2081 lines
67 KiB
Plaintext
2081 lines
67 KiB
Plaintext
CM-SECURITY-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, Integer32, IpAddress, Unsigned32
|
|
FROM SNMPv2-SMI
|
|
DateAndTime, DisplayString, TruthValue, RowStatus, StorageType,
|
|
TEXTUAL-CONVENTION, VariablePointer
|
|
FROM SNMPv2-TC
|
|
OBJECT-GROUP, MODULE-COMPLIANCE
|
|
FROM SNMPv2-CONF
|
|
fsp150cm
|
|
FROM ADVA-MIB
|
|
IpVersion, UserInterfaceType
|
|
FROM CM-COMMON-MIB
|
|
Ipv6Address
|
|
FROM IPV6-TC
|
|
usmUserEntry
|
|
FROM SNMP-USER-BASED-SM-MIB
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB;
|
|
|
|
cmSecurityMIB MODULE-IDENTITY
|
|
LAST-UPDATED "202101280000Z"
|
|
ORGANIZATION "ADVA Optical Networking SE"
|
|
CONTACT-INFO
|
|
"Web URL: http://adva.com/
|
|
E-mail: support@adva.com
|
|
Postal: ADVA Optical Networking SE
|
|
Campus Martinsried
|
|
Fraunhoferstrasse 9a
|
|
82152 Martinsried/Munich
|
|
Germany
|
|
Phone: +49 089 89 06 65 0
|
|
Fax: +49 089 89 06 65 199 "
|
|
DESCRIPTION
|
|
"This module defines the Security MIB definitions
|
|
used by the F3 (FSP150CM/CC) product lines. These are used
|
|
to manage the user/authentication for CLI/GUI sessions.
|
|
Copyright (C) ADVA."
|
|
REVISION "202101280000Z"
|
|
DESCRIPTION
|
|
"Notes from release 202007270000Z:
|
|
(1) Added new tables: f3CaProfileTable, f3CaTable.
|
|
(2) Added new textual conventions: CaAction,
|
|
SslCertificatePrivateKeyPairAction, CertificateType,
|
|
CertificateStatus, AutoEnrollmentStatus, CaRootCertStatus.
|
|
(3) Added new columns to f3SslCertificatePrivateKeyPairTable:
|
|
f3SslCertificatePrivateKeyPairRsaKeyPairName,
|
|
f3SslCertificatePrivateKeyPairCertificateType,
|
|
f3SslCertificatePrivateKeyPairCertificateStatus,
|
|
f3SslCertificatePrivateKeyPairAction.
|
|
(4) Added new column to f3CertSigningRequestTable:
|
|
f3CertSigningRequestAutoEnrollmentStatus.
|
|
(5) Added new scalar to f3SshCipherStrengthHighControl.
|
|
|
|
Notes from release 202006180000Z:
|
|
(1) Changed MAX-ACCESS for f3HttpsSslKeyPair from read-only to read-write
|
|
|
|
Notes from release 201912010000Z
|
|
(1) Added f3NasIpAddressType,
|
|
f3SslCertificateActionKeyName,
|
|
|
|
Notes from release 201910010000Z
|
|
(1) Added scalars f3HttpsSslCertExpNotifPeriod,
|
|
f3HttpsSslKeyPair,
|
|
f3SslCertificateAction,
|
|
f3SslCertificateActionPairName,
|
|
|
|
Added f3SslCertificatePrivateKeyPairTable with columns:
|
|
f3SslCertificatePrivateKeyPairName,
|
|
f3SslCertificatePrivateKeyPairSslCertificate,
|
|
f3SslCertificatePrivateKeyPairPrivateKeyPresent
|
|
|
|
Notes from release 201905280000Z
|
|
(1) added cmSecurityUserSso2fa to cmSecurityUserTable
|
|
(2) added scalar f3Sso2faControl
|
|
|
|
Notes from release 201706270000Z
|
|
(1) Added Object Identifier cmIcmpV4Objects with scalar objects:
|
|
icmpV4Filter, icmpV4DropEchoRequests
|
|
(2) Added Object Identifier cmIcmpV6Objects with scalar objects:
|
|
icmpV6Filter, icmpV6DropEchoRequests, icmpV6DropNeighborSolicitation,
|
|
icmpV6DropRouterAdvertisement, icmpV6DropNeighborAdvertisement,
|
|
icmpV6DropRouterSolicitation
|
|
|
|
Notes from release 201704030000Z
|
|
(1) add f3RadiusSendVendorAvpEnabled and f3RadiusRealm to the MIB
|
|
|
|
Notes from release 201606140000Z
|
|
(1) added cmSecurityUserRemoteCryptoUser to cmSecurityUserTable
|
|
|
|
Notes from release 201602080000Z
|
|
(1)Added literal netconf to CmSecurityPrivLevel
|
|
|
|
Notes from release 201509180000Z
|
|
(1)Added cmSecurityCryptoPassword attribute to cmSecurityUserTable
|
|
|
|
Note from release 201106270000Z,
|
|
(1)Added f3TacacsPrivLevelControlEnabled, f3TacacsDefaultPrivLevel
|
|
|
|
Note from release 201104140000Z,
|
|
(1)Added cmSecurityUserAction to support remove-lockout
|
|
|
|
Note from release 201101050000Z,
|
|
(1)Added f3UsmUserTable - an augment to UsmUserTable
|
|
|
|
Note from release 201002120000Z,
|
|
(1)MIBs updated for supported functionality in R4.3CC and R4.1CM
|
|
(a)cmRemoteAuthServerTable has new objects
|
|
cmRemoteAuthServerAccountingPort to support RADIUS accounting
|
|
|
|
Notes from release 200903190000Z,
|
|
(1)MIB version ready for release FSP150CC GE101, GE206 devices
|
|
(a)Added Textual convention CmSecurityPolicyStrength
|
|
(b)Added MIB scalar cmSecurityPolicyStrength
|
|
|
|
(2)Following changes are made to the cmSecurityUserTable,
|
|
(a)cmSecurityUserPassword column to modify security user password
|
|
(b)cmSecurityUserStorageType and cmSecurityUserRowStatus columns added
|
|
thereby allowing creation/deletion of Security Users
|
|
(c)cmSecurityUserComment, cmSecurityUserPrivLevel,
|
|
cmSecurityUserLoginTimeout, cmSecurityUserNumFailedLoginAttempts,
|
|
cmSecurityUserCliPagingEnable columns are now read-write
|
|
to allow write access.
|
|
|
|
Notes from release 200803030000Z,
|
|
(1)MIB version ready for release FSP150CM 3.1."
|
|
::= {fsp150cm 10}
|
|
|
|
--
|
|
-- OID definitions
|
|
--
|
|
cmSecurityObjects OBJECT IDENTIFIER ::= {cmSecurityMIB 1}
|
|
cmSecurityConformance OBJECT IDENTIFIER ::= {cmSecurityMIB 2}
|
|
cmSecurityNotifications OBJECT IDENTIFIER ::= {cmSecurityMIB 3}
|
|
|
|
cmIcmpV4Objects OBJECT IDENTIFIER ::= { cmSecurityObjects 20 }
|
|
cmIcmpV6Objects OBJECT IDENTIFIER ::= { cmSecurityObjects 21 }
|
|
|
|
f3FipsObjects OBJECT IDENTIFIER ::= { cmSecurityObjects 23 }
|
|
f3SslCertificateObjects OBJECT IDENTIFIER ::= { cmSecurityObjects 25 }
|
|
|
|
f3RsaKeyPairObjects OBJECT IDENTIFIER ::= { cmSecurityObjects 26 }
|
|
f3CertSigningRequestObjects OBJECT IDENTIFIER ::= { cmSecurityObjects 27 }
|
|
|
|
--
|
|
-- Textual conventions.
|
|
--
|
|
SecuritySelfTestResult ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enumerations for Security Self Test Result
|
|
fail - fail to pass the test,
|
|
success - success to pass the test."
