-- *------------------------------------------------------------------
-- * CISCO-UNIFIED-FIREWALL-MIB.my: Cisco Firewall MIB.
-- *
-- * Sep 2005, fw-mib-dev@cisco.com
-- *
-- * Copyright (c) 2005 by cisco Systems, Inc.
-- * All rights reserved.
-- *
-- *------------------------------------------------------------------CISCO-UNIFIED-FIREWALL-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,OBJECT-TYPE,NOTIFICATION-TYPE,Counter64,Gauge32,Integer32FROM SNMPv2-SMI
TruthValue,TimeStampFROM SNMPv2-TC
InetAddressType,InetAddress,InetPortNumberFROM INET-ADDRESS-MIB
MODULE-COMPLIANCE,OBJECT-GROUP,NOTIFICATION-GROUPFROM SNMPv2-CONF
ciscoMgmt
FROM CISCO-SMI
CFWNetworkProtocol,
CFWApplicationProtocol,
CFWPolicy,
CFWPolicyTarget,
CFWPolicyTargetType,
CFWUrlfVendorId,
CFWUrlServerStatus
FROM CISCO-FIREWALL-TC
dot1dTpFdbPort,
dot1dTpFdbStatus
FROM BRIDGE-MIB;ciscoUnifiedFirewallMIB MODULE-IDENTITYLAST-UPDATED"200509220000Z"ORGANIZATION"Cisco Systems"CONTACT-INFO" Cisco Systems
Customer Service
Postal: 170 W Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553-NETS
E-mail: cs-firewalls@cisco.com"DESCRIPTION"Overview of Cisco Firewall MIB
==============================
This MIB Module models status and performance
statistics pertaining to the common features supported
by Cisco firewall implementations. For each firewall
feature, capability (if applicable) and statistics are
defined. Supporting the configuration of firewall
features is outside the scope of this MIB.
Following are the major firewall features:
1) 'Stateful Packet Filtering'
Creating and maintaining the state of authorized
traffic flows dynamically to permit only
flows authorized by the policy is a mandatory
function of a firewall.
This MIB instruments the activity and memory
usage by this function.
2) 'Application Inspection'
This refers to the function of inspecting the
headers of layer 3 and layer 4 protocols and
creating dynamic entries in the connection
table for traffic flows spawned by an already
established traffic flow.
This MIB reflects the protocols that are being
inspected.
3) 'URL Filtering'
This refers to the function of facilitating
or restricting URL access requests through
the firewall by consulting either local policy
or that configured on a dedicated URL filtering
server.
This MIB instruments the URL filtering activity,
the status and activity of distinct URL filtering
servers configured on the firewall and the
impact of the performance of the URL filtering
servers on the latency and throughput of the
firewall.
4) 'Proxy Authentication'
This refers to the function of authenticating
and/or authorizing users on behalf of servers
on the secure side of the firewall. This operation
could affect the throughput of the firewall.
The MIB objects pertaining to Proxy Authentication
will be defined in a subsequent revision of this
MIB.
5) 'Transparent Mode Operation'
A firewall could operate as a bridge and yet
filter traffic based on layer 3-layer 7 control
and payload information. Operating in this mode
makes it easy to implement a firewall without
fragmenting existing subnets. Another advantage
of this mode of operation is enhanced security.
This MIB instruments the status, activity,
and performance of the firewall in this mode.
Please note that to fully manage a firewall
operating in this mode, the firewall must also
support the bridge MIB (BRIDGE-MIB).
6) 'Advanced Application Inspection and Control'
This function is also termed 'Application
Firewall' and pertains to inspecting payload and
headers of application traffic to make sure the
traffic flows conform to the configured security
policy.
Monitoring this function entails identifying the
security alerts generated by this function and
measuring the impact on firewall performance by
this task. Application Firewall will be
instrumented in a separate MIB dedicated for the
function.
7) 'Failover' or 'Redundancy'
Redundancy configuration is essential for business
critical firewalls.
Instrumenting this function entails reflecting
the configuration of redundancy and identifying
failover events.
The MIB objects pertaining to Proxy Authentication
will be defined in a subsequent revision of this
MIB.
The management information for each firewall feature
is defined in a distinct module compliance unit. The
compliance units corresponding to basic features of
firewalls are defined as mandatory.
Acronyms
========
Following are definitions of some terms used in this
module. Please refer to the module conformance for a
glossary of feature-specific terms.
`Firewall'
A firewall is a set of related programs,
implemented on a host or a network device, that
protects the resources of a private network from
users from other networks. Common firewalling
functions include stateful packet filtering,
proxy authentication of users on behalf of
applications on the secure side of the firewall,
URL access control, inspection of payload of
traffic streams to determine security threats.
`Layer2 Firewall' or 'Transparent Firewall'
A firewall device that operates as a bridge
while performing firewalling function.
`Connection'
The record in the firewall of a traffic strean
that has been authorized to flow through the
firewall.
`Half Open Connection'
For a connection oriented protocol: a connection
that has not reached the established on both the
sides of the connection.
For a connection-less protocol: the connection
corresponding to a traffic stream where traffic
flow has occurred (since the establishment of the
connection entry) only on one direction.
`Embryonic Connection'
The connection entry corresponding to an
application layer protocol in which the signaling
channel has been established while the setup of
the data channel is underway.
`Policy'
An element of firewall configuration that
identifies the access rights to a resource by a
traffic source. An example of a policy is an
Access Control Rule.
`Policy Target'
An entity to which a policy is applied so that
the action corresponding to the policy is taken
only on traffic streams associated with the
entity. An example of a policy target is an
interface.
`URL Filtering Server'
A server which is employed by the firewall to
enforce URL access policies.
`Protocol Data Unit' or PDU
An instance of the unit of information using which
a protocol operates is called the Protocol Data
Unit or the PDU of the protocol.
`Deep Packet Inspection'
The task of examining the contents of the payloads
of one or more layer 7 application protocols
with a view to enforcing the local security
policies termed 'Deep Packet Inspection'.
`Advanced Application Inspection and Control'
An entity that performs deep packet inspection
of layer 7 application protocol data units is
termed an 'Application Firewall'.
"REVISION"200509220000Z"DESCRIPTION"Initial version of this module.
"::={ ciscoMgmt 491}-- Tentative anchor under ciscoMgmt-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Cisco Firewall MIB Object Groups
--
-- This MIB module contains the following groups:
-- 1) Connection Activity Summary
-- 2) Application Inspection group
-- 3) URL Filtering group
-- 4) Failover group
-- 5) Advanced Application Inspection and Control group
-- 6) Transparent firewall group
-- 7) Notification and control group
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
ciscoUnifiedFirewallMIBNotifs OBJECTIDENTIFIER::={ ciscoUnifiedFirewallMIB 0}ciscoUnifiedFirewallMIBObjects OBJECTIDENTIFIER::={ ciscoUnifiedFirewallMIB 1}ciscoUnifiedFirewallMIBConform OBJECTIDENTIFIER::={ ciscoUnifiedFirewallMIB 2}cuFwConnectionGrp OBJECTIDENTIFIER::={ ciscoUnifiedFirewallMIBObjects 1}cuFwApplInspectionGrp OBJECTIDENTIFIER::={ ciscoUnifiedFirewallMIBObjects 2}cuFwUrlFilterGrp OBJECTIDENTIFIER::={ ciscoUnifiedFirewallMIBObjects 3}cuFwFailoverGrp OBJECTIDENTIFIER::={ ciscoUnifiedFirewallMIBObjects 4}cuFwAaicGrp OBJECTIDENTIFIER::={ ciscoUnifiedFirewallMIBObjects 5}cuFwL2FwGrp OBJECTIDENTIFIER::={ ciscoUnifiedFirewallMIBObjects 6}cuFwNotifCntlGrp OBJECTIDENTIFIER::={ ciscoUnifiedFirewallMIBObjects 7}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Firewall Connection Summary Table
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++cuFwConnectionGlobals OBJECTIDENTIFIER::={ cuFwConnectionGrp 1}cuFwConnectionResources OBJECTIDENTIFIER::={ cuFwConnectionGrp 2}cuFwConnectionReportSettings OBJECTIDENTIFIER::={ cuFwConnectionGrp 3}cuFwConnectionSummaryTables OBJECTIDENTIFIER::={ cuFwConnectionGrp 4}-- Connection Activity: Global summarycufwConnGlobalNumAttempted OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"
Connection Statistics Aggregation
Connection 1 +-----------+
------------->| |-------> Global Connection Summary
Connection 2 | |
------------->| |
Connection 3 | |
------------->| First |------------> ConnSummary
| Level | (i.e, L-3/4 Protocol
Connection 4 |Aggregation| Connection Summary)
------------->| |
. | |
. | |---------------> PolicyConnSummary
Connection N | | (i.e, L-3/4 Policy Target based
------------->| | Protocol Connection Summary)
+-----------+
+-----------+
L-3/4 Protocol | |
Connection Summary | |
------------------>| |---------> AppConnSummary
| | (i.e, L-7 Protocol
| Second | Connection Summary)
|---Level---|
L-3/4 Policy Target |Aggregation|
based Protocol | |
Connection Summary | |
------------------>| |---------------> PolicyAppConnSummary
| | (i.e, L-7 Policy Target based
| | Protocol Connection Summary)
+-----------+
Specifically, the object
'cufwConnGlobalNumAttempted' models
the number of connections which are attempted to
be set up through the firewall.
