ENTERASYS-FIREWALL-MIB: View SNMP OID List / Download MIB

This MIB module defines a portion of the SNMP MIB under the Enterasys Networks enterprise OID pertaining to the configuration, policy, and monitoring of firewall network devices.

The current state of the firewall is returned when this value is read. Setting the value to true causes the firewall to start inspecting packets. Setting the value to false causes the firewall to stop inspecting packets. The value read could be different than the last value set if the state is changed by a means other than this MIB.

Firewalls can perform stateful inspection of TCP sessions. TCP sessions are created and deleted by monitoring TCP SYNC/ACK/FIN flags. Inactivity for the period specified by this object will delete the TCP session.

Firewalls can perform stateful inspection of UDP sessions. UDP sessions are created on the first outbound UDP packet. Inactivity for the period specified by this object will delete the UDP session.

ICMP sessions are created on an outbound ICMP echo request. Inactivity for the period specified by this object will delete the ICMP session.

Firewalls can be configured to only allow packets from IP addresses that have been authenticated. An authenticated IP address will need to re-authenticate if there is no traffic from that address for the period specified by this object.

Firewalls can be configured to only allow packets from IP addresses that have been authenticated. This object specifies the port on which the firewall listens for authentication requests.

The threshold for firewall event logging. Events with severity equal to or less than the value specified will be logged. The value corresponds to syslog severity levels as defined in RFC3164.

The idle session timeout on packet inspection for Remote Procedure Call (RPC) -based applications. This Application Level Gateway (ALG) supports two types of RPCs - SUN (used by most UNIX systems) and Microsoft. If the RPC-based session is idle for the specified period, it will be shutdown.

The idle session timeout on packet inspection for Remote Procedure Call (RPC) -based applications. This Application Level Gateway (ALG) supports two types of RPCs - SUN (used by most UNIX systems) and Microsoft. If the RPC-based session is idle for the specified period, it will be shutdown.

The sysUpTime at which the etsysFWFirewallOnIntfTable was last modified.

This table defines the state of the firewall on individual interfaces. The firewall may be enabled or disabled for each interface on the device. The effective state of the firewall depends on the setting of etsysFWFirewallEnabled. | | interface etsysFWFirewallEnabled | etsysFWFirewallOnIntfEnabled | effective | | state ----------------------------------------------------------------- true true enabled true false disabled false true disabled false false disabled If an interface is not represented in this table, then its effective state is determined by etsysFWFirewallEnabled. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWFirewallOnIntfStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWFirewallOnIntfStorageType value could allow the row to be modified or deleted.

A row defining whether firewall is enabled for a particular interface.

The current state of the firewall is returned when this value is read. This setting is only effective when etsysFWFirewallEnabled is true. Setting the value to true causes the firewall to start inspecting packets, if etsysFWFirewallEnabled is true. Setting the value to false causes the firewall to stop inspecting packets, if etsysFWFirewallEnabled is true.

The storage type for this row.

The status of this conceptual row. The value of this object has no effect on whether other objects in this conceptual row can be modified.

The sysUpTime at which the etsysFWFirewallIntfFilterTable was last modified.

This table defines the IP filters applied to individual interfaces. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWFirewallIntfFilterStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWFirewallIntfFilterStorageType value could allow the row to be modified or deleted.

A row defining the IP filters applied to individual interfaces.

