Overview of Cisco Firewall MIB ============================== This MIB Module models status and performance statistics pertainin...
Version: 2005-09-22
module CISCO-UNIFIED-FIREWALL-MIB { yang-version 1; namespace "urn:ietf:params:xml:ns:yang:smiv2:CISCO-UNIFIED-FIREWALL-MIB"; prefix CISCO-UNIFIED-FIREWALL-MIB; import BRIDGE-MIB { prefix bridge-mib; } import CISCO-FIREWALL-TC { prefix cisco-firewall; } import INET-ADDRESS-MIB { prefix inet-address; } import ietf-inet-types { prefix inet; } import ietf-yang-smiv2 { prefix smiv2; } import ietf-yang-types { prefix yang; } organization "Cisco Systems"; contact " Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-firewalls@cisco.com"; description "Overview of Cisco Firewall MIB ============================== This MIB Module models status and performance statistics pertaining to the common features supported by Cisco firewall implementations. For each firewall feature, capability (if applicable) and statistics are defined. Supporting the configuration of firewall features is outside the scope of this MIB. Following are the major firewall features: 1) 'Stateful Packet Filtering' Creating and maintaining the state of authorized traffic flows dynamically to permit only flows authorized by the policy is a mandatory function of a firewall. This MIB instruments the activity and memory usage by this function. 2) 'Application Inspection' This refers to the function of inspecting the headers of layer 3 and layer 4 protocols and creating dynamic entries in the connection table for traffic flows spawned by an already established traffic flow. This MIB reflects the protocols that are being inspected. 3) 'URL Filtering' This refers to the function of facilitating or restricting URL access requests through the firewall by consulting either local policy or that configured on a dedicated URL filtering server. This MIB instruments the URL filtering activity, the status and activity of distinct URL filtering servers configured on the firewall and the impact of the performance of the URL filtering servers on the latency and throughput of the firewall. 4) 'Proxy Authentication' This refers to the function of authenticating and/or authorizing users on behalf of servers on the secure side of the firewall. This operation could affect the throughput of the firewall. The MIB objects pertaining to Proxy Authentication will be defined in a subsequent revision of this MIB. 5) 'Transparent Mode Operation' A firewall could operate as a bridge and yet filter traffic based on layer 3-layer 7 control and payload information. Operating in this mode makes it easy to implement a firewall without fragmenting existing subnets. Another advantage of this mode of operation is enhanced security. This MIB instruments the status, activity, and performance of the firewall in this mode. Please note that to fully manage a firewall operating in this mode, the firewall must also support the bridge MIB (BRIDGE-MIB). 6) 'Advanced Application Inspection and Control' This function is also termed 'Application Firewall' and pertains to inspecting payload and headers of application traffic to make sure the traffic flows conform to the configured security policy. Monitoring this function entails identifying the security alerts generated by this function and measuring the impact on firewall performance by this task. Application Firewall will be instrumented in a separate MIB dedicated for the function. 7) 'Failover' or 'Redundancy' Redundancy configuration is essential for business critical firewalls. Instrumenting this function entails reflecting the configuration of redundancy and identifying failover events. The MIB objects pertaining to Proxy Authentication will be defined in a subsequent revision of this MIB. The management information for each firewall feature is defined in a distinct module compliance unit. The compliance units corresponding to basic features of firewalls are defined as mandatory. Acronyms ======== Following are definitions of some terms used in this module. Please refer to the module conformance for a glossary of feature-specific terms. `Firewall' A firewall is a set of related programs, implemented on a host or a network device, that protects the resources of a private network from users from other networks. Common firewalling functions include stateful packet filtering, proxy authentication of users on behalf of applications on the secure side of the firewall, URL access control, inspection of payload of traffic streams to determine security threats. `Layer2 Firewall' or 'Transparent Firewall' A firewall device that operates as a bridge while performing firewalling function. `Connection' The record in the firewall of a traffic strean that has been authorized to flow through the firewall. `Half Open Connection' For a connection oriented protocol: a connection that has not reached the established on both the sides of the connection. For a connection-less protocol: the connection corresponding to a traffic stream where traffic flow has occurred (since the establishment of the connection entry) only on one direction. `Embryonic Connection' The connection entry corresponding to an application layer protocol in which the signaling channel has been established while the setup of the data channel is underway. `Policy' An element of firewall configuration that identifies the access rights to a resource by a traffic source. An example of a policy is an Access Control Rule. `Policy Target' An entity to which a policy is applied so that the action corresponding to the policy is taken only on traffic streams associated with the entity. An example of a policy target is an interface. `URL Filtering Server' A server which is employed by the firewall to enforce URL access policies. `Protocol Data Unit' or PDU An instance of the unit of information using which a protocol operates is called the Protocol Data Unit or the PDU of the protocol. `Deep Packet Inspection' The task of examining the contents of the payloads of one or more layer 7 application protocols with a view to enforcing the local security policies termed 'Deep Packet Inspection'. `Advanced Application Inspection and Control' An entity that performs deep packet inspection of layer 7 application protocol data units is termed an 'Application Firewall'."; revision "2005-09-22" { description "Initial version of this module."; } smiv2:alias "ciscoUnifiedFirewallMIB" { smiv2:oid "1.3.6.1.4.1.9.9.491"; } smiv2:alias "ciscoUnifiedFirewallMIBNotifs" { smiv2:oid "1.3.6.1.4.1.9.9.491.0"; } smiv2:alias "ciscoUnifiedFirewallMIBObjects" { smiv2:oid "1.3.6.1.4.1.9.9.491.1"; } smiv2:alias "cuFwConnectionGrp" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.1"; } smiv2:alias "cuFwConnectionGlobals" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.1"; } smiv2:alias "cuFwConnectionResources" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.2"; } smiv2:alias "cuFwConnectionReportSettings" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.3"; } smiv2:alias "cuFwConnectionSummaryTables" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4"; } smiv2:alias "cuFwApplInspectionGrp" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.2"; } smiv2:alias "cuFwUrlFilterGrp" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.3"; } smiv2:alias "cufwUrlFilterGlobals" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1"; } smiv2:alias "cufwUrlFilterResourceUsage" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.2"; } smiv2:alias "cufwUrlFilterServers" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3"; } smiv2:alias "cuFwFailoverGrp" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.4"; } smiv2:alias "cuFwAaicGrp" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.5"; } smiv2:alias "cufwAaicGlobals" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.5.1"; } smiv2:alias "cufwAaicProtocolStats" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.5.2"; } smiv2:alias "cufwAaicHttpProtocolStats" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.5.2.1"; } smiv2:alias "cuFwL2FwGrp" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.6"; } smiv2:alias "cufwL2FwGlobals" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.6.1"; } smiv2:alias "cuFwNotifCntlGrp" { smiv2:oid "1.3.6.1.4.1.9.9.491.1.7"; } smiv2:alias "ciscoUnifiedFirewallMIBConform" { smiv2:oid "1.3.6.1.4.1.9.9.491.2"; } smiv2:alias "ciscoUniFirewallMIBCompliances" { smiv2:oid "1.3.6.1.4.1.9.9.491.2.1"; } smiv2:alias "ciscoUniFirewallMIBGroups" { smiv2:oid "1.3.6.1.4.1.9.9.491.2.2"; } container CISCO-UNIFIED-FIREWALL-MIB { config false; container cuFwConnectionGlobals { smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.1"; leaf cufwConnGlobalNumAttempted { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.1.1"; type yang:counter64; units "Connections"; description " Connection Statistics Aggregation Connection 1 +-----------+ ------------->| |-------> Global Connection Summary Connection 2 | | ------------->| | Connection 3 | | ------------->| First |------------> ConnSummary | Level | (i.e, L-3/4 Protocol Connection 4 |Aggregation| Connection Summary) ------------->| | . | | . | |---------------> PolicyConnSummary Connection N | | (i.e, L-3/4 Policy Target based ------------->| | Protocol Connection Summary) +-----------+ +-----------+ L-3/4 Protocol | | Connection Summary | | ------------------>| |---------> AppConnSummary | | (i.e, L-7 Protocol | Second | Connection Summary) |---Level---| L-3/4 Policy Target |Aggregation| based Protocol | | Connection Summary | | ------------------>| |---------------> PolicyAppConnSummary | | (i.e, L-7 Policy Target based | | Protocol Connection Summary) +-----------+ Specifically, the object 'cufwConnGlobalNumAttempted' models the number of connections which are attempted to be set up through the firewall. This value is accumulated from the last reboot of the firewall."; } leaf cufwConnGlobalNumSetupsAborted { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.1.2"; type yang:counter64; units "Connections"; description "The number of connection setup attempts that were aborted before the connection could proceed to completion. The counter includes setup attempts aborted by the firewall as well as those aborted by the initiator and/or the responder(s) of/to the connection setup attempt. Consequently, this value subsumes the values of objects 'cufwConnGlobalNumPolicyDeclined' and 'cufwConnGlobalNumResDeclined'. This value is accumulated from the last reboot of the firewall."; } leaf cufwConnGlobalNumPolicyDeclined { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.1.3"; type yang:counter64; units "Connections"; description "The number of connections which were attempted to be setup but which were declined due to reasons of security policy. This includes the connections that failed authentication. This value is accumulated from the last reboot of the firewall."; } leaf cufwConnGlobalNumResDeclined { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.1.4"; type yang:counter64; units "Connections"; description "The number of connections which were attempted to be setup but which were declined due to non-availability of required resources. This value is accumulated from the last reboot of the firewall."; } leaf cufwConnGlobalNumHalfOpen { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.1.5"; type yang:gauge32; units "Connections"; description "The number of connections which are in the process of being setup but which have not yet reached the established state in the connection table."; } leaf cufwConnGlobalNumActive { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.1.6"; type yang:gauge32; units "Connections"; description "The number of connections which are currently active."; } leaf cufwConnGlobalNumExpired { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.1.7"; type yang:counter64; units "Connections"; description "The number of connections which were active but which were since normally terminated. This value is accumulated from the last reboot of the firewall."; } leaf cufwConnGlobalNumAborted { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.1.8"; type yang:counter64; units "Connections"; description "The number of connections which were active but which were aborted by the firewall due to reasons of policy or resource rationing. This value is accumulated from the last reboot of the firewall."; } leaf cufwConnGlobalNumEmbryonic { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.1.9"; type yang:gauge32; units "Connections"; description "The number of embryonic application layer connections (that is, connections in which the signaling channel has been established while the data channel is awaiting setup). This value is accumulated from the last reboot of the firewall."; } leaf cufwConnGlobalConnSetupRate1 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.1.10"; type yang:gauge32; units "Connections per second"; description "The averaged number of connections which the firewall establishing per second, averaged over the last 60 seconds."; } leaf cufwConnGlobalConnSetupRate5 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.1.11"; type yang:gauge32; units "Connections per second"; description "The averaged number of connections which the firewall establishing per second, averaged over the last 300 seconds."; } leaf cufwConnGlobalNumRemoteAccess { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.1.12"; type yang:gauge32; units "Connections"; description "The number of active connections which correspond to remote access applications. Specifically, the protocol for which the connection is established must be one of PPP, PPTP, L2TP or remote access IPsec (IPsec connections employing extended authentication). This value is accumulated from the last reboot of the firewall."; } } // container cuFwConnectionGlobals container cuFwConnectionResources { smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.2"; leaf cufwConnResMemoryUsage { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.2.1"; type yang:gauge32; units "KBytes"; description "The amount of memory occupied by all structures required to maintain the state of all connections which are either being established or are active."; } leaf cufwConnResActiveConnMemoryUsage { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.2.2"; type yang:gauge32; units "KBytes"; description "The amount of memory occupied by all structures required to maintain the state of all active connections."; } leaf cufwConnResHOConnMemoryUsage { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.2.3"; type yang:gauge32; units "KBytes"; description "The amount of memory occupied by all structures required to maintain the state of all half open connections."; } leaf cufwConnResEmbrConnMemoryUsage { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.2.4"; type yang:gauge32; units "KBytes"; description "The amount of memory occupied by all structures required to maintain the state of all embryonic connections."; } } // container cuFwConnectionResources container cuFwConnectionReportSettings { smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.3"; leaf cufwConnReptAppStats { smiv2:defval "false"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.3.1"; type boolean; description "Setting this object to 'true' enables the MIB to report connection activity statistics pertaining to application protocols. If this object is set to 'false', the agent should stop updating the objects defined in this module pertaining to application protocols. Application monitoring could be a resource intensive operation. It is expected that the administrators would use this control to disable application monitoring when the performance of the firewall is degrading."; } leaf cufwConnReptAppStatsLastChanged { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.3.2"; type yang:timestamp; description "The time at which the value of cufwConnReptAppStats was last