|
|
SYNTAX INTEGER {
|
|
notApplicable (0),
|
|
fail (1),
|
|
success (2)
|
|
}
|
|
|
|
SecuritySelfTestStatus ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enumerations for Security Self Test Status
|
|
notStarted - test not started.
|
|
inprogress - test is in progress.
|
|
complete - test has completed."
|
|
SYNTAX INTEGER {
|
|
notApplicable (0),
|
|
notStarted (1),
|
|
inprogress (2),
|
|
complete (3)
|
|
}
|
|
|
|
CmRemoteAuthProtocol ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enumerations for remote authentication protocol.
|
|
none - No remote authentication protocol,
|
|
radius - RADIUS (Remote Authentication Dial-In User Service),
|
|
tacacs - TACACS+(Terminal Access Controller Access Control System)."
|
|
SYNTAX INTEGER {
|
|
none (1),
|
|
radius (2),
|
|
tacacs (3)
|
|
}
|
|
|
|
CmSecurityAccessOrder ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enumerations for order for security access.
|
|
local - Local database for user/security validation,
|
|
remote - Remote protocol for user/security validation."
|
|
SYNTAX INTEGER {
|
|
local (1),
|
|
remote (2)
|
|
}
|
|
|
|
CmSecurityAuthType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enumerations for remote authentication protocol types.
|
|
pap - Password Authentication Protocol,
|
|
chap - Challenge-Handshake Authentication Protocol."
|
|
SYNTAX INTEGER {
|
|
pap (1),
|
|
chap (2),
|
|
ascii (3)
|
|
}
|
|
|
|
CmSecurityPrivLevel ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enumerations for Security Privilege Level.
|
|
retrieve - Retrieve Privilege Level (can only
|
|
VIEW management information),
|
|
maintenance - Maintenance Privilege Level
|
|
(can VIEW management, as well as perform
|
|
maintenance operations such as loopbacks,
|
|
etherjack diagnosis etc.)
|
|
provisioning - Provisioning Privilege Level
|
|
(can perform Provisioning operations)
|
|
superuser - Super User Privilege Level
|
|
(can perform all operations)
|
|
testuser - Retrieve Privilege Level
|
|
and some maintenance,
|
|
provisioning operations.
|
|
cryptouser - Crypto User Privilege Level
|
|
(can perform security operations)
|
|
netconf - NETCONF Privilege Level"
|
|
SYNTAX INTEGER {
|
|
not-applicable(0),
|
|
retrieve (1),
|
|
maintenance (2),
|
|
provisioning (3),
|
|
superuser (4),
|
|
testuser (5),
|
|
cryptouser (6),
|
|
netconf (7)
|
|
}
|
|
|
|
CmRemoteAuthOrder ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enumerations for order for remote authentication access.
|
|
first - first to access the remote authentication,
|
|
second - second to access the remote authentication,
|
|
third - third to access the remote authentication."
|
|
SYNTAX INTEGER {
|
|
first (1),
|
|
second (2),
|
|
third (3)
|
|
}
|
|
|
|
CmSecurityPolicyStrength ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enumerations for security policy strength
|
|
low - Low Security Policy,
|
|
medium - Medium Security Policy,
|
|
high - High Security Policy."
|
|
SYNTAX INTEGER {
|
|
low (1),
|
|
medium (2),
|
|
high (3)
|
|
}
|
|
|
|
UsmUserAccessType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enumerations for type of USM User
|
|
read-only - Read only,
|
|
read-write - Read write ,
|
|
trap-only - Trap Only."
|
|
SYNTAX INTEGER {
|
|
read-only (1),
|
|
read-write (2),
|
|
trap-only (3)
|
|
}
|
|
|
|
|
|
SecurityUserAction ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Provides ability to manage security users."
|
|
SYNTAX INTEGER {
|
|
not-applicable(0),
|
|
remove-lockout(1) -- removes the locked out condition on security user
|
|
}
|
|
|
|
SnmpSecurityTrapType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Provides ability to manage security traps.
|
|
all - trap is reported when user logs in, logs out or is locked out
|
|
loginFailed - trap is reported only when user failed to log in
|
|
disabled - security traps are disabled."
|
|
|
|
SYNTAX INTEGER {
|
|
all(1),
|
|
loginFailed(2),
|
|
disabled(3)
|
|
}
|
|
|
|
PrivilegeRequestAction ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Privilege request action."
|
|
SYNTAX INTEGER
|
|
{
|
|
undefined(0),
|
|
none(1),
|
|
approve(2),
|
|
deny(3),
|
|
cancel(4)
|
|
}
|
|
|
|
PrivilegeRequestState ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Privilege request state."
|
|
SYNTAX INTEGER
|
|
{
|
|
none(1),
|
|
requestSent(2),
|
|
requestCanceled(3),
|
|
requestApproved(4),
|
|
requestDenied(5),
|
|
requestTimeout(6),
|
|
accessExpired(7),
|
|
accessCanceled(8)
|
|
}
|
|
|
|
RsaKeyLengthType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RSA key length."
|
|
SYNTAX INTEGER {
|
|
rsaKeyLength2048 (1),
|
|
rsaKeyLength4096 (2)
|
|
}
|
|
|
|
ZeroizeKeysAction ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Zeroize Keys."
|
|
SYNTAX INTEGER {
|
|
notApplicable (0),
|
|
ZeroizeKeys (1)
|
|
}
|
|
|
|
RunSelfTestAction ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Run Self-Test."
|
|
SYNTAX INTEGER {
|
|
notApplicable (0),
|
|
RunSelfTest (1)
|
|
}
|
|
|
|
SslCertificateAction ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Provides ability to manage SSL Certificate/Private Key pair.
|
|
deleteSslKeyPair - delete SSL Certificate/Private Key pair
|
|
setHttpsSslKeyPair - set SSL Certificate/Private Key pair used for HTTPS
|
|
addRsaPrivateKey - add RSA Private Key to SSL Certificate/Private Key pair"
|
|
SYNTAX INTEGER {
|
|
notApplicable (0),
|
|
deleteSslKeyPair (1),
|
|
setHttpsSslKeyPair (2),
|
|
addRsaPrivateKey (3)
|
|
}
|
|
|
|
RsaKeyPairAction ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"generate or delete RSA key pair."
|
|
SYNTAX INTEGER {
|
|
notApplicable (0),
|
|
genRsaKeyPair (1),
|
|
delRsaKeyPair (2)
|
|
}
|
|
|
|
CsrAction ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"generate or delete CSR."
|
|
SYNTAX INTEGER {
|
|
notApplicable (0),
|
|
genCsr (1),
|
|
delCsr (2)
|
|
}
|
|
|
|
NasIpAddressType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Nas Ip Address Type."
|
|
SYNTAX INTEGER {
|
|
userDefined (1),
|
|
packetSourceIp (2)
|
|
}
|
|
|
|
CertificateEnrollmentProtocol ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Protocol type used for automatic certificate enrollment."
|
|
SYNTAX INTEGER {
|
|
scep (1)
|
|
}
|
|
|
|
CaAction ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Certificate authority action."
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
updateCACertificates(2),
|
|
startAutoEnrollment(3),
|
|
getCACertificates(4)
|
|
}
|
|
|
|
SslCertificatePrivateKeyPairAction ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"SSL certificate/private key pair action."
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
trustRootCACertificate(2)
|
|
}
|
|
|
|
CertificateType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Certificate type."
|
|
SYNTAX INTEGER {
|
|
root(1),
|
|
intermediate(2),
|
|
device(3)
|
|
}
|
|
|
|
CertificateStatus ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Certificate status."
|
|
SYNTAX INTEGER {
|
|
trusted(1),
|
|
untrusted(2),
|
|
valid(3),
|
|
invalid(4)
|
|
}
|
|
|
|
AutoEnrollmentStatus ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Auto enrollment status."
