those aborted by the initiator 690 and/or the responder(s) of/to the connection setup 691 attempt. 692 693 Consequently, this value subsumes the values of 694 objects 'cufwConnNumPolicyDeclined' and 695 'cufwConnNumResDeclined'. 696 697 This value is accumulated from the last reboot of 698 the firewall. 699 " 700 ::= { cufwConnSummaryEntry 3 } 701 702cufwConnNumPolicyDeclined OBJECT-TYPE 703 SYNTAX Counter64 704 UNITS "Connections" 705 MAX-ACCESS read-only 706 STATUS current 707 DESCRIPTION 708 "The number of connection attempts that were declined 709 due to security policy, corresponding to the protocol 710 denoted by 'cufwConnProtocol'. 711 712 This value is accumulated from the last reboot of 713 the firewall. 714 " 715 ::= { cufwConnSummaryEntry 4 } 716 717cufwConnNumResDeclined OBJECT-TYPE 718 SYNTAX Counter64 719 UNITS "Connections" 720 MAX-ACCESS read-only 721 STATUS current 722 DESCRIPTION 723 "The number of connection attempts that were declined 724 due to resource unavailability, corresponding to the 725 protocol denoted by 'cufwConnProtocol'. 726 727 This value is accumulated from the last reboot of 728 the firewall. 729 " 730 ::= { cufwConnSummaryEntry 5 } 731 732cufwConnNumHalfOpen OBJECT-TYPE 733 SYNTAX Gauge32 734 UNITS "Connections" 735 MAX-ACCESS read-only 736 STATUS current 737 DESCRIPTION 738 "The number of connections that are currently in the 739 process of being established, corresponding to the 740 protocol denoted by 'cufwConnProtocol'. 741 " 742 ::= { cufwConnSummaryEntry 6 } 743 744cufwConnNumActive OBJECT-TYPE 745 SYNTAX Gauge32 746 UNITS "Connections" 747 MAX-ACCESS read-only 748 STATUS current 749 DESCRIPTION 750 "The number of connections that are currently active, 751 corresponding to the protocol denoted by 752 'cufwConnProtocol'. 753 " 754 ::= { cufwConnSummaryEntry 7 } 755 756cufwConnNumAborted OBJECT-TYPE 757 SYNTAX Counter64 758 UNITS "Connections" 759 MAX-ACCESS read-only 760 STATUS current 761 DESCRIPTION 762 "The number of connections that were abnormally 763 terminated after successful establishment, 764 corresponding to the protocol denoted by 765 'cufwConnProtocol'. 766 767 This value is accumulated from the last reboot of 768 the firewall. 769 " 770 ::= { cufwConnSummaryEntry 8 } 771 772cufwConnSetupRate1 OBJECT-TYPE 773 SYNTAX Gauge32 774 UNITS "Connections Per Second" 775 MAX-ACCESS read-only 776 STATUS current 777 DESCRIPTION 778 "The connection setup rate averaged over the last 779 60 seconds corresponding to the protocol denoted by 780 'cufwConnProtocol'. 781 " 782 ::= { cufwConnSummaryEntry 9 } 783 784cufwConnSetupRate5 OBJECT-TYPE 785 SYNTAX Gauge32 786 UNITS "Connections Per Second" 787 MAX-ACCESS read-only 788 STATUS current 789 DESCRIPTION 790 "The connection setup rate averaged over the last 791 300 seconds corresponding to the protocol denoted by 792 'cufwConnProtocol'. 793 " 794 ::= { cufwConnSummaryEntry 10 } 795 796-- Layer 7 protocol based connection summary 797 798cufwAppConnSummaryTable OBJECT-TYPE 799 SYNTAX SEQUENCE OF CufwAppConnSummaryEntry 800 MAX-ACCESS not-accessible 801 STATUS current 802 DESCRIPTION 803 "This table lists the summary of firewall 804 connections pertaining to Layer 7 protocols, 805 catalogued by distinct application protocols. 806 807 Each entry in the table lists the connection 808 summary corresponding to a distinct application 809 protocol. 810 811 For instance, to obtain the connection summary 812 for SMTP on the firewall since the last reboot 813 of the device, use the conceptual row 814 corresponding to 815 816 cufwAppConnProtocol = fwApSmtp 817 " 818 ::= { cuFwConnectionSummaryTables 2 } 819 820cufwAppConnSummaryEntry OBJECT-TYPE 821 SYNTAX CufwAppConnSummaryEntry 822 MAX-ACCESS not-accessible 823 STATUS current 824 DESCRIPTION 825 "Each entry contains the summary of connection 826 activity for a distinct layer 7 protocol identified 827 by the index element 'cufwAppConnProtocol'. 828 " 829 INDEX { 830 cufwAppConnProtocol 831 } 832 ::= { cufwAppConnSummaryTable 1 } 833 834CufwAppConnSummaryEntry ::= SEQUENCE { 835 cufwAppConnProtocol CFWApplicationProtocol, 836 cufwAppConnNumAttempted Counter64, 837 cufwAppConnNumSetupsAborted Counter64, 838 cufwAppConnNumPolicyDeclined Counter64, 839 cufwAppConnNumResDeclined Counter64, 840 cufwAppConnNumHalfOpen Gauge32, 841 cufwAppConnNumActive Gauge32, 842 cufwAppConnNumAborted Counter64, 843 cufwAppConnSetupRate1 Gauge32, 844 cufwAppConnSetupRate5 Gauge32 845} 846 847cufwAppConnProtocol OBJECT-TYPE 848 SYNTAX CFWApplicationProtocol 849 MAX-ACCESS not-accessible 850 STATUS current 851 DESCRIPTION 852 "The layer7 protocol for which this conceptual 853 row summarizes the connection activity for this 854 firewall. 855 " 856 ::= { cufwAppConnSummaryEntry 1 } 857 858cufwAppConnNumAttempted OBJECT-TYPE 859 SYNTAX Counter64 860 UNITS "Connections" 861 MAX-ACCESS read-only 862 STATUS current 863 DESCRIPTION 864 "The number of connections attempted since the last 865 reboot of the firewall, corresponding to the protocol 866 denoted by 'cufwAppConnProtocol'. 867 868 This value is accumulated from the last reboot of 869 the firewall subject to the control exercised by 870 cufwConnReptAppStats. 871 " 872 ::= { cufwAppConnSummaryEntry 2 } 873 874cufwAppConnNumSetupsAborted OBJECT-TYPE 875 SYNTAX Counter64 876 UNITS "Connections" 877 MAX-ACCESS read-only 878 STATUS current 879 DESCRIPTION 880 "The number of connection setup attempts, 881 corresponding to the protocol denoted by 882 'cufwAppConnProtocol', that were aborted before 883 the connection could proceed to completion. The 884 counter includes setup attempts aborted by the 885 firewall as well as those aborted by the initiator 886 and/or the responder(s) of/to the connection setup 887 attempt. 888 889 Consequently, this value subsumes the values of 890 objects 'cufwAppConnNumPolicyDeclined' and 891 'cufwAppConnNumResDeclined'. 892 893 This value is accumulated from the last reboot of 894 the firewall subject to the control exercised by 895 cufwConnReptAppStats. 896 " 897 ::= { cufwAppConnSummaryEntry 3 } 898 899cufwAppConnNumPolicyDeclined OBJECT-TYPE 900 SYNTAX Counter64 901 UNITS "Connections" 902 MAX-ACCESS read-only 903 STATUS current 904 DESCRIPTION 905 "The number of connection attempts that were declined 906 due to security policy, corresponding to the protocol 907 denoted by 'cufwAppConnProtocol'. 908 909 This value is accumulated from the last reboot of 910 the firewall subject to the control exercised by 911 cufwConnReptAppStats. 912 " 913 ::= { cufwAppConnSummaryEntry 4 } 914 915cufwAppConnNumResDeclined OBJECT-TYPE 916 SYNTAX Counter64 917 UNITS "Connections" 918 MAX-ACCESS read-only 919 STATUS current 920 DESCRIPTION 921 "The number of connection attempts that were declined 922 due to resource unavailability, corresponding to the 923 protocol denoted by 'cufwAppConnProtocol'. 924 925 This value is accumulated from the last reboot of 926 the firewall subject to the control exercised by 927 cufwConnReptAppStats. 928 " 929 ::= { cufwAppConnSummaryEntry 5 } 930 931cufwAppConnNumHalfOpen OBJECT-TYPE 932 SYNTAX Gauge32 933 UNITS "Connections" 934 MAX-ACCESS read-only 935 STATUS current 936 DESCRIPTION 937 "The number of connections that are currently in the 938 process of being established, corresponding to the 939 protocol denoted by 'cufwAppConnProtocol'. 940 " 941 ::= { cufwAppConnSummaryEntry 6 } 942 943cufwAppConnNumActive OBJECT-TYPE 944 SYNTAX Gauge32 945 UNITS "Connections" 946 MAX-ACCESS read-only 947 STATUS current 948 DESCRIPTION 949 "The number of connections that are currently active, 950 corresponding to the protocol denoted by 951 'cufwAppConnProtocol'. 952 " 953 ::= { cufwAppConnSummaryEntry 7 } 954 955cufwAppConnNumAborted OBJECT-TYPE 956 SYNTAX Counter64 957 UNITS "Connections" 958 MAX-ACCESS read-only 959 STATUS current 960 DESCRIPTION 961 "The number of connections that were terminated by the 962 firewall successful establishment, corresponding 963 to the protocol denoted by 'cufwAppConnProtocol'. 964 965 This value is accumulated from the last reboot of 966 the firewall subject to the control exercised by 967 cufwConnReptAppStats. 968 " 969 ::= { cufwAppConnSummaryEntry 8 } 970 971cufwAppConnSetupRate1 OBJECT-TYPE 972 SYNTAX Gauge32 973 UNITS "Connections Per Second" 974 MAX-ACCESS read-only 975 STATUS current 976 DESCRIPTION 977 "The connection setup rate averaged over the last 978 60 seconds corresponding to the protocol denoted by 979 'cufwAppConnProtocol'. 