-- These MIBs were created on 05/14/2001
-- This module defines enterprise MIBs for Policy Monitoring
--
-- Copyright (c) 1999-2004, Juniper Networks, Inc.
-- All rights reserved.
---- MODULE-IDENTITY
-- OrgName
-- Juniper Networks, Inc.
-- ContactInfo
-- Customer Support
--
-- 1194 North Mathilda Avenue
-- Sunnyvale, California 94089-1206
-- USA
--
-- Tel: 1-800-638-8296
-- E-mail: customerservice@juniper.net
-- HTTP://www.juniper.net"
--
-- Last modified date: 05/03/2004
-- Modified copyright and contact info
--
-- Last modified date: 08/13/2003NETSCREEN-POLICY-MIB DEFINITIONS::=BEGIN
IMPORTSDisplayStringFROM RFC1213-MIB
netscreenPolicy FROM NETSCREEN-SMI;
nsPlyTable OBJECT-TYPESYNTAXSEQUENCEOF NsPlyEntry
ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"A firewall provides a network boundary with a single point of entry and
exit-a choke point.You can screen and direct all that traffic through the
implementation of a set of access policies. Access policies allow you to
permit, deny, encrypt, authenticate, prioritize, schedule, and monitor the
traffic attemption to cross your firewall. This table collects all the policy
configuration information existing in NetScreen Device."::={ netscreenPolicy 1}nsPlyEntry OBJECT-TYPESYNTAX NsPlyEntry
ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"Each entry in the nsPlyTable holds a set of configuration parameters associatied
with an instance of policy."INDEX{ nsPlyId, nsPlyVsys }::={ nsPlyTable 1}
NsPlyEntry ::=SEQUENCE{
nsPlyId
INTEGER,
nsPlyVsys
INTEGER,
nsPlySrcZone
DisplayString,
nsPlyDstZone
DisplayString,
nsPlySrcAddr
DisplayString,
nsPlyDstAddr
DisplayString,
nsPlyService
INTEGER,
nsPlyAction
INTEGER,
nsPlyNat
INTEGER,
nsPlyFixPort
INTEGER,
nsPlyDipId
INTEGER,
nsPlyVpnTunnel
DisplayString,
nsPlyL2tpTunnel
DisplayString,
nsPlyAuth
INTEGER,
nsPlyLogEnable
INTEGER,
nsPlyCountEnable
INTEGER,
nsPlyAlarmBPS
INTEGER,
nsPlyAlarmBPM
INTEGER,
nsPlySchedule
DisplayString,
nsPlyTrafficShapeEnable
INTEGER,
nsPlyTrafficPriority
INTEGER,
nsPlyDSEnable
INTEGER,
nsPlyActiveStatus
INTEGER,
nsPlyName
DisplayString,
nsPlyServiceName
DisplayString}nsPlyId OBJECT-TYPESYNTAXINTEGER
ACCESSread-onlySTATUSmandatoryDESCRIPTION"Each policy is identified by a unique policy ID."::={ nsPlyEntry 1}nsPlyVsys OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"Vitural system's name this polic entry belongs to."::={ nsPlyEntry 2}nsPlySrcZone OBJECT-TYPESYNTAXDisplayString(SIZE(0..32))ACCESSread-onlySTATUSmandatoryDESCRIPTION"Traffic through a firewall means that traffic flows from one
security zone to another. This object describes the source zone
name traffic flow passes."::={ nsPlyEntry 3}nsPlyDstZone OBJECT-TYPESYNTAXDisplayString(SIZE(0..32))ACCESSread-onlySTATUSmandatoryDESCRIPTION"Traffic through a firewall means that traffic flows from one
security zone to another. This object describes the destination
zone name traffic flow passes."::={ nsPlyEntry 4}
nsPlySrcAddr OBJECT-TYPESYNTAXDisplayString(SIZE(0..32))ACCESSread-onlySTATUSmandatoryDESCRIPTION"Addresses are objects that identify network devices such as hosts
and networks by their location in relation to the firwall on which
security zone.To create an access policy for specific addresses, you
must first create entries for the relevant hosts and networks in the
address book.Source IP address indicates the address in source zone,
0.0.0.0 means any address."::={ nsPlyEntry 5}nsPlyDstAddr OBJECT-TYPESYNTAXDisplayString(SIZE(0..32))ACCESSread-onlySTATUSmandatoryDESCRIPTION"Addresses are objects that identify network devices such as hosts
and networks by their location in relation to the firwall-on which
security zone.To create an access policy for specific addresses, you
must first create entries for the relevant hosts and networks in the
address book.Source IP address indicates the address in destination