This value is accumulated from the last reboot of
the firewall.
"::={ cuFwConnectionGlobals 1}cufwConnGlobalNumSetupsAborted OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connection setup attempts that
were aborted before the connection could proceed
to completion. The counter includes setup
attempts aborted by the firewall as well as
those aborted by the initiator and/or the
responder(s) of/to the connection setup attempt.
Consequently, this value subsumes the values of
objects 'cufwConnGlobalNumPolicyDeclined' and
'cufwConnGlobalNumResDeclined'.
This value is accumulated from the last reboot of
the firewall.
"::={ cuFwConnectionGlobals 2}cufwConnGlobalNumPolicyDeclined OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The number of connections which were attempted to
be setup but which were declined due to reasons of
security policy.
This includes the connections that failed
authentication.
This value is accumulated from the last reboot of
the firewall.
"::={ cuFwConnectionGlobals 3}cufwConnGlobalNumResDeclined OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections which were attempted to
be setup but which were declined due to
non-availability of required resources.
This value is accumulated from the last reboot of
the firewall.
"::={ cuFwConnectionGlobals 4}cufwConnGlobalNumHalfOpen OBJECT-TYPESYNTAXGauge32UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections which are in the process
of being setup but which have not yet reached the
established state in the connection table.
"::={ cuFwConnectionGlobals 5}cufwConnGlobalNumActive OBJECT-TYPESYNTAXGauge32UNITS"Connections"
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections which are currently active.
"::={ cuFwConnectionGlobals 6}cufwConnGlobalNumExpired OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections which were active but
which were since normally terminated.
This value is accumulated from the last reboot of
the firewall.
"::={ cuFwConnectionGlobals 7}cufwConnGlobalNumAborted OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections which were active but
which were aborted by the firewall due to reasons
of policy or resource rationing.
This value is accumulated from the last reboot of
the firewall.
"::={ cuFwConnectionGlobals 8}cufwConnGlobalNumEmbryonic OBJECT-TYPESYNTAXGauge32UNITS"Connections"MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The number of embryonic application layer connections
(that is, connections in which the signaling channel
has been established while the data channel is awaiting
setup).
This value is accumulated from the last reboot of
the firewall.
"::={ cuFwConnectionGlobals 9}cufwConnGlobalConnSetupRate1 OBJECT-TYPESYNTAXGauge32UNITS"Connections per second"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The averaged number of connections which the firewall
establishing per second, averaged over the last 60
seconds.
"::={ cuFwConnectionGlobals 10}cufwConnGlobalConnSetupRate5 OBJECT-TYPESYNTAXGauge32UNITS"Connections per second"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The averaged number of connections which the firewall
establishing per second, averaged over the last 300
seconds.
"::={ cuFwConnectionGlobals 11}cufwConnGlobalNumRemoteAccess OBJECT-TYPESYNTAXGauge32UNITS"Connections"MAX-ACCESSread-onlySTATUScurrent
DESCRIPTION"The number of active connections which correspond
to remote access applications. Specifically, the
protocol for which the connection is established
must be one of PPP, PPTP, L2TP or remote access IPsec
(IPsec connections employing extended authentication).
This value is accumulated from the last reboot of
the firewall.
"::={ cuFwConnectionGlobals 12}-- Resource consumption by connection activitycufwConnResMemoryUsage OBJECT-TYPESYNTAXGauge32UNITS"KBytes"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The amount of memory occupied by all structures
required to maintain the state of all connections
which are either being established or are active.
"::={ cuFwConnectionResources 1}cufwConnResActiveConnMemoryUsage OBJECT-TYPESYNTAXGauge32UNITS"KBytes"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The amount of memory occupied by all structures
required to maintain the state of all active
connections.
"::={ cuFwConnectionResources 2}cufwConnResHOConnMemoryUsage OBJECT-TYPESYNTAXGauge32UNITS"KBytes"MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The amount of memory occupied by all structures
required to maintain the state of all half
open connections.
"::={ cuFwConnectionResources 3}cufwConnResEmbrConnMemoryUsage OBJECT-TYPESYNTAXGauge32UNITS"KBytes"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The amount of memory occupied by all structures
required to maintain the state of all embryonic
connections.
"::={ cuFwConnectionResources 4}--
-- Connection Activity Report Settings: Controls to
-- configure the MIB to change connection activity reporting
-- settings.
--cufwConnReptAppStats OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"Setting this object to 'true' enables the MIB to
report connection activity statistics pertaining
to application protocols.
If this object is set to 'false', the agent
should stop updating the objects defined in this
module pertaining to application protocols.
Application monitoring could be a resource intensive
operation. It is expected that the administrators
would use this control to disable application
monitoring when the performance of the firewall is
degrading.
"DEFVAL{ false }
::={ cuFwConnectionReportSettings 1}cufwConnReptAppStatsLastChanged OBJECT-TYPESYNTAXTimeStampMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The time at which the value of cufwConnReptAppStats
was last changed.
"::={ cuFwConnectionReportSettings 2}-- Connection Activity: Protocol-based summarycufwConnSummaryTable OBJECT-TYPESYNTAXSEQUENCEOF CufwConnSummaryEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table summarizes the connection activity on
the firewall per layer3-layer 4 protocol instance.
Each entry in the table lists the connection
summary of a distinct network protocol.
For instance, the conceptual row corresponding to the
index
cufwConnProtocol = fwpTcp
yields the summary of TCP connection activity on the
firewall since its reboot.
"::={ cuFwConnectionSummaryTables 1}cufwConnSummaryEntry OBJECT-TYPESYNTAX CufwConnSummaryEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the summary of connection
activity for a layer3-layer4 network protocol.
"INDEX{
cufwConnProtocol
}::={ cufwConnSummaryTable 1}
CufwConnSummaryEntry ::=SEQUENCE{
cufwConnProtocol CFWNetworkProtocol,
cufwConnNumAttempted Counter64,
cufwConnNumSetupsAborted Counter64,
cufwConnNumPolicyDeclined Counter64,
cufwConnNumResDeclined Counter64,
cufwConnNumHalfOpen Gauge32,
cufwConnNumActive Gauge32,
cufwConnNumAborted Counter64,
cufwConnSetupRate1 Gauge32,
cufwConnSetupRate5 Gauge32}cufwConnProtocol OBJECT-TYPESYNTAX CFWNetworkProtocol
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The (L3-L4) protocol for which this conceptual
row summarizes the connection activity on the
managed entity.
"::={ cufwConnSummaryEntry 1}cufwConnNumAttempted OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections attempted since the last
reboot of the firewall, corresponding to the protocol
denoted by 'cufwConnProtocol'.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwConnSummaryEntry 2}cufwConnNumSetupsAborted OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connection setup attempts,
corresponding to the protocol denoted by
'cufwConnProtocol', that were aborted before the
connection could proceed to completion. The
counter includes setup attempts aborted by the
firewall as well as those aborted by the initiator
and/or the responder(s) of/to the connection setup
attempt.
Consequently, this value subsumes the values of
objects 'cufwConnNumPolicyDeclined' and
'cufwConnNumResDeclined'.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwConnSummaryEntry 3}cufwConnNumPolicyDeclined OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connection attempts that were declined
due to security policy, corresponding to the protocol
denoted by 'cufwConnProtocol'.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwConnSummaryEntry 4}cufwConnNumResDeclined OBJECT-TYPESYNTAXCounter64
UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connection attempts that were declined
due to resource unavailability, corresponding to the
protocol denoted by 'cufwConnProtocol'.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwConnSummaryEntry 5}cufwConnNumHalfOpen OBJECT-TYPESYNTAXGauge32UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections that are currently in the
process of being established, corresponding to the
protocol denoted by 'cufwConnProtocol'.
"::={ cufwConnSummaryEntry 6}cufwConnNumActive OBJECT-TYPESYNTAXGauge32UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections that are currently active,
corresponding to the protocol denoted by
'cufwConnProtocol'.
"::={ cufwConnSummaryEntry 7}cufwConnNumAborted OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The number of connections that were abnormally
terminated after successful establishment,
corresponding to the protocol denoted by
'cufwConnProtocol'.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwConnSummaryEntry 8}cufwConnSetupRate1 OBJECT-TYPESYNTAXGauge32UNITS"Connections Per Second"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The connection setup rate averaged over the last
60 seconds corresponding to the protocol denoted by
'cufwConnProtocol'.