980 " 981 ::= { cufwAppConnSummaryEntry 9 } 982 983cufwAppConnSetupRate5 OBJECT-TYPE 984 SYNTAX Gauge32 985 UNITS "Connections Per Second" 986 MAX-ACCESS read-only 987 STATUS current 988 DESCRIPTION 989 "The connection setup rate averaged over the last 990 300 seconds corresponding to the protocol denoted by 991 'cufwAppConnProtocol'. 992 " 993 ::= { cufwAppConnSummaryEntry 10 } 994 995-- Connection Activity: Policy-based summary 996 997cufwPolicyConnSummaryTable OBJECT-TYPE 998 SYNTAX SEQUENCE OF CufwPolicyConnSummaryEntry 999 MAX-ACCESS not-accessible 1000 STATUS current 1001 DESCRIPTION 1002 "This table lists the summary of firewall 1003 connections for layer3-layer 4 protocols catalogued 1004 on a per policy basis. 1005 1006 Each entry in the table lists the connection summary of 1007 a distinct network protocol, configured on the specified 1008 policy on the firewall, and pertaining to a specified 1009 target to which the policy is currently applied. 1010 1011 If a policy is bound to a target, it would have one 1012 or more entries in this table. If the policy is 1013 detached from the target, all entries corresponding 1014 to the association between the policy and the target 1015 are elminated from this table. 1016 1017 Although the information is indexed by policy targets 1018 as well, one may aggregate the connection summary for 1019 a specific policy across all the target to which the 1020 policy is currently applied by setting 1021 1022 cufwConnPolicyTargetType = 'targetAll' 1023 " 1024 ::= { cuFwConnectionSummaryTables 3 } 1025 1026cufwPolicyConnSummaryEntry OBJECT-TYPE 1027 SYNTAX CufwPolicyConnSummaryEntry 1028 MAX-ACCESS not-accessible 1029 STATUS current 1030 DESCRIPTION 1031 "Each entry contains the summary of connection 1032 activity for a specific protocol in a specific 1033 policy applied to the specified policy target. 1034 " 1035 INDEX { 1036 cufwPolConnPolicy, 1037 cufwPolConnPolicyTargetType, 1038 cufwPolConnPolicyTarget, 1039 cufwPolConnProtocol 1040 } 1041 ::= { cufwPolicyConnSummaryTable 1 } 1042 1043CufwPolicyConnSummaryEntry ::= SEQUENCE { 1044 cufwPolConnPolicy CFWPolicy, 1045 cufwPolConnPolicyTargetType CFWPolicyTargetType, 1046 cufwPolConnPolicyTarget CFWPolicyTarget, 1047 cufwPolConnProtocol CFWNetworkProtocol, 1048 cufwPolConnNumAttempted Counter64, 1049 cufwPolConnNumSetupsAborted Counter64, 1050 cufwPolConnNumPolicyDeclined Counter64, 1051 cufwPolConnNumResDeclined Counter64, 1052 cufwPolConnNumHalfOpen Gauge32, 1053 cufwPolConnNumActive Gauge32, 1054 cufwPolConnNumAborted Counter64 1055} 1056 1057cufwPolConnPolicy OBJECT-TYPE 1058 SYNTAX CFWPolicy 1059 MAX-ACCESS not-accessible 1060 STATUS current 1061 DESCRIPTION 1062 "The identity of the firewall policy for which 1063 this conceptual row contains the connection 1064 activity summary. 1065 " 1066 ::= { cufwPolicyConnSummaryEntry 1 } 1067 1068 1069cufwPolConnPolicyTargetType OBJECT-TYPE 1070 SYNTAX CFWPolicyTargetType 1071 MAX-ACCESS not-accessible 1072 STATUS current 1073 DESCRIPTION 1074 "The type of the entity to which the firewall policy 1075 'cufwPolConnPolicy' has been applied. This could be 1076 an interface type (most commonly), the type of another 1077 object or a group of objects defined in the firewall 1078 configuration. 1079 1080 When this object is set to 'targetALL', the value of 1081 index object cufwConnPolicyTarget is ignored. 1082 " 1083 ::= { cufwPolicyConnSummaryEntry 2 } 1084 1085cufwPolConnPolicyTarget OBJECT-TYPE 1086 SYNTAX CFWPolicyTarget (SIZE(0..128)) 1087 MAX-ACCESS not-accessible 1088 STATUS current 1089 DESCRIPTION 1090 "The identity of the entity to which the firewall 1091 policy 'cufwPolConnPolicy' is applied. This could be an 1092 interface object (most commonly), another object or 1093 group of objects defined in the firewall configuration. 1094 " 1095 ::= { cufwPolicyConnSummaryEntry 3 } 1096 1097cufwPolConnProtocol OBJECT-TYPE 1098 SYNTAX CFWNetworkProtocol 1099 MAX-ACCESS not-accessible 1100 STATUS current 1101 DESCRIPTION 1102 "The (L3-L4) protocol corresponding to which this 1103 conceptual row summarizes the connection activity 1104 on the firewall. 1105 " 1106 ::= { cufwPolicyConnSummaryEntry 4 } 1107 1108cufwPolConnNumAttempted OBJECT-TYPE 1109 SYNTAX Counter64 1110 UNITS "Connections" 1111 MAX-ACCESS read-only 1112 STATUS current 1113 DESCRIPTION 1114 "The number of connections attempted since the last 1115 reboot of the firewall, corresponding to the protocol 1116 denoted by 'cufwPolConnProtocol', in the policy 1117 'cufwPolConnPolicy' applied to the entity identified 1118 by 'cufwPolConnPolicyTarget'. 1119 " 1120 ::= { cufwPolicyConnSummaryEntry 5 } 1121 1122cufwPolConnNumSetupsAborted OBJECT-TYPE 1123 SYNTAX Counter64 1124 UNITS "Connections" 1125 MAX-ACCESS read-only 1126 STATUS current 1127 DESCRIPTION 1128 "The number of connection setup attempts, 1129 corresponding to the protocol denoted by 1130 'cufwPolConnProtocol', associated with the policy 1131 'cufwPolConnPolicy' applied to the entity 1132 identified by 'cufwPolConnPolicyTarget', 1133 that were aborted before the connection could 1134 proceed to completion. The counter includes 1135 setup attempts aborted by the firewall as well 1136 as those aborted by the initiator and/or the 1137 responder(s) of/to the connection setup attempt. 1138 1139 Consequently, this value subsumes the values of 1140 objects 'cufwPolConnNumPolicyDeclined' and 1141 'cufwPolConnNumResDeclined'. 1142 " 1143 ::= { cufwPolicyConnSummaryEntry 6 } 1144 1145cufwPolConnNumPolicyDeclined OBJECT-TYPE 1146 SYNTAX Counter64 1147 UNITS "Connections" 1148 MAX-ACCESS read-only 1149 STATUS current 1150 DESCRIPTION 1151 "The number of connection attempts that were declined 1152 due to security policy, corresponding to the protocol 1153 denoted by 'cufwPolConnProtocol', in the policy 1154 'cufwPolConnPolicy' applied to the entity identified by 1155 'cufwPolConnPolicyTarget'. 1156 " 1157 ::= { cufwPolicyConnSummaryEntry 7 } 1158 1159cufwPolConnNumResDeclined OBJECT-TYPE 1160 SYNTAX Counter64 1161 UNITS "Connections" 1162 MAX-ACCESS read-only 1163 STATUS current 1164 DESCRIPTION 1165 "The number of connection attempts that were declined 1166 due to resource unavailability, corresponding to the 1167 protocol denoted by 'cufwPolConnProtocol', in the policy 1168 'cufwPolConnPolicy' applied to the entity identified by 1169 'cufwPolConnPolicyTarget'. 1170 " 1171 ::= { cufwPolicyConnSummaryEntry 8 } 1172 1173cufwPolConnNumHalfOpen OBJECT-TYPE 1174 SYNTAX Gauge32 1175 UNITS "Connections" 1176 MAX-ACCESS read-only 1177 STATUS current 1178 DESCRIPTION 1179 "The number of connections that are currently in the 1180 process of being established, corresponding to the 1181 protocol denoted by 'cufwPolConnProtocol', in the 1182 policy 'cufwPolConnPolicy' applied to the entity 1183 identified by 'cufwPolConnPolicyTarget'. 1184 " 1185 ::= { cufwPolicyConnSummaryEntry 9 } 1186 1187cufwPolConnNumActive OBJECT-TYPE 1188 SYNTAX Gauge32 1189 UNITS "Connections" 1190 MAX-ACCESS read-only 1191 STATUS current 1192 DESCRIPTION 1193 "The number of connections that are currently active, 1194 corresponding to the protocol denoted by 1195 'cufwPolConnProtocol', in the policy 1196 'cufwPolConnPolicy' applied to the entity identified 1197 by 'cufwPolConnPolicyTarget'. 1198 " 1199 ::= { cufwPolicyConnSummaryEntry 10 } 1200 1201cufwPolConnNumAborted OBJECT-TYPE 1202 SYNTAX Counter64 1203 UNITS "Connections" 1204 MAX-ACCESS read-only 1205 STATUS current 1206 DESCRIPTION 1207 "The number of connections that were abnormally 1208 terminated after successful establishment, corresponding 1209 to the protocol denoted by 'cufwPolConnProtocol', 1210 in the policy 'cufwPolConnPolicy' applied to the entity 1211 identified by 'cufwPolConnPolicyTarget'. 1212 " 1213 ::= { cufwPolicyConnSummaryEntry 11 } 1214 1215-- Layer 7 protocol policy based connection summary 1216 1217cufwPolicyAppConnSummaryTable OBJECT-TYPE 1218 SYNTAX SEQUENCE OF CufwPolicyAppConnSummaryEntry 1219 MAX-ACCESS not-accessible 1220 STATUS current 1221 DESCRIPTION 1222 "This table lists the summary of firewall 1223 connections pertaining to Layer 7 protocols, 1224 catalogued on a per policy basis 1225 1226 Each entry in the table lists the connection 1227 summary of a distinct application protocol, 1228 configured on the specified policy on the firewall, 1229 and pertaining to a specified target to which the 1230 policy has been applied. 1231 1232 If a policy is bound to a target, it would have one 1233 or more entries in this table. If the policy is 1234 detached from the target, all entries corresponding 1235 to the association between the policy and the target 1236 are elminated from this table. 