1-- ***************************************************************** 2-- CISCO-SSL-PROXY-MIB.my: Cisco Secure Socket Layer Proxy MIB file 3-- 4-- June 2003, Fatima Yu 5-- 6-- Copyright (c) 2008-2012 by cisco Systems, Inc. 7-- All rights reserved. 8-- ***************************************************************** 9 10CISCO-SSL-PROXY-MIB DEFINITIONS ::= BEGIN 11 12IMPORTS 13 MODULE-IDENTITY, 14 OBJECT-TYPE, 15 NOTIFICATION-TYPE, 16 Counter32, 17 Gauge32, 18 Integer32, 19 Unsigned32 20 FROM SNMPv2-SMI 21 NOTIFICATION-GROUP, 22 MODULE-COMPLIANCE, 23 OBJECT-GROUP 24 FROM SNMPv2-CONF 25 SnmpAdminString 26 FROM SNMP-FRAMEWORK-MIB 27 TimeStamp, 28 RowStatus, 29 TruthValue 30 FROM SNMPv2-TC 31 InetAddressType, 32 InetAddress 33 FROM INET-ADDRESS-MIB 34 CiscoPort 35 FROM CISCO-TC 36 ciscoMgmt 37 FROM CISCO-SMI; 38 39 40ciscoSslProxyMIB MODULE-IDENTITY 41 LAST-UPDATED "201209180000Z" 42 ORGANIZATION "Cisco Systems, Inc." 43 CONTACT-INFO 44 "Cisco Systems 45 Customer Service 46 47 Postal: 170 W Tasman Drive 48 San Jose, CA 95134 49 USA 50 51 Tel: +1 800 553-NETS 52 53 E-mail: cs-ssl@cisco.com" 54 DESCRIPTION 55 "This MIB module is for managing a Secure Socket Layer 56 (SSL) Proxy device which terminates and accelarates 57 SSL and Transport Layer Security (TLS) transactions. 58 59 The proxy device can act as a SSL server or a SSL client 60 depending on the configuration and the application. 61 62 In one application, the device acts as a proxy SSL 63 server. It terminates SSL handshakes and TCP connections 64 initiated by SSL clients. The device is configured with 65 a key and a certificate bearing the identity of the SSL 66 server. The device uses this identity to establish the 67 SSL session on behalf of the server, offloading the key 68 establishment and data encryption and decryption work. 69 70 After the SSL session has been successfully established 71 between the client and the proxy device, the device 72 starts to receive and decrypt the encrypted data sent 73 from the client and forward to the server. The device 74 forwards the clear data to the server on a backend 75 connection. Clear data sent from the server is encrypted 76 by the proxy device before it is forwarded to the SSL 77 client. 78 79 Optionally, the proxy device is configured to reencrypt 80 the decrypted data sent from the client to the server. 81 The proxy device acts as a SSL client to initiate a SSL 82 session to the server. The decrypted data is encrypted 83 within this SSL session to be forwarded to the server. 84 The encrypted data sent from the server to the device 85 is decrypted and then reencrypted before it is 86 forwarded to the client. 87 88 In another application, the proxy device forwards data 89 generated by one or more sources to the destination 90 via a SSL session. The proxy device acts as a SSL 91 client and intiates a SSL session to the next hop 92 device. When data is received from the source, the 93 proxy device forwards the data to the next hop using 94 the SSL session. The next hop can continue to forward 95 the data if it is not the destination. 96 97 The proxy device supports a number of proxy services. 98 Each proxy service defines the role of the proxy device, 99 whether it acts as a SSL server or a SSL client. The 100 rest of the configuration include cryptographic and 101 protocol parameters. 102 103 This MIB is used for monitoring the configuration, 104 statuses and statistics of the proxy services and 105 the protocols including TCP, SSL and TLS." 106 REVISION "201209180000Z" 107 DESCRIPTION 108 "Added the following mib groups: 109 cspSslResourceLimitNotifGroup 110 cspSslResourceLimitNotifObjectsGroup" 111 REVISION "200909220000Z" 112 DESCRIPTION 113 "Added following OBJECT IDENTIFIER. 114 - cspHttpHeaderInsertedInfo 115 - cspHttpRedirectInfo 116 - cspHttpHeaderInsertedSslInfoStats 117 - cspHttpHeaderInsertedSslClientCertStats 118 - cspHttpRedirectClientCertAuthFailedStats 119 120 Added the following OBJECT-GROUPs 121 - cspHttpHeaderInsertedSslInfoGroup 122 - cspHttpHeaderInsertedSslClientCertGroup 123 - cspHttpRedirectInfoGroup 124 125 Deprecated MODULE-COMPLIANCE cspMIBCompliance 126 127 Added new MODULE-COMPLIANCE cspMIBComplianceRev1" 128 REVISION "200310270000Z" 129 DESCRIPTION 130 "Initial version of this MIB module." 131 ::= { ciscoMgmt 370 } 132 133 134-- Objects and groups in CISCO-SSL-PROXY-MIB 135 136cspMIBNotifications OBJECT IDENTIFIER 137 ::= { ciscoSslProxyMIB 0 } 138 139cspMIBObjects OBJECT IDENTIFIER 140 ::= { ciscoSslProxyMIB 1 } 141 142cspMIBConformance OBJECT IDENTIFIER 143 ::= { ciscoSslProxyMIB 2 } 144 145-- Objects and groups in cspMIBObjects 146 147cspGlobalConfig OBJECT IDENTIFIER 148 ::= { cspMIBObjects 1 } 149 150cspPsConfig OBJECT IDENTIFIER 151 ::= { cspMIBObjects 2 } 152 153cspPsPolicyConfig OBJECT IDENTIFIER 154 ::= { cspMIBObjects 3 } 155 156cspPsKeyCertConfig OBJECT IDENTIFIER 157 ::= { cspMIBObjects 4 } 158 159cspTcpPolicyConfig OBJECT IDENTIFIER 160 ::= { cspMIBObjects 5 } 161 162cspSslPolicyConfig OBJECT IDENTIFIER 163 ::= { cspMIBObjects 6 } 164 165cspTcpCountersInfo OBJECT IDENTIFIER 166 ::= { cspMIBObjects 7 } 167 168cspTcpCounters OBJECT IDENTIFIER 169 ::= { cspMIBObjects 8 } 170 171cspSslCountersInfo OBJECT IDENTIFIER 172 ::= { cspMIBObjects 9 } 173 174cspSslCounters OBJECT IDENTIFIER 175 ::= { cspMIBObjects 10 } 176 177cspSsl3Counters OBJECT IDENTIFIER 178 ::= { cspMIBObjects 11 } 179 180cspTls1Counters OBJECT IDENTIFIER 181 ::= { cspMIBObjects 12 } 182 183cspSslCryptoCounters OBJECT IDENTIFIER 184 ::= { cspMIBObjects 13 } 185 186cspSslErrorCounters OBJECT IDENTIFIER 187 ::= { cspMIBObjects 14 } 188 189cspPsCounters OBJECT IDENTIFIER 190 ::= { cspMIBObjects 15 } 191 192cspPsSsl3Counters OBJECT IDENTIFIER 193 ::= { cspMIBObjects 16 } 194 195cspPsTls1Counters OBJECT IDENTIFIER 196 ::= { cspMIBObjects 17 } 197 198cspCpuStatusInfo OBJECT IDENTIFIER 199 ::= { cspMIBObjects 18 } 200 201cspHttpHeaderInsertedInfo OBJECT IDENTIFIER 202 ::= { cspMIBObjects 19 } 203 204cspHttpRedirectInfo OBJECT IDENTIFIER 205 ::= { cspMIBObjects 20 } 206 207cspSslResourceNotifInfo OBJECT IDENTIFIER 208 ::= { cspMIBObjects 21 } 209 210cspHttpHeaderInsertedSslInfoStats OBJECT IDENTIFIER 211 ::= { cspHttpHeaderInsertedInfo 1 } 212 213cspHttpHeaderInsertedSslClientCertStats OBJECT IDENTIFIER 214 ::= { cspHttpHeaderInsertedInfo 2 } 215 216cspHttpRedirectClientCertAuthFailedStats OBJECT IDENTIFIER 217 ::= { cspHttpRedirectInfo 1 } 218 219 220-- The Global Configuration group 221-- This group contains general configuration information 222-- for the SSL proxy device 223 224cspGcVersion OBJECT-TYPE 225 SYNTAX SnmpAdminString (SIZE (1..255)) 226 MAX-ACCESS read-only 227 STATUS current 228 DESCRIPTION 229 "The version information of the SSL proxy device, for 230 display only." 231 ::= { cspGlobalConfig 1 } 232 233cspGcFIPSMode OBJECT-TYPE 234 SYNTAX TruthValue 235 MAX-ACCESS read-write 236 STATUS current 237 DESCRIPTION 238 "An indication of whether or not the proxy device is 239 operating in FIPS (Federal Information Processing 240 Standards) approved mode. 241 242 If 'true', the proxy device is operating in FIPS mode. 243 When the device operates in FIPS mode, only approved 244 cryptographic algorithms and key strengths are enabled. 245 Authentication and other security requirements of FIPS 246 will also be enforced in this mode." 247 REFERENCE 248 "Federal Information Processing Standards Publication 249 140-2, Security Requirements for Cryptographic Modules." 250 ::= { cspGlobalConfig 2 } 251 252cspGcRSArc4128md5 OBJECT-TYPE 253 SYNTAX TruthValue 254 MAX-ACCESS read-only 255 STATUS current 256 DESCRIPTION 257 "An indication of whether or not the proxy device 258 supports the cipher suite RSA_WITH_RC4_128_MD5. 259 If 'true', the cipher suite is supported." 260 REFERENCE 261 "1. RFC 2246, The TLS Protocol Version 1.0, A.5. 262 2. IETF Draft <draft-freier-ssl-version3-02.txt>, 263 The SSL Protocol Version 3.0, Appendix C." 264 ::= { cspGlobalConfig 3 } 265 266cspGcRSArc4128sha OBJECT-TYPE 267 SYNTAX TruthValue 268 MAX-ACCESS read-only 269 STATUS current 270 DESCRIPTION 271 "An indication of whether or not the proxy device 272 supports the cipher suite RSA_WITH_RC4_128_SHA. 273 If 'true', the cipher suite is supported." 274 REFERENCE 275 "1. RFC 2246, The TLS Protocol Version 1.0, A.5. 276 2. IETF Draft <draft-freier-ssl-version3-02.txt>, 277 The SSL Protocol Version 3.0, Appendix C." 278 ::= { cspGlobalConfig 4 } 279 280cspGcRSAdescbcsha OBJECT-TYPE 281 SYNTAX TruthValue 282 MAX-ACCESS read-only 283 STATUS current 284 DESCRIPTION 285 "An indication of whether or not the proxy device 286 supports the cipher suite RSA_WITH_DES_CBC_SHA. 287 If 'true', the cipher suite is supported." 288 REFERENCE 289 "1. RFC 2246, The TLS Protocol Version 1.0, A.5. 290 2. IETF Draft <draft-freier-ssl-version3-02.txt>, 291 The SSL Protocol Version 3.0, Appendix C." 292 ::= { cspGlobalConfig 5 } 293 294cspGcRSA3descbcsha OBJECT-TYPE 295 SYNTAX TruthValue 296 MAX-ACCESS read-only 297 STATUS current 298 DESCRIPTION 299 "An indication of whether or not the proxy device 300 supports the cipher suite RSA_WITH_3DES_EDE_CBC_SHA. 301 If 'true', the cipher suite is supported." 302 REFERENCE 303 "1. RFC 2246, The TLS Protocol Version 1.0, A.5. 304 2. IETF Draft <draft-freier-ssl-version3-02.txt>, 305 The SSL Protocol Version 3.0, Appendix C." 306 ::= { cspGlobalConfig 6 } 307 308cspGcNotifyProxyServOperStatus OBJECT-TYPE 309 SYNTAX TruthValue 310 MAX-ACCESS read-write 311 STATUS current 312 DESCRIPTION 313 "An indication of whether or not a cspServOperStatus 314 notification should be issued when the operation 315 status of proxy services changes. 316 317 If such a notification is desired, it is the 318 responsibility of the management entity to ensure that 319 the SNMP administrative model is configured in such a 320 way as to allow the notification to be delivered." 321 DEFVAL { false } 322 ::= { cspGlobalConfig 7 } 323 324cspGcNotifyPSCertExpiring OBJECT-TYPE 325 SYNTAX TruthValue 326 MAX-ACCESS read-write 327 STATUS current 328 DESCRIPTION 329 "An indication of whether or not a cspServCertExpiring 330 notification should be issued when a proxy service 331 certificate will be expiring in the configured time 332 interval cspGcPSCertExpireInterval. 333 334 If such a notification is desired, it is the 335 responsibility of the management entity to ensure that 336 the SNMP administrative model is configured in such a 337 way as to allow the notification to be delivered." 338 DEFVAL { false } 339 ::= { cspGlobalConfig 8 } 340 341cspGcPSCertExpireInterval OBJECT-TYPE 342 SYNTAX Integer32 (0..720) 343 UNITS "hours" 344 MAX-ACCESS read-write 345 STATUS current 346 DESCRIPTION 347 "The proxy service certificate expiration time interval, 348 used to determine when the cspServCertExpiring 349 notification should be issued if 350 cspGcNotifyPSCertExpiring is 'true'. 351 352 If this time interval is 0, no proxy service 353 certification expiration will be checked." 354 DEFVAL { 0 } 355 ::= { cspGlobalConfig 9 } 356-- The Proxy Service configuration entries 357 358cspPsTable OBJECT-TYPE 359 SYNTAX SEQUENCE OF CspPsEntry 360 MAX-ACCESS not-accessible 361 STATUS current 362 DESCRIPTION 363 "A list of proxy service configuration entries." 364 ::= { cspPsConfig 1 } 365 366cspPsEntry OBJECT-TYPE 367 SYNTAX CspPsEntry 368 MAX-ACCESS not-accessible 369 STATUS current 370 DESCRIPTION 371 "The proxy service configuration entry. 372 373 Each entry indicates the name and the index of a proxy 374 service, and a set of configuration parameters to be 375 applied on this proxy service. 376 377 A unique name can be assigned to each proxy service. 378 Optionally, multiple proxy services can be grouped into 379 a proxy list. All the services in a list have the 380 same name, and each service is assigned a unique index 381 within the list. 382 383 Each proxy service has a virtual and a server address. 384 This entry reports the address and port configuration, 385 and the administrative and operational statuses of each 386 proxy service. If a service is not operational, the 387 reason for its being 'down' is also reported." 388 INDEX { 389 cspPsName, 390 cspPsListIndex 391 } 392 ::= { cspPsTable 1 } 393 394CspPsEntry ::= SEQUENCE { 395 cspPsName SnmpAdminString, 396 cspPsListIndex Integer32, 397 cspPsServiceType INTEGER, 398 cspPsVirtualAddressType InetAddressType, 399 cspPsVirtualAddress InetAddress, 400 cspPsVirtualPort CiscoPort, 401 cspPsServerAddressType InetAddressType, 402 cspPsServerAddress InetAddress, 403 cspPsServerPort CiscoPort, 404 cspPsAdminStatus INTEGER, 405 cspPsOperStatus INTEGER, 406 cspPsOperDownReason INTEGER, 407 cspPsConfigRowStatus RowStatus 408} 409 410cspPsName OBJECT-TYPE 411 SYNTAX SnmpAdminString (SIZE (1..50)) 412 MAX-ACCESS not-accessible 413 STATUS current 414 DESCRIPTION 415 "The name of a proxy service. A unique name string 416 can be assigned to one proxy service or a list of 417 proxy services. 418 419 When the name is assigned to a list of proxy services, 420 each proxy service is identified by a unique index 421 within the list." 422 ::= { cspPsEntry 1 } 423 424cspPsListIndex OBJECT-TYPE 425 SYNTAX Integer32 (0..256) 426 MAX-ACCESS not-accessible 427 STATUS current 428 DESCRIPTION 429 "The unique index of a proxy service within a list. 430 431 If the cspPsName string is assigned to a list of 432 proxy services, this index is used to identify 433 a proxy service within the list. 434 435 If the cspPsName string is unique per proxy service, 436 this index is not used, and the value shall be 0." 437 ::= { cspPsEntry 2 } 438 439cspPsServiceType OBJECT-TYPE 440 SYNTAX INTEGER { 441 server(1), -- Proxy is acting as SSL server 442 client(2) -- Proxy is acting as SSL client 443 } 444 MAX-ACCESS read-create 445 STATUS current 446 DESCRIPTION 447 "The type of proxy service: 'server(1)' or 'client(2)'. 448 449 When servicing a 'server' type proxy service, the proxy 450 device acts as a SSL server. It terminates the SSL 451 handshake initiated by a SSL client, and forwards the 452 data sent from the client to the destination. 453 454 When servicing a 'client' type proxy service, the proxy 455 device acts as a SSL client. It initiates a SSL 456 handshake to a SSL server, and forwards data sent from 457 one or more data sources to the SSL server." 458 DEFVAL { server } 459 ::= { cspPsEntry 3 } 460 461cspPsVirtualAddressType OBJECT-TYPE 462 SYNTAX InetAddressType 463 MAX-ACCESS read-create 464 STATUS current 465 DESCRIPTION 466 "An indication of the type of address contained in 467 cspPsVirtualAddress." 468 DEFVAL { ipv4 } 469 ::= { cspPsEntry 4 } 470 471cspPsVirtualAddress OBJECT-TYPE 472 SYNTAX InetAddress 473 MAX-ACCESS read-create 474 STATUS current 475 DESCRIPTION 476 "The virtual address. This address is used by the data 477 source to send data that can be received by the proxy 478 device and forwarded to the destination." 479 ::= { cspPsEntry 5 } 480 481cspPsVirtualPort OBJECT-TYPE 482 SYNTAX CiscoPort 483 MAX-ACCESS read-create 484 STATUS current 485 DESCRIPTION 486 "The virtual TCP port number. This port number is used 487 by the data source to send data that can be received 488 by the proxy device and forwarded to the destination." 