"::={ cufwConnSummaryEntry 9}cufwConnSetupRate5 OBJECT-TYPESYNTAXGauge32UNITS"Connections Per Second"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The connection setup rate averaged over the last
300 seconds corresponding to the protocol denoted by
'cufwConnProtocol'.
"::={ cufwConnSummaryEntry 10}-- Layer 7 protocol based connection summarycufwAppConnSummaryTable OBJECT-TYPESYNTAXSEQUENCEOF CufwAppConnSummaryEntry
MAX-ACCESSnot-accessible
STATUScurrentDESCRIPTION"This table lists the summary of firewall
connections pertaining to Layer 7 protocols,
catalogued by distinct application protocols.
Each entry in the table lists the connection
summary corresponding to a distinct application
protocol.
For instance, to obtain the connection summary
for SMTP on the firewall since the last reboot
of the device, use the conceptual row
corresponding to
cufwAppConnProtocol = fwApSmtp
"::={ cuFwConnectionSummaryTables 2}cufwAppConnSummaryEntry OBJECT-TYPESYNTAX CufwAppConnSummaryEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the summary of connection
activity for a distinct layer 7 protocol identified
by the index element 'cufwAppConnProtocol'.
"INDEX{
cufwAppConnProtocol
}::={ cufwAppConnSummaryTable 1}
CufwAppConnSummaryEntry ::=SEQUENCE{
cufwAppConnProtocol CFWApplicationProtocol,
cufwAppConnNumAttempted Counter64,
cufwAppConnNumSetupsAborted Counter64,
cufwAppConnNumPolicyDeclined Counter64,
cufwAppConnNumResDeclined Counter64,
cufwAppConnNumHalfOpen Gauge32,
cufwAppConnNumActive Gauge32,
cufwAppConnNumAborted Counter64,
cufwAppConnSetupRate1 Gauge32,
cufwAppConnSetupRate5 Gauge32}cufwAppConnProtocol OBJECT-TYPESYNTAX CFWApplicationProtocol
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The layer7 protocol for which this conceptual
row summarizes the connection activity for this
firewall.
"::={ cufwAppConnSummaryEntry 1}cufwAppConnNumAttempted OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections attempted since the last
reboot of the firewall, corresponding to the protocol
denoted by 'cufwAppConnProtocol'.
This value is accumulated from the last reboot of
the firewall subject to the control exercised by
cufwConnReptAppStats.
"::={ cufwAppConnSummaryEntry 2}cufwAppConnNumSetupsAborted OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connection setup attempts,
corresponding to the protocol denoted by
'cufwAppConnProtocol', that were aborted before
the connection could proceed to completion. The
counter includes setup attempts aborted by the
firewall as well as those aborted by the initiator
and/or the responder(s) of/to the connection setup
attempt.
Consequently, this value subsumes the values of
objects 'cufwAppConnNumPolicyDeclined' and
'cufwAppConnNumResDeclined'.
This value is accumulated from the last reboot of
the firewall subject to the control exercised by
cufwConnReptAppStats.
"::={ cufwAppConnSummaryEntry 3}cufwAppConnNumPolicyDeclined OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connection attempts that were declined
due to security policy, corresponding to the protocol
denoted by 'cufwAppConnProtocol'.
This value is accumulated from the last reboot of
the firewall subject to the control exercised by
cufwConnReptAppStats.
"::={ cufwAppConnSummaryEntry 4}cufwAppConnNumResDeclined OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connection attempts that were declined
due to resource unavailability, corresponding to the
protocol denoted by 'cufwAppConnProtocol'.
This value is accumulated from the last reboot of
the firewall subject to the control exercised by
cufwConnReptAppStats.
"::={ cufwAppConnSummaryEntry 5}cufwAppConnNumHalfOpen OBJECT-TYPESYNTAXGauge32UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections that are currently in the
process of being established, corresponding to the
protocol denoted by 'cufwAppConnProtocol'.
"::={ cufwAppConnSummaryEntry 6}cufwAppConnNumActive OBJECT-TYPESYNTAXGauge32UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections that are currently active,
corresponding to the protocol denoted by
'cufwAppConnProtocol'.
"::={ cufwAppConnSummaryEntry 7}cufwAppConnNumAborted OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections that were terminated by the
firewall successful establishment, corresponding
to the protocol denoted by 'cufwAppConnProtocol'.
This value is accumulated from the last reboot of
the firewall subject to the control exercised by
cufwConnReptAppStats.
"::={ cufwAppConnSummaryEntry 8}cufwAppConnSetupRate1 OBJECT-TYPESYNTAXGauge32UNITS"Connections Per Second"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The connection setup rate averaged over the last
60 seconds corresponding to the protocol denoted by
'cufwAppConnProtocol'.
"::={ cufwAppConnSummaryEntry 9}cufwAppConnSetupRate5 OBJECT-TYPESYNTAXGauge32UNITS"Connections Per Second"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The connection setup rate averaged over the last
300 seconds corresponding to the protocol denoted by
'cufwAppConnProtocol'.
"::={ cufwAppConnSummaryEntry 10}-- Connection Activity: Policy-based summarycufwPolicyConnSummaryTable OBJECT-TYPESYNTAXSEQUENCEOF CufwPolicyConnSummaryEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table lists the summary of firewall
connections for layer3-layer 4 protocols catalogued
on a per policy basis.
Each entry in the table lists the connection summary of
a distinct network protocol, configured on the specified
policy on the firewall, and pertaining to a specified
target to which the policy is currently applied.
If a policy is bound to a target, it would have one
or more entries in this table. If the policy is
detached from the target, all entries corresponding
to the association between the policy and the target
are elminated from this table.
Although the information is indexed by policy targets
as well, one may aggregate the connection summary for
a specific policy across all the target to which the
policy is currently applied by setting
cufwConnPolicyTargetType = 'targetAll'
"::={ cuFwConnectionSummaryTables 3}cufwPolicyConnSummaryEntry OBJECT-TYPESYNTAX CufwPolicyConnSummaryEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the summary of connection
activity for a specific protocol in a specific
policy applied to the specified policy target.
"INDEX{
cufwPolConnPolicy,
cufwPolConnPolicyTargetType,
cufwPolConnPolicyTarget,
cufwPolConnProtocol
}::={ cufwPolicyConnSummaryTable 1}
CufwPolicyConnSummaryEntry ::=SEQUENCE{
cufwPolConnPolicy CFWPolicy,
cufwPolConnPolicyTargetType CFWPolicyTargetType,
cufwPolConnPolicyTarget CFWPolicyTarget,
cufwPolConnProtocol CFWNetworkProtocol,
cufwPolConnNumAttempted Counter64,
cufwPolConnNumSetupsAborted Counter64,
cufwPolConnNumPolicyDeclined Counter64,
cufwPolConnNumResDeclined Counter64,
cufwPolConnNumHalfOpen Gauge32,
cufwPolConnNumActive Gauge32,
cufwPolConnNumAborted Counter64}cufwPolConnPolicy OBJECT-TYPESYNTAX CFWPolicy
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The identity of the firewall policy for which
this conceptual row contains the connection
activity summary.
"::={ cufwPolicyConnSummaryEntry 1}cufwPolConnPolicyTargetType OBJECT-TYPESYNTAX CFWPolicyTargetType
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The type of the entity to which the firewall policy
'cufwPolConnPolicy' has been applied. This could be
an interface type (most commonly), the type of another
object or a group of objects defined in the firewall
configuration.
When this object is set to 'targetALL', the value of
index object cufwConnPolicyTarget is ignored.
"::={ cufwPolicyConnSummaryEntry 2}cufwPolConnPolicyTarget OBJECT-TYPESYNTAX CFWPolicyTarget (SIZE(0..128))
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The identity of the entity to which the firewall
policy 'cufwPolConnPolicy' is applied. This could be an
interface object (most commonly), another object or
group of objects defined in the firewall configuration.
"::={ cufwPolicyConnSummaryEntry 3}cufwPolConnProtocol OBJECT-TYPESYNTAX CFWNetworkProtocol
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The (L3-L4) protocol corresponding to which this
conceptual row summarizes the connection activity
on the firewall.
"::={ cufwPolicyConnSummaryEntry 4}cufwPolConnNumAttempted OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections attempted since the last
reboot of the firewall, corresponding to the protocol
denoted by 'cufwPolConnProtocol', in the policy
'cufwPolConnPolicy' applied to the entity identified
by 'cufwPolConnPolicyTarget'.