1237 1238 Although the information is indexed by policy targets 1239 as well, one may aggregate the connection summary for 1240 a specific policy across all the target to which the 1241 policy is currently applied by setting 1242 1243 cufwAppConnPolicyTargetType = 'targetALL' 1244 " 1245 ::= { cuFwConnectionSummaryTables 4 } 1246 1247cufwPolicyAppConnSummaryEntry OBJECT-TYPE 1248 SYNTAX CufwPolicyAppConnSummaryEntry 1249 MAX-ACCESS not-accessible 1250 STATUS current 1251 DESCRIPTION 1252 "Each entry contains the summary of connection 1253 activity for a specific layer 7 protocol in a 1254 specific policy applied to the specified policy 1255 target. 1256 " 1257 INDEX { 1258 cufwPolAppConnPolicy, 1259 cufwPolAppConnPolicyTargetType, 1260 cufwPolAppConnPolicyTarget, 1261 cufwPolAppConnProtocol 1262 } 1263 ::= { cufwPolicyAppConnSummaryTable 1 } 1264 1265CufwPolicyAppConnSummaryEntry ::= SEQUENCE { 1266 cufwPolAppConnPolicy CFWPolicy, 1267 cufwPolAppConnPolicyTargetType CFWPolicyTargetType, 1268 cufwPolAppConnPolicyTarget CFWPolicyTarget, 1269 cufwPolAppConnProtocol CFWApplicationProtocol, 1270 cufwPolAppConnNumAttempted Counter64, 1271 cufwPolAppConnNumSetupsAborted Counter64, 1272 cufwPolAppConnNumPolicyDeclined Counter64, 1273 cufwPolAppConnNumResDeclined Counter64, 1274 cufwPolAppConnNumHalfOpen Gauge32, 1275 cufwPolAppConnNumActive Gauge32, 1276 cufwPolAppConnNumAborted Counter64 1277} 1278 1279cufwPolAppConnPolicy OBJECT-TYPE 1280 SYNTAX CFWPolicy 1281 MAX-ACCESS not-accessible 1282 STATUS current 1283 DESCRIPTION 1284 "The identity of the firewall policy for which 1285 this conceptual row contains the connection 1286 activity summary. 1287 " 1288 ::= { cufwPolicyAppConnSummaryEntry 1 } 1289 1290cufwPolAppConnPolicyTargetType OBJECT-TYPE 1291 SYNTAX CFWPolicyTargetType 1292 MAX-ACCESS not-accessible 1293 STATUS current 1294 DESCRIPTION 1295 "The type of the entity to which the firewall policy 1296 'cufwPolAppConnPolicy' has been applied. This could be 1297 an interface type (most commonly), the type of another 1298 object or a group of objects defined in the firewall 1299 configuration. 1300 1301 When this object is set to 'targetALL', the value of 1302 index object cufwAppConnPolicyTarget is ignored. 1303 " 1304 ::= { cufwPolicyAppConnSummaryEntry 2 } 1305 1306cufwPolAppConnPolicyTarget OBJECT-TYPE 1307 SYNTAX CFWPolicyTarget (SIZE(0..128)) 1308 MAX-ACCESS not-accessible 1309 STATUS current 1310 DESCRIPTION 1311 "The identity of the entity to which the firewall 1312 policy 'cufwPolAppProtocol' refers. This could be an 1313 interface object (most commonly), another object or 1314 group of objects defined in the firewall configuration. 1315 " 1316 ::= { cufwPolicyAppConnSummaryEntry 3 } 1317 1318cufwPolAppConnProtocol OBJECT-TYPE 1319 SYNTAX CFWApplicationProtocol 1320 MAX-ACCESS not-accessible 1321 STATUS current 1322 DESCRIPTION 1323 "The layer7 protocol for which this conceptual 1324 row summarizes the connection activity for this 1325 firewall. 1326 " 1327 ::= { cufwPolicyAppConnSummaryEntry 4 } 1328 1329cufwPolAppConnNumAttempted OBJECT-TYPE 1330 SYNTAX Counter64 1331 UNITS "Connections" 1332 MAX-ACCESS read-only 1333 STATUS current 1334 DESCRIPTION 1335 "The number of connections attempted since the last 1336 reboot of the firewall, corresponding to the protocol 1337 denoted by 'cufwPolAppConnProtocol', in the policy 1338 'cufwPolAppConnPolicy' applied to the entity identified 1339 by 'cufwPolAppConnPolicyTarget'. 1340 1341 This value is accumulated from the last reboot of 1342 the firewall subject to the control exercised by 1343 cufwConnReptAppStats. 1344 " 1345 ::= { cufwPolicyAppConnSummaryEntry 5 } 1346 1347cufwPolAppConnNumSetupsAborted OBJECT-TYPE 1348 SYNTAX Counter64 1349 UNITS "Connections" 1350 MAX-ACCESS read-only 1351 STATUS current 1352 DESCRIPTION 1353 "The number of connection setup attempts, 1354 corresponding to the protocol denoted by 1355 'cufwPolAppConnProtocol', associated with the policy 1356 'cufwPolAppConnPolicy' applied to the entity 1357 identified by 'cufwPolAppConnPolicyTarget', 1358 that were aborted before the connections could 1359 proceed to completion. The counter includes setup 1360 attempts aborted by the firewall as well as those 1361 aborted by the initiator and/or the responder(s) 1362 of/to the connection setup attempt. 1363 1364 Consequently, this value subsumes the values of 1365 objects 'cufwPolAppConnNumPolicyDeclined' and 1366 'cufwPolAppConnNumResDeclined'. 1367 1368 This value is accumulated from the last reboot of 1369 the firewall subject to the control exercised by 1370 cufwConnReptAppStats. 1371 " 1372 ::= { cufwPolicyAppConnSummaryEntry 6 } 1373 1374cufwPolAppConnNumPolicyDeclined OBJECT-TYPE 1375 SYNTAX Counter64 1376 UNITS "Connections" 1377 MAX-ACCESS read-only 1378 STATUS current 1379 DESCRIPTION 1380 "The number of connection attempts that were declined 1381 due to security policy, corresponding to the protocol 1382 denoted by 'cufwPolAppConnProtocol', in the policy 1383 'cufwPolAppConnPolicy' applied to the entity identified 1384 by 'cufwPolAppConnPolicyTarget'. 1385 1386 This value is accumulated from the last reboot of 1387 the firewall subject to the control exercised by 1388 cufwConnReptAppStats. 1389 " 1390 ::= { cufwPolicyAppConnSummaryEntry 7 } 1391 1392cufwPolAppConnNumResDeclined OBJECT-TYPE 1393 SYNTAX Counter64 1394 UNITS "Connections" 1395 MAX-ACCESS read-only 1396 STATUS current 1397 DESCRIPTION 1398 "The number of connection attempts that were declined 1399 due to resource unavailability, corresponding to the 1400 protocol denoted by 'cufwPolAppConnProtocol', in the 1401 policy 'cufwPolAppConnPolicy' applied to the entity 1402 identified by 'cufwPolAppConnPolicyTarget'. 1403 1404 This value is accumulated from the last reboot of 1405 the firewall subject to the control exercised by 1406 cufwConnReptAppStats. 1407 " 1408 ::= { cufwPolicyAppConnSummaryEntry 8 } 1409 1410cufwPolAppConnNumHalfOpen OBJECT-TYPE 1411 SYNTAX Gauge32 1412 UNITS "Connections" 1413 MAX-ACCESS read-only 1414 STATUS current 1415 DESCRIPTION 1416 "The number of connections that are currently in the 1417 process of being established, corresponding to the 1418 protocol 1419 denoted by 'cufwPolAppConnProtocol', in the policy 1420 'cufwPolAppConnPolicy' applied to the entity identified 1421 by 'cufwPolAppConnPolicyTarget'. 1422 " 1423 ::= { cufwPolicyAppConnSummaryEntry 9 } 1424 1425cufwPolAppConnNumActive OBJECT-TYPE 1426 SYNTAX Gauge32 1427 UNITS "Connections" 1428 MAX-ACCESS read-only 1429 STATUS current 1430 DESCRIPTION 1431 "The number of connections that are currently active, 1432 corresponding to the protocol denoted by 1433 'cufwPolAppConnProtocol', in the policy 1434 'cufwPolAppConnPolicy' applied to the entity identified 1435 by 'cufwPolAppConnPolicyTarget'. 1436 " 1437 ::= { cufwPolicyAppConnSummaryEntry 10 } 1438 1439cufwPolAppConnNumAborted OBJECT-TYPE 1440 SYNTAX Counter64 1441 UNITS "Connections" 1442 MAX-ACCESS read-only 1443 STATUS current 1444 DESCRIPTION 1445 "The number of connections that were abnormally 1446 terminated after successful establishment, corresponding 1447 to the protocol denoted by 'cufwPolAppConnProtocol', in 1448 the policy 'cufwPolAppConnPolicy' applied to the entity 1449 identified by 'cufwPolAppConnPolicyTarget'. 1450 " 1451 ::= { cufwPolicyAppConnSummaryEntry 11 } 1452 1453-- Application Inspection Group 1454 1455cufwAIAuditTrailEnabled OBJECT-TYPE 1456 SYNTAX TruthValue 1457 MAX-ACCESS read-write 1458 STATUS current 1459 DESCRIPTION 1460 "The value identifies if audit trail in application 1461 inspection has been globally enabled or disabled. 1462 " 1463 ::= { cuFwApplInspectionGrp 1 } 1464 1465cufwAIAlertEnabled OBJECT-TYPE 1466 SYNTAX TruthValue 1467 MAX-ACCESS read-write 1468 STATUS current 1469 DESCRIPTION 1470 "The value identifies if application inspection alerts 1471 have been globally enabled or disabled. 1472 " 1473 ::= { cuFwApplInspectionGrp 2 } 1474 1475-- Application Inspection configuration table 1476 1477cufwInspectionTable OBJECT-TYPE 1478 SYNTAX SEQUENCE OF CufwInspectionEntry 1479 MAX-ACCESS not-accessible 1480 STATUS current 1481 DESCRIPTION 1482 "This table identifies if an application protocol has 1483 been configured for inspection and if so, the name of 1484 the firewall policy or the inspection configuration 1485 that configures the specified protocol for inspection. 1486 The table also identifies if the specified protocol is 1487 actively being inspected. 1488 1489 This table may be used by an administrator to quickly 1490 identify if a protocol is being subjected to application 1491 inspection by the managed firewall. 