mibs/MIBS/packetlight/SL-SECU-MIB

305 lines
7.9 KiB
Plaintext
Raw Normal View History

2023-12-05 12:25:34 +01:00
SL-SECU-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE,
Integer32, transmission, IpAddress
FROM SNMPv2-SMI
InterfaceIndex FROM IF-MIB
DisplayString, TruthValue, RowStatus, DateAndTime
FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF
slMain FROM SL-MAIN-MIB;
-- This is the MIB module for PL security.
slSecuMib MODULE-IDENTITY
LAST-UPDATED "201105170000Z"
ORGANIZATION "PacketLight Networks Ltd."
CONTACT-INFO
"Omri_Viner@PacketLight.com"
DESCRIPTION
"This security module. This mib is used to configure the firewall."
::= { slMain 24 }
SlSecuType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The security protocol types:
Telnet - CLI
SSH - Secured Telnet
HTTP - Hyper Text
HTTPS - Secured HTTP
ICMP - Ping
SNMP - Simple Network Management (only 161 is supported)
FTP - File Transfer
TFTP - Trivial FTP
TL1 - TL1 over Telnet
TL1SSH - TL1 over SSH
WL - White list (port number is 0)
SNMPOVERTCP - SNMP over TCP
SFTP - Client side"
SYNTAX INTEGER {
telnet(1),
ssh(2),
http(3),
https(4),
icmp(5),
snmp(6),
ftp(7),
tftp(8),
tl1(9),
tl1ssh(10),
wl(11),
snmpovertcp(12),
sftp(13)
}
slSecuGen OBJECT IDENTIFIER ::= { slSecuMib 1 }
slSecuSelect OBJECT IDENTIFIER ::= { slSecuMib 2 }
slSecuWl OBJECT IDENTIFIER ::= { slSecuMib 3 }
slSecuEncryption OBJECT IDENTIFIER ::= { slSecuMib 4 }
-- The Security general part
slSecuFirewallEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"General Enable/Disable of the firewall operation."
::= { slSecuGen 1 }
-- The Security Selection Table
slSecuSelectTable OBJECT-TYPE
SYNTAX SEQUENCE OF SlSecuSelectEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The security protocol selection table."
::= { slSecuSelect 1 }
slSecuSelectEntry OBJECT-TYPE
SYNTAX SlSecuSelectEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in the security selection table."
INDEX { slSecuSelectType }
::= { slSecuSelectTable 1 }
SlSecuSelectEntry ::=
SEQUENCE {
slSecuSelectType SlSecuType,
slSecuSelectPort INTEGER,
slSecuSelectEnable TruthValue
}
slSecuSelectType OBJECT-TYPE
SYNTAX SlSecuType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The secutity protocol type"
::= { slSecuSelectEntry 1 }
slSecuSelectPort OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The corresponding port number of the protocol.
Port number 0 is used when not applicable/available."
::= { slSecuSelectEntry 2 }
slSecuSelectEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"True - Enables the firewall for the corresponding protocol.
False - Dsables the firewall for the corresponding protocol.
When enabled the firewall blocks the protocol."
::= { slSecuSelectEntry 3 }
-- IP White List Table
-- The IP white list Table odefine which IP addresses are allowed.
slSecuWlTable OBJECT-TYPE
SYNTAX SEQUENCE OF SlSecuWlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This white list table."
::= { slSecuWl 1 }
slSecuWlEntry OBJECT-TYPE
SYNTAX SlSecuWlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A particular IP address."
INDEX { slSecuWlIp }
::= { slSecuWlTable 1 }
SlSecuWlEntry ::=
SEQUENCE {
slSecuWlIp
IpAddress,
slSecuWlMask
IpAddress,
slSecuWlStatus
RowStatus
}
slSecuWlIp OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address to allow"
::= { slSecuWlEntry 1 }
slSecuWlMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicate the mask to be logical-ANDed with the
destination address before being compared to
the value in the slSecuWlIp field."
::= { slSecuWlEntry 2 }
slSecuWlStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The row status variable, used according to
row installation and removal conventions."
::= { slSecuWlEntry 3 }
-- *******************************************
--
-- The Encryption Table
--
-- *******************************************
slSecuEncryptionTable OBJECT-TYPE
SYNTAX SEQUENCE OF SlSecuEncryptionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The encryption table. This table has an entry per transponder."
::= { slSecuEncryption 1 }
slSecuEncryptionEntry OBJECT-TYPE
SYNTAX SlSecuEncryptionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This entry is used to control the necryption per transponder."
INDEX { slSecuEncryptionIfIndex }
::= { slSecuEncryptionTable 1 }
SlSecuEncryptionEntry ::=
SEQUENCE {
slSecuEncryptionIfIndex InterfaceIndex,
slSecuEncryptionEnable TruthValue,
slSecuEncryptionStatus INTEGER,
slSecuEncryptionForceInit INTEGER,
slSecuEncryptionPreShared DisplayString,
slSecuEncryptionKeyExchangePeriod INTEGER,
slSecuEncryptionLock TruthValue,
slSecuEncryptionProtectedStatus INTEGER
}
slSecuEncryptionIfIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Interface Index of the uplink port."
::= { slSecuEncryptionEntry 1 }
slSecuEncryptionEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable/Disable the encryption on this uplink."
::= { slSecuEncryptionEntry 2 }
slSecuEncryptionStatus OBJECT-TYPE
SYNTAX INTEGER {
init(1), --- init/link-failure state
exchange(2), --- public key exchange state
kdf(3), --- key derivation function state
active(4) --- active state
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The state of the encryption finite state machine."
::= { slSecuEncryptionEntry 3 }
slSecuEncryptionForceInit OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Writing this valiable forces init to the encryption state machine."
::= { slSecuEncryptionEntry 4 }
slSecuEncryptionPreShared OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The pre-shared secret.
Either the pre-shared key, or the shared secret to avoid Mitm when using DH public key exchange."
::= { slSecuEncryptionEntry 5 }
slSecuEncryptionKeyExchangePeriod OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The Key Exchage Period, specified in minutes.
The value 0 means to perform the key exchange only once at link establishment."
::= { slSecuEncryptionEntry 6 }
slSecuEncryptionLock OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Lock/Unlock the encrypted service for this uplink."
::= { slSecuEncryptionEntry 7 }
slSecuEncryptionProtectedStatus OBJECT-TYPE
SYNTAX INTEGER {
init(1), --- init/link-failure state
exchange(2), --- public key exchange state
kdf(3), --- key derivation function state
active(4) --- active state
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The protected port state of the encryption finite state machine."
::= { slSecuEncryptionEntry 8 }
END