The type of IP filter that applies on a particular interface. ipBroadcast - This filter type allows incoming/outgoing IP packets through the firewall with 255.255.255.255 set as the destination address. It enables broadcast protocols such as DHCP to traverse the firewall. ipMulticast - This filter type allows incoming/outgoing IP packets with a multicast destination address through the firewall. It enables multicast protocols such as RIP and OSPF to traverse the firewall. ipOptionAll - All IP options allowed. ipOptionOther - Any IP option other than those explicitly supported by the command. ipOptionLooseSourceRoute - Requests routing that includes the specified routers. This routing path includes a sequence of IP addresses a datagram must follow to its destination but allows multiple network hops between successive addresses on the list. ipOptionRecordRoute - Traces a route. It allows the source to create an empty list of IP addresses and arrange for each router that router that handles a datagram to add its IP address to the list. When a datagram arrives, the destination device can extract and and process the list of addresses. ipOptionStrictSourceRoute - Specifies an exact route through the Internet. This routing path includes a sequence of IP addresses a datagram must follow, hop by hop, from its source to destination. The path between two successive addresses in the list must consist of a single physical network. ipOptionTimeStamp - Records timestamps along a route. It is similar to the record route option in that every router from source to destination adds its IP address, and a timestamp, to the list. The timestamp notes the time and date a router handled the datagram, expressed in milliseconds since midnight, Universal Time. Enumeration: 'ipOptionOther': 4, 'ipMulticast': 2, 'ipOptionRecordRoute': 6, 'ipOptionAll': 3, 'ipOptionStrictSourceRoute': 7, 'ipOptionTimeStamp': 8, 'ipBroadcast': 1, 'ipOptionLooseSourceRoute': 5.

The direction which the filter is applied. none - Denies the packet that matched the filter type. in - Allows the packet that matched the filter type to enter the interface. out - Allows the packet that matched the filter type to exit the interface. both - Allows the packet that matched the filter type to enter and exit the interface. Enumeration: 'both': 4, 'none': 1, 'out': 3, 'in': 2.

The storage type for this row.

The status of this conceptual row. The value of this object has no effect on whether other objects in this conceptual row can be modified.

The name of the policy group containing the global system policy. The value of etsysFWSystemPolicyGroupName should be used as an index into the etsysFWGroupPolicyTable to determine the list of rules that MUST be applied to the system. A zero length string indicates no system wide policy exists, and the default policy of 'allow' should be executed until one is imposed by either this object or by the interface processing the packet. Since policy group names are unique, the etsysFWSystemPolicyGroupName MUST NOT be equal to any etsysFWIntfToGroupName objects.

The sysUpTime at which the etsysFWIntfToGroupTable was last modified.

This table defines the group of firewall rules applied to individual interfaces. Rules for this group will be applied in the etsysFWGroupPolicyTable. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWIntfToGroupStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWIntfToGroupStorageType value could allow the row to be modified or deleted.

A row defining the group name for a particular interface.

Defines the direction of the packets to inspect, incoming (ingress), or outgoing (egress). Enumeration: 'ingress': 1, 'egress': 2.

The group name for this interface. The value of etsysFWIntfToGroupName should be used as index into the etsysFWGroupPolicyTable to determine the list of rules that MUST be applied to this interface. Since policy group names are unique, the etsysFWIntfToGroupName MUST NOT be equal to the etsysFWSystemPolicyGroupName object.

The storage type for this row.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified.

The sysUpTime at which the etsysFWGroupPolicyTable was last modified.

This table defines the firewall rules applied to groups. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWGroupPolicyStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWGroupPolicyStorageType value could allow the row to be modified or deleted.

A row defining a particular group policy rule and its priority.

The name of the group. These names should be either the etsysFWSystemPolicyGroupName or the etsysFWIntfToGroupName from the etsysFWIntfToGroupTable.

An etsysFWPolicyRuleDefName from the etsysFWPolicyRuleDefTable.

The priority of rule in the group. The firewall applies the rules from the lowest to the highest priority. Priority can only be in the range of 0 to the maximum number of policyRuleDef in the group + 1. i.e. If there are 5 policies in the group. The maximum priority the user can create is 6.

The storage type for this row.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified.

The maximum number of entries allowed in the etsysFWPolicyRuleDefTable.

The current number of entries in the etsysFWPolicyRuleDefTable.

The sysUpTime at which the etsysFWPolicyRuleDefTable was last modified.

This table defines a policy rule by associating a network objects with a filter or a set of filters and an action to take when the filter is true. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWPolicyRuleDefStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWPolicyRuleDefStorageType value could allow the row to be modified or deleted.

A row defining a particular policy definition. A rule definition binds a filter pointer to an action.

etsysFWPolicyRuleDefName is the administratively assigned name of the policy rule.