changed."; } } // container cuFwConnectionReportSettings container cuFwApplInspectionGrp { smiv2:oid "1.3.6.1.4.1.9.9.491.1.2"; leaf cufwAIAuditTrailEnabled { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.2.1"; type boolean; description "The value identifies if audit trail in application inspection has been globally enabled or disabled."; } leaf cufwAIAlertEnabled { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.2.2"; type boolean; description "The value identifies if application inspection alerts have been globally enabled or disabled."; } } // container cuFwApplInspectionGrp container cufwUrlFilterGlobals { smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1"; leaf cufwUrlfFunctionEnabled { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.1"; type uint32 { range "0..2"; } description " URL Filtering Operation _________ 2.2 Request | | |---------->| Server | | | | _________ __|_ |_________| | |<--(5. Response )---| | 3. Response | | | | |<-------------| | Client |---(1. Request )--->|FW | |_________| |____|<--------------| | 4. URLF Resp ____|______ | | | |------------>|URLF Server| 2.1 URLF Req |___________| 1) Client sends a Request containing a URL to the Server 2.1) FW extracts the URL from the Request and sends it to URL Filtering Server (or Verifies the URL locally) 2.2) FW also forwards the original Request from the Client to the Server 3) Any Responses from the Server received before receiving a response from URLF Server are cached by the FW 4) URLF Response indicates whether the URL access should be allowed or denied 5) If the URLF Response allows the URL, FW forwards the URL Access responses from the Server to the Client 6) If the URLF Response indicates that the URL access should be denied, FW drops all the cached URL responses and forces the connection between the Client and the Server to be terminated Specifically, the object cufwUrlfFunctionEnabled indicates if the URL filtering function is enabled. When this MIB object contains the value 'false', the firewall device will not perform URL filtering function, even if it contains configuration pertaining to other aspects of URL filtering."; } leaf cufwUrlfRequestsNumProcessed { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.2"; type yang:counter64; units "Requests"; description "The number of URL access requests processed by this firewall. This value is accumulated from the last reboot of the firewall."; } leaf cufwUrlfRequestsProcRate1 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.3"; type yang:gauge32; units "Requests per second"; description "The number of URL access requests processed per seconds by this firewall averaged over the last 60 seconds."; } leaf cufwUrlfRequestsProcRate5 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.4"; type yang:gauge32; units "Requests per second"; description "The number of URL access requests processed per second by this firewall averaged over the last 300 seconds."; } leaf cufwUrlfRequestsNumAllowed { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.5"; type yang:counter64; units "Requests"; description "The number of URL access requests allowed by this firewall, due to a directive from a URL filtering server or a static policy configured on the firewall. This value is accumulated from the last reboot of the firewall."; } leaf cufwUrlfRequestsNumDenied { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.6"; type yang:counter64; units "Requests"; description "The number of URL access requests declined by this firewall, due to a directive from a URL filtering server, a static policy configured on the firewall, due to resource constraints or any other reason. This value is accumulated from the last reboot of the firewall."; } leaf cufwUrlfRequestsDeniedRate1 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.7"; type yang:gauge32; units "Requests per second"; description "The rate at which URL access requests were denied by this firewall, due to a directive from a URL filtering server, a static policy configured on the firewall, due to resource constraints or any other reason, averaged over the last 60 seconds."; } leaf cufwUrlfRequestsDeniedRate5 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.8"; type yang:gauge32; units "Requests Per Second"; description "The rate at which URL access requests were denied by this firewall, due to a directive from a URL filtering server, a static policy configured on the firewall, due to resource constraints or any other reason, averaged over the last 300 seconds."; } leaf cufwUrlfRequestsNumCacheAllowed { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.9"; type yang:counter64; units "Requests"; description "The number of URL access requests allowed by the firewall because of a cached entry holding the result from a previous URL access request that was handled either by a URLF Server or exclusive domain configuration. This value is accumulated from the last reboot of the firewall."; } leaf cufwUrlfRequestsNumCacheDenied { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.10"; type yang:counter64; units "Requests"; description "The number of URL access requests denied by the firewall because of a cached entry holding the result from a previous URL access request that was handled either by a URLF Server or exclusive domain configuration. This value is accumulated from the last reboot of the firewall."; } leaf cufwUrlfAllowModeReqNumAllowed { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.11"; type yang:counter64; units "Requests"; description "The number of URL access requests that were allowed by the firewall when the URL filtering server was not available. This value is accumulated from the last reboot of the firewall."; } leaf cufwUrlfAllowModeReqNumDenied { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.12"; type yang:counter64; units "Requests"; description "The number of URL access requests that were declined by the firewall when the URL filtering server was not available. This value is accumulated from the last reboot of the firewall."; } leaf cufwUrlfRequestsNumResDropped { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.13"; type yang:counter64; units "Requests"; description "The number of incoming URL access requests that were dropped by the firewall because of resource constraints. This value is accumulated from the last reboot of the firewall."; } leaf cufwUrlfRequestsResDropRate1 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.14"; type yang:gauge32; units "Requests Per Second"; description "The rate at which incoming URL access requests were dropped by the firewall because of resource constraints, averaged over the last 60 seconds."; } leaf cufwUrlfRequestsResDropRate5 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.15"; type yang:gauge32; units "Requests Per Second"; description "The rate at which incoming URL access requests were dropped by the firewall because of resource constraints, averaged over the last 300 seconds."; } leaf cufwUrlfNumServerTimeouts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.16"; type yang:counter64; description "The number of times the firewall failed to receive a response from the configured URL filtering servers for a request to authorize a URL access request. This is equal to the number of times a firewall removed a URL access request from the queue of pending requests because no response was received from the URL filtering server(s). This value is accumulated from the last reboot of the firewall."; } leaf cufwUrlfNumServerRetries { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.17"; type yang:counter64; description "The number of URL access authorization requests re-sent by the firewall to the URL Filtering Servers because a response was not received within the configured time interval. This value is accumulated from the last reboot of the firewall."; } leaf cufwUrlfResponsesNumLate { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.18"; type yang:counter64; units "Responses"; description "The number of responses from URL filtering servers which were received after the original URL access request was removed from the queue of pending requests. This value is accumulated from the last reboot of the firewall."; } leaf cufwUrlfUrlAccRespsNumResDropped { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.1.19"; type yang:counter64; units "Responses"; description "The number of transport packets constituting responses to URL access requests that were dropped by the firewall due to resource constraints waiting for a response from the filtering server. This value is accumulated from the last reboot of the firewall."; } } // container cufwUrlFilterGlobals container cufwUrlFilterResourceUsage { smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.2"; leaf cufwUrlfResTotalRequestCacheSize { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.2.1"; type yang:gauge32; units "KBytes"; description "The amount of memory occupied by all the caches used in the firewall to cache pending URL access requests."; } leaf cufwUrlfResTotalRespCacheSize { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.2.2"; type yang:gauge32; units "KBytes"; description "The amount of memory occupied by all the caches used in the firewall to cache responses for URL requests received from servers while awaiting a response from URL filter server."; } } // container cufwUrlFilterResourceUsage container cufwAaicGlobals { smiv2:oid "1.3.6.1.4.1.9.9.491.1.5.1"; leaf cufwAaicGlobalNumBadProtocolOps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.5.1.1"; type yang:counter64; units "Protocol Data Units"; description "'Protocol Operation' is the application protocol specific operation that the PDU is intended to perform. An example of 'protocol operation' is the HELO command of SMTP protocol. This MIB object records the number of application protocol data units that contained a protocol operation which was disallowed by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of application traffic payloads. This value is accumulated from the last reboot of the firewall."; } leaf cufwAaicGlobalNumBadPDUSize { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.5.1.2"; type yang:counter64; units "Protocol Data Units"; description "This MIB object records the number of application protocol data units (PDU) that had either an invalid header size or an invalid payload size, as determined by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of application traffic payloads. This value is accumulated from the last reboot of the firewall."; } leaf cufwAaicGlobalNumBadPortRange { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.5.1.3"; type yang:counter64; units "Protocol Data Units"; description "Number of application protocol units that attempted to advertise illegal port ranges for secondary connections. An example of such an occurrence would be a passive FTP connection, where the server advertises a disallowed port range for data connection. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of application traffic payloads. This value is accumulated from the last reboot of the firewall."; } } // container cufwAaicGlobals container cufwAaicHttpProtocolStats { smiv2:oid "1.3.6.1.4.1.9.9.491.1.5.2.1"; leaf cufwAaicHttpNumBadProtocolOps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.5.2.1.1"; type yang:counter64; units "HTTP Protocol Data Units"; description "The number of PDUs corresponding to HTTP protocol which were detected to be containing HTTP protocol methods which are disallowed by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall."; } leaf cufwAaicHttpNumBadPDUSize { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.5.2.1.2"; type yang:counter64; units "HTTP Protocol Data Units"; description "The number of PDUs corresponding to HTTP protocol that had either an invalid header size or an invalid payload size, as determined by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall."; } leaf cufwAaicHttpNumTunneledConns { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.5.2.1.3"; type yang:counter64; units "Connections"; description "The number of connections corresponding to HTTP protocol which were detected to be tunneling other application traffic streams. An instance of this would be InstantMessenger traffic running on HTTP. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall."; } leaf cufwAaicHttpNumLargeURIs { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.5.2.1.4"; type yang:counter64; units "HTTP Protocol Data Units"; description "The number of PDUs corresponding to HTTP protocol which were detected to be containing a URI of size not permitted by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall."; } leaf cufwAaicHttpNumBadContent { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.5.2.1.5"; type yang:counter64; units "HTTP Protocol Data Units"; description "The number of PDUs corresponding to HTTP protocol which were detected to be containing content whose type disallowed by the local security policy. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall."; } leaf cufwAaicHttpNumMismatchContent { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.5.2.1.6"; type yang:counter64; units "HTTP Protocol Data Units"; description "The number of PDUs corresponding to HTTP protocol which were detected to be containing content whose type was different from the content type specified in the header of the PDU. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall."; } leaf cufwAaicHttpNumDoubleEncodedPkts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.5.2.1.7"; type yang:counter64; units "HTTP Protocol Data Units"; description "The number of PDUs corresponding to HTTP protocol which were detected to be containing double encoding. Double encoding is a mechanism to obfuscate content in which a encoded data is re-encoded so as to evade deep packet inspections. For this MIB to be implemented, the managed firewall must be implementing deep packet inspection of HTTP traffic payloads. This value is accumulated from the last reboot of the firewall."; } } // container cufwAaicHttpProtocolStats container cufwL2FwGlobals { smiv2:oid "1.3.6.1.4.1.9.9.491.1.6.1"; leaf cufwL2GlobalEnableStealthMode { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.6.1.1"; type boolean; description "The value indicates if the firewall is operating in transparent (layer 2) mode or not. When operating in transparent mode, the firewall operates as a bridge while performing firewalling functions."; } leaf cufwL2GlobalArpCacheSize { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.6.1.2"; type int32 { range "1..2147483647"; } units "ARP entries"; description "The value indicates the configured maximum size of the ARP cache used for management traffic."; } leaf cufwL2GlobalEnableArpInspection { smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.6.1.3"; type boolean; description "The value indicates if ARP inspection, which is a security feature, is enabled globally on the managed firewall."; } leaf cufwL2GlobalNumArpRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.6.1.5"; type yang:counter64; units "ARP Requests"; description "The number of ARP requests issued by the transparent firewall to resolve a destination IP address. This counter is accumulated since the last reboot of the firewall."; } leaf cufwL2GlobalNumIcmpRequests { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.6.1.6"; type yang:counter64; units "ICMP Traceroute Requests"; description "The number of ICMP traceroute requests issued by the transparent firewall to resolve a destination IP address. This counter is accumulated since the last reboot of the firewall."; } leaf cufwL2GlobalNumFloods { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.6.1.7"; type yang:counter64; description "The number of times the firewall floods a frame to be forwarded to the egress interfaces because the destination MAC address is missing in the bridge table. This