-- -- CVS ID: $Id: firewall.mib,v 1.3.38.1 1999/10/16 01:39:29 gsairam Exp $ -- ASCEND-FIREWALL-MIB DEFINITIONS ::= BEGIN IMPORTS firewallGroup FROM ASCEND-MIB DisplayString FROM ASCEND-MIB IpAddress FROM RFC1155-SMI OBJECT-TYPE FROM RFC-1212; firewallStatus OBJECT IDENTIFIER ::= { firewallGroup 1 } firewallControl OBJECT IDENTIFIER ::= { firewallGroup 2 } -- -- Firewall Control Protocol group. This group of variables allows -- external entities to dynamically alter Ascend Secure Access firewalls -- by allowing them to request the creation and destruction of "dynamic -- rules". Each dynamic rule has a name as well as a set of standard -- parameters that control the behavior of the rule. -- -- sysFcpExecute is a "trigger" for the Fcp group. Any number of requests -- may be used to prepare the other variables in the group; when the -- management station is satisfied that all the variables are set, it -- can trigger the firewall action by SETting the sysFcpExecute variable -- to either "enb-rule" to cause a dynamic rule to be created, or "dis-rule" -- to cause an existing dynamic rule to be disabled. -- -- The parameters and trigger should all be set in the same SNMP packet, -- in case multiple management stations are using FCP. -- fwallCtrlRuleName OBJECT-TYPE SYNTAX DisplayString ACCESS read-write STATUS mandatory DESCRIPTION "The name of the firewall rule to be enabled or disabled. This name corresponds with a name established when the firewall was created (as by the Secure Access Manager). There is no valid default value." ::= { firewallControl 1 } fwallCtrlExecute OBJECT-TYPE SYNTAX INTEGER { no-op( 1 ), enb-rule( 2 ), dis-rule( 3 ) } ACCESS read-write STATUS mandatory DESCRIPTION "Cause a firewall given by the above parameters to be affected as requested. enb-rule causes a dynamic rule to be created; dis-rule causes a dynamic rule to cease operating. Default to 1 (no-op)." ::= { firewallControl 2 } fwallCtrlTimeOut OBJECT-TYPE SYNTAX INTEGER (0..2147483647) ACCESS read-write STATUS mandatory DESCRIPTION "Time, expressed in seconds, during which this firewall rule will effect the firewall. After the expiration time, the rule will cease being effective exactly as if a del-rule (see fwallCtrlExecute above) had been executed on it. Default is defined in the firewall as defined by the firewall designer, and if none is given in the firewall, it is 3600 seconds." -- DEFVAL { 3600 } ::= { firewallControl 3 } fwallCtrlExtAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "Address of entity outside firewall. This value defaults to 0.0.0.0, equivalent to a don't care. May be used when selecting firewall to be updated (see fwallCtrlRoutAddr). The default value of zero could match any real IP address if ExtAddrMask is zero, otherwise it would match NO IP address." -- DEFVAL { 0.0.0.0 } ::= { firewallControl 4 } fwallCtrlExtAddrMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "Netmask of entity outside firewall. This value defaults to 255.255.255.255, equivalent to a host address if fwallCtrlExtAddr is non-zero." -- DEFVAL { 255.255.255.255 } ::= { firewallControl 5 } fwallCtrlExtPort OBJECT-TYPE SYNTAX INTEGER (0..2147483647) ACCESS read-write STATUS mandatory DESCRIPTION "For external entity, specifies a port number. Defaults to 0, equivalent to don't care." -- DEFVAL { 0 } ::= { firewallControl 6 } fwallCtrlExtPortMax OBJECT-TYPE SYNTAX INTEGER (0..2147483647) ACCESS read-write STATUS mandatory DESCRIPTION "For external entity, specifies the maximum port number of a range of ports. Defaults to 0, equivalent to specifying a single port number if fwallCtrlExtPort is nonzero." -- DEFVAL { 0 } ::= { firewallControl 7 } fwallCtrlIntAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "Address of entity inside firewall. This value defaults to 0.0.0.0, equivalent to a don't care." -- DEFVAL { 0.0.0.0 } ::= { firewallControl 8 } fwallCtrlIntAddrMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "Netmask of entity inside firewall. This value defaults to 255.255.255.255, equivalent to a host address if fwallCtrlIntAddr is non-zero." -- DEFVAL { 0.0.0.0 } ::= { firewallControl 9 } fwallCtrlIntPort OBJECT-TYPE SYNTAX INTEGER (0..2147483647) ACCESS read-write STATUS mandatory DESCRIPTION "For Internal entity, specifies a port number. Defaults to 0, equivalent to don't care." -- DEFVAL { 0 } ::= { firewallControl 10 } fwallCtrlIntPortMax OBJECT-TYPE SYNTAX INTEGER (0..2147483647) ACCESS read-write STATUS mandatory DESCRIPTION "For Internal entity, specifies the maximum port number of a range of ports. Defaults to 0, equivalent to specifying a single port number if fwallCtrlIntPort is nonzero." -- DEFVAL { 0 } ::= { firewallControl 11 } fwallCtrlRoutAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This address may be supplied by the management station to choose a firewall for alteration. The default for this address is 0.0.0.0, which would cause the router to use fwallCtrlExtAddr to choose its firewall instead." -- DEFVAL { 0.0.0.0 } ::= { firewallControl 12 } fwallCtrlAddrOpts OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "Firewall requests may require additional bit- encoded options to determine the firewall's new behavior. This options variable is a mechanism to allow those options to be defined at a later date. Until then, this variable really has no meaning." ::= { firewallControl 13 } END