"::={ cufwPolicyConnSummaryEntry 5}cufwPolConnNumSetupsAborted OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The number of connection setup attempts,
corresponding to the protocol denoted by
'cufwPolConnProtocol', associated with the policy
'cufwPolConnPolicy' applied to the entity
identified by 'cufwPolConnPolicyTarget',
that were aborted before the connection could
proceed to completion. The counter includes
setup attempts aborted by the firewall as well
as those aborted by the initiator and/or the
responder(s) of/to the connection setup attempt.
Consequently, this value subsumes the values of
objects 'cufwPolConnNumPolicyDeclined' and
'cufwPolConnNumResDeclined'.
"::={ cufwPolicyConnSummaryEntry 6}cufwPolConnNumPolicyDeclined OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connection attempts that were declined
due to security policy, corresponding to the protocol
denoted by 'cufwPolConnProtocol', in the policy
'cufwPolConnPolicy' applied to the entity identified by
'cufwPolConnPolicyTarget'.
"::={ cufwPolicyConnSummaryEntry 7}cufwPolConnNumResDeclined OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connection attempts that were declined
due to resource unavailability, corresponding to the
protocol denoted by 'cufwPolConnProtocol', in the policy
'cufwPolConnPolicy' applied to the entity identified by
'cufwPolConnPolicyTarget'.
"::={ cufwPolicyConnSummaryEntry 8}cufwPolConnNumHalfOpen OBJECT-TYPESYNTAXGauge32UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections that are currently in the
process of being established, corresponding to the
protocol denoted by 'cufwPolConnProtocol', in the
policy 'cufwPolConnPolicy' applied to the entity
identified by 'cufwPolConnPolicyTarget'.
"::={ cufwPolicyConnSummaryEntry 9}cufwPolConnNumActive OBJECT-TYPESYNTAXGauge32UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections that are currently active,
corresponding to the protocol denoted by
'cufwPolConnProtocol', in the policy
'cufwPolConnPolicy' applied to the entity identified
by 'cufwPolConnPolicyTarget'.
"::={ cufwPolicyConnSummaryEntry 10}cufwPolConnNumAborted OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The number of connections that were abnormally
terminated after successful establishment, corresponding
to the protocol denoted by 'cufwPolConnProtocol',
in the policy 'cufwPolConnPolicy' applied to the entity
identified by 'cufwPolConnPolicyTarget'.
"::={ cufwPolicyConnSummaryEntry 11}-- Layer 7 protocol policy based connection summarycufwPolicyAppConnSummaryTable OBJECT-TYPESYNTAXSEQUENCEOF CufwPolicyAppConnSummaryEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table lists the summary of firewall
connections pertaining to Layer 7 protocols,
catalogued on a per policy basis
Each entry in the table lists the connection
summary of a distinct application protocol,
configured on the specified policy on the firewall,
and pertaining to a specified target to which the
policy has been applied.
If a policy is bound to a target, it would have one
or more entries in this table. If the policy is
detached from the target, all entries corresponding
to the association between the policy and the target
are elminated from this table.
Although the information is indexed by policy targets
as well, one may aggregate the connection summary for
a specific policy across all the target to which the
policy is currently applied by setting
cufwAppConnPolicyTargetType = 'targetALL'
"::={ cuFwConnectionSummaryTables 4}cufwPolicyAppConnSummaryEntry OBJECT-TYPESYNTAX CufwPolicyAppConnSummaryEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the summary of connection
activity for a specific layer 7 protocol in a
specific policy applied to the specified policy
target.
"INDEX{
cufwPolAppConnPolicy,
cufwPolAppConnPolicyTargetType,
cufwPolAppConnPolicyTarget,
cufwPolAppConnProtocol
}::={ cufwPolicyAppConnSummaryTable 1}
CufwPolicyAppConnSummaryEntry ::=SEQUENCE{
cufwPolAppConnPolicy CFWPolicy,
cufwPolAppConnPolicyTargetType CFWPolicyTargetType,
cufwPolAppConnPolicyTarget CFWPolicyTarget,
cufwPolAppConnProtocol CFWApplicationProtocol,
cufwPolAppConnNumAttempted Counter64,
cufwPolAppConnNumSetupsAborted Counter64,
cufwPolAppConnNumPolicyDeclined Counter64,
cufwPolAppConnNumResDeclined Counter64,
cufwPolAppConnNumHalfOpen Gauge32,
cufwPolAppConnNumActive Gauge32,
cufwPolAppConnNumAborted Counter64}cufwPolAppConnPolicy OBJECT-TYPESYNTAX CFWPolicy
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The identity of the firewall policy for which
this conceptual row contains the connection
activity summary.
"::={ cufwPolicyAppConnSummaryEntry 1}cufwPolAppConnPolicyTargetType OBJECT-TYPESYNTAX CFWPolicyTargetType
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The type of the entity to which the firewall policy
'cufwPolAppConnPolicy' has been applied. This could be
an interface type (most commonly), the type of another
object or a group of objects defined in the firewall
configuration.
When this object is set to 'targetALL', the value of
index object cufwAppConnPolicyTarget is ignored.
"::={ cufwPolicyAppConnSummaryEntry 2}cufwPolAppConnPolicyTarget OBJECT-TYPESYNTAX CFWPolicyTarget (SIZE(0..128))MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The identity of the entity to which the firewall
policy 'cufwPolAppProtocol' refers. This could be an
interface object (most commonly), another object or
group of objects defined in the firewall configuration.
"::={ cufwPolicyAppConnSummaryEntry 3}cufwPolAppConnProtocol OBJECT-TYPESYNTAX CFWApplicationProtocol
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION
"The layer7 protocol for which this conceptual
row summarizes the connection activity for this
firewall.
"::={ cufwPolicyAppConnSummaryEntry 4}cufwPolAppConnNumAttempted OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections attempted since the last
reboot of the firewall, corresponding to the protocol
denoted by 'cufwPolAppConnProtocol', in the policy
'cufwPolAppConnPolicy' applied to the entity identified
by 'cufwPolAppConnPolicyTarget'.
This value is accumulated from the last reboot of
the firewall subject to the control exercised by
cufwConnReptAppStats.
"::={ cufwPolicyAppConnSummaryEntry 5}cufwPolAppConnNumSetupsAborted OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connection setup attempts,
corresponding to the protocol denoted by
'cufwPolAppConnProtocol', associated with the policy
'cufwPolAppConnPolicy' applied to the entity
identified by 'cufwPolAppConnPolicyTarget',
that were aborted before the connections could
proceed to completion. The counter includes setup
attempts aborted by the firewall as well as those
aborted by the initiator and/or the responder(s)
of/to the connection setup attempt.
Consequently, this value subsumes the values of
objects 'cufwPolAppConnNumPolicyDeclined' and
'cufwPolAppConnNumResDeclined'.
This value is accumulated from the last reboot of
the firewall subject to the control exercised by
cufwConnReptAppStats.
"::={ cufwPolicyAppConnSummaryEntry 6}cufwPolAppConnNumPolicyDeclined OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connection attempts that were declined
due to security policy, corresponding to the protocol
denoted by 'cufwPolAppConnProtocol', in the policy
'cufwPolAppConnPolicy' applied to the entity identified
by 'cufwPolAppConnPolicyTarget'.
This value is accumulated from the last reboot of
the firewall subject to the control exercised by
cufwConnReptAppStats.
"::={ cufwPolicyAppConnSummaryEntry 7}cufwPolAppConnNumResDeclined OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connection attempts that were declined
due to resource unavailability, corresponding to the
protocol denoted by 'cufwPolAppConnProtocol', in the
policy 'cufwPolAppConnPolicy' applied to the entity
identified by 'cufwPolAppConnPolicyTarget'.
This value is accumulated from the last reboot of
the firewall subject to the control exercised by
cufwConnReptAppStats.
"::={ cufwPolicyAppConnSummaryEntry 8}cufwPolAppConnNumHalfOpen OBJECT-TYPESYNTAXGauge32UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections that are currently in the
process of being established, corresponding to the
protocol
denoted by 'cufwPolAppConnProtocol', in the policy
'cufwPolAppConnPolicy' applied to the entity identified
by 'cufwPolAppConnPolicyTarget'.
"::={ cufwPolicyAppConnSummaryEntry 9}cufwPolAppConnNumActive OBJECT-TYPESYNTAXGauge32UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections that are currently active,
corresponding to the protocol denoted by
'cufwPolAppConnProtocol', in the policy
'cufwPolAppConnPolicy' applied to the entity identified
by 'cufwPolAppConnPolicyTarget'.
"::={ cufwPolicyAppConnSummaryEntry 10}cufwPolAppConnNumAborted OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections that were abnormally
terminated after successful establishment, corresponding
to the protocol denoted by 'cufwPolAppConnProtocol', in
the policy 'cufwPolAppConnPolicy' applied to the entity
identified by 'cufwPolAppConnPolicyTarget'.