counter is accumulated since the last reboot of the firewall."; } leaf cufwL2GlobalNumDrops { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.6.1.8"; type yang:counter64; description "The number of times the firewall dropped an incoming frame because the destination MAC address is missing in the bridge table. This counter is accumulated since the last reboot of the firewall."; } leaf cufwL2GlobalArpOverflowRate5 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.6.1.9"; type yang:gauge32; description "The number of times an existing entry from the ARP cache had to be ejected in order to insert a new entry in the last 300 seconds. This counter is accumulated since the last reboot of the firewall."; } leaf cufwL2GlobalNumBadArpResponses { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.6.1.10"; type yang:counter64; units "ARP Responses"; description "The number of malformed ARP responses received by the firewall in trying to resolve the MAC address of the destination IP address in an incoming frame. This counter is accumulated since the last reboot of the firewall."; } leaf cufwL2GlobalNumSpoofedArpResps { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.6.1.11"; type yang:counter64; units "ARP Responses"; description "The number of spoofed ARP responses received by the firewall. Such an event would occur when the firewall encounters an ARP response mapping an IP address to a different MAC Address from the one present in the local ARP cache. This counter is accumulated since the last reboot of the firewall."; } } // container cufwL2FwGlobals container cuFwNotifCntlGrp { smiv2:oid "1.3.6.1.4.1.9.9.491.1.7"; leaf cufwCntlUrlfServerStatusChange { smiv2:defval "false"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.7.1"; type boolean; description "This object defines the administrative state of sending the SNMP notification to signal the election of a new primary URL filtering server by this firewall. Such a change could occur either as a result of the current primary server becoming unavailable or as a result of explicit management action in nominating a filtering server the primary server."; } leaf cufwCntlL2StaticMacAddressMoved { smiv2:defval "true"; smiv2:max-access "read-write"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.7.2"; type boolean; description "This object defines the administrative state of sending the SNMP notification to signal the move of a statically configured MAC address to a new port. Such a change could occur either as a result of physical move of the device with the MAC Address to the new port or due to MAC address spoofing."; } } // container cuFwNotifCntlGrp container cufwConnSummaryTable { smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.1"; description "This table summarizes the connection activity on the firewall per layer3-layer 4 protocol instance. Each entry in the table lists the connection summary of a distinct network protocol. For instance, the conceptual row corresponding to the index cufwConnProtocol = fwpTcp yields the summary of TCP connection activity on the firewall since its reboot."; list cufwConnSummaryEntry { smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.1.1"; key "cufwConnProtocol"; description "Each entry contains the summary of connection activity for a layer3-layer4 network protocol."; leaf cufwConnProtocol { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.1.1.1"; type cisco-firewall:CFWNetworkProtocol; description "The (L3-L4) protocol for which this conceptual row summarizes the connection activity on the managed entity."; } leaf cufwConnNumAttempted { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.1.1.2"; type yang:counter64; units "Connections"; description "The number of connections attempted since the last reboot of the firewall, corresponding to the protocol denoted by 'cufwConnProtocol'. This value is accumulated from the last reboot of the firewall."; } leaf cufwConnNumSetupsAborted { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.1.1.3"; type yang:counter64; units "Connections"; description "The number of connection setup attempts, corresponding to the protocol denoted by 'cufwConnProtocol', that were aborted before the connection could proceed to completion. The counter includes setup attempts aborted by the firewall as well as those aborted by the initiator and/or the responder(s) of/to the connection setup attempt. Consequently, this value subsumes the values of objects 'cufwConnNumPolicyDeclined' and 'cufwConnNumResDeclined'. This value is accumulated from the last reboot of the firewall."; } leaf cufwConnNumPolicyDeclined { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.1.1.4"; type yang:counter64; units "Connections"; description "The number of connection attempts that were declined due to security policy, corresponding to the protocol denoted by 'cufwConnProtocol'. This value is accumulated from the last reboot of the firewall."; } leaf cufwConnNumResDeclined { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.1.1.5"; type yang:counter64; units "Connections"; description "The number of connection attempts that were declined due to resource unavailability, corresponding to the protocol denoted by 'cufwConnProtocol'. This value is accumulated from the last reboot of the firewall."; } leaf cufwConnNumHalfOpen { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.1.1.6"; type yang:gauge32; units "Connections"; description "The number of connections that are currently in the process of being established, corresponding to the protocol denoted by 'cufwConnProtocol'."; } leaf cufwConnNumActive { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.1.1.7"; type yang:gauge32; units "Connections"; description "The number of connections that are currently active, corresponding to the protocol denoted by 'cufwConnProtocol'."; } leaf cufwConnNumAborted { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.1.1.8"; type yang:counter64; units "Connections"; description "The number of connections that were abnormally terminated after successful establishment, corresponding to the protocol denoted by 'cufwConnProtocol'. This value is accumulated from the last reboot of the firewall."; } leaf cufwConnSetupRate1 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.1.1.9"; type yang:gauge32; units "Connections Per Second"; description "The connection setup rate averaged over the last 60 seconds corresponding to the protocol denoted by 'cufwConnProtocol'."; } leaf cufwConnSetupRate5 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.1.1.10"; type yang:gauge32; units "Connections Per Second"; description "The connection setup rate averaged over the last 300 seconds corresponding to the protocol denoted by 'cufwConnProtocol'."; } } // list cufwConnSummaryEntry } // container cufwConnSummaryTable container cufwAppConnSummaryTable { smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.2"; description "This table lists the summary of firewall connections pertaining to Layer 7 protocols, catalogued by distinct application protocols. Each entry in the table lists the connection summary corresponding to a distinct application protocol. For instance, to obtain the connection summary for SMTP on the firewall since the last reboot of the device, use the conceptual row corresponding to cufwAppConnProtocol = fwApSmtp"; list cufwAppConnSummaryEntry { smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.2.1"; key "cufwAppConnProtocol"; description "Each entry contains the summary of connection activity for a distinct layer 7 protocol identified by the index element 'cufwAppConnProtocol'."; leaf cufwAppConnProtocol { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.2.1.1"; type cisco-firewall:CFWApplicationProtocol; description "The layer7 protocol for which this conceptual row summarizes the connection activity for this firewall."; } leaf cufwAppConnNumAttempted { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.2.1.2"; type