-- =========================================================== -- Copyright (C) 2009 by HUAWEI TECHNOLOGIES. All rights reserved. -- -- Description: HUAWEI-FIREWALL-MIB -- Reference: -- Version: 1.0 -- History: -- =========================================================== HUAWEI-FIREWALL-MIB DEFINITIONS ::= BEGIN IMPORTS hwDatacomm FROM HUAWEI-MIB InterfaceIndexOrZero FROM IF-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB OBJECT-GROUP, MODULE-COMPLIANCE, NOTIFICATION-GROUP FROM SNMPv2-CONF IpAddress, Unsigned32, Counter32, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE FROM SNMPv2-SMI DateAndTime, DisplayString, TEXTUAL-CONVENTION FROM SNMPv2-TC; hwFirewallMIB MODULE-IDENTITY LAST-UPDATED "200911022030Z" -- November 02, 2009 at 20:30 GMT ORGANIZATION "Huawei Technologies Co., Ltd. " CONTACT-INFO " NanJing Institute,Huawei Technologies Co.,Ltd. HuiHong Mansion,No.91 BaiXia Rd. NanJing, P.R. of China Zipcode:210001 Http://www.huawei.com E-mail:support@huawei.com " DESCRIPTION "The MIB contains objects of firewall , referencing the draft-grall-firewall-mib-01." ::= { hwDatacomm 222 } -- Textual conventions SecurityEvent ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention is used to describe various security-related events and statistics on a firewall. attack : A packet forwarding attack has been detected. atkTerm : An attack has terminated blklstAdd : A black list is added manually or dynamically. blklstDel : A black list is deleted manually or dynamically." SYNTAX INTEGER { attack(1), atkTerm(2), blklstAdd(3), blklstDel(4) } Services ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention is used to describe various services that are monitored by the firewall. protoIcmp : identifies ICMP, Internet Control Message Protocol. protoTcp : identifies TCP, Transmission Control Protocol. protoUdp : identifies UDP, User Datagram Protocol. protoIp : identifies IP, Internet Protocol. protoSnmp : identifies SNMP, Simple Network Management Protocol." SYNTAX INTEGER { protoIcmp(1), protoTcp(2), protoUdp(3) } ConnectionStat ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention is used to describe various connections statistics. totalOpen : Total open connections since reboot. currentOpen : The number of connections currently open. currentHalfOpen : The number of connections currently half-open. remote : The number of connections synchronized from remote backup firewall. high : The highest number of connections in use at any one time since system startup." SYNTAX INTEGER { totalOpen(1), currentOpen(2), currentHalfOpen(3), remote(4), high(5) } ConnectionEvent ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention is used to describe various events and statistics that are related to the connections that occur on a firewall. other : A generic connection event. accept : A connection has been acccepted. error : An error has occurred for a connection. drop : The connection has been dropped. close : A connection has been closed. timeout : A connection has been timed out. refused : A connection has been refused. reset : A connection has been reset. noResp : A connection has received no response." SYNTAX INTEGER { other(1), accept(2), error(3), drop(4), close(5), timeout(6), refused(7), reset(8), noResp(9) } Hardware ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention is used to describe various hardware resouces that can be monitored by the firewall. memory : identifies memory. disk : identifies disk. power : identifies power. netInterface : identifies a network interface. tape : identifies a tape drive. controller : identifies hardware controller. cpu : identifies CPU. primaryUnit : identifies the primary unit of the two identical firewalls configured redundancy. secondaryUnit : identifies the secondary unit of the two identical firewalls configured redundancy. other : identifies other hardware." SYNTAX INTEGER { memory(1), disk(2), power(3), netInterface(4), cpu(5), primaryUnit(6), secondaryUnit(7), other(8) } HardwareStatus ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention is used to describe various events that are related to the resources on a firewall. other : Generic resource event. up : The resource is in service. down : The resource is not in service. error : There has been an error for this resource. overTemp : The resource is overheating. busy : The resource is busy. noMedia : A device doesn't have its needed media. backup : Processing has switched to the backup. active : This is the active unit. standby : This is the standby unit." SYNTAX INTEGER { other(1), up(2), down(3), error(4), overTemp(5), busy(6), noMedia(7), backup(8), active(9), standby(10) } ResourceStatistics ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention is used to identify various statistics that are related to the resources on a firewall. highUse : The highest load the resource has had for a time period. The time period will be implementation dependent. highLoad : The highest load the resource has had since startup. maximum : The maximum amount of the resource that is available. minimum : The minimum amount of the resource that is available. low : The lowest amount of the resource that has been available since startup. high : The highest amount of the resource that has been available since startup. average : The average amount of the resource that has been available since startup. free : The amount of the resource that is currently available since startup. inUse : The amount of the resource that is currently in use, eg. CPU usage, memory usage." SYNTAX INTEGER { highUse(1), highLoad(2), maximum(3), minimum(4), low(5), high(6), average(7), free(8), inUse(9) } ContentInspectionEvent ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Content inspection events, these events report that something was found in the application payload. The details entry in the event can report on what was found (eg., virus, company private info., etc), what it was found in (eg., html, win32 executable, e-mail), and what was done with it (eg., the quarantine location). other : A content inspection event. Used to indicate that some content inspection has occurred that is not covered by the other content inspection enumerations. okay : The check of the content was okay, nothing 'bad' was found. error : There was an error while checking the content. found : Something was found that the content inspection engine has determined merits attention. clean : The content inspection engine has found something that violates the security policy and has neutralized the content in the data flow. reject : The content inspection engine has found something that violates the security policy and has discarded the content. saved : The content inspection engine has found something that violates the security policy and has stored it in a quarentine storage area." SYNTAX INTEGER { other(1), okay(2), error(3), found(4), clean(5), reject(6), saved(7) } AccessEvent ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention is used to describe various events and statistics that are related to the access control on a firewall. other : Miscellaneous access event. grant : A service has allowed access based on all of its access checks. deny : a client was denied use of a service. denyMult : A client was denied use of a service multiple times. error : An error has ocurred during the access control process." SYNTAX INTEGER { other(1), grant(2), deny(3), denyMult(4), error(5) } AuthenticationEvent ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention is used to describe various events and statistics that are related to authorization. other : Miscellaneous authentication event. succ : A client successfuly authenticated. error : Error while authenticating. fail : A client failed an authenticating. succPriv : A client accessed a service with special privileges. failPriv : A client failed to access a service with special privileges. failMult : Multiple failed authentication attempts by a client." SYNTAX INTEGER { other(1), succ(2), error(3), fail(4), succPriv(5), failPriv(6), failMult(7) } GenericEvent ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Generic Events : events for which there is no more specific enumeration abnormal : An abnormal event has occurred that is neither 'okay' nor an 'error'. okay : A normal event occurred or the system has changed from an abnormal state to a normal state error : An error event occurred" SYNTAX INTEGER { abnormal(1), okay(2), error(3) } -- Node definitions hwFirewallMIBObjects OBJECT IDENTIFIER ::= { hwFirewallMIB 1 } hwFwEvents OBJECT IDENTIFIER ::= { hwFirewallMIBObjects 1 } hwFwNetEvents OBJECT IDENTIFIER ::= { hwFwEvents 2 } -- Network Events -- -- A details table with information related to network events -- or events involving "users" of the firewall resources and services -- (eg., traffic flows through the firewall or a user authenticating -- to use a firewall service). hwFwNetEventsTableLastRow OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The index value of the last row in the hwFwNetEventsTable. This number starts at 1 and increase by one with each new log entry. When this number wraps, all events are deleted." ::= { hwFwNetEvents 1 } hwFwBasicEvents OBJECT IDENTIFIER ::= { hwFwNetEvents 3 } -- The cfwBasicEventsGroup -- -- This group defines the table containing information that is -- for every logged event on the firewall. The table is -- defined along with one variable to obtain the index value of -- the last row in the table. The table is indexed by the -- integer-valued cfwBasicEventIndex which is assigned to events -- in ascending chronological order, such that the oldest event -- stored in the table has the numerically smallest value of -- cfwBasicEventIndex." -- -- The index of the last row also indicates the total number -- modulo 2**32 of events logged in the table since reboot. -- Events are not retained across reboots. -- hwFwBasicEventsTableLastRow OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The index value of the most recently created row in the cfwBasicEventsTable. This number starts at 1 and increase by one with each new log entry. When this