This type denotes the application (OSI Layer 7)
protocol/service corresponding to a firewall session
or a connection.
Description of constants of this type
'none'
Denotes the semantics of 'not applicable'.
'other'
Denotes any protocol not listed.
CFWNetworkProtocol
enumeration
This type denotes protocols operating at
layers 3 or 4 of Open System Interconnection (OSI)
model.
The following values are defined:
'none'
Denotes the semantics of 'not applicable'.
'other'
Denotes any protocol not listed.
'ip'
Denotes Internet Protocol (IP).
'icmp'
Denotes Internet Control Message
Protocol.
'gre'
Denotes Generic Route Encapsulation
protocol.
'udp'
Denotes User Datagram Protocol.
'tcp'
Denotes Transmission Control Protocol.
CFWPolicy
binary
This type denotes the identity of a policy
enforced by the firewall. In the context of firewalls,
only security policies are relevant.
Objects of this type must comprise printable,
human readable ASCII characters. A zero length
string is used to denote a 'null' policy.
An example of a policy is the 'policy-map' entity
configured using the Modular Policy Command
framework.
CFWPolicyTarget
binary
In the context of policy management, the term
target refers to an entity on the managed device
to which the policy is applied thereby enforcing
the policy on the traffic stream(s) associated
with the entity.
The type 'CFWPolicyTarget' denotes the identity of
a policy target. Examples of policy targets include
interfaces, security zones, users, user groups and
virtual contexts.
Objects of this type must comprise printable,
human readable ASCII characters. A zero length
string is used to denote a 'null' target.
CFWPolicyTargetType
enumeration
This type is used to represent the type of
a policy target.
The following values are defined:
'all'
Certain firewall implementations allow policies
to be applied on all applicable targets. (Such
policies are termed 'global'). The target type
'all' denotes the set of all applicable
targets.
'other'
Denotes an entity type that has yet not been
classified in one of the other types. This
value is useful in accomodating new target types
before the textual convention is revised to
include them.
'interface'
The policy target is an interface of the managed
device.
'zone'
The policy target is a zone, where a zone is
is a collection of interfaces of the managed
device.
'zonepair'
The policy target is a pair of zones.
'user'
Denotes the identity of a user who is
authorized to access the firewall itself or
the resources protected by the firewall.
'usergroup'
Denotes the identity of a user group.
User group denotes a collection of user
identities, as defined above.
'context'
Denotes a logical device defined in the managed
device with a distinct management context.
Examples of such logical devices include
virtual contexts defined by Firewall Service
Module, virtual sensors defined by Intrusion
Detection Service Module and Virtual Routing
and Forwarding (VRFs) defined by IOS.
CFWUrlfVendorId
enumeration
This type denotes the vendor of a URL filtering
server which the firewall uses to implement URL
filtering.
A URL filtering server provides a database of URLs
with appropriate access restrictions (e.g.,
deny or permit). Various security devices can make
use of these filtering servers to provide URL filtering
functionality to the users.
The following values are defined:
'other'
Other type of URL filtering servers than those
specified below.
'websense'
Websense URL filtering server. One of the products
provided by Websense is a Web Filtering Server.
More information about Websense Web Filtering
product can be found at http://www.websense.com
'n2h2'
N2H2 URL filtering server. More information about
N2H2 Filtering product can be found at
http://www.n2h2.com
CFWUrlServerStatus
enumeration
This type denotes the status of the URL filtering
server which the firewall uses to implement URL
filtering.
The following values are defined:
'online'
Indicates that the Server is online
'offline'
Indicates that the Server is offline
'indeterminate'
Indicates that the Server status
cannot be determined