-- ***************************************************************** -- SONICWALL-FIREWALL-TRAP -- -- February 2001, Susan Yan -- -- Copyright (c) 2001 by SonicWall, Inc. -- All rights reserved. -- ***************************************************************** SONICWALL-FIREWALL-TRAP-MIB DEFINITIONS ::= BEGIN IMPORTS DisplayString, TEXTUAL-CONVENTION FROM SNMPv2-TC IpAddress, snmpModules, OBJECT-TYPE, NOTIFICATION-TYPE, MODULE-IDENTITY FROM SNMPv2-SMI sonicwallFw FROM SONICWALL-SMI; sonicwallFwTrapModule MODULE-IDENTITY LAST-UPDATED "200102230000Z" ORGANIZATION "SonicWall, Inc." CONTACT-INFO " SonicWall Inc. Postal: 1160 Bordeaux Dr. Sunnyvale, CA 94089 USA Tel: +1 408 745 9600 Fax: +1 408 745 9300 E-mail: product@sonicwall.com" DESCRIPTION "The MIB Module for SonicWALL Firewall Trap." REVISION "200102230000Z" DESCRIPTION "Initial version." ::= { sonicwallFw 1 } -- ********************************************************************* -- Standard Traps -- ********************************************************************* snmpTraps OBJECT IDENTIFIER ::= {snmpModules 1 1 5 } coldStart NOTIFICATION-TYPE STATUS current DESCRIPTION "This trap signifies that the SonicWALL appliance is re-initializing itself such that the agent's configuration or the appliance itself implementation may be altered. " ::= { snmpTraps 1 } warmStart NOTIFICATION-TYPE STATUS current DESCRIPTION "This trap signifies that the SonicWALL appliance is re-initializing itself such that neither the agent configuration nor the appliance implementation is altered. " ::= { snmpTraps 2 } authenticationFailure NOTIFICATION-TYPE STATUS current DESCRIPTION "This trap signifies that the SonicWALL appliance is the addressee of a protocol message that is not properly authenticated. " ::= { snmpTraps 5 } -- ********************************************************************* -- Type define -- ********************************************************************* MacAddress ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "ethernet address." SYNTAX OCTET STRING (SIZE (6)) FwTrapType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Trap type of firewall. The type have 4 digitals, ABCD. AB represent trap catalog, CD represent trap type in the catalog." SYNTAX INTEGER { -- =========== Attack ================================================= trapTypePingOfDeathBlocked (501), -- Ping of death blocked trapTypeIPSpoofDetected (502), -- IP spoof detected trapTypePossibleSynFlood (503), -- Possible SYN flood attack trapTypeProbableSynFlood (504), -- Probable SYN flood attack trapTypeLandAttack (505), -- Land Attack Dropped trapTypeAttemptedAdminLoginFromWAN (506), -- Attempted administrator login from WAN trapTypeLogUnknownSpi (507), -- Unknown IPSec SPI trapTypeLogIpsecAuthFailure (508), -- IPSec Authentication Failed trapTypeLogIpsecDecryptFailure (509), -- IPSec Decryption Failed trapTypeLogIllegalIpsecPeer (510), -- IPSec packet from or to an illegal host trapTypeNetBusDropped (511), -- NetBus Attack Dropped trapTypeBackOrificeDropped (512), -- Back Orifice Attack Dropped trapTypeNetSpyDropped (513), -- Net Spy Attack Dropped trapTypeSub7Dropped (514), -- Sub Seven Attack Dropped trapTypeRipperDropped (515), -- Ripper Attack Dropped trapTypeStrikerDropped (516), -- Striker Attack Dropped trapTypeSennaSpyDropped (517), -- Senna Spy Attack Dropped trapTypePriorityDropped (518), -- Priority Attack Dropped trapTypeIniKillerDropped (519), -- Ini Killer Attack Dropped trapTypeSmurfDropped (520), -- Smurf Amplification Attack Dropped trapTypePortScanPossible (521), -- Possible Port Scan trapTypePortScanProbable (522), -- Probable Port Scan trapTypeLogIkeProposalReject (523), -- IKE Responder: IPSec proposal not acceptable trapTypeAVReceivedAlert (524), -- Received AV Alert trapTypeLogAddTest (525), -- Add an attack message trapTypeAVExpiredMsg (526), -- Received AV Alert: Your SonicWALL Network Anti-Virus subscription has expired. trapTypeForbiddenAttachment (527), -- Forbidden E-mail attachment altered trapTypeTcpFinScanDropped (528), -- Probable TCP FIN scan trapTypeTcpXmasScanDropped (529), -- Probable TCP XMAS scan trapTypeTcpNullScanDropped (530), -- Probable TCP NULL scan trapTypeReplayDetected (531), -- IPSEC Replay Detected -- =========== System Errors ================================================= trapTypeLogFull (601), -- Log full; deactivating SonicWALL trapTypeLogProblemLoadingCheckSettings (602), -- Problem loading the Filter list; check Filter settings trapTypeLogProblemLoadingCheckDNS (603), -- Problem loading the Filter list; check your DNS server trapTypeLogProblemEmailingCheckSettings (604), -- Problem sending log email; check log settings trapTypeIllegalLanAddressInUse (605), -- Illegal LAN address in use trapTypeNATCouldntRemap (606), -- NAT could not remap incoming packet trapTypeCacheFull (607), -- The cache is full; %d open connections; some will be dropped trapTypeConnDroppedTooManyIP (608), -- License exceeded: Connection dropped because too many IP addresses are in use on your LAN trapTypeLogOutOfMemory (609), -- Diagnostic Code E trapTypeInternalErr (610), -- Diagnostic Code D trapTypeLogSuspendReboot (611), -- Diagnostic