Overview of Cisco Firewall MIB
==============================
This MIB Module models status and performance
statistics pertaining to the common features supported
by Cisco firewall implementations. For each firewall
feature, capability (if applicable) and statistics are
defined. Supporting the configuration of firewall
features is outside the scope of this MIB.
Following are the major firewall features:
1) 'Stateful Packet Filtering'
Creating and maintaining the state of authorized
traffic flows dynamically to permit only
flows authorized by the policy is a mandatory
function of a firewall.
This MIB instruments the activity and memory
usage by this function.
2) 'Application Inspection'
This refers to the function of inspecting the
headers of layer 3 and layer 4 protocols and
creating dynamic entries in the connection
table for traffic flows spawned by an already
established traffic flow.
This MIB reflects the protocols that are being
inspected.
3) 'URL Filtering'
This refers to the function of facilitating
or restricting URL access requests through
the firewall by consulting either local policy
or that configured on a dedicated URL filtering
server.
This MIB instruments the URL filtering activity,
the status and activity of distinct URL filtering
servers configured on the firewall and the
impact of the performance of the URL filtering
servers on the latency and throughput of the
firewall.
4) 'Proxy Authentication'
This refers to the function of authenticating
and/or authorizing users on behalf of servers
on the secure side of the firewall. This operation
could affect the throughput of the firewall.
The MIB objects pertaining to Proxy Authentication
will be defined in a subsequent revision of this
MIB.
5) 'Transparent Mode Operation'
A firewall could operate as a bridge and yet
filter traffic based on layer 3-layer 7 control
and payload information. Operating in this mode
makes it easy to implement a firewall without
fragmenting existing subnets. Another advantage
of this mode of operation is enhanced security.
This MIB instruments the status, activity,
and performance of the firewall in this mode.
Please note that to fully manage a firewall
operating in this mode, the firewall must also
support the bridge MIB (BRIDGE-MIB).
6) 'Advanced Application Inspection and Control'
This function is also termed 'Application
Firewall' and pertains to inspecting payload and
headers of application traffic to make sure the
traffic flows conform to the configured security
policy.
Monitoring this function entails identifying the
security alerts generated by this function and
measuring the impact on firewall performance by
this task. Application Firewall will be
instrumented in a separate MIB dedicated for the
function.
7) 'Failover' or 'Redundancy'
Redundancy configuration is essential for business
critical firewalls.
Instrumenting this function entails reflecting
the configuration of redundancy and identifying
failover events.
The MIB objects pertaining to Proxy Authentication
will be defined in a subsequent revision of this
MIB.
The management information for each firewall feature
is defined in a distinct module compliance unit. The
compliance units corresponding to basic features of
firewalls are defined as mandatory.
Acronyms
========
Following are definitions of some terms used in this
module. Please refer to the module conformance for a
glossary of feature-specific terms.
`Firewall'
A firewall is a set of related programs,
implemented on a host or a network device, that
protects the resources of a private network from
users from other networks. Common firewalling
functions include stateful packet filtering,
proxy authentication of users on behalf of
applications on the secure side of the firewall,
URL access control, inspection of payload of
traffic streams to determine security threats.
`Layer2 Firewall' or 'Transparent Firewall'
A firewall device that operates as a bridge
while performing firewalling function.
`Connection'
The record in the firewall of a traffic strean
that has been authorized to flow through the
firewall.
`Half Open Connection'
For a connection oriented protocol: a connection
that has not reached the established on both the
sides of the connection.
For a connection-less protocol: the connection
corresponding to a traffic stream where traffic
flow has occurred (since the establishment of the
connection entry) only on one direction.
`Embryonic Connection'
The connection entry corresponding to an
application layer protocol in which the signaling
channel has been established while the setup of
the data channel is underway.
`Policy'
An element of firewall configuration that
identifies the access rights to a resource by a
traffic source. An example of a policy is an
Access Control Rule.
`Policy Target'
An entity to which a policy is applied so that
the action corresponding to the policy is taken
only on traffic streams associated with the
entity. An example of a policy target is an
interface.
`URL Filtering Server'
A server which is employed by the firewall to
enforce URL access policies.
`Protocol Data Unit' or PDU
An instance of the unit of information using which
a protocol operates is called the Protocol Data
Unit or the PDU of the protocol.
`Deep Packet Inspection'
The task of examining the contents of the payloads
of one or more layer 7 application protocols
with a view to enforcing the local security
policies termed 'Deep Packet Inspection'.
`Advanced Application Inspection and Control'
An entity that performs deep packet inspection
of layer 7 application protocol data units is
termed an 'Application Firewall'.
Parsed from file CISCO-UNIFIED-FIREWALL-MIB.mib
Module: CISCO-UNIFIED-FIREWALL-MIB
Overview of Cisco Firewall MIB
==============================
This MIB Module models status and performance
statistics pertaining to the common features supported
by Cisco firewall implementations. For each firewall
feature, capability (if applicable) and statistics are
defined. Supporting the configuration of firewall
features is outside the scope of this MIB.
Following are the major firewall features:
1) 'Stateful Packet Filtering'
Creating and maintaining the state of authorized
traffic flows dynamically to permit only
flows authorized by the policy is a mandatory
function of a firewall.
This MIB instruments the activity and memory
usage by this function.