number wraps, all events are deleted." ::= { hwFwBasicEvents 1 } hwFwBasicEventsTable OBJECT-TYPE SYNTAX SEQUENCE OF HwFwBasicEventsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table of basic data for firewall events. The agent may choose to delete the instances of cfwBasicEventsEntry as required because of lack of memory. The oldest Events will be selected first for deletion." ::= { hwFwBasicEvents 2 } hwFwBasicEventsEntry OBJECT-TYPE SYNTAX HwFwBasicEventsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the table, containing general information about an event. This table will always be sparse, i.e., each row will instanciate only a subet of the columnar objects." INDEX { hwFwBasicEventIndex } ::= { hwFwBasicEventsTable 1 } HwFwBasicEventsEntry ::= SEQUENCE { hwFwBasicEventIndex Unsigned32, hwFwBasicEventTime DateAndTime, hwFwBasicSecurityEventType SecurityEvent, hwFwBasicEventDescription SnmpAdminString, hwFwBasicEventDetailsTableRow Unsigned32 } hwFwBasicEventIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index that uniquely identifies an entry in the log table. These indices are assigned beginning with 1 and increase by one with each new event logged." ::= { hwFwBasicEventsEntry 1 } hwFwBasicEventTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The time that the event occurred." ::= { hwFwBasicEventsEntry 2 } hwFwBasicSecurityEventType OBJECT-TYPE SYNTAX SecurityEvent MAX-ACCESS read-only STATUS current DESCRIPTION "The type of security-related event that this row contains. If the event is not security-related this object will not be instantiated." ::= { hwFwBasicEventsEntry 3 } hwFwBasicEventDescription OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "A description of the event. The value of the object may be a zero-length string." ::= { hwFwBasicEventsEntry 4 } hwFwBasicEventDetailsTableRow OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "A pointer to a row in the table containing details about this event. Generally, the table will be the cfwNetEventsTable but a Cisco-defined table may also appear here. If there there is no more detailed information for this event the value of this object will have the value {0 0}." ::= { hwFwBasicEventsEntry 5 } hwFwNetEventsTable OBJECT-TYPE SYNTAX SEQUENCE OF HwFwNetEventsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table of detailed data for network events. The agent may choose to delete the instances of hwFwBasicEventsEntry as required because of lack of memory. It is an implementation-specific matter as to when this deletion may occur. It is recommended that the oldest log instances are deleted first." ::= { hwFwNetEvents 4 } hwFwNetEventsEntry OBJECT-TYPE SYNTAX HwFwNetEventsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the table, containing detailed information about an event. Note that this table may be sparse. If Network Address Translation is not enabled hwFwNetEventInsideSrcIpAddress and hwFwNetEventInsideDstIpAddress will not be instantiated in the row. If Port Address Translation is not enabled hwFwNetEventInsideSrcIpPort and hwFwNetEventInsideDstIpPort will not be instantiated in the row. Entries are added to this table at the same time that events are added to the hwFwBasicEventsTable. These two tables may be configured to be different sizes so there may not be a one-to-one correspondence between rows in the two tables." INDEX { hwFwNetEventIndex } ::= { hwFwNetEventsTable 1 } HwFwNetEventsEntry ::= SEQUENCE { hwFwNetEventIndex Unsigned32, hwFwNetEventInterface InterfaceIndexOrZero, hwFwNetEventSrcVrfName DisplayString, hwFwNetEventSrcIpAddress IpAddress, hwFwNetEventInsideSrcIpAddress IpAddress, hwFwNetEventDstVrfName DisplayString, hwFwNetEventDstIpAddress IpAddress, hwFwNetEventInsideDstIpAddress IpAddress, hwFwNetEventSrcIpPort INTEGER, hwFwNetEventInsideSrcIpPort INTEGER, hwFwNetEventDstIpPort INTEGER, hwFwNetEventInsideDstIpPort INTEGER, hwFwNetEventService Services, hwFwNetEventServiceInformation SnmpAdminString, hwFwNetEventIdentity SnmpAdminString, hwFwNetEventDescription SnmpAdminString } hwFwNetEventIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index that uniquely identifies an entry in the log table. These indices are assigned beginning with one and increase by one with each new log entry. When this number wraps, all events are deleted in order to allow the NMS to differentiate between old and new events." ::= { hwFwNetEventsEntry 1 } hwFwNetEventInterface OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The interface most closely associated with this event. For example, for an event that relates to the receipt of a packet, this object identifies the interface on which the packet was received. If there are multiple interfaces associated with an event, the interface most closely associated with the cause of the event will be used. For example, for an event for the setup of a TCP connection, the interface on the initiator's side of the connection would be preferred. If there is no associated interface, then this object has the value zero." ::= { hwFwNetEventsEntry 2 } hwFwNetEventSrcVrfName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..31)) MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the VRF's name." ::= { hwFwNetEventsEntry 3 } hwFwNetEventSrcIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Source IP address in the IP packet that caused the event. If there is no packet associated with the event this object has the value of zero. If the event is the result of multiple packets with different source addresses, this value may be zero or an address taken from an arbitrarily chosen packet in the sequence of packets causing the event." ::= { hwFwNetEventsEntry 4 } hwFwNetEventInsideSrcIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Source IP address after Network Address Translation has been applied. If NAT has not been applied to the source address in this packet this object will not be instantiated, resulting in a sparse table. If the event is the result of multiple packets with different source addresses, this value may be zero or an address taken from an arbitrarily chosen packet in the sequence of packets causing the event." ::= { hwFwNetEventsEntry 5 } hwFwNetEventDstVrfName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..31)) MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the VRF's name." ::= { hwFwNetEventsEntry 6 } hwFwNetEventDstIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Destination IP address in the IP packet that caused the event. If there is no packet associated with the event this object has the value of zero. If the event is the result of multiple packets with different destination addresses, this value may be zero or an address taken from an arbitrarily chosen packet in the sequence of packets causing the event." ::= { hwFwNetEventsEntry 7 } hwFwNetEventInsideDstIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Destination IP address after Network Address Translation has been applied. If NAT has not been applied to the destination address in this packet this object will not be instantiated, resulting in a sparse table. If the event is the result of multiple packets with different destination addresses, this value may be zero or an address taken from an arbitrarily chosen packet in the sequence of packets causing the event." ::= { hwFwNetEventsEntry 8 } hwFwNetEventSrcIpPort OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Source UDP/TCP port in the IP packet that caused the event. If there is no packet associated with the event this object has the value of zero. If the event is the result of multiple packets with different source ports, this value may be zero or a port taken from an arbitrarily chosen packet in the sequence of packets causing the event." ::= { hwFwNetEventsEntry 9 } hwFwNetEventInsideSrcIpPort OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Source UDP/TCP port after Port Address Translation has been applied. If PAT has not been applied to the source port in this packet this object will not be instantiated, resulting in a sparse table. If the event is the result of multiple packets with different source ports, this value may be zero or a port taken from an arbitrarily chosen packet in the sequence of packets causing the event." ::= { hwFwNetEventsEntry 10 } hwFwNetEventDstIpPort OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Destination UDP/TCP port in the IP packet that caused the event. If there is no packet associated with the event this object has the value of zero. If the event is the result of multiple packets with different destination ports, this value may be zero or a port taken from an arbitrarily chosen packet in the sequence of packets causing the event." ::= { hwFwNetEventsEntry 11 } hwFwNetEventInsideDstIpPort OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Destination UDP/TCP port after Port Address Translation has been applied. If PAT has not been applied to the Destination port in this packet this object will not be instantiated, resulting in a sparse table. If the event is the result of multiple packets with different destination ports, this value may be zero or a port taken from an arbitrarily chosen packet in the sequence of packets causing the event." ::= { hwFwNetEventsEntry 12 } hwFwNetEventService OBJECT-TYPE SYNTAX Services MAX-ACCESS read-only STATUS current DESCRIPTION "The identification of the type of service involved with this event." ::= { hwFwNetEventsEntry 13 } hwFwNetEventServiceInformation OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "Specific service information. This can be used to describe the particular service indentified by hwFwNetEventService and can reflect whether the service is a local service or a gateway service. For example, if the value for hwFwNetEventService is loginTelnet then the string provided might be 'local telnet'." ::= { hwFwNetEventsEntry 14 } hwFwNetEventIdentity OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "This object will contain a description of the entity that caused the event. The entity could be a userid, username, processid or other identifier for the entity using the