-- Copyright (C) 2008-2014 Super Micro Computer Inc. All Rights Reserved

-- $Id: fsfwl.mib,v 1.17 2012/09/07 09:52:05 siva Exp $

-- This document explains the proprietary MIB implemented 
-- for FutureFirewall product.

-- The FS proprietary MIB definitions, which mostly contains extra 
-- statistic objects and objects that can enable or disable certain features 
-- of a protocol or the protocol itself. The various groups that are present 
-- in the proprietary MIB are :


-- FutureFirewall MIB.

-- The MIB contains scalars and tables used to configure 
-- FutureFirewall . 

-- The different groups in FutureFirewall MIB are as follows:

-- 1) fwlGlobal group :
--       It contains scalar objects used to configure FutureFirewall. 
--	The objects in this group are used to control Firewall 
--	services and prevent against potential attacks. The objects in this 
--	group are fwlGlobalMasterControlSwitch, fwlGlobalIcmpControlSwitch,
--	fwlGlobalTrace, fwlGlobalDebug,
--	fwlGlobalIpSpoofFiltering, fwlGlobalSrcRouteFiltering, fwlGlobalTrap,
--	fwlGlobalTinyFragmentFiltering, fwlGlobalTcpIntercept,
--	fwlGlobalUrlFiltering, fwlGlobalIpv6SpoofFiltering,
--	fwlGlobalICMPv6ControlSwitch, fwlGlobalLogFileSize,
--  fwlGlobalLogSizeThreshold, fwlGlobalIdsLogSize, fwlGlobalIdsLogThreshold.  

-- 2) fwlDefinition group :
--       This contains tables used to configure Filters and Rules and to apply
-- 	them on a particular interface. It contains a table to configure
-- 	interface specific Filters and a table to view dynamically created
--    filters. It also provides an authentication table for configuring
--	   authorized users and services.
--	a) fwlDefnTcpInterceptThreshold : This is a scalar object used to define
--	   the rate of TCP connection requests allowed.
--	b) fwlDefnInterceptTimeout : This is a scalar object used to define
--	   the time interval for allowing the connections within threshold. 
-- c) fwlDefnFiltertable : This table is used to configure filters. The 
--	   objects in this table are fwlFilterFilterName, fwlFilterSrcAddress,
--	   fwlFilterDestAddress, fwlFilterSrcPort, fwlFilterDestPort, 
--	   fwlFilterProtocol and fwlFilterTos, fwlFilterAddrType,fwlFilterFlowId
--	   fwlFilterDscp.
--	d) fwlDefnRuleTable : This table is used to configure rules(combination 
--	   of Filters). The objects in this table are fwlRuleRuleName and 
--	   fwlRuleFilterSet.
--	e) fwlDefnAclTable : This table is used to apply a filter or a rule on 
--	   a particular interface. The objects include fwlAclAclName, 
--	   fwlAclIfIndex, fwlAclDirection, fwlAclAction and 
--	   fwlAclSequenceNumber.	
--	f) fwlDefnIfTable : This table is used to configure interface specific 
--	   filters. The objects in the table include fwlIfIpOptions, 
--	   fwlIfFragments, fwlIfIcmpType, fwlIfIcmpCode ,fwlIfIfType and
--	   fwlIfICMPv6MsgType.
-- g) fwlDefnDmzTable : This table is used to configure the DMZ hosts on an 
--    interface. The objects in the table include fwlDmzIpSubnet and 
--    fwlDmzSubnetMask.
--      h) fwlDefnIPv6DmzTable : This table is used to configure the IPv6 DMZ hosts on an 
--    interface. The object in the table include fwlDmzIpv6Index.

-- 3) fwlStatistics group :
--       This contains scalar objects used to specify the global statistics.
--    It also contains an interface table used to specify interface specific 
--    statistics. The objects that specify the global statistics are 
--	   fwlStatTotalPacketsInspectedCount, fwlStatTotalPacketsDenied,
--	   fwlStatTotalPacketsAccepted, fwlStatTotalIcmpPacketsDenied,
--    fwlStatTotalIpOptionPacketsDenied, fwlStatTotalFragmentedPacketsDenied,
--	   fwlStatMemoryAllocationFailCount, fwlStatTotalSynPacketsReceived,
--	   fwlStatTotalIpSpoofedPacketsDenied,fwlStatIPv6InspectedPacketsCount,
--	fwlStatIPv6TotalPacketsDenied,fwlStatIPv6TotalPacketsAccepted,
--	fwlStatIPv6TotalIcmpPacketsDenied,fwlStatIPv6TotalSpoofedPacketsDenied 
--   	The following table is used to specify interface specific statistics.
--	   fwlStatIfTable : The objects in this table are fwlStatIfFilterCount,
--	   fwlStatIfPacketsDenied, fwlStatIfPacketsAccepted,
--	   fwlStatIfIcmpPacketsDenied, fwlStatIfFragmentPacketsDenied and  
--	   fwlStatIfIpOptionPacketsDenied,fwlStatIfIPv6PacketsDenied,
--	   fwlStatIfIPv6PacketsAccepted, fwlStatIfIcmpv6PacketsDenied
--	   fwlStatIfIpOptionPacketsDenied. 

-- 4) fwlTraps Group :
--	   This group contains the different types of Traps used by the Firewall
--	   The trap control is fwlTrapMessage.
--    The trap types are fwlTrapMemoryFailure and fwlTrapAttackSummary.		
--	   fwlTrapThresholdExceeded would be triggered when the Discard limit 
--    exceeds the threshold set. fwlTrapIfIndex object specifies the 
--    Interface Index in which the limit is exceeded. It could be a Global 
--    or a particular Interface Index. fwlTrapMessage would be called for
--    traps related to Firewall logs such as sizeexceeded and sizethresholdhit.
--    fwlIdsTrapLogging would be called for traps related to IDS logs such as 
--    sizeexceeded and sizethresholdhit. fwlIdsTrapAttackPktFromIds would be 
--    called when an attack-packet is identified by IDS.

FIREWALL-MIB DEFINITIONS ::= BEGIN
IMPORTS
	MODULE-IDENTITY, OBJECT-TYPE,
	Integer32, Unsigned32, Counter32, enterprises,
        IpAddress, NOTIFICATION-TYPE, 
	TimeTicks  	 	FROM SNMPv2-SMI
	RowStatus, TruthValue, DisplayString, RowPointer,	
	TimeStamp, TEXTUAL-CONVENTION	FROM SNMPv2-TC
	InetAddress, InetAddressType, 
	InetAddressPrefixLength FROM INET-ADDRESS-MIB;


--	enterprises          	OBJECT IDENTIFIER ::= { private 1 }
--    	basic         	OBJECT IDENTIFIER ::= { enterprises 2076 }

firewall	MODULE-IDENTITY
		LAST-UPDATED "201209050000Z"
        	ORGANIZATION "Super Micro Computer Inc."
        	CONTACT-INFO "support@Supermicro.com"
                DESCRIPTION
	               " The MIB module to describe the Firewall . "
		REVISION "201209050000Z"
                DESCRIPTION
	               " The MIB module to describe the Firewall . "
	::=  { enterprises supermicro-computer-inc(10876) super-switch(101) basic(1) 16}

-- Textual Conventions
-- These Textual Conventions enhance the readability of the specification.

-- The Status is an integer value which specifies whether the Firewall
-- AccessList control switches are enabled or disabled.

Status		::=	TEXTUAL-CONVENTION
	STATUS		current	
	DESCRIPTION
		" The status of the Firewall AccessList control switches. "
	SYNTAX		INTEGER	{
				enabled(1),
				disabled(2)
			}	

-- The ProtocolType is an integer value that specifies the type of
-- protocol.
	
ProtocolType	::= 	TEXTUAL-CONVENTION
	STATUS		current
	DESCRIPTION
		" Enumeration of protocols that are commonly used on Firewall 
		AccessList. "
	SYNTAX		INTEGER	{
				icmp(1),
				igmp(2),
				ggp(3),
				ip(4),
				tcp(6),
				egp(8),
				igp(9),
				nvp(11),
				udp(17),
				irtp(28),
				idpr(35),
				rsvp(46),
				mhrp(48),
				igrp(88),
				ospfigp(89),
				any(255)			
			}
	
-- Groups in  Firewall AccessList

fwlGlobal	    OBJECT IDENTIFIER  ::=  { firewall 1 }
fwlDefinition	OBJECT IDENTIFIER  ::=  { firewall 2 }
fwlStatistics	OBJECT IDENTIFIER  ::=  { firewall 3 }
fwlTraps	    OBJECT IDENTIFIER  ::= 	{ firewall 4 }
fwlState	    OBJECT IDENTIFIER  ::= 	{ firewall 5 }

-- SCALAR_TABLE_BEGIN  fwlGlobal 13
-- Firewall Global Group
-- This group defines variables, which applies globally to the Firewall.

fwlGlobalMasterControlSwitch		OBJECT-TYPE
	SYNTAX				Status  
	MAX-ACCESS			read-write	
	STATUS				current
	DESCRIPTION
		" This switch is used to enable or disable the entire firewall 
		service. The default value for this switch is 'enabled' (1). "
	DEFVAL	{ enabled }
	::= { fwlGlobal 1 }

fwlGlobalICMPControlSwitch		OBJECT-TYPE
	SYNTAX				INTEGER	{
						generate(1),
						suppress(2) 
					}
	MAX-ACCESS			read-write	
	STATUS				current
	DESCRIPTION
		"This switch is used to generate or suppress the ICMP generation
		when a packet is rejected by the firewall. The default value for
		this switch is 'suppress'(2). "
	DEFVAL	{ suppress }
	::= { fwlGlobal 2 }

fwlGlobalIpSpoofFiltering		OBJECT-TYPE
	SYNTAX				Status
	MAX-ACCESS			read-write
	STATUS				current
	DESCRIPTION
 		" This switch is used to determine whether the inbound packets 
		(packets arriving on the external interface or the interface 
		connected to the Internet)are to be examined for a potential 
             	source IP Spoofing attack. The default value for this switch 
                is 'enabled'(1). "
	DEFVAL	{  enabled  }
	::= { fwlGlobal 3 }

fwlGlobalSrcRouteFiltering		OBJECT-TYPE
	SYNTAX				Status
	MAX-ACCESS			read-write
	STATUS				deprecated
	DESCRIPTION
		"**************** THIS OBJECT IS DEPRECATED ****************