2) 'Application Inspection'
This refers to the function of inspecting the
headers of layer 3 and layer 4 protocols and
creating dynamic entries in the connection
table for traffic flows spawned by an already
established traffic flow.
This MIB reflects the protocols that are being
inspected.
3) 'URL Filtering'
This refers to the function of facilitating
or restricting URL access requests through
the firewall by consulting either local policy
or that configured on a dedicated URL filtering
server.
This MIB instruments the URL filtering activity,
the status and activity of distinct URL filtering
servers configured on the firewall and the
impact of the performance of the URL filtering
servers on the latency and throughput of the
firewall.
4) 'Proxy Authentication'
This refers to the function of authenticating
and/or authorizing users on behalf of servers
on the secure side of the firewall. This operation
could affect the throughput of the firewall.
The MIB objects pertaining to Proxy Authentication
will be defined in a subsequent revision of this
MIB.
5) 'Transparent Mode Operation'
A firewall could operate as a bridge and yet
filter traffic based on layer 3-layer 7 control
and payload information. Operating in this mode
makes it easy to implement a firewall without
fragmenting existing subnets. Another advantage
of this mode of operation is enhanced security.
This MIB instruments the status, activity,
and performance of the firewall in this mode.
Please note that to fully manage a firewall
operating in this mode, the firewall must also
support the bridge MIB (BRIDGE-MIB).
6) 'Advanced Application Inspection and Control'
This function is also termed 'Application
Firewall' and pertains to inspecting payload and
headers of application traffic to make sure the
traffic flows conform to the configured security
policy.
Monitoring this function entails identifying the
security alerts generated by this function and
measuring the impact on firewall performance by
this task. Application Firewall will be
instrumented in a separate MIB dedicated for the
function.
7) 'Failover' or 'Redundancy'
Redundancy configuration is essential for business
critical firewalls.
Instrumenting this function entails reflecting
the configuration of redundancy and identifying
failover events.
The MIB objects pertaining to Proxy Authentication
will be defined in a subsequent revision of this
MIB.
The management information for each firewall feature
is defined in a distinct module compliance unit. The
compliance units corresponding to basic features of
firewalls are defined as mandatory.
Acronyms
========
Following are definitions of some terms used in this
module. Please refer to the module conformance for a
glossary of feature-specific terms.
`Firewall'
A firewall is a set of related programs,
implemented on a host or a network device, that
protects the resources of a private network from
users from other networks. Common firewalling
functions include stateful packet filtering,
proxy authentication of users on behalf of
applications on the secure side of the firewall,
URL access control, inspection of payload of
traffic streams to determine security threats.
`Layer2 Firewall' or 'Transparent Firewall'
A firewall device that operates as a bridge
while performing firewalling function.
`Connection'
The record in the firewall of a traffic strean
that has been authorized to flow through the
firewall.
`Half Open Connection'
For a connection oriented protocol: a connection
that has not reached the established on both the
sides of the connection.
For a connection-less protocol: the connection
corresponding to a traffic stream where traffic
flow has occurred (since the establishment of the
connection entry) only on one direction.
`Embryonic Connection'
The connection entry corresponding to an
application layer protocol in which the signaling
channel has been established while the setup of
the data channel is underway.
`Policy'
An element of firewall configuration that
identifies the access rights to a resource by a
traffic source. An example of a policy is an
Access Control Rule.
`Policy Target'
An entity to which a policy is applied so that
the action corresponding to the policy is taken
only on traffic streams associated with the
entity. An example of a policy target is an
interface.
`URL Filtering Server'
A server which is employed by the firewall to
enforce URL access policies.
`Protocol Data Unit' or PDU
An instance of the unit of information using which
a protocol operates is called the Protocol Data
Unit or the PDU of the protocol.
`Deep Packet Inspection'
The task of examining the contents of the payloads
of one or more layer 7 application protocols
with a view to enforcing the local security
policies termed 'Deep Packet Inspection'.
`Advanced Application Inspection and Control'
An entity that performs deep packet inspection
of layer 7 application protocol data units is
termed an 'Application Firewall'.
Parsed from file CISCO-UNIFIED-FIREWALL-MIB.my.txt
Company: None
Module: CISCO-UNIFIED-FIREWALL-MIB
Overview of Cisco Firewall MIB
==============================
This MIB Module models status and performance
statistics pertaining to the common features supported
by Cisco firewall implementations. For each firewall
feature, capability (if applicable) and statistics are
defined. Supporting the configuration of firewall
features is outside the scope of this MIB.
Following are the major firewall features:
1) 'Stateful Packet Filtering'
Creating and maintaining the state of authorized
traffic flows dynamically to permit only
flows authorized by the policy is a mandatory
function of a firewall.
This MIB instruments the activity and memory
usage by this function.
2) 'Application Inspection'
This refers to the function of inspecting the
headers of layer 3 and layer 4 protocols and
creating dynamic entries in the connection
table for traffic flows spawned by an already
established traffic flow.
This MIB reflects the protocols that are being
inspected.
3) 'URL Filtering'
This refers to the function of facilitating
or restricting URL access requests through
the firewall by consulting either local policy
or that configured on a dedicated URL filtering
server.
This MIB instruments the URL filtering activity,
the status and activity of distinct URL filtering
servers configured on the firewall and the
impact of the performance of the URL filtering
servers on the latency and throughput of the
firewall.
