SL-SECU-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, transmission, IpAddress FROM SNMPv2-SMI InterfaceIndex FROM IF-MIB DisplayString, TruthValue, RowStatus, DateAndTime FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF slMain FROM SL-MAIN-MIB; -- This is the MIB module for PL security. slSecuMib MODULE-IDENTITY LAST-UPDATED "201105170000Z" ORGANIZATION "PacketLight Networks Ltd." CONTACT-INFO "Omri_Viner@PacketLight.com" DESCRIPTION "This security module. This mib is used to configure the firewall." ::= { slMain 24 } SlSecuType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The security protocol types: Telnet - CLI SSH - Secured Telnet HTTP - Hyper Text HTTPS - Secured HTTP ICMP - Ping SNMP - Simple Network Management (only 161 is supported) FTP - File Transfer TFTP - Trivial FTP TL1 - TL1 over Telnet TL1SSH - TL1 over SSH WL - White list (port number is 0) SNMPOVERTCP - SNMP over TCP SFTP - Client side" SYNTAX INTEGER { telnet(1), ssh(2), http(3), https(4), icmp(5), snmp(6), ftp(7), tftp(8), tl1(9), tl1ssh(10), wl(11), snmpovertcp(12), sftp(13) } slSecuGen OBJECT IDENTIFIER ::= { slSecuMib 1 } slSecuSelect OBJECT IDENTIFIER ::= { slSecuMib 2 } slSecuWl OBJECT IDENTIFIER ::= { slSecuMib 3 } slSecuEncryption OBJECT IDENTIFIER ::= { slSecuMib 4 } -- The Security general part slSecuFirewallEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "General Enable/Disable of the firewall operation." ::= { slSecuGen 1 } -- The Security Selection Table slSecuSelectTable OBJECT-TYPE SYNTAX SEQUENCE OF SlSecuSelectEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The security protocol selection table." ::= { slSecuSelect 1 } slSecuSelectEntry OBJECT-TYPE SYNTAX SlSecuSelectEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the security selection table." INDEX { slSecuSelectType } ::= { slSecuSelectTable 1 } SlSecuSelectEntry ::= SEQUENCE { slSecuSelectType SlSecuType, slSecuSelectPort INTEGER, slSecuSelectEnable TruthValue } slSecuSelectType OBJECT-TYPE SYNTAX SlSecuType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The secutity protocol type" ::= { slSecuSelectEntry 1 } slSecuSelectPort OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The corresponding port number of the protocol. Port number 0 is used when not applicable/available." ::= { slSecuSelectEntry 2 } slSecuSelectEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "True - Enables the firewall for the corresponding protocol. False - Dsables the firewall for the corresponding protocol. When enabled the firewall blocks the protocol." ::= { slSecuSelectEntry 3 } -- IP White List Table -- The IP white list Table odefine which IP addresses are allowed. slSecuWlTable OBJECT-TYPE SYNTAX SEQUENCE OF SlSecuWlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This white list table." ::= { slSecuWl 1 } slSecuWlEntry OBJECT-TYPE SYNTAX SlSecuWlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A particular IP address." INDEX { slSecuWlIp } ::= { slSecuWlTable 1 } SlSecuWlEntry ::= SEQUENCE { slSecuWlIp IpAddress, slSecuWlMask IpAddress, slSecuWlStatus RowStatus } slSecuWlIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address to allow" ::= { slSecuWlEntry 1 } slSecuWlMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Indicate the mask to be logical-ANDed with the destination address before being compared to the value in the slSecuWlIp field." ::= { slSecuWlEntry 2 } slSecuWlStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The row status variable, used according to row installation and removal conventions." ::= { slSecuWlEntry 3 } -- ******************************************* -- -- The Encryption Table -- -- ******************************************* slSecuEncryptionTable OBJECT-TYPE SYNTAX SEQUENCE OF SlSecuEncryptionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The encryption table. This table has an entry per transponder." ::= { slSecuEncryption 1 } slSecuEncryptionEntry OBJECT-TYPE SYNTAX SlSecuEncryptionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This entry is used to control the necryption per transponder." INDEX { slSecuEncryptionIfIndex } ::= { slSecuEncryptionTable 1 } SlSecuEncryptionEntry ::= SEQUENCE { slSecuEncryptionIfIndex InterfaceIndex, slSecuEncryptionEnable TruthValue, slSecuEncryptionStatus INTEGER, slSecuEncryptionForceInit INTEGER, slSecuEncryptionPreShared DisplayString, slSecuEncryptionKeyExchangePeriod INTEGER, slSecuEncryptionLock TruthValue, slSecuEncryptionProtectedStatus INTEGER } slSecuEncryptionIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The Interface Index of the uplink port." ::= { slSecuEncryptionEntry 1 } slSecuEncryptionEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Enable/Disable the encryption on this uplink." ::= { slSecuEncryptionEntry 2 } slSecuEncryptionStatus OBJECT-TYPE SYNTAX INTEGER { init(1), --- init/link-failure state exchange(2), --- public key exchange state kdf(3), --- key derivation function state active(4) --- active state } MAX-ACCESS read-only STATUS current DESCRIPTION "The state of the encryption finite state machine." ::= { slSecuEncryptionEntry 3 } slSecuEncryptionForceInit OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Writing this valiable forces init to the encryption state machine." ::= { slSecuEncryptionEntry 4 } slSecuEncryptionPreShared OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "The pre-shared secret. Either the pre-shared key, or the shared secret to avoid Mitm when using DH public key exchange." ::= { slSecuEncryptionEntry 5 } slSecuEncryptionKeyExchangePeriod OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The Key Exchage Period, specified in minutes. The value 0 means to perform the key exchange only once at link establishment." ::= { slSecuEncryptionEntry 6 } slSecuEncryptionLock OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Lock/Unlock the encrypted service for this uplink." ::= { slSecuEncryptionEntry 7 } slSecuEncryptionProtectedStatus OBJECT-TYPE SYNTAX INTEGER { init(1), --- init/link-failure state exchange(2), --- public key exchange state kdf(3), --- key derivation function state active(4) --- active state } MAX-ACCESS read-only STATUS current DESCRIPTION "The protected port state of the encryption finite state machine." ::= { slSecuEncryptionEntry 8 } END