489 ::= { cspPsEntry 6 } 490 491cspPsServerAddressType OBJECT-TYPE 492 SYNTAX InetAddressType 493 MAX-ACCESS read-create 494 STATUS current 495 DESCRIPTION 496 "An indication of the type of address contained in 497 cspPsServerAddress." 498 DEFVAL { ipv4 } 499 ::= { cspPsEntry 7 } 500 501cspPsServerAddress OBJECT-TYPE 502 SYNTAX InetAddress 503 MAX-ACCESS read-create 504 STATUS current 505 DESCRIPTION 506 "The server address. This address is used by the proxy 507 device to send or forward data to the destination." 508 ::= { cspPsEntry 8 } 509 510cspPsServerPort OBJECT-TYPE 511 SYNTAX CiscoPort 512 MAX-ACCESS read-create 513 STATUS current 514 DESCRIPTION 515 "The server TCP port number. This port number is used 516 by the proxy device to send or forward data to the 517 destination." 518 ::= { cspPsEntry 9 } 519 520cspPsAdminStatus OBJECT-TYPE 521 SYNTAX INTEGER { 522 up(1), 523 down(2) 524 } 525 MAX-ACCESS read-create 526 STATUS current 527 DESCRIPTION 528 "The administrative status of the proxy service. 529 Each proxy service can be configured to be 530 administratively 'up' or 'down'. If the Adminstrative 531 Status is 'down', the service will not be operational." 532 DEFVAL { down } 533 ::= { cspPsEntry 10 } 534 535cspPsOperStatus OBJECT-TYPE 536 SYNTAX INTEGER { 537 up(1), 538 down(2) 539 } 540 MAX-ACCESS read-only 541 STATUS current 542 DESCRIPTION 543 "The operational status of a proxy service. For a 544 proxy service to be operational, its administrative 545 status needs to be 'up'. 546 547 If the administrative status is 'up', the 548 operational status will be changed from 'down' to 549 'up' automatically once all the required configuration 550 parameters and resources, including necessary keys and 551 certificates, become available. 552 553 If one or more required resources are removed (e.g. 554 the certificate has expired), the operational status 555 will be changed to 'down' automatically." 556 ::= { cspPsEntry 11 } 557 558cspPsOperDownReason OBJECT-TYPE 559 SYNTAX INTEGER { 560 other(1), -- Other reason 561 notApplicable(2), -- Not applicable 562 noConnectivity(3), -- No Connectivity 563 noVirtualAddr(4), -- No Virtual Address 564 noServerAddr(5), -- No Server Address 565 noCert(6), -- NO Certificate 566 certNotConfigured(7) -- Certificate Not 567 -- Configured 568 } 569 MAX-ACCESS read-only 570 STATUS current 571 DESCRIPTION 572 "The reason for the operational status to be 'down'. 573 Possible values are: 574 other(1) : Unknown or undefined reason, 575 notApplicable(2) : Administratively 'down', 576 noConnectivity(3) : No Connectivity to the client, 577 the server, or the gateway, 578 noVirtualAddr(4) : Virtual Address not configured, 579 noServerAddr(5) : Server Address not configured, 580 noCert(6) : Certificate configured, but 581 invalid or missing, 582 certNotConfigured(7): Certificate not configured." 583 ::= { cspPsEntry 12 } 584 585cspPsConfigRowStatus OBJECT-TYPE 586 SYNTAX RowStatus 587 MAX-ACCESS read-create 588 STATUS current 589 DESCRIPTION 590 "The conceptual row status of the proxy service 591 configuration entry. 592 593 An entry cannot have the status 'active' until values 594 have been assigned to the following objects: 595 cspPsVirtualAddress, 596 cspPsVirtualPort, 597 cspPsServerAddress and 598 cspPsServerPort. 599 This entry can be modified when the status is 'active'." 600 ::= { cspPsEntry 13 } 601 602 603-- The Proxy Service Policy configuration entries 604 605cspPsPolicyTable OBJECT-TYPE 606 SYNTAX SEQUENCE OF CspPsPolicyEntry 607 MAX-ACCESS not-accessible 608 STATUS current 609 DESCRIPTION 610 "A list of proxy service policy configuration entries." 611 ::= { cspPsPolicyConfig 1 } 612 613cspPsPolicyEntry OBJECT-TYPE 614 SYNTAX CspPsPolicyEntry 615 MAX-ACCESS not-accessible 616 STATUS current 617 DESCRIPTION 618 "The proxy service policy entry. Each proxy service 619 policy entry contains the name of each type of policy 620 configured for the proxy service. 621 622 A policy is a set of configuration parameters and rules 623 to observe for implementing a protocol or an operation. 624 625 One or more of the following policies can be configured 626 for a proxy service: 627 TCP protocol policy for virtual connections, 628 TCP protocol policy for server connections, 629 SSL protocol policy, 630 HTTP header insertion policy, and 631 URL rewrite policy." 632 AUGMENTS { cspPsEntry } 633 ::= { cspPsPolicyTable 1 } 634 635CspPsPolicyEntry ::= SEQUENCE { 636 cspPspVirTcpPolicyName SnmpAdminString, 637 cspPspSerTcpPolicyName SnmpAdminString, 638 cspPspSslPolicyName SnmpAdminString, 639 cspPspHttpHdrPolicyName SnmpAdminString, 640 cspPspUrlRewritePolicyName SnmpAdminString 641} 642 643cspPspVirTcpPolicyName OBJECT-TYPE 644 SYNTAX SnmpAdminString (SIZE (0..255)) 645 MAX-ACCESS read-create 646 STATUS current 647 DESCRIPTION 648 "The name of the TCP protocol policy configured for 649 the virtual side connections. If no TCP policy is 650 configured, the name will be a NULL string." 651 ::= { cspPsPolicyEntry 1 } 652 653cspPspSerTcpPolicyName OBJECT-TYPE 654 SYNTAX SnmpAdminString (SIZE (0..255)) 655 MAX-ACCESS read-create 656 STATUS current 657 DESCRIPTION 658 "The name of the TCP protocol policy configured for 659 the server side connections. If no TCP policy is 660 configured, the name will be a NULL string." 661 ::= { cspPsPolicyEntry 2 } 662 663cspPspSslPolicyName OBJECT-TYPE 664 SYNTAX SnmpAdminString (SIZE (0..255)) 665 MAX-ACCESS read-create 666 STATUS current 667 DESCRIPTION 668 "The name of the SSL protocol policy configured for 669 the SSL handshake and data encryption and decryption. 670 If no SSL policy is configured, the name will be a NULL 671 string." 672 ::= { cspPsPolicyEntry 3 } 673 674cspPspHttpHdrPolicyName OBJECT-TYPE 675 SYNTAX SnmpAdminString (SIZE (0..255)) 676 MAX-ACCESS read-create 677 STATUS current 678 DESCRIPTION 679 "The name of the HTTP header insertion policy. A number 680 of fields can be inserted into the HTTP headers when 681 the proxy service is forwarding data. The policy 682 specifies the header insertion parameters. If no policy 683 is configured, the name will be a NULL string." 684 ::= { cspPsPolicyEntry 4 } 685 686cspPspUrlRewritePolicyName OBJECT-TYPE 687 SYNTAX SnmpAdminString (SIZE (0..255)) 688 MAX-ACCESS read-create 689 STATUS current 690 DESCRIPTION 691 "The name of the URL rewrite policy. The policy 692 specifies configuration parameters for rewriting URLs 693 in HTTP headers and payload. If no policy is configured, 694 the name will be a NULL string." 695 ::= { cspPsPolicyEntry 5 } 696 697 698-- The Proxy Service Key and Certificate configuration entries 699 700cspPsKeyCertTable OBJECT-TYPE 701 SYNTAX SEQUENCE OF CspPsKeyCertEntry 702 MAX-ACCESS not-accessible 703 STATUS current 704 DESCRIPTION 705 "A list of proxy service key and certificate 706 configuration entries." 707 ::= { cspPsKeyCertConfig 1 } 708 709cspPsKeyCertEntry OBJECT-TYPE 710 SYNTAX CspPsKeyCertEntry 711 MAX-ACCESS not-accessible 712 STATUS current 713 DESCRIPTION 714 "The proxy service key and certificate configuration 715 entry. This entry specifies the key usage, optionally 716 the trust point name, the certificate and the key file 717 names, the key size and time of generation or import, 718 and some important attributes of the certificate." 719 INDEX { 720 cspPsName, 721 cspPsListIndex, 722 cspPskcKeyUsage 723 } 724 ::= { cspPsKeyCertTable 1 } 725 726CspPsKeyCertEntry ::= SEQUENCE { 727 cspPskcKeyUsage INTEGER, 728 cspPskcTrustPointName SnmpAdminString, 729 cspPskcCertFileName SnmpAdminString, 730 cspPskcKeyName SnmpAdminString, 731 cspPskcKeyFileName SnmpAdminString, 732 cspPskcKeySize INTEGER, 733 cspPskcKeyTime SnmpAdminString, 734 cspPskcCertStatus INTEGER, 735 cspPskcCertSubjName SnmpAdminString, 736 cspPskcCertSerialNum SnmpAdminString, 737 cspPskcIssuerName SnmpAdminString, 738 cspPskcIssuerCertSerialNum SnmpAdminString, 739 cspPskcCertStartDate SnmpAdminString, 740 cspPskcCertEndDate SnmpAdminString, 741 cspPskcConfigRowStatus RowStatus 742} 743 744cspPskcKeyUsage OBJECT-TYPE 745 SYNTAX INTEGER { 746 rsaSigning(1), -- For signing only 747 rsaEncryption(2), -- For encryption only 748 rsaGeneralPurpose(3) -- For general purpose 749 } 750 MAX-ACCESS not-accessible 751 STATUS current 752 DESCRIPTION 753 "An indication of the usage of a key assigned to a 754 proxy service. Each proxy service can be assigned one 755 or more keys. 756 757 The key can be used for signing only, for data 758 encryption and decryption only, or for general purpose 759 (that is, it can be used for both signing and data 760 encryption and decryption). 761 762 The following values are defined: 763 rsaSigning(1) : RSA key used for signing only, 764 rsaEncryption(2) : RSA key used for data encryption 765 and decryption only, 766 rsaGeneralPurpose(3): RSA key used for both signing and 767 data encryption and decryption." 768 ::= { cspPsKeyCertEntry 1 } 769 770cspPskcTrustPointName OBJECT-TYPE 771 SYNTAX SnmpAdminString (SIZE (0..255)) 772 MAX-ACCESS read-create 773 STATUS current 774 DESCRIPTION 775 "The name of a trust point assigned to the proxy 776 service. The trust point contains information that 777 can be used for certificate enrollment or for importing 778 keys and certificates. 779 780 A trust point may also contain identifying information 781 about keys and certificates, and the path and the 782 protocol to be used for the proxy device to 783 communicate with a Certificate Authority which 784 issues certificates for the proxy service. 785 786 If no trust point is assigned to the proxy service, 787 the name will be a NULL string." 788 ::= { cspPsKeyCertEntry 2 } 789 790cspPskcCertFileName OBJECT-TYPE 791 SYNTAX SnmpAdminString (SIZE (0..255)) 792 MAX-ACCESS read-create 793 STATUS current 794 DESCRIPTION 795 "The name of the file storing the certificate. If 796 there is no such file, the name will be a NULL string." 797 ::= { cspPsKeyCertEntry 3 } 798 799cspPskcKeyName OBJECT-TYPE 800 SYNTAX SnmpAdminString (SIZE (0..255)) 801 MAX-ACCESS read-create 802 STATUS current 803 DESCRIPTION 804 "The name of a key assigned to the proxy service. 805 806 If there is no key assigned, the name will be a NULL 807 string. If the key is stored in a file, the file name 808 may be used to identify the key, and this name will be 809 a NULL string." 810 ::= { cspPsKeyCertEntry 4 } 811 812cspPskcKeyFileName OBJECT-TYPE 813 SYNTAX SnmpAdminString (SIZE (0..255)) 814 MAX-ACCESS read-create 815 STATUS current 816 DESCRIPTION 817 "The name of the file storing the key. If there is no 818 such file, the name will be a NULL string." 819 ::= { cspPsKeyCertEntry 5 } 820 821cspPskcKeySize OBJECT-TYPE 822 SYNTAX INTEGER { 823 other(1), -- unspecified key size 824 rsa512(2), -- 512-bit RSA key 825 rsa768(3), -- 768-bit RSA key 826 rsa1024(4), -- 1024-bit RSA key 827 rsa1536(5), -- 1536-bit RSA key 828 rsa2048(6) -- 2048-bit RSA key 829 } 830 MAX-ACCESS read-only 831 STATUS current 832 DESCRIPTION 833 "The size of the key. 834 835 The following modulus sizes are defined for RSA keys: 836 512-bit, 768-bit, 1024-bit, 1536-bit and 2048-bit." 837 ::= { cspPsKeyCertEntry 6 } 838 839cspPskcKeyTime OBJECT-TYPE 840 SYNTAX SnmpAdminString (SIZE (0..32)) 841 MAX-ACCESS read-only 842 STATUS current 843 DESCRIPTION 844 "The time of generation of the key, if known. If the key 845 is imported to the proxy device, this time can indicate 846 the time of import if the time of generation is unknown. 847 848 If the time is not known, this will be a NULL string." 849 ::= { cspPsKeyCertEntry 7 } 850 851cspPskcCertStatus OBJECT-TYPE 852 SYNTAX INTEGER { 853 valid(1), -- within valid period 854 expired(2), -- has passed the end date 855 rollover(3) -- being renewed 856 } 857 MAX-ACCESS read-only 858 STATUS current 859 DESCRIPTION 860 "The status of the certificate that is used to publish 861 the public key. 862 863 The following values are defined: 864 Valid(1) : Certificate is valid, 865 Expired(2) : Certificate has expired, 866 Rolling Over(3): Certificate is being renewed. 867 868 Whether or not an expired certificate can be used for 869 the proxy service is implementation specific." 870 REFERENCE 871 "RFC 2459, Internet X.509 Public Key Infrastructure 872 Certificate and CRL Profile, Section 4.1.2.5 about 873 validity and Section 10 about key rollover" 874 ::= { cspPsKeyCertEntry 8 } 875 876cspPskcCertSubjName OBJECT-TYPE 877 SYNTAX SnmpAdminString (SIZE (0..255)) 878 MAX-ACCESS read-only 879 STATUS current 880 DESCRIPTION 881 "The subject name of the certificate assigned to the 882 proxy service. If there is no subject name on the 883 certificate, this will be a NULL string." 884 REFERENCE 885 "RFC 2459, Internet X.509 Public Key Infrastructure 886 Certificate and CRL Profile, Section 4.1.2.6" 887 ::= { cspPsKeyCertEntry 9 } 888 889cspPskcCertSerialNum OBJECT-TYPE 890 SYNTAX SnmpAdminString (SIZE (0..255)) 891 MAX-ACCESS read-only 892 STATUS current 893 DESCRIPTION 894 "The serial number of the certificate assigned to the 895 proxy service. If there is no serial number on the 896 certificate, this will be a NULL string." 897 REFERENCE 898 "RFC 2459, Internet X.509 Public Key Infrastructure 899 Certificate and CRL Profile, Section 4.1.2.2" 900 ::= { cspPsKeyCertEntry 10 } 901 902cspPskcIssuerName OBJECT-TYPE 903 SYNTAX SnmpAdminString (SIZE (0..255)) 904 MAX-ACCESS read-only 905 STATUS current 906 DESCRIPTION 907 "The issuer name of the certificate assigned to the 908 proxy service. If the issuer name of the certificate is 909 not known, this will be a NULL string." 910 REFERENCE 911 "RFC 2459, Internet X.509 Public Key Infrastructure 912 Certificate and CRL Profile, Section 5.1.2.3" 913 ::= { cspPsKeyCertEntry 11 } 914 915cspPskcIssuerCertSerialNum OBJECT-TYPE 916 SYNTAX SnmpAdminString (SIZE (0..255)) 917 MAX-ACCESS read-only 918 STATUS current 919 DESCRIPTION 920 "The serial number of the issuer's certificate. 921 If the serial number of the issuer's certificate is not 922 known, this will be a NULL string." 923 REFERENCE 924 "RFC 2459, Internet X.509 Public Key Infrastructure 925 Certificate and CRL Profile, Section 4.1.2.2 and 926 Section 4.1.2.4" 927 ::= { cspPsKeyCertEntry 12 } 928 929cspPskcCertStartDate OBJECT-TYPE 930 SYNTAX SnmpAdminString (SIZE (0..32)) 931 MAX-ACCESS read-only 932 STATUS current 933 DESCRIPTION 934 "The time when the certificate starts to be valid, 935 corresponding to the notBefore time on the certificate." 936 REFERENCE 937 "RFC 2459, Internet X.509 Public Key Infrastructure 938 Certificate and CRL Profile, Section 4.1.2.5" 939 ::= { cspPsKeyCertEntry 13 } 940 941cspPskcCertEndDate OBJECT-TYPE 942 SYNTAX SnmpAdminString (SIZE (0..32)) 943 MAX-ACCESS read-only 944 STATUS current 945 DESCRIPTION 946 "The time when the certificate validity ends, 947 corresponding to the notAfter time on the certificate." 948 REFERENCE 949 "RFC 2459, Internet X.509 Public Key Infrastructure 950 Certificate and CRL Profile, Section 4.1.2.5" 951 ::= { cspPsKeyCertEntry 14 } 952 953cspPskcConfigRowStatus OBJECT-TYPE 954 SYNTAX RowStatus 955 MAX-ACCESS read-create 956 STATUS current 957 DESCRIPTION 958 "The conceptual row status of the proxy service key and 959 certificate configuration entry. This entry can be 960 modified when the status is 'active'." 