yang:counter64; units "Connections"; description "The number of connections attempted since the last reboot of the firewall, corresponding to the protocol denoted by 'cufwAppConnProtocol'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats."; } leaf cufwAppConnNumSetupsAborted { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.2.1.3"; type yang:counter64; units "Connections"; description "The number of connection setup attempts, corresponding to the protocol denoted by 'cufwAppConnProtocol', that were aborted before the connection could proceed to completion. The counter includes setup attempts aborted by the firewall as well as those aborted by the initiator and/or the responder(s) of/to the connection setup attempt. Consequently, this value subsumes the values of objects 'cufwAppConnNumPolicyDeclined' and 'cufwAppConnNumResDeclined'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats."; } leaf cufwAppConnNumPolicyDeclined { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.2.1.4"; type yang:counter64; units "Connections"; description "The number of connection attempts that were declined due to security policy, corresponding to the protocol denoted by 'cufwAppConnProtocol'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats."; } leaf cufwAppConnNumResDeclined { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.2.1.5"; type yang:counter64; units "Connections"; description "The number of connection attempts that were declined due to resource unavailability, corresponding to the protocol denoted by 'cufwAppConnProtocol'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats."; } leaf cufwAppConnNumHalfOpen { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.2.1.6"; type yang:gauge32; units "Connections"; description "The number of connections that are currently in the process of being established, corresponding to the protocol denoted by 'cufwAppConnProtocol'."; } leaf cufwAppConnNumActive { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.2.1.7"; type yang:gauge32; units "Connections"; description "The number of connections that are currently active, corresponding to the protocol denoted by 'cufwAppConnProtocol'."; } leaf cufwAppConnNumAborted { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.2.1.8"; type yang:counter64; units "Connections"; description "The number of connections that were terminated by the firewall successful establishment, corresponding to the protocol denoted by 'cufwAppConnProtocol'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats."; } leaf cufwAppConnSetupRate1 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.2.1.9"; type yang:gauge32; units "Connections Per Second"; description "The connection setup rate averaged over the last 60 seconds corresponding to the protocol denoted by 'cufwAppConnProtocol'."; } leaf cufwAppConnSetupRate5 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.2.1.10"; type yang:gauge32; units "Connections Per Second"; description "The connection setup rate averaged over the last 300 seconds corresponding to the protocol denoted by 'cufwAppConnProtocol'."; } } // list cufwAppConnSummaryEntry } // container cufwAppConnSummaryTable container cufwPolicyConnSummaryTable { smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.3"; description "This table lists the summary of firewall connections for layer3-layer 4 protocols catalogued on a per policy basis. Each entry in the table lists the connection summary of a distinct network protocol, configured on the specified policy on the firewall, and pertaining to a specified target to which the policy is currently applied. If a policy is bound to a target, it would have one or more entries in this table. If the policy is detached from the target, all entries corresponding to the association between the policy and the target are elminated from this table. Although the information is indexed by policy targets as well, one may aggregate the connection summary for a specific policy across all the target to which the policy is currently applied by setting cufwConnPolicyTargetType = 'targetAll'"; list cufwPolicyConnSummaryEntry { smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.3.1"; key "cufwPolConnPolicy cufwPolConnPolicyTargetType cufwPolConnPolicyTarget cufwPolConnProtocol"; description "Each entry contains the summary of connection activity for a specific protocol in a specific policy applied to the specified policy target."; leaf cufwPolConnPolicy { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.3.1.1"; type cisco-firewall:CFWPolicy; description "The identity of the firewall policy for which this conceptual row contains the connection activity summary."; } leaf cufwPolConnPolicyTargetType { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.3.1.2"; type cisco-firewall:CFWPolicyTargetType; description "The type of the entity to which the firewall policy 'cufwPolConnPolicy' has been applied. This could be an interface type (most commonly), the type of another object or a group of objects defined in the firewall configuration. When this object is set to 'targetALL', the value of index object cufwConnPolicyTarget is ignored."; } leaf cufwPolConnPolicyTarget { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.3.1.3"; type cisco-firewall:CFWPolicyTarget { length "0..128"; } description "The identity of the entity to which the firewall policy 'cufwPolConnPolicy' is applied. This could be an interface object (most commonly), another object or group of objects defined in the firewall configuration."; } leaf cufwPolConnProtocol { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.3.1.4"; type cisco-firewall:CFWNetworkProtocol; description "The (L3-L4) protocol corresponding to which this conceptual row summarizes the connection activity on the firewall."; } leaf cufwPolConnNumAttempted { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.3.1.5"; type yang:counter64; units "Connections"; description "The number of connections attempted since the last reboot of the firewall, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'."; } leaf cufwPolConnNumSetupsAborted { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.3.1.6"; type yang:counter64; units "Connections"; description "The number of connection setup attempts, corresponding to the protocol denoted by 'cufwPolConnProtocol', associated with the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget', that were aborted before the connection could proceed to completion. The counter includes setup attempts aborted by the firewall as well as those aborted by the initiator and/or the responder(s) of/to the connection setup attempt. Consequently, this value subsumes the values of objects 'cufwPolConnNumPolicyDeclined' and 'cufwPolConnNumResDeclined'."; } leaf cufwPolConnNumPolicyDeclined { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.3.1.7"; type yang:counter64; units "Connections"; description "The number of connection attempts that were declined due to security policy, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'."; } leaf cufwPolConnNumResDeclined { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.3.1.8"; type yang:counter64; units "Connections"; description "The number of connection attempts that were declined due to resource unavailability, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'."; } leaf cufwPolConnNumHalfOpen { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.3.1.9"; type yang:gauge32; units "Connections"; description "The number of connections that are currently in the process of being established, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'."; } leaf cufwPolConnNumActive { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.3.1.10"; type yang:gauge32; units "Connections"; description "The number of connections that are currently active, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'."; } leaf cufwPolConnNumAborted { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.3.1.11"; type