1492 " 1493 ::= { cuFwApplInspectionGrp 3 } 1494 1495cufwInspectionEntry OBJECT-TYPE 1496 SYNTAX CufwInspectionEntry 1497 MAX-ACCESS not-accessible 1498 STATUS current 1499 DESCRIPTION 1500 "Each entry contains the configuration of 1501 a specific application inspection element. 1502 " 1503 INDEX { 1504 cufwInspectionPolicyName, 1505 cufwInspectionProtocol 1506 } 1507 ::= { cufwInspectionTable 1 } 1508 1509CufwInspectionEntry ::= SEQUENCE { 1510 cufwInspectionPolicyName CFWPolicy, 1511 cufwInspectionProtocol CFWApplicationProtocol, 1512 cufwInspectionStatus TruthValue 1513} 1514 1515cufwInspectionPolicyName OBJECT-TYPE 1516 SYNTAX CFWPolicy (SIZE(0..128)) 1517 MAX-ACCESS not-accessible 1518 STATUS current 1519 DESCRIPTION 1520 "The name of the policy that configures the device 1521 inspect the protocol specified by 1522 'cufwInspectionProtocol'. 1523 " 1524 ::= { cufwInspectionEntry 1 } 1525 1526 1527cufwInspectionProtocol OBJECT-TYPE 1528 SYNTAX CFWApplicationProtocol 1529 MAX-ACCESS not-accessible 1530 STATUS current 1531 DESCRIPTION 1532 "The application protocol that is configured for 1533 inspection. 1534 " 1535 ::= { cufwInspectionEntry 2 } 1536 1537cufwInspectionStatus OBJECT-TYPE 1538 SYNTAX TruthValue 1539 MAX-ACCESS read-only 1540 STATUS current 1541 DESCRIPTION 1542 "This MIB object identifies if the directive to inspect 1543 the protocol specified by 'cufwInspectionProtocol' by 1544 the policy corresponding to this conceptual row is 1545 enabled or disabled. 1546 " 1547 ::= { cufwInspectionEntry 3 } 1548 1549-- URL Filter group 1550 1551cufwUrlFilterGlobals OBJECT IDENTIFIER ::= { cuFwUrlFilterGrp 1 } 1552cufwUrlFilterResourceUsage OBJECT IDENTIFIER ::= { cuFwUrlFilterGrp 2 } 1553cufwUrlFilterServers OBJECT IDENTIFIER ::= { cuFwUrlFilterGrp 3 } 1554 1555-- URL Filter global group 1556 1557cufwUrlfFunctionEnabled OBJECT-TYPE 1558 SYNTAX TruthValue 1559 MAX-ACCESS read-write 1560 STATUS current 1561 DESCRIPTION 1562 " 1563 URL Filtering Operation 1564 1565 _________ 1566 2.2 Request | | 1567 |---------->| Server | 1568 | | | 1569 _________ __|_ |_________| 1570 | |<--(5. Response )---| | 3. Response | 1571 | | | |<-------------| 1572 | Client |---(1. Request )--->|FW | 1573 |_________| |____|<--------------| 1574 | 4. URLF Resp ____|______ 1575 | | | 1576 |------------>|URLF Server| 1577 2.1 URLF Req |___________| 1578 1579 1) Client sends a Request containing a URL to the Server 1580 1581 2.1) FW extracts the URL from the Request and sends it to 1582 URL Filtering Server (or Verifies the URL locally) 1583 1584 2.2) FW also forwards the original Request from the Client to 1585 the Server 1586 1587 3) Any Responses from the Server received before receiving 1588 a response from URLF Server are cached by the FW 1589 1590 4) URLF Response indicates whether the URL access should be 1591 allowed or denied 1592 1593 5) If the URLF Response allows the URL, FW forwards the 1594 URL Access responses from the Server to the Client 1595 1596 6) If the URLF Response indicates that the URL access should be 1597 denied, FW drops all the cached URL responses and forces the 1598 connection between the Client and the Server to be terminated 1599 1600 Specifically, the object cufwUrlfFunctionEnabled 1601 indicates if the URL filtering function 1602 is enabled. 1603 1604 When this MIB object contains the value 'false', 1605 the firewall device will not perform URL filtering 1606 function, even if it contains configuration pertaining 1607 to other aspects of URL filtering. 1608 " 1609 ::= { cufwUrlFilterGlobals 1 } 1610 1611cufwUrlfRequestsNumProcessed OBJECT-TYPE 1612 SYNTAX Counter64 1613 UNITS "Requests" 1614 MAX-ACCESS read-only 1615 STATUS current 1616 DESCRIPTION 1617 "The number of URL access requests processed by 1618 this firewall. 1619 1620 This value is accumulated from the last reboot of 1621 the firewall. 1622 " 1623 ::= { cufwUrlFilterGlobals 2 } 1624 1625cufwUrlfRequestsProcRate1 OBJECT-TYPE 1626 SYNTAX Gauge32 1627 UNITS "Requests per second" 1628 MAX-ACCESS read-only 1629 STATUS current 1630 DESCRIPTION 1631 "The number of URL access requests processed per 1632 seconds by this firewall averaged over the last 60 1633 seconds. 1634 " 1635 ::= { cufwUrlFilterGlobals 3 } 1636 1637cufwUrlfRequestsProcRate5 OBJECT-TYPE 1638 SYNTAX Gauge32 1639 UNITS "Requests per second" 1640 MAX-ACCESS read-only 1641 STATUS current 1642 DESCRIPTION 1643 "The number of URL access requests processed per second 1644 by this firewall averaged over the last 300 seconds. 1645 " 1646 ::= { cufwUrlFilterGlobals 4 } 1647 1648cufwUrlfRequestsNumAllowed OBJECT-TYPE 1649 SYNTAX Counter64 1650 UNITS "Requests" 1651 MAX-ACCESS read-only 1652 STATUS current 1653 DESCRIPTION 1654 "The number of URL access requests allowed by 1655 this firewall, due to a directive from a URL 1656 filtering server or a static policy configured on 1657 the firewall. 1658 1659 This value is accumulated from the last reboot of the 1660 firewall. 1661 " 1662 ::= { cufwUrlFilterGlobals 5 } 1663 1664cufwUrlfRequestsNumDenied OBJECT-TYPE 1665 SYNTAX Counter64 1666 UNITS "Requests" 1667 MAX-ACCESS read-only 1668 STATUS current 1669 DESCRIPTION 1670 "The number of URL access requests declined by 1671 this firewall, due to a directive from a URL 1672 filtering server, a static policy configured on 1673 the firewall, due to resource constraints or 1674 any other reason. 1675 1676 This value is accumulated from the last reboot of 1677 the firewall. 1678 " 1679 ::= { cufwUrlFilterGlobals 6 } 1680 1681cufwUrlfRequestsDeniedRate1 OBJECT-TYPE 1682 SYNTAX Gauge32 1683 UNITS "Requests per second" 1684 MAX-ACCESS read-only 1685 STATUS current 1686 DESCRIPTION 1687 "The rate at which URL access requests were denied 1688 by this firewall, due to a directive from a URL 1689 filtering server, a static policy configured on 1690 the firewall, due to resource constraints or 1691 any other reason, averaged over the last 60 seconds. 1692 " 1693 ::= { cufwUrlFilterGlobals 7 } 1694 1695cufwUrlfRequestsDeniedRate5 OBJECT-TYPE 1696 SYNTAX Gauge32 1697 UNITS "Requests Per Second" 1698 MAX-ACCESS read-only 1699 STATUS current 1700 DESCRIPTION 1701 "The rate at which URL access requests were denied 1702 by this firewall, due to a directive from a URL 1703 filtering server, a static policy configured on 1704 the firewall, due to resource constraints or 1705 any other reason, averaged over the last 300 seconds. 1706 " 1707 ::= { cufwUrlFilterGlobals 8 } 1708 1709cufwUrlfRequestsNumCacheAllowed OBJECT-TYPE 1710 SYNTAX Counter64 1711 UNITS "Requests" 1712 MAX-ACCESS read-only 1713 STATUS current 1714 DESCRIPTION 1715 "The number of URL access requests allowed by 1716 the firewall because of a cached entry holding the 1717 result from a previous URL access request that was 1718 handled either by a URLF Server or exclusive domain 1719 configuration. 1720 1721 This value is accumulated from the last reboot of the 1722 firewall. 1723 " 1724 ::= { cufwUrlFilterGlobals 9 } 1725 1726cufwUrlfRequestsNumCacheDenied OBJECT-TYPE 1727 SYNTAX Counter64 1728 UNITS "Requests" 1729 MAX-ACCESS read-only 1730 STATUS current 1731 DESCRIPTION 1732 "The number of URL access requests denied by 1733 the firewall because of a cached entry holding the 1734 result from a previous URL access request that was 1735 handled either by a URLF Server or exclusive domain 1736 configuration. 1737 1738 This value is accumulated from the last reboot of the 1739 firewall. 1740 " 1741 ::= { cufwUrlFilterGlobals 10 } 1742 1743cufwUrlfAllowModeReqNumAllowed OBJECT-TYPE 1744 SYNTAX Counter64 1745 UNITS "Requests" 1746 MAX-ACCESS read-only 1747 STATUS current 1748 DESCRIPTION 1749 "The number of URL access requests that were allowed 1750 by the firewall when the URL filtering server was not 1751 available. 1752 1753 This value is accumulated from the last reboot of the 1754 firewall. 1755 " 1756 ::= { cufwUrlFilterGlobals 11 } 1757 1758cufwUrlfAllowModeReqNumDenied OBJECT-TYPE 1759 SYNTAX Counter64 1760 UNITS "Requests" 1761 MAX-ACCESS read-only 1762 STATUS current 1763 DESCRIPTION 1764 "The number of URL access requests that were declined 1765 by the firewall when the URL filtering server was not 1766 available. 1767 1768 This value is accumulated from the last reboot of the 1769 firewall. 1770 " 1771 ::= { cufwUrlFilterGlobals 12 } 1772 1773cufwUrlfRequestsNumResDropped OBJECT-TYPE 1774 SYNTAX Counter64 1775 UNITS "Requests" 1776 MAX-ACCESS read-only 1777 STATUS current 1778 DESCRIPTION 1779 "The number of incoming URL access requests that 1780 were dropped by the firewall because of resource 1781 constraints. 1782 1783 This value is accumulated from the last reboot of the 1784 firewall. 