961 ::= { cspPsKeyCertEntry 15 } 962 963 964-- The TCP Policy configuration entries 965 966cspTcpPolicyTable OBJECT-TYPE 967 SYNTAX SEQUENCE OF CspTcpPolicyEntry 968 MAX-ACCESS not-accessible 969 STATUS current 970 DESCRIPTION 971 "A list of TCP Policy entries" 972 ::= { cspTcpPolicyConfig 1 } 973 974cspTcpPolicyEntry OBJECT-TYPE 975 SYNTAX CspTcpPolicyEntry 976 MAX-ACCESS not-accessible 977 STATUS current 978 DESCRIPTION 979 "TCP Policy configuration entry. Each entry defines 980 a set of TCP protocol parameters. A policy can be 981 applied to one or more proxy services." 982 INDEX { cspTpPolicyName } 983 ::= { cspTcpPolicyTable 1 } 984 985CspTcpPolicyEntry ::= SEQUENCE { 986 cspTpPolicyName SnmpAdminString, 987 cspTpSynTimeOut Integer32, 988 cspTpInActivityTimeOut Integer32, 989 cspTpNagleAlgo TruthValue, 990 cspTpFinWaitTimeOut Integer32, 991 cspTpReassemTimeOut Integer32, 992 cspTpRcvBufShrLim Integer32, 993 cspTpTransBufShrLim Integer32, 994 cspTpMss Integer32, 995 cspTpPathMtuDisc TruthValue, 996 cspTpConfigRowStatus RowStatus 997} 998 999cspTpPolicyName OBJECT-TYPE 1000 SYNTAX SnmpAdminString (SIZE (1..255)) 1001 MAX-ACCESS not-accessible 1002 STATUS current 1003 DESCRIPTION 1004 "The unique name of a TCP policy." 1005 ::= { cspTcpPolicyEntry 1 } 1006 1007cspTpSynTimeOut OBJECT-TYPE 1008 SYNTAX Integer32 (0..3600) 1009 UNITS "seconds" 1010 MAX-ACCESS read-create 1011 STATUS current 1012 DESCRIPTION 1013 "The TCP connection SYN timeout value. This is the 1014 amount of time the SSL proxy waits before failing the 1015 connection establishment attempt." 1016 DEFVAL { 75 } 1017 ::= { cspTcpPolicyEntry 2 } 1018 1019cspTpInActivityTimeOut OBJECT-TYPE 1020 SYNTAX Integer32 (0..3600) 1021 UNITS "seconds" 1022 MAX-ACCESS read-create 1023 STATUS current 1024 DESCRIPTION 1025 "The TCP connection inactivity timeout value. This is 1026 the amount of time the SSL proxy waits for the next 1027 packet to arrive on a TCP connection, if no packet is 1028 received within this period then the connection is 1029 considered to be inactive and aborted." 1030 DEFVAL { 600 } 1031 ::= { cspTcpPolicyEntry 3 } 1032 1033cspTpNagleAlgo OBJECT-TYPE 1034 SYNTAX TruthValue 1035 MAX-ACCESS read-create 1036 STATUS current 1037 DESCRIPTION 1038 "If 'true', the Nagle Algorithm is enabled during the 1039 SSL or TLS data phase to concatenate a number of small 1040 messages to avoid sending small messages into the 1041 network." 1042 REFERENCE 1043 "RFC 896, Congestion Control in IP/TCP Internetworks" 1044 ::= { cspTcpPolicyEntry 4 } 1045 1046cspTpFinWaitTimeOut OBJECT-TYPE 1047 SYNTAX Integer32 (0..3600) 1048 UNITS "seconds" 1049 MAX-ACCESS read-create 1050 STATUS current 1051 DESCRIPTION 1052 "The TCP connection FIN-WAIT2 state timeout value. 1053 This is the amount of time the SSL proxy waits 1054 for a FIN from the peer after it has initiated close 1055 and is in FIN-WAIT2 state." 1056 DEFVAL { 75 } 1057 ::= { cspTcpPolicyEntry 5 } 1058 1059cspTpReassemTimeOut OBJECT-TYPE 1060 SYNTAX Integer32 (0..3600) 1061 UNITS "seconds" 1062 MAX-ACCESS read-create 1063 STATUS current 1064 DESCRIPTION 1065 "The TCP connection reassembly timeout value. This is 1066 the amount of time the SSL proxy waits during the TCP 1067 out of order traffic reassembly process for the next 1068 expected in sequence segment to arrive." 1069 DEFVAL { 600 } 1070 ::= { cspTcpPolicyEntry 6 } 1071 1072cspTpRcvBufShrLim OBJECT-TYPE 1073 SYNTAX Integer32 (8192..262144) 1074 UNITS "bytes" 1075 MAX-ACCESS read-create 1076 STATUS current 1077 DESCRIPTION 1078 "The receive buffer share limit per connection. This 1079 is used by SSL proxy to calculate the maximum window 1080 to advertise during the 3 way handshake, and is also 1081 the maximum share of the receive buffer pool that 1082 would be allocated for this connection." 1083 DEFVAL { 32768 } 1084 ::= { cspTcpPolicyEntry 7 } 1085 1086cspTpTransBufShrLim OBJECT-TYPE 1087 SYNTAX Integer32 (8192..262144) 1088 UNITS "bytes" 1089 MAX-ACCESS read-create 1090 STATUS current 1091 DESCRIPTION 1092 "The transmit buffer share limit per connection. This 1093 is the maximum share of the send buffer pool that 1094 would be allocated for this connection." 1095 DEFVAL { 32768 } 1096 ::= { cspTcpPolicyEntry 8 } 1097 1098cspTpMss OBJECT-TYPE 1099 SYNTAX Integer32 (256..1460) 1100 UNITS "bytes" 1101 MAX-ACCESS read-create 1102 STATUS current 1103 DESCRIPTION 1104 "The TCP maximum segment size. This is the MSS value 1105 offered by the SSL proxy during 3-way handshake" 1106 DEFVAL { 1460 } 1107 ::= { cspTcpPolicyEntry 9 } 1108 1109cspTpPathMtuDisc OBJECT-TYPE 1110 SYNTAX TruthValue 1111 MAX-ACCESS read-create 1112 STATUS current 1113 DESCRIPTION 1114 "If 'true', the Path MTU Discovery algorithm is 1115 enabled." 1116 ::= { cspTcpPolicyEntry 10 } 1117 1118cspTpConfigRowStatus OBJECT-TYPE 1119 SYNTAX RowStatus 1120 MAX-ACCESS read-create 1121 STATUS current 1122 DESCRIPTION 1123 "The conceptual row status of the TCP policy 1124 configuration entry. This entry can be modified when 1125 the status is 'active'." 1126 ::= { cspTcpPolicyEntry 11 } 1127 1128 1129-- The SSL Policy configuration entries 1130 1131cspSslPolicyTable OBJECT-TYPE 1132 SYNTAX SEQUENCE OF CspSslPolicyEntry 1133 MAX-ACCESS not-accessible 1134 STATUS current 1135 DESCRIPTION 1136 "A list of SSL protocol policy configuration entries." 1137 ::= { cspSslPolicyConfig 1 } 1138 1139cspSslPolicyEntry OBJECT-TYPE 1140 SYNTAX CspSslPolicyEntry 1141 MAX-ACCESS not-accessible 1142 STATUS current 1143 DESCRIPTION 1144 "A SSL policy defines a set of cipher suites to be 1145 supported, and the SSL or TLS protocol parameters. 1146 Each policy can be assigned to one or more proxy 1147 services. 1148 1149 If no SSL policy is assigned to a proxy service, all 1150 supported cipher suites and all protocol versions 1151 will be enabled by default." 1152 INDEX { cspSpPolicyName } 1153 ::= { cspSslPolicyTable 1 } 1154 1155CspSslPolicyEntry ::= SEQUENCE { 1156 cspSpPolicyName SnmpAdminString, 1157 cspSpRSArc4128md5 TruthValue, 1158 cspSpRSArc4128sha TruthValue, 1159 cspSpRSAdescbcsha TruthValue, 1160 cspSpRSA3descbcsha TruthValue, 1161 cspSpProtocol INTEGER, 1162 cspSpCloseProtocol TruthValue, 1163 cspSpSessionCache Integer32, 1164 cspSpSessionTimeOut Integer32, 1165 cspSpConfigRowStatus RowStatus 1166} 1167 1168cspSpPolicyName OBJECT-TYPE 1169 SYNTAX SnmpAdminString (SIZE (1..255)) 1170 MAX-ACCESS not-accessible 1171 STATUS current 1172 DESCRIPTION 1173 "The unique name of a SSL protocol policy." 1174 ::= { cspSslPolicyEntry 1 } 1175 1176cspSpRSArc4128md5 OBJECT-TYPE 1177 SYNTAX TruthValue 1178 MAX-ACCESS read-create 1179 STATUS current 1180 DESCRIPTION 1181 "An indication of whether or not the cipher suite 1182 RSA_WITH_RC4_128_MD5 is configured. If 'true', the 1183 cipher suite is configured." 1184 ::= { cspSslPolicyEntry 2 } 1185 1186cspSpRSArc4128sha OBJECT-TYPE 1187 SYNTAX TruthValue 1188 MAX-ACCESS read-create 1189 STATUS current 1190 DESCRIPTION 1191 "An indication of whether or not the cipher suite 1192 RSA_WITH_RC4_128_SHA is configured. If 'true', the 1193 cipher suite is configured." 1194 ::= { cspSslPolicyEntry 3 } 1195 1196cspSpRSAdescbcsha OBJECT-TYPE 1197 SYNTAX TruthValue 1198 MAX-ACCESS read-create 1199 STATUS current 1200 DESCRIPTION 1201 "An indication of whether or not the cipher suite 1202 RSA_WITH_DES_CBC_SHA is configured. If 'true', the 1203 cipher suite is configured." 1204 ::= { cspSslPolicyEntry 4 } 1205 1206cspSpRSA3descbcsha OBJECT-TYPE 1207 SYNTAX TruthValue 1208 MAX-ACCESS read-create 1209 STATUS current 1210 DESCRIPTION 1211 "An indication of whether or not the cipher suite 1212 RSA_WITH_3DES_EDE_CBC_SHA is configured. If 'true', 1213 the cipher suite is configured." 1214 ::= { cspSslPolicyEntry 5 } 1215 1216cspSpProtocol OBJECT-TYPE 1217 SYNTAX INTEGER { 1218 other(1), -- Other protocol 1219 ssl3(2), -- SSL 3.0 protocol 1220 tls1(3), -- TLS 1.0 protocol 1221 ssl3AndTls1(4) 1222 } 1223 MAX-ACCESS read-create 1224 STATUS current 1225 DESCRIPTION 1226 "The set of SSL and TLS protocols to be supported. 1227 1228 The following values are defined: 1229 other(1) : An unspecified protocol, 1230 SSL 3.0(2) : Support SSL 3.0 protocol only, 1231 TLS 1.0(3) : Support TLS 1.0 protocol only, 1232 ssl3AndTls1(3) : Support both SSL 3.0 and TLS 1.0" 1233 REFERENCE 1234 "1. RFC 2246, The TLS Protocol Version 1.0. 1235 2. IETF Draft <draft-freier-ssl-version3-02.txt>, 1236 The SSL Protocol Version 3.0" 1237 ::= { cspSslPolicyEntry 6 } 1238 1239cspSpCloseProtocol OBJECT-TYPE 1240 SYNTAX TruthValue 1241 MAX-ACCESS read-create 1242 STATUS current 1243 DESCRIPTION 1244 "An indication of whether or not the SSL close protocol 1245 is enforced. 1246 1247 If 'true', the close protocol is enforced. A 1248 close-notify alert message is sent to the peer, and a 1249 close-notify alert message is expected from the peer. 1250 1251 If 'false', the close protocol is not enforced. The 1252 proxy service sends a close-notify alert message to 1253 the peer; however, the proxy service does not expect 1254 a close-notify alert from the peer before tearing down 1255 the session." 1256 DEFVAL { false } 1257 ::= { cspSslPolicyEntry 7 } 1258 1259cspSpSessionCache OBJECT-TYPE 1260 SYNTAX Integer32 (1..262143) 1261 UNITS "bytes" 1262 MAX-ACCESS read-create 1263 STATUS current 1264 DESCRIPTION 1265 "The SSL session cache size. The session cache is used 1266 to store a number of most recently used session 1267 identifiers. 1268 1269 Session identifiers can be reused if a new connection 1270 requests to use a session identifier that is found in 1271 the cache. This object specifies the maximum size of 1272 the cache." 1273 ::= { cspSslPolicyEntry 8 } 1274 1275cspSpSessionTimeOut OBJECT-TYPE 1276 SYNTAX Integer32 (0..72000) 1277 UNITS "seconds" 1278 MAX-ACCESS read-create 1279 STATUS current 1280 DESCRIPTION 1281 "The SSL session timeout value. The session entry 1282 will be removed from the session cache after the 1283 configured timeout. Once the session entry is 1284 removed, subsequent connections cannot reuse the 1285 session. 1286 1287 If this timeout value is 0, entries in the session 1288 cache will not timeout." 1289 DEFVAL { 0 } 1290 ::= { cspSslPolicyEntry 9 } 1291 1292cspSpConfigRowStatus OBJECT-TYPE 1293 SYNTAX RowStatus 1294 UNITS "seconds" 1295 MAX-ACCESS read-create 1296 STATUS current 1297 DESCRIPTION 1298 "The row status of the SSL policy configuration entry. 1299 This entry can be modified when the status is 'active'." 1300 ::= { cspSslPolicyEntry 10 } 1301 1302 1303 1304-- The TCP Counters 1305 1306cspTcpCountersClearTime OBJECT-TYPE 1307 SYNTAX TimeStamp 1308 MAX-ACCESS read-only 1309 STATUS current 1310 DESCRIPTION 1311 "The last time when the TCP counters were cleared. 1312 1313 If the proxy device does not allow these counters to be 1314 cleared, the timestamp should have a value of zero." 1315 ::= { cspTcpCountersInfo 1 } 1316 1317-- The TCP Global Counter group 1318 1319cspTcConnInit OBJECT-TYPE 1320 SYNTAX Counter32 1321 UNITS "number of connections" 1322 MAX-ACCESS read-only 1323 STATUS current 1324 DESCRIPTION 1325 "The total number of TCP connections initiated by the 1326 proxy device." 1327 ::= { cspTcpCounters 1 } 1328 1329cspTcConnAccept OBJECT-TYPE 1330 SYNTAX Counter32 1331 UNITS "number of connections" 1332 MAX-ACCESS read-only 1333 STATUS current 1334 DESCRIPTION 1335 "The total number of TCP connections accepted by the 1336 proxy device." 1337 ::= { cspTcpCounters 2 } 1338 1339cspTcConnEstab OBJECT-TYPE 1340 SYNTAX Counter32 1341 UNITS "number of connections" 1342 MAX-ACCESS read-only 1343 STATUS current 1344 DESCRIPTION 1345 "The total number of TCP connections established." 1346 ::= { cspTcpCounters 3 } 1347 1348cspTcConnDrop OBJECT-TYPE 1349 SYNTAX Counter32 1350 UNITS "number of connections" 1351 MAX-ACCESS read-only 1352 STATUS current 1353 DESCRIPTION 1354 "The total number of TCP connections dropped." 1355 ::= { cspTcpCounters 4 } 1356 1357cspTcConnClosed OBJECT-TYPE 1358 SYNTAX Counter32 1359 UNITS "number of connections" 1360 MAX-ACCESS read-only 1361 STATUS current 1362 DESCRIPTION 1363 "The total number of TCP connections closed." 1364 ::= { cspTcpCounters 5 } 1365 1366cspTcSynTimeOuts OBJECT-TYPE 1367 SYNTAX Counter32 1368 MAX-ACCESS read-only 1369 STATUS current 1370 DESCRIPTION 1371 "The total number of SYN timeouts." 1372 ::= { cspTcpCounters 6 } 1373 1374cspTcIdleTimeOuts OBJECT-TYPE 1375 SYNTAX Counter32 1376 MAX-ACCESS read-only 1377 STATUS current 1378 DESCRIPTION 1379 "The total number of idle timeouts." 1380 ::= { cspTcpCounters 7 } 1381 1382cspTcTotalPktSent OBJECT-TYPE 1383 SYNTAX Counter32 1384 UNITS "number of packets" 1385 MAX-ACCESS read-only 1386 STATUS current 1387 DESCRIPTION 1388 "The total number of TCP packets sent." 1389 ::= { cspTcpCounters 8 } 1390 1391cspTcDataPktSent OBJECT-TYPE 1392 SYNTAX Counter32 1393 UNITS "number of packets" 1394 MAX-ACCESS read-only 1395 STATUS current 1396 DESCRIPTION 1397 "The total number of TCP data packets sent." 1398 ::= { cspTcpCounters 9 } 1399 1400cspTcDataByteSent OBJECT-TYPE 1401 SYNTAX Counter32 1402 UNITS "bytes" 1403 MAX-ACCESS read-only 1404 STATUS current 1405 DESCRIPTION 1406 "The total amount of data sent." 1407 ::= { cspTcpCounters 10 } 1408 1409cspTcTotalPktRcv OBJECT-TYPE 1410 SYNTAX Counter32 1411 UNITS "number of packets" 1412 MAX-ACCESS read-only 1413 STATUS current 1414 DESCRIPTION 1415 "The total number of TCP packets received." 1416 ::= { cspTcpCounters 11 } 1417 1418cspTcPktRcvSeq OBJECT-TYPE 1419 SYNTAX Counter32 1420 UNITS "number of packets" 1421 MAX-ACCESS read-only 1422 STATUS current 1423 DESCRIPTION 1424 "The total number of TCP data packets received in 1425 sequence." 1426 ::= { cspTcpCounters 12 } 1427 1428cspTcByteRcvSeq OBJECT-TYPE 1429 SYNTAX Counter32 1430 UNITS "bytes" 1431 MAX-ACCESS read-only 1432 STATUS current 1433 DESCRIPTION 1434 "The total amount of data received in sequence." 1435 ::= { cspTcpCounters 13 } 1436 1437-- The SSL Counters 1438-- 1439 1440-- Last time the SSL counters were cleared 1441 1442cspSslCountersClearTime OBJECT-TYPE 1443 SYNTAX TimeStamp 1444 MAX-ACCESS read-only 1445 STATUS current 1446 DESCRIPTION 1447 "The last time when the SSL counters were cleared. 1448 1449 If the proxy device does not allow these counters to be 1450 cleared, the timestamp should have a value of zero." 1451 ::= { cspSslCountersInfo 1 } 1452 1453-- The SSL Global Counters group 1454 1455cspScConnAttempt OBJECT-TYPE 1456 SYNTAX Counter32 1457 UNITS "number of connections" 1458 MAX-ACCESS read-only 1459 STATUS current 1460 DESCRIPTION 1461 "The total number of SSL connections attempted." 1462 ::= { cspSslCounters 1 } 1463 1464cspScConnComplete OBJECT-TYPE 1465 SYNTAX Counter32 1466 UNITS "number of connections" 1467 MAX-ACCESS read-only 1468 STATUS current 1469 DESCRIPTION 1470 "The total number of SSL connections completed." 1471 ::= { cspSslCounters 2 } 1472 1473cspScConnInHandShake OBJECT-TYPE 1474 SYNTAX Gauge32 1475 UNITS "number of connections" 1476 MAX-ACCESS read-only 1477 STATUS current 1478 DESCRIPTION 1479 "The number of SSL connections currently in handshake 1480 phase." 1481 ::= { cspSslCounters 3 } 1482 1483cspScConnInDataPhase OBJECT-TYPE 1484 SYNTAX Gauge32 1485 UNITS "number of connections" 1486 MAX-ACCESS read-only 1487 STATUS current 1488 DESCRIPTION 1489 "The number of SSL connections currently in data phase." 