-- ***************************************************************** -- MUSARUBRA CONFIDENTIAL -- TRELLIX-SENSOR-CONF-MIB: -- Trellix (Sensor Configuration MIB) -- -- Copyright (c) 2022 MUSARUBRA US, LLC -- All rights reserved. -- -- ***************************************************************** TRELLIX-SENSOR-CONF-MIB DEFINITIONS ::= BEGIN IMPORTS OBJECT-TYPE, MODULE-IDENTITY, Integer32, IpAddress, TimeTicks, Unsigned32 FROM SNMPv2-SMI TimeInterval, TruthValue, RowStatus, MacAddress, DateAndTime, DisplayString FROM SNMPv2-TC Ipv6Address FROM IPV6-TC ivSensorConfiguration, respPortIndex, intfPortIndex, slotIndex, intfPhysicalPortIndex, ntpServerIndex, sslProbeIpv4Index, sslProbeIpv6Index, processorNumIndex, intfVirtualPortIndex, intfVirtualSlotIndex FROM TRELLIX-SENSOR-SMI TrellixFEType, TrellixIDSOperatingMode, TrellixIDSPortType, TrellixIDSResponseMode, TrellixIDSActionResult, TrellixIDSActionStatus, TrellixIDSAction, TrellixIDSCardType, TrellixTFTPFileType, TrellixTFTPFailedResult, TrellixTFTPInProgressResult, TrellixTFTPStatus, TrellixTFTPAction, TrellixGEType,TrellixCUGEType, TrellixPortSpeed, TrellixPluggableModuleType, TrellixPortLinearIndex FROM TRELLIX-INTRUVERT-TC; ivSensorConfigurationMIB MODULE-IDENTITY LAST-UPDATED "200707090000Z" ORGANIZATION "MUSARUBRA US LLC" CONTACT-INFO "Trellix Customer Service Department Postal: 6220 American Center Drive San Jose CA 95002-2563 Tel: +1 800 338 8754 E-mail: support@mcafee.com" DESCRIPTION "The Configuration MIB for the Trellix IntruShield product. They are furthur broken down into the following groups: systemGrp - configuration of the IntruShield node identification. emsGrp - configuration of possible EMSs identification chassisGrp - configuration of the chassis slots managementCardGrp - configuration of the management card(s) tftpGrp - configuration of TFTP based services sensorCardGp - configuration of the sensor anlysis card(s) interfacePortGrp - configuration of interface port(s) responsePortGrp - configuration of response port(s) pktLogGrp - configuration of the Packet Logging Application sslGrp - SSL configuration " REVISION "200706140000Z" DESCRIPTION "Initial version of this MIB module." ::= { ivSensorConfiguration 1 } --This group contains objects that identify the IntruShield network element. systemGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 1 } ivSysName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "An administratively assigned name for this IntruShied node. By convention, this is the node's fully-qualified domain name." ::= { systemGrp 1 } ivSysLocation OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "The physical location of this node (e.g., `Building 6, IS room 443, 3rd floor')." ::= { systemGrp 2 } ivSysContact OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "The textual identification of the contact person for this IntruShield node, together with information on how to contact this person." ::= { systemGrp 3 } ivSysModel OBJECT-TYPE SYNTAX DisplayString (SIZE(0..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "This object is where the manufacturer specifies the model identification (number or type) of the network element." ::= { systemGrp 4 } -- Support for ivSysSerialNumber is deprecated in V-series sensors(VmIPS). ivSysSerialNumber OBJECT-TYPE SYNTAX DisplayString (SIZE(1..80)) MAX-ACCESS read-only STATUS current DESCRIPTION "Manufacturer-provided serial number." ::= { systemGrp 5 } ivSysDescr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual description of the entity. This value should include the full name and version identification of the system's hardware type, software operating system, and networking software. It is current that this only contains printable ASCII characters." ::= { systemGrp 6 } ivSysObjectID OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS read-only STATUS current DESCRIPTION "The vendor's authoritative identification of the network management subsystem contained in the entity. This value is allocated within the SMI enterprises subtree (1.3.6.1.4.1) and provides an easy and unambiguous means for determining `what kind of box' is being managed. For example, if vendor `Flintstones, Inc.' was assigned the subtree 1.3.6.1.4.1.4242, it could assign the identifier 1.3.6.1.4.1.4242.1.1 to its `Fred Router'." ::= { systemGrp 7 } ivSysUpTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The time (in hundredths of a second) since the network management portion of the system was last re-initialized." ::= { systemGrp 8 } ivSysLastCfgTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates time when configuration was changed last." ::= { systemGrp 9 } -- Support for ivSysDiskSpaceLeft is deprecated in V-series sensors(VmIPS). ivSysDiskSpaceLeft OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Returns the numbers of kbytes left on the disk." ::= { systemGrp 10 } ivSysAlertChannelStatus OBJECT-TYPE SYNTAX INTEGER { down (0), up (1), errorInGetTimeFromManager (2), errorGeneratingCertificates (3), errorPersistingCertificates (4), errorConnectingToManager (5), errorInUntrustedConnectionSetup (6), errorInInstall (7), errorPersistingManagerPublicCertificate (8), errorInMutualTrustMatch (9), errorInSnmpKeyExchange (10), errorInInitialProtocolMessageExchange (11), sensorInstallInProgress (12), openingAlertChannelInProgress (13), errorInLinkHenceReopening (14), errorInChannelReopening (15), closingChannelInProgress (16), errorClosingChannel (17), sendAlertWarning (18), keepAliveWarning (19), errorDeletingCerts (20), errorCreatingSnmpUser (21), errorChangingSnmpUserKeys (22) } MAX-ACCESS read-only STATUS current DESCRIPTION "Returns the status of the alert channel connection with EMS." ::= { systemGrp 11 } ivSysPacketLogChannelStatus OBJECT-TYPE SYNTAX INTEGER { down (0), up (1), errorInGetTimeFromManager (2), errorGeneratingCertificates (3), errorPersistingCertificates (4), errorConnectingToManager (5), errorInUntrustedConnectionSetup (6), errorInInstall (7), errorPersistingManagerPublicCertificate (8), errorInMutualTrustMatch (9), errorInSnmpKeyExchange (10), errorInInitialProtocolMessageExchange (11), packetLogInstallInProgress (12), openingPacketLogInProgress (13), errorInLinkHenceReopening (14), errorInChannelReopening (15), closingChannelInProgress (16), errorClosingChannel (17), sendLogWarning (18), keepAliveWarning (19) } MAX-ACCESS read-only STATUS current DESCRIPTION "Returns the status of the packet log channel connection with EMS." ::= { systemGrp 12 } ivSysHealth OBJECT-TYPE SYNTAX INTEGER { bad (0), good (1), uninitialized (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Returns the health of the sensor. uninitialized means that the sensor does not have signatures hence does not detect attacks" ::= { systemGrp 13 } ivSysResetPassword OBJECT-TYPE SYNTAX INTEGER { not-applicable (0), resetPassword (1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to reset the password back to default value. Returns not-applicable(0) upon read." ::= { systemGrp 14 } ivSysDeleteSignatures OBJECT-TYPE SYNTAX INTEGER { not-applicable (0), deleteSignatures (1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to delete the signatures on the sensor if present. This also reboots the sensor after deleting the signatures. Does nothing if signatures are not present. Returns not-applicable(0) upon read." ::= { systemGrp 15 } -- Support for ivSysSlaveSerialNumber is deprecated in V-series sensors(VmIPS). ivSysSlaveSerialNumber OBJECT-TYPE SYNTAX DisplayString (SIZE(1..80)) MAX-ACCESS read-only STATUS current DESCRIPTION "Manufacturer-provided slave serial number. This is the serial number for a cluster-slave in a palomar cluster" ::= { systemGrp 16 } ivSysUIDSeed OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object contains the portion of the seed value to be used for generating UIDs' for alerts and logs. In case there is a mismatch, the ISM would set the right value, which would used by the sensor for new alerts and logs." ::= { systemGrp 17 } ivSysFipsMode OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This Object holds the status of the fips mode.If the sensor is operating in FIPS mode then this Object will have enable value or else disable value." ::= { systemGrp 18 } ivSysNumLbPorts OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "This object is set by the NSM to inform the sensors connected to the Load Balancer(LB) of the number of ports on the LB switch." ::= { systemGrp 19 } ivSysUpTimeNew OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The time (in hundredths of a second) since the network management portion of the system was last re-initialized." ::= { systemGrp 20 } ivSysCapacityMode OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "To push new license from NSM" ::= { systemGrp 21 } ivSysCurrentCapacityMode OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-write STATUS current DESCRIPTION "To get current license mode of sensor" ::= { systemGrp 22 } ivSysDeviceMode OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "To get current device mode" ::= { systemGrp 23 } ivSysConfDeviceMode OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "To get configured device mode" ::= { systemGrp 24 } ivSysRebootStatus OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "If a system reboot is required and Why REBOOT_DEFAULT_STATUS (0) // No Reboot Required REBOOT_UPGRADE_DOWNLOAD (1) REBOOT_SETUP_CHANGE (2) REBOOT_IPV6_CONFIG_CHANGE (3) REBOOT_SSL_MODE_CHANGE (4) REBOOT_JUMBOFRAMEPARSING_CONFIG_CHANGE (5) REBOOT_PREV_256BYTES_LOGGING_CONFIG_CHANGE (6) NMS_USERS_WRITE_ACCESS_CONFIG_CHANGE (7) REBOOT_LAYER7_DCAP_NUM_FLOWS_CHANGE (8) REBOOT_LAYER7_DCAP_BUFF_SIZE_CHANGE (9) REBOOT_LAYER7_DCAP_STATUS_CHANGE (10) REBOOT_SBC_CORE_INCREMENT_CONFIG_CHANGE (11) REBOOT_REQUIRED_MAX_SNMPD_RESTART_EXCEEDED (12) REBOOT_REQUIRED_SBC_TLV_ERROR (13) REBOOT_SNORT_CONFIG_CHANGE (15) REBOOT_CAPACITY_MODE_CHANGE (16) REBOOT_SSL_FLOWALLOC_CHANGE (17) " ::= { systemGrp 25 } ivSysRebootReason OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains reason for the sensor reboot. NULL is stored in the object if reboot is not required" ::= { systemGrp 26 } --This group contains objects that identify the IP configuration information for the --IntruShield network element. -- systemIPCfgGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 2 } ivSysIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains the IP Address of the management card on the IntruShield node, that interfaces with the EMS." ::= { systemIPCfgGrp 1 } ivSysMACAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains the MAC address of the management card on the IntruShield node." ::= { systemIPCfgGrp 2 } ivSysSubnetMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the Subnet mask of the management card on the IntruShield node." ::= { systemIPCfgGrp 3 } ivSysGateway OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the gateway address of the management card on the IntruShield node." ::= { systemIPCfgGrp 4 } ivSysIPv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains the IPv6 Address of the management card on the IntruShield node, that interfaces with the EMS." ::= { systemIPCfgGrp 5 } ivSysIpv6SubnetMask OBJECT-TYPE SYNTAX INTEGER (0..128) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the number of bits that need to set to '1' from left to right, int the Ipv6 address Subnet mask of the management card on the IntruShield node." ::= { systemIPCfgGrp 6 } ivSysIpv6Gateway OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the gateway Ipv6 address of the management card on the IntruShield node." ::= { systemIPCfgGrp 7 } ivSysVmHostIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains the IP Address of the Vm Host on which VIPS will be running. This mib object will be available only on V-series sensors." ::= { systemIPCfgGrp 8 } ivSysVmHostIPv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains the IP Address of the Vm Host on which VIPS will be running. This mib object will be available only on v-series sensors." ::= { systemIPCfgGrp 9 } ivSysVmHostName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains the Vm Host name on which VIPS will be running. This mib object will be available only on V-series sensors." ::= { systemIPCfgGrp 10 } ivSysVmMgmtAdditionalInfo OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string containing additional information about the management interface. This mib object will be available only on v-series sensors." ::= { systemIPCfgGrp 11 } -- -- System Failover Group -- --This group contains objects that identify the failover configuration information for the --IntruShield network element. systemFailoverGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 3 } ivSysFailoverStatus OBJECT-TYPE SYNTAX INTEGER { peer-up (1), peer-down (2), peer-incompatible (3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates if IDS peer is in peer-down or peer-up mode. Default: peer-down (2)." ::= { systemFailoverGrp 1 } ivSysFailoverAction OBJECT-TYPE SYNTAX INTEGER { on (1), off (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to indicate if the sensor is in failover configuration or not. If the sensors are in failover configuration, then both sensors have to be set to on(1). Default: off(2)" ::= { systemFailoverGrp 2 } ivSysFailoverMode OBJECT-TYPE SYNTAX INTEGER { standalone (0), primary (1), secondary (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Added for the I-3000/I-4010 sensors. This object is used to specify to the sensor if it is primary or secondary when failover is enabled. This value ( 1 or 2) must be set on the sensor prior to enabling failover. When failover is disabled, the sensor will automatically update this object to standalone (0). The manager can opt to explicitly set this after disabling failover on the sensor, however it is not necessary. Default: standalone(0), since failover is disabled" ::= { systemFailoverGrp 3 } ivSysFailopenAction OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to indicate if the sensor should fail-open when in failover mode. Default: disable(2)" ::= { systemFailoverGrp 4 } ivSysSTPForwardConfig OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to indicate if the sensor should forward the STP traffic through peer in failover mode. Default: disable(2)" ::= { systemFailoverGrp 5 } -- -- EmsGrp -- -- This group contians the that identifies two EMSs for this sensor -- They are indexed by and identified by their . -- The only field that is writable for each EMS is the emsPriority. All -- the other fields are updated by the sensor itself. -- -- An EMS can look at this emsTable to find out the status of sensors -- connection to EMSs. Any changes at the EMS can be communicated to the sensor -- using the emsChangeAction mib object. -- Under error scenarios like sensor getting out of sync with the EMS because it was -- offline when the change at EMS took place can also be corrected using the same -- emsChangeAction mib object. -- -- emsGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 4 } emsTable OBJECT-TYPE SYNTAX SEQUENCE OF EmsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table comprises of exactly two possible EMS entries each defined by . " ::= { emsGrp 1 } emsEntry OBJECT-TYPE SYNTAX EmsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry specified is indexed by . Additonaly it contains the and " INDEX { emsIndex } ::= { emsTable 1 } EmsEntry ::= SEQUENCE { emsIndex Integer32, emsPriority INTEGER, emsIPAddress IpAddress, emsHAMode INTEGER, emsHAStatus INTEGER, emsAlertChannelStatus INTEGER, emsPacketLogChannelStatus INTEGER, emsIPv6Address Ipv6Address, emsIPAddressType INTEGER, emsAuthChannelStatus INTEGER } emsIndex OBJECT-TYPE SYNTAX Integer32 (1..2) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Fixed index for the two EMS entries. Valid values are [1,2] only." ::= { emsEntry 1 } emsPriority OBJECT-TYPE SYNTAX INTEGER { primary (1), secondary (2), standalone (3), unknown (4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Identifies whether the EMS identifed by the IPAddress is the Primary or Secondary. This value is only informational from sensor point of view and is set by the EMS when we have established connection to it. Note that transition at EMS from Primary to Secondary or vice versa will have no effect on the sensor. The only thing sensor needs to worry about while in MDR mode is the active/standby status. " ::= { emsEntry 2 } emsIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "IP Address of a EMS (in this entry)." ::= { emsEntry 3 } emsHAMode OBJECT-TYPE SYNTAX INTEGER { failover (1), standalone (2), unknown (3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Identifies the MDR mode of the EMS. Initially when the system comes up this would be set to unknown till we contact the EMS and get its MDR status. This field also gets updated when a MDR-to-Standalone or Standalone-to-MDR action is triggered. " ::= { emsEntry 4 } emsHAStatus OBJECT-TYPE SYNTAX INTEGER { unknown(1), active (2), standby (3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies if the EMS is an active or a standby when operating in failover mode" ::= { emsEntry 5 } emsAlertChannelStatus OBJECT-TYPE SYNTAX INTEGER { down (0), up (1), errorInGetTimeFromManager (2), errorGeneratingCertificates (3), errorPersistingCertificates (4), errorConnectingToManager (5), errorInUntrustedConnectionSetup (6), errorInInstall (7), errorPersistingManagerPublicCertificate (8), errorInMutualTrustMatch (9), errorInSnmpKeyExchange (10), errorInInitialProtocolMessageExchange (11), sensorInstallInProgress (12), openingAlertChannelInProgress (13), errorInLinkHenceReopening (14), errorInChannelReopening (15), closingChannelInProgress (16), errorClosingChannel (17), sendAlertWarning (18), keepAliveWarning (19), errorDeletingCerts (20), errorCreatingSnmpUser (21), errorChangingSnmpUserKeys (22) } MAX-ACCESS read-only STATUS current DESCRIPTION "Returns the status of the alert channel connection with EMS identifed by the emsIPAddress of this entry." ::= { emsEntry 6 } emsPacketLogChannelStatus OBJECT-TYPE SYNTAX INTEGER { down (0), up (1), errorInGetTimeFromManager (2), errorGeneratingCertificates (3), errorPersistingCertificates (4), errorConnectingToManager (5), errorInUntrustedConnectionSetup (6), errorInInstall (7), errorPersistingManagerPublicCertificate (8), errorInMutualTrustMatch (9), errorInSnmpKeyExchange (10), errorInInitialProtocolMessageExchange (11), packetLogInstallInProgress (12), openingPacketLogInProgress (13), errorInLinkHenceReopening (14), errorInChannelReopening (15), closingChannelInProgress (16), errorClosingChannel (17), sendLogWarning (18), keepAliveWarning (19) } MAX-ACCESS read-only STATUS current DESCRIPTION "Returns the status of the packet log channel connection with EMS identified by the emsIPAddress of this entry." ::= { emsEntry 7 } emsIPv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-only STATUS current DESCRIPTION "IPv6 Address of a EMS (in this entry)." ::= { emsEntry 8 } emsIPAddressType OBJECT-TYPE SYNTAX INTEGER { ip-v4 (4), ip-v6 (6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Identifies the type of EMS IPAddress. If set to ip-v4, then the emsIPAddress object would be set else if this object is set to ip-v6, then the empIPv6Address object would be set. " ::= { emsEntry 9 } emsAuthChannelStatus OBJECT-TYPE SYNTAX INTEGER { down (0), up (1) } MAX-ACCESS read-only STATUS current DESCRIPTION "Returns the status of the authentication channel connection with EMS identified by the emsIPAddress of this entry." ::= { emsEntry 10 } emsChangeAction OBJECT-TYPE SYNTAX INTEGER { other (0), standalone-to-ha (1), ha-to-standalone (2), switchover (3), add-ism-sec-ip (4) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to indicate to the sensor, changes in the EMS MDR operation mode." ::= { emsGrp 2 } emsParamIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is one of the parameters that need to be set before emsChangeAction is triggered. If the action is Switchover this specifies the IP address of the Manager that the sensor should switch to. If the action is Standalone-to-MDR this specifies the Peer EMS IP address and this will result in using a free entry in the emsTable. If the action is MDR-to-Standalone this specifies the future Standalone EMS IP address which should be one of the two EMSs specified in the emsTable. The acutal swithover or change in MDR opearation mode will be done when indicated by the Manager through the emsChangeAction object. Setting this object would reset the emsParamIpv6Address and emsParamAddIpv6Address objects. " ::= { emsGrp 3 } emsParamPriority OBJECT-TYPE SYNTAX INTEGER { other (0), primary (1), secondary (2), standalone (3) } MAX-ACCESS read-write STATUS current DESCRIPTION " This object specifies the priority of the EMS setting the standalone-to-MDR change action." ::= { emsGrp 4 } emsParamAddIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION " This object specifies the secondary IP address of the EMS while in MDR mode. If the emsChangeAction is standalone-to-MDR, this specifies the secondary IP address of the new peer Manager. If the emsChangeAction is secondary NIC address, this specifies the secondary IP address of the EMS identified by emsParamIpAddress. Setting this object would reset the emsParamIpv6Address and emsParamAddIpv6Address objects." ::= { emsGrp 5 } emsParamIpv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "This object is one of the parameters that need to be set before emsChangeAction is triggered. If the action is Switchover this specifies the IPv6 address of the Manager that the sensor should switch to. If the action is Standalone-to-MDR this specifies the Peer EMS IPv6 address and this will result in using a free entry in the emsTable. If the action is MDR-to-Standalone this specifies the future Standalone EMS IPv6 address which should be one of the two EMSs specified in the emsTable. The acutal swithover or change in MDR opearation mode will be done when indicated by the Manager through the emsChangeAction object. Setting this object would reset the emsParamIpAddress and emsParamAddIpAddress objects. " ::= { emsGrp 6 } emsParamAddIpv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION " This object specifies the secondary IPv6 address of the EMS while in MDR mode. If the emsChangeAction is standalone-to-MDR, this specifies the secondary IPV6 address of the new peer Manager. If the emsChangeAction is secondary NIC address, this specifies the secondary IPv6 address of the EMS identified by emsParamIpAddress. Setting this object would reset the emsParamIpAddress and emsParamAddIpAddress objects." ::= { emsGrp 7 } emsTenantId OBJECT-TYPE SYNTAX OCTET STRING (SIZE(36)) MAX-ACCESS read-write STATUS current DESCRIPTION " This object specifies the TenantId. which identifies unique customer in Trellix eco system" ::= { emsGrp 8 } emsPrimaryNSMGUID OBJECT-TYPE SYNTAX OCTET STRING (SIZE(36)) MAX-ACCESS read-write STATUS current DESCRIPTION " This object specifies the Primary NSM Server GUID. which identifies unique NSM in Trellix eco system" ::= { emsGrp 9 } emsSecondaryNSMGUID OBJECT-TYPE SYNTAX OCTET STRING (SIZE(36)) MAX-ACCESS read-write STATUS current DESCRIPTION " This object specifies the Secondary NSM Server GUID. which identifies unique NSM in Trellix eco system" ::= { emsGrp 10 } --This group contains MIB objects for the configuration of the TFTP service. tftpGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 5 } tftpKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE(128)) MAX-ACCESS read-write STATUS current DESCRIPTION "This specifies the tftp shared secret key between the IntruShield Sensor and EMS. Default: All 128 octets filled with '0'." ::= { tftpGrp 1 } tftpFileSize OBJECT-TYPE SYNTAX Integer32 (0..134217727) MAX-ACCESS read-write STATUS current DESCRIPTION "The size of the file in bytes. Default: 0 " ::= { tftpGrp 2 } tftpFileName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "This specifies the name of the file to TFTP (with the source path)" ::= { tftpGrp 3 } tftpServerAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "TFTP server IP address. Is the EMS address when downloading from EMS to management card. Setting this object would reset the tftpServerIpv6Address objects." ::= { tftpGrp 4 } tftpAction OBJECT-TYPE SYNTAX TrellixTFTPAction MAX-ACCESS read-write STATUS current DESCRIPTION "Invokes TFTP service using other (required) parameters defined in . Valid values are : (0)-other, (1)-downloadimage, (2)-downloadsigfile, (3)-uploaddos, (4)-uploadtrace, (5)-downloaddos, (6)-aborttransfer, (7)-downloadcertfile, (8)-downloadimageandsigfile, (9)-downloadmperootcertfile, (10)-download_sgap_ssl_cert, (11)-upload_sgap_ssl_csr, (12)-upload_ibac_ad_file, (13)-download_ibac_ad_file, (14)-upload_swh_learned_file, (15)-downloadPacketCaptureFilterFile ,(16)-uploadPacketCaptureFilterFile, (17)-downloadGeoLocationDatabase, (18)-uploadPacketCapturePCAPFile, (19)-download_usrid_acl_file, (20)-download-bot-dat-file, (21)-download-ntba-ssl-cert-file,(22)-upload-dev-prof-file, (25)-download_matd_ssl_cert, (28)-download-ffp-bulk-file, (33)-download_zcenter_ssl_cert, (34)-download-gti-private-cloud-cert-file, (35)-upload_suricata_failed_rules, (36)-upload_ca_sensor_csr, (37)-download_ca_sensor_cert, (38)-download_syslog_ssl_cert, (39)-download_ca_cert_store" ::= { tftpGrp 5 } tftpActionStatus OBJECT-TYPE SYNTAX TrellixTFTPStatus MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the current TFTP action" ::= { tftpGrp 6 } tftpActionInProgressResult OBJECT-TYPE SYNTAX TrellixTFTPInProgressResult MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies TFTP service completion percentage. " ::= { tftpGrp 7 } tftpActionFailedResult OBJECT-TYPE SYNTAX TrellixTFTPFailedResult MAX-ACCESS read-only STATUS current DESCRIPTION "See TrellixTFTPFailedResult" ::= { tftpGrp 8 } tftpActionTransactionId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Used to ensure single file transfer at a time. Default: 0." ::= { tftpGrp 9 } tftpServerIpv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "TFTP server IPv6 address. Is the EMS IPv6 address when downloading from EMS to management card. Either one of the Ipv4 or Ipv6 address should be set by the ISM. Setting this object would reset the tftpServerIpAddress objects." ::= { tftpGrp 10 } tftpIVKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE(128)) MAX-ACCESS read-write STATUS current DESCRIPTION "This specifies the tftp Initialization Vector that is used for AES Decryption between the IntruShield Sensor and EMS. Default: All 128 octets filled with '0'." ::= { tftpGrp 11 } --Trellix IntruShield chassis. --The chassis may be a slim line enclosure with no explicit slot concept or a larger enclosure --with multiple slots. -- --This MIB does not differentiate between the two and models all it's cards --as entities that can be associated with a containing slot. -- Support for chassisGrp is deprecated in V-series sensors(VmIPS). chassisGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 7 } temperatureStatus OBJECT-TYPE SYNTAX INTEGER { normal (0), abnormal (1) } MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { chassisGrp 1 } fanStatus OBJECT-TYPE SYNTAX INTEGER { normal (0), abnormal (1), removed (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { chassisGrp 2 } primaryPowerSupplyStatus OBJECT-TYPE SYNTAX INTEGER { not-present (0), present-operational (1), present-nonoperational (2), error (3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This powerSupply MIB object gives the primary powerSupply status. (0) - Primary PowerSupply Module is not present. (1) - Primary PowerSupply Module is present and operational. (2) - Primary PowerSupply Module is present and its not operational. (3) - Error while retrieving the powerSupply status, please re-try after some time." ::= { chassisGrp 3 } secondaryPowerSupplyStatus OBJECT-TYPE SYNTAX INTEGER { not-present (0), present-operational (1), present-nonoperational (2), error (3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This powerSupply MIB object gives the secondary powerSupply status. (0) - Secondary PowerSupply Module is not present. (1) - Secondary PowerSupply Module is present and operational. (2) - Secondary PowerSupply Module is present and its not operational. (3) - Error while retrieving the powerSupply status, please re-try after some time." ::= { chassisGrp 4 } pciLegacyErrorStatus OBJECT-TYPE SYNTAX DisplayString (SIZE(0..512)) MAX-ACCESS read-only STATUS current DESCRIPTION "BMC PCI Legacy Error (parity error (PERR) and system error (SERR))" ::= { chassisGrp 5 } pciFatalError1Status OBJECT-TYPE SYNTAX DisplayString (SIZE(0..512)) MAX-ACCESS read-only STATUS current DESCRIPTION "BMC PCI Fatal Error1 Status" ::= { chassisGrp 6 } pciFatalError2Status OBJECT-TYPE SYNTAX DisplayString (SIZE(0..512)) MAX-ACCESS read-only STATUS current DESCRIPTION "BMC PCI Fatal Error2 Status (Continuation of Fatat Error 1)" ::= { chassisGrp 7 } systemEventLogStatus OBJECT-TYPE SYNTAX DisplayString (SIZE(0..512)) MAX-ACCESS read-only STATUS current DESCRIPTION "BMC System Event Log (SEL buffer) Status" ::= { chassisGrp 8 } bmcWatchdogStatus OBJECT-TYPE SYNTAX DisplayString (SIZE(0..512)) MAX-ACCESS read-only STATUS current DESCRIPTION "BMC Watchdog Status" ::= { chassisGrp 9 } processorStatusTable OBJECT-TYPE SYNTAX SEQUENCE OF ProcessorStatusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contain list of processors" ::= { chassisGrp 10 } processorStatusEntry OBJECT-TYPE SYNTAX ProcessorStatusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table entries denotes various processor details for each index (processor) " INDEX { processorNumIndex } ::= { processorStatusTable 1 } ProcessorStatusEntry ::= SEQUENCE{ processorStatus DisplayString, } processorStatus OBJECT-TYPE SYNTAX DisplayString (SIZE(0..512)) MAX-ACCESS read-only STATUS current DESCRIPTION "Processor Presence Status" ::= { processorStatusEntry 1 } memoryECCStatus OBJECT-TYPE SYNTAX DisplayString (SIZE(0..512)) MAX-ACCESS read-only STATUS current DESCRIPTION "Memory ECC