4) 'Proxy Authentication'
This refers to the function of authenticating
and/or authorizing users on behalf of servers
on the secure side of the firewall. This operation
could affect the throughput of the firewall.
The MIB objects pertaining to Proxy Authentication
will be defined in a subsequent revision of this
MIB.
5) 'Transparent Mode Operation'
A firewall could operate as a bridge and yet
filter traffic based on layer 3-layer 7 control
and payload information. Operating in this mode
makes it easy to implement a firewall without
fragmenting existing subnets. Another advantage
of this mode of operation is enhanced security.
This MIB instruments the status, activity,
and performance of the firewall in this mode.
Please note that to fully manage a firewall
operating in this mode, the firewall must also
support the bridge MIB (BRIDGE-MIB).
6) 'Advanced Application Inspection and Control'
This function is also termed 'Application
Firewall' and pertains to inspecting payload and
headers of application traffic to make sure the
traffic flows conform to the configured security
policy.
Monitoring this function entails identifying the
security alerts generated by this function and
measuring the impact on firewall performance by
this task. Application Firewall will be
instrumented in a separate MIB dedicated for the
function.
7) 'Failover' or 'Redundancy'
Redundancy configuration is essential for business
critical firewalls.
Instrumenting this function entails reflecting
the configuration of redundancy and identifying
failover events.
The MIB objects pertaining to Proxy Authentication
will be defined in a subsequent revision of this
MIB.
The management information for each firewall feature
is defined in a distinct module compliance unit. The
compliance units corresponding to basic features of
firewalls are defined as mandatory.
Acronyms
========
Following are definitions of some terms used in this
module. Please refer to the module conformance for a
glossary of feature-specific terms.
`Firewall'
A firewall is a set of related programs,
implemented on a host or a network device, that
protects the resources of a private network from
users from other networks. Common firewalling
functions include stateful packet filtering,
proxy authentication of users on behalf of
applications on the secure side of the firewall,
URL access control, inspection of payload of
traffic streams to determine security threats.
`Layer2 Firewall' or 'Transparent Firewall'
A firewall device that operates as a bridge
while performing firewalling function.
`Connection'
The record in the firewall of a traffic strean
that has been authorized to flow through the
firewall.
`Half Open Connection'
For a connection oriented protocol: a connection
that has not reached the established on both the
sides of the connection.
For a connection-less protocol: the connection
corresponding to a traffic stream where traffic
flow has occurred (since the establishment of the
connection entry) only on one direction.
`Embryonic Connection'
The connection entry corresponding to an
application layer protocol in which the signaling
channel has been established while the setup of
the data channel is underway.
`Policy'
An element of firewall configuration that
identifies the access rights to a resource by a
traffic source. An example of a policy is an
Access Control Rule.
`Policy Target'
An entity to which a policy is applied so that
the action corresponding to the policy is taken
only on traffic streams associated with the
entity. An example of a policy target is an
interface.
`URL Filtering Server'
A server which is employed by the firewall to
enforce URL access policies.
`Protocol Data Unit' or PDU
An instance of the unit of information using which
a protocol operates is called the Protocol Data
Unit or the PDU of the protocol.
`Deep Packet Inspection'
The task of examining the contents of the payloads
of one or more layer 7 application protocols
with a view to enforcing the local security
policies termed 'Deep Packet Inspection'.
`Advanced Application Inspection and Control'
An entity that performs deep packet inspection
of layer 7 application protocol data units is
termed an 'Application Firewall'.
ciscoUnifiedFirewallMIB MODULE-IDENTITY LAST-UPDATED "200509220000Z" ORGANIZATION "Cisco Systems" CONTACT-INFO " Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: [email protected]" DESCRIPTION "Overview of Cisco Firewall MIB ============================== This MIB Module models status and performance statistics pertaining to the common features supported by Cisco firewall implementations. For each firewall feature, capability (if applicable) and statistics are defined. Supporting the configuration of firewall features is outside the scope of this MIB. Following are the major firewall features: 1) 'Stateful Packet Filtering' Creating and maintaining the state of authorized traffic flows dynamically to permit only flows authorized by the policy is a mandatory function of a firewall. This MIB instruments the activity and memory usage by this function. 2) 'Application Inspection' This refers to the function of inspecting the headers of layer 3 and layer 4 protocols and creating dynamic entries in the connection table for traffic flows spawned by an already established traffic flow. This MIB reflects the protocols that are being inspected. 3) 'URL Filtering' This refers to the function of facilitating or restricting URL access requests through the firewall by consulting either local policy or that configured on a dedicated URL filtering server. This MIB instruments the URL filtering activity, the status and activity of distinct URL filtering servers configured on the firewall and the impact of the performance of the URL filtering servers on the latency and throughput of the firewall. 