"::={ cufwPolicyAppConnSummaryEntry 11}-- Application Inspection GroupcufwAIAuditTrailEnabled OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The value identifies if audit trail in application
inspection has been globally enabled or disabled.
"::={ cuFwApplInspectionGrp 1}cufwAIAlertEnabled OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The value identifies if application inspection alerts
have been globally enabled or disabled.
"::={ cuFwApplInspectionGrp 2}-- Application Inspection configuration tablecufwInspectionTable OBJECT-TYPESYNTAXSEQUENCEOF CufwInspectionEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table identifies if an application protocol has
been configured for inspection and if so, the name of
the firewall policy or the inspection configuration
that configures the specified protocol for inspection.
The table also identifies if the specified protocol is
actively being inspected.
This table may be used by an administrator to quickly
identify if a protocol is being subjected to application
inspection by the managed firewall.
"::={ cuFwApplInspectionGrp 3}cufwInspectionEntry OBJECT-TYPESYNTAX CufwInspectionEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the configuration of
a specific application inspection element.
"INDEX{
cufwInspectionPolicyName,
cufwInspectionProtocol
}::={ cufwInspectionTable 1}
CufwInspectionEntry ::=SEQUENCE{
cufwInspectionPolicyName CFWPolicy,
cufwInspectionProtocol CFWApplicationProtocol,
cufwInspectionStatus TruthValue}cufwInspectionPolicyName OBJECT-TYPESYNTAX CFWPolicy (SIZE(0..128))MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The name of the policy that configures the device
inspect the protocol specified by
'cufwInspectionProtocol'.
"::={ cufwInspectionEntry 1}
cufwInspectionProtocol OBJECT-TYPESYNTAX CFWApplicationProtocol
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The application protocol that is configured for
inspection.
"::={ cufwInspectionEntry 2}cufwInspectionStatus OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This MIB object identifies if the directive to inspect
the protocol specified by 'cufwInspectionProtocol' by
the policy corresponding to this conceptual row is
enabled or disabled.
"::={ cufwInspectionEntry 3}-- URL Filter groupcufwUrlFilterGlobals OBJECTIDENTIFIER::={ cuFwUrlFilterGrp 1}cufwUrlFilterResourceUsage OBJECTIDENTIFIER::={ cuFwUrlFilterGrp 2}cufwUrlFilterServers OBJECTIDENTIFIER::={ cuFwUrlFilterGrp 3}-- URL Filter global groupcufwUrlfFunctionEnabled OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrent
DESCRIPTION"
URL Filtering Operation
_________
2.2 Request | |
|---------->| Server |
| | |
_________ __|_ |_________|
| |<--(5. Response )---| | 3. Response |
| | | |<-------------|
| Client |---(1. Request )--->|FW |
|_________| |____|<--------------|
| 4. URLF Resp ____|______
| | |
|------------>|URLF Server|
2.1 URLF Req |___________|
1) Client sends a Request containing a URL to the Server
2.1) FW extracts the URL from the Request and sends it to
URL Filtering Server (or Verifies the URL locally)
2.2) FW also forwards the original Request from the Client to
the Server
3) Any Responses from the Server received before receiving
a response from URLF Server are cached by the FW
4) URLF Response indicates whether the URL access should be
allowed or denied
5) If the URLF Response allows the URL, FW forwards the
URL Access responses from the Server to the Client
6) If the URLF Response indicates that the URL access should be
denied, FW drops all the cached URL responses and forces the
connection between the Client and the Server to be terminated
Specifically, the object cufwUrlfFunctionEnabled
indicates if the URL filtering function
is enabled.
When this MIB object contains the value 'false',
the firewall device will not perform URL filtering
function, even if it contains configuration pertaining
to other aspects of URL filtering.
"::={ cufwUrlFilterGlobals 1}cufwUrlfRequestsNumProcessed OBJECT-TYPESYNTAXCounter64UNITS"Requests"MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The number of URL access requests processed by
this firewall.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwUrlFilterGlobals 2}cufwUrlfRequestsProcRate1 OBJECT-TYPESYNTAXGauge32UNITS"Requests per second"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of URL access requests processed per
seconds by this firewall averaged over the last 60
seconds.
"::={ cufwUrlFilterGlobals 3}cufwUrlfRequestsProcRate5 OBJECT-TYPESYNTAXGauge32UNITS"Requests per second"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of URL access requests processed per second
by this firewall averaged over the last 300 seconds.
"::={ cufwUrlFilterGlobals 4}cufwUrlfRequestsNumAllowed OBJECT-TYPESYNTAXCounter64UNITS"Requests"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of URL access requests allowed by
this firewall, due to a directive from a URL
filtering server or a static policy configured on
the firewall.
This value is accumulated from the last reboot of the
firewall.
"::={ cufwUrlFilterGlobals 5}cufwUrlfRequestsNumDenied OBJECT-TYPESYNTAXCounter64UNITS"Requests"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of URL access requests declined by
this firewall, due to a directive from a URL
filtering server, a static policy configured on
the firewall, due to resource constraints or
any other reason.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwUrlFilterGlobals 6}cufwUrlfRequestsDeniedRate1 OBJECT-TYPESYNTAXGauge32UNITS"Requests per second"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The rate at which URL access requests were denied
by this firewall, due to a directive from a URL
filtering server, a static policy configured on
the firewall, due to resource constraints or
any other reason, averaged over the last 60 seconds.
"::={ cufwUrlFilterGlobals 7}cufwUrlfRequestsDeniedRate5 OBJECT-TYPESYNTAXGauge32UNITS"Requests Per Second"
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The rate at which URL access requests were denied
by this firewall, due to a directive from a URL
filtering server, a static policy configured on
the firewall, due to resource constraints or
any other reason, averaged over the last 300 seconds.
"::={ cufwUrlFilterGlobals 8}cufwUrlfRequestsNumCacheAllowed OBJECT-TYPESYNTAXCounter64UNITS"Requests"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of URL access requests allowed by
the firewall because of a cached entry holding the
result from a previous URL access request that was
handled either by a URLF Server or exclusive domain
configuration.
This value is accumulated from the last reboot of the
firewall.
"::={ cufwUrlFilterGlobals 9}cufwUrlfRequestsNumCacheDenied OBJECT-TYPESYNTAXCounter64UNITS"Requests"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of URL access requests denied by
the firewall because of a cached entry holding the
result from a previous URL access request that was
handled either by a URLF Server or exclusive domain
configuration.
This value is accumulated from the last reboot of the
firewall.
"::={ cufwUrlFilterGlobals 10}cufwUrlfAllowModeReqNumAllowed OBJECT-TYPESYNTAXCounter64UNITS"Requests"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of URL access requests that were allowed
by the firewall when the URL filtering server was not
available.
This value is accumulated from the last reboot of the
firewall.
"::={ cufwUrlFilterGlobals 11}cufwUrlfAllowModeReqNumDenied OBJECT-TYPESYNTAXCounter64UNITS"Requests"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of URL access requests that were declined
by the firewall when the URL filtering server was not
available.
This value is accumulated from the last reboot of the
firewall.
"::={ cufwUrlFilterGlobals 12}cufwUrlfRequestsNumResDropped OBJECT-TYPESYNTAXCounter64UNITS"Requests"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of incoming URL access requests that
were dropped by the firewall because of resource
constraints.
This value is accumulated from the last reboot of the
firewall.
"::={ cufwUrlFilterGlobals 13}cufwUrlfRequestsResDropRate1 OBJECT-TYPESYNTAXGauge32UNITS"Requests Per Second"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The rate at which incoming URL access requests
were dropped by the firewall because of resource
constraints, averaged over the last 60 seconds.
"::={ cufwUrlFilterGlobals 14}cufwUrlfRequestsResDropRate5 OBJECT-TYPESYNTAXGauge32UNITS"Requests Per Second"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The rate at which incoming URL access requests
were dropped by the firewall because of resource
constraints, averaged over the last 300 seconds.
"::={ cufwUrlFilterGlobals 15}cufwUrlfNumServerTimeouts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the firewall failed to receive
a response from the configured URL filtering servers
for a request to authorize a URL access request.
This is equal to the number of times a firewall removed
a URL access request from the queue of pending requests
because no response was received from the URL filtering
server(s).
This value is accumulated from the last reboot of the
firewall.
"::={ cufwUrlFilterGlobals 16}cufwUrlfNumServerRetries OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of URL access authorization requests
re-sent by the firewall to the URL Filtering Servers
because a response was not received within the
configured time interval.
This value is accumulated from the last reboot of the
firewall.
"::={ cufwUrlFilterGlobals 17}cufwUrlfResponsesNumLate OBJECT-TYPESYNTAXCounter64UNITS"Responses"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of responses from URL filtering servers
which were received after the original URL access
request was removed from the queue of pending
requests.
This value is accumulated from the last reboot of the
firewall.