      This switch is used to determine whether the inbound packets 
		(packets arriving on the external interface or the interface 
		connected to the Internet)containing the IP source route option 
		are filtered or not through the Firewall. The default 
		value for this switch is 'enabled'(1). " 
	DEFVAL	{  enabled  }
	::= { fwlGlobal 4 }

fwlGlobalTinyFragmentFiltering		OBJECT-TYPE
	SYNTAX				Status
	MAX-ACCESS			read-write
	STATUS				deprecated
	DESCRIPTION
		"**************** THIS OBJECT IS DEPRECATED ****************
      
		 This switch is used to determine whether the inbound packets 
		(packets arriving on the external interface or the interface 
		connected to the Internet)containing Tiny IP Fragments are 
		allowed or discarded through the Firewall. The default value 
		for this switch is 'enabled'(1). " 
	DEFVAL	{  enabled  }
	::= { fwlGlobal 5 }

fwlGlobalTcpIntercept			OBJECT-TYPE
	SYNTAX				Status
	MAX-ACCESS			read-write
	STATUS				current
	DESCRIPTION
		" This switch is used to determine whether packets are to be
		examined for a potential Denial of service attack (TCP SYN 
		Flooding attack). The default value for this switch is 
		'enabled'(1). " 
	DEFVAL	{  enabled  }
	::= { fwlGlobal 6 }

fwlGlobalTrap				OBJECT-TYPE
	SYNTAX				Status
	MAX-ACCESS			read-write
	STATUS				current
	DESCRIPTION
		" This switch is used to control the different types of Trap 
		sent to the administrator in case of memory failure or any 
		attacks has occurred. If this switch is enabled then Trap will 
		be sent for the above mentioned reasons. The default value for 
		this switch is 'disabled'(2)."			
	DEFVAL	{ disabled }				
	::= { fwlGlobal 7 }

fwlGlobalTrace				OBJECT-TYPE
	SYNTAX				Integer32
	MAX-ACCESS			read-write
	STATUS				current
	DESCRIPTION
		" This is used to enable trace statements in Firewall Module.
        	A four byte integer value is specified for enabling the level 
		of tracing. Each Bit in the four byte integer variable represents
		a level of Trace. The bits represents the levels as 
		follows: 0 - Init and Shutdown, 1 - Management, 2 - Data Path,
		3 - Control Plane, 4 - packet Dump, 5 - All resources except
		buffer, 6 - All Failures, 7 - Buffer, 16 - Action taken by  
		firewall, 17 - Inspection of Packet, 18 - error and 19 - Trap. 
      The remaining bits are unused. The combination of levels are also 
      allowed. For example if the bits 1 and 2 are set, then the Trace 
		statements related to management and Data Path will be printed.
	 	The user have to enter the corresponding integer value for the 
		bits set. For example if bits 1 and 2 are set then he has to
      give the value 6." 
	DEFVAL	{ 0 }
	::= { fwlGlobal 8 }

fwlGlobalDebug				OBJECT-TYPE
	SYNTAX				Status
	MAX-ACCESS			read-write
	STATUS				current
	DESCRIPTION
		" This is used to enable/disable Debug Statements in Firewall Module."
	DEFVAL	{  disabled }
	::= { fwlGlobal 9 }

fwlGlobalMaxFilters			OBJECT-TYPE
	SYNTAX				Integer32
	MAX-ACCESS			read-only
	STATUS				current
	DESCRIPTION
		" This specifies the maximum number of memory blocks 
		that can be allocated for filters."
	DEFVAL	{  100  }
	::= { fwlGlobal 10 }

fwlGlobalMaxRules			OBJECT-TYPE
	SYNTAX				Integer32
	MAX-ACCESS			read-only
	STATUS				current
	DESCRIPTION
		" This specifies the maximum number of memory blocks 
		that can be allocated for rules." 
	DEFVAL	{  100  }
	::= { fwlGlobal 11 }

fwlGlobalUrlFiltering   OBJECT-TYPE
   SYNTAX            Status
   MAX-ACCESS        read-write
   STATUS            current
   DESCRIPTION
      " This enables or disables URL filtering. 
		The default value for this switch is 'disable'(2). " 
   DEFVAL	{ disabled }				
   ::= { fwlGlobal 12 }

fwlGlobalNetBiosFiltering   OBJECT-TYPE
   SYNTAX            Status
   MAX-ACCESS        read-write
   STATUS            current
   DESCRIPTION
      " This enables or disables NETBIOS filtering. 
		The default value for this switch is 'disable'(2). " 
   DEFVAL	{ disabled }				
   ::= { fwlGlobal 13 }

fwlGlobalNetBiosLan2Wan   OBJECT-TYPE
   SYNTAX            Status
   MAX-ACCESS        read-write
   STATUS            current
   DESCRIPTION
      " This enables or disables NETBIOS LAN to WAN control switch. 
		The default value for this switch is 'disable'(2). " 
   DEFVAL	{ disabled }				
   ::= { fwlGlobal 14 }

fwlGlobalICMPv6ControlSwitch		OBJECT-TYPE
	SYNTAX				INTEGER	{
						generate(1),
						suppress(2) 
					}
	MAX-ACCESS			read-write	
	STATUS				current
	DESCRIPTION
		"This switch is used to generate or suppress the ICMPv6 generation
		when a packet is rejected by the firewall. When this is enabled,
        ICMPv6 error message is generated whenever a ICMPv6 packet is denied.
         The default value for this switch is 'suppress'(2). "
	DEFVAL	{ suppress }
	::= { fwlGlobal 15 }

fwlGlobalIpv6SpoofFiltering		OBJECT-TYPE
	SYNTAX				Status
	MAX-ACCESS			read-write
	STATUS				current
	DESCRIPTION
 		" This switch is used to determine whether the inbound packets 
		(packets arriving on the external interface or the interface 
		connected to the Internet)are to be examined for a potential 
             	source IPv6 Spoofing attack. The default value for this switch 
                is 'enabled'(1). "
	DEFVAL	{  enabled  }
	::= { fwlGlobal 16 }

fwlGlobalLogFileSize OBJECT-TYPE
   SYNTAX      Unsigned32
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
      " This is the maximum file size in bytes of the firewall log file."
   DEFVAL   { 1048576 }
   ::= { fwlGlobal 17 }

fwlGlobalLogSizeThreshold OBJECT-TYPE
   SYNTAX      Unsigned32 (1..99)
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
     " This is the threshold value of the Log storage space with respect
       to the maximum Log Storage Space. It is entered as a percentage value. "
   DEFVAL   { 70 }
   ::= { fwlGlobal 18 }

fwlGlobalIdsLogSize   OBJECT-TYPE
    SYNTAX               Unsigned32
    MAX-ACCESS           read-write
    STATUS               current
    DESCRIPTION
       "This is the maximum file size in bytes of the IDS log file. "
    DEFVAL   { 1048576 }
    ::= { fwlGlobal 19 }

fwlGlobalIdsLogThreshold OBJECT-TYPE
    SYNTAX               Unsigned32 (1..99)
    MAX-ACCESS           read-write
    STATUS               current
    DESCRIPTION
        " This is the threshold value of the Log storage space with respect
       to the maximum Log Storage Space. It is entered as a percentage value."
    DEFVAL   { 70 }
    ::= { fwlGlobal 20 }

fwlGlobalIdsVersionInfo OBJECT-TYPE
    SYNTAX    DisplayString (SIZE (1..64))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
       "This Object shows the Current version of IDS (Intrusion Detection System)"
    DEFVAL {""}
    ::= {fwlGlobal 21}

fwlGlobalReloadIds OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
       "This Object reload IDS process (Intrusion Detection System) with the
       new set of rules/configurations."
    ::= {fwlGlobal 22}

fwlGlobalIdsStatus OBJECT-TYPE
    SYNTAX      Status
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
       "This Object is used to enable or disable IDS (Intrusion Detection 
        System) service in the system. By default IDS is enabled."
    DEFVAL	{ enabled }
    ::= {fwlGlobal 23}

fwlGlobalLoadIdsRules OBJECT-TYPE
	SYNTAX		INTEGER	{
						load (1),
						unload (2) 
					}
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
       "This Object loads the existing regular expressions of rules to Pattern
        Matching Engine (PME) if exists. Also reloads IDS process 
        (Intrusion Detection System). While rules load in progress IDS status
        would be disabled."
    ::= {fwlGlobal 24}
    
-- SCALAR_TABLE_END	               

-- Firewall Definition Group
-- The Definition group defines the variables used to configure the
-- filters an rules for the Firewall . It also defines the
-- variables used to prevent all types of attacks.