4) 'Proxy Authentication' This refers to the function of authenticating and/or authorizing users on behalf of servers on the secure side of the firewall. This operation could affect the throughput of the firewall. The MIB objects pertaining to Proxy Authentication will be defined in a subsequent revision of this MIB. 5) 'Transparent Mode Operation' A firewall could operate as a bridge and yet filter traffic based on layer 3-layer 7 control and payload information. Operating in this mode makes it easy to implement a firewall without fragmenting existing subnets. Another advantage of this mode of operation is enhanced security. This MIB instruments the status, activity, and performance of the firewall in this mode. Please note that to fully manage a firewall operating in this mode, the firewall must also support the bridge MIB (BRIDGE-MIB). 6) 'Advanced Application Inspection and Control' This function is also termed 'Application Firewall' and pertains to inspecting payload and headers of application traffic to make sure the traffic flows conform to the configured security policy. Monitoring this function entails identifying the security alerts generated by this function and measuring the impact on firewall performance by this task. Application Firewall will be instrumented in a separate MIB dedicated for the function. 7) 'Failover' or 'Redundancy' Redundancy configuration is essential for business critical firewalls. Instrumenting this function entails reflecting the configuration of redundancy and identifying failover events. The MIB objects pertaining to Proxy Authentication will be defined in a subsequent revision of this MIB. The management information for each firewall feature is defined in a distinct module compliance unit. The compliance units corresponding to basic features of firewalls are defined as mandatory. Acronyms ======== Following are definitions of some terms used in this module. Please refer to the module conformance for a glossary of feature-specific terms. `Firewall' A firewall is a set of related programs, implemented on a host or a network device, that protects the resources of a private network from users from other networks. Common firewalling functions include stateful packet filtering, proxy authentication of users on behalf of applications on the secure side of the firewall, URL access control, inspection of payload of traffic streams to determine security threats. `Layer2 Firewall' or 'Transparent Firewall' A firewall device that operates as a bridge while performing firewalling function. `Connection' The record in the firewall of a traffic strean that has been authorized to flow through the firewall. `Half Open Connection' For a connection oriented protocol: a connection that has not reached the established on both the sides of the connection. For a connection-less protocol: the connection corresponding to a traffic stream where traffic flow has occurred (since the establishment of the connection entry) only on one direction. `Embryonic Connection' The connection entry corresponding to an application layer protocol in which the signaling channel has been established while the setup of the data channel is underway. `Policy' An element of firewall configuration that identifies the access rights to a resource by a traffic source. An example of a policy is an Access Control Rule. `Policy Target' An entity to which a policy is applied so that the action corresponding to the policy is taken only on traffic streams associated with the entity. An example of a policy target is an interface. `URL Filtering Server' A server which is employed by the firewall to enforce URL access policies. `Protocol Data Unit' or PDU An instance of the unit of information using which a protocol operates is called the Protocol Data Unit or the PDU of the protocol. `Deep Packet Inspection' The task of examining the contents of the payloads of one or more layer 7 application protocols with a view to enforcing the local security policies termed 'Deep Packet Inspection'. `Advanced Application Inspection and Control' An entity that performs deep packet inspection of layer 7 application protocol data units is termed an 'Application Firewall'. " REVISION "200509220000Z" DESCRIPTION "Initial version of this module. " ::= { ciscoMgmt 491 }
ciscoUnifiedFirewallMIB OBJECT IDENTIFIER ::= { ciscoMgmt 491 }
Vendor: Cisco
Module: CISCO-UNIFIED-FIREWALL-MIB
[Automatically extracted from oidview.com]
ciscoUnifiedFirewallMIB MODULE-IDENTITY LAST-UPDATED "200509220000Z" ORGANIZATION "Cisco Systems" CONTACT-INFO " Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: [email protected]" DESCRIPTION "Overview of Cisco Firewall MIB ============================== This MIB Module models status and performance statistics pertaining to the common features supported by Cisco firewall implementations. For each firewall feature, capability (if applicable) and statistics are defined. Supporting the configuration of firewall features is outside the scope of this MIB. Following are the major firewall features: 1) 'Stateful Packet Filtering' Creating and maintaining the state of authorized traffic flows dynamically to permit only flows authorized by the policy is a mandatory function of a firewall. This MIB instruments the activity and memory usage by this function. 2) 'Application Inspection' This refers to the function of inspecting the headers of layer 3 and layer 4 protocols and creating dynamic entries in the connection table for traffic flows spawned by an already established traffic flow. This MIB reflects the protocols that are being inspected. 