1490 ::= { cspSslCounters 4 } 1491 1492cspScRenegAttempt OBJECT-TYPE 1493 SYNTAX Counter32 1494 MAX-ACCESS read-only 1495 STATUS current 1496 DESCRIPTION 1497 "The total number of SSL renegotiations attempted." 1498 ::= { cspSslCounters 5 } 1499 1500cspScConnInReneg OBJECT-TYPE 1501 SYNTAX Gauge32 1502 UNITS "number of connections" 1503 MAX-ACCESS read-only 1504 STATUS current 1505 DESCRIPTION 1506 "The number of SSL connections currently in 1507 renegotiation phase" 1508 ::= { cspSslCounters 6 } 1509 1510cspScActiveSessions OBJECT-TYPE 1511 SYNTAX Gauge32 1512 MAX-ACCESS read-only 1513 STATUS current 1514 DESCRIPTION 1515 "The number of active SSL sessions. This number 1516 indicates the number of valid session entries in 1517 the session cache." 1518 ::= { cspSslCounters 7 } 1519 1520cspScMaxHandShakeConns OBJECT-TYPE 1521 SYNTAX Gauge32 1522 MAX-ACCESS read-only 1523 STATUS current 1524 DESCRIPTION 1525 "This indicates the maximum number of connections 1526 present in handshake phase at any point of time" 1527 ::= { cspSslCounters 8 } 1528 1529cspScCurrDeviceQLen OBJECT-TYPE 1530 SYNTAX Gauge32 1531 MAX-ACCESS read-only 1532 STATUS current 1533 DESCRIPTION 1534 "The current device queue length. Indicates the number 1535 of requests pending with the device." 1536 ::= { cspSslCounters 9 } 1537 1538cspScMaxDeviceQLen OBJECT-TYPE 1539 SYNTAX Gauge32 1540 MAX-ACCESS read-only 1541 STATUS current 1542 DESCRIPTION 1543 "The maximum device queue length recorded. Indicates 1544 the maximum number of requests queued to the device 1545 at any point of time." 1546 ::= { cspSslCounters 10 } 1547 1548cspScSessionReuses OBJECT-TYPE 1549 SYNTAX Counter32 1550 MAX-ACCESS read-only 1551 STATUS current 1552 DESCRIPTION 1553 "The number of session reuses. Indicates the number 1554 of times the sessions got reused before the session 1555 timer expired." 1556 ::= { cspSslCounters 11 } 1557 1558-- The SSL 3.0 Protocol Counters group 1559 1560cspS3cFullHandShake OBJECT-TYPE 1561 SYNTAX Counter32 1562 MAX-ACCESS read-only 1563 STATUS current 1564 DESCRIPTION 1565 "The total number of full SSL 3.0 handshakes completed." 1566 ::= { cspSsl3Counters 1 } 1567 1568cspS3cResumedHandShake OBJECT-TYPE 1569 SYNTAX Counter32 1570 MAX-ACCESS read-only 1571 STATUS current 1572 DESCRIPTION 1573 "The total number of SSL 3.0 resumed handshakes 1574 completed." 1575 ::= { cspSsl3Counters 2 } 1576 1577cspS3cHandShakeFailed OBJECT-TYPE 1578 SYNTAX Counter32 1579 MAX-ACCESS read-only 1580 STATUS current 1581 DESCRIPTION 1582 "The total number of SSL 3.0 connections failed in 1583 handshake phase." 1584 ::= { cspSsl3Counters 3 } 1585 1586cspS3cDataFailed OBJECT-TYPE 1587 SYNTAX Counter32 1588 MAX-ACCESS read-only 1589 STATUS current 1590 DESCRIPTION 1591 "The total number of SSL 3.0 sessions failed in 1592 data phase." 1593 ::= { cspSsl3Counters 4 } 1594 1595cspS3cBadMacRcvd OBJECT-TYPE 1596 SYNTAX Counter32 1597 MAX-ACCESS read-only 1598 STATUS current 1599 DESCRIPTION 1600 "The total number of received SSL 3.0 records 1601 which have bad MAC (Message Authentication Code)." 1602 ::= { cspSsl3Counters 5 } 1603 1604cspS3cPadErrors OBJECT-TYPE 1605 SYNTAX Counter32 1606 MAX-ACCESS read-only 1607 STATUS current 1608 DESCRIPTION 1609 "The total number of received SSL 3.0 records 1610 which have pad errors." 1611 ::= { cspSsl3Counters 6 } 1612 1613cspS3cRSArc4128md5 OBJECT-TYPE 1614 SYNTAX Counter32 1615 UNITS "number of connections" 1616 MAX-ACCESS read-only 1617 STATUS current 1618 DESCRIPTION 1619 "The total number of SSL 3.0 connections which used 1620 cipher suite RSA_WITH_RC4_128_MD5." 1621 ::= { cspSsl3Counters 7 } 1622 1623cspS3cRSArc4128sha OBJECT-TYPE 1624 SYNTAX Counter32 1625 UNITS "number of connections" 1626 MAX-ACCESS read-only 1627 STATUS current 1628 DESCRIPTION 1629 "The total number of SSL 3.0 connections which used 1630 cipher suite RSA_WITH_RC4_128_SHA." 1631 ::= { cspSsl3Counters 8 } 1632 1633cspS3cRSAdescbcsha OBJECT-TYPE 1634 SYNTAX Counter32 1635 UNITS "number of connections" 1636 MAX-ACCESS read-only 1637 STATUS current 1638 DESCRIPTION 1639 "The total number of SSL 3.0 connections which used 1640 cipher suite RSA_WITH_DES_CBC_SHA." 1641 ::= { cspSsl3Counters 9 } 1642 1643cspS3cRSA3desedecbcsha OBJECT-TYPE 1644 SYNTAX Counter32 1645 UNITS "number of connections" 1646 MAX-ACCESS read-only 1647 STATUS current 1648 DESCRIPTION 1649 "The total number of SSL 3.0 connections which used 1650 cipher suite RSA_WITH_3DES_EDE_CBC_SHA." 1651 ::= { cspSsl3Counters 10 } 1652 1653-- The TLS 1.0 Protocol Counters group 1654 1655cspTlcFullHandShake OBJECT-TYPE 1656 SYNTAX Counter32 1657 MAX-ACCESS read-only 1658 STATUS current 1659 DESCRIPTION 1660 "The total number of full TLS 1.0 handshakes completed." 1661 ::= { cspTls1Counters 1 } 1662 1663cspTlcResumedHandShake OBJECT-TYPE 1664 SYNTAX Counter32 1665 MAX-ACCESS read-only 1666 STATUS current 1667 DESCRIPTION 1668 "The total number of resumed TLS 1.0 handshakes 1669 completed." 1670 ::= { cspTls1Counters 2 } 1671 1672cspTlcHandShakeFailed OBJECT-TYPE 1673 SYNTAX Counter32 1674 UNITS "number of connections" 1675 MAX-ACCESS read-only 1676 STATUS current 1677 DESCRIPTION 1678 "The total number of TLS 1.0 connections failed in 1679 handshake phase." 1680 ::= { cspTls1Counters 3 } 1681 1682cspTlcDataFailed OBJECT-TYPE 1683 SYNTAX Counter32 1684 UNITS "number of connections" 1685 MAX-ACCESS read-only 1686 STATUS current 1687 DESCRIPTION 1688 "The total number of TLS 1.0 connections failed in 1689 data phase." 1690 ::= { cspTls1Counters 4 } 1691 1692cspTlcBadMacRcvd OBJECT-TYPE 1693 SYNTAX Counter32 1694 MAX-ACCESS read-only 1695 STATUS current 1696 DESCRIPTION 1697 "The total number of received TLS 1.0 records 1698 which have bad MAC (Message Authentication Code." 1699 ::= { cspTls1Counters 5 } 1700 1701cspTlcPadErrors OBJECT-TYPE 1702 SYNTAX Counter32 1703 MAX-ACCESS read-only 1704 STATUS current 1705 DESCRIPTION 1706 "The total number of received TLS 1.0 records 1707 which have pad errors." 1708 ::= { cspTls1Counters 6 } 1709 1710cspTlcRSArc4128md5 OBJECT-TYPE 1711 SYNTAX Counter32 1712 UNITS "number of connections" 1713 MAX-ACCESS read-only 1714 STATUS current 1715 DESCRIPTION 1716 "The total number of TLS 1.0 connections which used 1717 the cipher suite RSA_WITH_RC4_128_MD5." 1718 ::= { cspTls1Counters 7 } 1719 1720cspTlcRSArc4128sha OBJECT-TYPE 1721 SYNTAX Counter32 1722 UNITS "number of connections" 1723 MAX-ACCESS read-only 1724 STATUS current 1725 DESCRIPTION 1726 "The total number of TLS 1.0 connections which used 1727 the cipher suite RSA_WITH_RC4_128_SHA." 1728 ::= { cspTls1Counters 8 } 1729 1730cspTlcRSAdescbcsha OBJECT-TYPE 1731 SYNTAX Counter32 1732 UNITS "number of connections" 1733 MAX-ACCESS read-only 1734 STATUS current 1735 DESCRIPTION 1736 "The total number of TLS 1.0 connections which used 1737 the cipher suite RSA_WITH_DES_CBC_SHA." 1738 ::= { cspTls1Counters 9 } 1739 1740cspTlcRSA3desedecbcsha OBJECT-TYPE 1741 SYNTAX Counter32 1742 UNITS "number of connections" 1743 MAX-ACCESS read-only 1744 STATUS current 1745 DESCRIPTION 1746 "The total number of TLS 1.0 connections which used 1747 the cipher suite RSA_WITH_3DES_EDE_CBC_SHA." 1748 ::= { cspTls1Counters 10 } 1749 1750-- The SSL Cryptographic Operations Counters group 1751 1752cspSccBlksEncrypted OBJECT-TYPE 1753 SYNTAX Counter32 1754 MAX-ACCESS read-only 1755 STATUS current 1756 DESCRIPTION 1757 "The total number of data blocks that got encrypted." 1758 ::= { cspSslCryptoCounters 1 } 1759 1760cspSccBlksDecrypted OBJECT-TYPE 1761 SYNTAX Counter32 1762 MAX-ACCESS read-only 1763 STATUS current 1764 DESCRIPTION 1765 "The total number of data blocks that got decrypted." 1766 ::= { cspSslCryptoCounters 2 } 1767 1768cspSccBytesEncrypted OBJECT-TYPE 1769 SYNTAX Counter32 1770 UNITS "bytes" 1771 MAX-ACCESS read-only 1772 STATUS current 1773 DESCRIPTION 1774 "The total number of bytes that got encrypted." 1775 ::= { cspSslCryptoCounters 3 } 1776 1777cspSccBytesDecrypted OBJECT-TYPE 1778 SYNTAX Counter32 1779 UNITS "bytes" 1780 MAX-ACCESS read-only 1781 STATUS current 1782 DESCRIPTION 1783 "The total number of bytes that got decrypted." 1784 ::= { cspSslCryptoCounters 4 } 1785 1786cspSccPublicKeyOpers OBJECT-TYPE 1787 SYNTAX Counter32 1788 MAX-ACCESS read-only 1789 STATUS current 1790 DESCRIPTION 1791 "The total number of RSA public key operations 1792 performed." 1793 ::= { cspSslCryptoCounters 5 } 1794 1795cspSccPrivateKeyOpers OBJECT-TYPE 1796 SYNTAX Counter32 1797 MAX-ACCESS read-only 1798 STATUS current 1799 DESCRIPTION 1800 "The total number of RSA private key operations 1801 performed." 1802 ::= { cspSslCryptoCounters 6 } 1803 1804cspSccCryptoFails OBJECT-TYPE 1805 SYNTAX Counter32 1806 MAX-ACCESS read-only 1807 STATUS current 1808 DESCRIPTION 1809 "The total number of failed cryptographic operations." 1810 ::= { cspSslCryptoCounters 7 } 1811 1812cspSccDmaErrors OBJECT-TYPE 1813 SYNTAX Counter32 1814 MAX-ACCESS read-only 1815 STATUS current 1816 DESCRIPTION 1817 "The total number of cryptographic device DMA errors." 1818 ::= { cspSslCryptoCounters 8 } 1819 1820-- The SSL Error Counters group 1821 1822cspSecSessAllocFailed OBJECT-TYPE 1823 SYNTAX Counter32 1824 MAX-ACCESS read-only 1825 STATUS current 1826 DESCRIPTION 1827 "The total number of times SSL session could not 1828 be allocated." 1829 ::= { cspSslErrorCounters 1 } 1830 1831cspSecSessLimitExceed OBJECT-TYPE 1832 SYNTAX Counter32 1833 MAX-ACCESS read-only 1834 STATUS current 1835 DESCRIPTION 1836 "The total number of times configured SSL session 1837 limit got exceeded. The new connections will be 1838 rejected if the session limit is exceeded." 1839 ::= { cspSslErrorCounters 2 } 1840 1841cspSecHShakeInitFailed OBJECT-TYPE 1842 SYNTAX Counter32 1843 MAX-ACCESS read-only 1844 STATUS current 1845 DESCRIPTION 1846 "The total number of times SSL connections failed 1847 even before the handshake phase got started. This 1848 typically indicates that there is some connectivity 1849 problem with the server." 1850 ::= { cspSslErrorCounters 3 } 1851 1852cspSecRenegFailed OBJECT-TYPE 1853 SYNTAX Counter32 1854 MAX-ACCESS read-only 1855 STATUS current 1856 DESCRIPTION 1857 "The total number of times SSL renegotiation failed." 1858 ::= { cspSslErrorCounters 4 } 1859 1860cspSecFatalAlertsRcvd OBJECT-TYPE 1861 SYNTAX Counter32 1862 MAX-ACCESS read-only 1863 STATUS current 1864 DESCRIPTION 1865 "The total number of fatal alerts received." 1866 REFERENCE 1867 "1. RFC 2246, The TLS Protocol Version 1.0, A.3. 1868 2. IETF Draft <draft-freier-ssl-version3-02.txt>, 1869 The SSL Protocol Version 3.0, A.3." 1870 ::= { cspSslErrorCounters 5 } 1871 1872cspSecFatalAlertsSent OBJECT-TYPE 1873 SYNTAX Counter32 1874 MAX-ACCESS read-only 1875 STATUS current 1876 DESCRIPTION 1877 "The total number of fatal alerts sent." 1878 REFERENCE 1879 "1. RFC 2246, The TLS Protocol Version 1.0, A.3. 1880 2. IETF Draft <draft-freier-ssl-version3-02.txt>, 1881 The SSL Protocol Version 3.0, A.3." 1882 ::= { cspSslErrorCounters 6 } 1883 1884cspSecNoCipherAlerts OBJECT-TYPE 1885 SYNTAX Counter32 1886 MAX-ACCESS read-only 1887 STATUS current 1888 DESCRIPTION 1889 "The total number of ALERT_HANDSHAKE_FAIL alerts sent 1890 due to unsupported cipher suites." 1891 REFERENCE 1892 "1. RFC 2246, The TLS Protocol Version 1.0, A.3. 1893 2. IETF Draft <draft-freier-ssl-version3-02.txt>, 1894 The SSL Protocol Version 3.0, A.3." 1895 ::= { cspSslErrorCounters 7 } 1896 1897cspSecVerMismatchAlerts OBJECT-TYPE 1898 SYNTAX Counter32 1899 MAX-ACCESS read-only 1900 STATUS current 1901 DESCRIPTION 1902 "The total number of ALERT_PROTOCOL_VERSION alerts 1903 sent due to unsupported version number." 1904 REFERENCE 1905 "1. RFC 2246, The TLS Protocol Version 1.0, A.3. 1906 2. IETF Draft <draft-freier-ssl-version3-02.txt>, 1907 The SSL Protocol Version 3.0, A.3." 1908 ::= { cspSslErrorCounters 8 } 1909 1910cspSecNoComprsnAlerts OBJECT-TYPE 1911 SYNTAX Counter32 1912 MAX-ACCESS read-only 1913 STATUS current 1914 DESCRIPTION 1915 "The total number of ALERT_HANDSHAKE_FAIL alerts sent 1916 due to unsupported compression scheme." 1917 REFERENCE 1918 "1. RFC 2246, The TLS Protocol Version 1.0, A.3. 1919 2. IETF Draft <draft-freier-ssl-version3-02.txt>, 1920 The SSL Protocol Version 3.0, A.3." 1921 ::= { cspSslErrorCounters 9 } 1922 1923cspSecHShakeHndleMemFail OBJECT-TYPE 1924 SYNTAX Counter32 1925 MAX-ACCESS read-only 1926 STATUS current 1927 DESCRIPTION 1928 "The total number of handshake handle memory allocation 1929 failure." 1930 ::= { cspSslErrorCounters 10 } 1931 1932cspSecStalePakDrop OBJECT-TYPE 1933 SYNTAX Counter32 1934 MAX-ACCESS read-only 1935 STATUS current 1936 DESCRIPTION 1937 "The total number of stale packets dropped. Indicates 1938 the number of packets received after the SSL connection 1939 is torn down." 1940 ::= { cspSslErrorCounters 11 } 1941 1942cspSecServiceIdDiscard OBJECT-TYPE 1943 SYNTAX Counter32 1944 MAX-ACCESS read-only 1945 STATUS current 1946 DESCRIPTION 1947 "The total number of connections rejected because of 1948 invalid service identifiers." 1949 ::= { cspSslErrorCounters 12 } 1950 1951cspSecHShakeLimitExceed OBJECT-TYPE 1952 SYNTAX Counter32 1953 MAX-ACCESS read-only 1954 STATUS current 1955 DESCRIPTION 1956 "The total number of times simultaneous handshake 1957 connection exceeded the capacity. The new connections 1958 will be rejected if the total number of simultaneous 1959 handshake connections exceeds the limit." 1960 ::= { cspSslErrorCounters 13 } 1961 1962cspSecDevConnCtxtFail OBJECT-TYPE 1963 SYNTAX Counter32 1964 MAX-ACCESS read-only 1965 STATUS current 1966 DESCRIPTION 1967 "The total number of times device context could not 1968 be allocated." 1969 ::= { cspSslErrorCounters 14 } 1970 1971cspSecMemAllocFailed OBJECT-TYPE 1972 SYNTAX Counter32 1973 MAX-ACCESS read-only 1974 STATUS current 1975 DESCRIPTION 1976 "The total number of times memory allocation failed." 1977 ::= { cspSslErrorCounters 15 } 1978 1979cspSecBuffAllocFailed OBJECT-TYPE 1980 SYNTAX Counter32 1981 MAX-ACCESS read-only 1982 STATUS current 1983 DESCRIPTION 1984 "The total number of times buffer allocation failed." 1985 ::= { cspSslErrorCounters 16 } 1986 1987cspSecAlertSendFailed OBJECT-TYPE 1988 SYNTAX Counter32 1989 MAX-ACCESS read-only 1990 STATUS current 1991 DESCRIPTION 1992 "The total number of failure to send alerts. This is 1993 typically because of the memory allocation failure." 1994 ::= { cspSslErrorCounters 17 } 1995 1996cspSecOverloadDropped OBJECT-TYPE 1997 SYNTAX Counter32 1998 MAX-ACCESS read-only 1999 STATUS current 2000 DESCRIPTION 2001 "The total number of connections rejected because 2002 of overload conditions. This indicates that the 2003 incoming rate is higher than what can be handled." 2004 ::= { cspSslErrorCounters 18 } 2005 2006cspSecConnAborted OBJECT-TYPE 2007 SYNTAX Counter32 2008 UNITS "number of connections" 2009 MAX-ACCESS read-only 2010 STATUS current 2011 DESCRIPTION 2012 "The total number of SSL connections aborted." 2013 ::= { cspSslErrorCounters 19 } 2014-- The Proxy Service Counters 2015-- 2016 2017-- The Proxy Service Global Counter table 2018 2019cspPsCountersTable OBJECT-TYPE 2020 SYNTAX SEQUENCE OF CspPsCounterEntry 2021 MAX-ACCESS not-accessible 2022 STATUS current 2023 DESCRIPTION 2024 "A list of proxy service global counter entries" 2025 ::= { cspPsCounters 1 } 2026 2027cspPsCounterEntry OBJECT-TYPE 2028 SYNTAX CspPsCounterEntry 2029 MAX-ACCESS not-accessible 2030 STATUS current 2031 DESCRIPTION 2032 "The proxy service global counter entry. Each entry 2033 displays the global SSL counters collected for a proxy 2034 service." 