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
failure(2),
|
|
success(3),
|
|
pending(4),
|
|
aborted(5),
|
|
timedout(6)
|
|
}
|
|
|
|
CaRootCertStatus ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Certificate authority root certificate status."
|
|
SYNTAX INTEGER {
|
|
pending(1),
|
|
active(2),
|
|
failed(3),
|
|
renewing(4),
|
|
renewalFailed(5)
|
|
}
|
|
|
|
|
|
--
|
|
-- Scalar definitions.
|
|
--
|
|
cmAuthProtocol OBJECT-TYPE
|
|
SYNTAX CmRemoteAuthProtocol
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Remote user authentication protocol."
|
|
::= { cmSecurityObjects 1 }
|
|
|
|
|
|
cmAccessOrder OBJECT-TYPE
|
|
SYNTAX CmSecurityAccessOrder
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Order of access for security, i.e. try 'local' first or
|
|
'remote' first."
|
|
::= { cmSecurityObjects 2 }
|
|
|
|
cmAuthType OBJECT-TYPE
|
|
SYNTAX CmSecurityAuthType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"In case of remote authentication, the chosen protocol."
|
|
::= { cmSecurityObjects 3 }
|
|
|
|
cmNASIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"In case of remote authentication RADIUS,
|
|
the Network Access Server's IP Address."
|
|
::= { cmSecurityObjects 4 }
|
|
|
|
-- cmSecurityUserTable is { cmSecurityObjects 5 }
|
|
-- cmRemoteAuthServerTable is { cmSecurityObjects 6 }
|
|
|
|
cmSecurityPolicyStrength OBJECT-TYPE
|
|
SYNTAX CmSecurityPolicyStrength
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the security policy
|
|
strength of the system. Based on this value,
|
|
the system puts additional restrictions on
|
|
the user id and password rules."
|
|
::= { cmSecurityObjects 7 }
|
|
|
|
cmRemoteAuthServerAccountingEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows to enable/disable RADIUS/TACACS+ Accounting
|
|
on all authentication servers."
|
|
::= { cmSecurityObjects 8 }
|
|
|
|
-- f3UsmUserTable is { cmSecurityObjects 9 }
|
|
|
|
f3TacacsPrivLevelControlEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows to enable/disable the use of ENABLE authorization
|
|
control to determine
|
|
the Privilege Level configured by the remote authentication server.
|
|
This object is only valid for TACACS+. Default value of this object is
|
|
TRUE."
|
|
::= { cmSecurityObjects 10 }
|
|
|
|
f3TacacsDefaultPrivLevel OBJECT-TYPE
|
|
SYNTAX CmSecurityPrivLevel
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows specification of the default privilege level of the
|
|
TACACS+ user, when the use of ENABLE authorization control is DISABLED, i.e.
|
|
f3TacacsPrivLevelControlEnabled is set to FALSE."
|
|
::= { cmSecurityObjects 11 }
|
|
|
|
f3NasIpv6Addr OBJECT-TYPE
|
|
SYNTAX Ipv6Address
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object describe the ipv6 address."
|
|
::= { cmSecurityObjects 12 }
|
|
|
|
f3SecurityTrapType OBJECT-TYPE
|
|
SYNTAX SnmpSecurityTrapType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object provides ability to manage whether report security trap."
|
|
::= { cmSecurityObjects 13 }
|
|
|
|
f3SecurityTrapInfo OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to describe the security trap info.
|
|
This object is used only in trap and GET operation on this object
|
|
will return empty string."
|
|
::= { cmSecurityObjects 14 }
|
|
|
|
-- f3PrivilegeChangeTable is { CmSecurityObjects 15 }
|
|
|
|
f3UserPrivMgmtControl OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to enable/disable User Privilege Management."
|
|
::= { cmSecurityObjects 16 }
|
|
|
|
f3UserPrivRspTimeout OBJECT-TYPE
|
|
SYNTAX Integer32 (1..60)
|
|
UNITS "minutes"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to set response timeout for user privilege
|
|
upgrade request in minutes."
|
|
::= { cmSecurityObjects 17 }
|
|
|
|
f3RadiusSendVendorAvpEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "If enabled, Vendor-ID AVP is sent in Access-Request Messages."
|
|
::= { cmSecurityObjects 18 }
|
|
|
|
f3RadiusRealm OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "When the value of radiusRealm is not a null string, the system shall append an '@'
|
|
character and the radiusRealm string to the User-Name attribute included in
|
|
Access-Request Messages. "
|
|
::= { cmSecurityObjects 19 }
|
|
|
|
-- cmIcmpV4Objects is { cmSecurityObjects 20 }
|
|
-- cmIcmpV6Objects is { cmSecurityObjects 21 }
|
|
|
|
cmAnonymizeLogTimeInDays OBJECT-TYPE
|
|
SYNTAX Integer32 (0..1096)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the logging anonymization interval in days.
|
|
After the configured number of days have passed, the system anonymizes the user names.
|
|
At midnight of that day, the system anonymizes all the log entries that precede the configured value.
|
|
0 means NEVER anonymize."
|
|
::= { cmSecurityObjects 22 }
|
|
|
|
-- f3FipsObjects is { cmSecurityObjects 23 }
|
|
|
|
f3Sso2faControl OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "When enabled, the f3 device will allow the creation of a cmSecurityUserEntry with
|
|
the cmSecurityUserSso2fa set to enabled."
|
|
::= { cmSecurityObjects 24 }
|
|
|
|
f3NasIpAddressType OBJECT-TYPE
|
|
SYNTAX NasIpAddressType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"TThis object describe the ip address type."
|
|
::= { cmSecurityObjects 28 }
|
|
|
|
f3SshCipherStrengthHighControl OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "When enabled, high cipher strength is enforced."
|
|
::= { cmSecurityObjects 31 }
|
|
|
|
--
|
|
-- Fips Objects
|
|
--
|
|
f3FipsOperationMode OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Fips Operation Mode."
|
|
::= { f3FipsObjects 1 }
|
|
|
|
f3FipsSecuritySelfTestFailureCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Fips Security Self Test Failure Count."
|
|
::= { f3FipsObjects 2 }
|
|
|
|
f3FipsSecuritySelfTestResult OBJECT-TYPE
|
|
SYNTAX SecuritySelfTestResult
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Fips Security Self Test Result."
|
|
::= { f3FipsObjects 3 }
|
|
|
|
f3FipsSecuritySelfTestStatus OBJECT-TYPE
|
|
SYNTAX SecuritySelfTestStatus
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Fips Security Self Test Status."
|
|
::= { f3FipsObjects 4 }
|
|
|
|
f3FipsAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
notApplicable(0),
|
|
zeroize(1),
|
|
startSecSelfTest(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Fips Security Self Test Action."
|
|
::= { f3FipsObjects 5 }
|
|
|
|
--
|
|
-- cmIcmpV4Objects
|
|
--
|
|
|
|
icmpV4Filter OBJECT-TYPE
|
|
SYNTAX INTEGER { enabled(1), disabled(2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to enable/disable ICMP Filter. When disabled
|
|
is set, all IcmpV4 dropping filters are not applied.
|
|
Only when enabled is set, IcmpV4 dropping filter can be set."
|
|
::= { cmIcmpV4Objects 1 }
|
|
|
|
icmpV4DropEchoRequests OBJECT-TYPE
|
|
SYNTAX INTEGER { enabled(1), disabled(2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to enable/disable Dropping Echo Requests."
|
|
::= { cmIcmpV4Objects 2 }
|
|
|
|
--
|
|
-- cmIcmpV6Objects
|
|
--
|
|
|
|
icmpV6Filter OBJECT-TYPE
|
|
SYNTAX INTEGER { enabled(1), disabled(2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to enable/disable ICMP Filter. When disabled
|
|
is set, all IcmpV6 dropping filters are not applied.
|
|
Only when enabled is set, IcmpV6 dropping filters can be set
|
|
individually."