3) 'URL Filtering' This refers to the function of facilitating or restricting URL access requests through the firewall by consulting either local policy or that configured on a dedicated URL filtering server. This MIB instruments the URL filtering activity, the status and activity of distinct URL filtering servers configured on the firewall and the impact of the performance of the URL filtering servers on the latency and throughput of the firewall. 4) 'Proxy Authentication' This refers to the function of authenticating and/or authorizing users on behalf of servers on the secure side of the firewall. This operation could affect the throughput of the firewall. The MIB objects pertaining to Proxy Authentication will be defined in a subsequent revision of this MIB. 5) 'Transparent Mode Operation' A firewall could operate as a bridge and yet filter traffic based on layer 3-layer 7 control and payload information. Operating in this mode makes it easy to implement a firewall without fragmenting existing subnets. Another advantage of this mode of operation is enhanced security. This MIB instruments the status, activity, and performance of the firewall in this mode. Please note that to fully manage a firewall operating in this mode, the firewall must also support the bridge MIB (BRIDGE-MIB). 6) 'Advanced Application Inspection and Control' This function is also termed 'Application Firewall' and pertains to inspecting payload and headers of application traffic to make sure the traffic flows conform to the configured security policy. Monitoring this function entails identifying the security alerts generated by this function and measuring the impact on firewall performance by this task. Application Firewall will be instrumented in a separate MIB dedicated for the function. 7) 'Failover' or 'Redundancy' Redundancy configuration is essential for business critical firewalls. Instrumenting this function entails reflecting the configuration of redundancy and identifying failover events. The MIB objects pertaining to Proxy Authentication will be defined in a subsequent revision of this MIB. The management information for each firewall feature is defined in a distinct module compliance unit. The compliance units corresponding to basic features of firewalls are defined as mandatory. Acronyms ======== Following are definitions of some terms used in this module. Please refer to the module conformance for a glossary of feature-specific terms. `Firewall' A firewall is a set of related programs, implemented on a host or a network device, that protects the resources of a private network from users from other networks. Common firewalling functions include stateful packet filtering, proxy authentication of users on behalf of applications on the secure side of the firewall, URL access control, inspection of payload of traffic streams to determine security threats. `Layer2 Firewall' or 'Transparent Firewall' A firewall device that operates as a bridge while performing firewalling function. `Connection' The record in the firewall of a traffic strean that has been authorized to flow through the firewall. `Half Open Connection' For a connection oriented protocol: a connection that has not reached the established on both the sides of the connection. For a connection-less protocol: the connection corresponding to a traffic stream where traffic flow has occurred (since the establishment of the connection entry) only on one direction. `Embryonic Connection' The connection entry corresponding to an application layer protocol in which the signaling channel has been established while the setup of the data channel is underway. `Policy' An element of firewall configuration that identifies the access rights to a resource by a traffic source. An example of a policy is an Access Control Rule. `Policy Target' An entity to which a policy is applied so that the action corresponding to the policy is taken only on traffic streams associated with the entity. An example of a policy target is an interface. `URL Filtering Server' A server which is employed by the firewall to enforce URL access policies. `Protocol Data Unit' or PDU An instance of the unit of information using which a protocol operates is called the Protocol Data Unit or the PDU of the protocol. `Deep Packet Inspection' The task of examining the contents of the payloads of one or more layer 7 application protocols with a view to enforcing the local security policies termed 'Deep Packet Inspection'. `Advanced Application Inspection and Control' An entity that performs deep packet inspection of layer 7 application protocol data units is termed an 'Application Firewall'. " REVISION "200509220000Z" DESCRIPTION "Initial version of this module. " ::= { ciscoMgmt 491 }
ciscoUnifiedFirewallMIB MODULE-IDENTITY LAST-UPDATED "200509220000Z" ORGANIZATION "Cisco Systems" CONTACT-INFO " Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: [email protected]" DESCRIPTION "Overview of Cisco Firewall MIB ============================== This MIB Module models status and performance statistics pertaining to the common features supported by Cisco firewall implementations. For each firewall feature, capability (if applicable) and statistics are defined. Supporting the configuration of firewall features is outside the scope of this MIB. Following are the major firewall features: 1) 'Stateful Packet Filtering' Creating and maintaining the state of authorized traffic flows dynamically to permit only flows authorized by the policy is a mandatory function of a firewall. This MIB instruments the activity and memory usage by this function. 