305 lines
7.9 KiB
Plaintext
305 lines
7.9 KiB
Plaintext
SL-SECU-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE,
|
|
Integer32, transmission, IpAddress
|
|
FROM SNMPv2-SMI
|
|
InterfaceIndex FROM IF-MIB
|
|
DisplayString, TruthValue, RowStatus, DateAndTime
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE, OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
slMain FROM SL-MAIN-MIB;
|
|
|
|
-- This is the MIB module for PL security.
|
|
|
|
|
|
slSecuMib MODULE-IDENTITY
|
|
LAST-UPDATED "201105170000Z"
|
|
ORGANIZATION "PacketLight Networks Ltd."
|
|
CONTACT-INFO
|
|
"Omri_Viner@PacketLight.com"
|
|
DESCRIPTION
|
|
"This security module. This mib is used to configure the firewall."
|
|
::= { slMain 24 }
|
|
|
|
|
|
SlSecuType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The security protocol types:
|
|
Telnet - CLI
|
|
SSH - Secured Telnet
|
|
HTTP - Hyper Text
|
|
HTTPS - Secured HTTP
|
|
ICMP - Ping
|
|
SNMP - Simple Network Management (only 161 is supported)
|
|
FTP - File Transfer
|
|
TFTP - Trivial FTP
|
|
TL1 - TL1 over Telnet
|
|
TL1SSH - TL1 over SSH
|
|
WL - White list (port number is 0)
|
|
SNMPOVERTCP - SNMP over TCP
|
|
SFTP - Client side"
|
|
SYNTAX INTEGER {
|
|
telnet(1),
|
|
ssh(2),
|
|
http(3),
|
|
https(4),
|
|
icmp(5),
|
|
snmp(6),
|
|
ftp(7),
|
|
tftp(8),
|
|
tl1(9),
|
|
tl1ssh(10),
|
|
wl(11),
|
|
snmpovertcp(12),
|
|
sftp(13)
|
|
}
|
|
|
|
|
|
slSecuGen OBJECT IDENTIFIER ::= { slSecuMib 1 }
|
|
slSecuSelect OBJECT IDENTIFIER ::= { slSecuMib 2 }
|
|
slSecuWl OBJECT IDENTIFIER ::= { slSecuMib 3 }
|
|
slSecuEncryption OBJECT IDENTIFIER ::= { slSecuMib 4 }
|
|
|
|
|
|
-- The Security general part
|
|
|
|
slSecuFirewallEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"General Enable/Disable of the firewall operation."
|
|
::= { slSecuGen 1 }
|
|
|
|
|
|
-- The Security Selection Table
|
|
|
|
slSecuSelectTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SlSecuSelectEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The security protocol selection table."
|
|
::= { slSecuSelect 1 }
|
|
|
|
slSecuSelectEntry OBJECT-TYPE
|
|
SYNTAX SlSecuSelectEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the security selection table."
|
|
INDEX { slSecuSelectType }
|
|
::= { slSecuSelectTable 1 }
|
|
|
|
SlSecuSelectEntry ::=
|
|
SEQUENCE {
|
|
slSecuSelectType SlSecuType,
|
|
slSecuSelectPort INTEGER,
|
|
slSecuSelectEnable TruthValue
|
|
}
|
|
|
|
slSecuSelectType OBJECT-TYPE
|
|
SYNTAX SlSecuType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The secutity protocol type"
|
|
::= { slSecuSelectEntry 1 }
|
|
|
|
slSecuSelectPort OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The corresponding port number of the protocol.
|
|
Port number 0 is used when not applicable/available."
|
|
::= { slSecuSelectEntry 2 }
|
|
|
|
slSecuSelectEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"True - Enables the firewall for the corresponding protocol.
|
|
False - Dsables the firewall for the corresponding protocol.
|
|
When enabled the firewall blocks the protocol."
|
|
::= { slSecuSelectEntry 3 }
|
|
|
|
|
|
|
|
-- IP White List Table
|
|
|
|
-- The IP white list Table odefine which IP addresses are allowed.
|
|
|
|
slSecuWlTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SlSecuWlEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This white list table."