If the source address of the packet is in the set of addresses defined by the network object pointed to by etsysFWPolicyRuleDefSrcNetwork and the destination address is in the set of addresses defined by the network object pointed to by etsysFWPolicyRuleDefDstNetwork, the firewall will evaluate the etsysFWPolicyRuleDefFilter for the packet. This MIB defines the following tables which may be pointed to by this column. Implementations may choose to provide support for other network tables or scalars as well: etsysFWNetworkGroupTable etsysFWNetworkTable If this column is set to a VariablePointer value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the VariablePointer is not supported at all, then an inconsistentValue exception should be returned.

If the source address of the packet is in the set of addresses defined by the network object pointed to by etsysFWPolicyRuleDefSrcNetwork and the destination address is in the set of addresses defined by the network object pointed to by etsysFWPolicyRuleDefDstNetwork, the firewall will evaluate the etsysFWPolicyRuleDefFilter for the packet. This MIB defines the following tables which may be pointed to by this column. Implementations may choose to provide support for other network tables or scalars as well: etsysFWNetworkGroupTable etsysFWNetworkTable If this column is set to a VariablePointer value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the VariablePointer is not supported at all, then an inconsistentValue exception should be returned.

A policy may be specified as bidirectional to mean that it also operates with the etsysFWPolicyRuleDefSrcNetwork and etsysFWPolicyRuleDefDstNetwork reversed. If this column is false, the policy operates only in the direction defined by etsysFWPolicyRuleDefSrcNetwork and etsysFWPolicyRuleDefDstNetwork.

etsysFWPolicyRuleDefFilter points to a filter which is used to evaluate whether the action associated with this row should be fired or not. The action will only fire if the filter referenced by this object evaluates to true. This MIB defines the following tables which may be pointed to by this column. Implementations may choose to provide support for other filter tables or scalars as well: etsysFWIpHeaderFilterTable etsysFWIpOptionsFilterTable If this column is set to a VariablePointer value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the VariablePointer is not supported at all, then an inconsistentValue exception should be returned.

The authentication group name to use.

The action to take when the filter is true. allow: the packet should be allowed drop: the packet should be dropped allowAuth: the packet is allowed if the source address has been authenticated to the group. Enumeration: 'allowAuth': 2, 'drop': 3, 'allow': 1.

When the filter is true, log the activity of this rule.

The storage type for this row.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This object SHOULD NOT be set to active until the containing networks and filters have been defined. Once active, it MUST remain active until no etsysFWGroupPolicyRuleDef entries are referencing it.

The maximum number of entries allowed in the etsysFWNetworkGroupTable.

The current number of entries in the etsysFWNetworkGroupTable.

The sysUpTime at which the etsysFWNetworkGroupTable was last modified.

A table defining a group of network objects from the etsysFWNetworkTable or a network group in etsysFWNetworkGroupTable. The networks contained in the group are defined in the etsysFWNetwkInNetGrpTable. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWNetworkGroupStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWNetworkGroupStorageType value could allow the row to be modified or deleted.

An entry in the etsysFWNetworkGroupTable.

The administratively assigned name of the network group.

The storage type for this row.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. Once active, it MAY NOT have its value changed if any active rows in the etsysFWNetwkInNetGrpTable or the etsysFWFilterDefTable are currently pointing at this row.

The maximum number of networks allowed in a network group.

The sysUpTime at which the etsysFWNetwkInNetGrpTable was last modified.

A table defining the networks in a network group. All etsysFWNetwkInNetGrpSubNetwork objects in a etsysFWNetworkGroupName must have the same etsysFWNetworkIPVersion and etsysFWNetworkRealm. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWNetwkInNetGrpStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWNetwkInNetGrpStorageType value could allow the row to be modified or deleted.

An entry in the etsysFWNetwkInNetGrpTable.

The location of the contained network. The MIB defines the following tables which may be pointed to by this column: etsysFWNetworkTable Implementations should prevent recursion and return the inconsistentName exception if the SnmpAdminString value references an etsysFWNetworkGroupTable row that already contains the etsysFWNetworkGroupName of this row. If this column is set to a SnmpAdminString value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the SnmpAdminString is not supported at all, then an inconsistentValue exception should be returned.