"::={ cufwUrlFilterGlobals 18}cufwUrlfUrlAccRespsNumResDropped OBJECT-TYPESYNTAXCounter64UNITS"Responses"MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The number of transport packets constituting responses
to URL access requests that were dropped by the firewall
due to resource constraints waiting for a response from
the filtering server.
This value is accumulated from the last reboot of the
firewall.
"::={ cufwUrlFilterGlobals 19}-- Resource consumption by URL filtering activitycufwUrlfResTotalRequestCacheSize OBJECT-TYPESYNTAXGauge32UNITS"KBytes"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The amount of memory occupied by all the caches
used in the firewall to cache pending URL access
requests.
"::={ cufwUrlFilterResourceUsage 1}cufwUrlfResTotalRespCacheSize OBJECT-TYPESYNTAXGauge32UNITS"KBytes"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The amount of memory occupied by all the caches
used in the firewall to cache responses for URL
requests received from servers while awaiting a
response from URL filter server.
"::={ cufwUrlFilterResourceUsage 2}-- URL Filter server tablecufwUrlfServerTable OBJECT-TYPESYNTAXSEQUENCEOF CufwUrlfServerEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table lists the URL filtering servers
configured on the managed device and their
performance statistics.
This table is not meant as a device to
configure URL filtering servers.
"::={ cufwUrlFilterServers 1}cufwUrlfServerEntry OBJECT-TYPESYNTAX CufwUrlfServerEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry contains the configuration of
a specific URL filtering server.
"INDEX{
cufwUrlfServerAddrType,
cufwUrlfServerAddress,
cufwUrlfServerPort
}::={ cufwUrlfServerTable 1}
CufwUrlfServerEntry ::=SEQUENCE{
cufwUrlfServerAddrType InetAddressType,
cufwUrlfServerAddress InetAddress,
cufwUrlfServerPort InetPortNumber,
cufwUrlfServerVendor CFWUrlfVendorId,
cufwUrlfServerStatus CFWUrlServerStatus,
cufwUrlfServerReqsNumProcessed Counter64,
cufwUrlfServerReqsNumAllowed Counter64,
cufwUrlfServerReqsNumDenied Counter64,
cufwUrlfServerNumTimeouts Counter64,
cufwUrlfServerNumRetries Counter64,
cufwUrlfServerRespsNumReceived Counter64,
cufwUrlfServerRespsNumLate Counter64,
cufwUrlfServerAvgRespTime1 Gauge32,
cufwUrlfServerAvgRespTime5 Gauge32}cufwUrlfServerAddrType OBJECT-TYPESYNTAXInetAddressTypeMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The type of the IP address of the URL filtering
server.
"::={ cufwUrlfServerEntry 1}cufwUrlfServerAddress OBJECT-TYPESYNTAXInetAddressMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The value of the IP address of the URL filtering
server.
"::={ cufwUrlfServerEntry 2}cufwUrlfServerPort OBJECT-TYPESYNTAXInetPortNumberMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The value of the port at which the URL filtering
server listens for incoming requests.
"::={ cufwUrlfServerEntry 3}cufwUrlfServerVendor OBJECT-TYPESYNTAX CFWUrlfVendorId
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The vendor type of the URL filtering server.
"::={ cufwUrlfServerEntry 4}cufwUrlfServerStatus OBJECT-TYPESYNTAX CFWUrlServerStatus
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The status of the URL filtering server
corresponding to this conceptual row.
"::={ cufwUrlfServerEntry 5}cufwUrlfServerReqsNumProcessed OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of URL access requests forwarded by
the managed firewall device to the URL filtering
server corresponding to this conceptual row.
This value is counted from the last reboot of
the managed device.
"::={ cufwUrlfServerEntry 6}cufwUrlfServerReqsNumAllowed OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of URL access requests allowed by the
URL filtering server corresponding to this conceptual
row. This counter does not include late responses.
This value is counted from the last reboot of
the managed device.
"::={ cufwUrlfServerEntry 7}cufwUrlfServerReqsNumDenied OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of URL access requests denied by the
URL filtering server corresponding to this conceptual
row. This counter does not include late responses.
This value is counted from the last reboot of
the managed device.
"::={ cufwUrlfServerEntry 8}cufwUrlfServerNumTimeouts OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the firewall failed to receive
a response from the URL filtering server corresponding
to this conceptual row, for a request to authorize a
URL access request.
This is equal to the number of times a firewall removed
a URL access request from the queue of pending requests
because no response was received from the URL filtering
server.
This value is accumulated from the last reboot of the
firewall.
"::={ cufwUrlfServerEntry 9}cufwUrlfServerNumRetries OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of URL access authorization requests
re-sent by the firewall to the URL Filtering Server
corresponding to this conceptual row, because a response
was not received within the configured time interval
from the server.
This value is counted from the last reboot of
the managed device.
"::={ cufwUrlfServerEntry 10}cufwUrlfServerRespsNumReceived OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of URL access responses received by the
firewall from the URL filtering server corresponding
to this conceptual row. This counter does not include
late responses.
This value is counted from the last reboot of
the managed device.
"::={ cufwUrlfServerEntry 11}cufwUrlfServerRespsNumLate OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of URL access responses received by
the managed firewall from the URL filtering server
corresponding to this conceptual row after the
original URL access request was removed from the
queue of pending requests.
This value is counted from the last reboot of
the managed device.
"::={ cufwUrlfServerEntry 12}cufwUrlfServerAvgRespTime1 OBJECT-TYPESYNTAXGauge32UNITS"seconds"
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The average round-trip response time of the
URL filtering server computed over the last
60 seconds.
A value of zero indicates that there was
insufficient data to compute this value over the
last time interval.
"::={ cufwUrlfServerEntry 13}cufwUrlfServerAvgRespTime5 OBJECT-TYPESYNTAXGauge32UNITS"seconds"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The average round-trip response time of the
URL filtering server computed over the last
300 seconds.
A value of zero indicates that there was
insufficient data to compute this value over the
last time interval.
"::={ cufwUrlfServerEntry 14}-- Application Firewall or Deep Packet Inspection GroupcufwAaicGlobals OBJECTIDENTIFIER::={ cuFwAaicGrp 1}cufwAaicGlobalNumBadProtocolOps OBJECT-TYPESYNTAXCounter64UNITS"Protocol Data Units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"'Protocol Operation' is the application protocol
specific operation that the PDU is intended to
perform. An example of 'protocol operation' is the
HELO command of SMTP protocol.
This MIB object records the number of application
protocol data units that contained a protocol operation
which was disallowed by the local security policy.
For this MIB to be implemented, the managed firewall
must be implementing deep packet inspection of
application traffic payloads.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwAaicGlobals 1}cufwAaicGlobalNumBadPDUSize OBJECT-TYPESYNTAXCounter64UNITS"Protocol Data Units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This MIB object records the number of application
protocol data units (PDU) that had either an invalid
header size or an invalid payload size, as determined
by the local security policy.
For this MIB to be implemented, the managed firewall
must be implementing deep packet inspection of
application traffic payloads.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwAaicGlobals 2}cufwAaicGlobalNumBadPortRange OBJECT-TYPESYNTAXCounter64UNITS"Protocol Data Units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"Number of application protocol units that attempted
to advertise illegal port ranges for secondary
connections. An example of such an occurrence
would be a passive FTP connection, where the
server advertises a disallowed port range for data
connection.
For this MIB to be implemented, the managed firewall
must be implementing deep packet inspection of
application traffic payloads.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwAaicGlobals 3}-- Deep packet inspection: Protocol-specific statisticscufwAaicProtocolStats OBJECTIDENTIFIER::={ cuFwAaicGrp 2}cufwAaicHttpProtocolStats OBJECTIDENTIFIER::={ cufwAaicProtocolStats 1}cufwAaicHttpNumBadProtocolOps OBJECT-TYPESYNTAXCounter64UNITS"HTTP Protocol Data Units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of PDUs corresponding to HTTP protocol
which were detected to be containing HTTP protocol
methods which are disallowed by the local security
policy.
For this MIB to be implemented, the managed firewall
must be implementing deep packet inspection of
HTTP traffic payloads.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwAaicHttpProtocolStats 1}cufwAaicHttpNumBadPDUSize OBJECT-TYPESYNTAXCounter64UNITS"HTTP Protocol Data Units"MAX-ACCESSread-only
STATUScurrentDESCRIPTION"The number of PDUs corresponding to HTTP protocol
that had either an invalid header size or an invalid
payload size, as determined by the local security
policy.
For this MIB to be implemented, the managed firewall
must be implementing deep packet inspection of
HTTP traffic payloads.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwAaicHttpProtocolStats 2}cufwAaicHttpNumTunneledConns OBJECT-TYPESYNTAXCounter64UNITS"Connections"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of connections corresponding to HTTP
protocol which were detected to be tunneling other
application traffic streams. An instance of this
would be InstantMessenger traffic running on HTTP.