2035 INDEX { 2036 cspPsName, 2037 cspPsListIndex 2038 } 2039 ::= { cspPsCountersTable 1 } 2040 2041CspPsCounterEntry ::= SEQUENCE { 2042 cspPscClearTime TimeStamp, 2043 cspPscConnAttempt Counter32, 2044 cspPscConnComplete Counter32, 2045 cspPscFullHandShake Counter32, 2046 cspPscResumedHandShake Counter32, 2047 cspPscConnInHandShake Gauge32, 2048 cspPscConnInDataPhase Gauge32, 2049 cspPscRenegAttempt Counter32, 2050 cspPscConnInReneg Gauge32, 2051 cspPscBlksEncrypted Counter32, 2052 cspPscBlksDecrypted Counter32, 2053 cspPscBytesEncrypted Counter32, 2054 cspPscBytesDecrypted Counter32, 2055 cspPscValidSessions Counter32, 2056 cspPscSessLimitExceed Counter32, 2057 cspPscHandShakeFailed Counter32, 2058 cspPscDataFailed Counter32, 2059 cspPscFatalAlertsRcvd Counter32, 2060 cspPscFatalAlertsSent Counter32, 2061 cspPscBadMacRcvd Counter32, 2062 cspPscPadErrors Counter32, 2063 cspPscNoCipherAlerts Counter32, 2064 cspPscNoComprsnAlerts Counter32, 2065 cspPscVerMismatchAlerts Counter32 2066} 2067 2068cspPscClearTime OBJECT-TYPE 2069 SYNTAX TimeStamp 2070 MAX-ACCESS read-only 2071 STATUS current 2072 DESCRIPTION 2073 "The last time when counters in this entry were 2074 cleared. 2075 2076 If the proxy device does not allow these counters to be 2077 cleared, the timestamp should have a value of zero." 2078 ::= { cspPsCounterEntry 1 } 2079 2080cspPscConnAttempt OBJECT-TYPE 2081 SYNTAX Counter32 2082 UNITS "number of connections" 2083 MAX-ACCESS read-only 2084 STATUS current 2085 DESCRIPTION 2086 "The total number of SSL connections attempted." 2087 ::= { cspPsCounterEntry 2 } 2088 2089cspPscConnComplete OBJECT-TYPE 2090 SYNTAX Counter32 2091 UNITS "number of connections" 2092 MAX-ACCESS read-only 2093 STATUS current 2094 DESCRIPTION 2095 "The total number of SSL connections completed." 2096 ::= { cspPsCounterEntry 3 } 2097 2098cspPscFullHandShake OBJECT-TYPE 2099 SYNTAX Counter32 2100 MAX-ACCESS read-only 2101 STATUS current 2102 DESCRIPTION 2103 "The total number of full handshakes completed." 2104 ::= { cspPsCounterEntry 4 } 2105 2106cspPscResumedHandShake OBJECT-TYPE 2107 SYNTAX Counter32 2108 MAX-ACCESS read-only 2109 STATUS current 2110 DESCRIPTION 2111 "The total number of resumed handshakes completed." 2112 ::= { cspPsCounterEntry 5 } 2113 2114cspPscConnInHandShake OBJECT-TYPE 2115 SYNTAX Gauge32 2116 UNITS "number of connections" 2117 MAX-ACCESS read-only 2118 STATUS current 2119 DESCRIPTION 2120 "The number of connections currently in handshake 2121 phase." 2122 ::= { cspPsCounterEntry 6 } 2123 2124cspPscConnInDataPhase OBJECT-TYPE 2125 SYNTAX Gauge32 2126 UNITS "number of connections" 2127 MAX-ACCESS read-only 2128 STATUS current 2129 DESCRIPTION 2130 "The number of connections currently in data phase." 2131 ::= { cspPsCounterEntry 7 } 2132 2133cspPscRenegAttempt OBJECT-TYPE 2134 SYNTAX Counter32 2135 MAX-ACCESS read-only 2136 STATUS current 2137 DESCRIPTION 2138 "The total number of SSL renegotiations attempted." 2139 ::= { cspPsCounterEntry 8 } 2140 2141cspPscConnInReneg OBJECT-TYPE 2142 SYNTAX Gauge32 2143 UNITS "number of connections" 2144 MAX-ACCESS read-only 2145 STATUS current 2146 DESCRIPTION 2147 "The number of connections currently in renegotiation 2148 phase." 2149 ::= { cspPsCounterEntry 9 } 2150 2151cspPscBlksEncrypted OBJECT-TYPE 2152 SYNTAX Counter32 2153 MAX-ACCESS read-only 2154 STATUS current 2155 DESCRIPTION 2156 "The total number of data blocks that got encrypted." 2157 ::= { cspPsCounterEntry 10 } 2158 2159cspPscBlksDecrypted OBJECT-TYPE 2160 SYNTAX Counter32 2161 MAX-ACCESS read-only 2162 STATUS current 2163 DESCRIPTION 2164 "The total number of data blocks that got decrypted." 2165 ::= { cspPsCounterEntry 11 } 2166 2167cspPscBytesEncrypted OBJECT-TYPE 2168 SYNTAX Counter32 2169 UNITS "bytes" 2170 MAX-ACCESS read-only 2171 STATUS current 2172 DESCRIPTION 2173 "The total number of bytes that got encrypted." 2174 ::= { cspPsCounterEntry 12 } 2175 2176cspPscBytesDecrypted OBJECT-TYPE 2177 SYNTAX Counter32 2178 UNITS "bytes" 2179 MAX-ACCESS read-only 2180 STATUS current 2181 DESCRIPTION 2182 "The total number of bytes that got decrypted." 2183 ::= { cspPsCounterEntry 13 } 2184 2185cspPscValidSessions OBJECT-TYPE 2186 SYNTAX Counter32 2187 MAX-ACCESS read-only 2188 STATUS current 2189 DESCRIPTION 2190 "The total number of current valid sessions in the 2191 session cache." 2192 ::= { cspPsCounterEntry 14 } 2193 2194cspPscSessLimitExceed OBJECT-TYPE 2195 SYNTAX Counter32 2196 MAX-ACCESS read-only 2197 STATUS current 2198 DESCRIPTION 2199 "The total number of times configured SSL session 2200 limit got exceeded. The new connections will be 2201 rejected if the session limit is exceeded." 2202 ::= { cspPsCounterEntry 15 } 2203 2204cspPscHandShakeFailed OBJECT-TYPE 2205 SYNTAX Counter32 2206 MAX-ACCESS read-only 2207 STATUS current 2208 DESCRIPTION 2209 "The total number of times SSL connections failed 2210 in handshake phase." 2211 ::= { cspPsCounterEntry 16 } 2212 2213cspPscDataFailed OBJECT-TYPE 2214 SYNTAX Counter32 2215 MAX-ACCESS read-only 2216 STATUS current 2217 DESCRIPTION 2218 "The total number of times SSL connections failed 2219 in data phase." 2220 ::= { cspPsCounterEntry 17 } 2221 2222cspPscFatalAlertsRcvd OBJECT-TYPE 2223 SYNTAX Counter32 2224 MAX-ACCESS read-only 2225 STATUS current 2226 DESCRIPTION 2227 "The total number of fatal alerts received." 2228 ::= { cspPsCounterEntry 18 } 2229 2230cspPscFatalAlertsSent OBJECT-TYPE 2231 SYNTAX Counter32 2232 MAX-ACCESS read-only 2233 STATUS current 2234 DESCRIPTION 2235 "The total number of fatal alerts sent." 2236 ::= { cspPsCounterEntry 19 } 2237 2238cspPscBadMacRcvd OBJECT-TYPE 2239 SYNTAX Counter32 2240 MAX-ACCESS read-only 2241 STATUS current 2242 DESCRIPTION 2243 "The total number of received SSL records which 2244 have bad MAC (Message Authentication Code)." 2245 ::= { cspPsCounterEntry 20 } 2246 2247cspPscPadErrors OBJECT-TYPE 2248 SYNTAX Counter32 2249 MAX-ACCESS read-only 2250 STATUS current 2251 DESCRIPTION 2252 "The total number of received SSL records which 2253 have pad errors." 2254 ::= { cspPsCounterEntry 21 } 2255 2256cspPscNoCipherAlerts OBJECT-TYPE 2257 SYNTAX Counter32 2258 MAX-ACCESS read-only 2259 STATUS current 2260 DESCRIPTION 2261 "The total number of alerts sent due to unsupported 2262 cipher suites." 2263 ::= { cspPsCounterEntry 22 } 2264 2265cspPscNoComprsnAlerts OBJECT-TYPE 2266 SYNTAX Counter32 2267 MAX-ACCESS read-only 2268 STATUS current 2269 DESCRIPTION 2270 "The total number of alerts sent due to unsupported 2271 compression scheme." 2272 ::= { cspPsCounterEntry 23 } 2273 2274cspPscVerMismatchAlerts OBJECT-TYPE 2275 SYNTAX Counter32 2276 MAX-ACCESS read-only 2277 STATUS current 2278 DESCRIPTION 2279 "The total number of alerts sent due to unsupported 2280 SSL or TLS version." 2281 ::= { cspPsCounterEntry 24 } 2282 2283 2284-- The Proxy Service SSL 3.0 Protocol Counters 2285 2286cspPsSsl3CountersTable OBJECT-TYPE 2287 SYNTAX SEQUENCE OF CspPsSsl3CounterEntry 2288 MAX-ACCESS not-accessible 2289 STATUS current 2290 DESCRIPTION 2291 "A list of proxy service SSL 3.0 counter entries." 2292 ::= { cspPsSsl3Counters 1 } 2293 2294cspPsSsl3CounterEntry OBJECT-TYPE 2295 SYNTAX CspPsSsl3CounterEntry 2296 MAX-ACCESS not-accessible 2297 STATUS current 2298 DESCRIPTION 2299 "The proxy service SSL 3.0 counter entry. This entry 2300 reports the counters collected about the SSL 3.0 2301 protocol for each proxy service." 2302 INDEX { 2303 cspPsName, 2304 cspPsListIndex 2305 } 2306 ::= { cspPsSsl3CountersTable 1 } 2307 2308CspPsSsl3CounterEntry ::= SEQUENCE { 2309 cspPs3cClearTime TimeStamp, 2310 cspPs3cFullHandShake Counter32, 2311 cspPs3cResumedHandShake Counter32, 2312 cspPs3cHandShakeFailed Counter32, 2313 cspPs3cDataFailed Counter32, 2314 cspPs3cBadMacRcvd Counter32, 2315 cspPs3cPadErrors Counter32, 2316 cspPs3cRSArc4128md5 Counter32, 2317 cspPs3cRSArc4128sha Counter32, 2318 cspPs3cRSAdescbcsha Counter32, 2319 cspPs3cRSA3desedecbcsha Counter32 2320} 2321 2322cspPs3cClearTime OBJECT-TYPE 2323 SYNTAX TimeStamp 2324 MAX-ACCESS read-only 2325 STATUS current 2326 DESCRIPTION 2327 "The last time when counters in this entry were cleared. 2328 2329 If the proxy device does not allow these counters to be 2330 cleared, the timestamp should have the value of zero." 2331 ::= { cspPsSsl3CounterEntry 1 } 2332 2333cspPs3cFullHandShake OBJECT-TYPE 2334 SYNTAX Counter32 2335 MAX-ACCESS read-only 2336 STATUS current 2337 DESCRIPTION 2338 "The total number of SSL 3.0 full handshakes completed." 2339 ::= { cspPsSsl3CounterEntry 2 } 2340 2341cspPs3cResumedHandShake OBJECT-TYPE 2342 SYNTAX Counter32 2343 MAX-ACCESS read-only 2344 STATUS current 2345 DESCRIPTION 2346 "The total number of SSL 3.0 resumed handshakes 2347 completed." 2348 ::= { cspPsSsl3CounterEntry 3 } 2349 2350cspPs3cHandShakeFailed OBJECT-TYPE 2351 SYNTAX Counter32 2352 MAX-ACCESS read-only 2353 STATUS current 2354 DESCRIPTION 2355 "The total number of SSL 3.0 connections failed in 2356 handshake phase." 2357 ::= { cspPsSsl3CounterEntry 4 } 2358 2359cspPs3cDataFailed OBJECT-TYPE 2360 SYNTAX Counter32 2361 MAX-ACCESS read-only 2362 STATUS current 2363 DESCRIPTION 2364 "The total number of SSL 3.0 connections failed in 2365 data phase." 2366 ::= { cspPsSsl3CounterEntry 5 } 2367 2368cspPs3cBadMacRcvd OBJECT-TYPE 2369 SYNTAX Counter32 2370 MAX-ACCESS read-only 2371 STATUS current 2372 DESCRIPTION 2373 "The total number of received SSL 3.0 records 2374 which have bad MAC (Message Authentication Code)." 2375 ::= { cspPsSsl3CounterEntry 6 } 2376 2377cspPs3cPadErrors OBJECT-TYPE 2378 SYNTAX Counter32 2379 MAX-ACCESS read-only 2380 STATUS current 2381 DESCRIPTION 2382 "The total number of received SSL 3.0 records 2383 which have pad errors." 2384 ::= { cspPsSsl3CounterEntry 7 } 2385 2386cspPs3cRSArc4128md5 OBJECT-TYPE 2387 SYNTAX Counter32 2388 UNITS "number of connections" 2389 MAX-ACCESS read-only 2390 STATUS current 2391 DESCRIPTION 2392 "The total number of SSL 3.0 connections that used the 2393 cipher suite RSA_WITH_RC4_128_MD5." 2394 ::= { cspPsSsl3CounterEntry 8 } 2395 2396cspPs3cRSArc4128sha OBJECT-TYPE 2397 SYNTAX Counter32 2398 UNITS "number of connections" 2399 MAX-ACCESS read-only 2400 STATUS current 2401 DESCRIPTION 2402 "The total number of SSL 3.0 connections that used the 2403 cipher suite RSA_WITH_RC4_128_SHA." 2404 ::= { cspPsSsl3CounterEntry 9 } 2405 2406cspPs3cRSAdescbcsha OBJECT-TYPE 2407 SYNTAX Counter32 2408 UNITS "number of connections" 2409 MAX-ACCESS read-only 2410 STATUS current 2411 DESCRIPTION 2412 "The total number of SSL 3.0 connections that used the 2413 cipher suite RSA_WITH_DES_CBC_SHA." 2414 ::= { cspPsSsl3CounterEntry 10 } 2415 2416cspPs3cRSA3desedecbcsha OBJECT-TYPE 2417 SYNTAX Counter32 2418 UNITS "number of connections" 2419 MAX-ACCESS read-only 2420 STATUS current 2421 DESCRIPTION 2422 "The total number of SSL 3.0 connections that used the 2423 cipher suite RSA_WITH_3DES_EDE_CBC_SHA." 2424 ::= { cspPsSsl3CounterEntry 11 } 2425 2426 2427-- The Proxy Service TLS 1.0 Protocol Counters 2428 2429cspPsTls1CountersTable OBJECT-TYPE 2430 SYNTAX SEQUENCE OF CspPsTls1CounterEntry 2431 MAX-ACCESS not-accessible 2432 STATUS current 2433 DESCRIPTION 2434 "A list of proxy service TLS 1.0 counter entries." 2435 ::= { cspPsTls1Counters 1 } 2436 2437cspPsTls1CounterEntry OBJECT-TYPE 2438 SYNTAX CspPsTls1CounterEntry 2439 MAX-ACCESS not-accessible 2440 STATUS current 2441 DESCRIPTION 2442 "The proxy service TLS 1.0 counter entry. This entry 2443 displays counters collected about the TLS 1.0 protocol 2444 for each proxy service." 2445 INDEX { 2446 cspPsName, 2447 cspPsListIndex 2448 } 2449 ::= { cspPsTls1CountersTable 1 } 2450 2451CspPsTls1CounterEntry ::= SEQUENCE { 2452 cspPt1cClearTime TimeStamp, 2453 cspPt1cFullHandShake Counter32, 2454 cspPt1cResumedHandShake Counter32, 2455 cspPt1cHandShakeFailed Counter32, 2456 cspPt1cDataFailed Counter32, 2457 cspPt1cBadMacRcvd Counter32, 2458 cspPt1cPadErrors Counter32, 2459 cspPt1cRSArc4128md5 Counter32, 2460 cspPt1cRSArc4128sha Counter32, 2461 cspPt1cRSAdescbcsha Counter32, 2462 cspPt1cRSA3desedecbcsha Counter32 2463} 2464 2465cspPt1cClearTime OBJECT-TYPE 2466 SYNTAX TimeStamp 2467 MAX-ACCESS read-only 2468 STATUS current 2469 DESCRIPTION 2470 "The last time when counters in this entry were cleared. 2471 2472 If the proxy device does not allow these counters to be 2473 cleared, the timestamp should have a value of zero." 2474 ::= { cspPsTls1CounterEntry 1 } 2475 2476cspPt1cFullHandShake OBJECT-TYPE 2477 SYNTAX Counter32 2478 MAX-ACCESS read-only 2479 STATUS current 2480 DESCRIPTION 2481 "The total number of TLS 1.0 full handshakes completed." 2482 ::= { cspPsTls1CounterEntry 2 } 2483 2484cspPt1cResumedHandShake OBJECT-TYPE 2485 SYNTAX Counter32 2486 MAX-ACCESS read-only 2487 STATUS current 2488 DESCRIPTION 2489 "The total number of TLS 1.0 resumed handshakes 2490 completed." 2491 ::= { cspPsTls1CounterEntry 3 } 2492 2493cspPt1cHandShakeFailed OBJECT-TYPE 2494 SYNTAX Counter32 2495 MAX-ACCESS read-only 2496 STATUS current 2497 DESCRIPTION 2498 "The total number of TLS 1.0 connections failed in 2499 handshake phase." 2500 ::= { cspPsTls1CounterEntry 4 } 2501 2502cspPt1cDataFailed OBJECT-TYPE 2503 SYNTAX Counter32 2504 MAX-ACCESS read-only 2505 STATUS current 2506 DESCRIPTION 2507 "The total number of TLS 1.0 connections failed in 2508 data phase." 2509 ::= { cspPsTls1CounterEntry 5 } 2510 2511cspPt1cBadMacRcvd OBJECT-TYPE 2512 SYNTAX Counter32 2513 MAX-ACCESS read-only 2514 STATUS current 2515 DESCRIPTION 2516 "The total number of received TLS 1.0 records 2517 which have bad MAC (Message Authentication Code)." 2518 ::= { cspPsTls1CounterEntry 6 } 2519 2520cspPt1cPadErrors OBJECT-TYPE 2521 SYNTAX Counter32 2522 MAX-ACCESS read-only 2523 STATUS current 2524 DESCRIPTION 2525 "The total number of received TLS 1.0 records 2526 which have pad errors." 2527 ::= { cspPsTls1CounterEntry 7 } 2528 2529cspPt1cRSArc4128md5 OBJECT-TYPE 2530 SYNTAX Counter32 2531 UNITS "number of connections" 2532 MAX-ACCESS read-only 2533 STATUS current 2534 DESCRIPTION 2535 "The total number of TLS 1.0 connections that used the 2536 cipher suite RSA_WITH_RC4_128_MD5." 2537 ::= { cspPsTls1CounterEntry 8 } 2538 2539cspPt1cRSArc4128sha OBJECT-TYPE 2540 SYNTAX Counter32 2541 UNITS "number of connections" 2542 MAX-ACCESS read-only 2543 STATUS current 2544 DESCRIPTION 2545 "The total number of TLS 1.0 connections that used the 2546 cipher suite RSA_WITH_RC4_128_SHA." 2547 ::= { cspPsTls1CounterEntry 9 } 2548 2549cspPt1cRSAdescbcsha OBJECT-TYPE 2550 SYNTAX Counter32 2551 UNITS "number of connections" 2552 MAX-ACCESS read-only 2553 STATUS current 2554 DESCRIPTION 2555 "The total number of TLS 1.0 connections that used the 2556 cipher suite RSA_WITH_DES_CBC_SHA." 2557 ::= { cspPsTls1CounterEntry 10 } 2558 2559cspPt1cRSA3desedecbcsha OBJECT-TYPE 2560 SYNTAX Counter32 2561 UNITS "number of connections" 2562 MAX-ACCESS read-only 2563 STATUS current 2564 DESCRIPTION 2565 "The total number of TLS 1.0 connections that used the 2566 cipher suite RSA_WITH_3DES_EDE_CBC_SHA." 2567 ::= { cspPsTls1CounterEntry 11 } 2568 2569 2570-- The CPU Status Information 2571 2572cspCpuStatusTable OBJECT-TYPE 2573 SYNTAX SEQUENCE OF CspCpuStatusEntry 2574 MAX-ACCESS not-accessible 2575 STATUS current 2576 DESCRIPTION 2577 "A list of CPU status information entries." 