-- SCALAR_TABLE_BEGIN fwlDefinition 7

-- The following two scalar variables are used to prevent the Denial 
-- of Service attack.

fwlDefnTcpInterceptThreshold			OBJECT-TYPE
	SYNTAX					Integer32
	MAX-ACCESS				read-write
	STATUS					current
	DESCRIPTION					
		" The number of TCP Connection requests (TCP SYN packets)
		entering into the firewall module within a timeout  
		period. The default value is 50 connections. "
	DEFVAL { 50 }
	::= { fwlDefinition 1 }

fwlDefnInterceptTimeout			OBJECT-TYPE
	SYNTAX					TimeTicks
	MAX-ACCESS				read-write
	STATUS					current
	DESCRIPTION					
		" The interval after which the Connection requests 
		exceeding the threshold will be discarded. The default 
		value is 1 second. This timeout value applies for TCP,UDP
      and ICMP"
	DEFVAL { 1 }
	::= { fwlDefinition 2 }

-- SCALAR_TABLE_END

-- Filter Table
-- This is the first level of configuration where the Filters are defined.
-- These Filters specify the parameters that has to be checked against the 
-- packet. The parameters include source address, destination address, 
-- source port, destination port, protocol type, etc.

fwlDefnFilterTable			OBJECT-TYPE
	SYNTAX				SEQUENCE OF FwlDefnFilterEntry
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" This table is used to configure the Filters in the Firewall.
		The Filters can be configured as 'Filter1 10.0.0.0/24  
                108.0.4.1/32  6'. It means that in Filter1, the source address 
		can range from 10.0.0.0 to 10.0.0.255 and destination address 
		is 108.0.4.1 and protocol is TCP. The mask used is not wild-card
 		mask. If a configured Filter is to be deleted, it must ensure 
		that the Rules using this particular filter or this Filter 
		applied on a particular interface, must be deleted first. "
	::= { fwlDefinition 3 }

fwlDefnFilterEntry			OBJECT-TYPE
	SYNTAX				FwlDefnFilterEntry
	MAX-ACCESS			not-accessible
	STATUS				current		
	DESCRIPTION
		" The individual entry in the above table. "
	INDEX	{  fwlFilterFilterName  }
	::= { fwlDefnFilterTable 1 }

FwlDefnFilterEntry	::= 
	SEQUENCE	{
				fwlFilterFilterName
					OCTET STRING,	
				fwlFilterSrcAddress
					DisplayString,	
				fwlFilterDestAddress
					DisplayString,
				fwlFilterProtocol
					INTEGER,
				fwlFilterSrcPort	
					DisplayString,
				fwlFilterDestPort
					DisplayString,
				fwlFilterAckBit
					INTEGER,
				fwlFilterRstBit
					INTEGER,
				fwlFilterTos
					Integer32,
				fwlFilterAccounting
					Status,
				fwlFilterHitClear
					TruthValue,
				fwlFilterHitsCount
					Counter32,
				fwlFilterAddrType
					InetAddressType,
     				fwlFilterFlowId
				         Unsigned32,
			    	fwlFilterDscp
				         Integer32,
				fwlFilterRowStatus
					RowStatus
			}					

fwlFilterFilterName			OBJECT-TYPE
	SYNTAX				OCTET STRING (SIZE(0..35))
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" This Filter name uniquely identifies the particular Filter 
		configured. "
	::= { fwlDefnFilterEntry 1 }
	
fwlFilterSrcAddress			OBJECT-TYPE
	SYNTAX				DisplayString
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" The source IP address and the source mask to be checked 
		against the packet. The default value is 0.0.0.0/0.
            	The address value should not be specified without the mask 
            	value. ('10.0.14.23') "
	DEFVAL	{''h}	
	::= { fwlDefnFilterEntry 2 }

fwlFilterDestAddress			OBJECT-TYPE
	SYNTAX				DisplayString
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" The destination IP address and the destination mask to be 
		checked against the packet. The default value is 0.0.0.0/0.
            	The address value should not be specified without the mask 
            	value. ('10.0.14.23') "
	DEFVAL	{ ''h }
	::= { fwlDefnFilterEntry 3 }

fwlFilterProtocol			OBJECT-TYPE
	SYNTAX				ProtocolType		
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" The type of protocol to be checked against the packet. The 
		default value is 'any' (255). If the value is 'any' (255), it 
		means that the protocol type can be anything and it will not be 
		checked to decide the action. "
	DEFVAL	{ any }
	::= { fwlDefnFilterEntry 4 } 

fwlFilterSrcPort			OBJECT-TYPE
	SYNTAX				DisplayString
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" The source port to be checked against the packet. The range 
		of port can be specified by using the symbols like '>', '<', 
		'!=', '=', '<=', '>='. For example the port value will be 
                specified as '>1023', '=23', etc. This value is parsed into 
                MIN and MAX port value. The string '>1023' will be parsed as 
		MIN port value = 1024 and MAX port value = 65536.  The default 
		value for the MIN and MAX port value is 0. If the value is 0, 
		it means that the port number can be anything and it will not 
		be checked to decide the action. "
	DEFVAL	{ ''h }
	::= { fwlDefnFilterEntry 5 }

fwlFilterDestPort			OBJECT-TYPE
	SYNTAX				DisplayString
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" The destination port to be checked against the packet. The 
		range of port can be specified by using the symbols like '>',  
		'<', '!=', '=', '<=', '>='. For example the port value will be 
                specified as '>1023', '=23', etc. This value is parsed into 
                MIN and MAX port value. The string '>1023' will be parsed as 
		MIN port value = 1024 and MAX port value = 65536.  The default 
		value for the MIN and MAX port value is 0. If the value is 0, 
		it means that the port number can be anything and it will not 
		be checked to decide the action. "
	DEFVAL	{ ''h }
	::= { fwlDefnFilterEntry 6 }

fwlFilterAckBit				OBJECT-TYPE
	SYNTAX				INTEGER	{
						establish(1),
						notEstablish(2),
					 	any(3)	
					}
	MAX-ACCESS			read-create
	STATUS				deprecated
	DESCRIPTION
		"**************** THIS OBJECT IS DEPRECATED ****************

		The TCP ACK bit to be checked against the packet. The default 
		value is 'any'(3). It means that ACK bit will not be checked 
            	to decide the action. "
	DEFVAL	{ any }
	::= { fwlDefnFilterEntry 7 }

fwlFilterRstBit				OBJECT-TYPE
	SYNTAX				INTEGER	{
						set(1),
						notSet(2),
					      	any(3)	
					}
	MAX-ACCESS			read-create
	STATUS				deprecated
	DESCRIPTION
		"**************** THIS OBJECT IS DEPRECATED ****************

		The TCP RST bit to be checked against the packet. The default 
		value is 'any'(3). It means that RST bit will not be checked to 
		decide the action. "
	DEFVAL	{ any }
	::= { fwlDefnFilterEntry 8 }

fwlFilterTos				OBJECT-TYPE
	SYNTAX				Integer32
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" The IP TOS bit to be checked against the packet. This is a 
		single byte integer of which the last three bits (least 
                significant bits) indicate Delay, Throughput and Reliability 
                i.e. 'uuuuudtr', u-unused, d-delay, t-throughput, r-reliability.
		For example '6' indicates low delay and high throughput. "	
	DEFVAL	{ 0 }
	::= { fwlDefnFilterEntry 9 }

fwlFilterAccounting       OBJECT-TYPE
    SYNTAX              Status
    MAX-ACCESS          read-write
    STATUS              current
    DESCRIPTION
		"This object is used to enable or disable the filter accounting of this
		filter. If this object is enabled then the Hit count of this filter will
		be incremented when the traffic matches this filter. If this object is
		disabled then the Hit counter of the filter will not be incremented when
		the traffic matches this filter. The default value of this 
		object is 'disabled'(2)."

	DEFVAL  {  disabled  }
    ::= { fwlDefnFilterEntry 10 }

fwlFilterHitClear       OBJECT-TYPE
    SYNTAX              TruthValue
    MAX-ACCESS          read-write
    STATUS              current
    DESCRIPTION
		"This object is used to clear the hit count of this filter. The default 
		value is 'false'. When this object is true, the Hit count for the 
		respective filter will be cleared and the object value will be reset to 
		false. The get routine for this object always returns 'false'."

    DEFVAL  {  false  }
    ::= { fwlDefnFilterEntry 11  }

fwlFilterHitsCount		OBJECT-TYPE
	SYNTAX		      	Counter32
	MAX-ACCESS		read-only
	STATUS			current
	DESCRIPTION	
		" The number of times this Filter is matched while processing 
		the packet. "
	::= { fwlDefnFilterEntry 12 }


fwlFilterAddrType            OBJECT-TYPE
    	SYNTAX        		InetAddressType
    	MAX-ACCESS   		read-create
    	STATUS         		current
    	DESCRIPTION
       		"The address type of the source and destination address.
                 This object is limited to IPv4 and IPv6 addresses."
    ::= { fwlDefnFilterEntry 13 }


fwlFilterFlowId OBJECT-TYPE
    SYNTAX         Unsigned32 (0..1048575)
    MAX-ACCESS     read-create
    STATUS         current
    DESCRIPTION
       "The flow label identifier is specific to an IPv6 header 
       as its to classify the same flow of packets between a source 
       and destination in IPv6"
    DEFVAL  { 0 }
    ::= { fwlDefnFilterEntry 14 }


fwlFilterDscp      OBJECT-TYPE
    SYNTAX      Integer32 (0..63)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The IP DSCP value is applicable for both IPv4 and IPv6, 
        but when DSCP is specified TOS value(fwlFilterTos) should not 
        be configured. Also TOS value (fwlFilterTos) is not applicable
        for IPv6 traffic and its filters"
    DEFVAL  { 0 }
    ::= { fwlDefnFilterEntry 15 }


fwlFilterRowStatus			OBJECT-TYPE
	SYNTAX				RowStatus
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" This object allows entries to be created or deleted in this 
		table. "
	::= { fwlDefnFilterEntry 16 }

-- Rule Table
-- This is the second and optional level of configuration. Here the
-- Filters are grouped to form Rules. They are grouped 
-- using the '&' or ','(or) operation. A set of Filters
-- combined using '&' or ','(or) operation can form a Rule. 