1785 " 1786 ::= { cufwUrlFilterGlobals 13 } 1787 1788cufwUrlfRequestsResDropRate1 OBJECT-TYPE 1789 SYNTAX Gauge32 1790 UNITS "Requests Per Second" 1791 MAX-ACCESS read-only 1792 STATUS current 1793 DESCRIPTION 1794 "The rate at which incoming URL access requests 1795 were dropped by the firewall because of resource 1796 constraints, averaged over the last 60 seconds. 1797 " 1798 ::= { cufwUrlFilterGlobals 14 } 1799 1800cufwUrlfRequestsResDropRate5 OBJECT-TYPE 1801 SYNTAX Gauge32 1802 UNITS "Requests Per Second" 1803 MAX-ACCESS read-only 1804 STATUS current 1805 DESCRIPTION 1806 "The rate at which incoming URL access requests 1807 were dropped by the firewall because of resource 1808 constraints, averaged over the last 300 seconds. 1809 " 1810 ::= { cufwUrlFilterGlobals 15 } 1811 1812cufwUrlfNumServerTimeouts OBJECT-TYPE 1813 SYNTAX Counter64 1814 MAX-ACCESS read-only 1815 STATUS current 1816 DESCRIPTION 1817 "The number of times the firewall failed to receive 1818 a response from the configured URL filtering servers 1819 for a request to authorize a URL access request. 1820 1821 This is equal to the number of times a firewall removed 1822 a URL access request from the queue of pending requests 1823 because no response was received from the URL filtering 1824 server(s). 1825 1826 This value is accumulated from the last reboot of the 1827 firewall. 1828 " 1829 ::= { cufwUrlFilterGlobals 16 } 1830 1831cufwUrlfNumServerRetries OBJECT-TYPE 1832 SYNTAX Counter64 1833 MAX-ACCESS read-only 1834 STATUS current 1835 DESCRIPTION 1836 "The number of URL access authorization requests 1837 re-sent by the firewall to the URL Filtering Servers 1838 because a response was not received within the 1839 configured time interval. 1840 1841 This value is accumulated from the last reboot of the 1842 firewall. 1843 " 1844 ::= { cufwUrlFilterGlobals 17 } 1845 1846cufwUrlfResponsesNumLate OBJECT-TYPE 1847 SYNTAX Counter64 1848 UNITS "Responses" 1849 MAX-ACCESS read-only 1850 STATUS current 1851 DESCRIPTION 1852 "The number of responses from URL filtering servers 1853 which were received after the original URL access 1854 request was removed from the queue of pending 1855 requests. 1856 1857 This value is accumulated from the last reboot of the 1858 firewall. 1859 " 1860 ::= { cufwUrlFilterGlobals 18 } 1861 1862cufwUrlfUrlAccRespsNumResDropped OBJECT-TYPE 1863 SYNTAX Counter64 1864 UNITS "Responses" 1865 MAX-ACCESS read-only 1866 STATUS current 1867 DESCRIPTION 1868 "The number of transport packets constituting responses 1869 to URL access requests that were dropped by the firewall 1870 due to resource constraints waiting for a response from 1871 the filtering server. 1872 1873 This value is accumulated from the last reboot of the 1874 firewall. 1875 " 1876 ::= { cufwUrlFilterGlobals 19 } 1877 1878-- Resource consumption by URL filtering activity 1879 1880cufwUrlfResTotalRequestCacheSize OBJECT-TYPE 1881 SYNTAX Gauge32 1882 UNITS "KBytes" 1883 MAX-ACCESS read-only 1884 STATUS current 1885 DESCRIPTION 1886 "The amount of memory occupied by all the caches 1887 used in the firewall to cache pending URL access 1888 requests. 1889 " 1890 ::= { cufwUrlFilterResourceUsage 1 } 1891 1892cufwUrlfResTotalRespCacheSize OBJECT-TYPE 1893 SYNTAX Gauge32 1894 UNITS "KBytes" 1895 MAX-ACCESS read-only 1896 STATUS current 1897 DESCRIPTION 1898 "The amount of memory occupied by all the caches 1899 used in the firewall to cache responses for URL 1900 requests received from servers while awaiting a 1901 response from URL filter server. 1902 " 1903 ::= { cufwUrlFilterResourceUsage 2 } 1904 1905-- URL Filter server table 1906 1907cufwUrlfServerTable OBJECT-TYPE 1908 SYNTAX SEQUENCE OF CufwUrlfServerEntry 1909 MAX-ACCESS not-accessible 1910 STATUS current 1911 DESCRIPTION 1912 "This table lists the URL filtering servers 1913 configured on the managed device and their 1914 performance statistics. 1915 1916 This table is not meant as a device to 1917 configure URL filtering servers. 1918 " 1919 ::= { cufwUrlFilterServers 1 } 1920 1921cufwUrlfServerEntry OBJECT-TYPE 1922 SYNTAX CufwUrlfServerEntry 1923 MAX-ACCESS not-accessible 1924 STATUS current 1925 DESCRIPTION 1926 "Each entry contains the configuration of 1927 a specific URL filtering server. 1928 " 1929 INDEX { 1930 cufwUrlfServerAddrType, 1931 cufwUrlfServerAddress, 1932 cufwUrlfServerPort 1933 } 1934 ::= { cufwUrlfServerTable 1 } 1935 1936CufwUrlfServerEntry ::= SEQUENCE { 1937 cufwUrlfServerAddrType InetAddressType, 1938 cufwUrlfServerAddress InetAddress, 1939 cufwUrlfServerPort InetPortNumber, 1940 cufwUrlfServerVendor CFWUrlfVendorId, 1941 cufwUrlfServerStatus CFWUrlServerStatus, 1942 cufwUrlfServerReqsNumProcessed Counter64, 1943 cufwUrlfServerReqsNumAllowed Counter64, 1944 cufwUrlfServerReqsNumDenied Counter64, 1945 cufwUrlfServerNumTimeouts Counter64, 1946 cufwUrlfServerNumRetries Counter64, 1947 cufwUrlfServerRespsNumReceived Counter64, 1948 cufwUrlfServerRespsNumLate Counter64, 1949 cufwUrlfServerAvgRespTime1 Gauge32, 1950 cufwUrlfServerAvgRespTime5 Gauge32 1951} 1952 1953cufwUrlfServerAddrType OBJECT-TYPE 1954 SYNTAX InetAddressType 1955 MAX-ACCESS not-accessible 1956 STATUS current 1957 DESCRIPTION 1958 "The type of the IP address of the URL filtering 1959 server. 1960 " 1961 ::= { cufwUrlfServerEntry 1 } 1962 1963cufwUrlfServerAddress OBJECT-TYPE 1964 SYNTAX InetAddress 1965 MAX-ACCESS not-accessible 1966 STATUS current 1967 DESCRIPTION 1968 "The value of the IP address of the URL filtering 1969 server. 1970 " 1971 ::= { cufwUrlfServerEntry 2 } 1972 1973cufwUrlfServerPort OBJECT-TYPE 1974 SYNTAX InetPortNumber 1975 MAX-ACCESS not-accessible 1976 STATUS current 1977 DESCRIPTION 1978 "The value of the port at which the URL filtering 1979 server listens for incoming requests. 1980 " 1981 ::= { cufwUrlfServerEntry 3 } 1982 1983cufwUrlfServerVendor OBJECT-TYPE 1984 SYNTAX CFWUrlfVendorId 1985 MAX-ACCESS read-only 1986 STATUS current 1987 DESCRIPTION 1988 "The vendor type of the URL filtering server. 1989 " 1990 ::= { cufwUrlfServerEntry 4 } 1991 1992cufwUrlfServerStatus OBJECT-TYPE 1993 SYNTAX CFWUrlServerStatus 1994 MAX-ACCESS read-only 1995 STATUS current 1996 DESCRIPTION 1997 "The status of the URL filtering server 1998 corresponding to this conceptual row. 1999 " 2000 ::= { cufwUrlfServerEntry 5 } 2001 2002cufwUrlfServerReqsNumProcessed OBJECT-TYPE 2003 SYNTAX Counter64 2004 MAX-ACCESS read-only 2005 STATUS current 2006 DESCRIPTION 2007 "The number of URL access requests forwarded by 2008 the managed firewall device to the URL filtering 2009 server corresponding to this conceptual row. 2010 2011 This value is counted from the last reboot of 2012 the managed device. 2013 " 2014 ::= { cufwUrlfServerEntry 6 } 2015 2016cufwUrlfServerReqsNumAllowed OBJECT-TYPE 2017 SYNTAX Counter64 2018 MAX-ACCESS read-only 2019 STATUS current 2020 DESCRIPTION 2021 "The number of URL access requests allowed by the 2022 URL filtering server corresponding to this conceptual 2023 row. This counter does not include late responses. 2024 2025 This value is counted from the last reboot of 2026 the managed device. 2027 " 2028 ::= { cufwUrlfServerEntry 7 } 2029 2030cufwUrlfServerReqsNumDenied OBJECT-TYPE 2031 SYNTAX Counter64 2032 MAX-ACCESS read-only 2033 STATUS current 2034 DESCRIPTION 2035 "The number of URL access requests denied by the 2036 URL filtering server corresponding to this conceptual 2037 row. This counter does not include late responses. 2038 2039 This value is counted from the last reboot of 2040 the managed device. 2041 " 2042 ::= { cufwUrlfServerEntry 8 } 2043 2044cufwUrlfServerNumTimeouts OBJECT-TYPE 2045 SYNTAX Counter64 2046 MAX-ACCESS read-only 2047 STATUS current 2048 DESCRIPTION 2049 "The number of times the firewall failed to receive 2050 a response from the URL filtering server corresponding 2051 to this conceptual row, for a request to authorize a 2052 URL access request. 2053 2054 This is equal to the number of times a firewall removed 2055 a URL access request from the queue of pending requests 2056 because no response was received from the URL filtering 2057 server. 2058 2059 This value is accumulated from the last reboot of the 2060 firewall. 2061 " 2062 ::= { cufwUrlfServerEntry 9 } 2063 2064cufwUrlfServerNumRetries OBJECT-TYPE 2065 SYNTAX Counter64 2066 MAX-ACCESS read-only 2067 STATUS current 2068 DESCRIPTION 2069 "The number of URL access authorization requests 2070 re-sent by the firewall to the URL Filtering Server 2071 corresponding to this conceptual row, because a response 2072 was not received within the configured time interval 2073 from the server. 