Firewall MIB Tables

Firewall MIB Tables

The firewall MIB contains the following tables, most of which are detailed in this section: Firewall on Interface Group, Interface to Policy Group, Group Policy, Policy Rule Definition, Authentication Group, Network in Network Group, Network Group, Network, Compound Filter, Sub Filter, IP Header Filter, Offset Filter, IP Options Header Filter, Data Filter, Policy Rule True, Session Totals, IP Session, Auth Address Group, and DOS Blocked Group.

Global Interface Operations

Some configurable items affect all interfaces on the XSR. For each of these operations, a pointer is created to the firewall configuration object when the SNMP/FW command dispatcher determines the type of operation. This object maintains the current state of each of the global interface operations.

Note: The XSR supports only SNMP gets for these objects.

The following objects take immediate action on the firewall engine.

Table B-19 Configuration Objects

Field

Description

 

 

etsysFWFirewallEnabled

The current state of the firewall is returned when this value is read. The value read

 

may be different than the last value set if the state is changed by a means other than

 

this MIB. This is a read-write field. Setting the value to true causes the firewall to start

 

inspecting packets while setting it to false causes the firewall to stop inspecting

 

packets.

 

 

etsysFWTcpTimeout

The current value of the TCP timer (for all interfaces) is returned from the firewall

 

configuration object on read. During a set operation, the value of the TCP timer (for all

 

interfaces) is updated in the firewall configuration object.

 

 

etsysFWUdpTimeout

The current value of the UDP timer (for all interfaces) is returned from the firewall

 

configuration object on read. During a set operation, the value of the UDP timer (for

 

all interfaces) is updated in the firewall configuration object.

 

 

etsysFWIcmpTimeout

The current value of the ICMP timer (for all interfaces) is returned from the firewall

 

configuration object on read. During a set operation, the value of the ICMP timer (for

 

all interfaces) is updated in the firewall configuration object.

 

 

etsysFWAuthTimeout

The current value of the Auth timer (for all interfaces) is returned from the firewall

 

configuration object on read. During a set operation, the value of the Auth timer (for all

 

interfaces) is updated in the firewall configuration object.

 

 

etsysFWAuthPort

The current value of the Auth Port (for all interfaces) is returned from the firewall

 

configuration object on read. During a set operation, the value of the Auth Port (for all

 

interfaces) is updated in the firewall configuration object.

 

 

etsysFWLoggingThreshold

The current value of the Logging Threshold (for all interfaces) is returned from the

 

firewall configuration object on read. During a set operation, the value of the Logging

 

Threshold (for all interfaces) is updated in the firewall configuration object. There are

 

eight event levels in the firewall and four on the XSR. Levels 0-3 constitute the High

 

XSR logging threshold, Levels 4 and 5 are Medium, Level 6 is Low and Level 7 is

 

Debug.

 

 

XSR User’s Guide B-9

Page 451
Image 451
Enterasys Networks X-PeditionTM manual Firewall MIB Tables, Global Interface Operations