|
|
::= { cmIcmpV6Objects 1 }
|
|
|
|
icmpV6DropEchoRequests OBJECT-TYPE
|
|
SYNTAX INTEGER { enabled(1), disabled(2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to enable/disable Dropping Echo Requests."
|
|
::= { cmIcmpV6Objects 2 }
|
|
|
|
icmpV6DropNeighborSolicitation OBJECT-TYPE
|
|
SYNTAX INTEGER { enabled(1), disabled(2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to enable/disable Dropping Neighbor Solicitation."
|
|
::= { cmIcmpV6Objects 3 }
|
|
|
|
icmpV6DropRouterAdvertisement OBJECT-TYPE
|
|
SYNTAX INTEGER { enabled(1), disabled(2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to enable/disable Dropping Router Advertisement."
|
|
::= { cmIcmpV6Objects 4 }
|
|
|
|
icmpV6DropNeighborAdvertisement OBJECT-TYPE
|
|
SYNTAX INTEGER { enabled(1), disabled(2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to enable/disable Dropping Neighbor Advertisement."
|
|
::= { cmIcmpV6Objects 5 }
|
|
|
|
icmpV6DropRouterSolicitation OBJECT-TYPE
|
|
SYNTAX INTEGER { enabled(1), disabled(2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to enable/disable Dropping Router Solicitation."
|
|
::= { cmIcmpV6Objects 6 }
|
|
|
|
--
|
|
-- Ssl Certificate Objects
|
|
--
|
|
f3HttpsSslCertExpNotifPeriod OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..180)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of days prior to expiration of the HTTPS SSL Certificate
|
|
that the Expiry Notification Alarm will be raised."
|
|
::= { f3SslCertificateObjects 1 }
|
|
|
|
f3HttpsSslKeyPair OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the SSL certificate/private key pair used for HTTPS."
|
|
::= { f3SslCertificateObjects 2 }
|
|
|
|
f3SslCertificateAction OBJECT-TYPE
|
|
SYNTAX SslCertificateAction
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the action to take on SSL certificate objects."
|
|
::= { f3SslCertificateObjects 3 }
|
|
|
|
f3SslCertificateActionPairName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the name of the SSL Certificate/Private Key pair to delete or set for HTTPS."
|
|
::= { f3SslCertificateObjects 4 }
|
|
|
|
f3SslCertificateActionKeyName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the name of the Certificate/Private Key pair to add."
|
|
::= { f3SslCertificateObjects 6 }
|
|
|
|
--
|
|
-- SSL Certificate Private Key Pair Table
|
|
--
|
|
f3SslCertificatePrivateKeyPairTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF F3SslCertificatePrivateKeyPairEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of entries for the SSL Certificate/Private Key Pairs."
|
|
::= { f3SslCertificateObjects 5 }
|
|
|
|
f3SslCertificatePrivateKeyPairEntry OBJECT-TYPE
|
|
SYNTAX F3SslCertificatePrivateKeyPairEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A conceptual row in the f3SslCertificatePrivateKeyPairTable."
|
|
INDEX { f3SslCertificatePrivateKeyPairName }
|
|
::= { f3SslCertificatePrivateKeyPairTable 1 }
|
|
|
|
F3SslCertificatePrivateKeyPairEntry ::= SEQUENCE {
|
|
f3SslCertificatePrivateKeyPairName DisplayString,
|
|
f3SslCertificatePrivateKeyPairSslCertificate DisplayString,
|
|
f3SslCertificatePrivateKeyPairPrivateKeyPresent TruthValue,
|
|
f3SslCertificatePrivateKeyPairRsaKeyPairName DisplayString,
|
|
f3SslCertificatePrivateKeyPairCertificateType CertificateType,
|
|
f3SslCertificatePrivateKeyPairCertificateStatus CertificateStatus,
|
|
f3SslCertificatePrivateKeyPairAction SslCertificatePrivateKeyPairAction
|
|
}
|
|
|
|
f3SslCertificatePrivateKeyPairName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..64))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is a unique name for the key pair."
|
|
::= { f3SslCertificatePrivateKeyPairEntry 1 }
|
|
|
|
f3SslCertificatePrivateKeyPairSslCertificate OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..4096))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the contents of the SSL certificate."
|
|
::= { f3SslCertificatePrivateKeyPairEntry 2 }
|
|
|
|
f3SslCertificatePrivateKeyPairPrivateKeyPresent OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This indicates that a private key is present in the key pair."
|
|
::= { f3SslCertificatePrivateKeyPairEntry 3 }
|
|
|
|
f3SslCertificatePrivateKeyPairRsaKeyPairName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the Rsa key of the SSL certificate."
|
|
::= { f3SslCertificatePrivateKeyPairEntry 4 }
|
|
|
|
f3SslCertificatePrivateKeyPairCertificateType OBJECT-TYPE
|
|
SYNTAX CertificateType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the SSL certificate type."
|
|
::= { f3SslCertificatePrivateKeyPairEntry 5 }
|
|
|
|
f3SslCertificatePrivateKeyPairCertificateStatus OBJECT-TYPE
|
|
SYNTAX CertificateStatus
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the SSL certificate status."
|
|
::= { f3SslCertificatePrivateKeyPairEntry 6 }
|
|
|
|
f3SslCertificatePrivateKeyPairAction OBJECT-TYPE
|
|
SYNTAX SslCertificatePrivateKeyPairAction
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the SSL Certificate/Private Key Pair Action."
|
|
::= { f3SslCertificatePrivateKeyPairEntry 7 }
|
|
|
|
--
|
|
-- RSA Key Pair Objects
|
|
--
|
|
|
|
f3RsaKeyPairAction OBJECT-TYPE
|
|
SYNTAX RsaKeyPairAction
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the action to RSA key pair."
|
|
::= { f3RsaKeyPairObjects 1 }
|
|
|
|
f3RsaKeyPairActionName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the name of RSA key pair action."
|
|
::= { f3RsaKeyPairObjects 2 }
|
|
|
|
f3RsaKeyPairActionLength OBJECT-TYPE
|
|
SYNTAX RsaKeyLengthType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the length of RSA key pair action."
|
|
::= { f3RsaKeyPairObjects 3 }
|
|
|
|
--
|
|
-- RSA Key Pair Table
|
|
--
|
|
|
|
f3RsaKeyPairTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF F3RsaKeyPairEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of RSA key pairs."
|
|
::= { f3RsaKeyPairObjects 4 }
|
|
|
|
f3RsaKeyPairEntry OBJECT-TYPE
|
|
SYNTAX F3RsaKeyPairEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A conceptual row in the f3RsaKeyPairTable."
|
|
INDEX { f3RsaKeyPairName }
|
|
::= { f3RsaKeyPairTable 1 }
|
|
|
|
F3RsaKeyPairEntry ::= SEQUENCE {
|
|
f3RsaKeyPairName DisplayString,
|
|
f3RsaKeyPairPublicKey DisplayString
|
|
}
|
|
|
|
f3RsaKeyPairName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..64))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is a unique name for the key pair."
|
|
::= { f3RsaKeyPairEntry 1 }
|
|
|
|
f3RsaKeyPairPublicKey OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..4096))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is a public key."
|
|
::= { f3RsaKeyPairEntry 2 }
|
|
|
|
--
|
|
-- CSR Objects
|
|
--
|
|
|
|
f3CsrAction OBJECT-TYPE
|
|
SYNTAX CsrAction
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the action to CSR."
|
|
::= { f3CertSigningRequestObjects 1 }
|
|
|
|
f3CsrActionCsrName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the name of CSR action."
|
|
::= { f3CertSigningRequestObjects 2 }
|
|
|
|
f3CsrActionRsaKeyName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the RSA key name of CSR action."
|
|
::= { f3CertSigningRequestObjects 3 }
|
|
|
|
f3CsrActionCountry OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the country of CSR action."
|
|
::= { f3CertSigningRequestObjects 4 }
|
|
|
|
f3CsrActionState OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the state of CSR action."
|
|
::= { f3CertSigningRequestObjects 5 }
|
|
|
|
f3CsrActionLocality OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the locality of CSR action."
