CISCO-UNIFIED-FIREWALL-MIB: View SNMP OID List / Download MIB
VENDOR: CISCO
Home | MIB: CISCO-UNIFIED-FIREWALL-MIB | |||
---|---|---|---|---|
Download as: |
Download standard MIB format if you are planning to load a MIB file into some system (OS, Zabbix, PRTG ...) or view it with a MIB browser. CSV is more suitable for analyzing and viewing OID' and other MIB objects in excel. JSON and YAML formats are usually used in programing even though some systems can use MIB in YAML format (like Logstash).
|
|||
Object Name | OID | Type | Access | Info |
ciscoUnifiedFirewallMIB | 1.3.6.1.4.1.9.9.491 |
Overview of Cisco Firewall MIB ============================== This MIB Module models status and performance statistics pertaining to the common features supported by Cisco firewall implementations. For each firewall feature, capability (if applicable) and statistics are defined. Supporting the configuration of firewall features is outside the scope of this MIB. Following are the major firewall features: 1) 'Stateful Packet Filtering' Creating and maintaining the state of authorized traffic flows dynamically to permit only flows authorized by the policy is a mandatory function of a firewall. This MIB instruments the activity and memory usage by this function. 2) 'Application Inspection' This refers to the function of inspecting the headers of layer 3 and layer 4 protocols and creating dynamic entries in the connection table for traffic flows spawned by an already established traffic flow. This MIB reflects the protocols that are being inspected. 3) 'URL Filtering' This refers to the function of facilitating or restricting URL access requests through the firewall by consulting either local policy or that configured on a dedicated URL filtering server. This MIB instruments the URL filtering activity, the status and activity of distinct URL filtering servers configured on the firewall and the impact of the performance of the URL filtering servers on the latency and throughput of the firewall. 4) 'Proxy Authentication' This refers to the function of authenticating and/or authorizing users on behalf of servers on the secure side of the firewall. This operation could affect the throughput of the firewall. The MIB objects pertaining to Proxy Authentication will be defined in a subsequent revision of this MIB. 5) 'Transparent Mode Operation' A firewall could operate as a bridge and yet filter traffic based on layer 3-layer 7 control and payload information. Operating in this mode makes it easy to implement a firewall without fragmenting existing subnets. Another advantage of this mode of operation is enhanced security. This MIB instruments the status, activity, and performance of the firewall in this mode. Please note that to fully manage a firewall operating in this mode, the firewall must also support the bridge MIB (BRIDGE-MIB). 6) 'Advanced Application Inspection and Control' This function is also termed 'Application Firewall' and pertains to inspecting payload and headers of application traffic to make sure the traffic flows conform to the configured security policy. Monitoring this function entails identifying the security alerts generated by this function and measuring the impact on firewall performance by this task. Application Firewall will be instrumented in a separate MIB dedicated for the function. 7) 'Failover' or 'Redundancy' Redundancy configuration is essential for business critical firewalls. Instrumenting this function entails reflecting the configuration of redundancy and identifying failover events. The MIB objects pertaining to Proxy Authentication will be defined in a subsequent revision of this MIB. The management information for each firewall feature is defined in a distinct module compliance unit. The compliance units corresponding to basic features of firewalls are defined as mandatory. Acronyms ======== Following are definitions of some terms used in this module. Please refer to the module conformance for a glossary of feature-specific terms. `Firewall' A firewall is a set of related programs, implemented on a host or a network device, that protects the resources of a private network from users from other networks. Common firewalling functions include stateful packet filtering, proxy authentication of users on behalf of applications on the secure side of the firewall, URL access control, inspection of payload of traffic streams to determine security threats. `Layer2 Firewall' or 'Transparent Firewall' A firewall device that operates as a bridge while performing firewalling function. `Connection' The record in the firewall of a traffic strean that has been authorized to flow through the firewall. `Half Open Connection' For a connection oriented protocol: a connection that has not reached the established on both the sides of the connection. For a connection-less protocol: the connection corresponding to a traffic stream where traffic flow has occurred (since the establishment of the connection entry) only on one direction. `Embryonic Connection' The connection entry corresponding to an application layer protocol in which the signaling channel has been established while the setup of the data channel is underway. `Policy' An element of firewall configuration that identifies the access rights to a resource by a traffic source. An example of a policy is an Access Control Rule. `Policy Target' An entity to which a policy is applied so that the action corresponding to the policy is taken only on traffic streams associated with the entity. An example of a policy target is an interface. `URL Filtering Server' A server which is employed by the firewall to enforce URL access policies. `Protocol Data Unit' or PDU An instance of the unit of information using which a protocol operates is called the Protocol Data Unit or the PDU of the protocol. `Deep Packet Inspection' The task of examining the contents of the payloads of one or more layer 7 application protocols with a view to enforcing the local security policies termed 'Deep Packet Inspection'. `Advanced Application Inspection and Control' An entity that performs deep packet inspection of layer 7 application protocol data units is termed an 'Application Firewall'. |
||
ciscoUnifiedFirewallMIBNotifs | 1.3.6.1.4.1.9.9.491.0 | |||
ciscoUFwUrlfServerStateChange | 1.3.6.1.4.1.9.9.491.0.1 |