fwlDefnRuleTable			OBJECT-TYPE
	SYNTAX				SEQUENCE OF FwlDefnRuleEntry
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION	
		" The table used to configure the Rules by assigning a set of 
		Filters.(Rule1 = Filter1 & Filter2; Rule2 = Filter1 , Filter2; 
            etc.). " 
	::= { fwlDefinition 4 }
	
fwlDefnRuleEntry			OBJECT-TYPE
	SYNTAX				FwlDefnRuleEntry
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" The individual entry in the above table. "
	INDEX	{	fwlRuleRuleName	 }
	::= { fwlDefnRuleTable 1 }

FwlDefnRuleEntry ::=
	SEQUENCE	{
				fwlRuleRuleName
					OCTET STRING,
				fwlRuleFilterSet
					DisplayString,
				fwlRuleRowStatus
					RowStatus
			}	

fwlRuleRuleName				OBJECT-TYPE
	SYNTAX				OCTET STRING (SIZE(0..35))
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" The name that identifies the particular Rule configured 
		in the Firewall . "
	::= { fwlDefnRuleEntry 1 }

fwlRuleFilterSet			OBJECT-TYPE
	SYNTAX				DisplayString
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" A set of Filters combined to form a Rule and this Rule is 
		configured globally or on a particular interface. " 
	::= { fwlDefnRuleEntry 2 }

fwlRuleRowStatus			OBJECT-TYPE
	SYNTAX				RowStatus
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" This object allows entries to be created or deleted in 
            this table. "
	::= { fwlDefnRuleEntry 3 }
  
-- Acl table
-- This is the final level of configuration. The configured Filter or rule 
-- to be applied on an interface is specified. The action to be taken  
-- against the packet is specified. The direction in which filters 
-- are to be applied, either to inbound packets or outbound 
-- packets is also specified. 

fwlDefnAclTable				OBJECT-TYPE
	SYNTAX				SEQUENCE OF FwlDefnAclEntry
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION	
   " The ACL table will associate the filter or a combination of filters
    to a specific Action. The ACL name should map with the rule name"
	::= { fwlDefinition 5 }

fwlDefnAclEntry				OBJECT-TYPE
	SYNTAX				FwlDefnAclEntry
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION	
		" The individual entry in the above table. "
	INDEX	{
			fwlAclIfIndex,
			fwlAclAclName,
			fwlAclDirection
		}
	::= { fwlDefnAclTable 1 }
FwlDefnAclEntry ::=
	SEQUENCE	{
				fwlAclIfIndex
					Integer32,
				fwlAclAclName
					OCTET STRING,
				fwlAclDirection
					INTEGER,
				fwlAclAction
					INTEGER,
            	fwlAclSequenceNumber
					Integer32,
				fwlAclAclType
					INTEGER,
            fwlAclLogTrigger
               INTEGER,
            fwlAclFragAction
               INTEGER,
				fwlAclRowStatus
					RowStatus
			}	

fwlAclIfIndex				OBJECT-TYPE
	SYNTAX				Integer32	(0..1000)
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" The interface number in which the filters are to be 
      configured. The value ranges from 0 to 1000. If the value
 		specified is 0, it means that the filters will be 
		configured globally.(i.e. : filters or rules specified with 
		Global interface number are applicable to all interfaces.)"
	::= { fwlDefnAclEntry 1 }

fwlAclAclName				OBJECT-TYPE
	SYNTAX				OCTET STRING (SIZE(0..35))
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" The name that uniquely identifies the particular Filter or 
         	Rule configured in the Firewall . "
	::= { fwlDefnAclEntry 2 }

fwlAclDirection				OBJECT-TYPE
	SYNTAX				INTEGER	{
						in (1),
						out (2)
					}
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" This specifies in which direction the Filters or Rules are to 
		be applied on the packets, either to incoming or outgoing 
            	packets. "
	::= { fwlDefnAclEntry 3 }

fwlAclAction				OBJECT-TYPE
	SYNTAX				INTEGER	{
						permit(1),
						reject(2)
					}
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" This specifies the action to be taken against the packet. 
            	If the action value is 'permit', then the packet will be 
            	permitted if the filter or rule matches. If it is 'reject', 
            	then the packet will be rejected and an ICMP message will be 
            	sent as response, if the global Switch for generation of ICMP 
            	message is enabled. " 
	::= { fwlDefnAclEntry 4 }

fwlAclSequenceNumber			OBJECT-TYPE
	SYNTAX				Integer32 	(1..65535)	
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" This specifies the order in which the Filters are to be 
            	matched against the packets from a particular interface. The 
            	sequence number should not be zero. The sequence numbers are 
            	unique."
	::= { fwlDefnAclEntry 5 }

fwlAclAclType				OBJECT-TYPE
	SYNTAX		INTEGER	{
						filter(1),
						rule(2)
					}		
	MAX-ACCESS			read-only
	STATUS				deprecated
	DESCRIPTION
		"**************** THIS OBJECT IS DEPRECATED ****************
		 This specifies whether the access list configured on a 
      particular interface is a Filter or a Rule (Combination of 
      Filters). The default value is 'rule'(2). "
	DEFVAL	{ rule }
	::= { fwlDefnAclEntry 6 }

fwlAclLogTrigger            OBJECT-TYPE
    SYNTAX              INTEGER {
                        none(0),
                        brief(1),
                        detail(2)
                    }
    MAX-ACCESS          read-create
    STATUS              current
    DESCRIPTION
        " This specifies whether the log details should be in brief or detail or none .The default value is 'brief(1)'." 
    DEFVAL  { brief }
    ::= { fwlDefnAclEntry 7 }

fwlAclFragAction           OBJECT-TYPE
    SYNTAX                 INTEGER{
                            permit(1),
                            deny(2)
                         }
    MAX-ACCESS             read-create
    STATUS                 current
    DESCRIPTION
        " This specifies whether the fragmentation has to permitted or denied." 
    ::= { fwlDefnAclEntry 8 }

fwlAclRowStatus				OBJECT-TYPE
	SYNTAX				RowStatus
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" This object allows entries to be created or deleted in this 
		table. "
	::= { fwlDefnAclEntry 9 }
   
-- Interface Table
-- This table is used to control packet filtering on interface basis. 

fwlDefnIfTable				OBJECT-TYPE
	SYNTAX				SEQUENCE OF FwlDefnIfEntry
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION	
		" This table is used for interface specific filtering like 
		filtering based on IP options, Fragments, ICMP Type and Code, 
            	etc. "
	::= { fwlDefinition 6 }
	
fwlDefnIfEntry				OBJECT-TYPE
	SYNTAX				FwlDefnIfEntry
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" The individual entry in the above table. "
	INDEX	{    fwlIfIfIndex     }
	::= { fwlDefnIfTable 1 }

FwlDefnIfEntry ::=
	SEQUENCE	{
				fwlIfIfIndex
					Integer32,
				fwlIfIfType
					INTEGER,
				fwlIfIpOptions
					INTEGER,
				fwlIfFragments
					INTEGER,
				fwlIfFragmentSize
					Unsigned32,
				fwlIfICMPType
					INTEGER,
				fwlIfICMPCode
					INTEGER,
				fwlIfICMPv6MsgType
					Integer32,
				fwlIfRowStatus
					RowStatus
			}	

fwlIfIfIndex				OBJECT-TYPE
	SYNTAX				Integer32	(0..1000)
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" The interface number in which the filters or rules are to be
		configured. "
	::= { fwlDefnIfEntry 1 }

fwlIfIfType				OBJECT-TYPE
	SYNTAX				INTEGER	{
						internal(1),
						external(2)
					}
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" This specifies whether the interface is an external interface 
		(interface connected to the internet) or internal interface. The 
		default value is 'external'(2). "
	DEFVAL	{ external }
	::= { fwlDefnIfEntry 2 }
	
fwlIfIpOptions				OBJECT-TYPE
	SYNTAX				INTEGER	{
						sourceRoute (1),
						recordRoute (2),
						timestamp (3),
						anyOptions (4),
						noOptions (5),
                        traceRoute(6)
					}		
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" The IP options to be checked against the packet. If the 
		packet matches with the IP option specified, then the packet 
		will be dropped. The default value is 'anyOptions' (4). To disable
		checking for IP options set the value to noOptions (5). "
	DEFVAL	{ anyOptions }
	::= { fwlDefnIfEntry  3 }

fwlIfFragments				OBJECT-TYPE
	SYNTAX				INTEGER	{
						tinyFragment(1),
						largeFragment(2),
                        anyFragment(3),
						noFragment(4)
                        
					}	
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" The Fragment type to be checked against the packet. If 
     the packet matches with the fragment type, then the packet 
     will be dropped. The default value is anyFragment(3) ensures that 
     all fragments are dropped. The value 'noFragment' (4) ensures that
     fragmentation checks are disabled. "
	DEFVAL	{ anyFragment }
	::= { fwlDefnIfEntry  4 }

fwlIfFragmentSize		OBJECT-TYPE
	SYNTAX			    Unsigned32 (1..65500)	
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" The maximum size of each fragment when the fragment type 'fwlIfFragments' 
		is large."
	DEFVAL  { 30000 }
	::= { fwlDefnIfEntry  5 }

fwlIfICMPType				OBJECT-TYPE
	SYNTAX				INTEGER	{
						echoReply(0),
						destinationUnreachable(3),
						sourceQuench(4),
						redirect(5),
						echoRequest(8),
						timeExceeded(11),
						prameterProblem(12),
						timestampRequest(13),
						timestampReply(14),
						informationRequest(15),	
						informationReply(16),
						addressMaskRequest(17),
						addressMaskReply (18),
                  noICMPType(255)
					}		
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" The ICMP type to be checked against the packet. If the
     	ICMP Type matches with the packet, then the packet will be 
		dropped. The default value is 'noICMPType' (255). It means 
		that ICMP Type is not configured and need not be checked. 
		Generally the value zero is given as default. But here 
		zero is an ICMP Type value. Hence 255 is given as the 
		default value. " 
	DEFVAL	{ noICMPType }
	::= { fwlDefnIfEntry 6 }

fwlIfICMPCode				OBJECT-TYPE
	SYNTAX				INTEGER	{
						networkUnreachable(0),
						hostUnreachable(1),
						protocolUnreachable(2),
						portUnreachable(3),
						fragmentNeed(4),
						sourceRouteFail(5),
						destNetworkUnknown(6),
						destHostUnknown(7),
						srcHostIsolated(8),
						destNetworkAdminProhibited(9),
						destHostAdminProhibited(10),
						networkUnreachableTOS(11),
						hostUnreachableTOS(12),
						noICMPCode(255)
					}
	MAX-ACCESS			read-create
	STATUS				deprecated
	DESCRIPTION
		"**************** THIS OBJECT IS DEPRECATED ****************