2074 2075 This value is counted from the last reboot of 2076 the managed device. 2077 " 2078 ::= { cufwUrlfServerEntry 10 } 2079 2080cufwUrlfServerRespsNumReceived OBJECT-TYPE 2081 SYNTAX Counter64 2082 MAX-ACCESS read-only 2083 STATUS current 2084 DESCRIPTION 2085 "The number of URL access responses received by the 2086 firewall from the URL filtering server corresponding 2087 to this conceptual row. This counter does not include 2088 late responses. 2089 2090 This value is counted from the last reboot of 2091 the managed device. 2092 " 2093 ::= { cufwUrlfServerEntry 11 } 2094 2095cufwUrlfServerRespsNumLate OBJECT-TYPE 2096 SYNTAX Counter64 2097 MAX-ACCESS read-only 2098 STATUS current 2099 DESCRIPTION 2100 "The number of URL access responses received by 2101 the managed firewall from the URL filtering server 2102 corresponding to this conceptual row after the 2103 original URL access request was removed from the 2104 queue of pending requests. 2105 2106 This value is counted from the last reboot of 2107 the managed device. 2108 " 2109 ::= { cufwUrlfServerEntry 12 } 2110 2111cufwUrlfServerAvgRespTime1 OBJECT-TYPE 2112 SYNTAX Gauge32 2113 UNITS "seconds" 2114 MAX-ACCESS read-only 2115 STATUS current 2116 DESCRIPTION 2117 "The average round-trip response time of the 2118 URL filtering server computed over the last 2119 60 seconds. 2120 2121 A value of zero indicates that there was 2122 insufficient data to compute this value over the 2123 last time interval. 2124 " 2125 ::= { cufwUrlfServerEntry 13 } 2126 2127cufwUrlfServerAvgRespTime5 OBJECT-TYPE 2128 SYNTAX Gauge32 2129 UNITS "seconds" 2130 MAX-ACCESS read-only 2131 STATUS current 2132 DESCRIPTION 2133 "The average round-trip response time of the 2134 URL filtering server computed over the last 2135 300 seconds. 2136 2137 A value of zero indicates that there was 2138 insufficient data to compute this value over the 2139 last time interval. 2140 " 2141 ::= { cufwUrlfServerEntry 14 } 2142 2143-- Application Firewall or Deep Packet Inspection Group 2144 2145cufwAaicGlobals OBJECT IDENTIFIER ::= { cuFwAaicGrp 1 } 2146 2147cufwAaicGlobalNumBadProtocolOps OBJECT-TYPE 2148 SYNTAX Counter64 2149 UNITS "Protocol Data Units" 2150 MAX-ACCESS read-only 2151 STATUS current 2152 DESCRIPTION 2153 "'Protocol Operation' is the application protocol 2154 specific operation that the PDU is intended to 2155 perform. An example of 'protocol operation' is the 2156 HELO command of SMTP protocol. 2157 2158 This MIB object records the number of application 2159 protocol data units that contained a protocol operation 2160 which was disallowed by the local security policy. 2161 2162 For this MIB to be implemented, the managed firewall 2163 must be implementing deep packet inspection of 2164 application traffic payloads. 2165 2166 This value is accumulated from the last reboot of 2167 the firewall. 2168 " 2169 ::= { cufwAaicGlobals 1} 2170 2171cufwAaicGlobalNumBadPDUSize OBJECT-TYPE 2172 SYNTAX Counter64 2173 UNITS "Protocol Data Units" 2174 MAX-ACCESS read-only 2175 STATUS current 2176 DESCRIPTION 2177 "This MIB object records the number of application 2178 protocol data units (PDU) that had either an invalid 2179 header size or an invalid payload size, as determined 2180 by the local security policy. 2181 2182 For this MIB to be implemented, the managed firewall 2183 must be implementing deep packet inspection of 2184 application traffic payloads. 2185 2186 This value is accumulated from the last reboot of 2187 the firewall. 2188 " 2189 ::= { cufwAaicGlobals 2} 2190 2191cufwAaicGlobalNumBadPortRange OBJECT-TYPE 2192 SYNTAX Counter64 2193 UNITS "Protocol Data Units" 2194 MAX-ACCESS read-only 2195 STATUS current 2196 DESCRIPTION 2197 "Number of application protocol units that attempted 2198 to advertise illegal port ranges for secondary 2199 connections. An example of such an occurrence 2200 would be a passive FTP connection, where the 2201 server advertises a disallowed port range for data 2202 connection. 2203 2204 For this MIB to be implemented, the managed firewall 2205 must be implementing deep packet inspection of 2206 application traffic payloads. 2207 2208 This value is accumulated from the last reboot of 2209 the firewall. 2210 " 2211 ::= { cufwAaicGlobals 3} 2212 2213-- Deep packet inspection: Protocol-specific statistics 2214 2215cufwAaicProtocolStats OBJECT IDENTIFIER ::= { cuFwAaicGrp 2 } 2216 2217cufwAaicHttpProtocolStats OBJECT IDENTIFIER ::= 2218 { cufwAaicProtocolStats 1} 2219 2220cufwAaicHttpNumBadProtocolOps OBJECT-TYPE 2221 SYNTAX Counter64 2222 UNITS "HTTP Protocol Data Units" 2223 MAX-ACCESS read-only 2224 STATUS current 2225 DESCRIPTION 2226 "The number of PDUs corresponding to HTTP protocol 2227 which were detected to be containing HTTP protocol 2228 methods which are disallowed by the local security 2229 policy. 2230 2231 For this MIB to be implemented, the managed firewall 2232 must be implementing deep packet inspection of 2233 HTTP traffic payloads. 2234 2235 This value is accumulated from the last reboot of 2236 the firewall. 2237 " 2238 ::= { cufwAaicHttpProtocolStats 1 } 2239 2240cufwAaicHttpNumBadPDUSize OBJECT-TYPE 2241 SYNTAX Counter64 2242 UNITS "HTTP Protocol Data Units" 2243 MAX-ACCESS read-only 2244 STATUS current 2245 DESCRIPTION 2246 "The number of PDUs corresponding to HTTP protocol 2247 that had either an invalid header size or an invalid 2248 payload size, as determined by the local security 2249 policy. 2250 2251 For this MIB to be implemented, the managed firewall 2252 must be implementing deep packet inspection of 2253 HTTP traffic payloads. 2254 2255 This value is accumulated from the last reboot of 2256 the firewall. 2257 " 2258 ::= { cufwAaicHttpProtocolStats 2 } 2259 2260cufwAaicHttpNumTunneledConns OBJECT-TYPE 2261 SYNTAX Counter64 2262 UNITS "Connections" 2263 MAX-ACCESS read-only 2264 STATUS current 2265 DESCRIPTION 2266 "The number of connections corresponding to HTTP 2267 protocol which were detected to be tunneling other 2268 application traffic streams. An instance of this 2269 would be InstantMessenger traffic running on HTTP. 2270 2271 For this MIB to be implemented, the managed firewall 2272 must be implementing deep packet inspection of 2273 HTTP traffic payloads. 2274 2275 This value is accumulated from the last reboot of 2276 the firewall. 2277 " 2278 ::= { cufwAaicHttpProtocolStats 3 } 2279 2280cufwAaicHttpNumLargeURIs OBJECT-TYPE 2281 SYNTAX Counter64 2282 UNITS "HTTP Protocol Data Units" 2283 MAX-ACCESS read-only 2284 STATUS current 2285 DESCRIPTION 2286 "The number of PDUs corresponding to HTTP protocol 2287 which were detected to be containing a URI of 2288 size not permitted by the local security policy. 2289 2290 For this MIB to be implemented, the managed firewall 2291 must be implementing deep packet inspection of 2292 HTTP traffic payloads. 2293 2294 This value is accumulated from the last reboot of 2295 the firewall. 2296 " 2297 ::= { cufwAaicHttpProtocolStats 4 } 2298 2299cufwAaicHttpNumBadContent OBJECT-TYPE 2300 SYNTAX Counter64 2301 UNITS "HTTP Protocol Data Units" 2302 MAX-ACCESS read-only 2303 STATUS current 2304 DESCRIPTION 2305 "The number of PDUs corresponding to HTTP protocol 2306 which were detected to be containing content whose 2307 type disallowed by the local security policy. 2308 2309 For this MIB to be implemented, the managed firewall 2310 must be implementing deep packet inspection of 2311 HTTP traffic payloads. 2312 2313 This value is accumulated from the last reboot of 2314 the firewall. 2315 " 2316 ::= { cufwAaicHttpProtocolStats 5 } 2317 2318cufwAaicHttpNumMismatchContent OBJECT-TYPE 2319 SYNTAX Counter64 2320 UNITS "HTTP Protocol Data Units" 2321 MAX-ACCESS read-only 2322 STATUS current 2323 DESCRIPTION 2324 "The number of PDUs corresponding to HTTP protocol 2325 which were detected to be containing content whose 2326 type was different from the content type specified 2327 in the header of the PDU. 2328 2329 For this MIB to be implemented, the managed firewall 2330 must be implementing deep packet inspection of 2331 HTTP traffic payloads. 2332 2333 This value is accumulated from the last reboot of 2334 the firewall. 2335 " 2336 ::= { cufwAaicHttpProtocolStats 6 } 2337 2338cufwAaicHttpNumDoubleEncodedPkts OBJECT-TYPE 2339 SYNTAX Counter64 2340 UNITS "HTTP Protocol Data Units" 2341 MAX-ACCESS read-only 2342 STATUS current 2343 DESCRIPTION 2344 "The number of PDUs corresponding to HTTP protocol 2345 which were detected to be containing double encoding. 2346 Double encoding is a mechanism to obfuscate content 2347 in which a encoded data is re-encoded so as to evade 2348 deep packet inspections. 