2) 'Application Inspection' This refers to the function of inspecting the headers of layer 3 and layer 4 protocols and creating dynamic entries in the connection table for traffic flows spawned by an already established traffic flow. This MIB reflects the protocols that are being inspected. 3) 'URL Filtering' This refers to the function of facilitating or restricting URL access requests through the firewall by consulting either local policy or that configured on a dedicated URL filtering server. This MIB instruments the URL filtering activity, the status and activity of distinct URL filtering servers configured on the firewall and the impact of the performance of the URL filtering servers on the latency and throughput of the firewall. 4) 'Proxy Authentication' This refers to the function of authenticating and/or authorizing users on behalf of servers on the secure side of the firewall. This operation could affect the throughput of the firewall. The MIB objects pertaining to Proxy Authentication will be defined in a subsequent revision of this MIB. 5) 'Transparent Mode Operation' A firewall could operate as a bridge and yet filter traffic based on layer 3-layer 7 control and payload information. Operating in this mode makes it easy to implement a firewall without fragmenting existing subnets. Another advantage of this mode of operation is enhanced security. This MIB instruments the status, activity, and performance of the firewall in this mode. Please note that to fully manage a firewall operating in this mode, the firewall must also support the bridge MIB (BRIDGE-MIB). 6) 'Advanced Application Inspection and Control' This function is also termed 'Application Firewall' and pertains to inspecting payload and headers of application traffic to make sure the traffic flows conform to the configured security policy. Monitoring this function entails identifying the security alerts generated by this function and measuring the impact on firewall performance by this task. Application Firewall will be instrumented in a separate MIB dedicated for the function. 7) 'Failover' or 'Redundancy' Redundancy configuration is essential for business critical firewalls. Instrumenting this function entails reflecting the configuration of redundancy and identifying failover events. The MIB objects pertaining to Proxy Authentication will be defined in a subsequent revision of this MIB. The management information for each firewall feature is defined in a distinct module compliance unit. The compliance units corresponding to basic features of firewalls are defined as mandatory. Acronyms ======== Following are definitions of some terms used in this module. Please refer to the module conformance for a glossary of feature-specific terms. `Firewall' A firewall is a set of related programs, implemented on a host or a network device, that protects the resources of a private network from users from other networks. Common firewalling functions include stateful packet filtering, proxy authentication of users on behalf of applications on the secure side of the firewall, URL access control, inspection of payload of traffic streams to determine security threats. `Layer2 Firewall' or 'Transparent Firewall' A firewall device that operates as a bridge while performing firewalling function. `Connection' The record in the firewall of a traffic strean that has been authorized to flow through the firewall. `Half Open Connection' For a connection oriented protocol: a connection that has not reached the established on both the sides of the connection. For a connection-less protocol: the connection corresponding to a traffic stream where traffic flow has occurred (since the establishment of the connection entry) only on one direction. `Embryonic Connection' The connection entry corresponding to an application layer protocol in which the signaling channel has been established while the setup of the data channel is underway. `Policy' An element of firewall configuration that identifies the access rights to a resource by a traffic source. An example of a policy is an Access Control Rule. `Policy Target' An entity to which a policy is applied so that the action corresponding to the policy is taken only on traffic streams associated with the entity. An example of a policy target is an interface. `URL Filtering Server' A server which is employed by the firewall to enforce URL access policies. `Protocol Data Unit' or PDU An instance of the unit of information using which a protocol operates is called the Protocol Data Unit or the PDU of the protocol. `Deep Packet Inspection' The task of examining the contents of the payloads of one or more layer 7 application protocols with a view to enforcing the local security policies termed 'Deep Packet Inspection'. `Advanced Application Inspection and Control' An entity that performs deep packet inspection of layer 7 application protocol data units is termed an 'Application Firewall'. " REVISION "200509220000Z" DESCRIPTION "Initial version of this module. " ::= { ciscoMgmt 491 }
| OID | Name | Sub children | Sub Nodes Total | Description |
|---|---|---|---|---|
| 1.3.6.1.4.1.9.9.491.0 | ciscoUnifiedFirewallMIBNotifs | 2 | 2 | None |
| 1.3.6.1.4.1.9.9.491.1 | ciscoUnifiedFirewallMIBObjects | 7 | 215 | None |
| 1.3.6.1.4.1.9.9.491.2 | ciscoUnifiedFirewallMIBConform | 2 | 15 | None |
To many brothers! Only 100 nearest brothers are shown.
| OID | Name | Sub children | Sub Nodes Total | Description |
|---|---|---|---|---|
| ... | ||||
| 1.3.6.1.4.1.9.9.441 | ciscoSrstMIB | 3 | 149 | This MIB allows management of Cisco Survivable Remote Site Telephony (SRST) feature in Cisco IOS. SRST is an optional software fe… |