      The ICMP Code to be checked against the packet. If the
 		packet matches with the ICMP Code, then the packet will 
		be dropped. The default value is 'noICMPCode'(255). It 
		means that ICMP code is not configured and need not be 
		checked. Generally the value zero will be given as default. 
		But here, zero is an ICMP Code value. Hence 255 is given 
		as the default value. "
	DEFVAL	{ noICMPCode }
	::= { fwlDefnIfEntry 7 }

fwlIfICMPv6MsgType				OBJECT-TYPE
	SYNTAX				Integer32
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
          "The ICMPv6 type to be checked against the packet. If the
     	  ICMP Type matches with the packet, then the packet will be 
          dropped. The default value is 'noICMPv6Type' (0x0). It means 
		  that ICMP Type is not configured and need not be checked.
          This object is used to store the ICMPv6 message types that are enabled
          by the user. The bit positions to enable specific message types
          are as shown below :

           Bit 0  - destinationUnreachable 
           Bit 1  - timeExceeded 
           Bit 2  - prameterProblem 
           Bit 3  - echoRequest 
           Bit 4  - echoReply 
           Bit 5  - redirect 

           Bit 6  - informationRequest 
           Bit 7  - informationReply 

          A value of zero(0x0) indicates that no ICMPv6 type is configured
          and all bits set indicates that all the ICMPv6 message types are set"
        
   DEFVAL  { 0 } 
	::= { fwlDefnIfEntry 8 }

fwlIfRowStatus				OBJECT-TYPE
	SYNTAX				RowStatus
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" This object allows entries to be created or deleted in this 
		table. "
	::= { fwlDefnIfEntry 9 }

-- DMZ Table
-- This table is used to define the De-Militarized Zone, where no restrictions
-- apply.

fwlDefnDmzTable          OBJECT-TYPE
   SYNTAX            SEQUENCE OF FwlDefnDmzEntry
   MAX-ACCESS        not-accessible
   STATUS            current
   DESCRIPTION
      " This table is used for defining the De-Militarized Zone (DMZ).
      The host/hosts in this zone will have unrestricted access from the
      public/external network (Internet)."
	::= { fwlDefinition 7 }
	
fwlDefnDmzEntry				OBJECT-TYPE
	SYNTAX				FwlDefnDmzEntry
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" The individual entry in the above table. "
	INDEX	{    fwlDmzIpIndex     }
	::= { fwlDefnDmzTable 1 }

FwlDefnDmzEntry ::=
	SEQUENCE	{
				fwlDmzIpIndex
					IpAddress,
				fwlDmzRowStatus
					RowStatus
			}	

fwlDmzIpIndex			OBJECT-TYPE
	SYNTAX		        IpAddress
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" The IP Address which the DMZ is to be configured."
	::= { fwlDefnDmzEntry 1 }

fwlDmzRowStatus		OBJECT-TYPE
	SYNTAX				RowStatus
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" This object allows entries to be created or deleted in this 
		table. "
	::= { fwlDefnDmzEntry 2 }


-- URL Filtering Table
-- This table is used to define URL filters

fwlUrlFilterTable     OBJECT-TYPE
   SYNTAX            SEQUENCE OF FwlUrlFilterEntry
   MAX-ACCESS        not-accessible
   STATUS            current
   DESCRIPTION
      " This table is used for defining URL filters. Any http request
        that matches the URL string will be filtered" 
    ::= { fwlDefinition 8 }
	
fwlUrlFilterEntry			OBJECT-TYPE
	SYNTAX				FwlUrlFilterEntry
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" The individual entry in the above table. "
	INDEX	{    fwlUrlString     }
	::= { fwlUrlFilterTable 1 }

FwlUrlFilterEntry ::=
	SEQUENCE	{
              fwlUrlString
                 DisplayString,
              fwlUrlHitCount
                 Counter32,
              fwlUrlFilterRowStatus
                 RowStatus
}
fwlUrlString		OBJECT-TYPE
	SYNTAX		DisplayString (SIZE(1..99))
	MAX-ACCESS      not-accessible	
	STATUS		current
	DESCRIPTION
		"The object specifies the URL string to be filtered"
	::= { fwlUrlFilterEntry  1 }

fwlUrlHitCount		OBJECT-TYPE
	SYNTAX		Counter32
	MAX-ACCESS  read-only	
	STATUS		current
	DESCRIPTION
   	    " The number of times this URL Filter is matched while processing 
          the packet"
	::= { fwlUrlFilterEntry  2 }

fwlUrlFilterRowStatus	OBJECT-TYPE
	SYNTAX	        RowStatus	
	MAX-ACCESS      read-create	
	STATUS		current
	DESCRIPTION
   	    " This object allows entries to be created or deleted in this 
          table "
	::= { fwlUrlFilterEntry  3 }


-- Firewall Statistics Group
-- Statistics group details about the general statistics of the packets 
-- processed by the Firewall ( like packet rejected, inspected etc). 
-- It also details the statistics about the packets 
-- filtered per interface.

-- SCALAR_TABLE_BEGIN fwlStatistics 23 

fwlStatInspectedPacketsCount		OBJECT-TYPE
	SYNTAX				Counter32
	MAX-ACCESS			read-only
	STATUS				current
	DESCRIPTION
		" The number of packets inspected by the Firewall  
		module. It includes the number of packets rejected and 
		accepted. "
	::= { fwlStatistics 1 }

fwlStatTotalPacketsDenied		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of packets dropped by the Firewall  
		module. This includes all fragmented packets, non-fragmented 
		packets, packets with IP Options, without IP options, etc. "
	::= { fwlStatistics 2 }

fwlStatTotalPacketsAccepted		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of packets accepted by the Firewall  
		module. This includes all fragmented packets, non-fragmented 
		packets, packets with IP Options and packets without 
		IP options, etc. "
	::= { fwlStatistics 3 }

fwlStatTotalIcmpPacketsDenied		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of ICMP packets rejected by the Firewall  
		module. "
	::= { fwlStatistics 4 }

fwlStatTotalSynPacketsDenied		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		"The number of SYN packets denied over the external interfaces."
	::= { fwlStatistics 5 }

fwlStatTotalIpSpoofedPacketsDenied	OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of packets rejected by the Firewall due to IP
		Spoofing attack on the external interfaces. "
	::= { fwlStatistics 6 }

fwlStatTotalSrcRoutePacketsDenied	OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of packets rejected by the Firewall due to Source
		Routing attack on the external interfaces. "
	::= { fwlStatistics 7 }

fwlStatTotalTinyFragmentPacketsDenied	OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of packets rejected by the Firewall due to Tiny
		Fragment attack on the external interfaces. "
	::= { fwlStatistics 8 }

fwlStatTotalFragmentedPacketsDenied	OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of fragmented packets rejected by Firewall. "
	::= { fwlStatistics 9 }

fwlStatTotalLargeFragmentPacketsDenied	OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of packets rejected by Firewall due to large
		fragment attack on the external interface. "
	::= { fwlStatistics 10 }

fwlStatTotalIpOptionPacketsDenied	OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of packets with IP options (source routing, 
		record routing, timestamp) rejected by the Firewall. "
	::= { fwlStatistics 11 }

fwlStatTotalAttacksPacketsDenied	OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of packets rejected by firewall due to
		suspicious attacks." 
	::= { fwlStatistics 12 }

fwlStatMemoryAllocationFailCount	OBJECT-TYPE
	SYNTAX				Counter32
	MAX-ACCESS			read-only
	STATUS				current
	DESCRIPTION
		" The number of times dynamic memory allocation failure 
		(malloc) has occurred. "
	::= { fwlStatistics 13 }
fwlStatIPv6InspectedPacketsCount		OBJECT-TYPE
	SYNTAX				Counter32
	MAX-ACCESS			read-only
	STATUS				current
	DESCRIPTION
		" The number of IPv6 packets inspected by the Firewall  
		module. It includes the number of packets rejected and 
		accepted. "
	::= { fwlStatistics 14 }

fwlStatIPv6TotalPacketsDenied		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of IPv6 packets dropped by the Firewall  
		module."
	::= { fwlStatistics 15 }

fwlStatIPv6TotalPacketsAccepted		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of IPv6 packets accepted by the Firewall  
		module."
	::= { fwlStatistics 16 }

fwlStatIPv6TotalIcmpPacketsDenied		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of ICMPv6 packets rejected by the Firewall  
		module. "
	::= { fwlStatistics 17 }

fwlStatIPv6TotalSpoofedPacketsDenied	OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of IPv6 packets rejected by the Firewall due to IP
		Spoofing attack on the external interfaces. "
	::= { fwlStatistics 18 }

fwlStatIPv6TotalAttacksPacketsDenied	OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of IPv6 packets rejected by firewall due to
		suspicious attacks." 
	::= { fwlStatistics 19 }

-- SCALAR_TABLE_END

-- Firewall State Table

-- This table gives information about the number of state  entries
-- corresponding to the stateful table, partial Entry table and Init Flow 
-- table.