2349 2350 For this MIB to be implemented, the managed firewall 2351 must be implementing deep packet inspection of 2352 HTTP traffic payloads. 2353 2354 This value is accumulated from the last reboot of 2355 the firewall. 2356 " 2357 ::= { cufwAaicHttpProtocolStats 7 } 2358 2359-- Transparent or Layer 2 or Stealth Firewall group 2360 2361cufwL2FwGlobals OBJECT IDENTIFIER ::= { cuFwL2FwGrp 1 } 2362 2363cufwL2GlobalEnableStealthMode OBJECT-TYPE 2364 SYNTAX TruthValue 2365 MAX-ACCESS read-only 2366 STATUS current 2367 DESCRIPTION 2368 "The value indicates if the firewall is operating 2369 in transparent (layer 2) mode or not. 2370 2371 When operating in transparent mode, the firewall 2372 operates as a bridge while performing firewalling 2373 functions. 2374 " 2375 ::= { cufwL2FwGlobals 1 } 2376 2377cufwL2GlobalArpCacheSize OBJECT-TYPE 2378 SYNTAX Integer32 (1..2147483647) 2379 UNITS "ARP entries" 2380 MAX-ACCESS read-only 2381 STATUS current 2382 DESCRIPTION 2383 "The value indicates the configured maximum size of 2384 the ARP cache used for management traffic. 2385 " 2386 ::= { cufwL2FwGlobals 2 } 2387 2388cufwL2GlobalEnableArpInspection OBJECT-TYPE 2389 SYNTAX TruthValue 2390 MAX-ACCESS read-write 2391 STATUS current 2392 DESCRIPTION 2393 "The value indicates if ARP inspection, which is a 2394 security feature, is enabled globally on the 2395 managed firewall. 2396 " 2397 ::= { cufwL2FwGlobals 3 } 2398 2399-- Transparent Firewall performance statistics 2400 2401cufwL2GlobalNumArpRequests OBJECT-TYPE 2402 SYNTAX Counter64 2403 UNITS "ARP Requests" 2404 MAX-ACCESS read-only 2405 STATUS current 2406 DESCRIPTION 2407 "The number of ARP requests issued by the transparent 2408 firewall to resolve a destination IP address. 2409 2410 This counter is accumulated since the last reboot of 2411 the firewall. 2412 " 2413 ::= { cufwL2FwGlobals 5 } 2414 2415cufwL2GlobalNumIcmpRequests OBJECT-TYPE 2416 SYNTAX Counter64 2417 UNITS "ICMP Traceroute Requests" 2418 MAX-ACCESS read-only 2419 STATUS current 2420 DESCRIPTION 2421 "The number of ICMP traceroute requests issued by the 2422 transparent firewall to resolve a destination IP 2423 address. 2424 2425 This counter is accumulated since the last reboot of 2426 the firewall. 2427 " 2428 ::= { cufwL2FwGlobals 6 } 2429 2430cufwL2GlobalNumFloods OBJECT-TYPE 2431 SYNTAX Counter64 2432 MAX-ACCESS read-only 2433 STATUS current 2434 DESCRIPTION 2435 "The number of times the firewall floods a frame to be 2436 forwarded to the egress interfaces because the 2437 destination MAC address is missing in the bridge table. 2438 2439 This counter is accumulated since the last reboot of 2440 the firewall. 2441 " 2442 ::= { cufwL2FwGlobals 7 } 2443 2444cufwL2GlobalNumDrops OBJECT-TYPE 2445 SYNTAX Counter64 2446 MAX-ACCESS read-only 2447 STATUS current 2448 DESCRIPTION 2449 "The number of times the firewall dropped an incoming 2450 frame because the destination MAC address is missing 2451 in the bridge table. 2452 2453 This counter is accumulated since the last reboot of 2454 the firewall. 2455 " 2456 ::= { cufwL2FwGlobals 8 } 2457 2458cufwL2GlobalArpOverflowRate5 OBJECT-TYPE 2459 SYNTAX Gauge32 2460 MAX-ACCESS read-only 2461 STATUS current 2462 DESCRIPTION 2463 "The number of times an existing entry from the ARP 2464 cache had to be ejected in order to insert a new entry 2465 in the last 300 seconds. 2466 2467 This counter is accumulated since the last reboot of 2468 the firewall. 2469 " 2470 ::= { cufwL2FwGlobals 9 } 2471 2472-- Transparent Firewall security incident statistics 2473 2474cufwL2GlobalNumBadArpResponses OBJECT-TYPE 2475 SYNTAX Counter64 2476 UNITS "ARP Responses" 2477 MAX-ACCESS read-only 2478 STATUS current 2479 DESCRIPTION 2480 "The number of malformed ARP responses received by the 2481 firewall in trying to resolve the MAC address of the 2482 destination IP address in an incoming frame. 2483 2484 This counter is accumulated since the last reboot of 2485 the firewall. 2486 " 2487 ::= { cufwL2FwGlobals 10 } 2488 2489cufwL2GlobalNumSpoofedArpResps OBJECT-TYPE 2490 SYNTAX Counter64 2491 UNITS "ARP Responses" 2492 MAX-ACCESS read-only 2493 STATUS current 2494 DESCRIPTION 2495 "The number of spoofed ARP responses received by the 2496 firewall. Such an event would occur when the firewall 2497 encounters an ARP response mapping an IP address to 2498 a different MAC Address from the one present in the 2499 local ARP cache. 2500 2501 This counter is accumulated since the last reboot of 2502 the firewall. 2503 " 2504 ::= { cufwL2FwGlobals 11 } 2505 2506-- Cisco Firewall MIB Notification Control 2507 2508cufwCntlUrlfServerStatusChange OBJECT-TYPE 2509 SYNTAX TruthValue 2510 MAX-ACCESS read-write 2511 STATUS current 2512 DESCRIPTION 2513 "This object defines the administrative state of 2514 sending the SNMP notification to signal the election 2515 of a new primary URL filtering server by this 2516 firewall. 2517 2518 Such a change could occur either as a result of 2519 the current primary server becoming unavailable or 2520 as a result of explicit management action in 2521 nominating a filtering server the primary server. 2522 " 2523 DEFVAL { false } 2524 ::= { cuFwNotifCntlGrp 1 } 2525 2526cufwCntlL2StaticMacAddressMoved OBJECT-TYPE 2527 SYNTAX TruthValue 2528 MAX-ACCESS read-write 2529 STATUS current 2530 DESCRIPTION 2531 "This object defines the administrative state of 2532 sending the SNMP notification to signal the move 2533 of a statically configured MAC address to a new 2534 port. 2535 2536 Such a change could occur either as a result of physical 2537 move of the device with the MAC Address to the new port 2538 or due to MAC address spoofing. 2539 " 2540 DEFVAL { true } 2541 ::= { cuFwNotifCntlGrp 2 } 2542 2543-- Cisco Firewall MIB Notifications 2544 2545ciscoUFwUrlfServerStateChange NOTIFICATION-TYPE 2546 OBJECTS { 2547 cufwUrlfServerStatus 2548 } 2549 STATUS current 2550 DESCRIPTION 2551 "This notification is generated when the firewall 2552 elects a new primary URL filtering server from 2553 the existing set of configured servers. 2554 2555 Such a change could occur either as a result of 2556 the current primary server becoming unavailable or 2557 as a result of explicit management action in 2558 nominating a filtering server the primary server. 2559 2560 The notification is issued just before the change 2561 occurs. Consequently, the varbinds identify the 2562 attributes corresponding to the old primary server. 2563 2564 This notification is issued if and only if the 2565 object 'cufwCntlUrlfServerStatusChange' has been 2566 set to 'true'. 2567 " 2568 ::= { ciscoUnifiedFirewallMIBNotifs 1 } 2569 2570ciscoUFwL2StaticMacAddressMoved NOTIFICATION-TYPE 2571 OBJECTS { 2572 dot1dTpFdbPort, 2573 dot1dTpFdbStatus 2574 } 2575 STATUS current 2576 DESCRIPTION 2577 "This notification is generated when the firewall 2578 detects the move of a static MAC address to a new 2579 port. 2580 2581 Such a change could occur either as a result of 2582 physical move of the device with the MAC Address 2583 to the new port, due to management action of 2584 relocating the MAC address at the new location or 2585 due to MAC address spoofing. 2586 2587 The varbinds identify the new location (port) of 2588 the MAC Address and its status at the new location. 2589 2590 This notification is issued if and only if the 2591 object 'cufwCntlL2StaticMacAddressMoved' has been 2592 set to 'true'. 2593 " 2594 ::= { ciscoUnifiedFirewallMIBNotifs 2 } 2595 2596 2597-- Conformance Information 2598 2599ciscoUniFirewallMIBCompliances OBJECT IDENTIFIER ::= 2600 { ciscoUnifiedFirewallMIBConform 1} 2601 ciscoUniFirewallMIBGroups OBJECT IDENTIFIER ::= 2602 { ciscoUnifiedFirewallMIBConform 2} 2603 2604-- Compliance Statements 2605 2606ciscoUniFirewallMIBCompliance MODULE-COMPLIANCE 2607 STATUS current 2608 DESCRIPTION 2609 "The compliance statement for SNMP entities 2610 the Cisco Firewall MIB. 2611 " 2612 MODULE -- this module 2613 MANDATORY-GROUPS { 2614 ciscoFwConnectionGroup, 2615 ciscoFwMibReportingControlGroup 2616 } 2617 2618 GROUP ciscoFwApplInspectionGroup 2619 DESCRIPTION 2620 "This group is mandatory for a firewall 2621 implementation which implements application 2622 inspection of L7 protocols 2623 " 2624 2625 GROUP ciscoFwConnResourceUsageGroup 2626 DESCRIPTION 2627 "This group is optional. 2628 " 2629 2630 GROUP ciscoFwPolicyConnectionGroup 2631 DESCRIPTION 2632 "This group is mandatory for a firewall 2633 implementation which implements the 2634 instrumentation of policy based connection 2635 statistics." 2636 2637 GROUP ciscoFwUrlFilterGroup 2638 DESCRIPTION 2639 "This group is mandatory only if the 2640 firewall implements URL Filtering 2641 functionality. 