Status" ::= { chassisGrp 11 } postSysEventStatus OBJECT-TYPE SYNTAX DisplayString (SIZE(0..512)) MAX-ACCESS read-only STATUS current DESCRIPTION "POST Sys Event Status" ::= { chassisGrp 12 } postErrorStatus OBJECT-TYPE SYNTAX DisplayString (SIZE(0..512)) MAX-ACCESS read-only STATUS current DESCRIPTION "POST Error Status" ::= { chassisGrp 13 } --Trellix Sensor Slave chassis. slave-ChassisGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 9 } slaveTemperatureStatus OBJECT-TYPE SYNTAX INTEGER { normal (0), abnormal (1) } MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { slave-ChassisGrp 1 } slaveFanStatus OBJECT-TYPE SYNTAX INTEGER { normal (0), abnormal (1) } MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { slave-ChassisGrp 2 } slavePrimaryPowerSupplyStatus OBJECT-TYPE SYNTAX INTEGER { not-present (0), present-operational (1), present-nonoperational (2), error (3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This powerSupply MIB object gives the primary powerSupply status. (0) - Slave Primary PowerSupply Module is not present. (1) - Slave Primary PowerSupply Module is present and operational. (2) - Slave Primary PowerSupply Module is present and its not operational. (3) - Error while retrieving the powerSupply status, please re-try after some time." ::= { slave-ChassisGrp 3 } slaveSecondaryPowerSupplyStatus OBJECT-TYPE SYNTAX INTEGER { not-present (0), present-operational (1), present-nonoperational (2), error (3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This powerSupply MIB object gives the secondary powerSupply status. (0) - Slave Secondary PowerSupply Module is not present. (1) - Slave Secondary PowerSupply Module is present and operational. (2) - Slave Secondary PowerSupply Module is present and its not operational. (3) - Error while retrieving the powerSupply status, please re-try after some time." ::= { slave-ChassisGrp 4 } --This group conatins all MIB objects that specify the configuration of the --Trellix IntrusShield management card. -- --The object mgmtCardTable within this group suggest that each IntruShield chassis --can contain more than one management card, only for standby purposes. managementCardGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 8 } mgmtCardTable OBJECT-TYPE SYNTAX SEQUENCE OF MgmtCardEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains entries, one per management card, indexed by the appropriate slotIndex." ::= { managementCardGrp 1 } mgmtCardEntry OBJECT-TYPE SYNTAX MgmtCardEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This MIB object contains all the columnar objects, that describe the contents of each management card within the IntruShield node. This entry is indexed by a fixed value slotIndex of 1 (one) for all models." INDEX { slotIndex } ::= { mgmtCardTable 1 } MgmtCardEntry ::= SEQUENCE { mcAction TrellixIDSAction, mcActionStatus TrellixIDSActionStatus, mcActionResult TrellixIDSActionResult, mcHwVersion DisplayString, mcCurrentSwVersion DisplayString, mcFutureSwFileName DisplayString, mcDateAndTime DateAndTime } mcAction OBJECT-TYPE SYNTAX TrellixIDSAction MAX-ACCESS read-write STATUS current DESCRIPTION "Actions applicable on this card, uses TC TrellixIDSAction. Default: other Only 'reset' and 'swupdate' action are supported." ::= { mgmtCardEntry 1 } mcActionStatus OBJECT-TYPE SYNTAX TrellixIDSActionStatus MAX-ACCESS read-only STATUS current DESCRIPTION "Outcome of a SNMP set on the mcAction object. Uses TC TrellixIDSActionStatus Default: other" ::= { mgmtCardEntry 2 } mcActionResult OBJECT-TYPE SYNTAX TrellixIDSActionResult MAX-ACCESS read-only STATUS current DESCRIPTION "Detail information when is set to 'reset', based on Default: 0, details not defined." ::= { mgmtCardEntry 3 } -- Support for mcHwVersion is deprecated in V-series sensors(VmIPS). mcHwVersion OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-only STATUS current DESCRIPTION "The manufacturer specified hardware version information. Typically indicated major, minor, patch information for version." ::= { mgmtCardEntry 4 } mcCurrentSwVersion OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-only STATUS current DESCRIPTION "The manufacturer specified software version information that is currently running. Typically indicated major, minor, patch information for version." ::= { mgmtCardEntry 5 } mcFutureSwFileName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "The new software (image) file residing on flash." ::= { mgmtCardEntry 6 } mcDateAndTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-write STATUS current DESCRIPTION "System date and time set by EMS." ::= { mgmtCardEntry 7 } --This group conatins all MIB objects that specify the configuration of the --Trellix IDS sensor (analysis) card. -- --The object sensorCardTable within this group suggests that each Trellix IDS chassis --may contain more than one sensor card. -- --Support for each logical function is defined in its own table. --Each table in this group contains entries, one per sensor card, indexed by sensorCardGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 10 } sensorCardTable OBJECT-TYPE SYNTAX SEQUENCE OF SensorCardEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains entries, one per sensor card and indexed by the slotIndex. " ::= { sensorCardGrp 1 } sensorCardEntry OBJECT-TYPE SYNTAX SensorCardEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This MIB object contains all the columnar objects, that describe the contents of each sensor card within the Trellix IDS. This entry is indexed by a fixed value chassis slotIndex of 2 (two) for all models." INDEX { slotIndex } ::= { sensorCardTable 1 } SensorCardEntry ::= SEQUENCE { scAction TrellixIDSAction, scSigUpdateResult TrellixIDSActionResult, scHwVersion DisplayString, scCurrentSwVersion DisplayString, scFutureSwFileName DisplayString, scCurrentSigVersion DisplayString, scFutureSigFileName DisplayString, scMACAddress MacAddress, scCurrentBotDATVersion DisplayString } scAction OBJECT-TYPE SYNTAX TrellixIDSAction MAX-ACCESS read-write STATUS current DESCRIPTION "Actions on this card. See TrellixIDSAction Default: other Only reset and sigupdate are supported." ::= { sensorCardEntry 1 } scSigUpdateResult OBJECT-TYPE SYNTAX TrellixIDSActionResult MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates detail results of scAction object. Default: 0 " ::= { sensorCardEntry 2 } -- Support for scHwVersion is deprecated in V-series sensors(VmIPS). scHwVersion OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-only STATUS current DESCRIPTION "The manufacturer specified hardware version information. Typically indicated major, minor, patch information for version." ::= { sensorCardEntry 3 } scCurrentSwVersion OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-only STATUS current DESCRIPTION "The manufacturer specified software version information that is currently running. Typically indicated major, minor, patch information for version." ::= { sensorCardEntry 4 } scFutureSwFileName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "The new software (image) file residing on flash." ::= { sensorCardEntry 5 } scCurrentSigVersion OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-only STATUS current DESCRIPTION "The manufacturer specified signature file version information that is currently running. Typically indicated major, minor, patch information for version." ::= { sensorCardEntry 6 } scFutureSigFileName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "The new signature file residing on flash." ::= { sensorCardEntry 7 } scMACAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "ReadOnly parameter, to allow SNMP manager to view the MAC address of this card." ::= { sensorCardEntry 8 } scCurrentBotDATVersion OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-only STATUS current DESCRIPTION "The manufacturer specified BotDAT file version information that is currently running." ::= { sensorCardEntry 9 } -- -- IP table -- ipTable OBJECT-TYPE SYNTAX SEQUENCE OF IpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains entries that define the IP configuration objects per sensor card." ::= { sensorCardGrp 6 } ipEntry OBJECT-TYPE SYNTAX IpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table entry contains the sensor card specific ( based) IP configuration objects. This entry is indexed by a fixed value chassis slotIndex of 2 (two) for all models." INDEX { slotIndex } ::= { ipTable 1 } IpEntry ::= SEQUENCE { ipFragmentTimer INTEGER, ipOverlapOption INTEGER, ipTTLConfigMode INTEGER, ipTTLThreshold INTEGER, ipTTLResetValue INTEGER, ipSmallestFragmentSize INTEGER, ipSmallFragmentThreshold INTEGER, ipFragmentReassemblyOption INTEGER, ipv6OverlapOption INTEGER, ipv6SmallestFragmentSize INTEGER, ipv6SmallFragmentThreshold INTEGER } ipFragmentTimer OBJECT-TYPE SYNTAX INTEGER (3..180) MAX-ACCESS read-write STATUS current DESCRIPTION "IP fragment reassembly timer Default: 30 seconds " ::= { ipEntry 1 } ipOverlapOption OBJECT-TYPE SYNTAX INTEGER { oldData (1), newData (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If set to oldData(1), ip reassembly module takes old data. Otherwise it takes new data. Default: oldData (1)" ::= { ipEntry 2 } ipTTLConfigMode OBJECT-TYPE SYNTAX INTEGER { noTTLChecking (1), checkThreshold (2), resetTTL (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "If set to noTTLChecking(1), the TTL in the packet is not checked. If set to checkThreshold(2), then TTL is checked against the value in ipTTLThreshold object. If set to resetTTL(3), the TTL value is reset to the value set by ipTTLResetValue object. Default: noTTLChecking (1)" ::= { ipEntry 3 } ipTTLThreshold OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the minimum threshold for the TTL value. The TTL in the packet is checked against the value configured here. If TTL is less than the value configured here, an alert is raised. Default: 32" ::= { ipEntry 4 } ipTTLResetValue OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the value that TTL should be reset to. Default: 32" ::= { ipEntry 5 } ipSmallestFragmentSize OBJECT-TYPE SYNTAX INTEGER (8..1480) MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the smallest fragment size that is acceptable. Any fragments smaller than the size specified here (other than the last one) will be counted and an alert raised if exceeds the threshold configured. The size should be multiple of 8. Default: 256" ::= { ipEntry 6 } ipSmallFragmentThreshold OBJECT-TYPE SYNTAX INTEGER (100..100000) MAX-ACCESS read-write STATUS current DESCRIPTION "Count of acceptable small fragments as specified by ipSmallestFragmentSize in 1 minute. Default: 10000" ::= { ipEntry 7 } ipFragmentReassemblyOption OBJECT-TYPE SYNTAX INTEGER{ enable (0), disable (1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Flag to indicate if sensor should reassemble IP Framgments. Default: enable" ::= { ipEntry 8 } ipv6OverlapOption OBJECT-TYPE SYNTAX INTEGER { oldData (1), newData (2), drop (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "If set to oldData(1), ipv6 reassembly module takes old data. Otherwise it takes new data. Default: oldData (1)" ::= { ipEntry 9 } ipv6SmallestFragmentSize OBJECT-TYPE SYNTAX INTEGER (40..1280) MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the smallest ipv6 fragment size that is acceptable. Any fragments smaller than the size specified here (other than the last one) will be counted and an alert raised if exceeds the threshold configured. The size should be multiple of 8. Default: 48" ::= { ipEntry 10 } ipv6SmallFragmentThreshold OBJECT-TYPE SYNTAX INTEGER (100..100000) MAX-ACCESS read-write STATUS current DESCRIPTION "Count of acceptable small fragments as specified by ipSmallestFragmentSize in 1 minute. Default: 10000" ::= { ipEntry 11 } -- -- TCP Table -- tcpTable OBJECT-TYPE SYNTAX SEQUENCE OF TcpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains entries that define the TCP configuration objects per sensor card." ::= { sensorCardGrp 7 } tcpEntry OBJECT-TYPE SYNTAX TcpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table entry contains the sensor card specific ( based) TCP configuration objects. This entry is indexed by a fixed value chassis slotIndex of 2 (two) for all models." INDEX { slotIndex } ::= { tcpTable 1 } TcpEntry ::= SEQUENCE { supportedUDPFlows Integer32, tcbInactivityTimer INTEGER, tcpSegmentTimer INTEGER, tcp2MSLTimer INTEGER, inactiveFlowsRSTEnabled TruthValue, dropReTxTCPEnabled TruthValue, coldStartTime INTEGER, coldStartDropAction INTEGER, normalizationOnOffOption INTEGER, tcpOverlapOption INTEGER, sAckPermittedOption INTEGER, tTCPOptionThreshold INTEGER, dropOnPAWSFail INTEGER, timestampEchoMatchFail INTEGER, dropMD5Option INTEGER, unsolicitedUDPPacketsTimeout INTEGER, synProxyEnable INTEGER, ackScanDiscardTime INTEGER, halfOpenConnectionResetEnable INTEGER, outOfContextTcpPktEnable INTEGER, synCookieConfig INTEGER, synCookieInboundThreshold INTEGER, synCookieOutboundThreshold INTEGER, synCookieMss INTEGER, sinkHoleTimeToLive INTEGER, sinkHoleIpAddress IpAddress } supportedUDPFlows OBJECT-TYPE SYNTAX Integer32 (8..1000000) MAX-ACCESS read-write STATUS current DESCRIPTION "Number of UDP flows supported. Deafult: 1 million, UDP and TCP combined. Default: 100000 for I4000, 25000 for I2600, 5000 for I1200, 10000 for I1400" ::= { tcpEntry 1 } tcbInactivityTimer OBJECT-TYPE SYNTAX INTEGER (3..1200) MAX-ACCESS read-write STATUS current DESCRIPTION "TCB inactivity timeout Default: 10 minutes" ::= { tcpEntry 2 } tcpSegmentTimer OBJECT-TYPE SYNTAX INTEGER (10..120) MAX-ACCESS read-write STATUS current DESCRIPTION "TCP segment reassembly timer. Default: 60 seconds " ::= { tcpEntry 3 } tcp2MSLTimer OBJECT-TYPE SYNTAX INTEGER (3..120) MAX-ACCESS read-write STATUS current DESCRIPTION "TCP 2MSL timer Default: 10 seconds" ::= { tcpEntry 4 } inactiveFlowsRSTEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Option to RST incative flows enabled (TRUE) or not (FALSE). Default: FALSE" ::= { tcpEntry 5 } dropReTxTCPEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "IntruShield may get TCP segments which have already been processed by it apriori (due to the segments being dropped in between it and the destination). By default, forward it without any processing, but provide the user with an option to drop such selectively retransmitted segments. This object enables the dropping of retransmitted TCP packets. Default: FALSE" ::= { tcpEntry 6 } coldStartTime OBJECT-TYPE SYNTAX INTEGER (0..10080) MAX-ACCESS read-write STATUS current DESCRIPTION "When sensor powers up, it will treat the packets for flows that did not exist without valid TCB as valid packets. After the time configured with this object, packets without valid flows are considered invalid packets. Default: 60min" ::= { tcpEntry 7 } coldStartDropAction OBJECT-TYPE SYNTAX INTEGER { dropFlows (1), forwardFlows (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "When this object is set to dropFlows(1), in inline mode sensor will drop the packets without valid TCB. When this object is set to forwardFlows(2), in inline mode sensor will forward the packets until coldStartTime. After that it will drop the packets without valid TCB. Default: forwardFlows(2)" ::= { tcpEntry 8 } normalizationOnOffOption OBJECT-TYPE SYNTAX INTEGER { on (1), off (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable or Disable normalization Default: off(2)" ::= { tcpEntry 9 } tcpOverlapOption OBJECT-TYPE SYNTAX INTEGER { oldData (1), newData (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If this object is set to oldData(1), tcp reassembly module will use the old data. Otherwise it will use the newer data. Default: newData(2)" ::= { tcpEntry 10 } sAckPermittedOption OBJECT-TYPE SYNTAX INTEGER { on (1), off (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If set to on, removes in SYN and clears in further packets. This applies only in inline mode." ::= { tcpEntry 11 } tTCPOptionThreshold OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Generate alert if too many. TBD" ::= { tcpEntry 12 } dropOnPAWSFail OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If set to enable, drop if fails PAWS test. If set to disable always forward the packet." ::= { tcpEntry 13 } timestampEchoMatchFail OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If set to enable, drop if TS-echo was one not sent earlier. If set to disable always forward the packet." ::= { tcpEntry 14 } dropMD5Option OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If set to enable, drop packet if SYN=0 and it contains no MD5 but MD5 was used at setup. If set to disable always forward the packet." ::= { tcpEntry 15 } unsolicitedUDPPacketsTimeout OBJECT-TYPE SYNTAX INTEGER (10..3600) MAX-ACCESS read-write STATUS current DESCRIPTION "If a UDP response packet is received without a request packet, the packet will be dropped. This object configures the acceptable request to response time. Default: 60" ::= { tcpEntry 16 } synProxyEnable OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If set to enable, sensor will do SYN proxy for every SYN request. SYN proxy is done only when TCP SYN flood is detected." ::= { tcpEntry 17 } ackScanDiscardTime OBJECT-TYPE SYNTAX INTEGER (0..1440) MAX-ACCESS read-write STATUS current DESCRIPTION "The time in which ACK scan messages should be discarded. Default 15 minutes" ::= { tcpEntry 18 } halfOpenConnectionResetEnable OBJECT-TYPE SYNTAX INTEGER { resetDisable (1), resetAllUnfinished3WHConns (2), resetDosUnfinished3WHConns (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Resets either all or only DOS packets whose 3 Way Handshake has not finished. Default: Disable(1). " ::= { tcpEntry 19 } outOfContextTcpPktEnable OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2), permit-out-of-order (3), deny-no-tcb (4), stateless-inspection (5) } MAX-ACCESS read-write STATUS current DESCRIPTION "Used to en/dis able processing of out of context TCP packets. Enable aka PERMIT, Disable aka DENY, PERMIT_OUT_OF_ORDER(3), DENY-NO-TCB (4) aka PERMIT-ACL-MODE, STATELESS_INSPECTION (5). Default: PERMIT(1)" ::= { tcpEntry 20 } synCookieConfig OBJECT-TYPE SYNTAX INTEGER { disable (0), enable-inbound (1), enable-outbound (2), enable-in-out (3) } MAX-ACCESS read-write STATUS current DESCRIPTION " This object specifies the directions in which to enable syn cookie when there is a SYN flood. This option is valid only for monitoring ports operating in inline mode. Default: 0" ::= { tcpEntry 21 } synCookieInboundThreshold OBJECT-TYPE SYNTAX INTEGER (0..420000) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the threshold value for the number of incomplete SYNs from outside network beyond which SYN cookie mechanism has to be enabled. Default: 4096" ::= { tcpEntry 22 } synCookieOutboundThreshold OBJECT-TYPE SYNTAX INTEGER (0..420000) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the threshold value for the number of incomplete SYNs from inside network beyond which SYN cookie mechanism has to be enabled. Default: 4096" ::= { tcpEntry 23 } synCookieMss OBJECT-TYPE SYNTAX INTEGER (536..1460) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the maximum segment size to be sent in SYN Ack, with SYN cookie mechanism enabled. Default: 536" ::= { tcpEntry 24 } sinkHoleTimeToLive OBJECT-TYPE SYNTAX INTEGER (6..18) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the TTL duration for sinkhole. TTL duration can range from 6 hours to 18 hours, Default: 12 hours" ::= { tcpEntry 25 } sinkHoleIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure IPv4 address of sinkhole. It can be any valid ip address apart from broadcast and multicast address. Default: 127.0.0.1" ::= { tcpEntry 26 } -- -- TCP/UDP session reset and log table -- sessionTable OBJECT-TYPE SYNTAX SEQUENCE OF SessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Session table is used by user to configure TCP and UDP flows in the sensor." ::= { sensorCardGrp 8 } sessionEntry OBJECT-TYPE SYNTAX SessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indexed with 5-tuple flow parameters and VIDS identifier. This table is used only to send sets to the sensor. Doing GET on this table will not return any information." INDEX {sessionSrcIpAddress, sessionDestIpAddress, sessionSrcPortNo, sessionDestPortNo, sessionProtocol, sessionVIDSIdentifier } ::= { sessionTable 1 } SessionEntry ::= SEQUENCE { sessionSrcIpAddress IpAddress, sessionDestIpAddress IpAddress, sessionSrcPortNo INTEGER, sessionDestPortNo INTEGER, sessionProtocol INTEGER, sessionVIDSIdentifier INTEGER, sessionConfigAction INTEGER, sessionLogTime INTEGER, sessionIntfPortNo TrellixPortLinearIndex } sessionSrcIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Source ip address." ::= { sessionEntry 1 } sessionDestIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Destination ip address." ::= { sessionEntry 2 } sessionSrcPortNo OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "Source port number." ::= { sessionEntry 3 } sessionDestPortNo OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "Destination port number." ::= { sessionEntry 4 } sessionProtocol OBJECT-TYPE SYNTAX INTEGER { tcp (1), udp (2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "Protocol type." ::= { sessionEntry 5 } sessionVIDSIdentifier OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "VIDS identifier that owns this flow. If VIDS is not enabled, this oject will be ignored." ::= { sessionEntry 6 } sessionConfigAction OBJECT-TYPE SYNTAX INTEGER { resetSession (1), logSession (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to resetSession(1) causes the flow to be reset. Setting this object to logSession(2) causes the flow to be logged for the time specified with sessionLogTime object." ::= { sessionEntry 7 } sessionLogTime OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The time for which the packet needs to be logged." ::= { sessionEntry 8 } sessionIntfPortNo OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS read-write STATUS current DESCRIPTION "The sensor linear interface port index on which the attack has been detected. This is mandatory when the sessionConfigAction is resetSession. " ::= { sessionEntry 9 } -- -- IPV6 TCP/UDP session reset and log table -- sessionV6Table OBJECT-TYPE SYNTAX SEQUENCE OF SessionV6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Session table v6 is used by user to configure TCP and UDP flows over Ipv6 in the sensor." ::= { sensorCardGrp 9 } sessionV6Entry OBJECT-TYPE SYNTAX SessionV6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indexed with 5-tuple flow parameters and VIDS identifier. This table is used only to send sets to the sensor. Doing GET on this table will not return any information." INDEX {sessionSrcIpv6Address, sessionDestIpv6Address, sessionv6SrcPortNo, sessionv6DestPortNo, sessionv6Protocol, sessionv6VIDSIdentifier } ::= { sessionV6Table 1 } SessionV6Entry ::= SEQUENCE { sessionSrcIpv6Address Ipv6Address, sessionDestIpv6Address Ipv6Address, sessionv6SrcPortNo INTEGER, sessionv6DestPortNo INTEGER, sessionv6Protocol INTEGER, sessionv6VIDSIdentifier INTEGER, sessionv6ConfigAction INTEGER, sessionv6LogTime INTEGER, sessionv6IntfPortNo TrellixPortLinearIndex } sessionSrcIpv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS not-accessible STATUS current DESCRIPTION "Source ipv6 address." ::= { sessionV6Entry 1 } sessionDestIpv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS not-accessible STATUS current DESCRIPTION "Destination ipv6 address." ::= { sessionV6Entry 2 } sessionv6SrcPortNo OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "Source port number." ::= { sessionV6Entry 3 } sessionv6DestPortNo OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "Destination port number." ::= { sessionV6Entry 4 } sessionv6Protocol OBJECT-TYPE SYNTAX INTEGER { tcp (1), udp (2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "Protocol type." ::= { sessionV6Entry 5 } sessionv6VIDSIdentifier OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "VIDS identifier that owns this flow. If VIDS is not enabled, this oject will be ignored." ::= { sessionV6Entry 6 } sessionv6ConfigAction OBJECT-TYPE SYNTAX INTEGER { resetSession (1), logSession (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to resetSession(1) causes the flow to be reset. Setting this object to logSession(2) causes the flow to be logged for the time specified with sessionLogTime object." ::= { sessionV6Entry 7 } sessionv6LogTime OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The time for which the packet needs to be logged." ::= { sessionV6Entry 8 } sessionv6IntfPortNo OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS read-write STATUS current DESCRIPTION "The sensor linear interface port index on which the attack has been detected. This is mandatory when the sessionConfigAction is resetSession " ::= { sessionV6Entry 9 } pluggableModuleState OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the state of the pluggable modules in the system. Applicable for Rubicon models only. 32 bit starting from LSB, 4 bits for each slot starting from 2, will contain the moduleSysType enum => 0000 0000 0000 0000 0000 0000." ::= { sensorCardGrp 10 } -- This group conatins all MIB objects that specify the configuration of -- the IntruShield interface port. -- -- The object intfPortTable within this group suggests that the MIB is -- designed to support sensor cards that can contain more than one interface -- port. -- interfacePortGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 11 } intfPortTable OBJECT-TYPE SYNTAX SEQUENCE OF IntfPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing entries for each interface port (indexed via intfPortIndex) on each sensor card (indexed via appropriate slotIndex). This table contains Trellix specific configuration objects. Tables that contain MIB objects borrowed from MIB-II are in the TRELLIX-SENSOR-PERF-MIB." ::= { interfacePortGrp 1 } intfPortEntry OBJECT-TYPE SYNTAX IntfPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This MIB object contains all the columnar objects, that describe the contents of each interface port on each IntruShield sensor card. Indexed by slotIndex/intfPortIndex" INDEX { slotIndex, intfPortIndex } ::= { intfPortTable 1 } IntfPortEntry ::= SEQUENCE { intfPortIfDescr DisplayString, intfPortIfType TrellixIDSPortType, intfPortIfAdminStatus INTEGER, intfPortIfOperStatus INTEGER, intfPortOperatingMode TrellixIDSOperatingMode, intfPortEnableFullDuplex TruthValue, intfPortFullDuplexPeer Integer32, intfPortSpeed INTEGER, intfPortSpeedConfig TrellixPortSpeed, -- was TrellixFEType, now deprecated intfPortEnableInternalTap TruthValue, intfPortInOutType INTEGER, intfGEPortSpeedConfig INTEGER, intfFailOpenSwitchStatus INTEGER, intfFailOpenPortStatus INTEGER, intfPortEnableAntiSpoofing INTEGER, intfPortHostQRActionStatus INTEGER, intfPortMpeQRActionStatus INTEGER, intfPortAllowlistACLLookupStatus INTEGER, intfPortPeerDeviceAdvtStatus INTEGER, intfPortIsMcafeeConnector TruthValue, intfPortAllowAnyConnector TruthValue, intfPortCageType INTEGER, intfPortGetMediaType INTEGER, intfPortSetMediaType INTEGER, intfPortAdditionalInfo DisplayString, intfPortMonPortIpAddress IpAddress, intfPortMonPortNetMask IpAddress, intfPortGatewayIpAddress IpAddress, intfPortNbadConfigStatus TruthValue, intfPortVlanId Integer32, intfPortAppIdStatsConfigStatus TruthValue, intfPortConnectorType INTEGER, intfPortLinearIndex TrellixPortLinearIndex, intfPortFecConfig INTEGER, intfPortTranceiverSerialNumber DisplayString } intfPortIfDescr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string containing information about the interface. Returns the string that is printed on the box." ::= { intfPortEntry 1 } intfPortIfType OBJECT-TYPE SYNTAX TrellixIDSPortType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of interface, distinguished according to the physical/link protocol(s) immediately 'below' the network layer in the protocol stack. For brevity, Trellix options are as specified by the TC, TrellixIDSPortType. However, the SNMP MIB-II - Interfaces MIB specifies many more valid options. See comments section for details. " ::= { intfPortEntry 2 } intfPortIfAdminStatus OBJECT-TYPE SYNTAX INTEGER { up (1), down (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The desired state of the interface. The testing(3) state indicates that no operational packets can be passed. Default: down" ::= { intfPortEntry 3 } intfPortIfOperStatus OBJECT-TYPE SYNTAX INTEGER { up (1), down (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current operational state of the interface. The testing(3) state indicates that no operational packets can be passed. Default: down" ::= { intfPortEntry 4 } intfPortOperatingMode OBJECT-TYPE SYNTAX TrellixIDSOperatingMode MAX-ACCESS read-write STATUS current DESCRIPTION "ReadWrite parameter specifies the operating mode for the Trellix IDS sensor to be used. Different modes supported are inline-fo-passive(1), non-inline or tap(2), span(3) and inlne-fc(4), inline-fo-active kit(5 - available on M-series only). Default: non-inline" ::= { intfPortEntry 5 } -- Support for intfPortEnableFullDuplex is deprecated in V-series sensors(VmIPS). intfPortEnableFullDuplex OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "True: Sets interface port to work as a full-duplex one. Otherwise as half-duplex. Default: True" ::= { intfPortEntry 6 } -- Support for intfPortFullDuplexPeer is deprecated in V-series sensors(VmIPS). intfPortFullDuplexPeer OBJECT-TYPE SYNTAX Integer32 (1..32) MAX-ACCESS read-only STATUS current DESCRIPTION "This MIB object returns the intfPortIndex value of the interface port that is a peer. Used only when operating mode is inline(1) or monitor-dual-intf(2)." ::= { intfPortEntry 7 } -- Support for intfPortSpeed is deprecated in V-series sensors(VmIPS). intfPortSpeed OBJECT-TYPE SYNTAX INTEGER { other (0), ten-Mbps (1), hundred-Mbps (2), one-Gbps(3), -- renamed from gig-Mbps ten-Gbps(4), -- support in M-series and R-series only forty-Gbps(5) -- support in R-series only } MAX-ACCESS read-only STATUS current DESCRIPTION "Get current speed/negotiation on the interface." ::= { intfPortEntry 8 } -- Support for intfPortSpeedConfig is deprecated in V-series sensors(VmIPS). intfPortSpeedConfig OBJECT-TYPE SYNTAX TrellixPortSpeed -- was TrellixFEType, now deprecated MAX-ACCESS read-write STATUS current DESCRIPTION "Set desired speed/negotiation on the interface. Default values are as follows: I-Series - fixed-hundred-Mbps (infinity/hichborn/2x00(1a-3b) auto-gig-Mbps on 3000/4010/4000/2x00(4a,4b) M-Series - auto-ten-gig-Mbps on palomar/pyramid(1a-4b),auto-gig-Mbps(5a-8b) Default: see above" ::= { intfPortEntry 9 } intfPortEnableInternalTap OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Set to TRUE to enable feature. Applies to Fast Ethernet (FE) ports only (see TrellixIDSPortType). For non FE ports, set to 'FALSE' . Setting this to 'TRUE' requires that is already set to 'monitor-dual-intf' Default: True" ::= { intfPortEntry 10 } intfPortInOutType OBJECT-TYPE SYNTAX INTEGER { inside (1), outside (2), not-specified (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This MIB object reflects the Input or Output labeling of this interface port. Used only when operating mode is inline(1) or monitor-dual-intf(2). Default: not-specified(3)" ::= { intfPortEntry 11 } -- Definition of intfGEPortSpeedConfig OID stays in the MIB -- Support for intfGEPortSpeedConfig is deprecated in sensors using new MIB. -- Support for intfGEPortSpeedConfig is deprecated in M-series sensors and V-series sensors(VmIPS). intfGEPortSpeedConfig OBJECT-TYPE SYNTAX TrellixGEType MAX-ACCESS read-write STATUS current DESCRIPTION "Only applicable to gigabit-ethernet ports, to specify whether auto or 1 Gbps See TrellixGEType Default: 'auto-negotiate'" ::= { intfPortEntry 12 } -- Support for intfFailOpenSwitchStatus is availble in V-series sensors(VmIPS) -- only when port operting mode is inline-fo-active intfFailOpenSwitchStatus OBJECT-TYPE SYNTAX INTEGER { not-applicable(1), present(2), not-present(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Returns the status of the external optical bypass switch status. For FE ports, this object will return not-applicable(1). For GE ports, if external optical bypass switch is connected to sensor ports, this will return present(2). Otherwise, it will return not-present(3)." ::= { intfPortEntry 13 } -- Support for intfFailOpenPortStatus is availble in V-series sensors(VmIPS) -- only when port operting mode is inline-fo-active intfFailOpenPortStatus OBJECT-TYPE SYNTAX INTEGER { not-applicable(1), inline-fail-open(2), bypass(3), tap (4), absent (5), unknown (6), layer2-bypass (7) } MAX-ACCESS read-only STATUS current DESCRIPTION "Returns the packet forwarding status of the sensor ports connected to the optical bypass switch. If status is inline-fail-open(2), sensor is doing the forwarding. If status is bypass(3), the bypass switch is doing the forwarding and sensor will not process any traffic in this mode. Tap(4), absent(5) , unknown (6) and layer2-bypass(7) are available only in M-series for non RJ45(captive) ports when connected to active FO kit and sensor operating mode is inline-fail-open-active-kit. tap - operational status(up), kit(present), heart-beat(tap) absent - operational status(up), kit(absent), hear-beat(none) unknown - operational status(down), kit(absent), heart-beat(not available)." ::= { intfPortEntry 14 } intfPortEnableAntiSpoofing OBJECT-TYPE SYNTAX INTEGER { disable-bothsides-spoof-detect (1), enable-inside-spoof-detect (2), enable-outside-spoof-detect (3), enable-bothsides-spoof-detect (4) } MAX-ACCESS read-write STATUS current DESCRIPTION "spoofed packet detect rcvd on the both sides . Default: 'disable-bothsides-spoof-detect' (0) " ::= { intfPortEntry 15 } -- unallocated ::= { intfPortEntry 16 } -- unallocated ::= { intfPortEntry 17 } intfPortHostQRActionStatus OBJECT-TYPE SYNTAX INTEGER { disabled(0), quarantine(1), remediate(2) } MAX-ACCESS read-write STATUS obsolete DESCRIPTION "This object depicts the sensor level host quarantine and remediation action status for the specific interface port. The value 'quarantine' indicates just quarantine the host and the value 'remediate' indicates both quarantining and remediating the host. Default: disabled" ::= { intfPortEntry 18 } intfPortMpeQRActionStatus OBJECT-TYPE SYNTAX INTEGER { disabled(0), mpeNotify(1), mpeQuarantine(2), mpeRemediate(3) } MAX-ACCESS read-write STATUS obsolete DESCRIPTION "This object depicts the MPE respone based host quarantine and remediation action status for the specific interface port. The value 'mpeNotify' indicates just informing the MPE server about the problem host; the value 'mpeQuarantine' indicates first informing the MPE server about the problem host and then quarantine the host based on the response from the MPE-server and the MPE based Quarantine and Remediation scope mib object value; and the value 'mpeRemediate' indicates first informing the MPE server about the problem host and then remediating the host based on the response from the MPE-server and the MPE based Quarantine and Remediation scope mib object value. Default: disabled" ::= { intfPortEntry 19 } intfPortAllowlistACLLookupStatus OBJECT-TYPE SYNTAX INTEGER { disabled(0), enabled(1) } MAX-ACCESS read-write STATUS obsolete DESCRIPTION "This object indicates the status of allowlist ACL lookup for this interface port. Default: disabled" ::= { intfPortEntry 20 } -- intfPortPeerDeviceAdvtStatus support in M-series sensor only intfPortPeerDeviceAdvtStatus OBJECT-TYPE SYNTAX INTEGER { other (0) -- need to provide enum list } MAX-ACCESS read-only STATUS current DESCRIPTION "Applicable if sensor port is set to auto-negotiate, else other(0). Specifies the advertised speed-duplex of the peer appliance port connected to this sensor port." ::= { intfPortEntry 21 } -- intfPortIsMcafeeConnector support in M-series sensor only intfPortIsMcafeeConnector OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True: connector is not inserted. True: connector is inserted in port and McAfee certified. False: connector is inserted and not McAfee certified. " ::= { intfPortEntry 22 } -- intfPortAllowAnyConnector support in M-series sensor only intfPortAllowAnyConnector OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "True: Permit usage of any connector for port. False: Restrict usage to McAfee certified connector only. Default: False" ::= { intfPortEntry 23 } -- intfPortCageType support in M-series and R-series sensor only intfPortCageType OBJECT-TYPE SYNTAX INTEGER { other (0), rJ-45 (1), rJ-11 (2), gBIC (3), sFP (4), xFP (5), sFP-plus (6), -- support in R-series only qSFP (7), -- support in R-series only rJ-45-plus (8), -- support in R-series only sFP-plus-BPFO (9) -- support in R-series only } MAX-ACCESS read-only STATUS current DESCRIPTION "Physical connector cage type on sensor chassis panel." ::= { intfPortEntry 24 } -- intfPortGetMediaType support in M-series sensor only intfPortGetMediaType OBJECT-TYPE SYNTAX INTEGER { none (0), optical (1), electrical (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Gets the media of the connector present in the port cage. None (0) if cage is empty." ::= { intfPortEntry 25 } -- intfPortSetMediaType support in M-series sensor only intfPortSetMediaType OBJECT-TYPE SYNTAX INTEGER { optical(1), electrical (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Sets the media of the connector the user desired for the port. Default: optical" ::= { intfPortEntry 26 } intfPortAdditionalInfo OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string containing information about the interface. Typically returns connector specific information. For V-series sensors(vmips) this object will return monitoring ports label." ::= { intfPortEntry 27 } intfPortMonPortIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure / retrieve the IPv4 address of the monitoring port. Default: 0.0.0.0" ::= { intfPortEntry 28 } intfPortMonPortNetMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure / retrieve netmask for the IPv4 address of the monitoring port. Default: 0.0.0.0" ::= { intfPortEntry 29 } intfPortGatewayIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure / retrieve the IPv4 address of the gateway. Default: 0.0.0.0" ::= { intfPortEntry 30 } intfPortNbadConfigStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object value if set to TRUE indicates that flow record generation to be sent to the NBAD server, is enabled over this monitoring port. Default: False" ::= { intfPortEntry 31 } intfPortVlanId OBJECT-TYPE SYNTAX Integer32 (0..2164326399) MAX-ACCESS read-write STATUS current DESCRIPTION "This MIB object indicates the Vlan ID of the VLAN to which the monitoring port is connected." ::= { intfPortEntry 32 } intfPortAppIdStatsConfigStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object value if set to TRUE indicates that the appId stats collection is enabled over this monitoring port. Default: True" ::= { intfPortEntry 33 } -- intfPortConnectorType support in R-series sensor only intfPortConnectorType OBJECT-TYPE SYNTAX INTEGER { other (0), qSFP (1), sFP-plus (2), sFP-fiber (3), sFP-copper (4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Physical connector type plugged into the port cage." ::= { intfPortEntry 34 } intfPortLinearIndex OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS read-only STATUS current DESCRIPTION "This MIB object indicates the Linear Index of the monitoring port. This index is generated by the sensor appliance using the pair of slot index and the port index values. The other MIB tables would directly use this linear index, whereever applicable." ::= { intfPortEntry 35 } intfPortFecConfig OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure FEC" ::= { intfPortEntry 36 } intfPortTranceiverSerialNumber OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string containing information about the interface. Typically returns transceiver's serial number." ::= { intfPortEntry 37 } -- Support for intfPortGBICHotSwapTime is deprecated in V-series sensors(VmIPS). intfPortGBICHotSwapTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates time when the front end GBIC for any port was hot swapped last." ::= { interfacePortGrp 2 } --This group contains all MIB objects that specify the configuration of the IntruShield --response port. -- --The object respPortTable within this group suggests that the MIB is designed to support --response cards that can contain more than one response port. responsePortGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 12 } respPortTable OBJECT-TYPE SYNTAX SEQUENCE OF RespPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing entries for each response port (indexed via respPortIndex) on each sensor card (indexed via valid slotIndex). This table contains Trellix specific MIB objects. " ::= { responsePortGrp 1 } respPortEntry OBJECT-TYPE SYNTAX RespPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This MIB object contains all the columnar objects, that describe the contents of each response port within the Trellix IDS sensor card. Indexed by slotIndex/respPortIndex" INDEX { slotIndex, respPortIndex } ::= { respPortTable 1 } RespPortEntry ::= SEQUENCE { respPortDescr DisplayString, respPortType TrellixIDSPortType, respPortAdminStatus INTEGER, respPortOperStatus INTEGER, respPortEnableFullDuplex TruthValue, respPortSpeed TrellixPortSpeed, -- was TrellixFEType, respPortPktDestination INTEGER, respPortMacAddress MacAddress, respCUGEPortSpeed TrellixCUGEType, respAdditionalInfo DisplayString } respPortDescr OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string containing information about the interface. Returns the string that is printed on the box." ::= { respPortEntry 1 } respPortType OBJECT-TYPE SYNTAX TrellixIDSPortType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of interface, distinguished according to the physical/link protocol(s) immediately 'below' the network layer in the protocol stack. See TrellixIDSPortType. " ::= { respPortEntry 2 } respPortAdminStatus OBJECT-TYPE SYNTAX INTEGER { up (1), down (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The desired state of the interface. Default: Up" ::= { respPortEntry 3 } respPortOperStatus OBJECT-TYPE SYNTAX INTEGER { up (1), down (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current operational state of the interface. The testing(3) state indicates that no operational packets can be passed." ::= { respPortEntry 4 } -- Support for respPortEnableFullDuplex is deprecated in V-series sensors(VmIPS). respPortEnableFullDuplex OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "True: Sets response port to work as a full-duplex one. otherwise as half-duplex. If True, respPortFullDuplexPeer must be specified. Default: False " ::= { respPortEntry 5 } -- Support for respPortSpeed is deprecated in V-series sensors(VmIPS). respPortSpeed OBJECT-TYPE SYNTAX TrellixPortSpeed MAX-ACCESS read-write STATUS current DESCRIPTION "See TrellixPortSpeed Default: fixed-hundred-Mbps (2)" ::= { respPortEntry 6 } respPortPktDestination OBJECT-TYPE SYNTAX INTEGER { switch (1), router (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used when response ports are chosen for sending response packets. When router mode is chosen, packets will be sent to router with destination MAC as defined in intfRespMacAddress. Default value is switch (1)." ::= { respPortEntry 7 } respPortMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the macaddress of the router to which the response packets have to be sent to." ::= { respPortEntry 8 } -- Support for respCUGEPortSpeed is deprecated in V-series sensors(VmIPS). respCUGEPortSpeed OBJECT-TYPE SYNTAX TrellixCUGEType MAX-ACCESS read-write STATUS current DESCRIPTION "Only applicable to copper-gigabit-ethernet ports, to specify whether 10mbps or 100mbps or 1-gbps or auto-neg. See TrellixCUGEType Default: auto-negotiate" ::= { respPortEntry 9 } respAdditionalInfo OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string containing additional information about the response interface. This mib object will be available only on V-series sensors." ::= { respPortEntry 11 } -- respPortPktDestination OBJECT-TYPE -- -- Interface Response Table -- intfRespTable OBJECT-TYPE SYNTAX SEQUENCE OF IntfRespEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing entries for each interface port. The table describes how responses have to be sent in monitoring mode." ::= { responsePortGrp 2 } intfRespEntry OBJECT-TYPE SYNTAX IntfRespEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indexed by slotIndex/intfPortIndex" INDEX { slotIndex, intfPortIndex } ::= { intfRespTable 1 } IntfRespEntry ::= SEQUENCE { intfRespType INTEGER, intfRespPortNo INTEGER } intfRespType OBJECT-TYPE SYNTAX INTEGER { responsePort (1), inline (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to responsePort (2) causes responses to be sent via the response port. The response port no that needs to be used is specified with intfRespPortNo object. Setting this object to inline (3) causes responses to be sent inline. Note that in monitoring mode, responses can only be sent inline when the monitoring port is in half-duplex mode. Default action will be responsePort (1)." ::= { intfRespEntry 1 } intfRespPortNo OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the response port number that needs to be used for this monitoring port. The response ports are configured by respPortTable." ::= { intfRespEntry 2 } -- -- DOS Configuration Group -- dosConfigGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 14 } dosLearningModeAction OBJECT-TYPE SYNTAX INTEGER { forceDetection (1), learning (2), reloadProfile (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object can be used to switch the mode to DOS learning or force detection mode . The saved profile can be reloaded by setting the object to reloadProfile(3). When set to forceDetection (1), user must be warned as follows, Warning: You are about to force the sensor into Detection Mode before the required 48-hour learning period. The traffic profile learned by the sensor may not be adequate for DOS attack detection and prevention. It is desirable to place the sensor in learning mode while receiving normal traffic for at least 48 hours. " ::= {dosConfigGrp 1 } -- -- DOS Profile Table -- -- This table will only support GET requests -- dosProfileTable OBJECT-TYPE SYNTAX SEQUENCE OF DosProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table defines profile data for each DOS VPT entry." ::= { dosConfigGrp 2 } dosProfileEntry OBJECT-TYPE SYNTAX DosProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indexed by VIDS ID and Profile ID." INDEX { dosProfileVidsId, dosProfileId } ::= { dosProfileTable 1 } DosProfileEntry ::= SEQUENCE { dosProfileVidsId Unsigned32, dosProfileId Unsigned32, dosProfileStatus INTEGER, dosProfileLearningTime Unsigned32 } dosProfileVidsId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The virtual admin domain identifier." ::= { dosProfileEntry 1 } dosProfileId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The identifier of the profile." ::= { dosProfileEntry 2 } dosProfileStatus OBJECT-TYPE SYNTAX INTEGER { learning(1), detection(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the profile entry." ::= { dosProfileEntry 3 } dosProfileLearningTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The time (in hundredths of a second) since learning was started for the profile." ::= { dosProfileEntry 4 } -- -- DOS Profile Bulk Table -- dosProfileBulkTable OBJECT-TYPE SYNTAX SEQUENCE OF DosProfileBulkEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table defines profile data for each DOS VPT entry. This table is primarily used to get the GETNEXT and GETBULK." ::= { dosConfigGrp 3 } dosProfileBulkEntry OBJECT-TYPE SYNTAX DosProfileBulkEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indexed by profile index." INDEX { dosProfileBulkIndex } ::= { dosProfileBulkTable 1 } DosProfileBulkEntry ::= SEQUENCE { dosProfileBulkIndex INTEGER, dosProfileBulkVidsId Unsigned32, dosProfileBulkId Unsigned32, dosProfileBulkStatus INTEGER, dosProfileBulkLearningTime Unsigned32 } dosProfileBulkIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of the profile table." ::= { dosProfileBulkEntry 1 } dosProfileBulkVidsId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The virtual admin domain identifier." ::= { dosProfileBulkEntry 2 } dosProfileBulkId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The identifier of the profile." ::= { dosProfileBulkEntry 3 } dosProfileBulkStatus OBJECT-TYPE SYNTAX INTEGER { learning(1), detection(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the profile entry." ::= { dosProfileBulkEntry 4 } dosProfileBulkLearningTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The time (in hundredths of a second) since learning was started for the profile." ::= { dosProfileBulkEntry 5 } -- -- DOS ShortTerm LongTerm Profile Table -- This table will onl support GET requests -- dosProfileShortAndLongTermTable OBJECT-TYPE SYNTAX SEQUENCE OF DosProfileShortAndLongTermEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table defines short term and long term profile data per DOS measure per VPT. Each VPT is indexed by the global VIDSID, global NIId." ::= { dosConfigGrp 4 } dosProfileShortAndLongTermEntry OBJECT-TYPE SYNTAX DosProfileShortAndLongTermEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indexed by global VIDSIndex, global NIIndex & measureId." INDEX { dosProfileShortAndLongTermVIDSIndex, dosProfileShortAndLongTermNIIndex, dosProfileShortAndLongTermMeasureIndex } ::= { dosProfileShortAndLongTermTable 1 } DosProfileShortAndLongTermEntry ::= SEQUENCE { dosProfileShortAndLongTermVIDSIndex Unsigned32, dosProfileShortAndLongTermNIIndex Unsigned32, dosProfileShortAndLongTermMeasureIndex INTEGER, dosProfileShortAndLongTermBinCount INTEGER, dosProfileShortTermContent OCTET STRING, dosProfileLongTermContent OCTET STRING } dosProfileShortAndLongTermVIDSIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The VIDS id index." ::= { dosProfileShortAndLongTermEntry 1 } dosProfileShortAndLongTermNIIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The NI id index." ::= { dosProfileShortAndLongTermEntry 2 } dosProfileShortAndLongTermMeasureIndex OBJECT-TYPE SYNTAX INTEGER (1..10) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The measure id index." ::= { dosProfileShortAndLongTermEntry 3 } dosProfileShortAndLongTermBinCount OBJECT-TYPE SYNTAX INTEGER (1..32) MAX-ACCESS read-only STATUS current DESCRIPTION "The count indicates the number of short or long term values to be interpreted in their respective content objects. Max value is 32. If the value is set to 10, then only the first 80 bytes in each of the strings have valid data. Note: that 256 octet strings can accomodate a max of 32 values (3 octects each) " ::= { dosProfileShortAndLongTermEntry 4 } dosProfileShortTermContent OBJECT-TYPE SYNTAX OCTET STRING (SIZE(256)) MAX-ACCESS read-only STATUS current DESCRIPTION "This specifies the short term profile data. Default: All 256 octets filled with '0'." ::= { dosProfileShortAndLongTermEntry 5 } dosProfileLongTermContent OBJECT-TYPE SYNTAX OCTET STRING (SIZE(256)) MAX-ACCESS read-only STATUS current DESCRIPTION "This specifies the long term profile data. Default: All 256 octets filled with '0'." ::= { dosProfileShortAndLongTermEntry 6 } enableDosPktLogging OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object can be used to turn on/off the logging od DOS packets. Default: disable (2)." ::= { dosConfigGrp 6 } -- -- Timed Drop DOS Pkt Table -- This table does not support GET NEXT requests -- timedDosPktDropTable OBJECT-TYPE SYNTAX SEQUENCE OF TimedDosPktDropEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table defines action and duration to enable/disable/extend the duration for which DOS pkts are to be drpped. Also provides the absolute time remaining till when it the sensor will drop these packets. " ::= { dosConfigGrp 7 } timedDosPktDropEntry OBJECT-TYPE SYNTAX TimedDosPktDropEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indexed by VIDS ID NI ID and MeasureId." INDEX { timedDosPktDropVidsIdIndex, timedDosPktDropNiIdIndex, timedDosPktDropMsrIdIndex } ::= { timedDosPktDropTable 1 } TimedDosPktDropEntry ::= SEQUENCE { timedDosPktDropVidsIdIndex Unsigned32, timedDosPktDropNiIdIndex Unsigned32, timedDosPktDropMsrIdIndex INTEGER, timedDosPktDropAction INTEGER, timedDosPktDropDuration Unsigned32, timedDosPktDropEndTime Unsigned32 } timedDosPktDropVidsIdIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Vids identifier." ::= { timedDosPktDropEntry 1 } timedDosPktDropNiIdIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The NI identifier." ::= { timedDosPktDropEntry 2 } timedDosPktDropMsrIdIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "The MeasureId identifier." ::= { timedDosPktDropEntry 3 } timedDosPktDropAction OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2), extend(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "The action tells the bulkTimedDosPktDropTable to add(enable the duration for), delete(disable), modify(extend the duration for) an entry." ::= { timedDosPktDropEntry 4 } timedDosPktDropDuration OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The duration for which the DOS pkt drop has been enabled or extended." ::= { timedDosPktDropEntry 5 } -- timedDosPktDropEndTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The absolute end time when the duration for intended action expires." ::= { timedDosPktDropEntry 6 } -- -- Bulk Timed Drop DOS Pkt Table -- bulkTimedDosPktDropTable OBJECT-TYPE SYNTAX SEQUENCE OF BulkTimedDosPktDropEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table lists entries indexed by the bulkTimedDosPktDropIndex, each returns the corresponding VidsId, NiId, MeasureId and the EndTime value." ::= { dosConfigGrp 8 } bulkTimedDosPktDropEntry OBJECT-TYPE SYNTAX BulkTimedDosPktDropEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indexed by bulk index." INDEX { bulkTimedDosPktDropIndex } ::= { bulkTimedDosPktDropTable 1 } BulkTimedDosPktDropEntry ::= SEQUENCE { bulkTimedDosPktDropIndex INTEGER, bulkTimedDosPktDropVidsId Unsigned32, bulkTimedDosPktDropNiId Unsigned32, bulkTimedDosPktDropMsrId INTEGER, bulkTimedDosPktDropEndTime Unsigned32 } bulkTimedDosPktDropIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "The bulk index ." ::= { bulkTimedDosPktDropEntry 1 } bulkTimedDosPktDropVidsId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The Vids identifier." ::= { bulkTimedDosPktDropEntry 2 } bulkTimedDosPktDropNiId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The NI identifier." ::= { bulkTimedDosPktDropEntry 3 } bulkTimedDosPktDropMsrId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The MeasureId identifier." ::= { bulkTimedDosPktDropEntry 4 } bulkTimedDosPktDropEndTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The absolute end time when the duration for intended action expires." ::= { bulkTimedDosPktDropEntry 5 } internalVLANId OBJECT-TYPE SYNTAX INTEGER (0..4095) MAX-ACCESS read-write STATUS current DESCRIPTION "This object identifies the VLAN ID to be used by the sensor to tag any untagged pkts on Rx, and untag them on Tx. It must not match any other VLAN ID assigned for the customer network. Default: 4095 " ::= { dosConfigGrp 9 } --This group contians MIB objects for configuration of packet logging. --The identifies the IP address of the server --receiving packets that the Sensor logs when detecting attacks. --The identifies the TCP port on this server --that receives the logged packets. pktLogGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 15 } pktLogServerIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "IP Address" ::= { pktLogGrp 1 } pktLogServerPort OBJECT-TYPE SYNTAX Integer32 (1..10000) MAX-ACCESS read-write STATUS current DESCRIPTION "TCP Port on which the pkt log server can receive packet logs from the IntruShield IDS." ::= { pktLogGrp 2 } pktLogMaxPacketsPerFlow OBJECT-TYPE SYNTAX Integer32 (0..64000) MAX-ACCESS read-write STATUS current DESCRIPTION "Number of packets per flow which need to be logged, 0 means log entire flow. Default: 1000" ::= { pktLogGrp 3 } pktLogEncryptionEnable OBJECT-TYPE SYNTAX INTEGER { enable (1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object can be used to enable encryption of packet log channel. RC4 will be used for encryption. Default: enable (1)" ::= { pktLogGrp 4 } pktLogServerIPv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "IPv6 Address of the ISM to which the logs need to be delivered. ISM should set either the Ipv4 or the Ipv6 address." ::= { pktLogGrp 5 } --This group contians MIB objects for configuration of alert throttling. pktAlertThrottleGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 16 } pktAlertThrottleGlobalThreshold OBJECT-TYPE SYNTAX INTEGER (1..32) MAX-ACCESS read-write STATUS current DESCRIPTION "Once this threshold is exceeded, sensor will only send one summary alert for all addresses (srcip's and destip's) that match the attackid/vidsid. Default: 10" ::= { pktAlertThrottleGrp 1 } pktAlertThrottleInterval OBJECT-TYPE SYNTAX INTEGER (1..3600) MAX-ACCESS read-write STATUS current DESCRIPTION "If the number of alerts exceeds the amount configured in pktAlertThrottleThreshold or pktAlertThrottleGlobalThreshold in pktAlertThrottleInterval seconds, alerts will be throttled. Units are in seconds. Default: 120 seconds" ::= { pktAlertThrottleGrp 2 } pktAlertThrottleAction OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object can be used to enable and disable alert throttling. Default: enable(1)" ::= { pktAlertThrottleGrp 3 } pktAlertThrottleThreshold OBJECT-TYPE SYNTAX INTEGER (1..25) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the number of alerts that need to be sent before sensor starts to throttle the alerts. For example if this value is 10, it will send the first 10 alerts with the following key: attackid/vidsid/srcip/destip. This parameters will use the pktAlertThrottleInterval as the interval. Default: 5" ::= { pktAlertThrottleGrp 4 } pktAlertCorrelationTime OBJECT-TYPE SYNTAX INTEGER (1..20) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the time that the sensor will correlate multiple signatures for a single attack and only send the signature with the lowest benign trigger probability. Default: 5 secs" ::= { pktAlertThrottleGrp 5 } sslConfigGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 17 } sslSessionCacheLifetime OBJECT-TYPE SYNTAX INTEGER (0..4294967296) MAX-ACCESS read-write STATUS current DESCRIPTION "Duration in minutes for which the SSL Session is kept alive, inspite of no SSL data transfer between the client/server . Default: 5" ::= { sslConfigGrp 1 } sslSupportAction OBJECT-TYPE SYNTAX INTEGER (0..100000) MAX-ACCESS read-write STATUS current DESCRIPTION "This object can be used to enable support for specific ssl flow count (non 0) and disable SSL (0) on sensor. Sensor reboot is typically required to activate support of requested flow count. EMS must check for max requested ssl flows based on product type: I4000: 100K, I2600: 25K , I1200: not supported. Default: not supported (0)" ::= { sslConfigGrp 2 } sslSupportStatus OBJECT-TYPE SYNTAX INTEGER (0..100000) MAX-ACCESS read-only STATUS current DESCRIPTION "This object can be used to get SSL support status on sensor. It will show 0 if disabled, or a non 0 value indicating the ssl flow count currently supported. User must reboot sensor to ensure that requested flow count is actually supported by sensor. EMS must check for max supported ssl flows based on product type: I4000: 100K, I2600: 25K , I1200: not supported. Default: not supported (0)" ::= { sslConfigGrp 3 } sslSessionRemoveCerts OBJECT-TYPE SYNTAX INTEGER { reset (0) } MAX-ACCESS read-write STATUS current DESCRIPTION "Delete all ssl certs, thereby terminating decryption of related ssl traffic, but leave ssl support enabled within sensor." ::= { sslConfigGrp 4 } sslPktLoggingEnable OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies if sensor should log decrypted SSL packets or not. Default: 2, disabled" ::= { sslConfigGrp 5 } sslModesofOperation OBJECT-TYPE SYNTAX INTEGER{ disable (0), inbound-known-key-only(1), outbound-proxy-only (2), inbound-proxy-only (3), inbound-and-outbound-proxy (4), inbound-known-key-and-outbound-proxy (5) } MAX-ACCESS read-write STATUS current DESCRIPTION "Determines the SSL decryption direction and method. disable(0) - No SSL decryption performed for traffic. inbound known key only(1) - Only Inbound SSL decryption using RSA key exchange. outbound proxy only(2) - Only Outbound SSL using MITM proxy inbound proxy only(3) - Only Inbound SSL using MITM Proxy inbound and outbound proxy(4) - Inbound and Outbound proxy using MITM Proxy inbound known key and outbound proxy(5) - Inbound using RSA key exchange and Outbound using MITM Proxy Default: disable (0)" ::= { sslConfigGrp 6 } sslSessionCacheLifetimeOutbound OBJECT-TYPE SYNTAX INTEGER (0..4294967296) MAX-ACCESS read-write STATUS current DESCRIPTION "Duration in minutes for which the SSL Session is kept alive, inspite of no SSL data transfer between the client/server. This setting will be applied for SSL traffic in Outbound direction. This is not applicable on I-series and M-series Default: 5" ::= { sslConfigGrp 7 } sslPktLoggingOutboundEnable OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies if sensor should log decrypted SSL packets or not on the Outbound direction. This is not applicable on I-series and M-series Default: 2, disabled" ::= { sslConfigGrp 8 } sslProxyOutboundUnknownServerCertificate OBJECT-TYPE SYNTAX INTEGER { ignore (1), block (2), decrypt (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object will be used to configure the action that the sensor will need to take when the sensor is unable to verify the validaity of the certificate. This is not applicable on I-series and M-series Default: decrypt(3)" ::= { sslConfigGrp 9 } sslProxyOutboundUntrustedServerCertficate OBJECT-TYPE SYNTAX INTEGER { ignore (1), block (2), decrypt (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object will be used to configure the action that the sensor will need to take when the sensor receives an untrusted certificate from the external server. This could be either due to certificate not being trusted by any root CA, expired, revoked etc. This is not applicable on I-series and M-series Default: decrypt (3)" ::= { sslConfigGrp 10 } sslProxyOutboundUnsupportedCipherSuite OBJECT-TYPE SYNTAX INTEGER { ignore (1), block (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object will be used to configure the action that the sensor will need to take when an internal client sends a list of ciphers and the sensor does not support any of the cipher suite This is not applicable on I-series and M-series Default: ignore (1)" ::= { sslConfigGrp 11 } sslProxyInboundUnsupportedCipherSuite OBJECT-TYPE SYNTAX INTEGER { ignore (1), block (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This is reserved for future used. This object is not currently implemented. This object will be used to configure the action that the sensor will need to take when an external client sends a list of ciphers and the sensor does not support any of the cipher suite This is not applicable on I-series and M-series Default: ignore (1)" ::= { sslConfigGrp 12 } sslProxyOutboundUnsupportedServerCertificate OBJECT-TYPE SYNTAX INTEGER { ignore (1), block (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object will be used to configure the action that the sensor will need to take when the sensor encounters an unsupported server certificate in an outbound direction. This is not applicable on I-series and M-series Default: ignore (1)" ::= { sslConfigGrp 13 } sslProxyInboundUnsupportedServerCertificate OBJECT-TYPE SYNTAX INTEGER { ignore (1), block (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This is reserved for future used. This object is not currently implemented. This object will be used to configure the action that the sensor will need to take when the sensor encounters an unsupported server certificate in an inbound direction. This is not applicable on I-series and M-series Default: ignore (1)" ::= { sslConfigGrp 14 } maxSslFlowSupportedInSslDisableMode OBJECT-TYPE SYNTAX INTEGER (0..100000) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the max number of SSL flows supported when SSL is disabled on the sensor." ::= { sslConfigGrp 15 } maxFlowSupportedInSslDisableMode OBJECT-TYPE SYNTAX INTEGER (0..100000) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the max number of flows supported by sensor when SSL is disabled on the sensor." ::= { sslConfigGrp 16 } maxSslFlowSupportedInSslInboundLegacyMode OBJECT-TYPE SYNTAX INTEGER (0..100000) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the max number of SSL flows supported when SSL is enabled in inbound legacy mode." ::= { sslConfigGrp 17 } maxFlowSupportedInSslInboundLegacyMode OBJECT-TYPE SYNTAX INTEGER (0..100000) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the max number of flows supported by sensor when SSL is enabled in inbound legacy mode" ::= { sslConfigGrp 18 } maxSslFlowSupportedInSslOutboundMode OBJECT-TYPE SYNTAX INTEGER (0..100000) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the max number of SSL flows supported when SSL is enabled in outbound mode." ::= { sslConfigGrp 19 } maxFlowSupportedInSslOutboundMode OBJECT-TYPE SYNTAX INTEGER (0..100000) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the max number of flows supported by sensor when SSL is enabled in outbound mode" ::= { sslConfigGrp 20 } sslModesofOperationStatus OBJECT-TYPE SYNTAX INTEGER{ disable (0), inbound-known-key-only(1), outbound-proxy-only (2), inbound-proxy-only (3), inbound-and-outbound-proxy (4), inbound-known-key-and-outbound-proxy (5) } MAX-ACCESS read-only STATUS current DESCRIPTION "Provides current SSL decryption method used in Sensor for inbound traffic. disable(0) - No SSL decryption performed for traffic. inbound known key only(1) - Only Inbound SSL decryption using RSA key exchange. outbound proxy only(2) - Only Outbound SSL using MITM proxy inbound proxy only(3) - Only Inbound SSL using MITM Proxy inbound and outbound proxy(4) - Inbound and Outbound proxy using MITM Proxy inbound known key and outbound proxy(5) - Inbound using RSA key exchange and Outbound using MITM Proxy Default: disable (0)" ::= { sslConfigGrp 21 } sslProxyOutboundUnknownURLCategory OBJECT-TYPE SYNTAX INTEGER { ignore (1), decrypt (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object will be used to configure the action that the sensor will need to take when the sensor identifies an unknown url category in the ssl packet. This configuration is only supported in case of outbound ssl. This is not applicable on I-series and M-series Default: ignore (1)" ::= { sslConfigGrp 22 } sslShKeyDecryptEnable OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies if sensor should decrypt using shared keys from SSL probes. Default: 2, disabled" ::= { sslConfigGrp 23 } --- --- --- l2ConfigGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 18 } l2ModeEnable OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This specifies if sensor is configured to detect failure and go into L2 mode on exceeding cfg threshold within cfg duration. Default: 2, disabled" ::= { l2ConfigGrp 1 } l2ModeStatus OBJECT-TYPE SYNTAX INTEGER { layer2Mode(1), ipsMode(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object identifies the mode the sensor is currently in." ::= { l2ConfigGrp 2 } l2ModeCfgDuration OBJECT-TYPE SYNTAX INTEGER (1..60) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the time duration input criteria for enabling the sensor in layer2 mode. Default: 10 mins" ::= { l2ConfigGrp 3 } l2ModeCfgThreshold OBJECT-TYPE SYNTAX INTEGER (1..10) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the event frequency input criteria for enabling the sensor in layer2 mode. Default: 1" ::= { l2ConfigGrp 4 } l2ModeOccCount OBJECT-TYPE SYNTAX INTEGER (0..10) MAX-ACCESS read-only STATUS current DESCRIPTION "This object identifies the frequency of event occurence when ensor was last enabled in layer2 mode. " ::= { l2ConfigGrp 5 } l2ModeReason OBJECT-TYPE SYNTAX DisplayString (SIZE(0..127)) MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains reason for sensor to enter into Layer-2 mode." ::= { l2ConfigGrp 6 } -- acl Logging support on the Sensor aclLogAlertGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 19 } aclAlertLogging OBJECT-TYPE SYNTAX INTEGER { g-enable-dropped (1), g-enable-allowed (2), g-enable-all (3), enable-per-acl (4), disable (5) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies various ways to enable ACL Alert logging or disable it altogether. This is applicable on a sensor wide basis for all ports in inline mode. Default: disable (5)" ::= { aclLogAlertGrp 1 } aclAlertThrottleMaxIpPair OBJECT-TYPE SYNTAX INTEGER (1..32) MAX-ACCESS read-write STATUS current DESCRIPTION "Once this threshold is exceeded, sensor will only send one summary acl alert for all addresses (srcip's and destip's) that match the aclid/vidsid. Default: 10" ::= { aclLogAlertGrp 2 } aclAlertThrottleInterval OBJECT-TYPE SYNTAX INTEGER (1..3600) MAX-ACCESS read-write STATUS current DESCRIPTION "If the number of acl alerts exceeds the amount configured in aclAlertThrottleThreshold in aclAlertThrottleInterval seconds, alerts will be throttled. Units are in seconds. Default: 120 seconds" ::= { aclLogAlertGrp 3 } aclAlertThrottleAction OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object can be used to enable and disable acl alert throttling. Default: enable(1)" ::= { aclLogAlertGrp 4 } aclAlertThrottleThreshold OBJECT-TYPE SYNTAX INTEGER (1..25) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the number of alerts that need to be sent before sensor starts to throttle the alerts. For example if this value is 10, it will send the first 10 alerts with the following key: aclid/vidsid/srcip/destip. This parameters will use the aclAlertThrottleInterval as the interval. Default: 5" ::= { aclLogAlertGrp 5 } aclAlertDirectToSyslog OBJECT-TYPE SYNTAX INTEGER { sendViaNSM (1), sendDirect (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object can be used to enable sending acl logs directly to syslog viewer instead of sending it via NSM. Default: sendViaNSM (1)" ::= { aclLogAlertGrp 6 } --User authentication using TACACS+ tacacsPlusAuthGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 20 } enableTacacsPlusAuth OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object can be used to enable or disable user authentication & accounting using TACACS+. Default: disable (2)" ::= { tacacsPlusAuthGrp 1} enableTacacsPlusTrafficEncr OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object can be used to enable or disable encryption of TACACS+ traffic. Default: disable (2)" ::= { tacacsPlusAuthGrp 2} tacacsPlusEncrSecret OBJECT-TYPE SYNTAX DisplayString (SIZE(0..64)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the secret to be used in generating the encrypted TACACS+ traffic" ::= { tacacsPlusAuthGrp 3} tacacsPlusServerIPTable OBJECT-TYPE SYNTAX SEQUENCE OF TacacsPlusServerIPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains entries that specifiy the IP addresses of the TACACS+ servers" ::= { tacacsPlusAuthGrp 4} tacacsPlusServerIPEntry OBJECT-TYPE SYNTAX TacacsPlusServerIPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table entry specifies the IP address of the TACACS+ server" INDEX { tacIndex } ::= { tacacsPlusServerIPTable 1 } TacacsPlusServerIPEntry ::= SEQUENCE { tacIndex INTEGER, tacacsPlusServerIPAddr IpAddress } tacIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "Fixed index for the four TACACS+ Server entries. Valid values are [1,2,3,4] only." ::= { tacacsPlusServerIPEntry 1 } tacacsPlusServerIPAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the IP Address of the TACACS+ server" ::= { tacacsPlusServerIPEntry 2 } enableTacacsPlusAuthorization OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "To enable TACACS Plus authorization" ::= { tacacsPlusAuthGrp 5 } -- ipV6 support on sensor ipV6ConfigGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 21 } ipV6TrafficHandling OBJECT-TYPE SYNTAX INTEGER { dont-parse-block-inline (1), dont-parse-allow-inline (2), parse-and-detect-attacks (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object can be used to specify how the IPv6 traffic is handled on all ports of a sensor. dont-parse-block-inline - Traffic will not be subjected to IPS/IDS. On Inline ports, traffic will be blocked. dont-parse-allow-inline - Traffic will not be subjected to IPS/IDS. On Inline ports , traffic wll be allowed to go through the sensor. parse-and-detect-attacks - Parse and detect attacks in IPv6 traffic and pass the traffic on inline ports Default: dont-parse-allow-inline(2)" ::= { ipV6ConfigGrp 2} -- Host Quarantine Config Group -- hostQGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 22 } -- -- Host Quarantine Config Table -- -- This group conatins all MIB objects that specify the configuration for -- reconfiguring the hostQ. -- hostQConfigGrp OBJECT IDENTIFIER ::= { hostQGrp 1 } hostQFilterTimeOut OBJECT-TYPE SYNTAX INTEGER (5..60) MAX-ACCESS read-write STATUS obsolete DESCRIPTION "The number of minutes for which this entry should be in affect. Default: 5 minutes" ::= { hostQConfigGrp 1 } hostQDeleteAllFilters OBJECT-TYPE SYNTAX INTEGER { not-applicable(0), true(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "If set to not-applicable(0), applied filters are not deleted. If set to true (1) all filters are deleted. Default: not-applicable (0)" ::= { hostQConfigGrp 2 } -- -- Host Quarantine Bulk IPV4 Filter table -- -- This group defines filter entries that have been applied on the sensor in -- Inline mode. This table only supports GET-NEXT operations. All entries are -- read-only. The table will have a maximum of 1000 entries. -- hostQBulkFilterV4Table OBJECT-TYPE SYNTAX SEQUENCE OF HostQBulkFilterV4Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing entries for filters that are applied on the \ sensor in Inline mode. This table supports only GET-NEXT operations" ::= { hostQGrp 2 } hostQBulkFilterV4Entry OBJECT-TYPE SYNTAX HostQBulkFilterV4Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indexed by sequence number." INDEX { hostQBulkFilterIndexV4 } ::= { hostQBulkFilterV4Table 1 } HostQBulkFilterV4Entry ::= SEQUENCE { hostQBulkFilterIndexV4 INTEGER, hostQBulkFilterSrcIPAddrV4 IpAddress, hostQBulkFilterVidsIdV4 INTEGER, hostQBulkFilterAttackIdV4 INTEGER, hostQBulkFilterEndTimeV4 Unsigned32, hostQBulkFilterQRStatusV4 INTEGER, hostQBulkFilterMPEReplyMsgV4 INTEGER, hostQBulkFilterMonPortIdV4 TrellixPortLinearIndex, hostQBulkFilterEZIdV4 INTEGER } hostQBulkFilterIndexV4 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Index which uniquely identifies the V4 filter rule" ::= { hostQBulkFilterV4Entry 1 } hostQBulkFilterSrcIPAddrV4 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Source IPV4 Address." ::= { hostQBulkFilterV4Entry 2 } hostQBulkFilterVidsIdV4 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "This objects returns the vids id for which this filter was applied." ::= { hostQBulkFilterV4Entry 3 } hostQBulkFilterAttackIdV4 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "This objects returns the attack id for which this filter was applied." ::= { hostQBulkFilterV4Entry 4 } hostQBulkFilterEndTimeV4 OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "This objects returns the filter expiry time in UTC format " ::= { hostQBulkFilterV4Entry 5 } hostQBulkFilterQRStatusV4 OBJECT-TYPE SYNTAX INTEGER { hostQuarantined-local(1), hostUnderRemediation-local(2), hostQuarantined-mpe(4), hostQuarantined-both(5), hostUnderRemediation-local-hostQuarantined-mpe(6), hostUnderRemediation-mpe(8), hostQuarantined-local-hostUnderRemediation-mpe(9), hostUnderRemediation-both(10) } MAX-ACCESS read-only STATUS current DESCRIPTION "This objects returns the host quarantine and remediation action status." ::= { hostQBulkFilterV4Entry 6 } hostQBulkFilterMPEReplyMsgV4 OBJECT-TYPE SYNTAX INTEGER { notApplicable(0), managedHost(1), unmanagedHost(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This objects returns the message returned by the MPE server." ::= { hostQBulkFilterV4Entry 7 } hostQBulkFilterMonPortIdV4 OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS read-only STATUS current DESCRIPTION "This objects returns the monitoring linear port index on which the attack was detected for the quarantined host." ::= { hostQBulkFilterV4Entry 8 } hostQBulkFilterEZIdV4 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "This objects returns the applied NAZ Id for the quarantined host." ::= { hostQBulkFilterV4Entry 9 } -- -- Host Quarantine Bulk IPV6 Filter table -- -- This group defines filter entries that have been applied on the sensor in -- Inline mode. This table only supports GET-NEXT operations. All entries are -- read-only. The table will have a maximum of 1000 entries. -- hostQBulkFilterV6Table OBJECT-TYPE SYNTAX SEQUENCE OF HostQBulkFilterV6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing entries for IPv6 filters that are applied on the sensor in Inline mode." ::= { hostQGrp 3 } hostQBulkFilterV6Entry OBJECT-TYPE SYNTAX HostQBulkFilterV6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indexed by sequence number." INDEX { hostQBulkFilterIndexV6 } ::= { hostQBulkFilterV6Table 1 } HostQBulkFilterV6Entry ::= SEQUENCE { hostQBulkFilterIndexV6 INTEGER, hostQBulkFilterSrcIPAddrV6 Ipv6Address, hostQBulkFilterVidsIdV6 INTEGER, hostQBulkFilterAttackIdV6 INTEGER, hostQBulkFilterEndTimeV6 Unsigned32, hostQBulkFilterQRStatusV6 INTEGER, hostQBulkFilterMPEReplyMsgV6 INTEGER, hostQBulkFilterMonPortIdV6 TrellixPortLinearIndex } hostQBulkFilterIndexV6 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Index which uniquely identifies the IPv6 filter rule." ::= { hostQBulkFilterV6Entry 1 } hostQBulkFilterSrcIPAddrV6 OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-only STATUS current DESCRIPTION "Source IPV6 Address." ::= { hostQBulkFilterV6Entry 2 } hostQBulkFilterVidsIdV6 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "This objects returns the vids id for which this filter was applied." ::= { hostQBulkFilterV6Entry 3 } hostQBulkFilterAttackIdV6 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "This objects returns the attack id for which this filter was applied." ::= { hostQBulkFilterV6Entry 4 } hostQBulkFilterEndTimeV6 OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "This objects returns the filter expiry time in UTC format." ::= { hostQBulkFilterV6Entry 5 } hostQBulkFilterQRStatusV6 OBJECT-TYPE SYNTAX INTEGER { hostQuarantined-local(1), hostUnderRemediation-local(2), hostQuarantined-mpe(4), hostQuarantined-both(5), hostUnderRemediation-local-hostQuarantined-mpe(6), hostUnderRemediation-mpe(8), hostQuarantined-local-hostUnderRemediation-mpe(9), hostUnderRemediation-both(10) } MAX-ACCESS read-only STATUS current DESCRIPTION "This objects returns the host quarantine and remediation action status." ::= { hostQBulkFilterV6Entry 6 } hostQBulkFilterMPEReplyMsgV6 OBJECT-TYPE SYNTAX INTEGER { notApplicable(0), managedHost(1), unmanagedHost(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This objects returns the message returned by the MPE server." ::= { hostQBulkFilterV6Entry 7 } hostQBulkFilterMonPortIdV6 OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS read-only STATUS current DESCRIPTION "This objects returns the monitoring linear port index on which the attack was detected for the quarantined Ipv6 host." ::= { hostQBulkFilterV6Entry 8 } -- -- Host Quarantine Never Deny V4 Table -- hostQNeverDenyV4Table OBJECT-TYPE SYNTAX SEQUENCE OF HostQNeverDenyV4Entry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "Table defines ipaddresses from which traffic is never blocked. Typically user will add all the critical network elements like routers, servers, etc." ::= { hostQGrp 4 } hostQNeverDenyV4Entry OBJECT-TYPE SYNTAX HostQNeverDenyV4Entry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "Indexed by hostQNeverDenyIpAddress. Supports up to 100 entries." INDEX {hostQNeverDenyIpAddressV4 } ::= { hostQNeverDenyV4Table 1 } HostQNeverDenyV4Entry ::= SEQUENCE { hostQNeverDenyIpAddressV4 IpAddress, hostQNeverDenyActionV4 RowStatus } hostQNeverDenyIpAddressV4 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "The ipV4 address from which traffic will never be blocked." ::= { hostQNeverDenyV4Entry 1 } hostQNeverDenyActionV4 OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS obsolete DESCRIPTION "This object is to user to add and delete rows in to the table." ::= { hostQNeverDenyV4Entry 2 } -- -- Host Quarantine Never Deny V6 Table -- hostQNeverDenyV6Table OBJECT-TYPE SYNTAX SEQUENCE OF HostQNeverDenyV6Entry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "Table defines ipaddresses from which traffic is never blocked. Typically user will add all the critical network elements like routers, servers, etc." ::= { hostQGrp 5 } hostQNeverDenyV6Entry OBJECT-TYPE SYNTAX HostQNeverDenyV6Entry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "Indexed by hostQNeverDenyIpAddress. Supports up to 100 entries." INDEX {hostQNeverDenyIpAddressV6 } ::= { hostQNeverDenyV6Table 1 } HostQNeverDenyV6Entry ::= SEQUENCE { hostQNeverDenyIpAddressV6 Ipv6Address, hostQNeverDenyActionV6 RowStatus } hostQNeverDenyIpAddressV6 OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "The ipV6 address from which traffic will never be blocked." ::= { hostQNeverDenyV6Entry 1 } hostQNeverDenyActionV6 OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS obsolete DESCRIPTION "This object is to user to add and delete rows in to the table." ::= { hostQNeverDenyV6Entry 2 } -- -- Host Quarantine User Define V4 Filter Table (does not support GET-NEXT operations) -- hostQUserDefFilterV4Table OBJECT-TYPE SYNTAX SEQUENCE OF HostQUserDefFilterV4Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table is used to add/delete/extend IPv4 filters on the sensor" ::= { hostQGrp 6 } hostQUserDefFilterV4Entry OBJECT-TYPE SYNTAX HostQUserDefFilterV4Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { hostQUserDefFilterSrcIpV4, hostQUserDefFilterVidsIdV4, hostQUserDefFilterAttackIdV4 } ::= { hostQUserDefFilterV4Table 1 } HostQUserDefFilterV4Entry ::= SEQUENCE { hostQUserDefFilterSrcIpV4 IpAddress, hostQUserDefFilterVidsIdV4 INTEGER, hostQUserDefFilterAttackIdV4 INTEGER, hostQUserDefFilterDurationV4 Unsigned32, hostQUserDefFilterActionV4 INTEGER, hostQUserDefFilterRemediationV4 TruthValue } hostQUserDefFilterSrcIpV4 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "Source IPV4 address." ::= { hostQUserDefFilterV4Entry 1 } hostQUserDefFilterVidsIdV4 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "Vids ID." ::= { hostQUserDefFilterV4Entry 2 } hostQUserDefFilterAttackIdV4 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "Attack ID." ::= { hostQUserDefFilterV4Entry 3 } hostQUserDefFilterDurationV4 OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "Filter duration" ::= { hostQUserDefFilterV4Entry 4 } hostQUserDefFilterActionV4 OBJECT-TYPE SYNTAX INTEGER { not-applicable (0), add (1), delete (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to add(1) will add the entry." ::= { hostQUserDefFilterV4Entry 5 } hostQUserDefFilterRemediationV4 OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to TRUE, will enable host rememdiation for the user defined quarantine rule. Default : FALSE" ::= { hostQUserDefFilterV4Entry 6 } -- -- Host Quarantine User Define V6 Filter Table -- hostQUserDefFilterV6Table OBJECT-TYPE SYNTAX SEQUENCE OF HostQUserDefFilterV6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table is used to add/delete/extend IPv6 filters on the sensor" ::= { hostQGrp 7 } hostQUserDefFilterV6Entry OBJECT-TYPE SYNTAX HostQUserDefFilterV6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX {hostQUserDefFilterSrcIpV6, hostQUserDefFilterVidsIdV6, hostQUserDefFilterAttackIdV6 } ::= { hostQUserDefFilterV6Table 1 } HostQUserDefFilterV6Entry ::= SEQUENCE { hostQUserDefFilterSrcIpV6 Ipv6Address, hostQUserDefFilterVidsIdV6 INTEGER, hostQUserDefFilterAttackIdV6 INTEGER, hostQUserDefFilterDurationV6 Unsigned32, hostQUserDefFilterActionV6 INTEGER } hostQUserDefFilterSrcIpV6 OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS not-accessible STATUS current DESCRIPTION "Source IPV6 address." ::= { hostQUserDefFilterV6Entry 1 } hostQUserDefFilterVidsIdV6 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "Vids ID." ::= { hostQUserDefFilterV6Entry 2 } hostQUserDefFilterAttackIdV6 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "Attack ID." ::= { hostQUserDefFilterV6Entry 3 } hostQUserDefFilterDurationV6 OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "Filter duration" ::= { hostQUserDefFilterV6Entry 4 } hostQUserDefFilterActionV6 OBJECT-TYPE SYNTAX INTEGER { not-applicable (0), add (1), delete(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to add(1) will add the entry." ::= { hostQUserDefFilterV6Entry 5 } -- -- nmsGrp -- nmsGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 23 } nmsUserGrp OBJECT IDENTIFIER ::= { nmsGrp 1 } nmsUserTable OBJECT-TYPE SYNTAX SEQUENCE OF NMSUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " " ::= { nmsUserGrp 1 } nmsUserEntry OBJECT-TYPE SYNTAX NMSUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry specified is indexed by . Additonaly it contains the " INDEX { nmsUserName } ::= { nmsUserTable 1 } NMSUserEntry ::= SEQUENCE { nmsUserName DisplayString, nmsAuthKey DisplayString, nmsEncrKey DisplayString, nmsUserChangeAction RowStatus } nmsUserName OBJECT-TYPE SYNTAX DisplayString (SIZE(8..31)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "UserName nms (in this entry)." ::= { nmsUserEntry 1 } nmsAuthKey OBJECT-TYPE SYNTAX DisplayString (SIZE(8..15)) MAX-ACCESS read-write STATUS current DESCRIPTION "NMS Auth Key" ::= { nmsUserEntry 2 } nmsEncrKey OBJECT-TYPE SYNTAX DisplayString (SIZE(8..15)) MAX-ACCESS read-write STATUS current DESCRIPTION "NMS Encryption Key." ::= { nmsUserEntry 3 } nmsUserChangeAction OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object used for user to add and delete rows in to the table" ::= { nmsUserEntry 4 } nmsDeleteAllUsers OBJECT-TYPE SYNTAX INTEGER { true(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This action object deletes all user entries in the nmsUserTable." ::= { nmsUserGrp 2 } nmsCommitUserEntryChanges OBJECT-TYPE SYNTAX INTEGER { true(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This action object commits all the changes made to the user entries in the nmsUserTable." ::= { nmsUserGrp 3 } nmsIpGrp OBJECT IDENTIFIER ::= { nmsGrp 2 } nmsIpTable OBJECT-TYPE SYNTAX SEQUENCE OF NMSIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " " ::= { nmsIpGrp 1 } nmsIpEntry OBJECT-TYPE SYNTAX NMSIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry specified is indexed by . Additonaly it contains the " INDEX { nmsIpAddress } ::= { nmsIpTable 1 } NMSIpEntry ::= SEQUENCE { nmsIpAddress IpAddress, nmsIpChangeAction RowStatus } nmsIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "UserName nms (in this entry)." ::= { nmsIpEntry 1 } nmsIpChangeAction OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object used for user to add and delete rows in to the table." ::= { nmsIpEntry 2 } nmsIpv6Table OBJECT-TYPE SYNTAX SEQUENCE OF NMSIpv6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION " " ::= { nmsIpGrp 2 } nmsIpv6Entry OBJECT-TYPE SYNTAX NMSIpv6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry specified is indexed by . " INDEX { nmsIpv6Address } ::= { nmsIpv6Table 1 } NMSIpv6Entry ::= SEQUENCE { nmsIpv6Address Ipv6Address, nmsIpv6ChangeAction RowStatus } nmsIpv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS not-accessible STATUS current DESCRIPTION "IPv6 address of the system having SNMP access to the sensor" ::= { nmsIpv6Entry 1 } nmsIpv6ChangeAction OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object used for user to add and delete rows in to the table." ::= { nmsIpv6Entry 2 } -- -- mpeGrp -- mpeGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 24 } mpeConfigGrp OBJECT IDENTIFIER ::= { mpeGrp 1 } mpeQRScope OBJECT-TYPE SYNTAX INTEGER { unmanaged-hosts(1), all-hosts(2) } MAX-ACCESS read-write STATUS obsolete DESCRIPTION "This object describes about the MPE Quarantine and Remediation scope. The value 'unmanaged-hosts', indicates that the MPE interface port based quarantine and remediation action is applicable only to the MPE server's unmanaged host and the value 'all-hosts' indicate that the MPE interface port based qarantine and remediation action is applicable to all the hosts, independent of MPE server. Default: unmanaged-hosts(1) " ::= { mpeConfigGrp 1 } mpeThrottleTimeout OBJECT-TYPE SYNTAX INTEGER (5..300) MAX-ACCESS read-write STATUS obsolete DESCRIPTION " This depicts the MPE throttling timeout in seconds. Default: 120" ::= { mpeConfigGrp 2 } mpeInstallConfigGrp OBJECT IDENTIFIER ::= { mpeConfigGrp 3 } mpeIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The ipaddress of the MPE server" ::= { mpeInstallConfigGrp 1 } mpeAnonymousPort OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The Anonymous SSL port on MPE server Default: 8443" ::= { mpeInstallConfigGrp 2 } mpeTrustedSSLPort OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The Trusted SSL port on MPE server Default: 8444" ::= { mpeInstallConfigGrp 3 } mpeePOCred OBJECT-TYPE SYNTAX DisplayString (SIZE(3..100)) MAX-ACCESS read-write STATUS current DESCRIPTION "ePO credentials in the form of username:password" ::= { mpeInstallConfigGrp 4 } mpeAnonymousURI OBJECT-TYPE SYNTAX DisplayString (SIZE(10..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "URI of the MPE server which listens on Anonymous SSL port" ::= { mpeInstallConfigGrp 5 } mpeTrustedURI OBJECT-TYPE SYNTAX DisplayString (SIZE(10..