The storage type for this row.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This object cannot be made active until the network or network group referenced by the etsysFWNetwkInNetGrpSubNetwork is both defined and is active. An attempt to do so will result in an inconsistentValue error.

The maximum number of entries allowed in the etsysFWNetworkTable.

The current number of entries in the etsysFWNetworkTable.

The sysUpTime at which the etsysFWNetworkTable was last modified.

A table defining the networks associated with filters to create the firewall policy rules. Networks can be defined with a network IP address and mask, an IP address range, or a single IP host address. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWNetworkStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWNetworkStorageType value could allow the row to be modified or deleted.

An entry in the etsysFWNetworkTable.

The administratively assigned name of the network.

A network is qualified as either an internal or external address. Enumeration: 'internal': 1, 'external': 2.

When set to useIpAddrRange, the etsysFWNetworkIPAddrBegin and etsysFWNetworkIPAddrEnd define the network object in this row. When set to useIpAddrMask, the etsysFWNetworkIPAddrBegin and etsysFWNetworkIPAddrMask define the network object in this row. Enumeration: 'useIpAddrMask': 2, 'useIpAddrRange': 1.

The Internet Protocol version the addresses are to match against. The value of this property determines the size and format of the etsysFWNetworkIPAddressBegin, etsysFWNetworkIPAddressEnd and etsysFWNetworkIPAddressMask objects. Values of unknown, ipv4z, ipv6z and dns are not legal values for this object.

The IP address that with either the etsysFWNetworkIPAddrEnd or etsysFWNetworkIPAddrMask define the network object for this row.

When etsysFWNetworkRangeOrMask is set to useIpAddrRange, this is the end of the IP address range. To define a single host set this to the value of etsysFWNetworkIpAddrBegin.

When etsysFWNetworkRangeOrMask is set to useIpAddrMask, this is the mask that define the IP network. To define a single host set this to all 1's.

The storage type for this row.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. Once active, it MAY NOT have its value changed if any active rows in the etsysFWNetwkInNetGrpTable or the etsysFWFilterDefTable are currently pointing at this row.

The maximum number of entries allowed in the etsysFWServiceGroupTable.

The current number of entries in the etsysFWServiceGroupTable.

The sysUpTime at which the etsysFWServiceGroupTable was last modified.

A table defining a group of service objects from the etsysFWServiceTable or a service group in etsysFWServiceGroupTable. The services contained in the group are defined in the etsysFWNetwkInNetGrpTable. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWServiceGroupStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWServiceGroupStorageType value could allow the row to be modified or deleted.

An entry in the etsysFWServiceGroupTable.

The administratively assigned name of the service group.

The storage type for this row.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. Once active, it MAY NOT have its value changed if any active rows in the etsysFWNetwkInNetGrpTable or the etsysFWFilterDefTable are currently pointing at this row.

The maximum number of services allowed in a service group.

The sysUpTime at which the etsysFWServiceInSvcTable was last modified.

A table defining the services in a service group. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWServiceInSvcGrpStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWServiceInSvcGrpStorageType value could allow the row to be modified or deleted.

An entry in the etsysFWServiceInSvcGrpTable.

The location of the contained service. The MIB defines the following tables which may be pointed to by this column: etsysFWServiceTable Implementations should prevent recursion and return the inconsistentName exception if the SnmpAdminString value references an etsysFWServiceGroupTable row that already contains the etsysFWServiceGroupName of this row. If this column is set to a SnmpAdminString value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the SnmpAdminString is not supported at all, then an inconsistentValue exception should be returned.

The storage type for this row.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This object cannot be made active until the service or service group referenced by the etsysFWNetwkInNetGrpSubService is both defined and is active. An attempt to do so will result in an inconsistentValue error.

The maximum number of entries allowed in the etsysFWServiceTable.

The current number of entries in the etsysFWServiceTable.

The sysUpTime at which the etsysFWServiceTable was last modified.

This table contains a list of service definitions to be used within the etsysFWPolicyRuleDefTable. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWServiceStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWServiceStorageType value could allow the row to be modified or deleted.

A definition of a service.

The administrative name for this filter.