2642 " 2643 2644 GROUP ciscoFwUrlFilterResourceGroup 2645 DESCRIPTION 2646 "This group is optional. 2647 " 2648 2649 GROUP ciscoFwTransparentFwGroup 2650 DESCRIPTION 2651 "This group is mandatory only if the 2652 firewall implements transparent or layer 2 2653 mode of operation. 2654 " 2655 2656 GROUP ciscoFwTransparentNotifGroup 2657 DESCRIPTION 2658 "This group is mandatory only if the 2659 firewall implements transparent or layer 2 2660 mode of operation. 2661 " 2662 2663 GROUP ciscoFwBasicAaicGroup 2664 DESCRIPTION 2665 "This group is mandatory only if the 2666 firewall implements the group 2667 'ciscoFwAaicHttpGroup'. 2668 " 2669 2670 GROUP ciscoFwAaicHttpGroup 2671 DESCRIPTION 2672 "This group is mandatory only for a 2673 firewall implementation which implements 2674 Advanced Application Inspection and 2675 Control (deep packet inspection) of HTTP 2676 traffic. 2677 2678 Further, any implementation that supports 2679 thsi group MUST implement group 2680 ciscoFwBasicAaicGroup. 2681 " 2682 ::= { ciscoUniFirewallMIBCompliances 1 } 2683 2684-- Units of Conformance 2685 2686ciscoFwConnectionGroup OBJECT-GROUP 2687 OBJECTS { 2688 cufwConnGlobalNumAttempted, 2689 cufwConnGlobalNumSetupsAborted, 2690 cufwConnGlobalNumPolicyDeclined, 2691 cufwConnGlobalNumResDeclined, 2692 cufwConnGlobalNumHalfOpen, 2693 cufwConnGlobalNumActive, 2694 cufwConnGlobalNumAborted, 2695 cufwConnGlobalNumExpired, 2696 cufwConnGlobalNumEmbryonic, 2697 cufwConnGlobalConnSetupRate1, 2698 cufwConnGlobalConnSetupRate5, 2699 cufwConnGlobalNumRemoteAccess, 2700 -- 2701 cufwConnNumAttempted, 2702 cufwConnNumSetupsAborted, 2703 cufwConnNumPolicyDeclined, 2704 cufwConnNumResDeclined, 2705 cufwConnNumHalfOpen, 2706 cufwConnNumActive, 2707 cufwConnNumAborted, 2708 cufwConnSetupRate1, 2709 cufwConnSetupRate5, 2710 -- 2711 cufwAppConnNumAttempted, 2712 cufwAppConnNumSetupsAborted, 2713 cufwAppConnNumPolicyDeclined, 2714 cufwAppConnNumResDeclined, 2715 cufwAppConnNumHalfOpen, 2716 cufwAppConnNumActive, 2717 cufwAppConnNumAborted, 2718 cufwAppConnSetupRate1, 2719 cufwAppConnSetupRate5 2720 } 2721 STATUS current 2722 DESCRIPTION 2723 "This group contains the MIB objects required to 2724 instrument the firewall stateful connection activity. 2725 " 2726 ::= { ciscoUniFirewallMIBGroups 1 } 2727 2728 2729ciscoFwConnResourceUsageGroup OBJECT-GROUP 2730 OBJECTS { 2731 cufwConnResMemoryUsage, 2732 cufwConnResActiveConnMemoryUsage, 2733 cufwConnResHOConnMemoryUsage, 2734 cufwConnResEmbrConnMemoryUsage 2735 } 2736 STATUS current 2737 DESCRIPTION 2738 "This group contains the MIB objects required to 2739 instrument the resource usage of the stateful packet 2740 filtering feature of the managed firewall. 2741 " 2742 ::= { ciscoUniFirewallMIBGroups 2 } 2743 2744ciscoFwPolicyConnectionGroup OBJECT-GROUP 2745 OBJECTS { 2746 cufwPolConnNumAttempted, 2747 cufwPolConnNumSetupsAborted, 2748 cufwPolConnNumPolicyDeclined, 2749 cufwPolConnNumResDeclined, 2750 cufwPolConnNumHalfOpen, 2751 cufwPolConnNumActive, 2752 cufwPolConnNumAborted, 2753 -- 2754 cufwPolAppConnNumAttempted, 2755 cufwPolAppConnNumSetupsAborted, 2756 cufwPolAppConnNumPolicyDeclined, 2757 cufwPolAppConnNumResDeclined, 2758 cufwPolAppConnNumHalfOpen, 2759 cufwPolAppConnNumActive, 2760 cufwPolAppConnNumAborted 2761 } 2762 STATUS current 2763 DESCRIPTION 2764 "This group contains the MIB objects required to 2765 instrument policy based summary of firewall connection 2766 activity. 2767 " 2768 ::= { ciscoUniFirewallMIBGroups 3 } 2769 2770ciscoFwApplInspectionGroup OBJECT-GROUP 2771 OBJECTS { 2772 cufwAIAuditTrailEnabled, 2773 cufwAIAlertEnabled, 2774 -- 2775 -- Application Inspection configuration table 2776 -- 2777 cufwInspectionStatus 2778 } 2779 STATUS current 2780 DESCRIPTION 2781 "This group contains the MIB objects required to 2782 instrument the firewall Application Inspection 2783 function. 2784 " 2785 ::= { ciscoUniFirewallMIBGroups 4 } 2786 2787ciscoFwUrlFilterGroup OBJECT-GROUP 2788 OBJECTS { 2789 cufwUrlfFunctionEnabled, 2790 cufwUrlfRequestsNumProcessed, 2791 cufwUrlfRequestsProcRate1, 2792 cufwUrlfRequestsProcRate5, 2793 cufwUrlfRequestsNumAllowed, 2794 cufwUrlfRequestsNumDenied, 2795 cufwUrlfRequestsDeniedRate1, 2796 cufwUrlfRequestsDeniedRate5, 2797 cufwUrlfRequestsNumCacheAllowed, 2798 cufwUrlfRequestsNumCacheDenied, 2799 cufwUrlfAllowModeReqNumAllowed, 2800 cufwUrlfAllowModeReqNumDenied, 2801 cufwUrlfRequestsNumResDropped, 2802 cufwUrlfRequestsResDropRate1, 2803 cufwUrlfRequestsResDropRate5, 2804 cufwUrlfNumServerTimeouts, 2805 cufwUrlfNumServerRetries, 2806 cufwUrlfResponsesNumLate, 2807 cufwUrlfUrlAccRespsNumResDropped, 2808 -- 2809 -- URL Filter server table 2810 -- 2811 cufwUrlfServerVendor, 2812 cufwUrlfServerStatus, 2813 cufwUrlfServerReqsNumProcessed, 2814 cufwUrlfServerReqsNumAllowed, 2815 cufwUrlfServerReqsNumDenied, 2816 cufwUrlfServerNumTimeouts, 2817 cufwUrlfServerNumRetries, 2818 cufwUrlfServerRespsNumReceived, 2819 cufwUrlfServerRespsNumLate, 2820 cufwUrlfServerAvgRespTime1, 2821 cufwUrlfServerAvgRespTime5, 2822 -- 2823 -- Trap control 2824 -- 2825 cufwCntlUrlfServerStatusChange 2826 } 2827 STATUS current 2828 DESCRIPTION 2829 "This group contains the MIB objects required to 2830 instrument the firewall URL filtering function. 2831 " 2832 ::= { ciscoUniFirewallMIBGroups 5 } 2833 2834ciscoFwUrlFilterResourceGroup OBJECT-GROUP 2835 OBJECTS { 2836 -- 2837 -- URL filter resource usage group 2838 -- 2839 cufwUrlfResTotalRequestCacheSize, 2840 cufwUrlfResTotalRespCacheSize 2841 } 2842 STATUS current 2843 DESCRIPTION 2844 "This group contains the MIB objects required to 2845 instrument the resource usage of the URL filtering 2846 feature of the managed firewall. 2847 " 2848 ::= { ciscoUniFirewallMIBGroups 6 } 2849 2850ciscoFwTransparentFwGroup OBJECT-GROUP 2851 OBJECTS { 2852 cufwL2GlobalEnableStealthMode, 2853 cufwL2GlobalArpCacheSize, 2854 cufwL2GlobalEnableArpInspection, 2855 cufwL2GlobalNumArpRequests, 2856 cufwL2GlobalNumIcmpRequests, 2857 cufwL2GlobalNumFloods, 2858 cufwL2GlobalNumDrops, 2859 cufwL2GlobalArpOverflowRate5, 2860 cufwL2GlobalNumBadArpResponses, 2861 cufwL2GlobalNumSpoofedArpResps, 2862 -- 2863 -- Trap control 2864 -- 2865 cufwCntlL2StaticMacAddressMoved 2866 } 2867 STATUS current 2868 DESCRIPTION 2869 "This group contains the MIB objects required to 2870 instrument the transparent mode (or layer 2) operation 2871 of a firewall. 2872 " 2873 ::= { ciscoUniFirewallMIBGroups 7 } 2874 2875ciscoFwNotificationsGroup NOTIFICATION-GROUP 2876 NOTIFICATIONS { 2877 ciscoUFwUrlfServerStateChange 2878 } 2879 STATUS current 2880 DESCRIPTION 2881 "This group contains notifications defined 2882 in the Cisco Firewall MIB pertaining to 2883 basic firewall operations. 2884 2885 Presently, the list include a notification 2886 pertaining to URL filtering alone. 2887 " 2888 ::= { ciscoUniFirewallMIBGroups 8 } 2889 2890ciscoFwTransparentNotifGroup NOTIFICATION-GROUP 2891 NOTIFICATIONS { 2892 ciscoUFwL2StaticMacAddressMoved 2893 } 2894 STATUS current 2895 DESCRIPTION 2896 "This group contains the notifications that signal 2897 security critical events pertaining to the 2898 transparent mode operation of the firewall. 2899 " 2900 ::= { ciscoUniFirewallMIBGroups 9 } 2901 2902ciscoFwBasicAaicGroup OBJECT-GROUP 2903 OBJECTS { 2904 cufwAaicGlobalNumBadProtocolOps, 2905 cufwAaicGlobalNumBadPDUSize, 2906 cufwAaicGlobalNumBadPortRange 2907 } 2908 STATUS current 2909 DESCRIPTION 2910 "This group contains the MIB objects required to 2911 instrument the basic elements of Advanced Application 2912 Inspection and Control (AAIC). 2913 " 2914 ::= { ciscoUniFirewallMIBGroups 10 } 2915 2916ciscoFwAaicHttpGroup OBJECT-GROUP 2917 OBJECTS { 2918 cufwAaicHttpNumBadProtocolOps, 2919 cufwAaicHttpNumBadPDUSize, 2920 cufwAaicHttpNumTunneledConns, 2921 cufwAaicHttpNumLargeURIs, 2922 cufwAaicHttpNumBadContent, 2923 cufwAaicHttpNumMismatchContent, 2924 cufwAaicHttpNumDoubleEncodedPkts 2925 } 2926 STATUS current 2927 DESCRIPTION 2928 "This group defines statistics pertaining to deep 2929 packet inspection of HTTP payloads. 2930 2931 A firewall that implements this group must implement 2932 the group 'ciscoFwBasicAaicGroup'. 2933 " 2934 ::= { ciscoUniFirewallMIBGroups 11 } 2935 2936ciscoFwMibReportingControlGroup OBJECT-GROUP 2937 OBJECTS { 2938 cufwConnReptAppStats, 2939 cufwConnReptAppStatsLastChanged 2940 } 2941 STATUS current 2942 DESCRIPTION 2943 "This group contains the MIB objects that allow 2944 the administrator to control the granularity of 2945 objects reported by the agent. 2946 " 2947 ::= { ciscoUniFirewallMIBGroups 12 } 2948 2949END 2950