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "URI of the MPE server which listens on Trusted SSL port" ::= { mpeInstallConfigGrp 6 } mpeInstallConfigAction OBJECT-TYPE SYNTAX INTEGER { install(1), deinstall(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes about the possible MPE Install configuration actions." ::= { mpeInstallConfigGrp 7 } mpeInstallConfigStatus OBJECT-TYPE SYNTAX INTEGER { installInProgress (1), installed (2), deinstallInProgress (3), deinstalled (4), certReqFailure(5), sSLError(6), httpRespError(7), mpeURIError(8), ePOCredError(9), mpeServerError(10), mpeTimeoutError(11) } MAX-ACCESS read-only STATUS current DESCRIPTION "This describes the possible MPE install configuration states. Default : deinstalled (4)" ::= { mpeInstallConfigGrp 8 } mpeRootCertStatus OBJECT-TYPE SYNTAX INTEGER { not-found(0), found(1) } MAX-ACCESS read-only STATUS current DESCRIPTION " This object informs whether the MPE Root Certificate file is present on the sensor." ::= { mpeConfigGrp 4 } mpeDeleteRootCert OBJECT-TYPE SYNTAX INTEGER { delete(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to remove the MPE Root Certificate from the sensor. Deletion of the MPE root certificate succeeds only when the MPE is not yet installed." ::= { mpeConfigGrp 5 } mnacHealthLevelListenPort OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure/retrieve the trusted health level message listen port on the sensor, on which MNAC communication happens asynchronously. Default: 8445" ::= { mpeConfigGrp 6 } mnacConnectivityFailureTimeout OBJECT-TYPE SYNTAX INTEGER (30..120) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure/retrieve the MNAC connectivity failure in seconds. Default: 32" ::= { mpeConfigGrp 7 } mnacAgentGUIDPort OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure/retrieve the agent GUID request listen port on the MNAC Agent, to which the intrushield sensor would send the agent GUID request. Default: 8444" ::= { mpeConfigGrp 8 } mpeExcludedMacTable OBJECT-TYPE SYNTAX SEQUENCE OF MPEExcludedMacEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION " " ::= { mpeGrp 2 } mpeExcludedMacEntry OBJECT-TYPE SYNTAX MPEExcludedMacEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "Each entry specified is indexed by MAC Adress. " INDEX { mpeMacAddress } ::= { mpeExcludedMacTable 1 } MPEExcludedMacEntry ::= SEQUENCE { mpeMacAddress MacAddress, mpeMacChangeAction RowStatus } mpeMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "Mac address to be excluded from Mpe processing (Floater Mac)" ::= { mpeExcludedMacEntry 1 } mpeMacChangeAction OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS obsolete DESCRIPTION "This object used for user to add and delete rows in to the table." ::= { mpeExcludedMacEntry 2 } -- -- remediationGrp -- remediationGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 25 } remediationConfigGrp OBJECT IDENTIFIER ::= { remediationGrp 1 } remediationTimeout OBJECT-TYPE SYNTAX INTEGER (15..60) MAX-ACCESS read-write STATUS obsolete DESCRIPTION "Time in minutes for which the hosts needs to be quarantined so that it can be remediated. Default: 30" ::= { remediationConfigGrp 2 } -- ez (enforcement zone) Logging support on the Sensor ezLogAlertGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 26 } ezAlertLogging OBJECT-TYPE SYNTAX INTEGER { g-enable-dropped (1), g-enable-allowed (2), g-enable-all (3), enable-per-acl (4), disable (5) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies various ways to enable EZ(enforcement zone) alert logging or disable it altogether. This is applicable on a sensor wide basis for all ports in inline mode. Default: disable (5)" ::= { ezLogAlertGrp 1 } ezAlertThrottleMaxIpPair OBJECT-TYPE SYNTAX INTEGER (1..32) MAX-ACCESS read-write STATUS current DESCRIPTION "Once this threshold is exceeded, sensor will only send one summary ez alert for all addresses (srcip's and destip's) that match the aclid/vidsid. Default: 10" ::= { ezLogAlertGrp 2 } ezAlertThrottleInterval OBJECT-TYPE SYNTAX INTEGER (1..3600) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the enforcement zone alert throttle interval. Default: 120 seconds" ::= { ezLogAlertGrp 3 } ezAlertThrottleAction OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object can be used to enable and disable ez alert throttling. Default: enable(1)" ::= { ezLogAlertGrp 4 } ezAlertThrottleThreshold OBJECT-TYPE SYNTAX INTEGER (1..25) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the number of alerts that need to be sent before sensor starts to throttle the ez alerts. For example if this value is 10, it will send the first 10 ez alerts with the following key: aclid/vidsid/srcip/destip. This parameters will use the ezAlertThrottleInterval as the interval. Default: 5" ::= { ezLogAlertGrp 5 } ezAlertDirectToSyslog OBJECT-TYPE SYNTAX INTEGER { sendViaNSM (1), sendDirect (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object can be used to enable sending EZ logs directly to syslog viewer instead of sending it via NSM. Default: sendViaNSM (1)" ::= { ezLogAlertGrp 6 } nbadGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 27 } nbadConfigGrp OBJECT IDENTIFIER ::= { nbadGrp 1 } nbadSensorIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The ipaddress of the NBAD server to which all the collected flowrecords would be sent." ::= { nbadConfigGrp 1 } nbadSensorPort OBJECT-TYPE SYNTAX INTEGER (1024..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The port on which the NBAD server is listening for flow records." ::= { nbadConfigGrp 2 } nbadIPSPriMonPortId OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS read-write STATUS current DESCRIPTION "This object contains the primary IPS monitoring linear port index to be used to send flow records to the NBAD sensor." ::= { nbadConfigGrp 3 } nbadIPSSecMonPortId OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS read-write STATUS current DESCRIPTION "This object contains the secondary IPS monitoring linear port index to be used to send flow records to the NBAD sensor. This monitoring port would be used only when the configured primary monitoring port cannot be utilised to send the flow records to the NBAD sensor." ::= { nbadConfigGrp 4 } nbadAppFingerPrintingEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object value if set to TRUE indicates that application finger printing is enabled. Default: False" ::= { nbadConfigGrp 5 } nbadOSFingerPrintingEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object value if set to TRUE indicates that OS finger printing is enabled. Default: False" ::= { nbadConfigGrp 6 } nbadSslFlowDataCaptureEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object value if set to TRUE indicates that ssl flow data capture is enabled. Default: False" ::= { nbadConfigGrp 7 } nbadFlowProtocolId OBJECT-TYPE SYNTAX INTEGER { netflow (1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object value set indicates the protocol type of the exported flow records. Default: netflow (1)" ::= { nbadConfigGrp 8 } nbadFlowProtocolVersion OBJECT-TYPE SYNTAX INTEGER { netFlowVersion9 (1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object value set indicates the protocol version of the exported flow records. Default: netFlowVersion9 (1)" ::= { nbadConfigGrp 9 } nbadCaptureTCP OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object value set indicates whether netflow capture for TCP flows is enabled or not. Default: enable (1)" ::= { nbadConfigGrp 10 } nbadCaptureUDP OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object value set indicates whether netflow capture for UDP flows is enabled or not. Default: enable (1)" ::= { nbadConfigGrp 11 } nbadCaptureICMP OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object value set indicates whether netflow capture for ICMP flows is enabled or not. Default: disable (2)" ::= { nbadConfigGrp 12 } hostDataGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 28 } hostDataTable OBJECT-TYPE SYNTAX SEQUENCE OF HostDataEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing entries for each discovered host. (indexed via hostDataIndex) This table contains Trellix specific MIB objects. " ::= { hostDataGrp 1 } hostDataEntry OBJECT-TYPE SYNTAX HostDataEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This MIB object contains all the columnar objects, that describe the contents of each discovered host. Indexed by hostDataIndex" INDEX { hostDataIndex } ::= { hostDataTable 1 } HostDataEntry ::= SEQUENCE { hostDataIndex INTEGER, hostIPAddress IpAddress, hostMacAddress MacAddress, hostDetectedDHCPMonPortId TrellixPortLinearIndex, hostName DisplayString, hostUpdatedTimeStamp INTEGER, hostAgentGuid DisplayString, hostNACStatus INTEGER, hostState INTEGER, hostDeploymentMode INTEGER, hostHealthLevel INTEGER, hostEZId INTEGER, hostUserName DisplayString, hostPolicyId INTEGER, hostDetectedTimeStamp INTEGER, hostOSInfo DisplayString, hostMNACAgentOSInfo DisplayString, hostActive TruthValue, hostDetectedStdMonPortId TrellixPortLinearIndex, hostDetectionType INTEGER, hostUserAuthProtocol INTEGER, hostSwitchId INTEGER, hostSwitchPortId INTEGER, hostSwitchPortGroupId INTEGER, hostQuarantineVlanId INTEGER, hostProductionVlanId INTEGER, nasIpAddress IpAddress, nasGroupObjectId INTEGER, userGroupObjectId INTEGER, deviceProfileString DisplayString, hostOperationalMode INTEGER, hostEnforcementAction INTEGER, flexiblePolicyRuleId INTEGER } hostDataIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The index of the Host Data Entry" ::= { hostDataEntry 1 } hostIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The ipaddress of the detected host." ::= { hostDataEntry 2 } hostMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The MAC address of the detected host." ::= { hostDataEntry 3 } hostDetectedDHCPMonPortId OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The monitoring interface linear port index over which the host was detected in DHCP mode." ::= { hostDataEntry 4 } hostName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..16)) MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the detected host." ::= { hostDataEntry 5 } hostUpdatedTimeStamp OBJECT-TYPE SYNTAX INTEGER (0..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "The time of the host getting updated last. This would be zero intilially at the time of host getting detected." ::= { hostDataEntry 6 } hostAgentGuid OBJECT-TYPE SYNTAX DisplayString (SIZE(0..16)) MAX-ACCESS read-only STATUS current DESCRIPTION "The agent GUID of the detected host." ::= { hostDataEntry 7 } hostNACStatus OBJECT-TYPE SYNTAX INTEGER { managed (1), unmanaged (2), unmanageable (3), unknown (4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The detected host NAC status." ::= { hostDataEntry 8 } hostState OBJECT-TYPE SYNTAX INTEGER { preadmit-new (1), preadmit-sgap (2), preadmit-user-detect (3), preadmit-host-detect (4), preadmit-remediate (5), postadmit (6), postadmit-remediate (7), post-boot (8), ib-host-detect (9), ib-auth-wait (10), ib-host-sgap (11), ib-user-detect (12), ib-host-remediate (13), ib-host-admit (14), oob-host-admit (15), ib-host-offline (16) } MAX-ACCESS read-only STATUS current DESCRIPTION "The state of the detected host entry." ::= { hostDataEntry 9 } hostDeploymentMode OBJECT-TYPE SYNTAX INTEGER { dhcp (1), standard (2), hybrid (3), oob (4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The deployment mode of the detected host." ::= { hostDataEntry 10 } hostHealthLevel OBJECT-TYPE SYNTAX INTEGER (1..6) MAX-ACCESS read-only STATUS current DESCRIPTION "The health level of the detected host." ::= { hostDataEntry 11 } hostEZId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The applied enforcement zone id for the detected host." ::= { hostDataEntry 12 } hostUserName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The IBAC username of the detected host." ::= { hostDataEntry 13 } hostPolicyId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The IBAC policy id of the detected host." ::= { hostDataEntry 14 } hostDetectedTimeStamp OBJECT-TYPE SYNTAX INTEGER (0..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "The time of the host getting detected." ::= { hostDataEntry 15 } hostOSInfo OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The Operation system information of the detected host." ::= { hostDataEntry 16 } hostMNACAgentOSInfo OBJECT-TYPE SYNTAX DisplayString (SIZE(0..8)) MAX-ACCESS read-only STATUS current DESCRIPTION "The OS information of the detected host provided by the MNAC agent." ::= { hostDataEntry 17 } hostActive OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates whether the host is Active or not. If set to true, it indicates the host is active" ::= { hostDataEntry 18 } hostDetectedStdMonPortId OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The monitoring interface linear port index over which the host was detected in Standard mode." ::= { hostDataEntry 19 } hostDetectionType OBJECT-TYPE SYNTAX INTEGER { other (0), l2 (1), l3 (2), vpn (3), snmp (4), radiusMac (5), radius8021x (6), l3-snmp(7), l3-radiusMac(8), l3-radius8021x(9) } MAX-ACCESS read-only STATUS current DESCRIPTION "The detection type of the detected host. For OOB cases, this includes the discovery mechanism as well." ::= { hostDataEntry 20 } hostUserAuthProtocol OBJECT-TYPE SYNTAX INTEGER { authGuest (0), authRadius (1), authAD (2), authSelfReg (3), authADSGAP (4), auth8021xRadius (5) } MAX-ACCESS read-only STATUS current DESCRIPTION "Authentication type of the logged in IBAC user." ::= { hostDataEntry 21 } hostSwitchId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Switch instance ID on which host was detected in OOB mode." ::= { hostDataEntry 22 } hostSwitchPortId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Switch port ID on which host was detected in OOB mode" ::= { hostDataEntry 23 } hostSwitchPortGroupId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Switch port group ID on which host was detected in OOB mode" ::= { hostDataEntry 24 } hostQuarantineVlanId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Quarantine VLAN Id corresponding to the host which was detected in OOB mode." ::= { hostDataEntry 25 } hostProductionVlanId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Production VLAN Id corresponding to the host which was detected in OOB mode." ::= { hostDataEntry 26 } nasIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The Network Server Access Ipaddress of the switch where the host is connecting to." ::= { hostDataEntry 27 } nasGroupObjectId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Flexible policy Network Server Access Group Object Id for the host." ::= { hostDataEntry 28 } userGroupObjectId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Flexible policy User Group Object Id for the host." ::= { hostDataEntry 29 } deviceProfileString OBJECT-TYPE SYNTAX DisplayString (SIZE(0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "The device profile string provided by the third party device profiling ldap server for the host." ::= { hostDataEntry 30 } hostOperationalMode OBJECT-TYPE SYNTAX INTEGER { enforcement (1), audit (2), simulation (3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the operational mode for the host." ::= { hostDataEntry 31 } hostEnforcementAction OBJECT-TYPE SYNTAX INTEGER { deny (1), allow (2), custom-enforce (3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the kind of enforcement done for the host." ::= { hostDataEntry 32 } flexiblePolicyRuleId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "This indicates the flexible policy rule for the host." ::= { hostDataEntry 33 } hostConfigGrp OBJECT IDENTIFIER ::= { hostDataGrp 2 } hostEntryAttribute OBJECT-TYPE SYNTAX INTEGER { ip (1), mac (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Host entry attribute to be considered for config action." ::= { hostConfigGrp 1 } hostEntryIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Host entry Ip address to be considered for config action." ::= { hostConfigGrp 2 } hostEntryMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Host entry Mac address to be considered for config action." ::= { hostConfigGrp 3 } hostEntryConfig OBJECT-TYPE SYNTAX INTEGER { delete-host (1), modify-naz (2), revert-naz (3), host-oob-to-inline (4), host-inline-to-oob (5) } MAX-ACCESS read-write STATUS current DESCRIPTION "Host entry config action." ::= { hostConfigGrp 4 } hostEntryEZId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "EZ-ID to be considered for modifying the NAZ of the given host entry." ::= { hostConfigGrp 5 } hostDataAvailabilityStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the availability of the hostData through SNMP. This information is useful immediately after the sensor reboot, as the Host Data even if present on the sensor would be available through SNMP only after the system health becomes GOOD, as the host data would be initialised only during the initial sigfile processing. True: Host Data available after the sensor initialisation or no persisted hostdata. False: In other scenarios. " ::= { hostDataGrp 3 } --This group contains MIB objects related to SGAP Configuration sgapGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 29 } sgapConfigGrp OBJECT IDENTIFIER ::= { sgapGrp 1 } sgapAuthTimeout OBJECT-TYPE SYNTAX INTEGER (10..600) MAX-ACCESS read-write STATUS current DESCRIPTION "Authentication channel timeout in seconds. Default: 30" ::= { sgapConfigGrp 1 } sgapCSRConfigGrp OBJECT IDENTIFIER ::= { sgapConfigGrp 2 } sgapCSRCountryName OBJECT-TYPE SYNTAX DisplayString (SIZE(1..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "Country name for generating the CSR. Use the two-letter code without punctuation for country like US or CA." ::= { sgapCSRConfigGrp 1 } sgapCSRStateProvince OBJECT-TYPE SYNTAX DisplayString (SIZE(1..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "State or Province name for generating the CSR. Spell out the state completely." ::= { sgapCSRConfigGrp 2 } sgapCSRLocality OBJECT-TYPE SYNTAX DisplayString (SIZE(1..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "City or town name for generating the CSR." ::= { sgapCSRConfigGrp 3 } sgapCSRCompany OBJECT-TYPE SYNTAX DisplayString (SIZE(1..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "Company name for generating the CSR. If the company name has symbols, spell out the symbol or omit it to enroll." ::= { sgapCSRConfigGrp 4 } sgapCSROrganizationalUnit OBJECT-TYPE SYNTAX DisplayString (SIZE(1..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "The organizational unit is the name of the department or organization unit making the request. This is an optional field" ::= { sgapCSRConfigGrp 5 } sgapCSRCommonName OBJECT-TYPE SYNTAX DisplayString (SIZE(1..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "The common name is the host plus domain name. It looks like www.company.com or company.com." ::= { sgapCSRConfigGrp 6 } sgapCSRGenerateAction OBJECT-TYPE SYNTAX INTEGER { other(0), generateCSR(1), generateSelfSigned(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This action is used to generate the CSR/self signed certificate. Default : other (0)" ::= { sgapCSRConfigGrp 7 } sgapCSRGenerateStatus OBJECT-TYPE SYNTAX INTEGER { other (0), generationInProgress (1), generationComplete (2), generationFailed (3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object describes the possible CSR generation states. Default : other (0)" ::= { sgapCSRConfigGrp 8 } sgapCertStatus OBJECT-TYPE SYNTAX INTEGER { other (0), certAbsent (1), defaultCert (2), selfsignedCert (3), casignedCert (4) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the sgap cert status on the sensor. Default: 0" ::= { sgapConfigGrp 3 } -- -- This group contains MIB objects related to threshold alarm and historical trends related configuration -- alarmAndTrendsGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 30 } sensorPerfAlertGrp OBJECT IDENTIFIER ::= { alarmAndTrendsGrp 1 } sensorPerfAlertEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to enable/disable generation of sensor performance alerts, for the purpose of historical trends. Default: false(2)" ::= { sensorPerfAlertGrp 1 } sensorPerfAlertDuration OBJECT-TYPE SYNTAX INTEGER (1..60) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the duration of sensor performance alerts in minutes, for the purpose of historical trends. Default: 5" ::= { sensorPerfAlertGrp 2 } sensorPerfAlertParameters OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the parameters of sensor performance alerts, for the purpose of historical trends. The parameter bit positions are as given below. msb-bit(1) : cpu-utilization, msb-bit(2) : tcpudp-flows, msb-bit(3) : sensor-throughput, msb-bit(4) : mon-port-data-rate, msb-bit(5) : reserved msb-bit(6) : reserved msb-bit(7) : system-memory, msb-bit(8) : packet-buffers, msb-bit(9) : decrypted-ssl-flows" ::= { sensorPerfAlertGrp 3 } alarmConfigGrp OBJECT IDENTIFIER ::= { alarmAndTrendsGrp 2 } alarmStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to enable/disable generation of threshold based alarms. Default: false(2)" ::= { alarmConfigGrp 1 } alarmDeleteAllEntries OBJECT-TYPE SYNTAX INTEGER { true(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to delete all alarm entries in a single operation." ::= { alarmConfigGrp 2 } alarmDuration OBJECT-TYPE SYNTAX INTEGER (1..60) MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the duration in minutes, at which the sensor needs to perform threshold checks and if required generate the specific alarm. Default : 1" ::= { alarmConfigGrp 3 } alarmTable OBJECT-TYPE SYNTAX SEQUENCE OF AlarmEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing entries for configured threshold based alarms. (indexed via alarmIndex) This table contains Trellix specific MIB objects. " ::= { alarmConfigGrp 4 } alarmEntry OBJECT-TYPE SYNTAX AlarmEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This MIB object contains all the columnar objects, that describe the contents of each threshold based alarm. Indexed by alarmIndex" INDEX { alarmIndex } ::= { alarmTable 1 } AlarmEntry ::= SEQUENCE { alarmIndex INTEGER, alarmSampleType INTEGER, alarmSampleTypeIndexBitmap OCTET STRING, alarmSampleTypeDesc DisplayString, alarmRaisingThreshold Unsigned32, alarmFallingThreshold Unsigned32, alarmStartupType INTEGER, alarmEntryStatus RowStatus } alarmIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of the threshold based alarm entry" ::= { alarmEntry 1 } alarmSampleType OBJECT-TYPE SYNTAX INTEGER { cpu-utilization-abs (0), tcpudp-flows (1), sensor-throughput-delta (2), mon-port-throughput-delta (3), sensor-l2-error-drop-delta (4), sensor-l3-l4-error-drop-delta (5), system-memory (6), packet-buffers (7), decrypted-ssl-flows (8) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the alarm sample type for which the sensor needs to generate alarms based on alarm threshold settings. The threshold value range vary based on the sample types : cpu-utilization-abs : 0 - 100, tcpudp-flows : 0 - 100, sensor-throughput-delta : 0 - 100, mon-port-throughput-delta : 0 - 100, l2-error-drop-delta : 0 - 4294967295, l3-l4-error-drop-delta : 0 - 4294967295, system-memory : 0 - 100, packet-buffers : 0 - 100, decrypted-ssl-flows : 0 - 100 " ::= { alarmEntry 2 } alarmSampleTypeIndexBitmap OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..16)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object provides the index bit map for the alarm sample type id. The bit setting would be similar to the BITS type and in network order. The bitmap would be as given below : cpu-utilization-abs - 0, sensor-throughput-delta - 0, mon-port-throughput-delta - Bit position indicates the sensor-l2-error-drop-delta - 0, sensor-l3-l4-error-drop-delta - 0 " ::= { alarmEntry 3 } alarmSampleTypeDesc OBJECT-TYPE SYNTAX DisplayString (SIZE(1..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object provides the alarm sample type description such as 'lower-band', 'higher-band', etc." ::= { alarmEntry 4 } alarmRaisingThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the raising threshold value. The sensor would generate raising threshold alarm when the sample type counter exceeds this value." ::= { alarmEntry 5 } alarmFallingThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the falling threshold value. The sensor would generate falling threshold alarm when the sample type counter reduces below this value." ::= { alarmEntry 6 } alarmStartupType OBJECT-TYPE SYNTAX INTEGER { raising (1), falling (2), both (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the first alarm type that the sensor must generate before generating the other threshold based alarm. For eg; if the value is set to 'raising (1)', then the sensor has to first raise an alarm based on raising threshold value and only then based on falling threshold value. Default : raising (1)" ::= { alarmEntry 7 } alarmEntryStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to create a new threshold based alarm." ::= { alarmEntry 8 } bwSavingStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to enable/disable bandwidth saving. Default: false(2)" ::= { alarmConfigGrp 5 } -- -- This group contains MIB objects applicable to NAC-only Appliances. -- oobnacGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 31 } -- Support for oobnacGrp is deprecated in V-series sensors(VmIPS). -- This group consists of scalars for pre-discovery phase and swInstanceTable(based on switch ID). oobnacSwDiscoveryGrp OBJECT IDENTIFIER ::= { oobnacGrp 1 } -- This table creates an entry for the switch (indexed based on switch id ). swInstanceTable OBJECT-TYPE SYNTAX SEQUENCE OF SwInstanceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing entries for each switch instance(indexed via switch id)." ::= { oobnacSwDiscoveryGrp 1 } swInstanceEntry OBJECT-TYPE SYNTAX SwInstanceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This MIB object contains all the attributes that are specific to the switch instance. Indexed by swIdIndex" INDEX { swIdIndex } ::= { swInstanceTable 1 } SwInstanceEntry ::= SEQUENCE { swIdIndex INTEGER, swDetDesc DisplayString, swProfileId INTEGER, swIPAddress IpAddress, swIPV6Address Ipv6Address, swName DisplayString, swDesc DisplayString, swEnable TruthValue, swSNMPsupport TruthValue, swSnmpVerSupport INTEGER, swREADCommunityStr DisplayString, swWRITECommunityStr DisplayString, swTRAPCommunityStr DisplayString, swSNMPPort INTEGER, swV3UserName DisplayString, swV3SecurityLevel INTEGER, swV3AuthProtocol INTEGER, swV3AuthKey DisplayString, swV3EncrProtocol INTEGER, swV3EncrKey DisplayString, swCLIsupport TruthValue, swCLINwProtocol INTEGER, swCLIUserName DisplayString, swCLIPwd DisplayString, swCLIEnablePwd DisplayString, swCLIAutoSaveConfig TruthValue, swRadiusSupport TruthValue, swRadiusSharedSecret DisplayString, swPlaceHolderVlan DisplayString, swUseDefaultQVlanPool TruthValue, swQVlanPoolRange DisplayString, swDiscoverAction RowStatus, swCLILoginType INTEGER, swAuthMacAddRadSrvOption TruthValue, swActionStatus INTEGER, swPortDefaultVlan INTEGER, swActionStatusTime INTEGER } swIdIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index" ::= { swInstanceEntry 1 } swDetDesc OBJECT-TYPE SYNTAX DisplayString(SIZE(0..256)) MAX-ACCESS read-write STATUS current DESCRIPTION "Description returned by the switch. " ::= { swInstanceEntry 2 } swProfileId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "switch profile id returned by the switch." ::= { swInstanceEntry 3 } swIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "IP address of the switch instance sent down from ISM when a new switch is being added." ::= { swInstanceEntry 4 } swIPV6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "IPV6 address of the switch instance sent down from ISM when a new switch is being added." ::= { swInstanceEntry 5 } swName OBJECT-TYPE SYNTAX DisplayString(SIZE(0..256)) MAX-ACCESS read-write STATUS current DESCRIPTION "Switch name returned by the switch." ::= { swInstanceEntry 6 } swDesc OBJECT-TYPE SYNTAX DisplayString(SIZE(0..256)) MAX-ACCESS read-write STATUS current DESCRIPTION "Switch name returned by the switch. This can be modified by ISM." ::= { swInstanceEntry 7 } swEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Option to enable/disable the specific switch upon discovery. The default value is enable(1)." ::= { swInstanceEntry 8 } swSNMPsupport OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Support for snmp communication between sensor and the switch.Currently the value always remains true." ::= { swInstanceEntry 9 } swSnmpVerSupport OBJECT-TYPE SYNTAX INTEGER { snmpv1(1), snmpv2(2), snmpv3(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "snmp version supported by the switch. The default will be version 2." ::= { swInstanceEntry 10 } swREADCommunityStr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "String used for all read-only snmp data communication between sensor and the switch. The default string is public." ::= { swInstanceEntry 11 } swWRITECommunityStr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "String used for all read-write snmp data communication between sensor and the switch." ::= { swInstanceEntry 12 } swTRAPCommunityStr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "community string used for the all the traps received from the switch." ::= { swInstanceEntry 13 } swSNMPPort OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "snmp port for snmp communication with the switch(161)." ::= { swInstanceEntry 14 } swV3UserName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..31)) MAX-ACCESS read-write STATUS current DESCRIPTION "User name for snmp v3 communication." ::= { swInstanceEntry 15 } swV3SecurityLevel OBJECT-TYPE SYNTAX INTEGER { noAuthNoPriv(1), authNoPriv(2), authPriv(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Level of security supported by the switch. The default value is authPriv(3)." ::= { swInstanceEntry 16 } swV3AuthProtocol OBJECT-TYPE SYNTAX INTEGER { mD5(1), sHA(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "protocol for authentication of the user. The default value is Md5(1)." ::= { swInstanceEntry 17 } swV3AuthKey OBJECT-TYPE SYNTAX DisplayString (SIZE(0..15)) MAX-ACCESS read-write STATUS current DESCRIPTION "Key for authentication of the user." ::= { swInstanceEntry 18 } swV3EncrProtocol OBJECT-TYPE SYNTAX INTEGER { dES(1), aES(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "protocol for encryption of snmp communication messages. The default value is DES(1)." ::= { swInstanceEntry 19 } swV3EncrKey OBJECT-TYPE SYNTAX DisplayString (SIZE(0..15)) MAX-ACCESS read-write STATUS current DESCRIPTION "key for encryting messages." ::= { swInstanceEntry 20 } swCLIsupport OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Support for CLI communication between sensor and the switch." ::= { swInstanceEntry 21 } swCLINwProtocol OBJECT-TYPE SYNTAX INTEGER { telnet(1), ssh(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "support for a command line interfaces network protocol such as TELNET or ssh. Default value is telnet(1)." ::= { swInstanceEntry 22 } swCLIUserName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "user name for CLI communication." ::= { swInstanceEntry 23 } swCLIPwd OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "password to authenticate CLI user." ::= { swInstanceEntry 24 } swCLIEnablePwd OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "Enable password to authenticate CLI user." ::= { swInstanceEntry 25 } swCLIAutoSaveConfig OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If this option is enabled then auto save CLI configuration changes to flash." ::= { swInstanceEntry 26 } swRadiusSupport OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Support for radius communication between sensor and the switch. The default value is enable(1)." ::= { swInstanceEntry 27 } swRadiusSharedSecret OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "A case-sensitive text string used to validate communications between two radius devices." ::= { swInstanceEntry 28 } swPlaceHolderVlan OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "special vlan value used for assigning qvlan value to an empty port." ::= { swInstanceEntry 29 } swUseDefaultQVlanPool OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Option to use globally set qvlan pool range." ::= { swInstanceEntry 30 } swQVlanPoolRange OBJECT-TYPE SYNTAX DisplayString (SIZE(0..30)) MAX-ACCESS read-write STATUS current DESCRIPTION "Qvlan pool range assigned for the switch instance." ::= { swInstanceEntry 31 } swDiscoverAction OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This action data will add a switch entry in the table. Default action is createAndGo(4)." ::= { swInstanceEntry 32 } swCLILoginType OBJECT-TYPE SYNTAX INTEGER { userPwd(1), pwdEnable(2), userPwdEnable(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Different login types supported for CLI. " ::= { swInstanceEntry 33 } swAuthMacAddRadSrvOption OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Support for option to authenticate MAC addresses against radius server.Default option is to disabled(0)." ::= { swInstanceEntry 34 } swActionStatus OBJECT-TYPE SYNTAX INTEGER { active(1), inactive(2), in-deletion-mode(3), in-addition-mode(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Variable to poll the status of the switch(in case sw goes down). " ::= { swInstanceEntry 35 } swPortDefaultVlan OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Variable used for updating port default vlan for universal control point (UCP)switches. For non-ucp switches the value will default to zero." ::= { swInstanceEntry 36 } swActionStatusTime OBJECT-TYPE SYNTAX INTEGER (0..