2578 ::= { cspCpuStatusInfo 1 } 2579 2580cspCpuStatusEntry OBJECT-TYPE 2581 SYNTAX CspCpuStatusEntry 2582 MAX-ACCESS not-accessible 2583 STATUS current 2584 DESCRIPTION 2585 "The CPU status information entry. Each entry displays 2586 the operational status and usage information about one 2587 CPU on the proxy device. A proxy device can have one 2588 or more CPU's." 2589 INDEX { cspCpuName } 2590 ::= { cspCpuStatusTable 1 } 2591 2592CspCpuStatusEntry ::= SEQUENCE { 2593 cspCpuName SnmpAdminString, 2594 cspCpuStatus INTEGER, 2595 cspCpuClearTime TimeStamp, 2596 cspCpuProcessUtil Gauge32, 2597 cspCpuInterruptUtil Gauge32, 2598 cspCpuProcessUtilIn5Sec Gauge32, 2599 cspCpuProcessUtilIn1Min Gauge32, 2600 cspCpuProcessUtilIn5Min Gauge32, 2601 cspCpuInterruptUtilIn5Sec Gauge32, 2602 cspCpuInterruptUtilIn1Min Gauge32, 2603 cspCpuInterruptUtilIn5Min Gauge32 2604} 2605 2606cspCpuName OBJECT-TYPE 2607 SYNTAX SnmpAdminString (SIZE (1..20)) 2608 MAX-ACCESS not-accessible 2609 STATUS current 2610 DESCRIPTION 2611 "The unique name of a CPU on the proxy device." 2612 ::= { cspCpuStatusEntry 1 } 2613 2614cspCpuStatus OBJECT-TYPE 2615 SYNTAX INTEGER { 2616 up(1), 2617 down(2) 2618 } 2619 MAX-ACCESS read-only 2620 STATUS current 2621 DESCRIPTION 2622 "The operational status of the CPU." 2623 ::= { cspCpuStatusEntry 2 } 2624 2625cspCpuClearTime OBJECT-TYPE 2626 SYNTAX TimeStamp 2627 MAX-ACCESS read-only 2628 STATUS current 2629 DESCRIPTION 2630 "The last time when the CPU counters were cleared. 2631 2632 If the proxy device does not allow these counters to be 2633 cleared, the timestamp should have a value of zero." 2634 ::= { cspCpuStatusEntry 3 } 2635 2636cspCpuProcessUtil OBJECT-TYPE 2637 SYNTAX Gauge32 2638 UNITS "percentage" 2639 MAX-ACCESS read-only 2640 STATUS current 2641 DESCRIPTION 2642 "The percentage of CPU time utilized at process level." 2643 ::= { cspCpuStatusEntry 4 } 2644 2645cspCpuInterruptUtil OBJECT-TYPE 2646 SYNTAX Gauge32 2647 UNITS "percentage" 2648 MAX-ACCESS read-only 2649 STATUS current 2650 DESCRIPTION 2651 "The percentage of CPU time utilized at interrupt 2652 level." 2653 ::= { cspCpuStatusEntry 5 } 2654 2655cspCpuProcessUtilIn5Sec OBJECT-TYPE 2656 SYNTAX Gauge32 2657 UNITS "percentage" 2658 MAX-ACCESS read-only 2659 STATUS current 2660 DESCRIPTION 2661 "The percentage of CPU time utilized at process level 2662 within the past five seconds." 2663 ::= { cspCpuStatusEntry 6 } 2664 2665cspCpuProcessUtilIn1Min OBJECT-TYPE 2666 SYNTAX Gauge32 2667 UNITS "percentage" 2668 MAX-ACCESS read-only 2669 STATUS current 2670 DESCRIPTION 2671 "The percentage of CPU time utilized at process level 2672 within the past minute." 2673 ::= { cspCpuStatusEntry 7 } 2674 2675cspCpuProcessUtilIn5Min OBJECT-TYPE 2676 SYNTAX Gauge32 2677 UNITS "percentage" 2678 MAX-ACCESS read-only 2679 STATUS current 2680 DESCRIPTION 2681 "The percentage of CPU time utilized at process level 2682 within the past five minutes." 2683 ::= { cspCpuStatusEntry 8 } 2684 2685cspCpuInterruptUtilIn5Sec OBJECT-TYPE 2686 SYNTAX Gauge32 2687 UNITS "percentage" 2688 MAX-ACCESS read-only 2689 STATUS current 2690 DESCRIPTION 2691 "The percentage of CPU time utilized at interrupt level 2692 within the past five seconds." 2693 ::= { cspCpuStatusEntry 9 } 2694 2695cspCpuInterruptUtilIn1Min OBJECT-TYPE 2696 SYNTAX Gauge32 2697 UNITS "percentage" 2698 MAX-ACCESS read-only 2699 STATUS current 2700 DESCRIPTION 2701 "The percentage of CPU time utilized at interrupt level 2702 within the past minute." 2703 ::= { cspCpuStatusEntry 10 } 2704 2705cspCpuInterruptUtilIn5Min OBJECT-TYPE 2706 SYNTAX Gauge32 2707 UNITS "percentage" 2708 MAX-ACCESS read-only 2709 STATUS current 2710 DESCRIPTION 2711 "The percentage of CPU time utilized at interrupt level 2712 within the past five minutes." 2713 ::= { cspCpuStatusEntry 11 } 2714 2715 2716 2717-- This group contains counters related to the insertion 2718-- of SSL headers ( includes SSL session header and SSL server 2719-- certificate header) information into the HTTP headers. 2720 2721cspNumOfSslInfoSuccessInserted OBJECT-TYPE 2722 SYNTAX Counter32 2723 MAX-ACCESS read-only 2724 STATUS current 2725 DESCRIPTION 2726 "This object represents the total number of times SSL 2727 headers were successfully inserted. The number of 2728 individual SSL session headers and SSL server header 2729 within a SSL header insertion are not counted separately." 2730 ::= { cspHttpHeaderInsertedSslInfoStats 1 } 2731 2732cspNumOfSslInfoFailedInserted OBJECT-TYPE 2733 SYNTAX Counter32 2734 MAX-ACCESS read-only 2735 STATUS current 2736 DESCRIPTION 2737 "This object represents the number of failed 2738 insertions of SSL information into HTTP headers." 2739 ::= { cspHttpHeaderInsertedSslInfoStats 2 } 2740 2741cspNumOfSpoofHttpHeaderDeleted OBJECT-TYPE 2742 SYNTAX Counter32 2743 MAX-ACCESS read-only 2744 STATUS current 2745 DESCRIPTION 2746 "This object represents the number of times a header 2747 in the incoming HTTP request was deleted because of 2748 possible header spoofing." 2749 ::= { cspHttpHeaderInsertedSslInfoStats 3 } 2750 2751cspNumOfSslSessHeaderExtracted OBJECT-TYPE 2752 SYNTAX Counter32 2753 MAX-ACCESS read-only 2754 STATUS current 2755 DESCRIPTION 2756 "This object represents the number of SSL session 2757 headers extracted." 2758 ::= { cspHttpHeaderInsertedSslInfoStats 4 } 2759 2760cspNumOfSslSessHeaderFailedExtracted OBJECT-TYPE 2761 SYNTAX Counter32 2762 MAX-ACCESS read-only 2763 STATUS current 2764 DESCRIPTION 2765 "This object represents the number of SSL session 2766 headers that failed to be extracted." 2767 ::= { cspHttpHeaderInsertedSslInfoStats 5 } 2768 2769cspNumOfSslServerCertHeaderExtracted OBJECT-TYPE 2770 SYNTAX Counter32 2771 MAX-ACCESS read-only 2772 STATUS current 2773 DESCRIPTION 2774 "This object represents the total number of SSL server 2775 certificate headers extracted successfully." 2776 ::= { cspHttpHeaderInsertedSslInfoStats 6 } 2777 2778cspNumOfSslServerCerHeaderFailedExtracted OBJECT-TYPE 2779 SYNTAX Counter32 2780 MAX-ACCESS read-only 2781 STATUS current 2782 DESCRIPTION 2783 "This object represents the number of SSL server 2784 certificate headers that failed to be extracted." 2785 ::= { cspHttpHeaderInsertedSslInfoStats 7 } 2786 2787cspNumOfTimesSslHeaderTruncated OBJECT-TYPE 2788 SYNTAX Counter32 2789 MAX-ACCESS read-only 2790 STATUS current 2791 DESCRIPTION 2792 "This object represents the number of times SSL 2793 headers were truncated because the size of SSL data 2794 inserted exceeds maximum length value." 2795 ::= { cspHttpHeaderInsertedSslInfoStats 8 } 2796 2797-- This group contains statistics related to the insertion 2798-- of SSL client certificate information into the HTTP 2799-- headers. 2800 2801cspNumOfSslClientCertHeaderExtracted OBJECT-TYPE 2802 SYNTAX Counter32 2803 MAX-ACCESS read-only 2804 STATUS current 2805 DESCRIPTION 2806 "This object represents the total number of SSL client 2807 certificate headers extracted successfully." 2808 ::= { cspHttpHeaderInsertedSslClientCertStats 1 } 2809 2810cspNumOfSslClientCertHeaderFailedExtracted OBJECT-TYPE 2811 SYNTAX Counter32 2812 MAX-ACCESS read-only 2813 STATUS current 2814 DESCRIPTION 2815 "This object represents the number of SSL client 2816 certificate headers that failed to be extracted." 2817 ::= { cspHttpHeaderInsertedSslClientCertStats 2 } 2818 2819-- HTTP redirect feature allows a connection which failed 2820-- client certificate authentication to redirect to a 2821-- specified URL. This group contains counters for HTTP 2822-- redirect due to a given client certificate authentication 2823-- failure type. 2824 2825cspCertNotYetValidRedirect OBJECT-TYPE 2826 SYNTAX Counter32 2827 MAX-ACCESS read-only 2828 STATUS current 2829 DESCRIPTION 2830 "This object represents the number of HTTP redirects 2831 with reason client certificate is not valid yet." 2832 ::= { cspHttpRedirectClientCertAuthFailedStats 1 } 2833 2834cspCertExpiredRedirect OBJECT-TYPE 2835 SYNTAX Counter32 2836 MAX-ACCESS read-only 2837 STATUS current 2838 DESCRIPTION 2839 "This object represents the number of HTTP redirects 2840 with reason expired client certificate." 2841 ::= { cspHttpRedirectClientCertAuthFailedStats 2 } 2842 2843cspIssuerCertNotFoundRedirect OBJECT-TYPE 2844 SYNTAX Counter32 2845 MAX-ACCESS read-only 2846 STATUS current 2847 DESCRIPTION 2848 "This object represents the number of HTTP redirects 2849 because issuer certificate could not be found. This 2850 occurs if the issuer certificate of an untrusted 2851 certificate cannot be found." 2852 ::= { cspHttpRedirectClientCertAuthFailedStats 3 } 2853 2854cspCertRevokedRedirect OBJECT-TYPE 2855 SYNTAX Counter32 2856 MAX-ACCESS read-only 2857 STATUS current 2858 DESCRIPTION 2859 "This object represents the number of HTTP redirects 2860 with reason revoked client certificate." 2861 ::= { cspHttpRedirectClientCertAuthFailedStats 4 } 2862 2863cspNoClientCertSentRedirect OBJECT-TYPE 2864 SYNTAX Counter32 2865 MAX-ACCESS read-only 2866 STATUS current 2867 DESCRIPTION 2868 "This object represents the number of HTTP redirects 2869 with reason client certificate was not sent." 2870 ::= { cspHttpRedirectClientCertAuthFailedStats 5 } 2871 2872cspNoCrlAvailableRedirect OBJECT-TYPE 2873 SYNTAX Counter32 2874 MAX-ACCESS read-only 2875 STATUS current 2876 DESCRIPTION 2877 "This object represents the number of HTTP redirects 2878 with reason no CRL available during revocation check." 2879 ::= { cspHttpRedirectClientCertAuthFailedStats 6 } 2880 2881cspCrlExpiredRedirect OBJECT-TYPE 2882 SYNTAX Counter32 2883 MAX-ACCESS read-only 2884 STATUS current 2885 DESCRIPTION 2886 "This object represents the number of HTTP redirects 2887 with reason CRL expired during revocation check." 2888 ::= { cspHttpRedirectClientCertAuthFailedStats 7 } 2889 2890cspCertSignatureFailedRedirect OBJECT-TYPE 2891 SYNTAX Counter32 2892 MAX-ACCESS read-only 2893 STATUS current 2894 DESCRIPTION 2895 "This object represents the number of HTTP redirects 2896 with reason invalid certificate signature." 2897 ::= { cspHttpRedirectClientCertAuthFailedStats 8 } 2898 2899cspOtherCertErrorRedirect OBJECT-TYPE 2900 SYNTAX Counter32 2901 MAX-ACCESS read-only 2902 STATUS current 2903 DESCRIPTION 2904 "This object represents the number of HTTP redirects 2905 with reason other certificate errors." 2906 ::= { cspHttpRedirectClientCertAuthFailedStats 9 } 2907 2908-- SSL Resource Limit Notification Information 2909cspSslTrapType OBJECT-TYPE 2910 SYNTAX INTEGER { 2911 risingHighThresh(1), -- To indicate that the 2912 -- active ssl connections 2913 -- exceed the user 2914 -- configured high threshold 2915 -- value. 2916 fallingHighThresh(3) -- To indicate that the 2917 -- active ssl connections 2918 -- fall below user 2919 -- configured high watermark 2920 -- (which is derived from 2921 -- watermark on high 2922 -- threshold). This is 2923 -- basically for resetting 2924 -- the notification send. 2925 } 2926 MAX-ACCESS accessible-for-notify 2927 STATUS current 2928 DESCRIPTION 2929 "This object indicates the type of trap issued by 2930 cspSSLResourceLimitReached notification." 2931 ::= { cspSslResourceNotifInfo 1 } 2932 2933cspSslMaxConn OBJECT-TYPE 2934 SYNTAX Unsigned32 2935 UNITS "connections per system" 2936 MAX-ACCESS read-write 2937 STATUS current 2938 DESCRIPTION 2939 "This object specifies the maximum allowed SSL (SSLv3 and TLSv1) 2940 connections per system as configured by the user." 2941 ::= { cspSslResourceNotifInfo 2 } 2942 2943cspSslActiveConn OBJECT-TYPE 2944 SYNTAX Gauge32 2945 UNITS "connections per system" 2946 MAX-ACCESS read-only 2947 STATUS current 2948 DESCRIPTION 2949 "This object indicates the active SSL (SSLv3 and TLSv1) 2950 connections per system." 2951 ::= { cspSslResourceNotifInfo 3 } 2952 2953cspSslConfigHighConnPcnt OBJECT-TYPE 2954 SYNTAX Unsigned32 2955 UNITS "percentage" 2956 MAX-ACCESS read-write 2957 STATUS current 2958 DESCRIPTION 2959 "This object specifies the percentage of the maximum SSL 2960 connections per system as configured by the user." 2961 ::= { cspSslResourceNotifInfo 4 } 2962 2963cspSslActiveConnPcnt OBJECT-TYPE 2964 SYNTAX Unsigned32 2965 UNITS "percentage" 2966 MAX-ACCESS read-only 2967 STATUS current 2968 DESCRIPTION 2969 "This object indicates the percentage of the active SSL 2970 connections per system based on cspSslActiveConn. The 2971 notification will be send when the cspSslActiveConnPcnt count 2972 exceeds cspSslConfigHighConnPcnt." 2973 ::= { cspSslResourceNotifInfo 5 } 2974 2975cspSslConfigWatermarkConnPcnt OBJECT-TYPE 2976 SYNTAX Unsigned32 2977 UNITS "percentage" 2978 MAX-ACCESS read-write 2979 STATUS current 2980 DESCRIPTION 2981 "This object specifies the SSL connections watermark threshold 2982 value (in percentage) per system allowed as configured by the user. 2983 The value of cspSslConfigWatermarkPcnt should be less than 2984 cspSslConfigHighConnPcnt." 2985 ::= { cspSslResourceNotifInfo 6 } 2986 2987-- Notification Group 2988 2989cspServOperStatus NOTIFICATION-TYPE 2990 OBJECTS { 2991 cspPsOperStatus, 2992 cspPsOperDownReason 2993 } 2994 STATUS current 2995 DESCRIPTION 2996 "The proxy service operation status change notification. 2997 2998 When the Operation Status of a proxy service changes, 2999 and cspGcNotifyProxyServOperStatus is 'true', 3000 a notification will be issued. The notification 3001 contains the current operation status and the down 3002 reason of the proxy service." 3003 ::= { cspMIBNotifications 1 } 3004 3005cspServCertExpiring NOTIFICATION-TYPE 3006 OBJECTS { 3007 cspPskcCertSubjName, 3008 cspPskcCertSerialNum, 3009 cspPskcIssuerName, 3010 cspPskcIssuerCertSerialNum, 3011 cspPskcCertEndDate 3012 } 3013 STATUS current 3014 DESCRIPTION 3015 "The proxy service certificate expiring notification. 3016 3017 If the time interval cspGcPSCertExpireInterval is 3018 positive, and cspGcNotifyPSCertExpiring is 'true', a 3019 notification will be issued for every proxy service 3020 certificate that will be expiring within this time 3021 interval. 3022 3023 This notification is issued only once for each of 3024 these certificates. If the interval is changed from a 3025 positive value to 0, the proxy device will clear its 3026 memory of notification issued in the past, and stop 3027 issuing new notification. 3028 3029 The notification contains the subject name, the 3030 serial number and the issuer name of the certificate, 3031 the serial number of the issuer's certificate, 3032 and the end date on the certificate." 3033 ::= { cspMIBNotifications 2 } 3034 3035cspSSLResourceLimitReached NOTIFICATION-TYPE 3036 OBJECTS { 3037 cspSslTrapType, 3038 cspSslMaxConn, 3039 cspSslActiveConn, 3040 cspSslConfigHighConnPcnt, 3041 cspSslActiveConnPcnt, 3042 cspSslConfigWatermarkConnPcnt 3043 } 3044 STATUS current 3045 DESCRIPTION 3046 "This notification is issued on the following scenarios: 3047 1) When the value of cpsSslActiveConnPcnt exceeds the value of 3048 cspSslConfigHighConnPcnt 3049 2) When the value of cpsSslActiveConn falls below the 3050 watermark value represented by cspSslConfigWatermarkPcnt." 