zone, 0.0.0.0 means any address."::={ nsPlyEntry 6}nsPlyService OBJECT-TYPESYNTAXINTEGER{any(0),aol(1),bgp(2),dpcp-relay(3),dns(4),finger(5),ftp(6),ftp-get(7),ftp-put(8),gopher(9),h323(10),http(11),https(12),icmp-info(13),icmp-timestamp(14),ike(15),imap(16),internet-locator-service(17),irc(18),l2tp(19),ldap(20),mail(21),netmeeting(22),nfs(23),nntp(24),ns-global(25),ns-global-pro(26),ntp(27),ospf(28),pc-anywhere(29),ping(30),pop3(31),pptp(32),real-media(33),rip(34),rlogin(35),snmp(36),ssh(37),syslog(38),talk(39),tcp-any(40),telnet(41),tftp(42),traceroute(43),udp-any(44),uucp(45),vdo-live(46),wais(47),winframe(48),x-windows(49),other(50)}ACCESSread-onlySTATUSmandatory
DESCRIPTION"Sevices are objects that identify application protocols using layer 4 information
such as standard and accepted TCP and UDP port numbers for application services like
Telnet, FTP, SMTP and HTTP. This object indicates all the traffic service type this
policy allows. 'Any' means all this policy allows all service go through. For
configured services other(50) is returned. See nsPlyServiceName for the name. "::={ nsPlyEntry 7}nsPlyAction OBJECT-TYPESYNTAXINTEGER{deny(0),permit(1),tunnel(2)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"Actions objects that describe what the firewall does to the traffic it receives.
Permit allows the packet to pass the firewall.
Deny blocks the packet from traversing the firewall.
Tunnel encapsulates outgoing IP packets and decapsulates incoming IP packets."::={ nsPlyEntry 8}nsPlyNat OBJECT-TYPESYNTAXINTEGER{disable(0),enabled(1)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"You can apply NAT at the interface level or at the policy level. With policy-based
NAT, you can translate the source address on either incoming or outging network and
VPN traffic. This object indicates if this is a policy-based NAT."::={ nsPlyEntry 9}nsPlyFixPort OBJECT-TYPESYNTAXINTEGER{no(0),yes(1)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"When in policy-based NAT, the new secure address can come from either a Dynamic IP
or from a Mapped IP. This object indicates if poliy-based NAT uses fix port when working
on NAT mode."::={ nsPlyEntry 10}nsPlyDipId OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"This object indicates the Dynamic ID chosen for NAT policy."::={ nsPlyEntry 11}nsPlyVpnTunnel OBJECT-TYPESYNTAXDisplayString(SIZE(0..32))ACCESSread-onlySTATUSmandatoryDESCRIPTION"VPN tunnel this access policy applies to."::={ nsPlyEntry 12}
nsPlyL2tpTunnel OBJECT-TYPESYNTAXDisplayString(SIZE(0..32))ACCESSread-onlySTATUSmandatoryDESCRIPTION"L2TP tunnel this access policy applies to."::={ nsPlyEntry 13}nsPlyAuth OBJECT-TYPESYNTAXINTEGER{disable(0),enabled(1)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"This objec indicates the selecting this option requires the user
at the source address to authenticate his/her identiry by supplying
a user name and password before traffic is allowed to graverw the
firewall or enter the VPN tunnel."::={ nsPlyEntry 14}nsPlyLogEnable OBJECT-TYPESYNTAXINTEGER{disable(0),enabled(1)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"When you enable logging in an access policy, the NetScreen device logs
all connections to which that paticular access policy applies."::={ nsPlyEntry 15}
nsPlyCountEnable OBJECT-TYPESYNTAXINTEGER{disable(0),enabled(1)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"When you enable counting in an access plicy, the NetScreen device counts
the total number of bytes of traffic to which this access policy applies
and records the informaiton in historical graphs."::={ nsPlyEntry 16}nsPlyAlarmBPS OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"User can set a threshold that triggers an alarm when the traffic permitted
by the access policy exceeds a specified number of bytes per second."::={ nsPlyEntry 17}nsPlyAlarmBPM OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"User can set a threshold that triggers an alarm when the traffic permitted