service. If there is no such information then this object will contain a zero-length string." ::= { hwFwNetEventsEntry 15 } hwFwNetEventDescription OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "A detailed description of the event." ::= { hwFwNetEventsEntry 16 } hwFwSystem OBJECT IDENTIFIER ::= { hwFirewallMIBObjects 2 } hwFwStatistics OBJECT IDENTIFIER ::= { hwFwSystem 2 } -- The Firewall Connection Statistics Table -- -- This table can be used to provide the statistics for firewall -- connection events or services. These "connections" can be -- connections in a loose sense of the word - a UDP transaction -- would qualify as a connection if the firewall maintains -- state information to monitor the packets traversing the firewall -- for this "connection". A uni-directional UDP "connection" could be -- described as being "half-open" by a value of 'halfOpen' in -- hwFwConnectionStatType. -- -- This table contains multiple rows for each service to which the -- statistic applies. hwFwConnectionStatTable OBJECT-TYPE SYNTAX SEQUENCE OF HwFwConnectionStatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table of firewall statistic instances." ::= { hwFwStatistics 2 } hwFwConnectionStatEntry OBJECT-TYPE SYNTAX HwFwConnectionStatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the table, containing information about a firewall statistic." INDEX { hwFwConnectionStatService, hwFwConnectionStatType } ::= { hwFwConnectionStatTable 1 } HwFwConnectionStatEntry ::= SEQUENCE { hwFwConnectionStatService Services, hwFwConnectionStatType ConnectionStat, hwFwConnectionStatDescription SnmpAdminString, hwFwConnectionStatCount Counter32 } hwFwConnectionStatService OBJECT-TYPE SYNTAX Services MAX-ACCESS not-accessible STATUS current DESCRIPTION "The identification of the type of connection providing statistics." ::= { hwFwConnectionStatEntry 1 } hwFwConnectionStatType OBJECT-TYPE SYNTAX ConnectionStat MAX-ACCESS not-accessible STATUS current DESCRIPTION "The state of the connections that this row contains statistics for." ::= { hwFwConnectionStatEntry 2 } hwFwConnectionStatDescription OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "A detailed textual description of this statistic." ::= { hwFwConnectionStatEntry 3 } hwFwConnectionStatCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This is an integer that contains the value of the resource statistic. If a type of 'gauge' is more appropriate this object will be omitted resulting in a sparse table." ::= { hwFwConnectionStatEntry 4 } hwFirewallMIBNotifications OBJECT IDENTIFIER ::= { hwFirewallMIBObjects 3 } hwFwSecurityNotification NOTIFICATION-TYPE OBJECTS { hwFwBasicEventTime, hwFwBasicSecurityEventType, hwFwBasicEventDescription, hwFwBasicEventDetailsTableRow } STATUS current DESCRIPTION "This notification is used for events involving security events. The included objects provide more detailed information about the event." ::= { hwFirewallMIBNotifications 2 } hwFirewallMIBConformance OBJECT IDENTIFIER ::= { hwFirewallMIB 3 } hwFirewallMIBCompliances OBJECT IDENTIFIER ::= { hwFirewallMIBConformance 1 } -- Conformance hwFirewallMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for entities which implement the hw FirewallMIB." MODULE MANDATORY-GROUPS { HUAWEI-FIREWALL-MIB } ::= { hwFirewallMIBCompliances 1 } hwFirewallMIBComplianceRev1 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the hw FirewallMIB." MODULE MANDATORY-GROUPS { HUAWEI-FIREWALL-MIB } GROUP hwFirewallMIBEventsGroup DESCRIPTION "Implementation of these objects is not required." GROUP hwFirewallMIBNotificationGroupRev1 DESCRIPTION "Implementation of these notifications is not required." ::= { hwFirewallMIBCompliances 2 } hwFirewallMIBGroups OBJECT IDENTIFIER ::= { hwFirewallMIBConformance 2 } -- Units of Conformance hwFirewallMIBEventsGroup OBJECT-GROUP OBJECTS { hwFwBasicEventsTableLastRow, hwFwBasicEventTime, hwFwBasicSecurityEventType, hwFwBasicEventDescription, hwFwNetEventDstVrfName, hwFwNetEventSrcVrfName, hwFwBasicEventDetailsTableRow, hwFwNetEventsTableLastRow, hwFwNetEventInterface, hwFwNetEventSrcIpAddress, hwFwNetEventInsideSrcIpAddress, hwFwNetEventDstIpAddress, hwFwNetEventInsideDstIpAddress, hwFwNetEventSrcIpPort, hwFwNetEventInsideSrcIpPort, hwFwNetEventDstIpPort, hwFwNetEventInsideDstIpPort, hwFwNetEventService, hwFwNetEventServiceInformation, hwFwNetEventIdentity, hwFwNetEventDescription } STATUS current DESCRIPTION "Firewall events" ::= { hwFirewallMIBGroups 1 } hwFirewallMIBStatisticsGroup OBJECT-GROUP OBJECTS { hwFwConnectionStatDescription, hwFwConnectionStatCount } STATUS current DESCRIPTION "Firewall statistics" ::= { hwFirewallMIBGroups 2 } hwFirewallMIBNotificationGroup OBJECT-GROUP OBJECTS { hwFwBasicEventTime, hwFwBasicSecurityEventType, hwFwBasicEventDescription, hwFwBasicEventDetailsTableRow } STATUS obsolete DESCRIPTION "Firewall Notifications" ::= { hwFirewallMIBGroups 3 } hwFirewallMIBNotificationGroupRev1 NOTIFICATION-GROUP NOTIFICATIONS { hwFwSecurityNotification } STATUS current DESCRIPTION "Firewall Notifications" ::= { hwFirewallMIBGroups 4 } END