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "Time when swActionStatus variable was updated." ::= { swInstanceEntry 37 } --Scalar for the pre-discovery phase. No entry is created for the switch during this time. -- Also scalars for switch snmp/cli test. swIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "IP address of the switch instance sent down from ISM when a new switch is being added." ::= { oobnacSwDiscoveryGrp 2 } swIpV6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "IPV6 address of the switch instance sent down from ISM when a new switch is being added." ::= { oobnacSwDiscoveryGrp 3 } readCommunityString OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "This string is used for all read-only snmp data communication between sensor and the switch. The default string is public." ::= { oobnacSwDiscoveryGrp 4 } snmpPort OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The default port on which snmp runs(161)." ::= { oobnacSwDiscoveryGrp 5 } snmpVerSupport OBJECT-TYPE SYNTAX INTEGER { snmpv1(1), snmpv2(2), snmpv3(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "snmp version supported by the switch. The default will be version 2." ::= { oobnacSwDiscoveryGrp 6 } writeCommunityStr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "String used for all read-write snmp data communication between sensor and the switch." ::= { oobnacSwDiscoveryGrp 7 } trapCommunityStr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "community string used for the all the traps received from the switch." ::= { oobnacSwDiscoveryGrp 8} v3UserName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..31)) MAX-ACCESS read-write STATUS current DESCRIPTION "User name for snmp v3 communication." ::= { oobnacSwDiscoveryGrp 9 } v3SecurityLevel OBJECT-TYPE SYNTAX INTEGER { noAuthNoPriv(1), authNoPriv(2), authPriv(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Level of security supported by the switch. The default value is authPriv(3)." ::= { oobnacSwDiscoveryGrp 10 } v3AuthProtocol OBJECT-TYPE SYNTAX INTEGER { mD5(1), sHA(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "protocol for authentication of the user. The default value is Md5(1)." ::= { oobnacSwDiscoveryGrp 11 } v3AuthKey OBJECT-TYPE SYNTAX DisplayString (SIZE(0..15)) MAX-ACCESS read-write STATUS current DESCRIPTION "Key for authentication of the user." ::= { oobnacSwDiscoveryGrp 12 } v3EncrProtocol OBJECT-TYPE SYNTAX INTEGER { dES(1), aES(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "protocol for encryption of snmp communication messages. The default value is DES(1)." ::= { oobnacSwDiscoveryGrp 13 } v3EncrKey OBJECT-TYPE SYNTAX DisplayString (SIZE(0..15)) MAX-ACCESS read-write STATUS current DESCRIPTION "key for encryting messages." ::= { oobnacSwDiscoveryGrp 14 } cliNwProtocol OBJECT-TYPE SYNTAX INTEGER { telnet(1), ssh(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "support for a command line interfaces network protocol such as TELNET or ssh. Default value is telnet(1)." ::= { oobnacSwDiscoveryGrp 15 } cliUserName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "user name for CLI communication." ::= { oobnacSwDiscoveryGrp 16} cliPwd OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "password to authenticate CLI user." ::= { oobnacSwDiscoveryGrp 17 } cliEnablePwd OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "Enable password to authenticate CLI user." ::= { oobnacSwDiscoveryGrp 18 } swQueryAction OBJECT-TYPE SYNTAX INTEGER { initialQuery(1), testSnmp(2), testCli(3), deleteAllSwEntries(4), reLearnSwitch(5) } MAX-ACCESS read-write STATUS current DESCRIPTION "action to get preliminary data (like sys uptime, sys description etc) from the switch. also to test cli and snmp." ::= { oobnacSwDiscoveryGrp 19} cliLoginType OBJECT-TYPE SYNTAX INTEGER { userPwd(1), pwdEnable(2), userPwdEnable(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Different login types supported for CLI. " ::= { oobnacSwDiscoveryGrp 20 } profileId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "switch profile id returned by the switch." ::= { oobnacSwDiscoveryGrp 21 } switchId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The sw global id used to re-learn the switch." ::= { oobnacSwDiscoveryGrp 22 } -- This group consists of scalars applicable to all switches. oobnacAllSwitchesGrp OBJECT IDENTIFIER ::= { oobnacGrp 2 } oobnDefaultQvlanPool OBJECT-TYPE SYNTAX DisplayString (SIZE(0..30)) MAX-ACCESS read-write STATUS current DESCRIPTION "default qvlan pool range assigned for the all switches using default qvlan pool." ::= { oobnacAllSwitchesGrp 1 } oobnacRadNumRetries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The default number of retries(3) allowed for radius users." ::= { oobnacAllSwitchesGrp 2 } oobnacRadRespTimeOut OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The default timeout value(3 seconds) for radius response timeout." ::= { oobnacAllSwitchesGrp 3 } -- -- OOB NAC Failover Group -- --This group contains objects that identify the OOB NAC failover configuration information -- oobnacFailoverGrp OBJECT IDENTIFIER ::= { oobnacGrp 3 } oobnacFloatingIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Floating Management Port IP Address." ::= { oobnacFailoverGrp 1 } oobnacFloatingIpv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "Floating Management Port IPv6 Address." ::= { oobnacFailoverGrp 2 } oobnacFloatingNetMask OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Floating Management Port Network mask as a IPAddress prefix." ::= { oobnacFailoverGrp 3 } oobnacFloatingv6NetMask OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Floating Management Port IPv6 Network mask as a IPAddress prefix." ::= { oobnacFailoverGrp 4 } oobnacFloatingGatewayIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Floating Management Port Gateway IP Address." ::= { oobnacFailoverGrp 5 } oobnacFloatingGatewayIpv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "Floating Management Port Gateway IP Address." ::= { oobnacFailoverGrp 6 } oobnacPeerIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Failover Peer Management Port IP Address." ::= { oobnacFailoverGrp 7 } oobnacPeerIpv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "Failover Peer Management Port IPv6 Address." ::= { oobnacFailoverGrp 8 } oobnacFailoverSensorStatus OBJECT-TYPE SYNTAX INTEGER { standalone (0), standby (1), active (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Status of the sensor in OOBNac failover." ::= { oobnacFailoverGrp 9 } -- -- This group contains Malware related MIB objects. These are applicable to -- all M-series except NAC-only appliances. -- malwareGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 32 } -- Support for malwarePriDNSServerIp is now deprecated in sensors using new MIB. malwarePriDNSServerIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS obsolete DESCRIPTION "IP address of the primary DNS server." ::= { malwareGrp 1 } -- Support for malwareSecDNSServerIp is now deprecated in sensors using new MIB. malwareSecDNSServerIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS obsolete DESCRIPTION "IP address of the secondary DNS server." ::= { malwareGrp 2 } -- Support for malwarePriDNSServerIpV6 is now deprecated in sensors using new MIB. malwarePriDNSServerIpV6 OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS obsolete DESCRIPTION "IPV6 address of the primary DNS server." ::= { malwareGrp 3 } -- Support for malwareSecDNSServerIpV6 is now deprecated in sensors using new MIB. malwareSecDNSServerIpV6 OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS obsolete DESCRIPTION "IPV6 address of the secondary DNS server." ::= { malwareGrp 4 } malwareRiskLevel OBJECT-TYPE SYNTAX INTEGER { veryLow(1), low(2), medium(3), high(4), veryHigh(5) } MAX-ACCESS read-write STATUS current DESCRIPTION " Malware risk level threshold value set by the user. The default level is Very Low." ::= { malwareGrp 5 } -- Support for malwareArtemisDetectionMode is deprecated in sensors using new MIB. malwareArtemisDetectionMode OBJECT-TYPE SYNTAX INTEGER { alertOnly(1), alertAndBlock(2), alertBlockAndTCP-Reset(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "artemis configuration to do either of the settings Alert only, Alert and Block or Alert, Block and TCP-Reset." ::= { malwareGrp 6 } -- Support for malwareUDFDetectionMode is deprecated in sensors using new MIB. malwareUDFDetectionMode OBJECT-TYPE SYNTAX INTEGER { alertOnly(1), alertAndBlock(2), alertBlockAndTCP-Reset(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "user-defined configuration to do either of the settings Alert only, Alert and Block or Alert, Block and TCP-Reset." ::= { malwareGrp 7 } gamEngSensorCfgGrp OBJECT IDENTIFIER ::= { malwareGrp 8 } gamEngSensorAutoUpdateConfig OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Enable / disable the Sensor auto update config. Default : True (Enable)" ::= { gamEngSensorCfgGrp 1} gamEngSensorAutoUpdateInterval OBJECT-TYPE SYNTAX INTEGER (90..1440) MAX-ACCESS read-write STATUS current DESCRIPTION "Sets the Sensor auto update Interval in minutes. Default : 90" ::= { gamEngSensorCfgGrp 2} gamEngVer OBJECT-TYPE SYNTAX DisplayString (SIZE(1..63)) MAX-ACCESS read-only STATUS current DESCRIPTION "Provides the current gam engine version available on sensor." ::= { gamEngSensorCfgGrp 3} gamDatVer OBJECT-TYPE SYNTAX DisplayString (SIZE(1..63)) MAX-ACCESS read-only STATUS current DESCRIPTION "Provides the current gam dat version available on sensor." ::= { gamEngSensorCfgGrp 4} avEngVer OBJECT-TYPE SYNTAX DisplayString (SIZE(1..63)) MAX-ACCESS read-only STATUS current DESCRIPTION "Provides the current AV engine version available on sensor." ::= { gamEngSensorCfgGrp 5 } avDatVer OBJECT-TYPE SYNTAX DisplayString (SIZE(1..63)) MAX-ACCESS read-only STATUS current DESCRIPTION "Provides the current AV dat version available on sensor." ::= { gamEngSensorCfgGrp 6} gamEngUpdatedTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Provides the time in UTC format when sensor had updated GAM engine successfully." ::= { gamEngSensorCfgGrp 7} gamManualFullUpdateFileUploadStatus OBJECT-TYPE SYNTAX INTEGER { readyForGAMUpdate (1), gAMUpdateTransferInProgress (2), gAMUpdateTransferError (3), gAMUpdateQueued (4), applyingGAMUpdate (5), gAMUpdateCompleted (6), gAMUpdateError (7) } MAX-ACCESS read-only STATUS current DESCRIPTION "Provides the current file upload status." ::= { gamEngSensorCfgGrp 8} --This group contains MIB objects related to Miscellaneous Configuration Group miscCfgGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 33 } jumboframeParsingConfig OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Configuration option to enable/disable jumboframe parsing. The new setting would be effective only after a sensor reboot. Default: disable" ::= {miscCfgGrp 1 } currentJumboframeParsingStatus OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The current running jumboframe parsing status." ::= {miscCfgGrp 2 } appIdStatsConfigStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object value if set to TRUE indicates that the appId stats collection is enabled for the sensor. Default: False" ::= { miscCfgGrp 3 } hitlessRebootStatus OBJECT-TYPE SYNTAX INTEGER { available (1), notavailable (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Status option to read whether hitless reboot is possible or not at this time." ::= {miscCfgGrp 4 } existingGeoDBFilename OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..256)) MAX-ACCESS read-only STATUS current DESCRIPTION "This specifies the name of geo database file present in sensor. NULL would be returned when there is no geo DB file on the sensor." ::= {miscCfgGrp 5 } nsmTrackUserLoggingStatus OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Configuration option to enable/disable NSM audit logging. Default: disable" ::= {miscCfgGrp 6 } accelerateFTPInboundConfig OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Configuration option to enable/disable accelerate ftp in inbound direction Default: false (2)" ::= {miscCfgGrp 7 } accelerateFTPOutboundConfig OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Configuration option to enable/disable accelerate ftp in outbound direction. Default: false (2)" ::= {miscCfgGrp 8 } parseTunnellingConfig OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Configuration option to enable/disable parsing of tunnelled packet. Default: false (2)" ::= {miscCfgGrp 9 } prev256ByteLoggingConfig OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Configuration option to enable/disable prev 256 byte logging. Default: false (2)" ::= {miscCfgGrp 10 } cliAuditLoggingConfig OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Configuration option to enable/disable cli audit logging through SNMP. Default: false (2)" ::= {miscCfgGrp 11 } snortRuleEngineConfig OBJECT-TYPE SYNTAX INTEGER { traditional (1), nextGeneration (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Configuration option to switch snort rule engine between traditional and next generation. The new setting would be effective only after a sensor reboot. Default: traditional" ::= {miscCfgGrp 12 } currentSnortRuleEngineStatus OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The current running snort rule engine on sensor." ::= {miscCfgGrp 13 } insightsTelemetryConfig OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Configuration option to enable/disable usage of configured telemetry data for Insights" ::= {miscCfgGrp 14} -- -- This group contains MIB objects applicable to Layer2 forwarding. -- layer2FwdGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 34 } -- This group consists of scalars for configuring layer2 fwd feature. layer2FwdCfgGrp OBJECT IDENTIFIER ::= { layer2FwdGrp 1 } layer2FwdType OBJECT-TYPE SYNTAX INTEGER { tcp (1), udp (2), vlan(3), all (4), ip (5) } MAX-ACCESS read-write STATUS current DESCRIPTION " Different modes for using layer2 forward feature." ::= { layer2FwdCfgGrp 1 } layer2IntfPort OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS read-write STATUS current DESCRIPTION "The intf linear port index of the sensor for the mode chosen." ::= { layer2FwdCfgGrp 2 } layer2FwdAction OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2), clearAll(3) } MAX-ACCESS read-write STATUS current DESCRIPTION " Action to take for the specified port(s)." ::= { layer2FwdCfgGrp 3 } layer2FwdBeginId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION " Start port id(range 1-65535) for the mode selected(tcp/udp/vlan)." ::= { layer2FwdCfgGrp 4 } layer2FwdEndId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION " End port id(range 1-65535) for the mode selected(tcp/udp/vlan)." ::= { layer2FwdCfgGrp 5 } layer2FwdConfig OBJECT-TYPE SYNTAX INTEGER (0..7) MAX-ACCESS read-write STATUS current DESCRIPTION " Layer2 forward configuration to enable or disable this feature. Each bit represents the layer2 forward type. From the LSB the 1st bit for TCP, 2nd bit for UDP, 3rd bit for VLAN. Default will be 7, indicating this feature is enable" ::= { layer2FwdCfgGrp 6 } -- -- This table has entries for layer2Fwd TCP Table. -- layer2FwdTCPTable OBJECT-TYPE SYNTAX SEQUENCE OF Layer2FwdTCPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing TCP port ranges configured for L2 forwarding.(indexed via intf port number and entry number)." ::= { layer2FwdGrp 2 } layer2FwdTCPEntry OBJECT-TYPE SYNTAX Layer2FwdTCPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This MIB object contains all the attributes that are specific to the L2 fwd entry for TCP table. Indexed by intfPortLinearIndex and entry number." INDEX { tcpIntfPortIndex, tcpEntryIndex } ::= { layer2FwdTCPTable 1 } Layer2FwdTCPEntry ::= SEQUENCE { tcpIntfPortIndex TrellixPortLinearIndex, tcpEntryIndex INTEGER, tcpPortRange DisplayString } tcpIntfPortIndex OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The intfPort linear index" ::= { layer2FwdTCPEntry 1 } tcpEntryIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index" ::= { layer2FwdTCPEntry 2 } tcpPortRange OBJECT-TYPE SYNTAX DisplayString(SIZE(0..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "range for which L2 forwarding feature is enabled. " ::= { layer2FwdTCPEntry 3 } -- -- This table has entries for layer2Fwd UDP Table. -- layer2FwdUDPTable OBJECT-TYPE SYNTAX SEQUENCE OF Layer2FwdUDPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing UDP port ranges configured for L2 forwarding.(indexed via intfPortIndex and entry number)." ::= { layer2FwdGrp 3 } layer2FwdUDPEntry OBJECT-TYPE SYNTAX Layer2FwdUDPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This MIB object contains all the attributes that are specific to the L2 fwd entry for UDP table. Indexed by intfPortLinearIndex and entry number." INDEX { udpIntfPortIndex, udpEntryIndex } ::= { layer2FwdUDPTable 1 } Layer2FwdUDPEntry ::= SEQUENCE { udpIntfPortIndex TrellixPortLinearIndex, udpEntryIndex INTEGER, udpPortRange DisplayString } udpIntfPortIndex OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The intfPort linear index" ::= { layer2FwdUDPEntry 1 } udpEntryIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index" ::= { layer2FwdUDPEntry 2 } udpPortRange OBJECT-TYPE SYNTAX DisplayString(SIZE(0..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "range for which L2 forwarding feature is enabled. " ::= { layer2FwdUDPEntry 3 } -- -- This table has entries for layer2Fwd VLAN Table. -- layer2FwdVLANTable OBJECT-TYPE SYNTAX SEQUENCE OF Layer2FwdVLANEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing VLAN port ranges configured for L2 forwarding.(indexed via interface number and entry number)." ::= { layer2FwdGrp 4 } layer2FwdVLANEntry OBJECT-TYPE SYNTAX Layer2FwdVLANEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This MIB object contains all the attributes that are specific to the L2 fwd entry for VLAN table(indexed via intfPortLinearIndex and entry number)." INDEX { vlanIntfPortIndex, vlanEntryIndex } ::= { layer2FwdVLANTable 1 } Layer2FwdVLANEntry ::= SEQUENCE { vlanIntfPortIndex TrellixPortLinearIndex, vlanEntryIndex INTEGER, vlanPortRange DisplayString } vlanIntfPortIndex OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The intfPort linear index" ::= { layer2FwdVLANEntry 1 } vlanEntryIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry index " ::= { layer2FwdVLANEntry 2 } vlanPortRange OBJECT-TYPE SYNTAX DisplayString(SIZE(0..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "range for which L2 forwarding feature is enabled. Maximum vlan range supported on each interface is 4k. " ::= { layer2FwdVLANEntry 3 } layer2FwdIPTable OBJECT-TYPE SYNTAX SEQUENCE OF Layer2FwdIPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing IP protocol ranges configured for L2 forwarding.(indexed via intfPortIndex and entry number)." ::= { layer2FwdGrp 5 } layer2FwdIPEntry OBJECT-TYPE SYNTAX Layer2FwdIPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This MIB object contains all the attributes that are specific to the L2 fwd. entry for IP table. Indexed by intfPortLinearIndex and entry number." INDEX { ipIntfPortIndex, ipEntryIndex } ::= { layer2FwdIPTable 1 } Layer2FwdIPEntry ::= SEQUENCE { ipIntfPortIndex TrellixPortLinearIndex, ipEntryIndex INTEGER, ipPortRange DisplayString } ipIntfPortIndex OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The intfPort linear index" ::= { layer2FwdIPEntry 1 } ipEntryIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index" ::= { layer2FwdIPEntry 2 } ipPortRange OBJECT-TYPE SYNTAX DisplayString(SIZE(0..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "range for which L2 forwarding feature is enabled. " ::= { layer2FwdIPEntry 3 } --This group contains MIB objects related to ARP Configuration arpCfgGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 103 } arpSDEnable OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Option to enable/disable ARP Spoof Detection. Default: enable" ::= {arpCfgGrp 1 } --This group contains MIB objects related to ARP Configuration --This group contains MIB objects related to Packet Capture Configuration pktCapCfgGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 35 } pktCapMode OBJECT-TYPE SYNTAX INTEGER { disable (1), portModeEnable (2), fileModeEnable (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Option to select packet capture Mode. File mode is not supported in 6.x release. Default: disable" ::= {pktCapCfgGrp 1 } pktCapDuration OBJECT-TYPE SYNTAX INTEGER (0..315360000) MAX-ACCESS read-write STATUS current DESCRIPTION "The duration for which capture will be enabled.. Units are in seconds. Default: 120 seconds duration value 0 indicate indefinite capture till the capture is stopped. Default: 120" ::= { pktCapCfgGrp 2 } pktCapPmSpanPortForCapture OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS read-write STATUS current DESCRIPTION "Span linear port index for the capture: ISM also needs to verify that port should be configured as Span port. Applicable only for port mode capture. Zero indicates no port assigned. Default: 0" ::= { pktCapCfgGrp 3 } pktCapFmLocation OBJECT-TYPE SYNTAX INTEGER { manager (1), tftpServer (2), scpServer (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This will determine whether capture file is to be uploaded to manager, tftpServer or ScpServer. Note :Applicable only for file mode capture Default: manager" ::= {pktCapCfgGrp 4 } pktCapFmMaxSize OBJECT-TYPE SYNTAX INTEGER (1..100) MAX-ACCESS read-write STATUS current DESCRIPTION "The size of the maximum capture file. It will be configurable but to the maximum value of sensor define limit. Default: 100 MB for M8000, M6050, M4050, M3050 58 MB for N450, Wilson 40 MB for Eagle, Diablo Note :Applicable only for file mode capture" ::= { pktCapCfgGrp 5 } pktCapFmFUServerAddress OBJECT-TYPE SYNTAX OCTET STRING (SIZE(50)) MAX-ACCESS read-write STATUS current DESCRIPTION "File Upload server IPv4 / IPv6 address. Note :Applicable only for file mode capture" ::= { pktCapCfgGrp 6 } pktCapFmFUFileName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "This specifies the name of the file with the source path on the file upload server. This is optional. If not set, the filename used will be of the format '%DEVICE_NAME%-PacketCapture-%TimeStamp%. Note :Applicable only for file mode capture" ::= { pktCapCfgGrp 7 } pktCapFmFUSetting OBJECT-TYPE SYNTAX INTEGER { manual (1), automatic (2) } MAX-ACCESS read-write STATUS current DESCRIPTION " This option will determine whether user needs to initiate the file upload or it will be done automatically. Default: automatic Note :Applicable only for file mode capture" ::= {pktCapCfgGrp 8 } pktCapFilterFileName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Packet Capture Filter File Name send by NSM using secure TFTP channel" ::= {pktCapCfgGrp 9 } pktCapFilterFileTimeStamp OBJECT-TYPE SYNTAX INTEGER (0..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "Packet Capture FilterFile creationTimeStamp" ::= {pktCapCfgGrp 10 } pktCapFmSCPUserName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "SCP Server Username. Note :Applicable only for file mode capture and upload method is SCP" ::= {pktCapCfgGrp 12 } pktCapFmSCPPassword OBJECT-TYPE SYNTAX DisplayString (SIZE(0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "SCP Server Password. Note :Applicable only for file mode capture and upload method is SCP" ::= {pktCapCfgGrp 13 } pktCapCommandGrp OBJECT IDENTIFIER ::= { pktCapCfgGrp 11 } pktCapCmd OBJECT-TYPE SYNTAX INTEGER { start (1), stop (2), delete-filter-file(3), cancel(4), delete-pcap-file(5) } MAX-ACCESS read-write STATUS current DESCRIPTION "Option to start/stop packet capture feature and also to delete filter file. Default: stop" ::= {pktCapCommandGrp 1 } pktCapStatus OBJECT-TYPE SYNTAX INTEGER { running (1), not-running (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Option to access packet capture Status. Default: idle" ::= {pktCapCommandGrp 2 } packetCaptureFmFUControl OBJECT-TYPE SYNTAX INTEGER { start (1), stop (2), upload-to-NSM (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Option to control manual upload of the file. Note :Applicable only for file mode capture Default: stop" ::= {pktCapCommandGrp 3 } packetCaptureFmFileStatus OBJECT-TYPE SYNTAX INTEGER { fileUploadInProgress (1), fileExistNotUploaded (2), fileNotExist (3), fileUploadFailed (4), fileUploadDone (5), fileUploadNotStarted (6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Packet Capture File status. Note :Applicable only for file mode capture Default : fileUploadNotStarted" ::= {pktCapCommandGrp 4 } packetCaptureFmTest OBJECT-TYPE SYNTAX INTEGER { start (1), stop (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Option to test packet capture file upload function. Note :Applicable only for file mode capture Default: stop" ::= {pktCapCommandGrp 5 } packetCaptureFmTestStatus OBJECT-TYPE SYNTAX INTEGER { success (1), failure (2), resultNotValid (3), fileUploadServerConnectFailure (4), fileUploadServerConnectTimeout (5), fileUploadServerAuthenticationFailure (6), fileUploadInProgress (7) } MAX-ACCESS read-only STATUS current DESCRIPTION "Packet Capture File upload test status. Note :Applicable only for file mode capture Default : resultNotValid" ::= {pktCapCommandGrp 6 } dnsCfgGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 36 } priDNSServerIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "IP address of the primary DNS server." ::= { dnsCfgGrp 1 } secDNSServerIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "IP address of the secondary DNS server." ::= { dnsCfgGrp 2 } priDNSServerIpV6 OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "IPV6 address of the primary DNS server." ::= { dnsCfgGrp 3 } secDNSServerIpV6 OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "IPV6 address of the secondary DNS server." ::= { dnsCfgGrp 4 } dnsSearchList OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..1024)) MAX-ACCESS read-write STATUS current DESCRIPTION "This specifies the space separated list of search suffix for DNS lookup" ::= { dnsCfgGrp 5 } -- -- This table has entries for layer7DCap Table. -- layer7DCapConfigGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 37 } layer7DCapPercentageOfFlows OBJECT-TYPE SYNTAX INTEGER (1..100) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies percentage of flows allocated for L7 Dcap when layer7 DCap feature is enabled." ::= { layer7DCapConfigGrp 1 } layer7DCapBuffSize OBJECT-TYPE SYNTAX INTEGER (128..1500) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the size of the buffer to be captured when L7 Dap feature is enabled . . Default: 1500" ::= { layer7DCapConfigGrp 2 } layer7DCapMaxSupportedFlows OBJECT-TYPE SYNTAX INTEGER (1..