fwlStateTable              OBJECT-TYPE
    SYNTAX              SEQUENCE OF FwlStateEntry
    MAX-ACCESS          not-accessible
    STATUS              current
    DESCRIPTION
        " This table contains the entries maintained by Firewall
	  during state full inspection of the connections passing through
          the DUT from LAN to WAN or WAN to LAN."
    ::= { fwlState 1 }

fwlStateEntry              OBJECT-TYPE
    SYNTAX              FwlStateEntry
    MAX-ACCESS          not-accessible
    STATUS              current
    DESCRIPTION
        " The individual entry in the above table. "
      INDEX   {   fwlStateType,
                  fwlStateLocalIpAddrType,
                  fwlStateLocalIpAddress,
                  fwlStateRemoteIpAddrType,
                  fwlStateRemoteIpAddress,
                  fwlStateLocalPort,        
                  fwlStateRemotePort,
                  fwlStateProtocol,
                  fwlStateDirection
              }
    ::= { fwlStateTable 1 }

FwlStateEntry  ::=
    SEQUENCE        {
                    fwlStateType             INTEGER,
                    fwlStateLocalIpAddrType  InetAddressType,
                    fwlStateLocalIpAddress   OCTET STRING,
                    fwlStateRemoteIpAddrType InetAddressType,
                    fwlStateRemoteIpAddress  OCTET STRING,
                    fwlStateLocalPort        Integer32,
                    fwlStateRemotePort       Integer32,
                    fwlStateProtocol         Integer32,
                    fwlStateDirection        INTEGER,
                    fwlStateEstablishedTime  TimeStamp,
                    fwlStateLocalState       INTEGER,
                    fwlStateRemoteState      INTEGER,
                    fwlStateLogLevel         INTEGER,
                    fwlStateCallStatus       INTEGER
                    }

fwlStateType                      OBJECT-TYPE
    SYNTAX                        INTEGER 
	                              {
		                             stateful (1), 
					                 partialentry (2),
					                 initflow (3)
	                              } 
    MAX-ACCESS                    not-accessible
    STATUS                        current
    DESCRIPTION
        " This indicates the type of the the entry present in this
          table. There can be state full entries or init flow entries
          maintained for TCP connections or partial entries created 
          to create pin holes in firewall" 
    ::= { fwlStateEntry 1 }

fwlStateLocalIpAddrType OBJECT-TYPE
   SYNTAX     InetAddressType
   MAX-ACCESS not-accessible
   STATUS     current
   DESCRIPTION
   "Address Family Identifier of the Local address"
   ::= { fwlStateEntry 2 }


fwlStateLocalIpAddress            OBJECT-TYPE
    SYNTAX                        OCTET STRING (SIZE (1..40))
    MAX-ACCESS                    not-accessible
    STATUS                        current
    DESCRIPTION
        " The Local Ip Address of the session." 
    ::= { fwlStateEntry 3 }

fwlStateRemoteIpAddrType OBJECT-TYPE
   SYNTAX     InetAddressType
   MAX-ACCESS not-accessible
   STATUS     current
   DESCRIPTION
   "Address Family Identifier of the remote address"
   ::= { fwlStateEntry 4 }


fwlStateRemoteIpAddress            OBJECT-TYPE
    SYNTAX                        OCTET STRING (SIZE (1..40))
    MAX-ACCESS                    not-accessible
    STATUS                        current
    DESCRIPTION
        " The Remote Ip Address of the session." 
    ::= { fwlStateEntry 5 }

fwlStateLocalPort               OBJECT-TYPE
    SYNTAX                       Integer32 (0..65535)
    MAX-ACCESS                   not-accessible 
    STATUS                       current
    DESCRIPTION
	    "This object identifies the Local Port information of the session" 
    ::= { fwlStateEntry 6 }

fwlStateRemotePort               OBJECT-TYPE
    SYNTAX                       Integer32 (0..65535)
    MAX-ACCESS                   not-accessible 
    STATUS                       current
    DESCRIPTION
	    "This object identifies the remote Port information of the session" 
    ::= { fwlStateEntry 7 }

fwlStateProtocol                  OBJECT-TYPE
    SYNTAX                        Integer32 (1..255) 
    MAX-ACCESS                    not-accessible
    STATUS                        current
    DESCRIPTION
        " The  type of the protocol of the session." 
    ::= { fwlStateEntry 8 }

fwlStateDirection               OBJECT-TYPE
    SYNTAX                      INTEGER {
                                     in (1),
                                     out (2)
                                }
    MAX-ACCESS                  not-accessible
    STATUS                      current
    DESCRIPTION
        "The direction of the firewall state session." 
    ::= { fwlStateEntry 9 } 

fwlStateEstablishedTime               OBJECT-TYPE
    SYNTAX                            TimeStamp 
    MAX-ACCESS                        read-only
    STATUS                            current
    DESCRIPTION
        "The time at which the firewall session has been established." 
    ::= { fwlStateEntry 10 }

fwlStateLocalState               OBJECT-TYPE
    SYNTAX                        INTEGER {
		                  new (1),
                          established (2),
				          related (3),
				          invalid (4),
				          listen (10),
				          synsent (11),
				          synrcvd (12),
				          synest (13),
				          finwait1 (14),
				          finwait2 (15),
				          closing (16),
				          timewait (17),
				          closewait (18),
				          lastack (19),
				          closed (20)
                                  } 

    MAX-ACCESS                    read-only
    STATUS                        current
    DESCRIPTION
        "The state information of the local host. The states
         new, established and related are used in stateful table.
         The other states are used in TCP init flow table. The partial
         entry table will not maintain the state of the entry so it
         carries zero for partial entry table. The default value for
         stateful table is new (1). The default value for init flow table
         is listen (10)." 
    ::= { fwlStateEntry 11 }

fwlStateRemoteState               OBJECT-TYPE
    SYNTAX                        INTEGER {
		                  new (1),
                          established (2),
				          related (3),
				          invalid (4),
				          listen (10),
				          synsent (11),
				          synrcvd (12),
				          synest (13),
				          finwait1 (14),
				          finwait2 (15),
				          closing (16),
				          timewait (17),
				          closewait (18),
				          lastack (19),
				          closed (20)
                                  } 

    MAX-ACCESS                    read-only
    STATUS                        current
    DESCRIPTION
        "The state information of the remote host. The states
         new, established and related are used in stateful table.
         The other states are used in TCP init flow table. The partial
         entry table will not maitain the state of the entry so it
         carries zero for partial entry table. The default value for
         stateful table is new (1). The default value for init flow table
         is listen (10)." 
    ::= { fwlStateEntry 12 }


fwlStateLogLevel               OBJECT-TYPE
    SYNTAX                      INTEGER {
		                        none (0),
		                        brief (1),
		                        detail (2),
		                        must (3)
	                            }
    MAX-ACCESS                  read-only
    STATUS                      current
    DESCRIPTION
        "The logging details of the session. 
	 Definition of Log level (0-3) with 3 being the highest level" 
	DEFVAL      { brief }
    ::= { fwlStateEntry 13 }

fwlStateCallStatus               OBJECT-TYPE
    SYNTAX                       INTEGER {
		                         nonsip (0),
		                         hold (1),
		                         unhold (2)
	                             }
    MAX-ACCESS                   read-only
    STATUS                       current
    DESCRIPTION
	    "This object is effective when SIP is enabled. 
         This indicates the status of the firewall session.
         The values hold and unhold are effective only for SIP calls. "
	DEFVAL      { nonsip }
    ::= { fwlStateEntry 14 }

-- FIREWALL STATE TABLE END

-- Firewall Interface Statistics Table
-- This table gives information about the number of rules configured on 
-- an interface, number of packets rejected, accepted on that 
-- interface, etc.

fwlStatIfTable				OBJECT-TYPE
	SYNTAX				SEQUENCE OF FwlStatIfEntry
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" This table is used to maintain the statistics of packets 
		per interface. "
	::= { fwlStatistics 20 }

fwlStatIfEntry				OBJECT-TYPE
	SYNTAX				FwlStatIfEntry
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" The individual entry in the above table . "
	INDEX	{ 	fwlStatIfIfIndex	}
	::= { fwlStatIfTable 1 }
	
FwlStatIfEntry	::=
	SEQUENCE		{
					fwlStatIfIfIndex
						Integer32,
					fwlStatIfFilterCount
						Integer32,
					fwlStatIfPacketsDenied 
						Counter32,
					fwlStatIfPacketsAccepted
						Counter32,
					fwlStatIfSynPacketsDenied
						Counter32,
					fwlStatIfIcmpPacketsDenied
						Counter32,
					fwlStatIfIpSpoofedPacketsDenied
						Counter32,
					fwlStatIfSrcRoutePacketsDenied
						Counter32,
					fwlStatIfTinyFragmentPacketsDenied
						Counter32,
					fwlStatIfFragmentPacketsDenied
						Counter32,
					fwlStatIfIpOptionPacketsDenied
						Counter32,
                                        fwlStatIfClear   
						TruthValue,
                                        fwlIfTrapThreshold
                 				Integer32,
					fwlStatIfIPv6PacketsDenied
						Counter32,
					fwlStatIfIPv6PacketsAccepted
						Counter32,
					fwlStatIfIPv6IcmpPacketsDenied
						Counter32,
					fwlStatIfIPv6SpoofedPacketsDenied
						Counter32,
					fwlStatIfClearIPv6
						TruthValue
				}

fwlStatIfIfIndex			OBJECT-TYPE
	SYNTAX				Integer32	(1..1000)
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" The interface number that uniquely identifies an entry in 
		this table. The value ranges from 1 to 1000."
	::= { fwlStatIfEntry 1 }

fwlStatIfFilterCount			OBJECT-TYPE
	SYNTAX				Integer32
	MAX-ACCESS			read-only
	STATUS				current
	DESCRIPTION
		" The number of filters configured on an interface. "
	::= { fwlStatIfEntry 2 }