For this MIB to be implemented, the managed firewall
must be implementing deep packet inspection of
HTTP traffic payloads.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwAaicHttpProtocolStats 3}cufwAaicHttpNumLargeURIs OBJECT-TYPESYNTAXCounter64UNITS"HTTP Protocol Data Units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of PDUs corresponding to HTTP protocol
which were detected to be containing a URI of
size not permitted by the local security policy.
For this MIB to be implemented, the managed firewall
must be implementing deep packet inspection of
HTTP traffic payloads.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwAaicHttpProtocolStats 4}cufwAaicHttpNumBadContent OBJECT-TYPESYNTAXCounter64UNITS"HTTP Protocol Data Units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of PDUs corresponding to HTTP protocol
which were detected to be containing content whose
type disallowed by the local security policy.
For this MIB to be implemented, the managed firewall
must be implementing deep packet inspection of
HTTP traffic payloads.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwAaicHttpProtocolStats 5}cufwAaicHttpNumMismatchContent OBJECT-TYPESYNTAXCounter64UNITS"HTTP Protocol Data Units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of PDUs corresponding to HTTP protocol
which were detected to be containing content whose
type was different from the content type specified
in the header of the PDU.
For this MIB to be implemented, the managed firewall
must be implementing deep packet inspection of
HTTP traffic payloads.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwAaicHttpProtocolStats 6}cufwAaicHttpNumDoubleEncodedPkts OBJECT-TYPESYNTAXCounter64UNITS"HTTP Protocol Data Units"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of PDUs corresponding to HTTP protocol
which were detected to be containing double encoding.
Double encoding is a mechanism to obfuscate content
in which a encoded data is re-encoded so as to evade
deep packet inspections.
For this MIB to be implemented, the managed firewall
must be implementing deep packet inspection of
HTTP traffic payloads.
This value is accumulated from the last reboot of
the firewall.
"::={ cufwAaicHttpProtocolStats 7}-- Transparent or Layer 2 or Stealth Firewall groupcufwL2FwGlobals OBJECTIDENTIFIER::={ cuFwL2FwGrp 1}cufwL2GlobalEnableStealthMode OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value indicates if the firewall is operating
in transparent (layer 2) mode or not.
When operating in transparent mode, the firewall
operates as a bridge while performing firewalling
functions.
"::={ cufwL2FwGlobals 1}
cufwL2GlobalArpCacheSize OBJECT-TYPESYNTAXInteger32(1..2147483647)UNITS"ARP entries"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The value indicates the configured maximum size of
the ARP cache used for management traffic.
"::={ cufwL2FwGlobals 2}cufwL2GlobalEnableArpInspection OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The value indicates if ARP inspection, which is a
security feature, is enabled globally on the
managed firewall.
"::={ cufwL2FwGlobals 3}-- Transparent Firewall performance statisticscufwL2GlobalNumArpRequests OBJECT-TYPESYNTAXCounter64UNITS"ARP Requests"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of ARP requests issued by the transparent
firewall to resolve a destination IP address.
This counter is accumulated since the last reboot of
the firewall.
"::={ cufwL2FwGlobals 5}cufwL2GlobalNumIcmpRequests OBJECT-TYPE
SYNTAXCounter64UNITS"ICMP Traceroute Requests"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of ICMP traceroute requests issued by the
transparent firewall to resolve a destination IP
address.
This counter is accumulated since the last reboot of
the firewall.
"::={ cufwL2FwGlobals 6}cufwL2GlobalNumFloods OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the firewall floods a frame to be
forwarded to the egress interfaces because the
destination MAC address is missing in the bridge table.
This counter is accumulated since the last reboot of
the firewall.
"::={ cufwL2FwGlobals 7}cufwL2GlobalNumDrops OBJECT-TYPESYNTAXCounter64MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times the firewall dropped an incoming
frame because the destination MAC address is missing
in the bridge table.
This counter is accumulated since the last reboot of
the firewall.
"::={ cufwL2FwGlobals 8}cufwL2GlobalArpOverflowRate5 OBJECT-TYPESYNTAXGauge32
MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of times an existing entry from the ARP
cache had to be ejected in order to insert a new entry
in the last 300 seconds.
This counter is accumulated since the last reboot of
the firewall.
"::={ cufwL2FwGlobals 9}-- Transparent Firewall security incident statisticscufwL2GlobalNumBadArpResponses OBJECT-TYPESYNTAXCounter64UNITS"ARP Responses"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of malformed ARP responses received by the
firewall in trying to resolve the MAC address of the
destination IP address in an incoming frame.
This counter is accumulated since the last reboot of
the firewall.
"::={ cufwL2FwGlobals 10}cufwL2GlobalNumSpoofedArpResps OBJECT-TYPESYNTAXCounter64UNITS"ARP Responses"MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The number of spoofed ARP responses received by the
firewall. Such an event would occur when the firewall
encounters an ARP response mapping an IP address to
a different MAC Address from the one present in the
local ARP cache.
This counter is accumulated since the last reboot of
the firewall.
"::={ cufwL2FwGlobals 11}-- Cisco Firewall MIB Notification ControlcufwCntlUrlfServerStatusChange OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object defines the administrative state of
sending the SNMP notification to signal the election
of a new primary URL filtering server by this
firewall.
Such a change could occur either as a result of
the current primary server becoming unavailable or
as a result of explicit management action in
nominating a filtering server the primary server.
"DEFVAL{ false }::={ cuFwNotifCntlGrp 1}cufwCntlL2StaticMacAddressMoved OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object defines the administrative state of
sending the SNMP notification to signal the move
of a statically configured MAC address to a new
port.
Such a change could occur either as a result of physical
move of the device with the MAC Address to the new port
or due to MAC address spoofing.
"DEFVAL{ true }::={ cuFwNotifCntlGrp 2}-- Cisco Firewall MIB NotificationsciscoUFwUrlfServerStateChange NOTIFICATION-TYPE
OBJECTS{
cufwUrlfServerStatus
}STATUScurrentDESCRIPTION"This notification is generated when the firewall
elects a new primary URL filtering server from
the existing set of configured servers.
Such a change could occur either as a result of
the current primary server becoming unavailable or
as a result of explicit management action in
nominating a filtering server the primary server.
The notification is issued just before the change
occurs. Consequently, the varbinds identify the
attributes corresponding to the old primary server.
This notification is issued if and only if the
object 'cufwCntlUrlfServerStatusChange' has been
set to 'true'.
"::={ ciscoUnifiedFirewallMIBNotifs 1}ciscoUFwL2StaticMacAddressMoved NOTIFICATION-TYPEOBJECTS{
dot1dTpFdbPort,
dot1dTpFdbStatus
}STATUScurrentDESCRIPTION"This notification is generated when the firewall
detects the move of a static MAC address to a new
port.
Such a change could occur either as a result of
physical move of the device with the MAC Address
to the new port, due to management action of
relocating the MAC address at the new location or
due to MAC address spoofing.
The varbinds identify the new location (port) of
the MAC Address and its status at the new location.
This notification is issued if and only if the
object 'cufwCntlL2StaticMacAddressMoved' has been
set to 'true'.
"::={ ciscoUnifiedFirewallMIBNotifs 2}
-- Conformance InformationciscoUniFirewallMIBCompliances OBJECTIDENTIFIER::={ ciscoUnifiedFirewallMIBConform 1}ciscoUniFirewallMIBGroups OBJECTIDENTIFIER::={ ciscoUnifiedFirewallMIBConform 2}-- Compliance StatementsciscoUniFirewallMIBCompliance MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The compliance statement for SNMP entities
the Cisco Firewall MIB.
"MODULE-- this moduleMANDATORY-GROUPS{
ciscoFwConnectionGroup,
ciscoFwMibReportingControlGroup
}GROUP ciscoFwApplInspectionGroup
DESCRIPTION"This group is mandatory for a firewall
implementation which implements application
inspection of L7 protocols
"GROUP ciscoFwConnResourceUsageGroup
DESCRIPTION"This group is optional.
"GROUP ciscoFwPolicyConnectionGroup
DESCRIPTION"This group is mandatory for a firewall
implementation which implements the
instrumentation of policy based connection
statistics."GROUP ciscoFwUrlFilterGroup
DESCRIPTION"This group is mandatory only if the
firewall implements URL Filtering
functionality.
"GROUP ciscoFwUrlFilterResourceGroup
DESCRIPTION"This group is optional.
"GROUP ciscoFwTransparentFwGroup
DESCRIPTION"This group is mandatory only if the
firewall implements transparent or layer 2
mode of operation.
"GROUP ciscoFwTransparentNotifGroup
DESCRIPTION"This group is mandatory only if the
firewall implements transparent or layer 2
mode of operation.
"GROUP ciscoFwBasicAaicGroup
DESCRIPTION"This group is mandatory only if the
firewall implements the group
'ciscoFwAaicHttpGroup'.