This notification is generated when the firewall elects a new primary URL filtering server from the existing set of configured servers. Such a change could occur either as a result of the current primary server becoming unavailable or as a result of explicit management action in nominating a filtering server the primary server. The notification is issued just before the change occurs. Consequently, the varbinds identify the attributes corresponding to the old primary server. This notification is issued if and only if the object 'cufwCntlUrlfServerStatusChange' has been set to 'true'. |
||
ciscoUFwL2StaticMacAddressMoved | 1.3.6.1.4.1.9.9.491.0.2 |
This notification is generated when the firewall detects the move of a static MAC address to a new port. Such a change could occur either as a result of physical move of the device with the MAC Address to the new port, due to management action of relocating the MAC address at the new location or due to MAC address spoofing. The varbinds identify the new location (port) of the MAC Address and its status at the new location. This notification is issued if and only if the object 'cufwCntlL2StaticMacAddressMoved' has been set to 'true'. |
||
ciscoUnifiedFirewallMIBObjects | 1.3.6.1.4.1.9.9.491.1 | |||
cuFwConnectionGrp | 1.3.6.1.4.1.9.9.491.1.1 | |||
cuFwConnectionGlobals | 1.3.6.1.4.1.9.9.491.1.1.1 | |||
cufwConnGlobalNumAttempted | 1.3.6.1.4.1.9.9.491.1.1.1.1 | counter64 | read-only |
Connection Statistics Aggregation Connection 1 +-----------+ ------------->| |-------> Global Connection Summary Connection 2 | | ------------->| | Connection 3 | | ------------->| First |------------> ConnSummary | Level | (i.e, L-3/4 Protocol Connection 4 |Aggregation| Connection Summary) ------------->| | . | | . | |---------------> PolicyConnSummary Connection N | | (i.e, L-3/4 Policy Target based ------------->| | Protocol Connection Summary) +-----------+ +-----------+ L-3/4 Protocol | | Connection Summary | | ------------------>| |---------> AppConnSummary | | (i.e, L-7 Protocol | Second | Connection Summary) |---Level---| L-3/4 Policy Target |Aggregation| based Protocol | | Connection Summary | | ------------------>| |---------------> PolicyAppConnSummary | | (i.e, L-7 Policy Target based | | Protocol Connection Summary) +-----------+ Specifically, the object 'cufwConnGlobalNumAttempted' models the number of connections which are attempted to be set up through the firewall. This value is accumulated from the last reboot of the firewall. |
cufwConnGlobalNumSetupsAborted | 1.3.6.1.4.1.9.9.491.1.1.1.2 | counter64 | read-only |
The number of connection setup attempts that were aborted before the connection could proceed to completion. The counter includes setup attempts aborted by the firewall as well as those aborted by the initiator and/or the responder(s) of/to the connection setup attempt. Consequently, this value subsumes the values of objects 'cufwConnGlobalNumPolicyDeclined' and 'cufwConnGlobalNumResDeclined'. This value is accumulated from the last reboot of the firewall. |
cufwConnGlobalNumPolicyDeclined | 1.3.6.1.4.1.9.9.491.1.1.1.3 | counter64 | read-only |
The number of connections which were attempted to be setup but which were declined due to reasons of security policy. This includes the connections that failed authentication. This value is accumulated from the last reboot of the firewall. |
cufwConnGlobalNumResDeclined | 1.3.6.1.4.1.9.9.491.1.1.1.4 | counter64 | read-only |
The number of connections which were attempted to be setup but which were declined due to non-availability of required resources. This value is accumulated from the last reboot of the firewall. |
cufwConnGlobalNumHalfOpen | 1.3.6.1.4.1.9.9.491.1.1.1.5 | gauge32 | read-only |
The number of connections which are in the process of being setup but which have not yet reached the established state in the connection table. |
cufwConnGlobalNumActive | 1.3.6.1.4.1.9.9.491.1.1.1.6 | gauge32 | read-only |
The number of connections which are currently active. |
cufwConnGlobalNumExpired | 1.3.6.1.4.1.9.9.491.1.1.1.7 | counter64 | read-only |
The number of connections which were active but which were since normally terminated. This value is accumulated from the last reboot of the firewall. |
cufwConnGlobalNumAborted | 1.3.6.1.4.1.9.9.491.1.1.1.8 | counter64 | read-only |
The number of connections which were active but which were aborted by the firewall due to reasons of policy or resource rationing. This value is accumulated from the last reboot of the firewall. |
cufwConnGlobalNumEmbryonic | 1.3.6.1.4.1.9.9.491.1.1.1.9 | gauge32 | read-only |
The number of embryonic application layer connections (that is, connections in which the signaling channel has been established while the data channel is awaiting setup). This value is accumulated from the last reboot of the firewall. |
cufwConnGlobalConnSetupRate1 | 1.3.6.1.4.1.9.9.491.1.1.1.10 | gauge32 | read-only |
The averaged number of connections which the firewall establishing per second, averaged over the last 60 seconds. |
cufwConnGlobalConnSetupRate5 | 1.3.6.1.4.1.9.9.491.1.1.1.11 | gauge32 | read-only |
The averaged number of connections which the firewall establishing per second, averaged over the last 300 seconds. |
cufwConnGlobalNumRemoteAccess | 1.3.6.1.4.1.9.9.491.1.1.1.12 | gauge32 | read-only |
The number of active connections which correspond to remote access applications. Specifically, the protocol for which the connection is established must be one of PPP, PPTP, L2TP or remote access IPsec (IPsec connections employing extended authentication). This value is accumulated from the last reboot of the firewall. |
cuFwConnectionResources | 1.3.6.1.4.1.9.9.491.1.1.2 | |||
cufwConnResMemoryUsage | 1.3.6.1.4.1.9.9.491.1.1.2.1 | gauge32 | read-only |
The amount of memory occupied by all structures required to maintain the state of all connections which are either being established or are active. |
cufwConnResActiveConnMemoryUsage | 1.3.6.1.4.1.9.9.491.1.1.2.2 | gauge32 | read-only |
The amount of memory occupied by all structures required to maintain the state of all active connections. |
cufwConnResHOConnMemoryUsage | 1.3.6.1.4.1.9.9.491.1.1.2.3 | gauge32 | read-only |
The amount of memory occupied by all structures required to maintain the state of all half open connections. |
cufwConnResEmbrConnMemoryUsage | 1.3.6.1.4.1.9.9.491.1.1.2.4 | gauge32 | read-only |
The amount of memory occupied by all structures required to maintain the state of all embryonic connections. |
cuFwConnectionReportSettings | 1.3.6.1.4.1.9.9.491.1.1.3 | |||
cufwConnReptAppStats | 1.3.6.1.4.1.9.9.491.1.1.3.1 | truthvalue | read-write |