|
|
::= { f3CertSigningRequestObjects 6 }
|
|
|
|
f3CsrActionOrganization OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the organization of CSR action."
|
|
::= { f3CertSigningRequestObjects 7 }
|
|
|
|
f3CsrActionOrganizationUnit OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the organization unit of CSR action."
|
|
::= { f3CertSigningRequestObjects 8 }
|
|
|
|
f3CsrActionCommonName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the common name of CSR action."
|
|
::= { f3CertSigningRequestObjects 9 }
|
|
|
|
f3CsrActionEmail OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the email of CSR action."
|
|
::= { f3CertSigningRequestObjects 10 }
|
|
|
|
f3CsrActionSerialNumber OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the serial number of CSR action."
|
|
::= { f3CertSigningRequestObjects 11 }
|
|
|
|
f3CsrActionAlternativeName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..256))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the alternative name of CSR action."
|
|
::= { f3CertSigningRequestObjects 12 }
|
|
|
|
--
|
|
-- CSR Table
|
|
--
|
|
|
|
f3CertSigningRequestTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF F3CertSigningRequestEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of CSR."
|
|
::= { f3CertSigningRequestObjects 13 }
|
|
|
|
f3CertSigningRequestEntry OBJECT-TYPE
|
|
SYNTAX F3CertSigningRequestEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A conceptual row in the f3CertSigningRequestTable."
|
|
INDEX { f3CertSigningRequestName }
|
|
::= { f3CertSigningRequestTable 1 }
|
|
|
|
F3CertSigningRequestEntry ::= SEQUENCE {
|
|
f3CertSigningRequestName DisplayString,
|
|
f3CertSigningRequestRsaKeyPairName DisplayString,
|
|
f3CertSigningRequestCsrData DisplayString,
|
|
f3CertSigningRequestAutoEnrollmentStatus AutoEnrollmentStatus
|
|
}
|
|
|
|
f3CertSigningRequestName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..64))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is a unique name for CSR."
|
|
::= { f3CertSigningRequestEntry 1 }
|
|
|
|
f3CertSigningRequestRsaKeyPairName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..64))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the Key pair name."
|
|
::= { f3CertSigningRequestEntry 2 }
|
|
|
|
f3CertSigningRequestCsrData OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..4096))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the CSR data."
|
|
::= { f3CertSigningRequestEntry 3 }
|
|
|
|
f3CertSigningRequestAutoEnrollmentStatus OBJECT-TYPE
|
|
SYNTAX AutoEnrollmentStatus
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the auto enrollment status."
|
|
::= { f3CertSigningRequestEntry 4 }
|
|
|
|
|
|
--
|
|
-- Table definitions.
|
|
--
|
|
|
|
--
|
|
-- Security User Table
|
|
--
|
|
cmSecurityUserTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CmSecurityUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of entries corresponding to the security users.
|
|
Entries cannot be created in this table by management
|
|
application action."
|
|
::= { cmSecurityObjects 5 }
|
|
|
|
|
|
cmSecurityUserEntry OBJECT-TYPE
|
|
SYNTAX CmSecurityUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing information applicable to a particular
|
|
security user."
|
|
INDEX { cmSecurityUserName, cmSecurityUserRemoteUser }
|
|
::= { cmSecurityUserTable 1 }
|
|
|
|
|
|
CmSecurityUserEntry ::= SEQUENCE {
|
|
cmSecurityUserName DisplayString,
|
|
cmSecurityUserComment DisplayString,
|
|
cmSecurityUserPrivLevel CmSecurityPrivLevel,
|
|
cmSecurityUserLoginTimeout Integer32,
|
|
cmSecurityUserNumFailedLoginAttempts Integer32,
|
|
cmSecurityUserLastLoginTime DateAndTime,
|
|
cmSecurityUserLockedout TruthValue,
|
|
cmSecurityUserLastLockedoutTime DateAndTime,
|
|
cmSecurityUserCliPagingEnable TruthValue,
|
|
cmSecurityUserRemoteUser TruthValue,
|
|
cmSecurityUserPassword DisplayString,
|
|
cmSecurityUserStorageType StorageType,
|
|
cmSecurityUserRowStatus RowStatus,
|
|
cmSecurityUserAction SecurityUserAction,
|
|
cmSecurityCryptoPassword DisplayString,
|
|
cmSecurityUserRemoteCryptoUser TruthValue,
|
|
cmSecurityUserSso2fa TruthValue
|
|
}
|
|
|
|
cmSecurityUserName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security User Name."
|
|
::= { cmSecurityUserEntry 1 }
|
|
|
|
cmSecurityUserComment OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Notes on Security User."
|
|
::= { cmSecurityUserEntry 2 }
|
|
|
|
cmSecurityUserPrivLevel OBJECT-TYPE
|
|
SYNTAX CmSecurityPrivLevel
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security User Privilege Level."
|
|
::= { cmSecurityUserEntry 3 }
|
|
|
|
cmSecurityUserLoginTimeout OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security User Login Timeout."
|
|
::= { cmSecurityUserEntry 4 }
|
|
|
|
cmSecurityUserNumFailedLoginAttempts OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security User Number of Failed Login Attempts."
|
|
::= { cmSecurityUserEntry 5 }
|
|
|
|
cmSecurityUserLastLoginTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security User Last Login Time."
|
|
::= { cmSecurityUserEntry 6 }
|
|
|
|
cmSecurityUserLockedout OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Whether the security user has been locked out."
|
|
::= { cmSecurityUserEntry 7 }
|
|
|
|
cmSecurityUserLastLockedoutTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security User Last Locked out Time."
|
|
::= { cmSecurityUserEntry 8 }
|
|
|
|
cmSecurityUserCliPagingEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Whether the security user has CLI paging enabled."
|
|
::= { cmSecurityUserEntry 9 }
|
|
|
|
cmSecurityUserRemoteUser OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Whether the security user is a remote user."
|
|
::= { cmSecurityUserEntry 10 }
|
|
|
|
cmSecurityUserPassword OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Password of the security user.
|
|
Note that this attribute is a SET only attribute."
|
|
::= { cmSecurityUserEntry 11 }
|
|
|
|
cmSecurityUserStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of storage configured for this entry."
|
|
::= { cmSecurityUserEntry 12 }
|
|
|
|
cmSecurityUserRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this row.
|
|
An entry MUST NOT exist in the active state unless all
|
|
objects in the entry have an appropriate value, as described
|
|
in the description clause for each writable object.
|
|
|
|
The values of cmSecurityUserRowStatus supported are
|
|
createAndGo(4) and destroy(6). All mandatory attributes
|
|
must be specified in a single SNMP SET request with
|
|
cmSecurityUserRowStatus value as createAndGo(4).
|
|
Upon successful row creation, this object has a
|
|
value of active(1).
|
|
|
|
The cmSecurityUserRowStatus object may be modified if
|
|
the associated instance of this object is equal to active(1)."
|
|
::= { cmSecurityUserEntry 13 }
|
|
|
|
cmSecurityUserAction OBJECT-TYPE
|
|
SYNTAX SecurityUserAction
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object provides ability to perform specific actions on security user.
|
|
remove-lockout - this removes the locked out condition on the security user
|
|
."
|
|
::= { cmSecurityUserEntry 14 }
|
|
|
|
cmSecurityCryptoPassword OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Second level password used in connectguard configurations.
|
|
This applies only to crypto users.
|
|
Note that this attribute is a SET only attribute."
|
|
::= { cmSecurityUserEntry 15 }
|
|
|
|
cmSecurityUserRemoteCryptoUser OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates if a security user is a remote crypto user."
|
|
::= { cmSecurityUserEntry 16 }
|
|
|
|
cmSecurityUserSso2fa OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If enabled, user can be used to bypass remote authentication if
|
|
cmSso2faControl is enabled. This parameter can only be set on user creation"
|
|
::= { cmSecurityUserEntry 17 }
|
|
|
|
--
|
|
-- Remote Authentication Server Table
|
|
--
|
|
cmRemoteAuthServerTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CmRemoteAuthServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of entries corresponding to the remote authentication
|
|
servers.