The low port of the port range a packet's source must match against. To match, the port number must be greater than or equal to this value. This object is only used if sourcePort is set in etsysFWServiceType, in which case the value of 0 for this object is illegal.

The high port of the port range a packet's source must match against. To match, the port number must be less than or equal to this value. This object is only used if sourcePort is set in etsysFWServiceType, in which case the value of 0 for this object is illegal.

The low port of the port range a packet's destination must match against. To match, the port number must be greater than or equal to this value. This object is only used if destinationPort is set in etsysFWServiceType, in which case the value of 0 for this object is illegal.

The high port of the port range a packet's destination must match against. To match, the port number must be less than or equal to this value. This object is only used if destinationPort is set in etsysFWServiceType, in which case the value of 0 for this object is illegal.

The protocol number the incoming packet must match against for this filter to be evaluated as true. This object is only used if protocol is set in etsysFWServiceType. Enumeration: 'udp': 2, 'tcp': 1.

The storage type for this row.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified.

The maximum number of entries allowed in the etsysFWFilterDefTable.

The current number of entries in the etsysFWFilterDefTable.

The sysUpTime at which the etsysFWFilterDefTable was last modified.

This table defines a policy rule by associating a network objects with a filter or a set of filters and an action to take when the filter is true. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWFilterDefStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWFilterDefStorageType value could allow the row to be modified or deleted.

A row defining a particular filter definition. A rule definition binds a filter pointer to an action.

etsysFWFilterDefName is the administratively assigned name of the policy rule.

If the source address of the packet is in the set of addresses defined by the network object pointed to by etsysFWFilterDefSrcNetwork and the destination address is in the set of addresses defined by the network object pointed to by etsysFWFilterDefDstNetwork, the firewall will evaluate the etsysFWFilterDefFilter for the packet. This MIB defines the following tables which may be pointed to by this column. Implementations may choose to provide support for other network tables or scalars as well: etsysFWNetworkGroupTable etsysFWNetworkTable If this column is set to an SnmpAdminString value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the VariablePointer is not supported at all, then an inconsistentValue exception should be returned.

If the source address of the packet is in the set of addresses defined by the network object pointed to by etsysFWFilterDefSrcNetwork and the destination address is in the set of addresses defined by the network object pointed to by etsysFWFilterDefDstNetwork, the firewall will evaluate the etsysFWFilterDefFilter for the packet. This MIB defines the following tables which may be pointed to by this column. Implementations may choose to provide support for other network tables or scalars as well: etsysFWNetworkGroupTable etsysFWNetworkTable If this column is set to a VariablePointer value which references a non-existent row in an otherwise supported table, the inconsistentName exception should be returned. If the table or scalar pointed to by the VariablePointer is not supported at all, then an inconsistentValue exception should be returned.

A policy may be specified as bidirectional to mean that it also operates with the etsysFWFilterDefSrcNetwork and etsysFWFilterDefDstNetwork reversed. If this column is false, the policy operates only in the direction defined by etsysFWFilterDefSrcNetwork and etsysFWFilterDefDstNetwork.

x

x

When the filter is true, log the activity of this rule.

The storage type for this row.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified. This object SHOULD NOT be set to active until the containing networks and filters have been defined. Once active, it MUST remain active until no etsysFWGroupFilterDef entries are referencing it.

The maximum number of CLS filters allowed per etsysFWPolicyRuleDefName.

The sysUpTime at which the etsysFWCLSFilterTable was last modified.

This table defines the command line string filters that can be applied to a policy rule definition. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWGroupPolicyStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWGroupPolicyStorageType value could allow the row to be modified or deleted.

A row defining a particular command line string filter.

.

.

The storage type for this row.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified.

This table contains filters that applies to the HTML protocol. The implementation may choose to allow modifications to this table only under certain SNMP contexts. The etsysFWIpOptionsHeadFiltStorageType for a given SNMP context may be readOnly, meaning the row cannot be modified or deleted. In another SNMP context, the etsysFWIpOptionsHeadFiltStorageType value could allow the row to be modified or deleted.

A definition of a particular filter.

The administrative name for this HTML filter.

. Enumeration: 'none': 1, 'selected': 2, 'all': 3.