Setting this object to 'true' enables the MIB to report connection activity statistics pertaining to application protocols. If this object is set to 'false', the agent should stop updating the objects defined in this module pertaining to application protocols. Application monitoring could be a resource intensive operation. It is expected that the administrators would use this control to disable application monitoring when the performance of the firewall is degrading. |
cufwConnReptAppStatsLastChanged | 1.3.6.1.4.1.9.9.491.1.1.3.2 | timestamp | read-only |
The time at which the value of cufwConnReptAppStats was last changed. |
cuFwConnectionSummaryTables | 1.3.6.1.4.1.9.9.491.1.1.4 | |||
cufwConnSummaryTable | 1.3.6.1.4.1.9.9.491.1.1.4.1 | no-access |
This table summarizes the connection activity on the firewall per layer3-layer 4 protocol instance. Each entry in the table lists the connection summary of a distinct network protocol. For instance, the conceptual row corresponding to the index cufwConnProtocol = fwpTcp yields the summary of TCP connection activity on the firewall since its reboot. |
|
1.3.6.1.4.1.9.9.491.1.1.4.1.1 | no-access |
Each entry contains the summary of connection activity for a layer3-layer4 network protocol. |
||
cufwConnProtocol | 1.3.6.1.4.1.9.9.491.1.1.4.1.1.1 | cfwnetworkprotocol | no-access |
The (L3-L4) protocol for which this conceptual row summarizes the connection activity on the managed entity. |
cufwConnNumAttempted | 1.3.6.1.4.1.9.9.491.1.1.4.1.1.2 | counter64 | read-only |
The number of connections attempted since the last reboot of the firewall, corresponding to the protocol denoted by 'cufwConnProtocol'. This value is accumulated from the last reboot of the firewall. |
cufwConnNumSetupsAborted | 1.3.6.1.4.1.9.9.491.1.1.4.1.1.3 | counter64 | read-only |
The number of connection setup attempts, corresponding to the protocol denoted by 'cufwConnProtocol', that were aborted before the connection could proceed to completion. The counter includes setup attempts aborted by the firewall as well as those aborted by the initiator and/or the responder(s) of/to the connection setup attempt. Consequently, this value subsumes the values of objects 'cufwConnNumPolicyDeclined' and 'cufwConnNumResDeclined'. This value is accumulated from the last reboot of the firewall. |
cufwConnNumPolicyDeclined | 1.3.6.1.4.1.9.9.491.1.1.4.1.1.4 | counter64 | read-only |
The number of connection attempts that were declined due to security policy, corresponding to the protocol denoted by 'cufwConnProtocol'. This value is accumulated from the last reboot of the firewall. |
cufwConnNumResDeclined | 1.3.6.1.4.1.9.9.491.1.1.4.1.1.5 | counter64 | read-only |
The number of connection attempts that were declined due to resource unavailability, corresponding to the protocol denoted by 'cufwConnProtocol'. This value is accumulated from the last reboot of the firewall. |
cufwConnNumHalfOpen | 1.3.6.1.4.1.9.9.491.1.1.4.1.1.6 | gauge32 | read-only |
The number of connections that are currently in the process of being established, corresponding to the protocol denoted by 'cufwConnProtocol'. |
cufwConnNumActive | 1.3.6.1.4.1.9.9.491.1.1.4.1.1.7 | gauge32 | read-only |
The number of connections that are currently active, corresponding to the protocol denoted by 'cufwConnProtocol'. |
cufwConnNumAborted | 1.3.6.1.4.1.9.9.491.1.1.4.1.1.8 | counter64 | read-only |
The number of connections that were abnormally terminated after successful establishment, corresponding to the protocol denoted by 'cufwConnProtocol'. This value is accumulated from the last reboot of the firewall. |
cufwConnSetupRate1 | 1.3.6.1.4.1.9.9.491.1.1.4.1.1.9 | gauge32 | read-only |
The connection setup rate averaged over the last 60 seconds corresponding to the protocol denoted by 'cufwConnProtocol'. |
cufwConnSetupRate5 | 1.3.6.1.4.1.9.9.491.1.1.4.1.1.10 | gauge32 | read-only |
The connection setup rate averaged over the last 300 seconds corresponding to the protocol denoted by 'cufwConnProtocol'. |
cufwAppConnSummaryTable | 1.3.6.1.4.1.9.9.491.1.1.4.2 | no-access |
This table lists the summary of firewall connections pertaining to Layer 7 protocols, catalogued by distinct application protocols. Each entry in the table lists the connection summary corresponding to a distinct application protocol. For instance, to obtain the connection summary for SMTP on the firewall since the last reboot of the device, use the conceptual row corresponding to cufwAppConnProtocol = fwApSmtp |
|
1.3.6.1.4.1.9.9.491.1.1.4.2.1 | no-access |
Each entry contains the summary of connection activity for a distinct layer 7 protocol identified by the index element 'cufwAppConnProtocol'. |
||
cufwAppConnProtocol | 1.3.6.1.4.1.9.9.491.1.1.4.2.1.1 | cfwapplicationprotocol | no-access |
The layer7 protocol for which this conceptual row summarizes the connection activity for this firewall. |
cufwAppConnNumAttempted | 1.3.6.1.4.1.9.9.491.1.1.4.2.1.2 | counter64 | read-only |
The number of connections attempted since the last reboot of the firewall, corresponding to the protocol denoted by 'cufwAppConnProtocol'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats. |
cufwAppConnNumSetupsAborted | 1.3.6.1.4.1.9.9.491.1.1.4.2.1.3 | counter64 | read-only |
The number of connection setup attempts, corresponding to the protocol denoted by 'cufwAppConnProtocol', that were aborted before the connection could proceed to completion. The counter includes setup attempts aborted by the firewall as well as those aborted by the initiator and/or the responder(s) of/to the connection setup attempt. Consequently, this value subsumes the values of objects 'cufwAppConnNumPolicyDeclined' and 'cufwAppConnNumResDeclined'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats. |
cufwAppConnNumPolicyDeclined | 1.3.6.1.4.1.9.9.491.1.1.4.2.1.4 | counter64 | read-only |
The number of connection attempts that were declined due to security policy, corresponding to the protocol denoted by 'cufwAppConnProtocol'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats. |
cufwAppConnNumResDeclined | 1.3.6.1.4.1.9.9.491.1.1.4.2.1.5 | counter64 | read-only |
The number of connection attempts that were declined due to resource unavailability, corresponding to the protocol denoted by 'cufwAppConnProtocol'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats. |
cufwAppConnNumHalfOpen | 1.3.6.1.4.1.9.9.491.1.1.4.2.1.6 | gauge32 | read-only |
The number of connections that are currently in the process of being established, corresponding to the protocol denoted by 'cufwAppConnProtocol'. |