|
|
Entries cannot be created in this table by management
|
|
application action."
|
|
::= { cmSecurityObjects 6 }
|
|
|
|
|
|
cmRemoteAuthServerEntry OBJECT-TYPE
|
|
SYNTAX CmRemoteAuthServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing information applicable to a particular
|
|
remote authentication server."
|
|
INDEX { cmRemoteAuthServerIndex }
|
|
::= { cmRemoteAuthServerTable 1 }
|
|
|
|
|
|
CmRemoteAuthServerEntry ::= SEQUENCE {
|
|
cmRemoteAuthServerIndex Integer32,
|
|
cmRemoteAuthServerEnabled TruthValue,
|
|
cmRemoteAuthServerOrder CmRemoteAuthOrder,
|
|
cmRemoteAuthServerIpAddress IpAddress,
|
|
cmRemoteAuthServerPort Integer32,
|
|
cmRemoteAuthServerNumRetries Integer32,
|
|
cmRemoteAuthServerTimeout Integer32,
|
|
cmRemoteAuthServerSecret DisplayString,
|
|
cmRemoteAuthServerAccountingPort Integer32,
|
|
cmRemoteAuthServerIpVersion IpVersion,
|
|
cmRemoteAuthServerIpv6Addr Ipv6Address
|
|
}
|
|
|
|
cmRemoteAuthServerIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Unique index to address/configure a specific Remote
|
|
Authentication Server."
|
|
::= { cmRemoteAuthServerEntry 1 }
|
|
|
|
cmRemoteAuthServerEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows enabling/disabling a Remote Authentication Server."
|
|
::= { cmRemoteAuthServerEntry 2 }
|
|
|
|
cmRemoteAuthServerOrder OBJECT-TYPE
|
|
SYNTAX CmRemoteAuthOrder
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object determines the order in which the Remote
|
|
Authentication Servers are accessed for security information."
|
|
::= { cmRemoteAuthServerEntry 3 }
|
|
|
|
cmRemoteAuthServerIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows to specify an IP Address for the Remote
|
|
Authentication Server."
|
|
::= { cmRemoteAuthServerEntry 4 }
|
|
|
|
cmRemoteAuthServerPort OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows to specify a Port for Remote Authentication
|
|
Server."
|
|
::= { cmRemoteAuthServerEntry 5 }
|
|
|
|
cmRemoteAuthServerNumRetries OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows to specify the number of retries the Remote
|
|
Authentication Server must be tried for security access before
|
|
giving up."
|
|
::= { cmRemoteAuthServerEntry 6 }
|
|
|
|
cmRemoteAuthServerTimeout OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows to specify the timeout period for timing
|
|
out a security access request to the Remote Authentication Server."
|
|
::= { cmRemoteAuthServerEntry 7 }
|
|
|
|
cmRemoteAuthServerSecret OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This allows configuration of secret password for Remote
|
|
Authentication Server request."
|
|
::= { cmRemoteAuthServerEntry 8 }
|
|
|
|
cmRemoteAuthServerAccountingPort OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows to specify a Port for RADIUS Accounting."
|
|
::= { cmRemoteAuthServerEntry 9 }
|
|
|
|
cmRemoteAuthServerIpVersion OBJECT-TYPE
|
|
SYNTAX IpVersion
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object describe the Ip Version."
|
|
::= { cmRemoteAuthServerEntry 10 }
|
|
|
|
cmRemoteAuthServerIpv6Addr OBJECT-TYPE
|
|
SYNTAX Ipv6Address
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object describe the Ipv6 Address."
|
|
::= { cmRemoteAuthServerEntry 11 }
|
|
|
|
--
|
|
-- USM User Extension Table
|
|
--
|
|
f3UsmUserTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF F3UsmUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table is the extension of the F3 USM User Table."
|
|
::= { cmSecurityObjects 9 }
|
|
|
|
f3UsmUserEntry OBJECT-TYPE
|
|
SYNTAX F3UsmUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the F3 USM User Table."
|
|
AUGMENTS { usmUserEntry }
|
|
::= { f3UsmUserTable 1 }
|
|
|
|
F3UsmUserEntry ::= SEQUENCE {
|
|
f3UsmUserAccessType UsmUserAccessType
|
|
}
|
|
|
|
f3UsmUserAccessType OBJECT-TYPE
|
|
SYNTAX UsmUserAccessType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This indicates the type of USM User, read-only, read-write, trap-only."
|
|
::= { f3UsmUserEntry 1 }
|
|
|
|
f3PrivilegeChangeTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF F3PrivilegeChangeEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "This table is used for Restricted User Login via NMS.
|
|
This is for users with lower privileges to elevate them to higher ones for limited amount of time."
|
|
::= { cmSecurityObjects 15 }
|
|
|
|
f3PrivilegeChangeEntry OBJECT-TYPE
|
|
SYNTAX F3PrivilegeChangeEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Column for privilegeChangeTable."
|
|
INDEX { f3PrivilegeChangeId }
|
|
::= { f3PrivilegeChangeTable 1 }
|
|
|
|
F3PrivilegeChangeEntry ::= SEQUENCE {
|
|
f3PrivilegeChangeId Unsigned32,
|
|
f3PrivilegeChangeUserName SnmpAdminString,
|
|
f3PrivilegeChangeIpv4Address IpAddress,
|
|
f3PrivilegeChangeIpv6Address Ipv6Address,
|
|
f3PrivilegeChangeTerminalIpv4Address IpAddress,
|
|
f3PrivilegeChangeTerminalIpv6Address Ipv6Address,
|
|
f3PrivilegeChangeInterface UserInterfaceType,
|
|
f3PrivilegeChangeCurrentPrivilege CmSecurityPrivLevel,
|
|
f3PrivilegeChangeRequestedPrivilege CmSecurityPrivLevel,
|
|
f3PrivilegeChangeDuration Unsigned32,
|
|
f3PrivilegeChangeAction PrivilegeRequestAction,
|
|
f3PrivilegeChangeState PrivilegeRequestState,
|
|
f3PrivilegeChangeRemainingTime Unsigned32,
|
|
f3PrivilegeChangeRemoteName SnmpAdminString
|
|
}
|
|
|
|
f3PrivilegeChangeId OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Unique index identifying a request."
|
|
::= { f3PrivilegeChangeEntry 1 }
|
|
|
|
f3PrivilegeChangeUserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name string for user authentication purposes"
|
|
::= { f3PrivilegeChangeEntry 2 }
|
|
|
|
f3PrivilegeChangeIpv4Address OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPv4 address of interface to which user's terminal is connected."
|
|
::= { f3PrivilegeChangeEntry 3 }
|
|
|
|
f3PrivilegeChangeIpv6Address OBJECT-TYPE
|
|
SYNTAX Ipv6Address
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IPv6 address of interface to which user's terminal is connected."
|
|
::= { f3PrivilegeChangeEntry 4 }
|
|
|
|
f3PrivilegeChangeTerminalIpv4Address OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IPv4 address of connected terminal."
|
|
::= { f3PrivilegeChangeEntry 5 }
|
|
|
|
f3PrivilegeChangeTerminalIpv6Address OBJECT-TYPE
|
|
SYNTAX Ipv6Address
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IPv6 address of connected terminal."
|
|
::= { f3PrivilegeChangeEntry 6 }
|
|
|
|
f3PrivilegeChangeInterface OBJECT-TYPE
|
|
SYNTAX UserInterfaceType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Interface used by the user"
|
|
::= { f3PrivilegeChangeEntry 7 }
|
|
|
|
f3PrivilegeChangeCurrentPrivilege OBJECT-TYPE
|
|
SYNTAX CmSecurityPrivLevel
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Current privilege level of the user, who is requesting role upgrade."