| 1.3.6.1.4.1.9.9.443 | ciscoCommonMgmtMIB | 3 | 37 | MIB module for integrating different elements of managing a device. For example, different device access methods like SNMP, CLI, … |
| 1.3.6.1.4.1.9.9.445 | ciscoQinqVlanMIB | 3 | 25 | This MIB defines configuration and monitoring capabilities relating to 802.1QinQ interfaces. QinQ interfaces are capable of term… |
| 1.3.6.1.4.1.9.9.447 | ciscoScsiFlowMIB | 3 | 99 | A SCSI Flow is described as a SCSI Initiator SCSI Target combination. This MIB is used to configure and monitor SCSI Flows. Gloss… |
| 1.3.6.1.4.1.9.9.448 | ciscoSsmProvMIB | 2 | 26 | This MIB is used to provision features on a Data Path Processor (DPP) of a Storage Service Module (SSM). A DPP is assigned to a c… |
| 1.3.6.1.4.1.9.9.449 | ciscoEigrpMIB | 3 | 103 | Enhanced Interior Gateway Protocol (EIGRP) is a Cisco proprietary distance vector routing protocol. It is based on the Diffusin… |
| 1.3.6.1.4.1.9.9.450 | ciscoCableAdmCtrlMIB | 3 | 123 | This MIB module defines the managed objects enabling the management of Cable Modem Termination System (CMTS) admission control. CM… |
| 1.3.6.1.4.1.9.9.451 | ciscoIpUrpfMIB | 3 | 47 | Unicast Reverse Path Forwarding (URPF) is a function that checks the validity of the source address of IP packets received on an … |
| 1.3.6.1.4.1.9.9.454 | ciscoDot11LbsMIB | 3 | 23 | This MIB module supports network management for Location Based Services on IEEE 802.11 wireless LAN devices. Location Based Serv… |
| 1.3.6.1.4.1.9.9.455 | ciscoImageTc | 0 | 0 | This MIB module defines the textual conventions used in the enhanced image MIB. Glossary: Base Image Essential part of the operatin… |
| 1.3.6.1.4.1.9.9.456 | ciscoDot11WidsMIB | 3 | 50 | This MIB is intended to be implemented on the following IOS based network entities for the purpose of providing network managemen… |
| 1.3.6.1.4.1.9.9.457 | ciscoWdsIdsMIB | 2 | 18 | This MIB is intended to be implemented on all IOS based network entities that provide Wireless Domain Services, for the purpose o… |
| 1.3.6.1.4.1.9.9.458 | ciscoApplianceRedundancyMIB | 3 | 47 | This mib defines the SNMP objects to report the status of High Availability (HA) functionality in Cisco network management applia… |
| 1.3.6.1.4.1.9.9.459 | ciscoBitsClockMIB | 3 | 21 | This MIB provides information on Building Integrated Timing Supply(BITS) clocking sources and modes of operations. It is used to… |
| 1.3.6.1.4.1.9.9.460 | ciscoTpcMIB | 3 | 24 | The MIB module for Third Party Copy(TPC): Third Party Copy derives its name from the fact that there are three entities involved … |
| 1.3.6.1.4.1.9.9.461 | ciscoEtherCfmMIB | 3 | 39 | This MIB module defines the managed objects and notifications for Ethernet Connectivity Fault Management (CFM). CFM is an end-to-e… |
| 1.3.6.1.4.1.9.9.463 | ciscoSanTapMIB | 3 | 30 | MIB module to provide information about the SanTap service configuration. SanTap is a fibre channel switch based capability that p… |
| 1.3.6.1.4.1.9.9.466 | ciscoEthernetAccessMIB | 2 | 20 | The tables defined by this MIB module contain a collection of managed objects that are general in nature and apply to an edge dev… |
| 1.3.6.1.4.1.9.9.467 | ciscoCryptoAcceleratorMIB | 3 | 107 | The MIB module for monitoring the identity, status, activity and faults of crypto accelerator (CA) modules used in devices implem… |
| 1.3.6.1.4.1.9.9.468 | ciscoContextMappingMIB | 2 | 35 | A single SNMP agent sometimes needs to support multiple instances of the same MIB module, and does so through the use of multiple… |
| 1.3.6.1.4.1.9.9.470 | ciscoEnhancedSlbMIB | 3 | 106 | The MIB for managing Server Load Balancing Manager(s), and products supporting Server Load Balancing(SLB) features. This MIB exten… |
| 1.3.6.1.4.1.9.9.471 | ciscoFlexLinksMIB | 3 | 36 | This MIB module is for configuration and status query of Flex Links feature on the Cisco device. Flex Links are a pair of Layer 2… |
| 1.3.6.1.4.1.9.9.472 | ciscoModuleVirtualizationMIB | 3 | 35 | This MIB provides a way to create virtual contexts, and managing them. A virtual context is logical partition of a physical devi… |
| 1.3.6.1.4.1.9.9.473 | ciscoCcaMIB | 3 | 200 | The Cisco Contact Center Applications (CCCA) Management Information Base (MIB) module defines management instrumentation for appl… |
| 1.3.6.1.4.1.9.9.474 | ciscoFilterGroupMIB | 3 | 55 | The MIB module is for creating and configuring object groups to support packet filtering and access control on IP and other proto… |
| 1.3.6.1.4.1.9.9.479 | ciscoCableWidebandMIB | 3 | 77 | This is the MIB module for the support of Channel Bonding Protocol for the Cable Modem Termination System (CMTS). Wideband DOCSIS… |
| 1.3.6.1.4.1.9.9.480 | ciscoL4L7moduleResourceLimitMIB | 4 | 100 | The MIB module for managing resource classes and configuring limits(max/min) to different resources. The resource referenced in … |
| 1.3.6.1.4.1.9.9.482 | ciscoInterfaceTopNExtMIB | 3 | 16 | This MIB module is an extension to INTERFACETOPN-MIB. It provides additional management information for sorting device interfaces. |
| 1.3.6.1.4.1.9.9.483 | ciscoIpRanBackHaulMIB | 3 | 248 | This MIB provides information on the IP-RAN traffic from cell site to aggregation site in the following situations. In an GSM en… |
| 1.3.6.1.4.1.9.9.484 | ciscoNacNadMIB | 3 | 157 | This MIB module is for the configuration of a Network Access Device (NAD) on the Cisco Network Admission Control (NAC) system. End… |
| 1.3.6.1.4.1.9.9.485 | ciscoRttMonTCMIB | 0 | 0 | This MIB contains textual conventions used by CISCO-RTTMON-MIB, CISCO-RTTMON-RTP-MIB and CISCO-RTTMON-ICMP-MIB, but they are not … |
| 1.3.6.1.4.1.9.9.486 | ciscoRttMonIcmpMIB | 3 | 7 | An extension to the CISCO-RTTMON-MIB for ICMP operations. The ICMP Jitter operation provides capability to measure metrics such a… |