|
|
::= { slSecuWl 1 }
|
|
|
|
slSecuWlEntry OBJECT-TYPE
|
|
SYNTAX SlSecuWlEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A particular IP address."
|
|
INDEX { slSecuWlIp }
|
|
::= { slSecuWlTable 1 }
|
|
|
|
SlSecuWlEntry ::=
|
|
SEQUENCE {
|
|
slSecuWlIp
|
|
IpAddress,
|
|
slSecuWlMask
|
|
IpAddress,
|
|
slSecuWlStatus
|
|
RowStatus
|
|
}
|
|
|
|
slSecuWlIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address to allow"
|
|
::= { slSecuWlEntry 1 }
|
|
|
|
slSecuWlMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicate the mask to be logical-ANDed with the
|
|
destination address before being compared to
|
|
the value in the slSecuWlIp field."
|
|
::= { slSecuWlEntry 2 }
|
|
|
|
slSecuWlStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status variable, used according to
|
|
row installation and removal conventions."
|
|
::= { slSecuWlEntry 3 }
|
|
|
|
|
|
-- *******************************************
|
|
--
|
|
-- The Encryption Table
|
|
--
|
|
-- *******************************************
|
|
|
|
slSecuEncryptionTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SlSecuEncryptionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The encryption table. This table has an entry per transponder."
|
|
::= { slSecuEncryption 1 }
|
|
|
|
slSecuEncryptionEntry OBJECT-TYPE
|
|
SYNTAX SlSecuEncryptionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This entry is used to control the necryption per transponder."
|
|
INDEX { slSecuEncryptionIfIndex }
|
|
::= { slSecuEncryptionTable 1 }
|
|
|
|
SlSecuEncryptionEntry ::=
|
|
SEQUENCE {
|
|
slSecuEncryptionIfIndex InterfaceIndex,
|
|
slSecuEncryptionEnable TruthValue,
|
|
slSecuEncryptionStatus INTEGER,
|
|
slSecuEncryptionForceInit INTEGER,
|
|
slSecuEncryptionPreShared DisplayString,
|
|
slSecuEncryptionKeyExchangePeriod INTEGER,
|
|
slSecuEncryptionLock TruthValue,
|
|
slSecuEncryptionProtectedStatus INTEGER
|
|
}
|
|
|
|
slSecuEncryptionIfIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Interface Index of the uplink port."
|
|
::= { slSecuEncryptionEntry 1 }
|
|
|
|
slSecuEncryptionEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enable/Disable the encryption on this uplink."
|
|
::= { slSecuEncryptionEntry 2 }
|
|
|
|
slSecuEncryptionStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
init(1), --- init/link-failure state
|
|
exchange(2), --- public key exchange state
|
|
kdf(3), --- key derivation function state
|
|
active(4) --- active state
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The state of the encryption finite state machine."
|
|
::= { slSecuEncryptionEntry 3 }
|
|
|
|
slSecuEncryptionForceInit OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Writing this valiable forces init to the encryption state machine."
|
|
::= { slSecuEncryptionEntry 4 }
|
|
|
|
slSecuEncryptionPreShared OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The pre-shared secret.
|
|
Either the pre-shared key, or the shared secret to avoid Mitm when using DH public key exchange."
|
|
::= { slSecuEncryptionEntry 5 }
|
|
|
|
slSecuEncryptionKeyExchangePeriod OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Key Exchage Period, specified in minutes.
|
|
The value 0 means to perform the key exchange only once at link establishment."
|
|
::= { slSecuEncryptionEntry 6 }
|
|
|
|
slSecuEncryptionLock OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Lock/Unlock the encrypted service for this uplink."
|
|
::= { slSecuEncryptionEntry 7 }
|
|
|
|
slSecuEncryptionProtectedStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
init(1), --- init/link-failure state
|
|
exchange(2), --- public key exchange state
|
|
kdf(3), --- key derivation function state
|
|
active(4) --- active state
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protected port state of the encryption finite state machine."
|
|
::= { slSecuEncryptionEntry 8 }
|
|
|
|
|
|
END
|