Code A trapTypeLogDeadlockReboot (612), -- Diagnostic Code B trapTypeLogLowMemReboot (613), -- Diagnostic Code C trapTypeHaIdlePrimary (614), -- Primary firewall has transitioned to Idle trapTypeHaMissedHeartbeatPrimary (615), -- Primary missed heartbeats from Active Backup: Primary going Active trapTypeHaMissedHeartbeatBackup (616), -- Backup missed heartbeats from Active Primary: Backup going Active trapTypeHaErrorReceivedPrimary (617), -- Primary received error signal from Active Backup: Primary going Active trapTypeHaErrorReceivedBackup (618), -- Backup received error signal from Active Primary: Backup going Active trapTypeHaBackupPreempt (619), -- Backup firewall being preempted by Primary trapTypeHaPrimaryPreempt (620), -- Primary firewall preempting Backup trapTypeLogHttpServerReboot (621), -- Diagnostic Code F trapTypeBackupActivePreempt (622), -- Backup going Active in preempt mode after reboot trapTypeCflUpdateApplianceNotRegistered (623), -- Problem loading the Filter list; Appliance not registered. trapTypeCflUpdateSubscriptionExpired (624), -- Problem loading the Filter list; Subscription expired. trapTypeCflUpdateErrorTransient (625), -- Problem loading the Filter list; Try loading it again. trapTypeCflUpdateErrorTransientAuto (626), -- Problem loading the Filter list; Retrying later. trapTypeCflUpdateErrorInternal (627), -- Problem loading the Filter list; Flash write failure. trapTypeCflApplianceCflExpired (628), -- The loaded content filter list has expired. trapTypeHaSetError (629), -- Error setting the IP address of the backup, please manually set to backup LAN IP trapTypeHaSyncError (630), -- Error updating HA peer configuration -- =========== Blocked Web Sites ================================================= trapTypeWebSiteBlocked (701), -- Web site blocked trapTypeNewsgroupBlocked (702), -- Newsgroup blocked trapTypeWebSiteAccessed (703), -- Web site accessed trapTypeNewsgroupAccessed (704), -- Newsgroup accessed trapTypeProxyAccessBlocked (705) -- Access to Proxy Server Blocked } -- **************************** Enterprise Specific Traps Information ******************************* sonicwallFwTrapInfo OBJECT IDENTIFIER ::= {sonicwallFwTrapModule 1} -- ****************************************************************************************** -- -- The swTrapInfoTable -- -- This table contains information that is -- for the basic event on the firewall. -- ****************************************************************************************** swTrapInfoTable OBJECT IDENTIFIER ::= { sonicwallFwTrapInfo 1 } swTrapInfoTrapType OBJECT-TYPE SYNTAX FwTrapType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "trap type ." ::= { swTrapInfoTable 1 } swTrapInfoTrapDescription OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The description of the trap. " ::= { swTrapInfoTable 2 } swTrapInfoSrcIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The source ip address. " ::= { swTrapInfoTable 3 } swTrapInfoDstIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The destination ip address. " ::= { swTrapInfoTable 4 } swTrapInfoSrcPort OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The destination port. " ::= { swTrapInfoTable 5 } swTrapInfoDstPort OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The destination port. " ::= { swTrapInfoTable 6 } swTrapInfoSrcMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The source MAC address. " ::= { swTrapInfoTable 7 } swTrapInfoDstMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The destination MAC address. " ::= { swTrapInfoTable 8 } swTrapInfoIpType OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The ip type. " ::= { swTrapInfoTable 9 } swTrapInfoPrivMsg OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The additional message. " ::= { swTrapInfoTable 10 } swTrapInfoIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The ip address. " ::= { swTrapInfoTable 11 } -- ****************************************************************************************** -- -- sonicwall firewall trap group -- -- This group defines the trap which sonicwall firewall generated -- ****************************************************************************************** sonicwallFwTrapRoot OBJECT IDENTIFIER ::= {sonicwallFwTrapModule 2} swFwTrapAttack NOTIFICATION-TYPE OBJECTS { swTrapInfoTrapType, swTrapInfoTrapDescription } STATUS current DESCRIPTION "This trap indicates that the firewall have detected a attack. The bound objects provide more detailed information about this problem." ::= { sonicwallFwTrapRoot 0 1 } swFwTrapSysError NOTIFICATION-TYPE OBJECTS { swTrapInfoTrapType, swTrapInfoTrapDescription } STATUS current DESCRIPTION "This trap indicates that there is a system problem with the SonicWALL appliance. The bound objects provide more detailed information about this problem." ::= { sonicwallFwTrapRoot 0 2 } swFwTrapBlkWebSite NOTIFICATION-TYPE OBJECTS { swTrapInfoTrapType, swTrapInfoTrapDescription } STATUS current DESCRIPTION "This trap indicates that there is a web site was blocked by the firewall. The bound objects provide more detailed information about this problem." ::= { sonicwallFwTrapRoot 0 3} END