| 1.3.6.1.4.1.9.9.487 | ciscoRttMonRtpMIB | 3 | 8 | An extension to the CISCO-RTTMON-MIB for Cisco IP SLA RTP operation, Real-Time Transport Protocol(RFC 1889). This operation provi… |
| 1.3.6.1.4.1.9.9.488 | ciscoFirewallTc | 0 | 0 | This MIB module defines textual conventions that are commonly used in modeling management information pertaining to configuration… |
| 1.3.6.1.4.1.9.9.490 | ciscoNetintMIB | 3 | 11 | This MIB module is for Network Interrupt information on Cisco device. |
| 1.3.6.1.4.1.9.9.492 | ciscoCefMIB | 3 | 192 | Cisco Express Forwarding (CEF) describes a high speed switching mechanism that a router uses to forward packets from the inbound … |
| 1.3.6.1.4.1.9.9.493 | ciscoCefTextualConventions | 0 | 0 | ciscoCeftextualConventions |
| 1.3.6.1.4.1.9.9.494 | ciscoEntityRedunTcMIB | 0 | 0 | This module defines the textual conventions used within Cisco Entity Redundancy MIBs. |
| 1.3.6.1.4.1.9.9.495 | ciscoPsdClientMIB | 3 | 44 | This MIB module manages the client side functionality of the Persistent Storage Device(PSD). This MIB instrumentation is for conf… |
| 1.3.6.1.4.1.9.9.497 | cGgsnSAMIB | 3 | 247 | This MIB module manages the service-aware feature of Gateway GPRS Support Node (GGSN). This MIB is an enhancement of the CISCO-GG… |
| 1.3.6.1.4.1.9.9.498 | ciscoEntityRedunMIB | 3 | 93 | This management information module supports configuration, control and monitoring of redundancy protection for various kinds of c… |
| 1.3.6.1.4.1.9.9.500 | ciscoStackWiseMIB | 3 | 111 | This MIB module contain a collection of managed objects that apply to network devices supporting the Cisco StackWise(TM) technolo… |
| 1.3.6.1.4.1.9.9.504 | ciscoSwitchMulticastMIB | 3 | 108 | This MIB module defines management objects for the Multicast Switching features on Cisco Layer 2/3 devices. Definition of some of … |
| 1.3.6.1.4.1.9.9.505 | cpkiMIB | 3 | 44 | A networking device may provide several security services and protocols like SSL, SSH, IPSec/IKE etc. which need identities … |
| 1.3.6.1.4.1.9.9.507 | ciscoPolicyGroupMIB | 3 | 35 | The MIB module is for configuration of policy and policy group. A policy group can be described as a set of entities identified b… |
| 1.3.6.1.4.1.9.9.508 | ciscoSlbHealthMonMIB | 3 | 62 | An extension to the CISCO-SLB-EXT-MIB for SLB health monitoring probes. SLB: Server Load Balancing. Server load balancing provides… |
| 1.3.6.1.4.1.9.9.509 | ciscoWdsInfoMIB | 3 | 141 | This MIB is intended to be implemented on all Cisco network entities that provide Wireless Domain Services (WDS). The WDS provide… |
| 1.3.6.1.4.1.9.9.510 | ciscoErmMIB, ciscoVoiceLmrMIB | 3 | 176 | This MIB module provides management of voice tone signal as static injected tone for Land Mobile Radio The tone signal includes … |
| 1.3.6.1.4.1.9.9.511 | ciscoCbpTargetTCMIB | 0 | 0 | This MIB module defines Textual Conventions for representing targets which have class based policy mappings. A target can be any … |
| 1.3.6.1.4.1.9.9.512 | ciscoLwappWlanMIB | 3 | 249 | This MIB is intended to be implemented on all those devices operating as Central Controllers (CC) that terminate the Light Weigh… |
| 1.3.6.1.4.1.9.9.513 | ciscoLwappApMIB | 4 | 386 | This MIB is intended to be implemented on all those devices operating as Central Controllers (CC) that terminate the Light Weight… |
| 1.3.6.1.4.1.9.9.514 | ciscoLwappTextualConventions | 0 | 0 | This module defines textual conventions used throughout the Cisco enterprise MIBs designed for implementation on Central Controlle… |
| 1.3.6.1.4.1.9.9.515 | ciscoLwappWebAuthMIB | 4 | 43 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.516 | ciscoLwappLinkTestMIB | 3 | 57 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.517 | ciscoLwappReapMIB | 3 | 63 | This MIB is intended to be implemented on all those devices operating as Central Controllers (CC) that terminate the Light Weight… |
| 1.3.6.1.4.1.9.9.518 | ciscoLwappMfpMIB | 4 | 64 | This MIB is intended to be implemented on all those devices operating as Central Controllers (CC) that terminate the Light Weight… |
| 1.3.6.1.4.1.9.9.519 | ciscoLwappIdsMIB | 3 | 28 | This MIB is intended to be implemented on all those devices operating as Central Controllers (CC) that terminate the Light Weight… |
| 1.3.6.1.4.1.9.9.520 | ciscoLwappCcxRmMIB | 3 | 45 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.521 | ciscoLwappWlanSecurityMIB | 3 | 51 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.522 | ciscoLwappDot11ClientCalibMIB | 3 | 50 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.523 | ciscoLwappClRoamMIB | 3 | 61 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.524 | ciscoLwappQosMIB | 3 | 119 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.525 | ciscoLwappTsmMIB | 3 | 57 | This MIB is intended to be implemented on all those devices operating as Central controllers, that terminate the Light Weight Acc… |
| 1.3.6.1.4.1.9.9.529 | ciscoItpMsuRatesMIB | 3 | 61 | This MIB provides information used to manage the number of MTP3 MSUs transmitted and received per processor. Many of the higher … |
| 1.3.6.1.4.1.9.9.530 | ciscoNacTcMIB | 0 | 0 | This module defines the textual conventions for Cisco Network Admission Control(NAC) system. The Cisco Network Admission Control … |
| 1.3.6.1.4.1.9.9.532 | ciscoNATExtMIB | 3 | 13 | This MIB is an extension to the NAT-MIB. This MIB module includes objects for providing the NAT related statistics. Acronyms: NAT… |
| 1.3.6.1.4.1.9.9.533 | ciscoCbpTargetMIB | 3 | 25 | This MIB module defines the managed objects for representing targets which have class-based policy mappings. A target can be any… |
| ... | ||||