by the access policy exceeds a specified number of bytes per Minute."::={ nsPlyEntry 18}nsPlySchedule OBJECT-TYPESYNTAXDisplayString(SIZE(0..32))ACCESSread-only
STATUSmandatoryDESCRIPTION"By associating a schedule to an access policy, you can determine when the
access policy is in effect."::={ nsPlyEntry 19}nsPlyTrafficShapeEnable OBJECT-TYPESYNTAXINTEGER{off(0),on(1)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"User can set parameters for the control and shaping of traffic for each
access policy."::={ nsPlyEntry 20}nsPlyTrafficPriority OBJECT-TYPESYNTAXINTEGER{high(0),priority2nd(1),priority3rd(2),priority4th(3),priority5th(4),priority6th(5),priority7th(6),priorityLow(7)}ACCESSread-onlySTATUSmandatory
DESCRIPTION"Traffic priority for this policy."::={ nsPlyEntry 21}nsPlyDSEnable OBJECT-TYPESYNTAXINTEGER{disable(0),enabled(1)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"Differentiated Services is a system for tagging traffic
at a position within a hierarchy of priority."::={ nsPlyEntry 22}nsPlyActiveStatus OBJECT-TYPESYNTAXINTEGER{inactive(0),inuse(1),hidden(2)}ACCESSread-onlySTATUSmandatoryDESCRIPTION"Show the status of one policy entry."::={ nsPlyEntry 23}nsPlyName OBJECT-TYPESYNTAXDisplayString(SIZE(0..32))ACCESSread-onlySTATUSmandatoryDESCRIPTION"policy name (optional)"::={ nsPlyEntry 24}nsPlyServiceName OBJECT-TYPESYNTAXDisplayStringACCESSread-onlySTATUSmandatoryDESCRIPTION"Sevices name that identify application protocols using layer 4 information
such as standard and accepted TCP and UDP port numbers for application services like
Telnet, FTP, SMTP and HTTP. This object indicates all the traffic service type this
policy allows. 'Any' means all this policy allows all service go through. "::={ nsPlyEntry 25}nsPlyMonTable OBJECT-TYPESYNTAXSEQUENCEOF NsPlyMonEntry
ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"traffic information for the policy-based traffic."::={ netscreenPolicy 2}nsPlyMonEntry OBJECT-TYPESYNTAX NsPlyMonEntry
ACCESSnot-accessibleSTATUSmandatoryDESCRIPTION"An entry holds a set of traffic counters of a specific policy."INDEX{ nsPlyMonId, nsPlyMonVsys }::={ nsPlyMonTable 1}
NsPlyMonEntry ::=SEQUENCE{
nsPlyMonId
INTEGER,
nsPlyMonVsys
INTEGER,
nsPlyMonPackPerSec
INTEGER,
nsPlyMonPackPerMin
INTEGER,
nsPlyMonTotalPacket
Counter,
nsPlyMonBytePerSec
INTEGER,
nsPlyMonBytePerMin
INTEGER,
nsPlyMonTotalByte
Counter,
nsPlyMonSessionPerSec
INTEGER,
nsPlyMonSessionPerMin
INTEGER,
nsPlyMonTotalSession
Counter}nsPlyMonId OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"Policy Id, also used as index in this table"::={ nsPlyMonEntry 1}nsPlyMonVsys OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"vsys this policy belongs to"::={ nsPlyMonEntry 2}nsPlyMonPackPerSec OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"Packets go through this policy per second"::={ nsPlyMonEntry 3}nsPlyMonPackPerMin OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION
"Packets go through this policy per minute"::={ nsPlyMonEntry 4}nsPlyMonTotalPacket OBJECT-TYPESYNTAXCounterACCESSread-onlySTATUSmandatoryDESCRIPTION"total packets go through this policy"::={ nsPlyMonEntry 5}nsPlyMonBytePerSec OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"Bytes go through this policy per second"::={ nsPlyMonEntry 6}nsPlyMonBytePerMin OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"Bytes go through this policy per minute"::={ nsPlyMonEntry 7}nsPlyMonTotalByte OBJECT-TYPESYNTAXCounterACCESSread-onlySTATUSmandatoryDESCRIPTION"Total bytes go through this policy"::={ nsPlyMonEntry 8}nsPlyMonSessionPerSec OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"Sessions go through this policy per second"::={ nsPlyMonEntry 9}
nsPlyMonSessionPerMin OBJECT-TYPESYNTAXINTEGERACCESSread-onlySTATUSmandatoryDESCRIPTION"Sessions go through this policy per minute"::={ nsPlyMonEntry 10}nsPlyMonTotalSession OBJECT-TYPESYNTAXCounterACCESSread-onlySTATUSmandatoryDESCRIPTION"Total Sessions go through this policy"::={ nsPlyMonEntry 11}END