|
|
::= { f3PrivilegeChangeEntry 8 }
|
|
|
|
f3PrivilegeChangeRequestedPrivilege OBJECT-TYPE
|
|
SYNTAX CmSecurityPrivLevel
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Privilege requested by user for session."
|
|
::= { f3PrivilegeChangeEntry 9 }
|
|
|
|
f3PrivilegeChangeDuration OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..480)
|
|
UNITS "minutes"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Requested time period by user (in minutes)."
|
|
::= { f3PrivilegeChangeEntry 10 }
|
|
|
|
f3PrivilegeChangeAction OBJECT-TYPE
|
|
SYNTAX PrivilegeRequestAction
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Privilege request action."
|
|
::= { f3PrivilegeChangeEntry 11 }
|
|
|
|
f3PrivilegeChangeState OBJECT-TYPE
|
|
SYNTAX PrivilegeRequestState
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Privilege request state."
|
|
::= { f3PrivilegeChangeEntry 12 }
|
|
|
|
f3PrivilegeChangeRemainingTime OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Time remaining in session with upgrade user privilege (in seconds)."
|
|
::= { f3PrivilegeChangeEntry 13 }
|
|
|
|
f3PrivilegeChangeRemoteName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name string for Radius/Tacacs authentication purposes."
|
|
::= { f3PrivilegeChangeEntry 14 }
|
|
|
|
--
|
|
-- CA Profile Table
|
|
--
|
|
|
|
f3CaProfileTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF F3CaProfileEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of Certificate Authority Profiles."
|
|
::= { cmSecurityObjects 29 }
|
|
|
|
f3CaProfileEntry OBJECT-TYPE
|
|
SYNTAX F3CaProfileEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A conceptual row in the f3CaProfileTable."
|
|
INDEX { f3CaProfileIndex }
|
|
::= { f3CaProfileTable 1 }
|
|
|
|
F3CaProfileEntry ::= SEQUENCE {
|
|
f3CaProfileIndex Unsigned32,
|
|
f3CaProfileName DisplayString,
|
|
f3CaProfileEnrollmentProtocol CertificateEnrollmentProtocol,
|
|
f3CaProfileHttpPort Unsigned32,
|
|
f3CaProfileAutoRenewalControl TruthValue,
|
|
f3CaProfileRenewalPercentLifetime Unsigned32,
|
|
f3CaProfileRenewalNewKeyPairGenControl TruthValue,
|
|
f3CaProfileStorageType StorageType,
|
|
f3CaProfileRowStatus RowStatus
|
|
}
|
|
|
|
f3CaProfileIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An integer index used to identify this CA Profile."
|
|
::= { f3CaProfileEntry 1 }
|
|
|
|
f3CaProfileName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object provides name for this CA Profile."
|
|
::= { f3CaProfileEntry 2 }
|
|
|
|
f3CaProfileEnrollmentProtocol OBJECT-TYPE
|
|
SYNTAX CertificateEnrollmentProtocol
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows to specify type of protocol used for
|
|
automatic certificate enrollment."
|
|
DEFVAL { scep }
|
|
::= { f3CaProfileEntry 3 }
|
|
|
|
f3CaProfileHttpPort OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This obect allows to specify TCP port number used by
|
|
enrollment protocol."
|
|
DEFVAL { 80 }
|
|
::= { f3CaProfileEntry 4 }
|
|
|
|
f3CaProfileAutoRenewalControl OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This obect allows to specify whether the client
|
|
certificate is automatically renewed or re-enrolled."
|
|
DEFVAL { true }
|
|
::= { f3CaProfileEntry 5 }
|
|
|
|
f3CaProfileRenewalPercentLifetime OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..100)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This obect allows to specify percentage of certificate
|
|
lifetime at which point the automatic certificate
|
|
renewal process begins."
|
|
DEFVAL { 75 }
|
|
::= { f3CaProfileEntry 6 }
|
|
|
|
f3CaProfileRenewalNewKeyPairGenControl OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This obect allows to specify if the RSA key pair is
|
|
regenerated prior to each certificate renewal."
|
|
DEFVAL { false }
|
|
::= { f3CaProfileEntry 7 }
|
|
|
|
f3CaProfileStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of storage configured for this entry."
|
|
::= { f3CaProfileEntry 8 }
|
|
|
|
f3CaProfileRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this row.
|
|
An entry MUST NOT exist in the active state unless all
|
|
objects in the entry have an appropriate value, as described
|
|
in the description clause for each writable object.
|
|
|
|
The values of f3CaProfileRowStatus supported are
|
|
createAndGo(4) and destroy(6). All mandatory attributes
|
|
must be specified in a single SNMP SET request with
|
|
f3CaProfileRowStatus value as createAndGo(4).
|
|
Upon successful row creation, this object has a
|
|
value of active(1).
|
|
|
|
The f3CaProfileRowStatus object may be modified if
|
|
the associated instance of this object is equal to active(1)."
|
|
::= { f3CaProfileEntry 9 }
|
|
|
|
|
|
f3CaTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF F3CaEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of Certificate Authority object used for certificate
|
|
enrollment with CA."
|
|
::= { cmSecurityObjects 30 }
|
|
|
|
f3CaEntry OBJECT-TYPE
|
|
SYNTAX F3CaEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The conceptual row in f3CaTable."
|
|
INDEX { f3CaName }
|
|
|
|
::= { f3CaTable 1 }
|
|
|
|
F3CaEntry ::= SEQUENCE {
|
|
f3CaName DisplayString,
|
|
f3CaProfile VariablePointer,
|
|
f3CaUrl DisplayString,
|
|
f3CaCertList DisplayString,
|
|
f3CaRootCertStatus CaRootCertStatus,
|
|
f3CaLastCsr DisplayString,
|
|
f3CaAction CaAction,
|
|
f3CaActionCsrName DisplayString,
|
|
f3CaActionChallengePassword DisplayString,
|
|
f3CaStorageType StorageType,
|
|
f3CaRowStatus RowStatus
|
|
}
|
|
|
|
f3CaName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..64))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Unique name used to identify this CA."
|
|
::= { f3CaEntry 1 }
|
|
|
|
f3CaProfile OBJECT-TYPE
|
|
SYNTAX VariablePointer
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object provides a pointer to CA Profile used for this CA."
|
|
::= { f3CaEntry 2 }
|
|
|
|
f3CaUrl OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..256))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object provides the URL for certificate enrollment with CA."
|
|
::= { f3CaEntry 3 }
|
|
|
|
f3CaScepQueryMessage OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..512))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object provides the SCEP Query Message for certificate
|
|
enrollment with CA."
|
|
::= { f3CaEntry 4 }
|
|
|
|
f3CaCertList OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..256))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object provides list of CA certificates sent by the CA as
|
|
the chain of trust."
|
|
::= { f3CaEntry 5 }
|
|
|
|
f3CaRootCertStatus OBJECT-TYPE
|
|
SYNTAX CaRootCertStatus
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object provides CA root certificate status."
|
|
::= { f3CaEntry 6 }
|
|
|
|
f3CaLastCsr OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object provides last CSR name in an enrollment process."
|
|
::= { f3CaEntry 7 }
|
|
|
|
f3CaAction OBJECT-TYPE
|
|
SYNTAX CaAction
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies a CA Action."
|
|
::= { f3CaEntry 8 }
|
|
|
|
f3CaActionCsrName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies a CSR Name.
|
|
Applicable to startAutoEnrollment action."
|
|
::= { f3CaEntry 9 }
|
|
|
|
f3CaActionChallengePassword OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies a challenge password.
|
|
Applicable to startAutoEnrollment action."
|
|
::= { f3CaEntry 10 }
|
|
|
|
f3CaStorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of storage configured for this entry."
|
|
::= { f3CaEntry 11 }
|
|
|
|
f3CaRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this row.
|
|
An entry MUST NOT exist in the active state unless all
|
|
objects in the entry have an appropriate value, as described
|
|
in the description clause for each writable object.