cufwAppConnNumActive | 1.3.6.1.4.1.9.9.491.1.1.4.2.1.7 | gauge32 | read-only |
The number of connections that are currently active, corresponding to the protocol denoted by 'cufwAppConnProtocol'. |
cufwAppConnNumAborted | 1.3.6.1.4.1.9.9.491.1.1.4.2.1.8 | counter64 | read-only |
The number of connections that were terminated by the firewall successful establishment, corresponding to the protocol denoted by 'cufwAppConnProtocol'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats. |
cufwAppConnSetupRate1 | 1.3.6.1.4.1.9.9.491.1.1.4.2.1.9 | gauge32 | read-only |
The connection setup rate averaged over the last 60 seconds corresponding to the protocol denoted by 'cufwAppConnProtocol'. |
cufwAppConnSetupRate5 | 1.3.6.1.4.1.9.9.491.1.1.4.2.1.10 | gauge32 | read-only |
The connection setup rate averaged over the last 300 seconds corresponding to the protocol denoted by 'cufwAppConnProtocol'. |
cufwPolicyConnSummaryTable | 1.3.6.1.4.1.9.9.491.1.1.4.3 | no-access |
This table lists the summary of firewall connections for layer3-layer 4 protocols catalogued on a per policy basis. Each entry in the table lists the connection summary of a distinct network protocol, configured on the specified policy on the firewall, and pertaining to a specified target to which the policy is currently applied. If a policy is bound to a target, it would have one or more entries in this table. If the policy is detached from the target, all entries corresponding to the association between the policy and the target are elminated from this table. Although the information is indexed by policy targets as well, one may aggregate the connection summary for a specific policy across all the target to which the policy is currently applied by setting cufwConnPolicyTargetType = 'targetAll' |
|
1.3.6.1.4.1.9.9.491.1.1.4.3.1 | no-access |
Each entry contains the summary of connection activity for a specific protocol in a specific policy applied to the specified policy target. |
||
cufwPolConnPolicy | 1.3.6.1.4.1.9.9.491.1.1.4.3.1.1 | cfwpolicy | no-access |
The identity of the firewall policy for which this conceptual row contains the connection activity summary. |
cufwPolConnPolicyTargetType | 1.3.6.1.4.1.9.9.491.1.1.4.3.1.2 | cfwpolicytargettype | no-access |
The type of the entity to which the firewall policy 'cufwPolConnPolicy' has been applied. This could be an interface type (most commonly), the type of another object or a group of objects defined in the firewall configuration. When this object is set to 'targetALL', the value of index object cufwConnPolicyTarget is ignored. |
cufwPolConnPolicyTarget | 1.3.6.1.4.1.9.9.491.1.1.4.3.1.3 | cfwpolicytarget | no-access |
The identity of the entity to which the firewall policy 'cufwPolConnPolicy' is applied. This could be an interface object (most commonly), another object or group of objects defined in the firewall configuration. |
cufwPolConnProtocol | 1.3.6.1.4.1.9.9.491.1.1.4.3.1.4 | cfwnetworkprotocol | no-access |
The (L3-L4) protocol corresponding to which this conceptual row summarizes the connection activity on the firewall. |
cufwPolConnNumAttempted | 1.3.6.1.4.1.9.9.491.1.1.4.3.1.5 | counter64 | read-only |
The number of connections attempted since the last reboot of the firewall, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'. |
cufwPolConnNumSetupsAborted | 1.3.6.1.4.1.9.9.491.1.1.4.3.1.6 | counter64 | read-only |
The number of connection setup attempts, corresponding to the protocol denoted by 'cufwPolConnProtocol', associated with the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget', that were aborted before the connection could proceed to completion. The counter includes setup attempts aborted by the firewall as well as those aborted by the initiator and/or the responder(s) of/to the connection setup attempt. Consequently, this value subsumes the values of objects 'cufwPolConnNumPolicyDeclined' and 'cufwPolConnNumResDeclined'. |
cufwPolConnNumPolicyDeclined | 1.3.6.1.4.1.9.9.491.1.1.4.3.1.7 | counter64 | read-only |
The number of connection attempts that were declined due to security policy, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'. |
cufwPolConnNumResDeclined | 1.3.6.1.4.1.9.9.491.1.1.4.3.1.8 | counter64 | read-only |
The number of connection attempts that were declined due to resource unavailability, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'. |
cufwPolConnNumHalfOpen | 1.3.6.1.4.1.9.9.491.1.1.4.3.1.9 | gauge32 | read-only |
The number of connections that are currently in the process of being established, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'. |
cufwPolConnNumActive | 1.3.6.1.4.1.9.9.491.1.1.4.3.1.10 | gauge32 | read-only |
The number of connections that are currently active, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'. |
cufwPolConnNumAborted | 1.3.6.1.4.1.9.9.491.1.1.4.3.1.11 | counter64 | read-only |
The number of connections that were abnormally terminated after successful establishment, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'. |
cufwPolicyAppConnSummaryTable | 1.3.6.1.4.1.9.9.491.1.1.4.4 | no-access |
This table lists the summary of firewall connections pertaining to Layer 7 protocols, catalogued on a per policy basis Each entry in the table lists the connection summary of a distinct application protocol, configured on the specified policy on the firewall, and pertaining to a specified target to which the policy has been applied. If a policy is bound to a target, it would have one or more entries in this table. If the policy is detached from the target, all entries corresponding to the association between the policy and the target are elminated from this table. Although the information is indexed by policy targets as well, one may aggregate the connection summary for a specific policy across all the target to which the policy is currently applied by setting cufwAppConnPolicyTargetType = 'targetALL' |
|
1.3.6.1.4.1.9.9.491.1.1.4.4.1 | no-access |
Each entry contains the summary of connection activity for a specific layer 7 protocol in a specific policy applied to the specified policy target. |
||
cufwPolAppConnPolicy | 1.3.6.1.4.1.9.9.491.1.1.4.4.1.1 | cfwpolicy | no-access |
The identity of the firewall policy for which this conceptual row contains the connection activity summary. |
cufwPolAppConnPolicyTargetType | 1.3.6.1.4.1.9.9.491.1.1.4.4.1.2 | cfwpolicytargettype | no-access |