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies maximum number of flows supported for L7 Dcap when L7 Dap feature is enabled ." ::= { layer7DCapConfigGrp 3 } interfacePhysicalPortGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 38 } intfPhysicalPortTable OBJECT-TYPE SYNTAX SEQUENCE OF IntfPhysicalPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing entries for each interface physical port (indexed via intfPhysicalPortIndex) on each sensor card (indexed via appropriate slotIndex). This table contains Trellix specific configuration objects. Tables that contain MIB objects borrowed from MIB-II are in the TRELLIX-SENSOR-PERF-MIB." ::= { interfacePhysicalPortGrp 1 } intfPhysicalPortEntry OBJECT-TYPE SYNTAX IntfPhysicalPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This MIB object contains all the columnar objects, that describe the contents of each interface physical port on each IntruShield sensor card. Indexed by slotIndex/intfPhysicalPortIndex" INDEX { slotIndex, intfPhysicalPortIndex } ::= { intfPhysicalPortTable 1 } IntfPhysicalPortEntry ::= SEQUENCE { intfPhysicalPortIfDescr DisplayString, intfPhysicalPortIfType TrellixIDSPortType, intfPhysicalPortIfAdminStatus INTEGER, intfPhysicalPortIfOperStatus INTEGER, intfPhysicalPortEnableFullDuplex TruthValue, intfPhysicalPortSpeed INTEGER, intfPhysicalPortSpeedConfig TrellixPortSpeed, -- was TrellixFEType, now deprecated intfPhysicalPortIsMcafeeConnector TruthValue, intfPhysicalPortAllowAnyConnector TruthValue, intfPhysicalPortCageType INTEGER, intfPhysicalPortGetMediaType INTEGER, intfPhysicalPortSetMediaType INTEGER, intfPhysicalPortMonPortIpAddress IpAddress, intfPhysicalPortMonPortNetMask IpAddress, intfPhysicalPortGatewayIpAddress IpAddress, intfPhysicalPortNbadConfigStatus TruthValue, intfPhysicalPortVlanId Integer32, intfPhysicalPortLBSerialNumber DisplayString, intfPhysicalPortLBPortNumber Integer32, intfPhysicalPortConnectorType INTEGER, intfPhysicalPortLinearIndex TrellixPortLinearIndex } intfPhysicalPortIfDescr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string containing information about the interface. Returns the string that is printed on the box." ::= { intfPhysicalPortEntry 1 } intfPhysicalPortIfType OBJECT-TYPE SYNTAX TrellixIDSPortType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of interface, distinguished according to the physical/link protocol(s) immediately 'below' the network layer in the protocol stack. For brevity, Trellix options are as specified by the TC, TrellixIDSPortType. However, the SNMP MIB-II - Interfaces MIB specifies many more valid options. See comments section for details. " ::= { intfPhysicalPortEntry 2 } intfPhysicalPortIfAdminStatus OBJECT-TYPE SYNTAX INTEGER { up (1), down (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The desired state of the interface. The testing(3) state indicates that no operational packets can be passed. Default: down" ::= { intfPhysicalPortEntry 3 } intfPhysicalPortIfOperStatus OBJECT-TYPE SYNTAX INTEGER { up (1), down (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current operational state of the interface. The testing(3) state indicates that no operational packets can be passed. Default: down" ::= { intfPhysicalPortEntry 4 } intfPhysicalPortEnableFullDuplex OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "True: Sets interface port to work as a full-duplex one. Otherwise as half-duplex. Default: True" ::= { intfPhysicalPortEntry 5 } intfPhysicalPortSpeed OBJECT-TYPE SYNTAX INTEGER { other (0), ten-Mbps (1), hundred-Mbps (2), one-Gbps(3), -- renamed from gig-Mbps ten-Gbps(4) -- support in M-series only } MAX-ACCESS read-only STATUS current DESCRIPTION "Get current speed/negotiation on the interface." ::= { intfPhysicalPortEntry 6 } intfPhysicalPortSpeedConfig OBJECT-TYPE SYNTAX TrellixPortSpeed -- was TrellixFEType, now deprecated MAX-ACCESS read-write STATUS current DESCRIPTION "Set desired speed/negotiation on the interface. Default values are as follows: I-Series - fixed-hundred-Mbps (infinity/hichborn/2x00(1a-3b) auto-gig-Mbps on 3000/4010/4000/2x00(4a,4b) M-Series - auto-ten-gig-Mbps on palomar/pyramid(1a-4b),auto-gig-Mbps(5a-8b) Default: see above" ::= { intfPhysicalPortEntry 7 } -- intfPhysicalPortIsMcafeeConnector support in M-series sensor only intfPhysicalPortIsMcafeeConnector OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True: connector is not inserted. True: connector is inserted in port and McAfee certified. False: connector is inserted and not McAfee certified. " ::= { intfPhysicalPortEntry 8 } -- intfPhysicalPortAllowAnyConnector support in M-series sensor only intfPhysicalPortAllowAnyConnector OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "True: Permit usage of any connector for port. False: Restrict usage to McAfee certified connector only. Default: False" ::= { intfPhysicalPortEntry 9 } -- intfPhysicalPortCageType support in M-series sensor only intfPhysicalPortCageType OBJECT-TYPE SYNTAX INTEGER { other (0), rJ-45 (1), rJ-11 (2), gBIC (3), sFP (4), xFP (5) } MAX-ACCESS read-only STATUS current DESCRIPTION "Physical connector cage type on sensor chassis panel." ::= { intfPhysicalPortEntry 10 } -- intfPhysicalPortGetMediaType support in M-series sensor only intfPhysicalPortGetMediaType OBJECT-TYPE SYNTAX INTEGER { none (0), optical (1), electrical (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Gets the media of the connector present in the port cage. None (0) if cage is empty." ::= { intfPhysicalPortEntry 11 } -- intfPhysicalPortSetMediaType support in M-series sensor only intfPhysicalPortSetMediaType OBJECT-TYPE SYNTAX INTEGER { optical(1), electrical (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Sets the media of the connector the user desired for the port. Default: optical" ::= { intfPhysicalPortEntry 12 } intfPhysicalPortMonPortIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure / retrieve the IPv4 address of the monitoring port. Default: 0.0.0.0" ::= { intfPhysicalPortEntry 13 } intfPhysicalPortMonPortNetMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure / retrieve netmask for the IPv4 address of the monitoring port. Default: 0.0.0.0" ::= { intfPhysicalPortEntry 14 } intfPhysicalPortGatewayIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure / retrieve the IPv4 address of the gateway. Default: 0.0.0.0" ::= { intfPhysicalPortEntry 15 } intfPhysicalPortNbadConfigStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object value if set to TRUE indicates that flow record generation to be sent to the NBAD server, is enabled over this monitoring port. Default: False" ::= { intfPhysicalPortEntry 16 } intfPhysicalPortVlanId OBJECT-TYPE SYNTAX Integer32 (0..2164326399) MAX-ACCESS read-write STATUS current DESCRIPTION "This MIB object indicates the Vlan ID of the VLAN to which the monitoring port is connected." ::= { intfPhysicalPortEntry 17 } intfPhysicalPortLBSerialNumber OBJECT-TYPE SYNTAX DisplayString (SIZE(1..80)) MAX-ACCESS read-only STATUS current DESCRIPTION "This MIB object indicates the manufacturer provided serial number of the Load Balancer switch to which the sensor port is connected." ::= { intfPhysicalPortEntry 18 } intfPhysicalPortLBPortNumber OBJECT-TYPE SYNTAX Integer32 (1..16) MAX-ACCESS read-only STATUS current DESCRIPTION "This MIB object returns the port number on the Load Balancer switch to which the sensor port is connected." ::= { intfPhysicalPortEntry 19 } -- intfPhysicalPortConnectorType support in R-series sensor only intfPhysicalPortConnectorType OBJECT-TYPE SYNTAX INTEGER { other (0), qSFP (1), sFP-plus (2), sFP-fiber (3), sFP-copper (4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Physical connector type plugged into the port cage." ::= { intfPhysicalPortEntry 20 } intfPhysicalPortLinearIndex OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS read-only STATUS current DESCRIPTION "This MIB object indicates the Linear Index of the monitoring port. This index is generated by the sensor appliance using the pair of slot index and the port index values. The other MIB tables would directly use this linear index, whereever applicable." ::= { intfPhysicalPortEntry 21 } -- -- This group has entries for GTI configuration. -- gtiConfigGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 39 } gtiProxyServerName OBJECT-TYPE SYNTAX DisplayString (SIZE(1..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "The proxy server name is the domain name of the HTTP proxy server in front of the sensor. It looks like www.company.com. It can also be the IP address of the HTTP proxy server. 0.0.0.0 is the default value" ::= { gtiConfigGrp 1 } gtiProxyPort OBJECT-TYPE SYNTAX Integer32 (0..10000) MAX-ACCESS read-write STATUS current DESCRIPTION "TCP Port on which the HTTP proxy server is listening. 0 is the default value" ::= { gtiConfigGrp 2 } gtiProxyUsername OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "The username to be used to connect to the HTTP proxy server." ::= { gtiConfigGrp 3 } gtiProxyPassword OBJECT-TYPE SYNTAX DisplayString (SIZE(0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "The password to be used to connect to the HTTP proxy server." ::= { gtiConfigGrp 4 } gtiConfigPrivateCloudGrp OBJECT IDENTIFIER ::= { gtiConfigGrp 5 } gtiPrivateCloudServerIPAddressType OBJECT-TYPE SYNTAX INTEGER { ip-v4 (4), ip-v6 (6) } MAX-ACCESS read-write STATUS current DESCRIPTION "Identifies the type of GTI Private Cloud Server IP Address. If set to ip-v4, then the gtiPrivateCloudServerIPv4Address object would be set else if this object is set to ip-v6, then the gtiPrivateCloudServerIPv6Address object would be set. " ::= { gtiConfigPrivateCloudGrp 1 } gtiPrivateCloudServerIPv4Address OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the IPv4 address of the GTI Private Cloud server. The gtiPrivateCloudServerIPv6Address would be zero if the current object is initialized." ::= { gtiConfigPrivateCloudGrp 2 } gtiPrivateCloudServerIPv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the IPv6 address of the GTI Private Cloud server. The gtiPrivateCloudServerIPv4Address would be zero if the current object is initialized." ::= { gtiConfigPrivateCloudGrp 3 } gtiPrivateCloudServerConnectionConfig OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2), reconnect (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to enable or disable or reconnect the Connection with the GTI Private Cloud Server. Default: 2, disable" ::= { gtiConfigPrivateCloudGrp 4 } gtiPrivateCloudServerDeleteCertificate OBJECT-TYPE SYNTAX INTEGER { delete (1), dont-delete (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to delete the GTI Private Cloud Server Certificate at the sensor. For deleting this certificate, the gtiPrivateCloudServerConnectionConfig should be disabled. DEFAULT: 2, dont-delete" ::= { gtiConfigPrivateCloudGrp 5 } gtiPrivateCloudServerCertificateStatus OBJECT-TYPE SYNTAX INTEGER { present (1), not-Present (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object is used to indicate the GTI Private Cloud server certificate status at the sensor" ::= { gtiConfigPrivateCloudGrp 6 } gtiPrivateCloudChannelStatus OBJECT-TYPE SYNTAX INTEGER { gtiPrivateCloud-TrustedSource-Channel-Down (0), gtiPrivateCloud-TrustedSource-Channel-InProgress (1), gtiPrivateCloud-TrustedSource-Channel-Established (2), gtiPrivateCloud-TrustedSource-Channel-Status-Unknown (3), gtiPrivateCloud-TrustedSource-Channel-Down-Error-In-Cert-ret(4), gtiPrivateCloud-Network-Issue (5) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object is used to indicate the gtiPrivateCloud channel status at the sensor" ::= { gtiConfigPrivateCloudGrp 7 } gtiUnifiedConfigGrp OBJECT IDENTIFIER ::= { gtiConfigGrp 6 } gtiFileRESTGTIType OBJECT-TYPE SYNTAX INTEGER { private-gti-server (1), public-gti-server (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to send type of GTI server to use for file reputation feature. DEFAULT: 2, public-gti-server" ::= { gtiUnifiedConfigGrp 1 } gtiFileRESTPublicGTIFQDN OBJECT-TYPE SYNTAX DisplayString (SIZE(1..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to send Name Server or FQDN of File Rep GTI server. Default value is NULL" ::= { gtiUnifiedConfigGrp 2 } gtiFileRESTUsername OBJECT-TYPE SYNTAX DisplayString (SIZE(1..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to send username for configured GTI server. It should be sent in both cases, public server and private server. Default value is NULL" ::= { gtiUnifiedConfigGrp 3 } gtiFileRESTPassword OBJECT-TYPE SYNTAX DisplayString (SIZE(1..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to send password for configured GTI server. It should be sent in both cases, public server and private server. Default value is NULL" ::= { gtiUnifiedConfigGrp 4 } gtiFileRESTConnectionConfig OBJECT-TYPE SYNTAX INTEGER { connect-private-gti-server (1), connect-public-gti-server (2), reconnect-private-gti-server (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to send action to take with the recieved config. Value 1 will be sent when config is changed to private GTI server first time. Value 2 will be sent when config is changed to public GTI server. Value 3 will be sent when private GTI server config is changed, given that private GTI server is enabled already. Default value: 2" ::= { gtiUnifiedConfigGrp 5 } gtiFileRESTPvtGTIIPType OBJECT-TYPE SYNTAX INTEGER { fqdn (1), ipv4 (4), ipv6 (6) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to send address type of configured GTI server. Default value: 4, IPv4" ::= { gtiUnifiedConfigGrp 6 } gtiFileRESTPvtGTIIPv4Address OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the IPv4 address of the GTI File-Rep REST Cloud server. The gtiFileRESTPvtGTIIPV6Address would be zero if the current object is initialized. Default Value: NULL" ::= { gtiUnifiedConfigGrp 7 } gtiFileRESTPvtGTIIPV6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the IPv6 address of the GTI File-Rep REST Cloud server. The gtiFileRESTPvtGTIIPv4Address would be zero if the current object is initialized. Default Value: NULL" ::= { gtiUnifiedConfigGrp 8 } ntpConfigGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 40 } ntpConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF NtpConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing entries for each NTP(Network Time Protocol) server that is specified (indexed via ntpServerIndex). A maximum of two entries will be supported. Valid ntpServerIndex values are 1 and 2." ::= { ntpConfigGrp 1 } ntpConfigEntry OBJECT-TYPE SYNTAX NtpConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry comprises the ntp client side configuration for each of the ntp servers specified." INDEX { ntpServerIndex } ::= { ntpConfigTable 1 } NtpConfigEntry ::= SEQUENCE { ntpConfigServerIPv4 IpAddress, ntpConfigServerIPv6 Ipv6Address, ntpConfigPollInterval INTEGER, ntpConfigAuthenticationEnable TruthValue, ntpConfigKeyId Integer32, ntpConfigKeyType INTEGER, ntpConfigKeyValue OCTET STRING } ntpConfigServerIPv4 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to specify the IPv4 address of the remote NTP server. Default: 0.0.0.0" ::= { ntpConfigEntry 1 } ntpConfigServerIPv6 OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to specify the IPv6 address of the remote NTP server." ::= { ntpConfigEntry 2 } ntpConfigPollInterval OBJECT-TYPE SYNTAX INTEGER (3..17) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the minimum poll interval. The value which is received represents the exponent of 2. If the received value is x then NTPD daemon process will calculate the min poll as 2^x seconds. Default: 6" ::= { ntpConfigEntry 3 } ntpConfigAuthenticationEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies if ntp server authentication is enabled or not for the specified ntp server. False : Authentication Disable True : Authentication Enable Default: False" ::= { ntpConfigEntry 4 } ntpConfigKeyId OBJECT-TYPE SYNTAX Integer32 (1..65534) MAX-ACCESS read-write STATUS current DESCRIPTION "This MIB object specifies the key id for the corresponding association between an ntp server and ntp client. This object is used only if ntp server authentication is enabled. Default: 1" ::= { ntpConfigEntry 5 } ntpConfigKeyType OBJECT-TYPE SYNTAX INTEGER { md5 (1), sha (2), sha1 (3), not-supported (4) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the key type for the corresponding key id. This object is used only if ntp server authentication is enabled. Default: MD5(1)" ::= { ntpConfigEntry 6 } ntpConfigKeyValue OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the symmetric key value for the corresponding key id. This object is used only if ntp server authentication is enabled." ::= { ntpConfigEntry 7 } ntpConfigFileCreate OBJECT-TYPE SYNTAX INTEGER { stop-ntpd (0), start-ntpd (1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to (create ntp.conf file and start)/(stop) ntpd process. Default: stop-ntpd (0)" ::= { ntpConfigGrp 2 } -- This group conatins all MIB objects that specify the configuration of -- the IntruShield pluggable modules. -- -- The object pluggableModuleTable within this group suggests that the MIB is -- designed to support pluggable modules that can contain more than one interface -- port. -- -- Support for pluggableModuleGrp is deprecated in V-series sensors(VmIPS). pluggableModuleGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 41 } pluggableModuleTable OBJECT-TYPE SYNTAX SEQUENCE OF PluggableModuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing entries for each pluggable Module (indexed via slotIndex)." ::= { pluggableModuleGrp 1 } pluggableModuleEntry OBJECT-TYPE SYNTAX PluggableModuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This MIB object contains all the columnar objects, that describe the contents of each pluggable module on each IntruShield sensor card. Indexed by slotIndex" INDEX { slotIndex } ::= { pluggableModuleTable 1 } PluggableModuleEntry ::= SEQUENCE { moduleSerialNumber DisplayString, moduleSysType TrellixPluggableModuleType, modulePresent TruthValue, moduleNumPorts INTEGER, moduleRebootRequired TruthValue } moduleSerialNumber OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "This object describes the Manufacturer-provided serial number of the pluggable module." ::= { pluggableModuleEntry 1 } moduleSysType OBJECT-TYPE SYNTAX TrellixPluggableModuleType MAX-ACCESS read-only STATUS current DESCRIPTION "This object describes the type of the module plugged in." ::= { pluggableModuleEntry 2 } modulePresent OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True: Indicates the module is present. Otherwise not present. Default: False" ::= { pluggableModuleEntry 3} moduleNumPorts OBJECT-TYPE SYNTAX INTEGER (0..12) MAX-ACCESS read-only STATUS current DESCRIPTION "This MIB object returns the number of ports in this module." ::= { pluggableModuleEntry 4 } moduleRebootRequired OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This MIB object returns whether a reboot is needed to apply the module. Default: False" ::= { pluggableModuleEntry 5 } -- -- insightixNetworkGrp -- insightixNetworkGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 42 } insightixCfgGrp OBJECT IDENTIFIER ::= { insightixNetworkGrp 1 } ldapServerIPAddressType OBJECT-TYPE SYNTAX INTEGER { ip-v4 (4), ip-v6 (6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Identifies the type of Insightix LDAP server IPAddress. If set to ip-v4, then the ldapServerIpv4Address object would be set else if this object is set to ip-v6, then the ldapServerIpv6Address object would be set. " ::= { insightixCfgGrp 1 } ldapServerIPv4Address OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The IPv4 address of the Insightix LDAP server" ::= { insightixCfgGrp 2 } ldapServerIPv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "IPv6 Address of the Insightix LDAP server." ::= { insightixCfgGrp 3 } ldapServerPort OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The ldap server listener port on the insightix server. If SSL is enabled, the standard portnum is 636, else if ssl is disabled, the standard portnum is 389. Default: 636" ::= { insightixCfgGrp 4 } ldapServerSSLConfig OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies if SSL is enabled for insightix ldap server. Default: 1, enable" ::= { insightixCfgGrp 5 } ldapServerBaseDN OBJECT-TYPE SYNTAX DisplayString (SIZE(3..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "Base Distinguished Name to be used for retrieving device profile information from the Insightix ldap server. Default : dc=insightix" ::= { insightixCfgGrp 6 } ldapServerUserName OBJECT-TYPE SYNTAX DisplayString (SIZE(3..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "UserName to be used for authenticating to the Insightix ldap server." ::= { insightixCfgGrp 7 } ldapServerPassword OBJECT-TYPE SYNTAX DisplayString (SIZE(3..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "Password to be used for authenticating to the Insightix ldap server." ::= { insightixCfgGrp 8 } ldapServerConfigAction OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes about the sensor's possible configuration actions with the insightix ldap server. Default: 2, disable" ::= { insightixCfgGrp 9 } ldapServerConfigStatus OBJECT-TYPE SYNTAX INTEGER { disConnected (1), inProgress (2), connected (3), sslError(4), baseDNError(5), credError(6), ldapServerError(7), ldapServerTimeoutError(8), ldapServerConnectionError(9) } MAX-ACCESS read-only STATUS current DESCRIPTION "This describes the sensor's possible insightix ldap server configuration states. Default : deinstalled (4)" ::= { insightixCfgGrp 10 } -------------------------------------------------- -- -- ntbaChannelCfgGrp -- ntbaChannelCfgGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 43 } ntbaServerIPAddressType OBJECT-TYPE SYNTAX INTEGER { ip-v4 (4), ip-v6 (6) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the IP address type of the mgmt port at the NTBA end" ::= { ntbaChannelCfgGrp 1 } ntbaServerIPv4Address OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the IPv4 address of the NTBA server. The ntbaServerIPv6Address would be zero if the current object is initialized" ::= { ntbaChannelCfgGrp 2 } ntbaServerIPv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the IPv6 address of the NTBA server. The ntbaServerIPv4Address would be zero if the current object is initialized" ::= { ntbaChannelCfgGrp 3 } ntbaServerPort OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the NTBA Server Listening TCP port Default: 8505" ::= { ntbaChannelCfgGrp 4 } ntbaServerConnectionConfig OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to enable or disable the TCP Connection with the NTBA server Default: 2, disable" ::= { ntbaChannelCfgGrp 5 } ntbaServerDeleteCertificate OBJECT-TYPE SYNTAX INTEGER { delete (1), dont-delete (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to delete the ntba Server Certificate at the sensor. For deleting this certificate, the ntbaServerConnectionConfig should be disabled. DEFAULT: 2, dont-delete" ::= { ntbaChannelCfgGrp 6 } ntbaServerCertificateStatus OBJECT-TYPE SYNTAX INTEGER { present (1), not-present (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object is used to indicate the NTBA server certificate status at the sensor" ::= { ntbaChannelCfgGrp 7 } ntbaShdKeySHAValue OBJECT-TYPE SYNTAX OCTET STRING (SIZE(128)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object contains the SHA1 hashed value of sensor name and sensormodel from NSM" ::= { ntbaChannelCfgGrp 8 } ntbaChannelStatus OBJECT-TYPE SYNTAX INTEGER { ntba-Channel-Down (0), ntba-Channel-InProgress (1), ntba-Channel-Established (2), ntba-Channel-Status-Unknown (3), ntba-Cert-Mismatch (4), ntba-Hash-Mismatch (5), ntba-Network-Issue (6) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object is used to indicate the NTBA SSL channel status at the sensor" ::= { ntbaChannelCfgGrp 9 } -------------------------------------------------- -- -- validEdgeChannelCfgGrp -- validEdgeChannelCfgGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 44 } validEdgeServerIPAddressType OBJECT-TYPE SYNTAX INTEGER { ip-v4 (4), ip-v6 (6) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the IP address type of the mgmt port at the validEdge end" ::= { validEdgeChannelCfgGrp 1 } validEdgeServerIPv4Address OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the IPv4 address of the validEdge server. The validEdgeServerIPv6Address would be zero if the current object is initialized" ::= { validEdgeChannelCfgGrp 2 } validEdgeServerIPv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the IPv6 address of the validEdge server. The validEdgeServerIPv4Address would be zero if the current object is initialized" ::= { validEdgeChannelCfgGrp 3 } validEdgeServerPort OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the validEdge Server Listening TCP port Default: 8505" ::= { validEdgeChannelCfgGrp 4 } validEdgeServerConnectionConfig OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to enable or disable the TCP Connection with the validEdge server Default: 2, disable" ::= { validEdgeChannelCfgGrp 5 } validEdgeServerDeleteCertificate OBJECT-TYPE SYNTAX INTEGER { delete (1), dont-delete (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to delete the validEdge Server Certificate at the sensor. For deleting this certificate, the validEdgeServerConnectionConfig should be disabled. DEFAULT: 2, dont-delete" ::= { validEdgeChannelCfgGrp 6 } validEdgeServerCertificateStatus OBJECT-TYPE SYNTAX INTEGER { present (1), not-present (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object is used to indicate the validEdge server certificate status at the sensor" ::= { validEdgeChannelCfgGrp 7 } validEdgeShdKeySHAValue OBJECT-TYPE SYNTAX OCTET STRING (SIZE(128)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object contains the SHA1 hashed value of sensor name and sensormodel from NSM" ::= { validEdgeChannelCfgGrp 8 } validEdgeChannelStatus OBJECT-TYPE SYNTAX INTEGER { validEdge-Channel-Down (0), validEdge-Channel-InProgress (1), validEdge-Channel-Established (2), validEdge-Channel-Status-Unknown (3), validEdge-Cert-Mismatch (4), validEdge-Hash-Mismatch (5), validEdge-Network-Issue (6), validEdge-Channel-Down-Error-In-Cert-ret(7), validEdge-Channel-Down-No-Config(8), validEdge-Channel-Down-Wrong-Config(9), validEdge-Channel-Down-Cert-Absent(10), validEdge-Channel-SSL-HandShake-Fail(11), validEdge-Channel-Down-Reason-Unknown(12), validEdge-Channel-Down-Config-Disable(13), validEdge-Channel-Down-Closed-By-NTBA(14), validEdge-Channel-Down-Large-Pkt-From-NTBA(15), validEdge-Channel-Down-Missed-KeepAlives(16), validEdge-Channel-Up-No-Reason(17) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object is used to indicate the validEdge SSL channel status at the sensor" ::= { validEdgeChannelCfgGrp 9 } validEdgeChannelGlobalUserId OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure global matd user id/profile id assigned to a sensor." ::= { validEdgeChannelCfgGrp 10 } validEdgeChannelGlobalUserName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(32)) MAX-ACCESS read-write STATUS current DESCRIPTION " This object is used to configure global matd user name/profile name assigned to a sensor." ::= { validEdgeChannelCfgGrp 11 } -------------------------------------------------- -- -- dxlCfgGrp -- dxlCfgGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 45 } dxlConfig OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Option to enable(1) or dissable(2) the DXL on Sensor." ::= {dxlCfgGrp 1 } epoCfgGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 46 } epoIPAddressType OBJECT-TYPE SYNTAX INTEGER { ip-v4 (4), ip-v6 (6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Identifies the type of EPO IPAddress. If set to ip-v4, then the epoIPAddress object would be set else if this object is set to ip-v6, then the epoIPv6Address object would be set." ::= { epoCfgGrp 1 } epoIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The IPv4 Address of the EPO Server" ::= { epoCfgGrp 2 } epoIPv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-only STATUS current DESCRIPTION "IPv6 Address of a EPO Server" ::= { epoCfgGrp 3 } epoPort OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The EPO port through which MA connects to EPO Server Default: 8443" ::= { epoCfgGrp 4 } epoCredUsername OBJECT-TYPE SYNTAX DisplayString (SIZE(3..100)) MAX-ACCESS read-write STATUS current DESCRIPTION "EPO server :username" ::= { epoCfgGrp 5 } epoCredPasswd OBJECT-TYPE SYNTAX DisplayString (SIZE(3..100)) MAX-ACCESS read-write STATUS current DESCRIPTION "EPO server :Password" ::= { epoCfgGrp 6 } epoAction OBJECT-TYPE SYNTAX INTEGER { connect (1), disconnect (2), reconnect (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This config object indicates the epo action (1-Connect, 2-Disconnect, 3-Reconnect) to be taken by all the dependent modules in the sensor." ::= { epoCfgGrp 7 } --User authentication using RADIUS radiusAuthGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 47 } radiusAuthConfig OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This action object can be used to enable/re-init or disable user authentication using RADIUS. The value of 'True/Enable' would be interpreted as 're-init', when the configuration is already set to True/Enable. Default: False (2)" ::= { radiusAuthGrp 1} radiusPrimaryServerIPAddrType OBJECT-TYPE SYNTAX INTEGER { ip-v4 (4), ip-v6 (6) } MAX-ACCESS read-write STATUS current DESCRIPTION "Identifies the type of IPAddress of the Primary Radius Server. If set to ip-v4, then the radiusPrimaryServerIPAddr object would be set else if this object is set to ip-v6, then the radiusPrimaryServerIPv6Addr object would be set." ::= { radiusAuthGrp 2 } radiusPrimaryServerIPAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the IPv4 Address of the Primary RADIUS server" ::= { radiusAuthGrp 3 } radiusPrimaryServerIPv6Addr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the IPv6 Address of the Primary RADIUS Server" ::= { radiusAuthGrp 4 } radiusPrimaryServerEncrSecret OBJECT-TYPE SYNTAX DisplayString (SIZE(0..64)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the secret to be used in generating the encrypted RADIUS traffic between the client and Primary Radius Server" ::= { radiusAuthGrp 5} radiusPriServerAuthPort OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the