|
|
|
|
The values of f3CaRowStatus supported are
|
|
createAndGo(4) and destroy(6). All mandatory attributes
|
|
must be specified in a single SNMP SET request with
|
|
f3CaRowStatus value as createAndGo(4).
|
|
Upon successful row creation, this variable has a
|
|
value of active(1).
|
|
|
|
The f3CaRowStatus object may be modified if
|
|
the associated instance of this object is equal to active(1)."
|
|
::= { f3CaEntry 12 }
|
|
|
|
|
|
---
|
|
---Notifications
|
|
---
|
|
f3SecurityTrap NOTIFICATION-TYPE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is security trap. Security traps are reported
|
|
according to value of f3SecurityTrapType object."
|
|
::= { cmSecurityNotifications 1 }
|
|
|
|
f3PrivilegeChangeTrap NOTIFICATION-TYPE
|
|
OBJECTS { f3PrivilegeChangeState,
|
|
f3PrivilegeChangeUserName,
|
|
f3PrivilegeChangeIpv4Address,
|
|
f3PrivilegeChangeIpv6Address,
|
|
f3PrivilegeChangeTerminalIpv4Address,
|
|
f3PrivilegeChangeTerminalIpv6Address,
|
|
f3PrivilegeChangeInterface,
|
|
f3PrivilegeChangeCurrentPrivilege,
|
|
f3PrivilegeChangeRequestedPrivilege,
|
|
f3PrivilegeChangeDuration
|
|
}
|
|
STATUS current
|
|
DESCRIPTION "This trap is sent every time a privilege change request is changed (added, modified, removed)."
|
|
::= { cmSecurityNotifications 2 }
|
|
--
|
|
-- Conformance
|
|
--
|
|
cmSecurityCompliances OBJECT IDENTIFIER ::= {cmSecurityConformance 1}
|
|
cmSecurityGroups OBJECT IDENTIFIER ::= {cmSecurityConformance 2}
|
|
|
|
cmSecurityCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Describes the requirements for conformance to the CM Security
|
|
group."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
cmSecurityObjectGroup
|
|
}
|
|
::= { cmSecurityCompliances 1 }
|
|
|
|
cmSecurityObjectGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cmAuthProtocol, cmAccessOrder, cmAuthType, cmNASIpAddress,
|
|
cmSecurityPolicyStrength, cmRemoteAuthServerAccountingEnabled,
|
|
cmAnonymizeLogTimeInDays, f3Sso2faControl, f3NasIpAddressType,
|
|
f3SshCipherStrengthHighControl,
|
|
|
|
f3TacacsPrivLevelControlEnabled, f3TacacsDefaultPrivLevel,
|
|
f3NasIpv6Addr, f3SecurityTrapType, f3SecurityTrapInfo,
|
|
|
|
cmSecurityUserName, cmSecurityUserComment, cmSecurityUserPrivLevel,
|
|
cmSecurityUserLoginTimeout, cmSecurityUserNumFailedLoginAttempts,
|
|
cmSecurityUserLastLoginTime, cmSecurityUserLockedout,
|
|
cmSecurityUserLastLockedoutTime, cmSecurityUserCliPagingEnable,
|
|
cmSecurityUserRemoteUser, cmSecurityUserPassword,
|
|
cmSecurityUserStorageType, cmSecurityUserRowStatus,
|
|
cmSecurityUserAction, cmSecurityCryptoPassword,
|
|
cmSecurityUserRemoteCryptoUser, cmSecurityUserSso2fa,
|
|
|
|
cmRemoteAuthServerIndex, cmRemoteAuthServerEnabled,
|
|
cmRemoteAuthServerOrder, cmRemoteAuthServerIpAddress,
|
|
cmRemoteAuthServerPort, cmRemoteAuthServerNumRetries,
|
|
cmRemoteAuthServerTimeout, cmRemoteAuthServerSecret,
|
|
cmRemoteAuthServerAccountingPort, cmRemoteAuthServerIpVersion,
|
|
cmRemoteAuthServerIpv6Addr,
|
|
|
|
f3UsmUserAccessType,
|
|
|
|
f3PrivilegeChangeUserName,
|
|
f3PrivilegeChangeIpv4Address, f3PrivilegeChangeIpv6Address,
|
|
f3PrivilegeChangeTerminalIpv4Address, f3PrivilegeChangeTerminalIpv6Address,
|
|
f3PrivilegeChangeInterface, f3PrivilegeChangeCurrentPrivilege,
|
|
f3PrivilegeChangeRequestedPrivilege, f3PrivilegeChangeDuration,
|
|
f3PrivilegeChangeAction, f3PrivilegeChangeState, f3PrivilegeChangeRemainingTime,
|
|
f3PrivilegeChangeRemoteName, f3RadiusSendVendorAvpEnabled, f3RadiusRealm,
|
|
|
|
icmpV4Filter, icmpV4DropEchoRequests,
|
|
icmpV6Filter, icmpV6DropEchoRequests, icmpV6DropNeighborSolicitation,
|
|
icmpV6DropRouterAdvertisement, icmpV6DropNeighborAdvertisement,
|
|
icmpV6DropRouterSolicitation,
|
|
f3FipsOperationMode,
|
|
f3FipsSecuritySelfTestFailureCount,
|
|
f3FipsSecuritySelfTestResult,
|
|
f3FipsSecuritySelfTestStatus,
|
|
f3FipsAction,
|
|
|
|
f3HttpsSslCertExpNotifPeriod,
|
|
f3HttpsSslKeyPair,
|
|
f3SslCertificateAction,
|
|
f3SslCertificateActionPairName,
|
|
f3SslCertificatePrivateKeyPairName,
|
|
f3SslCertificatePrivateKeyPairSslCertificate,
|
|
f3SslCertificatePrivateKeyPairPrivateKeyPresent,
|
|
|
|
f3RsaKeyPairName, f3RsaKeyPairPublicKey,
|
|
f3RsaKeyPairAction, f3RsaKeyPairActionName, f3RsaKeyPairActionLength,
|
|
f3CsrAction, f3CsrActionCsrName, f3CsrActionRsaKeyName,
|
|
f3CsrActionCountry, f3CsrActionState, f3CsrActionLocality,
|
|
f3CsrActionOrganization, f3CsrActionOrganizationUnit,
|
|
f3CsrActionCommonName, f3CsrActionEmail,
|
|
f3CsrActionSerialNumber, f3CsrActionAlternativeName,
|
|
f3CertSigningRequestName, f3CertSigningRequestRsaKeyPairName,
|
|
f3CertSigningRequestCsrData, f3CertSigningRequestAutoEnrollmentStatus,
|
|
f3SslCertificatePrivateKeyPairRsaKeyPairName,
|
|
f3SslCertificatePrivateKeyPairCertificateType,
|
|
f3SslCertificatePrivateKeyPairCertificateStatus,
|
|
f3SslCertificatePrivateKeyPairAction,
|
|
f3SslCertificateActionKeyName,
|
|
|
|
f3CaProfileName, f3CaProfileEnrollmentProtocol, f3CaProfileHttpPort,
|
|
f3CaProfileAutoRenewalControl, f3CaProfileRenewalPercentLifetime,
|
|
f3CaProfileRenewalNewKeyPairGenControl,
|
|
f3CaProfileStorageType, f3CaProfileRowStatus,
|
|
f3CaProfile, f3CaScepQueryMessage, f3CaUrl, f3CaCertList, f3CaRootCertStatus,
|
|
f3CaLastCsr, f3CaAction, f3CaActionCsrName, f3CaActionChallengePassword,
|
|
f3CaStorageType, f3CaRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects used to manage the CM Security
|
|
group."
|
|
::= { cmSecurityGroups 1 }
|
|
|
|
cmSecurityNotifGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
f3SecurityTrap
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of notifications used in the CM Security
|
|
group."
|
|
::= { cmSecurityGroups 2 }
|
|
|
|
END
|