fwlStatIfPacketsDenied 			OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of packets dropped by the Firewall  on 
		a particular interface. This includes all fragmented packets, 
		non-fragmented packets, packets with IP Options and packets 
		without IP options, etc. "
	::= { fwlStatIfEntry 3 }

fwlStatIfPacketsAccepted		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of packets accepted by the Firewall  on 
		a particular interface. This includes all fragmented packets, 
		non-fragmented packets, packets with IP Options and packets 
		without IP options, etc. "
	::= { fwlStatIfEntry 4 }

fwlStatIfSynPacketsDenied		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of SYN packets denied on a particular interface. "
	::= { fwlStatIfEntry 5 }

fwlStatIfIcmpPacketsDenied		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of ICMP packets rejected by the Firewall
		on a particular interface. "
	::= { fwlStatIfEntry 6 }

fwlStatIfIpSpoofedPacketsDenied		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of packets rejected by the Firewall on 
		a particular interface due to IP spoofing attack. "
	::= { fwlStatIfEntry 7 }

fwlStatIfSrcRoutePacketsDenied		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of packets rejected by the Firewall on 
		a particular interface due to Source Routing attack. "
	::= { fwlStatIfEntry 8 }

fwlStatIfTinyFragmentPacketsDenied	OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of packets rejected by the Firewall on 
		a particular interface due to Tiny Fragment attack. "
	::= { fwlStatIfEntry 9 }

fwlStatIfFragmentPacketsDenied		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of fragmented packets rejected by the Firewall
		on a particular interface. "
	::= { fwlStatIfEntry 10 }

fwlStatIfIpOptionPacketsDenied		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of packets with IP options (source routing, 
		record routing, timestamp) rejected or dropped by the Firewall 
		 on a particular interface. "
	::= { fwlStatIfEntry 11 }				

fwlStatIfClear                          OBJECT-TYPE
	SYNTAX			        TruthValue
        MAX-ACCESS			read-write
        STATUS				current
   	DESCRIPTION
		" This field is used to clear the statistics of packets 
		per interface. The default value is 'false'. When this object 
                is set to true , the statistics of packets per interface is 
                cleared and the value is reset to false. The get routine for 
                this object always returns 'false'."
	DEFVAL	{ false }
	::= { fwlStatIfEntry 12 }
   
fwlIfTrapThreshold                      OBJECT-TYPE
	SYNTAX			        Integer32 (50..50000)	
        MAX-ACCESS			read-write
        STATUS				current
        DESCRIPTION
	   "This Object sets the Interface threshold value such that 
       traps will be generated when the number of packets denied 
       exceed the given threshold " 
	DEFVAL	{ 50 }
	::= { fwlStatIfEntry 13 }

fwlStatIfIPv6PacketsDenied 			OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of IPv6 packets dropped by the Firewall  on 
		a particular interface."
	::= { fwlStatIfEntry 14 }

fwlStatIfIPv6PacketsAccepted		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of IPv6 packets accepted by the Firewall  on 
		a particular interface." 
	::= { fwlStatIfEntry 15 }

fwlStatIfIPv6IcmpPacketsDenied		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of ICMPv6 packets rejected by the Firewall
		on a particular interface. "
	::= { fwlStatIfEntry 16 }

fwlStatIfIPv6SpoofedPacketsDenied		OBJECT-TYPE
	SYNTAX				Counter32	
	MAX-ACCESS			read-only	
	STATUS				current	
	DESCRIPTION
		" The number of IPv6 spoofed packets rejected by the Firewall on 
		a particular interface due to spoofing attack. "
	::= { fwlStatIfEntry 17 }

fwlStatIfClearIPv6                       OBJECT-TYPE
	SYNTAX			        TruthValue
        MAX-ACCESS			read-write
        STATUS				current
   	DESCRIPTION
		" This field is used to clear the statistics of IPv6
                packets per interface.The default value is 'false'. 
                When this object is set to true , the statictics for IPv6 
                packets per interface is cleared and the value is reset to
                false.The get routine for this object always returns 'false'." 
	DEFVAL	{ false }
	::= { fwlStatIfEntry 18 }

-- fwlStatIfTable ends here

fwlStatClear OBJECT-TYPE
	SYNTAX			   TruthValue	
	MAX-ACCESS		   read-write	
	STATUS				current
	DESCRIPTION
		"This Object clears the global statistics. The default value 
                is 'false'. When this object is set to true , the global 
                statistics is cleared and the value is reset to false. 
                The get routine for this object always returns 'false'."
	DEFVAL	{ false }
	::= { fwlStatistics 21 }

fwlStatClearIPv6 OBJECT-TYPE
	SYNTAX			   TruthValue
	MAX-ACCESS		   read-write
	STATUS			   current
	DESCRIPTION
		"This object clears the global ipv6 statistics. The default 
                value is 'false'. When this object is set to true , the global
                ipv6 statistics is cleared and the value is reset to false.
                The get routine for this object always returns 'false'."
	DEFVAL  { false }
	::= { fwlStatistics 22 }

fwlTrapThreshold OBJECT-TYPE
	SYNTAX			   Integer32 (50..50000)
	MAX-ACCESS		   read-write	
	STATUS				current
	DESCRIPTION
		"This Object sets the global threshold value such that 
       traps will be generated when the number of packets denied 
       exceed the given threshold " 
	DEFVAL { 50 }
	::= { fwlStatistics 23 }

-- Firewall Traps Group.
-- This group defines the different types of Traps used by the Firewall Module.

fwlTrapControl		OBJECT IDENTIFIER   ::=   { fwlTraps 1 }
fwlTrapTypes		OBJECT IDENTIFIER   ::=   { fwlTraps 0 }

-- Trap Controls

fwlTrapMemFailMessage			OBJECT-TYPE
	SYNTAX				DisplayString
	MAX-ACCESS			read-write
	STATUS				current
	DESCRIPTION
		" The string to display where the memory failure has occurred. 
		It may happen during allocation of Memory pool or when dynamic 
		allocation fails. This string is also used to display message
                about the number of attacks occurred. "
	::= { fwlTrapControl 1 }

fwlTrapAttackMessage			OBJECT-TYPE
	SYNTAX				DisplayString
	MAX-ACCESS			read-write
	STATUS				current
	DESCRIPTION
		" This string is also used to display message about the number 
		of attacks occurred. "
	::= { fwlTrapControl 2 }

fwlIfIndex                OBJECT-TYPE
        SYNTAX       RowPointer
        MAX-ACCESS   accessible-for-notify
        STATUS       current
        DESCRIPTION
                 "fwlIfIfIndex is of type not-accessible and it cannot be used 
                  as object for notifications. So this object is defined to 
                  use for notifications.The value of this object is same as 
                  that of OID of fwlIfIfIndex appended with the interface 
                  index in which the Threshold has exceeded."
        ::= { fwlTrapControl 3 }

fwlTrapEvent            OBJECT-TYPE
    SYNTAX              INTEGER{
                        sizeexceeded(1),
                        sizethresholdhit(2)
                        }
    MAX-ACCESS          accessible-for-notify
    STATUS              current
    DESCRIPTION
        "sizeexceeded      - Firewall Log Size Exceeded.
         sizethreshold hit - Firewall Log Size hit the threshold value."
    ::= { fwlTrapControl 4 }

fwlTrapEventTime        OBJECT-TYPE
    SYNTAX              DisplayString(SIZE (24))
    MAX-ACCESS          accessible-for-notify
    STATUS              current
    DESCRIPTION
        "This object specifies the date and time at which fwlTrapEvent
         was performed."
    ::= { fwlTrapControl 5 }

fwlTrapFileName         OBJECT-TYPE
    SYNTAX              DisplayString
    MAX-ACCESS          read-only
    STATUS              current
    DESCRIPTION
        "Firewall Log filename in the trap message."
    ::= { fwlTrapControl 6 }

fwlIdsTrapEvent            OBJECT-TYPE
    SYNTAX              INTEGER{
                        sizeexceeded(1),
                        sizethresholdhit(2)
                        }
    MAX-ACCESS          accessible-for-notify
    STATUS              current
    DESCRIPTION
        "sizeexceeded      - Firewall Log Size Exceeded.
         sizethreshold hit - Firewall Log Size hit the threshold value."
    ::= { fwlTrapControl 7 }

fwlIdsTrapEventTime        OBJECT-TYPE
    SYNTAX              DisplayString(SIZE (24))
    MAX-ACCESS          accessible-for-notify
    STATUS              current
    DESCRIPTION
        "This object specifies the date and time at which fwlTrapEvent
         was performed."
    ::= { fwlTrapControl 8 }

fwlIdsTrapFileName         OBJECT-TYPE
    SYNTAX              DisplayString
    MAX-ACCESS          read-only
    STATUS              current
    DESCRIPTION
        "Firewall Log filename in the trap message."
    ::= { fwlTrapControl 9 }

fwlIdsAttackPktIp          OBJECT-TYPE
    SYNTAX              DisplayString
    MAX-ACCESS          accessible-for-notify
    STATUS              current
    DESCRIPTION
        "This object specifies the IP address of the attack-packet identified
         by IDS."
    ::= { fwlTrapControl 10 }