port on which Primary RADIUS Server is listening for authentication requests. Default: 1812" ::= { radiusAuthGrp 6} radiusPriServerAccConfig OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether accounting has to be enabled on the Primary Radius Server or not. Default: True (1)" ::= { radiusAuthGrp 7} radiusPriServerAccPort OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the port on which Primary RADIUS Server is listening for accounting requests. Default: 1813" ::= { radiusAuthGrp 8} radiusPriServerConnTimeOut OBJECT-TYPE SYNTAX INTEGER (1..60) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the time in seconds the client has to wait before it can contact the Backup RADIUS Server in case the Primary RADIUS Server fails. Default: 6" ::= { radiusAuthGrp 9} radiusBackupServerIPAddrType OBJECT-TYPE SYNTAX INTEGER { ip-v4 (4), ip-v6 (6) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the IP Address Type of the Backup RADIUS server" ::= { radiusAuthGrp 10 } radiusBackupServerIPAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the IPv4 Address of the Backup RADIUS server" ::= { radiusAuthGrp 11 } radiusBackupServerIPv6Addr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the IPv6 Address of the Backup RADIUS Server" ::= { radiusAuthGrp 12 } radiusBackupServerEncrSecret OBJECT-TYPE SYNTAX DisplayString (SIZE(0..256)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the secret to be used in generating the encrypted RADIUS traffic between the client and Backup Radius Server" ::= { radiusAuthGrp 13 } radiusBackupServerAuthPort OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the port on which Backup RADIUS Server is listening for authentication requests. Default: 1812" ::= { radiusAuthGrp 14} radiusBackupServerAccConfig OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether accounting has to be enabled on the Backup Radius Server or not. Default: True (1)" ::= { radiusAuthGrp 15} radiusBackupServerAccPort OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the port on which Backup RADIUS Server is listening for accounting requests. Default: 1813" ::= { radiusAuthGrp 16} radiusBackupServerConnTimeOut OBJECT-TYPE SYNTAX INTEGER (1..60) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the time in seconds before which the the sensor decides that the Backup server is not responding. Default: 6" ::= { radiusAuthGrp 17} sshAccessGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 48 } sshAccessCfgGrp OBJECT IDENTIFIER ::= { sshAccessGrp 1 } sshAccessControlStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Configuration option to enable/disable ssh access control list for ipv4. Default: false (2)" ::= {sshAccessCfgGrp 1 } sshAccessControlResetIpv4 OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Configuration option to to delete/reset the ssh access ipv4 contol list. Default: false (2)" ::= {sshAccessCfgGrp 2 } sshAccessLogSupport OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Configuration option to enable/disable ssh access messages logging support. Default: false (2)" ::= {sshAccessCfgGrp 3 } sshAccessControlResetIpv6 OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Configuration option to delete/reset ssh access control list for ipv6. Default: false (2)" ::= {sshAccessCfgGrp 4 } sshAccessNumIpv4Entries OBJECT-TYPE SYNTAX INTEGER (0..100) MAX-ACCESS read-only STATUS current DESCRIPTION "This object ranges from 1 to 100, as only a maximum of 100 entries are supported." ::= { sshAccessGrp 2 } sshAccessIpTable OBJECT-TYPE SYNTAX SEQUENCE OF SSHAccessIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " " ::= { sshAccessGrp 3 } sshAccessIpEntry OBJECT-TYPE SYNTAX SSHAccessIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry specified is indexed by . " INDEX { sshIpv4Index } ::= { sshAccessIpTable 1 } SSHAccessIpEntry ::= SEQUENCE { sshIpv4Index INTEGER, sshIpAddress IpAddress, sshMaskIpv4 INTEGER, sshAccessIpConfig RowStatus } sshIpv4Index OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object sshIpv4Index ranges from 1 to 100, It support only 100 entries." ::= { sshAccessIpEntry 1 } sshIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "IP Address of a SSH Access Control(ipv4)." ::= { sshAccessIpEntry 2 } sshMaskIpv4 OBJECT-TYPE SYNTAX INTEGER (1..32) MAX-ACCESS read-write STATUS current DESCRIPTION "Mask of a SSH Access Control(ipv4)." ::= { sshAccessIpEntry 3 } sshAccessIpConfig OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object used for user to add and delete rows in to the table." ::= { sshAccessIpEntry 4 } sshAccessNumIpv6Entries OBJECT-TYPE SYNTAX INTEGER (0..100) MAX-ACCESS read-only STATUS current DESCRIPTION "This object ranges from 1 to 100, as only a maximum of 100 entries are supported." ::= { sshAccessGrp 4 } sshAccessIpv6Table OBJECT-TYPE SYNTAX SEQUENCE OF SSHAccessIpv6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION " " ::= { sshAccessGrp 5 } sshAccessIpv6Entry OBJECT-TYPE SYNTAX SSHAccessIpv6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry specified is indexed by . " INDEX { sshIpv6Index } ::= { sshAccessIpv6Table 1} SSHAccessIpv6Entry ::= SEQUENCE { sshIpv6Index INTEGER, sshAccessIpv6Address Ipv6Address, sshAccessIpv6Mask INTEGER, sshAccessIpv6Config RowStatus } sshIpv6Index OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object sshIpv6Index range from 1 to 100, It support max 100 entries" ::= { sshAccessIpv6Entry 1 } sshAccessIpv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "IPv6 address for the ssh access control list" ::= { sshAccessIpv6Entry 2 } sshAccessIpv6Mask OBJECT-TYPE SYNTAX INTEGER (1..128) MAX-ACCESS read-write STATUS current DESCRIPTION "IPv6 Mask for the ssh access control list" ::= { sshAccessIpv6Entry 3 } sshAccessIpv6Config OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object used for user to add and delete rows in to the table." ::= { sshAccessIpv6Entry 4 } -------------------------------------------------- -- This group contains all MIB objects that specify the configuration of -- pluggable modules for the VSS Switch Load Balancer to be used in conjunction with -- existing MIB interfacePortGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 11 } which will be used as virtual interface port group of VSS switch. virtualPluggableModuleGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 49 } moduleOneNumPorts OBJECT-TYPE SYNTAX INTEGER (0..16) MAX-ACCESS read-write STATUS current DESCRIPTION "This MIB object returns the number of ports in the first module of VSS Box. To be used in conjunction with interfacePortGrp of { ivSensorConfigurationMIB 11 } to represent attributes of VSS switch virtual ports. Default: 0 (If the module is not inserted)" ::= { virtualPluggableModuleGrp 1 } moduleTwoNumPorts OBJECT-TYPE SYNTAX INTEGER (0..16) MAX-ACCESS read-write STATUS current DESCRIPTION "This MIB object returns the number of ports in the first module of VSS Box. To be used in conjunction with interfacePortGrp of { ivSensorConfigurationMIB 11 } to represent attributes of VSS switch virtual ports. Default: 0 (If the module is not inserted)" ::= { virtualPluggableModuleGrp 2 } -------------------------------------------------- -- -- sslProbeAccessGrp -- sslProbeAccessGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 51 } sslProbeAccessCfgGrp OBJECT IDENTIFIER ::= { sslProbeAccessGrp 1 } sslProbeAccessMaxAgentConn OBJECT-TYPE SYNTAX INTEGER (1..1024) MAX-ACCESS read-write STATUS current DESCRIPTION "Configuration option to restrict the total number of connections that the sensor can handle from the SSL Probes. Default: 1024" ::= {sslProbeAccessCfgGrp 1 } sslProbeAccessNumIpv4Entries OBJECT-TYPE SYNTAX INTEGER (0..64) MAX-ACCESS read-only STATUS current DESCRIPTION "This object ranges from 1 to 64, as only a maximum of 64 entries are supported." ::= { sslProbeAccessGrp 2 } sslProbeAccessIpTable OBJECT-TYPE SYNTAX SEQUENCE OF SSLProbeAccessIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " " ::= { sslProbeAccessGrp 3 } sslProbeAccessIpEntry OBJECT-TYPE SYNTAX SSLProbeAccessIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry specified is indexed by . " INDEX { sslProbeIpv4Index } ::= { sslProbeAccessIpTable 1 } SSLProbeAccessIpEntry ::= SEQUENCE { sslProbeIpAddress IpAddress, sslProbeMaskIpv4 INTEGER, sslProbeAccessIpConfig RowStatus } sslProbeIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "IP Address of a SSL Probe Access Control(ipv4)." ::= { sslProbeAccessIpEntry 1 } sslProbeMaskIpv4 OBJECT-TYPE SYNTAX INTEGER (1..32) MAX-ACCESS read-write STATUS current DESCRIPTION "Mask of a SSL Probe Access Control(ipv4)." ::= { sslProbeAccessIpEntry 2 } sslProbeAccessIpConfig OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object used for user to add and delete rows in to the table." ::= { sslProbeAccessIpEntry 3 } sslProbeAccessNumIpv6Entries OBJECT-TYPE SYNTAX INTEGER (0..64) MAX-ACCESS read-only STATUS current DESCRIPTION "This object ranges from 1 to 64, as only a maximum of 64 entries are supported." ::= { sslProbeAccessGrp 4 } sslProbeAccessIpv6Table OBJECT-TYPE SYNTAX SEQUENCE OF SSLProbeAccessIpv6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION " " ::= { sslProbeAccessGrp 5 } sslProbeAccessIpv6Entry OBJECT-TYPE SYNTAX SSLProbeAccessIpv6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry specified is indexed by . " INDEX { sslProbeIpv6Index } ::= { sslProbeAccessIpv6Table 1} SSLProbeAccessIpv6Entry ::= SEQUENCE { sslProbeAccessIpv6Address Ipv6Address, sslProbeAccessIpv6Mask INTEGER, sslProbeAccessIpv6Config RowStatus } sslProbeAccessIpv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "IPv6 address for the sslProbe access control list" ::= { sslProbeAccessIpv6Entry 1 } sslProbeAccessIpv6Mask OBJECT-TYPE SYNTAX INTEGER (1..128) MAX-ACCESS read-write STATUS current DESCRIPTION "IPv6 Mask for the sslProbe access control list" ::= { sslProbeAccessIpv6Entry 2 } sslProbeAccessIpv6Config OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object used for user to add and delete rows in to the table." ::= { sslProbeAccessIpv6Entry 3 } -------------------------------------------------- --This group contains MIB objects related to Sensor Certificate Configuration sensorCertificateGroup OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 52 } sensorCertificateConfigGrp OBJECT IDENTIFIER ::= { sensorCertificateGroup 1 } sensorCertificateCSRConfigGrp OBJECT IDENTIFIER ::= { sensorCertificateConfigGrp 1 } sensorCertificateCSRCountryName OBJECT-TYPE SYNTAX DisplayString (SIZE(1..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "Country name for generating the CSR. Use the two-letter code without punctuation for country like US or CA." ::= { sensorCertificateCSRConfigGrp 1 } sensorCertificateCSRStateProvince OBJECT-TYPE SYNTAX DisplayString (SIZE(1..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "State or Province name for generating the CSR. Spell out the state completely." ::= { sensorCertificateCSRConfigGrp 2 } sensorCertificateCSRLocality OBJECT-TYPE SYNTAX DisplayString (SIZE(1..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "City or town name for generating the CSR." ::= { sensorCertificateCSRConfigGrp 3 } sensorCertificateCSRCompany OBJECT-TYPE SYNTAX DisplayString (SIZE(1..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "Company name for generating the CSR. If the company name has symbols, spell out the symbol or omit it to enroll." ::= { sensorCertificateCSRConfigGrp 4 } sensorCertificateCSROrganizationalUnit OBJECT-TYPE SYNTAX DisplayString (SIZE(1..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "The organizational unit is the name of the department or organization unit making the request. This is an optional field" ::= { sensorCertificateCSRConfigGrp 5 } sensorCertificateCSRCommonName OBJECT-TYPE SYNTAX DisplayString (SIZE(1..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "The common name is the host plus domain name. It looks like www.company.com or company.com." ::= { sensorCertificateCSRConfigGrp 6 } sensorCertificateCSRGenerateAction OBJECT-TYPE SYNTAX INTEGER { other(0), generateCSR(1), generateSelfSigned(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This action is used to generate the CSR/self signed certificate. Default : other (0)" ::= { sensorCertificateCSRConfigGrp 7 } sensorCertificateCSRGenerateStatus OBJECT-TYPE SYNTAX INTEGER { other (0), generationInProgress (1), generationComplete (2), generationFailed (3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object describes the possible CSR generation states. Default : other (0)" ::= { sensorCertificateCSRConfigGrp 8 } sensorCertSubAltName OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "To push sensorCert subject alternative name" ::= { sensorCertificateCSRConfigGrp 9 } sensorCertificateStatus OBJECT-TYPE SYNTAX INTEGER { other (0), certAbsent (1), defaultCert (2), selfsignedCert (3), casignedCert (4) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the cert status on the sensor. Default: 0" ::= { sensorCertificateConfigGrp 2 } sensorCertMigrateAction OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "To push request for sensor cert migration" ::= { sensorCertificateConfigGrp 3 } -------------------------------------------------- sensorStackGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 53 } stackName OBJECT-TYPE SYNTAX DisplayString (SIZE(1..80)) MAX-ACCESS read-only STATUS current DESCRIPTION "Stack Name" ::= { sensorStackGrp 1 } stackNodeId OBJECT-TYPE SYNTAX INTEGER (1..16) MAX-ACCESS read-only STATUS current DESCRIPTION "ID of stackNode." ::= { sensorStackGrp 2 } stackNodeLeftNeighbour OBJECT-TYPE SYNTAX INTEGER (1..16) MAX-ACCESS read-only STATUS current DESCRIPTION "Node id of Left Neighbour, configured in stack" ::= { sensorStackGrp 3 } stackNodeRightNeighbour OBJECT-TYPE SYNTAX INTEGER (1..16) MAX-ACCESS read-only STATUS current DESCRIPTION "Node id of Right Neighbour, configured in stack" ::= { sensorStackGrp 4 } interfaceVirtualPortGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 54 } intfVirtualPortTable OBJECT-TYPE SYNTAX SEQUENCE OF IntfVirtualPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing entries for each interface port (indexed via intfPortIndex) on each sensor card (indexed via appropriate slotIndex). This table contains Trellix specific configuration objects. Tables that contain MIB objects borrowed from MIB-II are in the TRELLIX-SENSOR-PERF-MIB." ::= { interfaceVirtualPortGrp 1 } intfVirtualPortEntry OBJECT-TYPE SYNTAX IntfVirtualPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This MIB object contains all the columnar objects, that describe the contents of each interface port on each IntruShield sensor card. Indexed by slotIndex/intfPortIndex" INDEX { intfVirtualSlotIndex, intfVirtualPortIndex } ::= { intfVirtualPortTable 1 } IntfVirtualPortEntry ::= SEQUENCE { intfVirtualPortIfDescr DisplayString, intfVirtualPortIfType TrellixIDSPortType, intfVirtualPortIfAdminStatus INTEGER, intfVirtualPortOperatingMode TrellixIDSOperatingMode, intfVirtualPortEnableFullDuplex TruthValue, intfVirtualPortSpeedConfig TrellixPortSpeed, intfVirtualPortEnableInternalTap TruthValue, intfVirtualPortInOutType INTEGER, intfVirtualFailOpenSwitchStatus INTEGER, intfVirtualFailOpenPortStatus INTEGER, intfVirtualPortEnableAntiSpoofing INTEGER, intfVirtualPortAllowAnyConnector TruthValue, intfVirtualPortCageType INTEGER, intfVirtualPortSetMediaType INTEGER, intfVirtualPortMonPortIpAddress IpAddress, intfVirtualPortMonPortNetMask IpAddress, intfVirtualPortGatewayIpAddress IpAddress, intfVirtualPortNbadConfigStatus TruthValue, intfVirtualPortVlanId Integer32, intfVirtualPortAppIdStatsConfigStatus TruthValue, intfVirtualPortLinearIndex TrellixPortLinearIndex, intfVirtualPortFECConfig TruthValue } intfVirtualPortIfDescr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string containing information about the interface. Returns the string that is printed on the box." ::= { intfVirtualPortEntry 1 } intfVirtualPortIfType OBJECT-TYPE SYNTAX TrellixIDSPortType MAX-ACCESS read-write STATUS current DESCRIPTION "The type of interface, distinguished according to the physical/link protocol(s) immediately 'below' the network layer in the protocol stack. For brevity, Trellix options are as specified by the TC, TrellixIDSPortType. However, the SNMP MIB-II - Interfaces MIB specifies many more valid options. See comments section for details. " ::= { intfVirtualPortEntry 2 } intfVirtualPortIfAdminStatus OBJECT-TYPE SYNTAX INTEGER { up (1), down (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The desired state of the interface. The testing(3) state indicates that no operational packets can be passed. Default: down" ::= { intfVirtualPortEntry 3 } intfVirtualPortOperatingMode OBJECT-TYPE SYNTAX TrellixIDSOperatingMode MAX-ACCESS read-write STATUS current DESCRIPTION "ReadWrite parameter specifies the operating mode for the Trellix IDS sensor to be used. Different modes supported are inline-fo-passive(1), non-inline or tap(2), span(3) and inlne-fc(4), inline-fo-active kit(5 - available on M-series only). Default: non-inline" ::= { intfVirtualPortEntry 4 } intfVirtualPortEnableFullDuplex OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "True: Sets interface port to work as a full-duplex one. Otherwise as half-duplex. Default: True" ::= { intfVirtualPortEntry 5 } intfVirtualPortSpeedConfig OBJECT-TYPE SYNTAX TrellixPortSpeed -- was TrellixFEType, now deprecated MAX-ACCESS read-write STATUS current DESCRIPTION "Set desired speed/negotiation on the interface." ::= { intfVirtualPortEntry 6 } intfVirtualPortEnableInternalTap OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Set to TRUE to enable feature. Applies to Fast Ethernet (FE) ports only (see TrellixIDSPortType). For non FE ports, set to 'FALSE' . Setting this to 'TRUE' requires that is already set to 'monitor-dual-intf' Default: True" ::= { intfVirtualPortEntry 7 } intfVirtualPortInOutType OBJECT-TYPE SYNTAX INTEGER { inside (1), outside (2), not-specified (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This MIB object reflects the Input or Output labeling of this interface port. Used only when operating mode is inline(1) or monitor-dual-intf(2). Default: not-specified(3)" ::= { intfVirtualPortEntry 8 } intfVirtualFailOpenSwitchStatus OBJECT-TYPE SYNTAX INTEGER { not-applicable(1), present(2), not-present(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Returns the status of the external optical bypass switch status. For FE ports, this object will return not-applicable(1). For GE ports, if external optical bypass switch is connected to sensor ports, this will return present(2). Otherwise, it will return not-present(3)." ::= { intfVirtualPortEntry 9 } intfVirtualFailOpenPortStatus OBJECT-TYPE SYNTAX INTEGER { not-applicable(1), inline-fail-open(2), bypass(3), tap (4), absent (5), unknown (6), layer2-bypass (7) } MAX-ACCESS read-write STATUS current DESCRIPTION "Returns the packet forwarding status of the sensor ports connected to the optical bypass switch. If status is inline-fail-open(2), sensor is doing the forwarding. If status is bypass(3), the bypass switch is doing the forwarding and sensor will not process any traffic in this mode. Tap(4), absent(5) , unknown (6) and layer2-bypass(7) are available only in M-series for non RJ45(captive) ports when connected to active FO kit and sensor operating mode is inline-fail-open-active-kit. tap - operational status(up), kit(present), heart-beat(tap) absent - operational status(up), kit(absent), hear-beat(none) unknown - operational status(down), kit(absent), heart-beat(not available)." ::= { intfVirtualPortEntry 10 } intfVirtualPortEnableAntiSpoofing OBJECT-TYPE SYNTAX INTEGER { disable-bothsides-spoof-detect (1), enable-inside-spoof-detect (2), enable-outside-spoof-detect (3), enable-bothsides-spoof-detect (4) } MAX-ACCESS read-write STATUS current DESCRIPTION "spoofed packet detect rcvd on the both sides . Default: 'disable-bothsides-spoof-detect' (0) " ::= { intfVirtualPortEntry 11 } intfVirtualPortAllowAnyConnector OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "True: Permit usage of any connector for port. False: Restrict usage to McAfee certified connector only. Default: False" ::= { intfVirtualPortEntry 12 } intfVirtualPortCageType OBJECT-TYPE SYNTAX INTEGER { other (0), rJ-45 (1), rJ-11 (2), gBIC (3), sFP (4), xFP (5), sFP-plus (6), -- support in R-series only qSFP (7), -- support in R-series only rJ-45-plus (8), -- support in R-series only sFP-plus-BPFO (9) -- support in R-series only } MAX-ACCESS read-write STATUS current DESCRIPTION "Physical connector cage type on sensor chassis panel." ::= { intfVirtualPortEntry 13 } intfVirtualPortSetMediaType OBJECT-TYPE SYNTAX INTEGER { optical(1), electrical (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Sets the media of the connector the user desired for the port. Default: optical" ::= { intfVirtualPortEntry 14 } intfVirtualPortMonPortIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure / retrieve the IPv4 address of the monitoring port. Default: 0.0.0.0" ::= { intfVirtualPortEntry 15 } intfVirtualPortMonPortNetMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure / retrieve netmask for the IPv4 address of the monitoring port. Default: 0.0.0.0" ::= { intfVirtualPortEntry 16 } intfVirtualPortGatewayIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure / retrieve the IPv4 address of the gateway. Default: 0.0.0.0" ::= { intfVirtualPortEntry 17 } intfVirtualPortNbadConfigStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object value if set to TRUE indicates that flow record generation to be sent to the NBAD server, is enabled over this monitoring port. Default: False" ::= { intfVirtualPortEntry 18 } intfVirtualPortVlanId OBJECT-TYPE SYNTAX Integer32 (0..2164326399) MAX-ACCESS read-write STATUS current DESCRIPTION "This MIB object indicates the Vlan ID of the VLAN to which the monitoring port is connected." ::= { intfVirtualPortEntry 19 } intfVirtualPortAppIdStatsConfigStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object value if set to TRUE indicates that the appId stats collection is enabled over this monitoring port. Default: True" ::= { intfVirtualPortEntry 20 } intfVirtualPortLinearIndex OBJECT-TYPE SYNTAX TrellixPortLinearIndex MAX-ACCESS read-only STATUS current DESCRIPTION "This MIB object indicates the Linear Index of the monitoring port. This index is generated by the sensor appliance using the pair of slot index and the port index values. The other MIB tables would directly use this linear index, whereever applicable." ::= { intfVirtualPortEntry 21 } intfVirtualPortFECConfig OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object value if set to TRUE indicates that FEC is enabled, FALSE for FEC disbaled Default: False" ::= { intfVirtualPortEntry 22 } -- responseVirtualPortGrp 'ivSensorConfigurationMIB 55' is not supported currently, reserved for future use responseVirtualPortGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 55 } respVirtualPortTable OBJECT-TYPE SYNTAX SEQUENCE OF RespVirtualPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing entries for each response port (indexed via respPortIndex) on each sensor card (indexed via valid slotIndex). This table contains Trellix specific MIB objects. " ::= { responseVirtualPortGrp 1 } respVirtualPortEntry OBJECT-TYPE SYNTAX RespVirtualPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This MIB object contains all the columnar objects, that describe the contents of each response port within the Trellix IDS sensor card. Indexed by slotIndex/respPortIndex" INDEX { slotIndex, respPortIndex } ::= { respVirtualPortTable 1 } RespVirtualPortEntry ::= SEQUENCE { respVirtualPortDescr DisplayString, respVirtualPortType TrellixIDSPortType, respVirtualPortAdminStatus INTEGER, respVirtualPortOperStatus INTEGER, respVirtualPortEnableFullDuplex TruthValue, respVirtualPortSpeed TrellixPortSpeed, -- was TrellixFEType, respVirtualPortPktDestination INTEGER, respVirtualPortMacAddress MacAddress, respVirtualCUGEPortSpeed TrellixCUGEType, respVirtualAdditionalInfo DisplayString } respVirtualPortDescr OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string containing information about the interface. Returns the string that is printed on the box." ::= { respVirtualPortEntry 1 } respVirtualPortType OBJECT-TYPE SYNTAX TrellixIDSPortType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of interface, distinguished according to the physical/link protocol(s) immediately 'below' the network layer in the protocol stack. See TrellixIDSPortType. " ::= { respVirtualPortEntry 2 } respVirtualPortAdminStatus OBJECT-TYPE SYNTAX INTEGER { up (1), down (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The desired state of the interface. Default: Up" ::= { respVirtualPortEntry 3 } respVirtualPortOperStatus OBJECT-TYPE SYNTAX INTEGER { up (1), down (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current operational state of the interface. The testing(3) state indicates that no operational packets can be passed." ::= { respVirtualPortEntry 4 } respVirtualPortEnableFullDuplex OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "True: Sets response port to work as a full-duplex one. otherwise as half-duplex. If True, respPortFullDuplexPeer must be specified. Default: False " ::= { respVirtualPortEntry 5 } -- Support for respPortSpeed is deprecated in V-series sensors(VmIPS). respVirtualPortSpeed OBJECT-TYPE SYNTAX TrellixPortSpeed MAX-ACCESS read-write STATUS current DESCRIPTION "See TrellixPortSpeed Default: fixed-hundred-Mbps (2)" ::= { respVirtualPortEntry 6 } respVirtualPortPktDestination OBJECT-TYPE SYNTAX INTEGER { switch (1), router (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used when response ports are chosen for sending response packets. When router mode is chosen, packets will be sent to router with destination MAC as defined in intfRespMacAddress. Default value is switch (1)." ::= { respVirtualPortEntry 7 } respVirtualPortMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the macaddress of the router to which the response packets have to be sent to." ::= { respVirtualPortEntry 8 } -- Support for respCUGEPortSpeed is deprecated in V-series sensors(VmIPS). respVirtualCUGEPortSpeed OBJECT-TYPE SYNTAX TrellixCUGEType MAX-ACCESS read-write STATUS current DESCRIPTION "Only applicable to copper-gigabit-ethernet ports, to specify whether 10mbps or 100mbps or 1-gbps or auto-neg. See TrellixCUGEType Default: auto-negotiate" ::= { respVirtualPortEntry 9 } respVirtualAdditionalInfo OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string containing additional information about the response interface. This mib object will be available only on V-series sensors." ::= { respVirtualPortEntry 11 } -- -- Interface Virtual Response Table -- intfVirtualRespTable OBJECT-TYPE SYNTAX SEQUENCE OF IntfVirtualRespEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table containing entries for each interface port. The table describes how responses have to be sent in monitoring mode." ::= { responseVirtualPortGrp 2 } intfVirtualRespEntry OBJECT-TYPE SYNTAX IntfVirtualRespEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indexed by slotIndex/intfPortIndex" INDEX { slotIndex, intfPortIndex } ::= { intfVirtualRespTable 1 } IntfVirtualRespEntry ::= SEQUENCE { intfVirtualRespType INTEGER, intfVirtualRespPortNo INTEGER } intfVirtualRespType OBJECT-TYPE SYNTAX INTEGER { responsePort (1), inline (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to responsePort (2) causes responses to be sent via the response port. The response port no that needs to be used is specified with intfRespPortNo object. Setting this object to inline (3) causes responses to be sent inline. Note that in monitoring mode, responses can only be sent inline when the monitoring port is in half-duplex mode. Default action will be responsePort (1)." ::= { intfVirtualRespEntry 1 } intfVirtualRespPortNo OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the response port number that needs to be used for this monitoring port. The response ports are configured by respPortTable." ::= { intfVirtualRespEntry 2 } -------------------------------------------------- -- -- mvxCfgGrp -- mvxCfgGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 56 } mvxConnectionConfig OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to enable or disable the MVX integration Default: 2, disable" ::= { mvxCfgGrp 1 } mvxIPAddressType OBJECT-TYPE SYNTAX INTEGER { ip-v4 (4), ip-v6 (6) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the IP address type of the mgmt port at the MVX engine end" ::= { mvxCfgGrp 2 } mvxBrokerIPv4Address OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the IPv4 address of the MVX engine. The mvxBrokerIPv4Address would be zero if the current object is initialized" ::= { mvxCfgGrp 3 } mvxBrokerIPv6Address OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the IPv6 address of the MVX engine. The mvxBrokerIPv6Address would be zero if the current object is initialized" ::= { mvxCfgGrp 4 } mvxUserName OBJECT-TYPE SYNTAX DisplayString (SIZE(1..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to send username for configured MVX engine. Default value is NULL" ::= { mvxCfgGrp 5 } mvxPassword OBJECT-TYPE SYNTAX DisplayString (SIZE(1..80)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to send password for configured MVX engine. Default value is NULL" ::= { mvxCfgGrp 6 } mvxCertificateValidation OBJECT-TYPE SYNTAX INTEGER { enable (1), disable (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to indicate the MVX server certificate flag at the sensor" ::= { mvxCfgGrp 7 } mvxAuthStatus OBJECT-TYPE SYNTAX INTEGER { down(2), up (1) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object is used to indicate the authentication status between sensor and MVX engine " ::= { mvxCfgGrp 8 } mvxUseProxy OBJECT-TYPE SYNTAX INTEGER { disable(2), enable(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to indicate the configured proxy is used by the MVX engine or not " ::= { mvxCfgGrp 9 } -------------------------------------------------- END