3051 ::= { cspMIBNotifications 3 } 3052 3053-- Conformance Group 3054 3055cspMIBCompliances OBJECT IDENTIFIER 3056 ::= { cspMIBConformance 1 } 3057 3058cspMIBGroups OBJECT IDENTIFIER 3059 ::= { cspMIBConformance 2 } 3060 3061 3062cspMIBCompliance MODULE-COMPLIANCE 3063 STATUS deprecated 3064 DESCRIPTION 3065 "The compliance statement for entities which 3066 implement the Cisco SSL Proxy MIB." 3067 MODULE -- this module 3068 MANDATORY-GROUPS { 3069 cspGlobalConfigGroup, 3070 cspProxyServiceConfigGroup, 3071 cspSslGroup, 3072 cspSsl3Group, 3073 cspTls1Group 3074 } 3075 3076 GROUP cspPolicyConfigGroup 3077 DESCRIPTION 3078 "This group is not mandatory." 3079 3080 GROUP cspTcpGroup 3081 DESCRIPTION 3082 "This group is not mandatory." 3083 3084 GROUP cspSslCryptoGroup 3085 DESCRIPTION 3086 "This group is not mandatory." 3087 3088 GROUP cspSslErrorGroup 3089 DESCRIPTION 3090 "This group is not mandatory." 3091 3092 GROUP cspProxyServiceStatsGroup 3093 DESCRIPTION 3094 "This group is not mandatory." 3095 3096 GROUP cspProxyServiceSsl3Group 3097 DESCRIPTION 3098 "This group is not mandatory." 3099 3100 GROUP cspProxyServiceTls1Group 3101 DESCRIPTION 3102 "This group is not mandatory." 3103 3104 GROUP cspCpuStatusGroup 3105 DESCRIPTION 3106 "This group is not mandatory." 3107 3108 GROUP cspProxyServiceNotificationGroup 3109 DESCRIPTION 3110 "This group is not mandatory." 3111 3112 OBJECT cspGcFIPSMode 3113 MIN-ACCESS read-only 3114 DESCRIPTION 3115 "Write access is not required." 3116 3117 OBJECT cspGcNotifyProxyServOperStatus 3118 MIN-ACCESS read-only 3119 DESCRIPTION 3120 "Write access is not required." 3121 3122 OBJECT cspGcNotifyPSCertExpiring 3123 MIN-ACCESS read-only 3124 DESCRIPTION 3125 "Write access is not required." 3126 3127 OBJECT cspGcPSCertExpireInterval 3128 MIN-ACCESS read-only 3129 DESCRIPTION 3130 "Write access is not required." 3131 3132 OBJECT cspPsServiceType 3133 MIN-ACCESS read-only 3134 DESCRIPTION 3135 "Create/Write access is not required." 3136 3137 OBJECT cspPsVirtualAddressType 3138 MIN-ACCESS read-only 3139 DESCRIPTION 3140 "Create/Write access is not required." 3141 3142 OBJECT cspPsVirtualAddress 3143 MIN-ACCESS read-only 3144 DESCRIPTION 3145 "Create/Write access is not required." 3146 3147 OBJECT cspPsVirtualPort 3148 MIN-ACCESS read-only 3149 DESCRIPTION 3150 "Create/Write access is not required." 3151 3152 OBJECT cspPsServerAddressType 3153 MIN-ACCESS read-only 3154 DESCRIPTION 3155 "Create/Write access is not required." 3156 3157 OBJECT cspPsServerAddress 3158 MIN-ACCESS read-only 3159 DESCRIPTION 3160 "Create/Write access is not required." 3161 3162 OBJECT cspPsServerPort 3163 MIN-ACCESS read-only 3164 DESCRIPTION 3165 "Create/Write access is not required." 3166 3167 OBJECT cspPsAdminStatus 3168 MIN-ACCESS read-only 3169 DESCRIPTION 3170 "Create/Write access is not required." 3171 3172 OBJECT cspPsConfigRowStatus 3173 MIN-ACCESS read-only 3174 DESCRIPTION 3175 "Create/Write access is not required." 3176 3177 OBJECT cspPspVirTcpPolicyName 3178 MIN-ACCESS read-only 3179 DESCRIPTION 3180 "Create/Write access is not required." 3181 3182 OBJECT cspPspSerTcpPolicyName 3183 MIN-ACCESS read-only 3184 DESCRIPTION 3185 "Create/Write access is not required." 3186 3187 OBJECT cspPspSslPolicyName 3188 MIN-ACCESS read-only 3189 DESCRIPTION 3190 "Create/Write access is not required." 3191 3192 OBJECT cspPspHttpHdrPolicyName 3193 MIN-ACCESS read-only 3194 DESCRIPTION 3195 "Create/Write access is not required." 3196 3197 OBJECT cspPspUrlRewritePolicyName 3198 MIN-ACCESS read-only 3199 DESCRIPTION 3200 "Create/Write access is not required." 3201 3202 OBJECT cspPskcTrustPointName 3203 MIN-ACCESS read-only 3204 DESCRIPTION 3205 "Create/Write access is not required." 3206 3207 OBJECT cspPskcCertFileName 3208 MIN-ACCESS read-only 3209 DESCRIPTION 3210 "Create/Write access is not required." 3211 3212 OBJECT cspPskcKeyName 3213 MIN-ACCESS read-only 3214 DESCRIPTION 3215 "Create/Write access is not required." 3216 3217 OBJECT cspPskcKeyFileName 3218 MIN-ACCESS read-only 3219 DESCRIPTION 3220 "Create/Write access is not required." 3221 3222 OBJECT cspPskcConfigRowStatus 3223 MIN-ACCESS read-only 3224 DESCRIPTION 3225 "Create/Write access is not required." 3226 3227 OBJECT cspTpSynTimeOut 3228 MIN-ACCESS read-only 3229 DESCRIPTION 3230 "Create/Write access is not required." 3231 3232 OBJECT cspTpInActivityTimeOut 3233 MIN-ACCESS read-only 3234 DESCRIPTION 3235 "Create/Write access is not required." 3236 3237 OBJECT cspTpNagleAlgo 3238 MIN-ACCESS read-only 3239 DESCRIPTION 3240 "Create/Write access is not required." 3241 3242 OBJECT cspTpFinWaitTimeOut 3243 MIN-ACCESS read-only 3244 DESCRIPTION 3245 "Create/Write access is not required." 3246 3247 OBJECT cspTpReassemTimeOut 3248 MIN-ACCESS read-only 3249 DESCRIPTION 3250 "Create/Write access is not required." 3251 3252 OBJECT cspTpRcvBufShrLim 3253 MIN-ACCESS read-only 3254 DESCRIPTION 3255 "Create/Write access is not required." 3256 3257 OBJECT cspTpTransBufShrLim 3258 MIN-ACCESS read-only 3259 DESCRIPTION 3260 "Create/Write access is not required." 3261 3262 OBJECT cspTpMss 3263 MIN-ACCESS read-only 3264 DESCRIPTION 3265 "Create/Write access is not required." 3266 3267 OBJECT cspTpPathMtuDisc 3268 MIN-ACCESS read-only 3269 DESCRIPTION 3270 "Create/Write access is not required." 3271 3272 OBJECT cspTpConfigRowStatus 3273 MIN-ACCESS read-only 3274 DESCRIPTION 3275 "Create/Write access is not required." 3276 3277 OBJECT cspSpRSArc4128md5 3278 MIN-ACCESS read-only 3279 DESCRIPTION 3280 "Create/Write access is not required." 3281 3282 OBJECT cspSpRSArc4128sha 3283 MIN-ACCESS read-only 3284 DESCRIPTION 3285 "Create/Write access is not required." 3286 3287 OBJECT cspSpRSAdescbcsha 3288 MIN-ACCESS read-only 3289 DESCRIPTION 3290 "Create/Write access is not required." 3291 3292 OBJECT cspSpRSA3descbcsha 3293 MIN-ACCESS read-only 3294 DESCRIPTION 3295 "Create/Write access is not required." 3296 3297 OBJECT cspSpProtocol 3298 MIN-ACCESS read-only 3299 DESCRIPTION 3300 "Create/Write access is not required." 3301 3302 OBJECT cspSpCloseProtocol 3303 MIN-ACCESS read-only 3304 DESCRIPTION 3305 "Create/Write access is not required." 3306 3307 OBJECT cspSpSessionCache 3308 MIN-ACCESS read-only 3309 DESCRIPTION 3310 "Create/Write access is not required." 3311 3312 OBJECT cspSpSessionTimeOut 3313 MIN-ACCESS read-only 3314 DESCRIPTION 3315 "Create/Write access is not required." 3316 3317 OBJECT cspSpConfigRowStatus 3318 MIN-ACCESS read-only 3319 DESCRIPTION 3320 "Create/Write access is not required." 3321 ::= { cspMIBCompliances 1 } 3322 3323cspMIBComplianceRev1 MODULE-COMPLIANCE 3324 STATUS deprecated 3325 DESCRIPTION 3326 "The compliance statement for entities which 3327 implement the Cisco SSL Proxy MIB." 3328 MODULE -- this module 3329 MANDATORY-GROUPS { 3330 cspGlobalConfigGroup, 3331 cspProxyServiceConfigGroup, 3332 cspSslGroup, 3333 cspSsl3Group, 3334 cspTls1Group 3335 } 3336 3337 GROUP cspHttpHeaderInsertedSslInfoGroup 3338 DESCRIPTION 3339 "This group is not mandatory." 3340 3341 GROUP cspHttpHeaderInsertedSslClientCertGroup 3342 DESCRIPTION 3343 "This group is not mandatory." 3344 3345 GROUP cspHttpRedirectInfoGroup 3346 DESCRIPTION 3347 "This group is not mandatory." 3348 3349 GROUP cspPolicyConfigGroup 3350 DESCRIPTION 3351 "This group is not mandatory." 3352 3353 GROUP cspTcpGroup 3354 DESCRIPTION 3355 "This group is not mandatory." 3356 3357 GROUP cspSslCryptoGroup 3358 DESCRIPTION 3359 "This group is not mandatory." 3360 3361 GROUP cspSslErrorGroup 3362 DESCRIPTION 3363 "This group is not mandatory." 3364 3365 GROUP cspProxyServiceStatsGroup 3366 DESCRIPTION 3367 "This group is not mandatory." 3368 3369 GROUP cspProxyServiceSsl3Group 3370 DESCRIPTION 3371 "This group is not mandatory." 3372 3373 GROUP cspProxyServiceTls1Group 3374 DESCRIPTION 3375 "This group is not mandatory." 3376 3377 GROUP cspCpuStatusGroup 3378 DESCRIPTION 3379 "This group is not mandatory." 3380 3381 GROUP cspProxyServiceNotificationGroup 3382 DESCRIPTION 3383 "This group is not mandatory." 3384 3385 OBJECT cspGcFIPSMode 3386 MIN-ACCESS read-only 3387 DESCRIPTION 3388 "Write access is not required." 3389 3390 OBJECT cspGcNotifyProxyServOperStatus 3391 MIN-ACCESS read-only 3392 DESCRIPTION 3393 "Write access is not required." 3394 3395 OBJECT cspGcNotifyPSCertExpiring 3396 MIN-ACCESS read-only 3397 DESCRIPTION 3398 "Write access is not required." 3399 3400 OBJECT cspGcPSCertExpireInterval 3401 MIN-ACCESS read-only 3402 DESCRIPTION 3403 "Write access is not required." 3404 3405 OBJECT cspPsServiceType 3406 MIN-ACCESS read-only 3407 DESCRIPTION 3408 "Create/Write access is not required." 3409 3410 OBJECT cspPsVirtualAddressType 3411 MIN-ACCESS read-only 3412 DESCRIPTION 3413 "Create/Write access is not required." 3414 3415 OBJECT cspPsVirtualAddress 3416 MIN-ACCESS read-only 3417 DESCRIPTION 3418 "Create/Write access is not required." 3419 3420 OBJECT cspPsVirtualPort 3421 MIN-ACCESS read-only 3422 DESCRIPTION 3423 "Create/Write access is not required." 3424 3425 OBJECT cspPsServerAddressType 3426 MIN-ACCESS read-only 3427 DESCRIPTION 3428 "Create/Write access is not required." 3429 3430 OBJECT cspPsServerAddress 3431 MIN-ACCESS read-only 3432 DESCRIPTION 3433 "Create/Write access is not required." 3434 3435 OBJECT cspPsServerPort 3436 MIN-ACCESS read-only 3437 DESCRIPTION 3438 "Create/Write access is not required." 3439 3440 OBJECT cspPsAdminStatus 3441 MIN-ACCESS read-only 3442 DESCRIPTION 3443 "Create/Write access is not required." 3444 3445 OBJECT cspPsConfigRowStatus 3446 MIN-ACCESS read-only 3447 DESCRIPTION 3448 "Create/Write access is not required." 3449 3450 OBJECT cspPspVirTcpPolicyName 3451 MIN-ACCESS read-only 3452 DESCRIPTION 3453 "Create/Write access is not required." 3454 3455 OBJECT cspPspSerTcpPolicyName 3456 MIN-ACCESS read-only 3457 DESCRIPTION 3458 "Create/Write access is not required." 3459 3460 OBJECT cspPspSslPolicyName 3461 MIN-ACCESS read-only 3462 DESCRIPTION 3463 "Create/Write access is not required." 3464 3465 OBJECT cspPspHttpHdrPolicyName 3466 MIN-ACCESS read-only 3467 DESCRIPTION 3468 "Create/Write access is not required." 3469 3470 OBJECT cspPspUrlRewritePolicyName 3471 MIN-ACCESS read-only 3472 DESCRIPTION 3473 "Create/Write access is not required." 3474 3475 OBJECT cspPskcTrustPointName 3476 MIN-ACCESS read-only 3477 DESCRIPTION 3478 "Create/Write access is not required." 3479 3480 OBJECT cspPskcCertFileName 3481 MIN-ACCESS read-only 3482 DESCRIPTION 3483 "Create/Write access is not required." 3484 3485 OBJECT cspPskcKeyName 3486 MIN-ACCESS read-only 3487 DESCRIPTION 3488 "Create/Write access is not required." 3489 3490 OBJECT cspPskcKeyFileName 3491 MIN-ACCESS read-only 3492 DESCRIPTION 3493 "Create/Write access is not required." 3494 3495 OBJECT cspPskcConfigRowStatus 3496 MIN-ACCESS read-only 3497 DESCRIPTION 3498 "Create/Write access is not required." 3499 3500 OBJECT cspTpSynTimeOut 3501 MIN-ACCESS read-only 3502 DESCRIPTION 3503 "Create/Write access is not required." 3504 3505 OBJECT cspTpInActivityTimeOut 3506 MIN-ACCESS read-only 3507 DESCRIPTION 3508 "Create/Write access is not required." 3509 3510 OBJECT cspTpNagleAlgo 3511 MIN-ACCESS read-only 3512 DESCRIPTION 3513 "Create/Write access is not required." 3514 3515 OBJECT cspTpFinWaitTimeOut 3516 MIN-ACCESS read-only 3517 DESCRIPTION 3518 "Create/Write access is not required." 3519 3520 OBJECT cspTpReassemTimeOut 3521 MIN-ACCESS read-only 3522 DESCRIPTION 3523 "Create/Write access is not required." 3524 3525 OBJECT cspTpRcvBufShrLim 3526 MIN-ACCESS read-only 3527 DESCRIPTION 3528 "Create/Write access is not required." 3529 3530 OBJECT cspTpTransBufShrLim 3531 MIN-ACCESS read-only 3532 DESCRIPTION 3533 "Create/Write access is not required." 3534 3535 OBJECT cspTpMss 3536 MIN-ACCESS read-only 3537 DESCRIPTION 3538 "Create/Write access is not required." 3539 3540 OBJECT cspTpPathMtuDisc 3541 MIN-ACCESS read-only 3542 DESCRIPTION 3543 "Create/Write access is not required." 3544 3545 OBJECT cspTpConfigRowStatus 3546 MIN-ACCESS read-only 3547 DESCRIPTION 3548 "Create/Write access is not required." 3549 3550 OBJECT cspSpRSArc4128md5 3551 MIN-ACCESS read-only 3552 DESCRIPTION 3553 "Create/Write access is not required." 3554 3555 OBJECT cspSpRSArc4128sha 3556 MIN-ACCESS read-only 3557 DESCRIPTION 3558 "Create/Write access is not required." 3559 3560 OBJECT cspSpRSAdescbcsha 3561 MIN-ACCESS read-only 3562 DESCRIPTION 3563 "Create/Write access is not required." 3564 3565 OBJECT cspSpRSA3descbcsha 3566 MIN-ACCESS read-only 3567 DESCRIPTION 3568 "Create/Write access is not required." 3569 3570 OBJECT cspSpProtocol 3571 MIN-ACCESS read-only 3572 DESCRIPTION 3573 "Create/Write access is not required." 3574 3575 OBJECT cspSpCloseProtocol 3576 MIN-ACCESS read-only 3577 DESCRIPTION 3578 "Create/Write access is not required." 3579 3580 OBJECT cspSpSessionCache 3581 MIN-ACCESS read-only 3582 DESCRIPTION 3583 "Create/Write access is not required." 3584 3585 OBJECT cspSpSessionTimeOut 3586 MIN-ACCESS read-only 3587 DESCRIPTION 3588 "Create/Write access is not required." 3589 3590 OBJECT cspSpConfigRowStatus 3591 MIN-ACCESS read-only 3592 DESCRIPTION 3593 "Create/Write access is not required." 3594 ::= { cspMIBCompliances 2 } 3595 3596cspMIBComplianceRev2 MODULE-COMPLIANCE 3597 STATUS current 3598 DESCRIPTION 3599 "The compliance statement for entities which 3600 implement the Cisco SSL Proxy MIB." 3601 MODULE -- this module 3602 MANDATORY-GROUPS { 3603 cspGlobalConfigGroup, 3604 cspProxyServiceConfigGroup, 3605 cspSslGroup, 3606 cspSsl3Group, 3607 cspTls1Group 3608 } 3609 3610 GROUP cspHttpHeaderInsertedSslInfoGroup 3611 DESCRIPTION 3612 "This group is conditional mandatory." 3613 3614 GROUP cspHttpHeaderInsertedSslClientCertGroup 3615 DESCRIPTION 3616 "This group is conditional mandatory." 3617 3618 GROUP cspHttpRedirectInfoGroup 3619 DESCRIPTION 3620 "This group is conditional mandatory." 3621 3622 GROUP cspPolicyConfigGroup 3623 DESCRIPTION 3624 "This group is conditional mandatory." 3625 3626 GROUP cspTcpGroup 3627 DESCRIPTION 3628 "This group is conditional mandatory." 3629 3630 GROUP cspSslCryptoGroup 3631 DESCRIPTION 3632 "This group is conditional mandatory." 3633 3634 GROUP cspSslErrorGroup 3635 DESCRIPTION 3636 "This group is conditional mandatory." 3637 3638 GROUP cspProxyServiceStatsGroup 3639 DESCRIPTION 3640 "This group is conditional mandatory." 3641 3642 GROUP cspProxyServiceSsl3Group 3643 DESCRIPTION 3644 "This group is conditional mandatory." 3645 3646 GROUP cspProxyServiceTls1Group 3647 DESCRIPTION 3648 "This group is conditional mandatory." 3649 3650 GROUP cspCpuStatusGroup 3651 DESCRIPTION 3652 "This group is conditional mandatory." 3653 3654 GROUP cspProxyServiceNotificationGroup 3655 DESCRIPTION 3656 "This group is conditional mandatory." 3657 3658 GROUP cspSslResourceLimitNotifObjectsGroup 3659 DESCRIPTION 3660 "This group is mandatory for those systems which 3661 implement resource limit notifications." 3662 3663 GROUP cspSslResourceLimitNotifGroup 3664 DESCRIPTION 3665 "This group is mandatory for those systems which 3666 implement resource limit notifications." 3667 3668 OBJECT cspGcFIPSMode 3669 MIN-ACCESS read-only 3670 DESCRIPTION 3671 "Write access is not required." 3672 3673 OBJECT cspGcNotifyProxyServOperStatus 3674 MIN-ACCESS read-only 3675 DESCRIPTION 3676 "Write access is not required." 