yang:counter64; units "Connections"; description "The number of connections that were abnormally terminated after successful establishment, corresponding to the protocol denoted by 'cufwPolConnProtocol', in the policy 'cufwPolConnPolicy' applied to the entity identified by 'cufwPolConnPolicyTarget'."; } } // list cufwPolicyConnSummaryEntry } // container cufwPolicyConnSummaryTable container cufwPolicyAppConnSummaryTable { smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.4"; description "This table lists the summary of firewall connections pertaining to Layer 7 protocols, catalogued on a per policy basis Each entry in the table lists the connection summary of a distinct application protocol, configured on the specified policy on the firewall, and pertaining to a specified target to which the policy has been applied. If a policy is bound to a target, it would have one or more entries in this table. If the policy is detached from the target, all entries corresponding to the association between the policy and the target are elminated from this table. Although the information is indexed by policy targets as well, one may aggregate the connection summary for a specific policy across all the target to which the policy is currently applied by setting cufwAppConnPolicyTargetType = 'targetALL'"; list cufwPolicyAppConnSummaryEntry { smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.4.1"; key "cufwPolAppConnPolicy cufwPolAppConnPolicyTargetType cufwPolAppConnPolicyTarget cufwPolAppConnProtocol"; description "Each entry contains the summary of connection activity for a specific layer 7 protocol in a specific policy applied to the specified policy target."; leaf cufwPolAppConnPolicy { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.4.1.1"; type cisco-firewall:CFWPolicy; description "The identity of the firewall policy for which this conceptual row contains the connection activity summary."; } leaf cufwPolAppConnPolicyTargetType { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.4.1.2"; type cisco-firewall:CFWPolicyTargetType; description "The type of the entity to which the firewall policy 'cufwPolAppConnPolicy' has been applied. This could be an interface type (most commonly), the type of another object or a group of objects defined in the firewall configuration. When this object is set to 'targetALL', the value of index object cufwAppConnPolicyTarget is ignored."; } leaf cufwPolAppConnPolicyTarget { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.4.1.3"; type cisco-firewall:CFWPolicyTarget { length "0..128"; } description "The identity of the entity to which the firewall policy 'cufwPolAppProtocol' refers. This could be an interface object (most commonly), another object or group of objects defined in the firewall configuration."; } leaf cufwPolAppConnProtocol { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.4.1.4"; type cisco-firewall:CFWApplicationProtocol; description "The layer7 protocol for which this conceptual row summarizes the connection activity for this firewall."; } leaf cufwPolAppConnNumAttempted { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.4.1.5"; type yang:counter64; units "Connections"; description "The number of connections attempted since the last reboot of the firewall, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats."; } leaf cufwPolAppConnNumSetupsAborted { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.4.1.6"; type yang:counter64; units "Connections"; description "The number of connection setup attempts, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', associated with the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget', that were aborted before the connections could proceed to completion. The counter includes setup attempts aborted by the firewall as well as those aborted by the initiator and/or the responder(s) of/to the connection setup attempt. Consequently, this value subsumes the values of objects 'cufwPolAppConnNumPolicyDeclined' and 'cufwPolAppConnNumResDeclined'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats."; } leaf cufwPolAppConnNumPolicyDeclined { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.4.1.7"; type yang:counter64; units "Connections"; description "The number of connection attempts that were declined due to security policy, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats."; } leaf cufwPolAppConnNumResDeclined { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.4.1.8"; type yang:counter64; units "Connections"; description "The number of connection attempts that were declined due to resource unavailability, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'. This value is accumulated from the last reboot of the firewall subject to the control exercised by cufwConnReptAppStats."; } leaf cufwPolAppConnNumHalfOpen { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.4.1.9"; type yang:gauge32; units "Connections"; description "The number of connections that are currently in the process of being established, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'."; } leaf cufwPolAppConnNumActive { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.4.1.10"; type yang:gauge32; units "Connections"; description "The number of connections that are currently active, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'."; } leaf cufwPolAppConnNumAborted { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.1.4.4.1.11"; type yang:counter64; units "Connections"; description "The number of connections that were abnormally terminated after successful establishment, corresponding to the protocol denoted by 'cufwPolAppConnProtocol', in the policy 'cufwPolAppConnPolicy' applied to the entity identified by 'cufwPolAppConnPolicyTarget'."; } } // list cufwPolicyAppConnSummaryEntry } // container cufwPolicyAppConnSummaryTable container cufwInspectionTable { smiv2:oid "1.3.6.1.4.1.9.9.491.1.2.3"; description "This table identifies if an application protocol has been configured for inspection and if so, the name of the firewall policy or the inspection configuration that configures the specified protocol for inspection. The table also identifies if the specified protocol is actively being inspected. This table may be used by an administrator to quickly identify if a protocol is being subjected to application inspection by the managed firewall."; list cufwInspectionEntry { smiv2:oid "1.3.6.1.4.1.9.9.491.1.2.3.1"; key "cufwInspectionPolicyName cufwInspectionProtocol"; description "Each entry contains the configuration of a specific application inspection element."; leaf cufwInspectionPolicyName { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.2.3.1.1"; type cisco-firewall:CFWPolicy { length "0..128"; } description "The name of the policy that configures the device inspect the protocol specified by 'cufwInspectionProtocol'."; } leaf cufwInspectionProtocol { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.2.3.1.2"; type cisco-firewall:CFWApplicationProtocol; description "The application protocol that is configured for inspection."; } leaf cufwInspectionStatus { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.2.3.1.3"; type boolean; description "This MIB object identifies if the directive to inspect the protocol specified by 'cufwInspectionProtocol' by the policy corresponding to this conceptual row is enabled or disabled."; } } // list cufwInspectionEntry } // container cufwInspectionTable container cufwUrlfServerTable { smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3.1"; description "This table lists the URL filtering servers configured on the managed device and their performance statistics. This table is not meant as a device to configure URL filtering servers."; list cufwUrlfServerEntry { smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3.1.1"; key "cufwUrlfServerAddrType cufwUrlfServerAddress cufwUrlfServerPort"; description "Each entry contains the configuration of a specific URL filtering server."; leaf