The type of the entity to which the firewall policy 'cufwPolAppConnPolicy' has been applied. This could be an interface type (most commonly), the type of another object or a group of objects defined in the firewall configuration. When this object is set to 'targetALL', the value of index object cufwAppConnPolicyTarget is ignored. |
cufwPolAppConnPolicyTarget | 1.3.6.1.4.1.9.9.491.1.1.4.4.1.3 | cfwpolicytarget | no-access |
The identity of the entity to which the firewall policy 'cufwPolAppProtocol' refers. This could be an interface object (most commonly), another object or group of objects defined in the firewall configuration. |
cufwPolAppConnProtocol | 1.3.6.1.4.1.9.9.491.1.1.4.4.1.4 | cfwapplicationprotocol | no-access |
The layer7 protocol for which this conceptual row summarizes the connection activity for this firewall. |
cufwPolAppConnNumAttempted | 1.3.6.1.4.1.9.9.491.1.1.4.4.1.5 | counter64 | read-only |
The number of connections attempted since the last reboot of the firewall, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats. |
cufwPolAppConnNumSetupsAborted | 1.3.6.1.4.1.9.9.491.1.1.4.4.1.6 | counter64 | read-only |
The number of connection setup attempts, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', associated with the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget', that were aborted before the connections could proceed to completion. The counter includes setup attempts aborted by the firewall as well as those aborted by the initiator and/or the responder(s) of/to the connection setup attempt. Consequently, this value subsumes the values of objects 'cufwPolAppConnNumPolicyDeclined' and 'cufwPolAppConnNumResDeclined'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats. |
cufwPolAppConnNumPolicyDeclined | 1.3.6.1.4.1.9.9.491.1.1.4.4.1.7 | counter64 | read-only |
The number of connection attempts that were declined due to security policy, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats. |
cufwPolAppConnNumResDeclined | 1.3.6.1.4.1.9.9.491.1.1.4.4.1.8 | counter64 | read-only |
The number of connection attempts that were declined due to resource unavailability, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats. |
cufwPolAppConnNumHalfOpen | 1.3.6.1.4.1.9.9.491.1.1.4.4.1.9 | gauge32 | read-only |
The number of connections that are currently in the process of being established, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'. |
cufwPolAppConnNumActive | 1.3.6.1.4.1.9.9.491.1.1.4.4.1.10 | gauge32 | read-only |
The number of connections that are currently active, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'. |
cufwPolAppConnNumAborted | 1.3.6.1.4.1.9.9.491.1.1.4.4.1.11 | counter64 | read-only |
The number of connections that were abnormally terminated after successful establishment, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'. |
cuFwApplInspectionGrp | 1.3.6.1.4.1.9.9.491.1.2 | |||
cufwAIAuditTrailEnabled | 1.3.6.1.4.1.9.9.491.1.2.1 | truthvalue | read-write |
The value identifies if audit trail in application inspection has been globally enabled or disabled. |
cufwAIAlertEnabled | 1.3.6.1.4.1.9.9.491.1.2.2 | truthvalue | read-write |
The value identifies if application inspection alerts have been globally enabled or disabled. |
cufwInspectionTable | 1.3.6.1.4.1.9.9.491.1.2.3 | no-access |
This table identifies if an application protocol has been configured for inspection and if so, the name of the firewall policy or the inspection configuration that configures the specified protocol for inspection. The table also identifies if the specified protocol is actively being inspected. This table may be used by an administrator to quickly identify if a protocol is being subjected to application inspection by the managed firewall. |
|
1.3.6.1.4.1.9.9.491.1.2.3.1 | no-access |
Each entry contains the configuration of a specific application inspection element. |
||
cufwInspectionPolicyName | 1.3.6.1.4.1.9.9.491.1.2.3.1.1 | cfwpolicy | no-access |
The name of the policy that configures the device inspect the protocol specified by 'cufwInspectionProtocol'. |
cufwInspectionProtocol | 1.3.6.1.4.1.9.9.491.1.2.3.1.2 | cfwapplicationprotocol | no-access |
The application protocol that is configured for inspection. |
cufwInspectionStatus | 1.3.6.1.4.1.9.9.491.1.2.3.1.3 | truthvalue | read-only |
This MIB object identifies if the directive to inspect the protocol specified by 'cufwInspectionProtocol' by the policy corresponding to this conceptual row is enabled or disabled. |
cuFwUrlFilterGrp | 1.3.6.1.4.1.9.9.491.1.3 | |||
cufwUrlFilterGlobals | 1.3.6.1.4.1.9.9.491.1.3.1 | |||
cufwUrlfFunctionEnabled | 1.3.6.1.4.1.9.9.491.1.3.1.1 | truthvalue | read-write |
URL Filtering Operation _________ 2.2 Request | | |---------->| Server | | | | _________ __|_ |_________| | |<--(5. Response )---| | 3. Response | | | | |<-------------| | Client |---(1. Request )--->|FW | |_________| |____|<--------------| | 4. URLF Resp ____|______ | | | |------------>|URLF Server| 2.1 URLF Req |___________| 1) Client sends a Request containing a URL to the Server 2.1) FW extracts the URL from the Request and sends it to URL Filtering Server (or Verifies the URL locally) 2.2) FW also forwards the original Request from the Client to the Server 3) Any Responses from the Server received before receiving a response from URLF Server are cached by the FW 4) URLF Response indicates whether the URL access should be allowed or denied 5) If the URLF Response allows the URL, FW forwards the URL Access responses from the Server to the Client 6) If the URLF Response indicates that the URL access should be denied, FW drops all the cached URL responses and forces the connection between the Client and the Server to be terminated Specifically, the object cufwUrlfFunctionEnabled indicates if the URL filtering function is enabled. When this MIB object contains the value 'false', the firewall device will not perform URL filtering function, even if it contains configuration pertaining to other aspects of URL filtering. |
cufwUrlfRequestsNumProcessed | 1.3.6.1.4.1.9.9.491.1.3.1.2 | counter64 | read-only |
The number of URL access requests processed by this firewall. This value is accumulated from the last reboot of the firewall. |
cufwUrlfRequestsProcRate1 | 1.3.6.1.4.1.9.9.491.1.3.1.3 | gauge32 | read-only |
The number of URL access requests processed per seconds by this firewall averaged over the last 60 seconds. |
cufwUrlfRequestsProcRate5 | 1.3.6.1.4.1.9.9.491.1.3.1.4 | gauge32 | read-only |
The number of URL access requests processed per second by this firewall averaged over the last 300 seconds. |
cufwUrlfRequestsNumAllowed | 1.3.6.1.4.1.9.9.491.1.3.1.5 | counter64 | read-only |