-- Trap Types

fwlTrapMemoryFailure			NOTIFICATION-TYPE
	OBJECTS	{ fwlTrapMemFailMessage	}	
	STATUS				current		
	DESCRIPTION
		" Trap which is send for memory initialization failure or when 
		Dynamic Allocation fails. "
::= { fwlTrapTypes 1 }

fwlTrapAttackSummary		NOTIFICATION-TYPE
	OBJECTS	{ fwlTrapAttackMessage 	}	
	STATUS				current		
	DESCRIPTION
		" Trap which is send when the number of attacks exceeds
      the limit value. The limit value is configurable."
	::= { fwlTrapTypes 2 }				

fwlTrapThresholdExceeded      NOTIFICATION-TYPE
        OBJECTS {  
                  fwlIfIndex,  
                  fwlStatIfPacketsDenied
        }
        STATUS             current
        DESCRIPTION
		"This Object specifies the Interface index in which the number of 
                 packets denied exceeds the threshold configured." 
	::= { fwlTrapTypes 3 }

fwlTrapMessage    NOTIFICATION-TYPE
         OBJECTS        {
                        fwlTrapEvent,
                        fwlTrapEventTime,
                        fwlTrapFileName
                        }
         STATUS         current
         DESCRIPTION
               "This trap notifies the errors in Firewall Log file."
         ::= {fwlTrapTypes 4 }

fwlIdsTrapLogging           NOTIFICATION-TYPE
        OBJECTS          {
                         fwlIdsTrapEvent,
                         fwlIdsTrapEventTime,
                         fwlIdsTrapFileName
                         }
        STATUS           current
        DESCRIPTION
               "This trap notifies the errors in IDS logging."
        ::= {fwlTrapTypes 5}

fwlIdsTrapAttackPktFromIds  NOTIFICATION-TYPE
        OBJECTS       { fwlIdsAttackPktIp }
        STATUS          current
        DESCRIPTION
               "This trap notifies the attack packet identified in IDS."
        ::= {fwlTrapTypes 6}

-- BLACKLIST IP ADDRESS Table
-- This table is used to list the IP Addresses which have been blacklisted It 
-- supports both IPv4 and IPv6 addresses.

fwlDefnBlkListTable			OBJECT-TYPE
	SYNTAX				SEQUENCE OF FwlDefnBlkListEntry
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		"This table is a user configurable table. It is used for listing
		 the IP Addresses that are black listed. The traffic from or to
		 a blacklisted IP Address shall be dropped."
	::= { fwlDefinition 9 }

fwlDefnBlkListEntry			OBJECT-TYPE
	SYNTAX				FwlDefnBlkListEntry
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		"The individual entry in the above table."
	INDEX	{
			fwlBlkListIpAddressType,
			fwlBlkListIpAddress,
			fwlBlkListIpMask
		}
	::= { fwlDefnBlkListTable 1 }

FwlDefnBlkListEntry ::=
	SEQUENCE	{
				fwlBlkListIpAddressType
					InetAddressType,
				fwlBlkListIpAddress
					InetAddress,
				fwlBlkListIpMask
					InetAddressPrefixLength,
				fwlBlkListHitsCount
					Counter32,
				fwlBlkListEntryType
					INTEGER,
				fwlBlkListRowStatus
					RowStatus
                        }

fwlBlkListIpAddressType			OBJECT-TYPE
	SYNTAX				InetAddressType
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		"The address type of fwlBlkListIpAddress (IPv4/Ipv6)"
	::= { fwlDefnBlkListEntry 1 }

fwlBlkListIpAddress           		OBJECT-TYPE
        SYNTAX                		InetAddress
        MAX-ACCESS            		not-accessible
        STATUS                		current
        DESCRIPTION
                "The IP Address is to be listed as Blacklist."
        ::= { fwlDefnBlkListEntry 2 }

fwlBlkListIpMask                	OBJECT-TYPE
        SYNTAX                  	InetAddressPrefixLength
        UNITS				"bits"
        MAX-ACCESS              	not-accessible
        STATUS                  	current
        DESCRIPTION
                "The IP Subnet mask for the IP address to be blacklisted."
        ::= { fwlDefnBlkListEntry 3 }

fwlBlkListHitsCount			OBJECT-TYPE
	SYNTAX			      	Counter32
	MAX-ACCESS			read-only
	STATUS				current
	DESCRIPTION	
		"The number of times BlackList is matched while processing 
		 the packet."
	::= { fwlDefnBlkListEntry 4 }

fwlBlkListEntryType	 		OBJECT-TYPE
	SYNTAX  			INTEGER {
	                				static(0),
	               					dynamic(1)
						}
	MAX-ACCESS  			read-only
	STATUS      			current
	DESCRIPTION
		"This object is used to display whether the entry is created
	         by administrator or the entry is created dynamically through
                 snort module.
	   	 static(0)      - BlkListEntry is added by adminstrator.
		 dynamic(1)     - BlkListEntry is added dynamically through 
		 		  snort module." 
	::= { fwlDefnBlkListEntry 5 }



fwlBlkListRowStatus                	OBJECT-TYPE
        SYNTAX                   	RowStatus
        MAX-ACCESS                 	read-write	
        STATUS                     	current
        DESCRIPTION
                "This object allows entries to be created or deleted in this
                 Table.  The row status values are CREATE_AND_GO and DESTROY"
        ::= { fwlDefnBlkListEntry 6 }

-- WHITELIST IP ADDRESS Table
-- This table is used to list the IP Addresses which have been listed as White 
-- list. It supports both IPv4 and IPv6 address.

fwlDefnWhiteListTable		    	OBJECT-TYPE
	SYNTAX                      	SEQUENCE OF FwlDefnWhiteListEntry
	MAX-ACCESS                  	not-accessible
	STATUS                      	current
	DESCRIPTION
		"This is a user configurable table. This table is used for 
		 listing the IP Addresses that are to be listed as White list.
		 The traffic from or to the IP Address in this White list shall
		 be forwarded bypassing the firewall."
        ::= { fwlDefinition 10 }

fwlDefnWhiteListEntry                	OBJECT-TYPE
        SYNTAX                       	FwlDefnWhiteListEntry
        MAX-ACCESS                   	not-accessible
        STATUS                       	current
        DESCRIPTION
                "The individual entry in the above table."
        INDEX	{
			fwlWhiteListIpAddressType,
			fwlWhiteListIpAddress,
			fwlWhiteListIpMask
		}
        ::= { fwlDefnWhiteListTable 1 }

FwlDefnWhiteListEntry ::=
	SEQUENCE	{
				fwlWhiteListIpAddressType
					InetAddressType,
				fwlWhiteListIpAddress
					InetAddress,
				fwlWhiteListIpMask
					InetAddressPrefixLength,
				fwlWhiteListHitsCount
					Counter32,
				fwlWhiteListRowStatus
					RowStatus
			}

fwlWhiteListIpAddressType		OBJECT-TYPE
	SYNTAX				InetAddressType
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		"The address type of fwlDefnWhiteListEntry (IPv4/Ipv6)"
	::= { fwlDefnWhiteListEntry 1 }

fwlWhiteListIpAddress           	OBJECT-TYPE
        SYNTAX                    	InetAddress
        MAX-ACCESS          		not-accessible
        STATUS                    	current
        DESCRIPTION
                "The IP Address is to be listed as White List."
        ::= { fwlDefnWhiteListEntry 2 }

fwlWhiteListIpMask                	OBJECT-TYPE
        SYNTAX                    	InetAddressPrefixLength
        UNITS				"bits"
        MAX-ACCESS           		not-accessible
        STATUS                    	current
        DESCRIPTION
                "The IP Subnet mask for the IP address to be added in White List."
        ::= { fwlDefnWhiteListEntry 3 }

fwlWhiteListHitsCount			OBJECT-TYPE
	SYNTAX		      		Counter32
	MAX-ACCESS			read-only
	STATUS				current
	DESCRIPTION	
		"The number of times WhiteList is matched while processing 
		 the packet."
	::= { fwlDefnWhiteListEntry 4 }

fwlWhiteListRowStatus                	OBJECT-TYPE
        SYNTAX                          RowStatus
        MAX-ACCESS                 	read-write
        STATUS                          current
        DESCRIPTION
                "This object allows entries to be created or deleted in this
                 Table. The row status values are CREATE_AND_GO and DESTROY."
        ::= { fwlDefnWhiteListEntry 5 }

-- IPv6 DMZ Table
-- This table is used to define the De-Militarized Zone for , where no restrictions
-- apply.

fwlDefnIPv6DmzTable          OBJECT-TYPE
   SYNTAX            SEQUENCE OF FwlDefnIPv6DmzEntry
   MAX-ACCESS        not-accessible
   STATUS            current
   DESCRIPTION
      " This table is used for defining the De-Militarized Zone (DMZ)for IPv6.
      The host/hosts in this zone will have unrestricted access from the
      public/external network (Internet)."
	::= { fwlDefinition 11 }
	
fwlDefnIPv6DmzEntry				OBJECT-TYPE
	SYNTAX				FwlDefnIPv6DmzEntry
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" The individual entry in the above table. "
	INDEX	{    fwlDmzIpv6Index     }
	::= { fwlDefnIPv6DmzTable 1 }

FwlDefnIPv6DmzEntry ::=
	SEQUENCE	{
				fwlDmzAddressType
					InetAddressType,
				fwlDmzIpv6Index
					InetAddress,
				fwlDmzIpv6RowStatus
					RowStatus
			}	
fwlDmzAddressType		OBJECT-TYPE
	SYNTAX			InetAddressType
    	MAX-ACCESS   		read-create
    	STATUS         		current
    	DESCRIPTION
            " The Address type of the ipv6 DMZ Host.
       This object is limited to IPv6 addresses."
        ::= { fwlDefnIPv6DmzEntry 1 }

fwlDmzIpv6Index			OBJECT-TYPE
	SYNTAX		        InetAddress 
	MAX-ACCESS			not-accessible
	STATUS				current
	DESCRIPTION
		" The IPv6 Address which the DMZ is to be configured."
	::= { fwlDefnIPv6DmzEntry 2 }

fwlDmzIpv6RowStatus		OBJECT-TYPE
	SYNTAX				RowStatus
	MAX-ACCESS			read-create
	STATUS				current
	DESCRIPTION
		" This object allows entries to be created or deleted in this 
		table. "
	::= { fwlDefnIPv6DmzEntry 3 }

END