3677 3678 OBJECT cspGcNotifyPSCertExpiring 3679 MIN-ACCESS read-only 3680 DESCRIPTION 3681 "Write access is not required." 3682 3683 OBJECT cspGcPSCertExpireInterval 3684 MIN-ACCESS read-only 3685 DESCRIPTION 3686 "Write access is not required." 3687 3688 OBJECT cspPsServiceType 3689 MIN-ACCESS read-only 3690 DESCRIPTION 3691 "Create/Write access is not required." 3692 3693 OBJECT cspPsVirtualAddressType 3694 MIN-ACCESS read-only 3695 DESCRIPTION 3696 "Create/Write access is not required." 3697 3698 OBJECT cspPsVirtualAddress 3699 MIN-ACCESS read-only 3700 DESCRIPTION 3701 "Create/Write access is not required." 3702 3703 OBJECT cspPsVirtualPort 3704 MIN-ACCESS read-only 3705 DESCRIPTION 3706 "Create/Write access is not required." 3707 3708 OBJECT cspPsServerAddressType 3709 MIN-ACCESS read-only 3710 DESCRIPTION 3711 "Create/Write access is not required." 3712 3713 OBJECT cspPsServerAddress 3714 MIN-ACCESS read-only 3715 DESCRIPTION 3716 "Create/Write access is not required." 3717 3718 OBJECT cspPsServerPort 3719 MIN-ACCESS read-only 3720 DESCRIPTION 3721 "Create/Write access is not required." 3722 3723 OBJECT cspPsAdminStatus 3724 MIN-ACCESS read-only 3725 DESCRIPTION 3726 "Create/Write access is not required." 3727 3728 OBJECT cspPsConfigRowStatus 3729 MIN-ACCESS read-only 3730 DESCRIPTION 3731 "Create/Write access is not required." 3732 3733 OBJECT cspPspVirTcpPolicyName 3734 MIN-ACCESS read-only 3735 DESCRIPTION 3736 "Create/Write access is not required." 3737 3738 OBJECT cspPspSerTcpPolicyName 3739 MIN-ACCESS read-only 3740 DESCRIPTION 3741 "Create/Write access is not required." 3742 3743 OBJECT cspPspSslPolicyName 3744 MIN-ACCESS read-only 3745 DESCRIPTION 3746 "Create/Write access is not required." 3747 3748 OBJECT cspPspHttpHdrPolicyName 3749 MIN-ACCESS read-only 3750 DESCRIPTION 3751 "Create/Write access is not required." 3752 3753 OBJECT cspPspUrlRewritePolicyName 3754 MIN-ACCESS read-only 3755 DESCRIPTION 3756 "Create/Write access is not required." 3757 3758 OBJECT cspPskcTrustPointName 3759 MIN-ACCESS read-only 3760 DESCRIPTION 3761 "Create/Write access is not required." 3762 3763 OBJECT cspPskcCertFileName 3764 MIN-ACCESS read-only 3765 DESCRIPTION 3766 "Create/Write access is not required." 3767 3768 OBJECT cspPskcKeyName 3769 MIN-ACCESS read-only 3770 DESCRIPTION 3771 "Create/Write access is not required." 3772 3773 OBJECT cspPskcKeyFileName 3774 MIN-ACCESS read-only 3775 DESCRIPTION 3776 "Create/Write access is not required." 3777 3778 OBJECT cspPskcConfigRowStatus 3779 MIN-ACCESS read-only 3780 DESCRIPTION 3781 "Create/Write access is not required." 3782 3783 OBJECT cspTpSynTimeOut 3784 MIN-ACCESS read-only 3785 DESCRIPTION 3786 "Create/Write access is not required." 3787 3788 OBJECT cspTpInActivityTimeOut 3789 MIN-ACCESS read-only 3790 DESCRIPTION 3791 "Create/Write access is not required." 3792 3793 OBJECT cspTpNagleAlgo 3794 MIN-ACCESS read-only 3795 DESCRIPTION 3796 "Create/Write access is not required." 3797 3798 OBJECT cspTpFinWaitTimeOut 3799 MIN-ACCESS read-only 3800 DESCRIPTION 3801 "Create/Write access is not required." 3802 3803 OBJECT cspTpReassemTimeOut 3804 MIN-ACCESS read-only 3805 DESCRIPTION 3806 "Create/Write access is not required." 3807 3808 OBJECT cspTpRcvBufShrLim 3809 MIN-ACCESS read-only 3810 DESCRIPTION 3811 "Create/Write access is not required." 3812 3813 OBJECT cspTpTransBufShrLim 3814 MIN-ACCESS read-only 3815 DESCRIPTION 3816 "Create/Write access is not required." 3817 3818 OBJECT cspTpMss 3819 MIN-ACCESS read-only 3820 DESCRIPTION 3821 "Create/Write access is not required." 3822 3823 OBJECT cspTpPathMtuDisc 3824 MIN-ACCESS read-only 3825 DESCRIPTION 3826 "Create/Write access is not required." 3827 3828 OBJECT cspTpConfigRowStatus 3829 MIN-ACCESS read-only 3830 DESCRIPTION 3831 "Create/Write access is not required." 3832 3833 OBJECT cspSpRSArc4128md5 3834 MIN-ACCESS read-only 3835 DESCRIPTION 3836 "Create/Write access is not required." 3837 3838 OBJECT cspSpRSArc4128sha 3839 MIN-ACCESS read-only 3840 DESCRIPTION 3841 "Create/Write access is not required." 3842 3843 OBJECT cspSpRSAdescbcsha 3844 MIN-ACCESS read-only 3845 DESCRIPTION 3846 "Create/Write access is not required." 3847 3848 OBJECT cspSpRSA3descbcsha 3849 MIN-ACCESS read-only 3850 DESCRIPTION 3851 "Create/Write access is not required." 3852 3853 OBJECT cspSpProtocol 3854 MIN-ACCESS read-only 3855 DESCRIPTION 3856 "Create/Write access is not required." 3857 3858 OBJECT cspSpCloseProtocol 3859 MIN-ACCESS read-only 3860 DESCRIPTION 3861 "Create/Write access is not required." 3862 3863 OBJECT cspSpSessionCache 3864 MIN-ACCESS read-only 3865 DESCRIPTION 3866 "Create/Write access is not required." 3867 3868 OBJECT cspSpSessionTimeOut 3869 MIN-ACCESS read-only 3870 DESCRIPTION 3871 "Create/Write access is not required." 3872 3873 OBJECT cspSpConfigRowStatus 3874 MIN-ACCESS read-only 3875 DESCRIPTION 3876 "Create/Write access is not required." 3877 3878 OBJECT cspGcVersion 3879 MIN-ACCESS read-only 3880 DESCRIPTION 3881 "Write access is not required" 3882 3883 OBJECT cspGcRSArc4128md5 3884 MIN-ACCESS read-only 3885 DESCRIPTION 3886 "Write access not required" 3887 3888 OBJECT cspSslMaxConn 3889 MIN-ACCESS read-only 3890 DESCRIPTION 3891 "Write access not required" 3892 3893 OBJECT cspSslConfigHighConnPcnt 3894 MIN-ACCESS read-only 3895 DESCRIPTION 3896 "Write access not required" 3897 3898 OBJECT cspSslConfigWatermarkConnPcnt 3899 MIN-ACCESS read-only 3900 DESCRIPTION 3901 "Write access not required" 3902 ::= { cspMIBCompliances 3 } 3903 3904-- Units of Conformance 3905 3906cspGlobalConfigGroup OBJECT-GROUP 3907 OBJECTS { 3908 cspGcVersion, 3909 cspGcFIPSMode, 3910 cspGcRSArc4128md5, 3911 cspGcRSArc4128sha, 3912 cspGcRSAdescbcsha, 3913 cspGcRSA3descbcsha, 3914 cspGcNotifyProxyServOperStatus, 3915 cspGcNotifyPSCertExpiring, 3916 cspGcPSCertExpireInterval 3917 } 3918 STATUS current 3919 DESCRIPTION 3920 "A collection of global configuration objects." 3921 ::= { cspMIBGroups 1 } 3922 3923cspProxyServiceConfigGroup OBJECT-GROUP 3924 OBJECTS { 3925 cspPsServiceType, 3926 cspPsVirtualAddressType, 3927 cspPsVirtualAddress, 3928 cspPsVirtualPort, 3929 cspPsServerAddressType, 3930 cspPsServerAddress, 3931 cspPsServerPort, 3932 cspPsAdminStatus, 3933 cspPsOperStatus, 3934 cspPsOperDownReason, 3935 cspPsConfigRowStatus, 3936 cspPspVirTcpPolicyName, 3937 cspPspSerTcpPolicyName, 3938 cspPspSslPolicyName, 3939 cspPspHttpHdrPolicyName, 3940 cspPspUrlRewritePolicyName, 3941 cspPskcTrustPointName, 3942 cspPskcCertFileName, 3943 cspPskcKeyName, 3944 cspPskcKeyFileName, 3945 cspPskcKeySize, 3946 cspPskcKeyTime, 3947 cspPskcCertStatus, 3948 cspPskcCertSubjName, 3949 cspPskcCertSerialNum, 3950 cspPskcIssuerName, 3951 cspPskcIssuerCertSerialNum, 3952 cspPskcCertStartDate, 3953 cspPskcCertEndDate, 3954 cspPskcConfigRowStatus 3955 } 3956 STATUS current 3957 DESCRIPTION 3958 "A collection of configuration objects for a proxy 3959 service." 3960 ::= { cspMIBGroups 2 } 3961 3962cspPolicyConfigGroup OBJECT-GROUP 3963 OBJECTS { 3964 cspTpSynTimeOut, 3965 cspTpInActivityTimeOut, 3966 cspTpNagleAlgo, 3967 cspTpFinWaitTimeOut, 3968 cspTpReassemTimeOut, 3969 cspTpRcvBufShrLim, 3970 cspTpTransBufShrLim, 3971 cspTpMss, 3972 cspTpPathMtuDisc, 3973 cspTpConfigRowStatus, 3974 cspSpRSArc4128md5, 3975 cspSpRSArc4128sha, 3976 cspSpRSAdescbcsha, 3977 cspSpRSA3descbcsha, 3978 cspSpProtocol, 3979 cspSpCloseProtocol, 3980 cspSpSessionCache, 3981 cspSpSessionTimeOut, 3982 cspSpConfigRowStatus 3983 } 3984 STATUS current 3985 DESCRIPTION 3986 "A collection of configuration objects for a policy." 3987 ::= { cspMIBGroups 3 } 3988 3989cspTcpGroup OBJECT-GROUP 3990 OBJECTS { 3991 cspTcpCountersClearTime, 3992 cspTcConnInit, 3993 cspTcConnAccept, 3994 cspTcConnEstab, 3995 cspTcConnDrop, 3996 cspTcConnClosed, 3997 cspTcSynTimeOuts, 3998 cspTcIdleTimeOuts, 3999 cspTcTotalPktSent, 4000 cspTcDataPktSent, 4001 cspTcDataByteSent, 4002 cspTcTotalPktRcv, 4003 cspTcPktRcvSeq, 4004 cspTcByteRcvSeq 4005 } 4006 STATUS current 4007 DESCRIPTION 4008 "A collection of TCP protocol objects." 4009 ::= { cspMIBGroups 4 } 4010 4011cspSslGroup OBJECT-GROUP 4012 OBJECTS { 4013 cspSslCountersClearTime, 4014 cspScConnAttempt, 4015 cspScConnComplete, 4016 cspScConnInHandShake, 4017 cspScConnInDataPhase, 4018 cspScRenegAttempt, 4019 cspScConnInReneg, 4020 cspScActiveSessions, 4021 cspScMaxHandShakeConns, 4022 cspScCurrDeviceQLen, 4023 cspScMaxDeviceQLen, 4024 cspScSessionReuses 4025 } 4026 STATUS current 4027 DESCRIPTION 4028 "A collection of SSL handshake protocol statistics." 4029 ::= { cspMIBGroups 5 } 4030 4031cspSsl3Group OBJECT-GROUP 4032 OBJECTS { 4033 cspS3cFullHandShake, 4034 cspS3cResumedHandShake, 4035 cspS3cHandShakeFailed, 4036 cspS3cDataFailed, 4037 cspS3cBadMacRcvd, 4038 cspS3cPadErrors, 4039 cspS3cRSArc4128md5, 4040 cspS3cRSArc4128sha, 4041 cspS3cRSAdescbcsha, 4042 cspS3cRSA3desedecbcsha 4043 } 4044 STATUS current 4045 DESCRIPTION 4046 "A collection of SSL 3.0 protocol statistics." 4047 ::= { cspMIBGroups 6 } 4048 4049cspTls1Group OBJECT-GROUP 4050 OBJECTS { 4051 cspTlcFullHandShake, 4052 cspTlcResumedHandShake, 4053 cspTlcHandShakeFailed, 4054 cspTlcDataFailed, 4055 cspTlcBadMacRcvd, 4056 cspTlcPadErrors, 4057 cspTlcRSArc4128md5, 4058 cspTlcRSArc4128sha, 4059 cspTlcRSAdescbcsha, 4060 cspTlcRSA3desedecbcsha 4061 } 4062 STATUS current 4063 DESCRIPTION 4064 "A collection of TLS 1.0 protocol statistics." 4065 ::= { cspMIBGroups 7 } 4066 4067cspSslCryptoGroup OBJECT-GROUP 4068 OBJECTS { 4069 cspSccBlksEncrypted, 4070 cspSccBlksDecrypted, 4071 cspSccBytesEncrypted, 4072 cspSccBytesDecrypted, 4073 cspSccPublicKeyOpers, 4074 cspSccPrivateKeyOpers, 4075 cspSccCryptoFails, 4076 cspSccDmaErrors 4077 } 4078 STATUS current 4079 DESCRIPTION 4080 "A collection of cryptographic statistics." 4081 ::= { cspMIBGroups 8 } 4082 4083cspSslErrorGroup OBJECT-GROUP 4084 OBJECTS { 4085 cspSecSessAllocFailed, 4086 cspSecSessLimitExceed, 4087 cspSecHShakeInitFailed, 4088 cspSecRenegFailed, 4089 cspSecFatalAlertsRcvd, 4090 cspSecFatalAlertsSent, 4091 cspSecNoCipherAlerts, 4092 cspSecVerMismatchAlerts, 4093 cspSecNoComprsnAlerts, 4094 cspSecHShakeHndleMemFail, 4095 cspSecStalePakDrop, 4096 cspSecServiceIdDiscard, 4097 cspSecHShakeLimitExceed, 4098 cspSecDevConnCtxtFail, 4099 cspSecMemAllocFailed, 4100 cspSecBuffAllocFailed, 4101 cspSecAlertSendFailed, 4102 cspSecOverloadDropped, 4103 cspSecConnAborted 4104 } 4105 STATUS current 4106 DESCRIPTION 4107 "A collection of SSL protocol error counters." 4108 ::= { cspMIBGroups 9 } 4109 4110cspProxyServiceStatsGroup OBJECT-GROUP 4111 OBJECTS { 4112 cspPscClearTime, 4113 cspPscConnAttempt, 4114 cspPscConnComplete, 4115 cspPscFullHandShake, 4116 cspPscResumedHandShake, 4117 cspPscConnInHandShake, 4118 cspPscConnInDataPhase, 4119 cspPscRenegAttempt, 4120 cspPscConnInReneg, 4121 cspPscBlksEncrypted, 4122 cspPscBlksDecrypted, 4123 cspPscBytesEncrypted, 4124 cspPscBytesDecrypted, 4125 cspPscValidSessions, 4126 cspPscSessLimitExceed, 4127 cspPscHandShakeFailed, 4128 cspPscDataFailed, 4129 cspPscFatalAlertsRcvd, 4130 cspPscFatalAlertsSent, 4131 cspPscBadMacRcvd, 4132 cspPscPadErrors, 4133 cspPscNoCipherAlerts, 4134 cspPscNoComprsnAlerts, 4135 cspPscVerMismatchAlerts 4136 } 4137 STATUS current 4138 DESCRIPTION 4139 "A collection of proxy service statistics." 4140 ::= { cspMIBGroups 10 } 4141 4142cspProxyServiceSsl3Group OBJECT-GROUP 4143 OBJECTS { 4144 cspPs3cClearTime, 4145 cspPs3cFullHandShake, 4146 cspPs3cResumedHandShake, 4147 cspPs3cHandShakeFailed, 4148 cspPs3cDataFailed, 4149 cspPs3cBadMacRcvd, 4150 cspPs3cPadErrors, 4151 cspPs3cRSArc4128md5, 4152 cspPs3cRSArc4128sha, 4153 cspPs3cRSAdescbcsha, 4154 cspPs3cRSA3desedecbcsha 4155 } 4156 STATUS current 4157 DESCRIPTION 4158 "A collection of SSL 3.0 statistics for a proxy 4159 service." 4160 ::= { cspMIBGroups 11 } 4161 4162cspProxyServiceTls1Group OBJECT-GROUP 4163 OBJECTS { 4164 cspPt1cClearTime, 4165 cspPt1cFullHandShake, 4166 cspPt1cResumedHandShake, 4167 cspPt1cHandShakeFailed, 4168 cspPt1cDataFailed, 4169 cspPt1cBadMacRcvd, 4170 cspPt1cPadErrors, 4171 cspPt1cRSArc4128md5, 4172 cspPt1cRSArc4128sha, 4173 cspPt1cRSAdescbcsha, 4174 cspPt1cRSA3desedecbcsha 4175 } 4176 STATUS current 4177 DESCRIPTION 4178 "A collection of TLS 1.0 statistics for a proxy 4179 service." 4180 ::= { cspMIBGroups 12 } 4181 4182cspCpuStatusGroup OBJECT-GROUP 4183 OBJECTS { 4184 cspCpuStatus, 4185 cspCpuClearTime, 4186 cspCpuProcessUtil, 4187 cspCpuInterruptUtil, 4188 cspCpuProcessUtilIn5Sec, 4189 cspCpuProcessUtilIn1Min, 4190 cspCpuProcessUtilIn5Min, 4191 cspCpuInterruptUtilIn5Sec, 4192 cspCpuInterruptUtilIn1Min, 4193 cspCpuInterruptUtilIn5Min 4194 } 4195 STATUS current 4196 DESCRIPTION 4197 "A collection of statuses and usage information about 4198 each CPU on the SSL proxy device." 4199 ::= { cspMIBGroups 13 } 4200 4201cspProxyServiceNotificationGroup NOTIFICATION-GROUP 4202 NOTIFICATIONS { 4203 cspServOperStatus, 4204 cspServCertExpiring 4205 } 4206 STATUS current 4207 DESCRIPTION 4208 "A collection of notifications for signaling important 4209 proxy service events." 4210 ::= { cspMIBGroups 14 } 4211 4212cspHttpHeaderInsertedSslInfoGroup OBJECT-GROUP 4213 OBJECTS { 4214 cspNumOfSslInfoSuccessInserted, 4215 cspNumOfSslInfoFailedInserted, 4216 cspNumOfSpoofHttpHeaderDeleted, 4217 cspNumOfSslSessHeaderExtracted, 4218 cspNumOfSslSessHeaderFailedExtracted, 4219 cspNumOfSslServerCertHeaderExtracted, 4220 cspNumOfSslServerCerHeaderFailedExtracted, 4221 cspNumOfTimesSslHeaderTruncated 4222 } 4223 STATUS current 4224 DESCRIPTION 4225 "A collection of stats related to the insertion of SSL 4226 session and SSL server certificate information into HTTP 4227 header." 4228 ::= { cspMIBGroups 15 } 4229 4230cspHttpHeaderInsertedSslClientCertGroup OBJECT-GROUP 4231 OBJECTS { 4232 cspNumOfSslClientCertHeaderExtracted, 4233 cspNumOfSslClientCertHeaderFailedExtracted 4234 } 4235 STATUS current 4236 DESCRIPTION 4237 "A collection of stats related to the insertion 4238 of SSL client certificate information into HTTP header." 4239 ::= { cspMIBGroups 16 } 4240 4241cspHttpRedirectInfoGroup OBJECT-GROUP 4242 OBJECTS { 4243 cspCertNotYetValidRedirect, 4244 cspCertExpiredRedirect, 4245 cspIssuerCertNotFoundRedirect, 4246 cspCertRevokedRedirect, 4247 cspNoClientCertSentRedirect, 4248 cspNoCrlAvailableRedirect, 4249 cspCrlExpiredRedirect, 4250 cspCertSignatureFailedRedirect, 4251 cspOtherCertErrorRedirect 4252 } 4253 STATUS current 4254 DESCRIPTION 4255 "A collection of counters for http redirect due 4256 to client certificate authentication failure type." 4257 ::= { cspMIBGroups 17 } 4258 4259cspSslResourceLimitNotifObjectsGroup OBJECT-GROUP 4260 OBJECTS { 4261 cspSslTrapType, 4262 cspSslMaxConn, 4263 cspSslActiveConn, 4264 cspSslConfigHighConnPcnt, 4265 cspSslActiveConnPcnt, 4266 cspSslConfigWatermarkConnPcnt 4267 } 4268 STATUS current 4269 DESCRIPTION 4270 "Collection of the objects for connection notification related 4271 configuration and information." 4272 ::= { cspMIBGroups 18 } 4273 4274cspSslResourceLimitNotifGroup NOTIFICATION-GROUP 4275 NOTIFICATIONS { cspSSLResourceLimitReached } 4276 STATUS current 4277 DESCRIPTION 4278 "A collection of notifications for signaling important resource 4279 limit exceed signalling." 4280 ::= { cspMIBGroups 19 } 4281 4282END 4283 4284