The number of URL access requests allowed by this firewall, due to a directive from a URL filtering server or a static policy configured on the firewall. This value is accumulated from the last reboot of the firewall. |
cufwUrlfRequestsNumDenied | 1.3.6.1.4.1.9.9.491.1.3.1.6 | counter64 | read-only |
The number of URL access requests declined by this firewall, due to a directive from a URL filtering server, a static policy configured on the firewall, due to resource constraints or any other reason. This value is accumulated from the last reboot of the firewall. |
cufwUrlfRequestsDeniedRate1 | 1.3.6.1.4.1.9.9.491.1.3.1.7 | gauge32 | read-only |
The rate at which URL access requests were denied by this firewall, due to a directive from a URL filtering server, a static policy configured on the firewall, due to resource constraints or any other reason, averaged over the last 60 seconds. |
cufwUrlfRequestsDeniedRate5 | 1.3.6.1.4.1.9.9.491.1.3.1.8 | gauge32 | read-only |
The rate at which URL access requests were denied by this firewall, due to a directive from a URL filtering server, a static policy configured on the firewall, due to resource constraints or any other reason, averaged over the last 300 seconds. |
cufwUrlfRequestsNumCacheAllowed | 1.3.6.1.4.1.9.9.491.1.3.1.9 | counter64 | read-only |
The number of URL access requests allowed by the firewall because of a cached entry holding the result from a previous URL access request that was handled either by a URLF Server or exclusive domain configuration. This value is accumulated from the last reboot of the firewall. |
cufwUrlfRequestsNumCacheDenied | 1.3.6.1.4.1.9.9.491.1.3.1.10 | counter64 | read-only |
The number of URL access requests denied by the firewall because of a cached entry holding the result from a previous URL access request that was handled either by a URLF Server or exclusive domain configuration. This value is accumulated from the last reboot of the firewall. |
cufwUrlfAllowModeReqNumAllowed | 1.3.6.1.4.1.9.9.491.1.3.1.11 | counter64 | read-only |
The number of URL access requests that were allowed by the firewall when the URL filtering server was not available. This value is accumulated from the last reboot of the firewall. |
cufwUrlfAllowModeReqNumDenied | 1.3.6.1.4.1.9.9.491.1.3.1.12 | counter64 | read-only |
The number of URL access requests that were declined by the firewall when the URL filtering server was not available. This value is accumulated from the last reboot of the firewall. |
cufwUrlfRequestsNumResDropped | 1.3.6.1.4.1.9.9.491.1.3.1.13 | counter64 | read-only |
The number of incoming URL access requests that were dropped by the firewall because of resource constraints. This value is accumulated from the last reboot of the firewall. |
cufwUrlfRequestsResDropRate1 | 1.3.6.1.4.1.9.9.491.1.3.1.14 | gauge32 | read-only |
The rate at which incoming URL access requests were dropped by the firewall because of resource constraints, averaged over the last 60 seconds. |
cufwUrlfRequestsResDropRate5 | 1.3.6.1.4.1.9.9.491.1.3.1.15 | gauge32 | read-only |
The rate at which incoming URL access requests were dropped by the firewall because of resource constraints, averaged over the last 300 seconds. |
cufwUrlfNumServerTimeouts | 1.3.6.1.4.1.9.9.491.1.3.1.16 | counter64 | read-only |
The number of times the firewall failed to receive a response from the configured URL filtering servers for a request to authorize a URL access request. This is equal to the number of times a firewall removed a URL access request from the queue of pending requests because no response was received from the URL filtering server(s). This value is accumulated from the last reboot of the firewall. |
cufwUrlfNumServerRetries | 1.3.6.1.4.1.9.9.491.1.3.1.17 | counter64 | read-only |
The number of URL access authorization requests re-sent by the firewall to the URL Filtering Servers because a response was not received within the configured time interval. This value is accumulated from the last reboot of the firewall. |
cufwUrlfResponsesNumLate | 1.3.6.1.4.1.9.9.491.1.3.1.18 | counter64 | read-only |
The number of responses from URL filtering servers which were received after the original URL access request was removed from the queue of pending requests. This value is accumulated from the last reboot of the firewall. |
cufwUrlfUrlAccRespsNumResDropped | 1.3.6.1.4.1.9.9.491.1.3.1.19 | counter64 | read-only |
The number of transport packets constituting responses to URL access requests that were dropped by the firewall due to resource constraints waiting for a response from the filtering server. This value is accumulated from the last reboot of the firewall. |
cufwUrlFilterResourceUsage | 1.3.6.1.4.1.9.9.491.1.3.2 | |||
cufwUrlfResTotalRequestCacheSize | 1.3.6.1.4.1.9.9.491.1.3.2.1 | gauge32 | read-only |
The amount of memory occupied by all the caches used in the firewall to cache pending URL access requests. |
cufwUrlfResTotalRespCacheSize | 1.3.6.1.4.1.9.9.491.1.3.2.2 | gauge32 | read-only |
The amount of memory occupied by all the caches used in the firewall to cache responses for URL requests received from servers while awaiting a response from URL filter server. |
cufwUrlFilterServers | 1.3.6.1.4.1.9.9.491.1.3.3 | |||
cufwUrlfServerTable | 1.3.6.1.4.1.9.9.491.1.3.3.1 | no-access |
This table lists the URL filtering servers configured on the managed device and their performance statistics. This table is not meant as a device to configure URL filtering servers. |
|
1.3.6.1.4.1.9.9.491.1.3.3.1.1 | no-access |
Each entry contains the configuration of a specific URL filtering server. |
||
cufwUrlfServerAddrType | 1.3.6.1.4.1.9.9.491.1.3.3.1.1.1 | inetaddresstype | no-access |
The type of the IP address of the URL filtering server. |
cufwUrlfServerAddress | 1.3.6.1.4.1.9.9.491.1.3.3.1.1.2 | inetaddress | no-access |
The value of the IP address of the URL filtering server. |
cufwUrlfServerPort | 1.3.6.1.4.1.9.9.491.1.3.3.1.1.3 | inetportnumber | no-access |
The value of the port at which the URL filtering server listens for incoming requests. |
cufwUrlfServerVendor | 1.3.6.1.4.1.9.9.491.1.3.3.1.1.4 | cfwurlfvendorid | read-only |
The vendor type of the URL filtering server. |
cufwUrlfServerStatus | 1.3.6.1.4.1.9.9.491.1.3.3.1.1.5 | cfwurlserverstatus | read-only |
The status of the URL filtering server corresponding to this conceptual row. |
cufwUrlfServerReqsNumProcessed | 1.3.6.1.4.1.9.9.491.1.3.3.1.1.6 | counter64 | read-only |