"GROUP ciscoFwAaicHttpGroup
DESCRIPTION"This group is mandatory only for a
firewall implementation which implements
Advanced Application Inspection and
Control (deep packet inspection) of HTTP
traffic.
Further, any implementation that supports
thsi group MUST implement group
ciscoFwBasicAaicGroup.
"::={ ciscoUniFirewallMIBCompliances 1}-- Units of ConformanceciscoFwConnectionGroup OBJECT-GROUPOBJECTS{
cufwConnGlobalNumAttempted,
cufwConnGlobalNumSetupsAborted,
cufwConnGlobalNumPolicyDeclined,
cufwConnGlobalNumResDeclined,
cufwConnGlobalNumHalfOpen,
cufwConnGlobalNumActive,
cufwConnGlobalNumAborted,
cufwConnGlobalNumExpired,
cufwConnGlobalNumEmbryonic,
cufwConnGlobalConnSetupRate1,
cufwConnGlobalConnSetupRate5,
cufwConnGlobalNumRemoteAccess,--
cufwConnNumAttempted,
cufwConnNumSetupsAborted,
cufwConnNumPolicyDeclined,
cufwConnNumResDeclined,
cufwConnNumHalfOpen,
cufwConnNumActive,
cufwConnNumAborted,
cufwConnSetupRate1,
cufwConnSetupRate5,--
cufwAppConnNumAttempted,
cufwAppConnNumSetupsAborted,
cufwAppConnNumPolicyDeclined,
cufwAppConnNumResDeclined,
cufwAppConnNumHalfOpen,
cufwAppConnNumActive,
cufwAppConnNumAborted,
cufwAppConnSetupRate1,
cufwAppConnSetupRate5
}STATUScurrentDESCRIPTION"This group contains the MIB objects required to
instrument the firewall stateful connection activity.
"::={ ciscoUniFirewallMIBGroups 1}ciscoFwConnResourceUsageGroup OBJECT-GROUPOBJECTS{
cufwConnResMemoryUsage,
cufwConnResActiveConnMemoryUsage,
cufwConnResHOConnMemoryUsage,
cufwConnResEmbrConnMemoryUsage
}STATUScurrentDESCRIPTION"This group contains the MIB objects required to
instrument the resource usage of the stateful packet
filtering feature of the managed firewall.
"::={ ciscoUniFirewallMIBGroups 2}ciscoFwPolicyConnectionGroup OBJECT-GROUPOBJECTS{
cufwPolConnNumAttempted,
cufwPolConnNumSetupsAborted,
cufwPolConnNumPolicyDeclined,
cufwPolConnNumResDeclined,
cufwPolConnNumHalfOpen,
cufwPolConnNumActive,
cufwPolConnNumAborted,--
cufwPolAppConnNumAttempted,
cufwPolAppConnNumSetupsAborted,
cufwPolAppConnNumPolicyDeclined,
cufwPolAppConnNumResDeclined,
cufwPolAppConnNumHalfOpen,
cufwPolAppConnNumActive,
cufwPolAppConnNumAborted
}STATUScurrentDESCRIPTION"This group contains the MIB objects required to
instrument policy based summary of firewall connection
activity.
"::={ ciscoUniFirewallMIBGroups 3}ciscoFwApplInspectionGroup OBJECT-GROUPOBJECTS{
cufwAIAuditTrailEnabled,
cufwAIAlertEnabled,---- Application Inspection configuration table--
cufwInspectionStatus
}STATUScurrentDESCRIPTION"This group contains the MIB objects required to
instrument the firewall Application Inspection
function.
"::={ ciscoUniFirewallMIBGroups 4}ciscoFwUrlFilterGroup OBJECT-GROUPOBJECTS{
cufwUrlfFunctionEnabled,
cufwUrlfRequestsNumProcessed,
cufwUrlfRequestsProcRate1,
cufwUrlfRequestsProcRate5,
cufwUrlfRequestsNumAllowed,
cufwUrlfRequestsNumDenied,
cufwUrlfRequestsDeniedRate1,
cufwUrlfRequestsDeniedRate5,
cufwUrlfRequestsNumCacheAllowed,
cufwUrlfRequestsNumCacheDenied,
cufwUrlfAllowModeReqNumAllowed,
cufwUrlfAllowModeReqNumDenied,
cufwUrlfRequestsNumResDropped,
cufwUrlfRequestsResDropRate1,
cufwUrlfRequestsResDropRate5,
cufwUrlfNumServerTimeouts,
cufwUrlfNumServerRetries,
cufwUrlfResponsesNumLate,
cufwUrlfUrlAccRespsNumResDropped,---- URL Filter server table--
cufwUrlfServerVendor,
cufwUrlfServerStatus,
cufwUrlfServerReqsNumProcessed,
cufwUrlfServerReqsNumAllowed,
cufwUrlfServerReqsNumDenied,
cufwUrlfServerNumTimeouts,
cufwUrlfServerNumRetries,
cufwUrlfServerRespsNumReceived,
cufwUrlfServerRespsNumLate,
cufwUrlfServerAvgRespTime1,
cufwUrlfServerAvgRespTime5,---- Trap control--
cufwCntlUrlfServerStatusChange
}STATUScurrentDESCRIPTION"This group contains the MIB objects required to
instrument the firewall URL filtering function.
"::={ ciscoUniFirewallMIBGroups 5}ciscoFwUrlFilterResourceGroup OBJECT-GROUPOBJECTS{---- URL filter resource usage group--
cufwUrlfResTotalRequestCacheSize,
cufwUrlfResTotalRespCacheSize
}STATUScurrentDESCRIPTION"This group contains the MIB objects required to
instrument the resource usage of the URL filtering
feature of the managed firewall.
"::={ ciscoUniFirewallMIBGroups 6}ciscoFwTransparentFwGroup OBJECT-GROUPOBJECTS{
cufwL2GlobalEnableStealthMode,
cufwL2GlobalArpCacheSize,
cufwL2GlobalEnableArpInspection,
cufwL2GlobalNumArpRequests,
cufwL2GlobalNumIcmpRequests,
cufwL2GlobalNumFloods,
cufwL2GlobalNumDrops,
cufwL2GlobalArpOverflowRate5,
cufwL2GlobalNumBadArpResponses,
cufwL2GlobalNumSpoofedArpResps,---- Trap control--
cufwCntlL2StaticMacAddressMoved
}STATUScurrentDESCRIPTION"This group contains the MIB objects required to
instrument the transparent mode (or layer 2) operation
of a firewall.
"::={ ciscoUniFirewallMIBGroups 7}ciscoFwNotificationsGroup NOTIFICATION-GROUPNOTIFICATIONS{
ciscoUFwUrlfServerStateChange
}STATUScurrentDESCRIPTION"This group contains notifications defined
in the Cisco Firewall MIB pertaining to
basic firewall operations.
Presently, the list include a notification
pertaining to URL filtering alone.
"::={ ciscoUniFirewallMIBGroups 8}ciscoFwTransparentNotifGroup NOTIFICATION-GROUPNOTIFICATIONS{
ciscoUFwL2StaticMacAddressMoved
}STATUScurrentDESCRIPTION"This group contains the notifications that signal
security critical events pertaining to the
transparent mode operation of the firewall.
"
::={ ciscoUniFirewallMIBGroups 9}ciscoFwBasicAaicGroup OBJECT-GROUPOBJECTS{
cufwAaicGlobalNumBadProtocolOps,
cufwAaicGlobalNumBadPDUSize,
cufwAaicGlobalNumBadPortRange
}STATUScurrentDESCRIPTION"This group contains the MIB objects required to
instrument the basic elements of Advanced Application
Inspection and Control (AAIC).
"::={ ciscoUniFirewallMIBGroups 10}ciscoFwAaicHttpGroup OBJECT-GROUPOBJECTS{
cufwAaicHttpNumBadProtocolOps,
cufwAaicHttpNumBadPDUSize,
cufwAaicHttpNumTunneledConns,
cufwAaicHttpNumLargeURIs,
cufwAaicHttpNumBadContent,
cufwAaicHttpNumMismatchContent,
cufwAaicHttpNumDoubleEncodedPkts
}STATUScurrentDESCRIPTION"This group defines statistics pertaining to deep
packet inspection of HTTP payloads.
A firewall that implements this group must implement
the group 'ciscoFwBasicAaicGroup'.
"::={ ciscoUniFirewallMIBGroups 11}ciscoFwMibReportingControlGroup OBJECT-GROUPOBJECTS{
cufwConnReptAppStats,
cufwConnReptAppStatsLastChanged
}STATUScurrent
DESCRIPTION"This group contains the MIB objects that allow
the administrator to control the granularity of
objects reported by the agent.
"::={ ciscoUniFirewallMIBGroups 12}END