.

.

The storage type for this row.

This object indicates the conceptual status of this row. The value of this object has no effect on whether other objects in this conceptual row can be modified.

The current number of entries in the etsysFWPolicyRuleTrueTable.

The sysUpTime at which the etsysFWPolicyRuleTrueTable was last modified.

This table contains a counter for the number of times each policy rule has been true during packet inspection since the last restart of the device.

A row in the table for a named policy rule definition.

A unique index for this row.

The name of the policy rule.

The number of times since the device has restarted that the rule has been true during packet inspection.

The date and time when this rule was last true during packet inspection.

The current number of entries in the etsysFWSessionTotalsTable.

The sysUpTime at which the etsysFWSessionTotalsTable was last modified.

The firewall can perform stateful inspection of packets to allow incoming traffic associated with outgoing packets. These associations are sessions. This table returns data about the total sessions indexed by protocol-id (as defined by the assigned protocol-numbers of the IANA).

A row with the session counters for a particular protocol-id.

A unique index for this row.

The protocol-id for this row.

The total number of active sessions for this protocol.

The peak number of sessions for this protocol since the last restart of the device.

The total number of sessions that have been blocked for this protocol since the last restart of the device.

The date and time of the last blocked session for this protocol.

The current number of entries in the etsysFWIpSessionTable.

The sysUpTime at which the etsysFWIpSessionTable was last modified.

The firewall can perform stateful inspection of packets to allow incoming traffic associated with outgoing packets. These associations are sessions. This table returns data about the current active sessions.

A row that defines an active session.

A unique index for this row.

The Internet Protocol version. The value of this property affects the size and format of the etsysFWIpSessionSrcAddress and etsysFWIpSessionDstAddress objects.

The source IP address of this session.

The destination IP address of this session.

The source port of this session.

The destination port of this session.

The protocol-id of this session (as defined by the assigned protocol-numbers of the IANA).

The date and time this session was created.

The current number of entries in the etsysFWAuthAddressTable.

The sysUpTime at which the etsysFWAuthAddressTable was last modified.

The firewall has an action to allow traffic only to IP addresses that have authenticated with the firewall. After authentication, the authenticated address remains in a cache as long as there are packets from the address. This table returns the cached authenticated IP addresses. The table rows are removed when the IP address is idle for the number of seconds specified in etsysFWAuthTimeout.

A row that defines an authenticated IP address.

A unique index for this row.

The Internet Protocol version. The value of this property affects the size and format of the etsysFWAuthAddressIPAddress object.

The authenticated IP address.

The group name of the authenticated IP address.

The number of seconds this IP address has been idle.

The current number of entries in the etsysFWDoSBlockedTable.

The sysUpTime at which the etsysFWDoSBlockedTable was last modified.

Firewalls can provide protection from some common forms of Denial of Service attacks. The firewall will return the total number of times the specific DoS attack has been blocked and the IP address and time of the last blocked attack.

A row that defines the statistics for a particular DoS attack.

The name of a DoS attack. Example names are 'SYN Flood', 'Tear Drop', and 'ICMP Flood'.

The Internet Protocol version. The value of this property affects the size and format of the etsysFWDoSScrIPAddress object.

The source IP address of the last blocked attack.

The time of the last blocked attack.

The number of times this DoS attack has been blocked since the last restart of the device.

The Firewall Enabled Group.

The Firewall Configuration Group for general system parameters.

The Firewall on Interface Enabled Group for enabling the firewall on individual interfaces.

The System Policy Group Name Group.

The Interface to Policy Table Group.

The Group Policy to Rule Definition Table Group.

The Policy Rule Definition Table Group.

The Network Group Network In Network Group Tables Group

The Network Table Group.

The Service Group in Servce Group Tables Group.

The Service Table Group.

The Filter Table Group.

The CLS Filter Table Group.

The HTML Filter Table Group.

The Policy Rule True Table Group.

The Firewall Session Totals Table Group.

The Firewall IP Sessions Table Group.

The Firewall Authenticated Addresses Table Group.

The Firewall DoS Blocked Attacks Table Group.

The compliance statement for devices that support the etsysFirewallMIB.