The number of URL access requests forwarded by the managed firewall device to the URL filtering server corresponding to this conceptual row. This value is counted from the last reboot of the managed device. |
cufwUrlfServerReqsNumAllowed | 1.3.6.1.4.1.9.9.491.1.3.3.1.1.7 | counter64 | read-only |
The number of URL access requests allowed by the URL filtering server corresponding to this conceptual row. This counter does not include late responses. This value is counted from the last reboot of the managed device. |
cufwUrlfServerReqsNumDenied | 1.3.6.1.4.1.9.9.491.1.3.3.1.1.8 | counter64 | read-only |
The number of URL access requests denied by the URL filtering server corresponding to this conceptual row. This counter does not include late responses. This value is counted from the last reboot of the managed device. |
cufwUrlfServerNumTimeouts | 1.3.6.1.4.1.9.9.491.1.3.3.1.1.9 | counter64 | read-only |
The number of times the firewall failed to receive a response from the URL filtering server corresponding to this conceptual row, for a request to authorize a URL access request. This is equal to the number of times a firewall removed a URL access request from the queue of pending requests because no response was received from the URL filtering server. This value is accumulated from the last reboot of the firewall. |
cufwUrlfServerNumRetries | 1.3.6.1.4.1.9.9.491.1.3.3.1.1.10 | counter64 | read-only |
The number of URL access authorization requests re-sent by the firewall to the URL Filtering Server corresponding to this conceptual row, because a response was not received within the configured time interval from the server. This value is counted from the last reboot of the managed device. |
cufwUrlfServerRespsNumReceived | 1.3.6.1.4.1.9.9.491.1.3.3.1.1.11 | counter64 | read-only |
The number of URL access responses received by the firewall from the URL filtering server corresponding to this conceptual row. This counter does not include late responses. This value is counted from the last reboot of the managed device. |
cufwUrlfServerRespsNumLate | 1.3.6.1.4.1.9.9.491.1.3.3.1.1.12 | counter64 | read-only |
The number of URL access responses received by the managed firewall from the URL filtering server corresponding to this conceptual row after the original URL access request was removed from the queue of pending requests. This value is counted from the last reboot of the managed device. |
cufwUrlfServerAvgRespTime1 | 1.3.6.1.4.1.9.9.491.1.3.3.1.1.13 | gauge32 | read-only |
The average round-trip response time of the URL filtering server computed over the last 60 seconds. A value of zero indicates that there was insufficient data to compute this value over the last time interval. |
cufwUrlfServerAvgRespTime5 | 1.3.6.1.4.1.9.9.491.1.3.3.1.1.14 | gauge32 | read-only |
The average round-trip response time of the URL filtering server computed over the last 300 seconds. A value of zero indicates that there was insufficient data to compute this value over the last time interval. |
cuFwFailoverGrp | 1.3.6.1.4.1.9.9.491.1.4 | |||
cuFwAaicGrp | 1.3.6.1.4.1.9.9.491.1.5 | |||
cufwAaicGlobals | 1.3.6.1.4.1.9.9.491.1.5.1 | |||
cufwAaicGlobalNumBadProtocolOps | 1.3.6.1.4.1.9.9.491.1.5.1.1 | counter64 | read-only |
'Protocol Operation' is the application protocol specific operation that the PDU is intended to perform. An example of 'protocol operation' is the HELO command of SMTP protocol. This MIB object records the number of application protocol data units that contained a protocol operation which was disallowed by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of application traffic payloads. This value is accumulated from the last reboot of the firewall. |
cufwAaicGlobalNumBadPDUSize | 1.3.6.1.4.1.9.9.491.1.5.1.2 | counter64 | read-only |
This MIB object records the number of application protocol data units (PDU) that had either an invalid header size or an invalid payload size, as determined by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of application traffic payloads. This value is accumulated from the last reboot of the firewall. |
cufwAaicGlobalNumBadPortRange | 1.3.6.1.4.1.9.9.491.1.5.1.3 | counter64 | read-only |
Number of application protocol units that attempted to advertise illegal port ranges for secondary connections. An example of such an occurrence would be a passive FTP connection, where the server advertises a disallowed port range for data connection. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of application traffic payloads. This value is accumulated from the last reboot of the firewall. |
cufwAaicProtocolStats | 1.3.6.1.4.1.9.9.491.1.5.2 | |||
cufwAaicHttpProtocolStats | 1.3.6.1.4.1.9.9.491.1.5.2.1 | |||
cufwAaicHttpNumBadProtocolOps | 1.3.6.1.4.1.9.9.491.1.5.2.1.1 | counter64 | read-only |
The number of PDUs corresponding to HTTP protocol which were detected to be containing HTTP protocol methods which are disallowed by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall. |
cufwAaicHttpNumBadPDUSize | 1.3.6.1.4.1.9.9.491.1.5.2.1.2 | counter64 | read-only |
The number of PDUs corresponding to HTTP protocol that had either an invalid header size or an invalid payload size, as determined by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall. |
cufwAaicHttpNumTunneledConns | 1.3.6.1.4.1.9.9.491.1.5.2.1.3 | counter64 | read-only |
The number of connections corresponding to HTTP protocol which were detected to be tunneling other application traffic streams. An instance of this would be InstantMessenger traffic running on HTTP. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall. |
cufwAaicHttpNumLargeURIs | 1.3.6.1.4.1.9.9.491.1.5.2.1.4 | counter64 | read-only |
The number of PDUs corresponding to HTTP protocol which were detected to be containing a URI of size not permitted by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall. |
cufwAaicHttpNumBadContent | 1.3.6.1.4.1.9.9.491.1.5.2.1.5 | counter64 | read-only |
The number of PDUs corresponding to HTTP protocol which were detected to be containing content whose type disallowed by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall. |
cufwAaicHttpNumMismatchContent | 1.3.6.1.4.1.9.9.491.1.5.2.1.6 | counter64 | read-only |
The number of PDUs corresponding to HTTP protocol which were detected to be containing content whose type was different from the content type specified in the header of the PDU. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall. |
cufwAaicHttpNumDoubleEncodedPkts | 1.3.6.1.4.1.9.9.491.1.5.2.1.7 | counter64 | read-only |