cufwUrlfServerAddrType { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3.1.1.1"; type inet-address:InetAddressType; description "The type of the IP address of the URL filtering server."; } leaf cufwUrlfServerAddress { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3.1.1.2"; type inet-address:InetAddress; description "The value of the IP address of the URL filtering server."; } leaf cufwUrlfServerPort { smiv2:max-access "not-accessible"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3.1.1.3"; type inet:port-number; description "The value of the port at which the URL filtering server listens for incoming requests."; } leaf cufwUrlfServerVendor { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3.1.1.4"; type cisco-firewall:CFWUrlfVendorId; description "The vendor type of the URL filtering server."; } leaf cufwUrlfServerStatus { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3.1.1.5"; type cisco-firewall:CFWUrlServerStatus; description "The status of the URL filtering server corresponding to this conceptual row."; } leaf cufwUrlfServerReqsNumProcessed { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3.1.1.6"; type yang:counter64; description "The number of URL access requests forwarded by the managed firewall device to the URL filtering server corresponding to this conceptual row. This value is counted from the last reboot of the managed device."; } leaf cufwUrlfServerReqsNumAllowed { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3.1.1.7"; type yang:counter64; description "The number of URL access requests allowed by the URL filtering server corresponding to this conceptual row. This counter does not include late responses. This value is counted from the last reboot of the managed device."; } leaf cufwUrlfServerReqsNumDenied { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3.1.1.8"; type yang:counter64; description "The number of URL access requests denied by the URL filtering server corresponding to this conceptual row. This counter does not include late responses. This value is counted from the last reboot of the managed device."; } leaf cufwUrlfServerNumTimeouts { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3.1.1.9"; type yang:counter64; description "The number of times the firewall failed to receive a response from the URL filtering server corresponding to this conceptual row, for a request to authorize a URL access request. This is equal to the number of times a firewall removed a URL access request from the queue of pending requests because no response was received from the URL filtering server. This value is accumulated from the last reboot of the firewall."; } leaf cufwUrlfServerNumRetries { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3.1.1.10"; type yang:counter64; description "The number of URL access authorization requests re-sent by the firewall to the URL Filtering Server corresponding to this conceptual row, because a response was not received within the configured time interval from the server. This value is counted from the last reboot of the managed device."; } leaf cufwUrlfServerRespsNumReceived { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3.1.1.11"; type yang:counter64; description "The number of URL access responses received by the firewall from the URL filtering server corresponding to this conceptual row. This counter does not include late responses. This value is counted from the last reboot of the managed device."; } leaf cufwUrlfServerRespsNumLate { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3.1.1.12"; type yang:counter64; description "The number of URL access responses received by the managed firewall from the URL filtering server corresponding to this conceptual row after the original URL access request was removed from the queue of pending requests. This value is counted from the last reboot of the managed device."; } leaf cufwUrlfServerAvgRespTime1 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3.1.1.13"; type yang:gauge32; units "seconds"; description "The average round-trip response time of the URL filtering server computed over the last 60 seconds. A value of zero indicates that there was insufficient data to compute this value over the last time interval."; } leaf cufwUrlfServerAvgRespTime5 { smiv2:max-access "read-only"; smiv2:oid "1.3.6.1.4.1.9.9.491.1.3.3.1.1.14"; type yang:gauge32; units "seconds"; description "The average round-trip response time of the URL filtering server computed over the last 300 seconds. A value of zero indicates that there was insufficient data to compute this value over the last time interval."; } } // list cufwUrlfServerEntry } // container cufwUrlfServerTable } // container CISCO-UNIFIED-FIREWALL-MIB notification ciscoUFwUrlfServerStateChange { smiv2:oid "1.3.6.1.4.1.9.9.491.0.1"; description "This notification is generated when the firewall elects a new primary URL filtering server from the existing set of configured servers. Such a change could occur either as a result of the current primary server becoming unavailable or as a result of explicit management action in nominating a filtering server the primary server. The notification is issued just before the change occurs. Consequently, the varbinds identify the attributes corresponding to the old primary server. This notification is issued if and only if the object 'cufwCntlUrlfServerStatusChange' has been set to 'true'."; container object-1 { leaf cufwUrlfServerAddrType { type leafref { path "/CISCO-UNIFIED-FIREWALL-MIB:CISCO-UNIFIED-FIREWALL-MIB/CISCO-UNIFIED-FIREWALL-MIB:cufwUrlfServerTable/CISCO-UNIFIED-FIREWALL-MIB:cufwUrlfServerEntry/CISCO-UNIFIED-FIREWALL-MIB:cufwUrlfServerAddrType"; } } leaf cufwUrlfServerAddress { type leafref { path "/CISCO-UNIFIED-FIREWALL-MIB:CISCO-UNIFIED-FIREWALL-MIB/CISCO-UNIFIED-FIREWALL-MIB:cufwUrlfServerTable/CISCO-UNIFIED-FIREWALL-MIB:cufwUrlfServerEntry/CISCO-UNIFIED-FIREWALL-MIB:cufwUrlfServerAddress"; } } leaf cufwUrlfServerPort { type leafref { path "/CISCO-UNIFIED-FIREWALL-MIB:CISCO-UNIFIED-FIREWALL-MIB/CISCO-UNIFIED-FIREWALL-MIB:cufwUrlfServerTable/CISCO-UNIFIED-FIREWALL-MIB:cufwUrlfServerEntry/CISCO-UNIFIED-FIREWALL-MIB:cufwUrlfServerPort"; } } leaf cufwUrlfServerStatus { type leafref { path "/CISCO-UNIFIED-FIREWALL-MIB:CISCO-UNIFIED-FIREWALL-MIB/CISCO-UNIFIED-FIREWALL-MIB:cufwUrlfServerTable/CISCO-UNIFIED-FIREWALL-MIB:cufwUrlfServerEntry/CISCO-UNIFIED-FIREWALL-MIB:cufwUrlfServerStatus"; } } } // container object-1 } // notification ciscoUFwUrlfServerStateChange notification ciscoUFwL2StaticMacAddressMoved { smiv2:oid "1.3.6.1.4.1.9.9.491.0.2"; description "This notification is generated when the firewall detects the move of a static MAC address to a new port. Such a change could occur either as a result of physical move of the device with the MAC Address to the new port, due to management action of relocating the MAC address at the new location or due to MAC address spoofing. The varbinds identify the new location (port) of the MAC Address and its status at the new location. This notification is issued if and only if the object 'cufwCntlL2StaticMacAddressMoved' has been set to 'true'."; container object-1 { leaf dot1dTpFdbAddress { type leafref { path "/bridge-mib:BRIDGE-MIB/bridge-mib:dot1dTpFdbTable/bridge-mib:dot1dTpFdbEntry/bridge-mib:dot1dTpFdbAddress"; } } leaf dot1dTpFdbPort { type leafref { path "/bridge-mib:BRIDGE-MIB/bridge-mib:dot1dTpFdbTable/bridge-mib:dot1dTpFdbEntry/bridge-mib:dot1dTpFdbPort"; } } } // container object-1 container object-2 { leaf dot1dTpFdbAddress { type leafref { path "/bridge-mib:BRIDGE-MIB/bridge-mib:dot1dTpFdbTable/bridge-mib:dot1dTpFdbEntry/bridge-mib:dot1dTpFdbAddress"; } } leaf dot1dTpFdbStatus { type leafref { path "/bridge-mib:BRIDGE-MIB/bridge-mib:dot1dTpFdbTable/bridge-mib:dot1dTpFdbEntry/bridge-mib:dot1dTpFdbStatus"; } } } // container object-2 } // notification ciscoUFwL2StaticMacAddressMoved } // module CISCO-UNIFIED-FIREWALL-MIB
© 2023 YumaWorks, Inc. All rights reserved.