The number of PDUs corresponding to HTTP protocol which were detected to be containing double encoding. Double encoding is a mechanism to obfuscate content in which a encoded data is re-encoded so as to evade deep packet inspections. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall. |
cuFwL2FwGrp | 1.3.6.1.4.1.9.9.491.1.6 | |||
cufwL2FwGlobals | 1.3.6.1.4.1.9.9.491.1.6.1 | |||
cufwL2GlobalEnableStealthMode | 1.3.6.1.4.1.9.9.491.1.6.1.1 | truthvalue | read-only |
The value indicates if the firewall is operating in transparent (layer 2) mode or not. When operating in transparent mode, the firewall operates as a bridge while performing firewalling functions. |
cufwL2GlobalArpCacheSize | 1.3.6.1.4.1.9.9.491.1.6.1.2 | integer32 | read-only |
The value indicates the configured maximum size of the ARP cache used for management traffic. |
cufwL2GlobalEnableArpInspection | 1.3.6.1.4.1.9.9.491.1.6.1.3 | truthvalue | read-write |
The value indicates if ARP inspection, which is a security feature, is enabled globally on the managed firewall. |
cufwL2GlobalNumArpRequests | 1.3.6.1.4.1.9.9.491.1.6.1.5 | counter64 | read-only |
The number of ARP requests issued by the transparent firewall to resolve a destination IP address. This counter is accumulated since the last reboot of the firewall. |
cufwL2GlobalNumIcmpRequests | 1.3.6.1.4.1.9.9.491.1.6.1.6 | counter64 | read-only |
The number of ICMP traceroute requests issued by the transparent firewall to resolve a destination IP address. This counter is accumulated since the last reboot of the firewall. |
cufwL2GlobalNumFloods | 1.3.6.1.4.1.9.9.491.1.6.1.7 | counter64 | read-only |
The number of times the firewall floods a frame to be forwarded to the egress interfaces because the destination MAC address is missing in the bridge table. This counter is accumulated since the last reboot of the firewall. |
cufwL2GlobalNumDrops | 1.3.6.1.4.1.9.9.491.1.6.1.8 | counter64 | read-only |
The number of times the firewall dropped an incoming frame because the destination MAC address is missing in the bridge table. This counter is accumulated since the last reboot of the firewall. |
cufwL2GlobalArpOverflowRate5 | 1.3.6.1.4.1.9.9.491.1.6.1.9 | gauge32 | read-only |
The number of times an existing entry from the ARP cache had to be ejected in order to insert a new entry in the last 300 seconds. This counter is accumulated since the last reboot of the firewall. |
cufwL2GlobalNumBadArpResponses | 1.3.6.1.4.1.9.9.491.1.6.1.10 | counter64 | read-only |
The number of malformed ARP responses received by the firewall in trying to resolve the MAC address of the destination IP address in an incoming frame. This counter is accumulated since the last reboot of the firewall. |
cufwL2GlobalNumSpoofedArpResps | 1.3.6.1.4.1.9.9.491.1.6.1.11 | counter64 | read-only |
The number of spoofed ARP responses received by the firewall. Such an event would occur when the firewall encounters an ARP response mapping an IP address to a different MAC Address from the one present in the local ARP cache. This counter is accumulated since the last reboot of the firewall. |
cuFwNotifCntlGrp | 1.3.6.1.4.1.9.9.491.1.7 | |||
cufwCntlUrlfServerStatusChange | 1.3.6.1.4.1.9.9.491.1.7.1 | truthvalue | read-write |
This object defines the administrative state of sending the SNMP notification to signal the election of a new primary URL filtering server by this firewall. Such a change could occur either as a result of the current primary server becoming unavailable or as a result of explicit management action in nominating a filtering server the primary server. |
cufwCntlL2StaticMacAddressMoved | 1.3.6.1.4.1.9.9.491.1.7.2 | truthvalue | read-write |
This object defines the administrative state of sending the SNMP notification to signal the move of a statically configured MAC address to a new port. Such a change could occur either as a result of physical move of the device with the MAC Address to the new port or due to MAC address spoofing. |
ciscoUnifiedFirewallMIBConform | 1.3.6.1.4.1.9.9.491.2 | |||
ciscoUniFirewallMIBCompliances | 1.3.6.1.4.1.9.9.491.2.1 | |||
ciscoUniFirewallMIBCompliance | 1.3.6.1.4.1.9.9.491.2.1.1 |
The compliance statement for SNMP entities the Cisco Firewall MIB. |
||
ciscoUniFirewallMIBGroups | 1.3.6.1.4.1.9.9.491.2.2 | |||
ciscoFwConnectionGroup | 1.3.6.1.4.1.9.9.491.2.2.1 |
This group contains the MIB objects required to instrument the firewall stateful connection activity. |
||
ciscoFwConnResourceUsageGroup | 1.3.6.1.4.1.9.9.491.2.2.2 |
This group contains the MIB objects required to instrument the resource usage of the stateful packet filtering feature of the managed firewall. |
||
ciscoFwPolicyConnectionGroup | 1.3.6.1.4.1.9.9.491.2.2.3 |
This group contains the MIB objects required to instrument policy based summary of firewall connection activity. |
||
ciscoFwApplInspectionGroup | 1.3.6.1.4.1.9.9.491.2.2.4 |
This group contains the MIB objects required to instrument the firewall Application Inspection function. |
||
ciscoFwUrlFilterGroup | 1.3.6.1.4.1.9.9.491.2.2.5 |
This group contains the MIB objects required to instrument the firewall URL filtering function. |
||
ciscoFwUrlFilterResourceGroup | 1.3.6.1.4.1.9.9.491.2.2.6 |
This group contains the MIB objects required to instrument the resource usage of the URL filtering feature of the managed firewall. |
||
ciscoFwTransparentFwGroup | 1.3.6.1.4.1.9.9.491.2.2.7 |
This group contains the MIB objects required to instrument the transparent mode (or layer 2) operation of a firewall. |
||
ciscoFwNotificationsGroup | 1.3.6.1.4.1.9.9.491.2.2.8 |
This group contains notifications defined in the Cisco Firewall MIB pertaining to basic firewall operations. Presently, the list include a notification pertaining to URL filtering alone. |
||
ciscoFwTransparentNotifGroup | 1.3.6.1.4.1.9.9.491.2.2.9 |
This group contains the notifications that signal security critical events pertaining to the transparent mode operation of the firewall. |
||
ciscoFwBasicAaicGroup | 1.3.6.1.4.1.9.9.491.2.2.10 |
This group contains the MIB objects required to instrument the basic elements of Advanced Application Inspection and Control (AAIC). |
||
ciscoFwAaicHttpGroup | 1.3.6.1.4.1.9.9.491.2.2.11 |
This group defines statistics pertaining to deep packet inspection of HTTP payloads. A firewall that implements this group must implement the group 'ciscoFwBasicAaicGroup'. |
||
ciscoFwMibReportingControlGroup | 1.3.6.1.4.1.9.9.491.2.2.12 |
This group contains the MIB objects that allow the administrator to control the granularity of objects reported by the agent. |