CABH-SEC-MIB

File: CABH-SEC-MIB.mib (65984 bytes)

Imported modules

SNMPv2-SMI SNMPv2-TC SNMPv2-CONF
INET-ADDRESS-MIB SNMP-FRAMEWORK-MIB DOCS-BPI2-MIB
RMON2-MIB DOCS-CABLE-DEVICE-MIB IF-MIB
CLAB-DEF-MIB

Imported symbols

MODULE-IDENTITY Unsigned32 zeroDotZero
Counter32 OBJECT-TYPE DateAndTime
TruthValue TimeStamp RowStatus
VariablePointer OBJECT-GROUP MODULE-COMPLIANCE
InetPortNumber InetAddress SnmpAdminString
X509Certificate ZeroBasedCounter32 docsDevFilterIpEntry
InterfaceIndexOrZero clabProjCableHome

Defined Types

CabhSec2FwEventControlEntry  
SEQUENCE    
  cabhSec2FwEventType INTEGER
  cabhSec2FwEventEnable INTEGER
  cabhSec2FwEventThreshold Unsigned32
  cabhSec2FwEventInterval Unsigned32
  cabhSec2FwEventCount ZeroBasedCounter32
  cabhSec2FwEventLogReset TruthValue
  cabhSec2FwEventLogLastReset TimeStamp

CabhSec2FwLogEntry  
SEQUENCE    
  cabhSec2FwLogIndex Unsigned32
  cabhSec2FwLogEventType INTEGER
  cabhSec2FwLogEventPriority INTEGER
  cabhSec2FwLogEventId Unsigned32
  cabhSec2FwLogTime DateAndTime
  cabhSec2FwLogIpProtocol Unsigned32
  cabhSec2FwLogIpSourceAddr InetAddress
  cabhSec2FwLogIpDestAddr InetAddress
  cabhSec2FwLogIpSourcePort InetPortNumber
  cabhSec2FwLogIpDestPort InetPortNumber
  cabhSec2FwLogMessageType Unsigned32
  cabhSec2FwLogReplayCount Unsigned32
  cabhSec2FwLogMIBPointer VariablePointer
  cabhSec2FwLogMatchingFilterTableName INTEGER
  cabhSec2FwLogMatchingFilterTableIndex Unsigned32
  cabhSec2FwLogMatchingFilterDescr SnmpAdminString

CabhSec2FwFilterScheduleEntry  
SEQUENCE    
  cabhSec2FwFilterScheduleStartTime Unsigned32
  cabhSec2FwFilterScheduleEndTime Unsigned32
  cabhSec2FwFilterScheduleDOW BITS
  cabhSec2FwFilterScheduleDescr SnmpAdminString

CabhSec2FwFactoryDefaultFilterEntry  
SEQUENCE    
  cabhSec2FwFactoryDefaultFilterIndex Unsigned32
  cabhSec2FwFactoryDefaultFilterControl INTEGER
  cabhSec2FwFactoryDefaultFilterIfIndex InterfaceIndexOrZero
  cabhSec2FwFactoryDefaultFilterDirection INTEGER
  cabhSec2FwFactoryDefaultFilterSaddr InetAddress
  cabhSec2FwFactoryDefaultFilterSmask InetAddress
  cabhSec2FwFactoryDefaultFilterDaddr InetAddress
  cabhSec2FwFactoryDefaultFilterDmask InetAddress
  cabhSec2FwFactoryDefaultFilterProtocol Unsigned32
  cabhSec2FwFactoryDefaultFilterSourcePortLow Unsigned32
  cabhSec2FwFactoryDefaultFilterSourcePortHigh Unsigned32
  cabhSec2FwFactoryDefaultFilterDestPortLow Unsigned32
  cabhSec2FwFactoryDefaultFilterDestPortHigh Unsigned32
  cabhSec2FwFactoryDefaultFilterContinue TruthValue

CabhSec2FwLocalFilterIpEntry  
SEQUENCE    
  cabhSec2FwLocalFilterIpIndex Unsigned32
  cabhSec2FwLocalFilterIpStatus RowStatus
  cabhSec2FwLocalFilterIpControl INTEGER
  cabhSec2FwLocalFilterIpIfIndex InterfaceIndexOrZero
  cabhSec2FwLocalFilterIpDirection INTEGER
  cabhSec2FwLocalFilterIpSaddr InetAddress
  cabhSec2FwLocalFilterIpSmask InetAddress
  cabhSec2FwLocalFilterIpDaddr InetAddress
  cabhSec2FwLocalFilterIpDmask InetAddress
  cabhSec2FwLocalFilterIpProtocol Unsigned32
  cabhSec2FwLocalFilterIpSourcePortLow Unsigned32
  cabhSec2FwLocalFilterIpSourcePortHigh Unsigned32
  cabhSec2FwLocalFilterIpDestPortLow Unsigned32
  cabhSec2FwLocalFilterIpDestPortHigh Unsigned32
  cabhSec2FwLocalFilterIpMatches Counter32
  cabhSec2FwLocalFilterIpContinue TruthValue
  cabhSec2FwLocalFilterIpStartTime Unsigned32
  cabhSec2FwLocalFilterIpEndTime Unsigned32
  cabhSec2FwLocalFilterIpDOW BITS
  cabhSec2FwLocalFilterIpDescr SnmpAdminString

Defined Values

cabhSecMib 1.3.6.1.4.1.4491.2.4.2
This MIB module supplies the basic management objects for the Security Portal Services.
MODULE-IDENTITY    

cabhSecMibObjects 1.3.6.1.4.1.4491.2.4.2.5
OBJECT IDENTIFIER    

cabhSecFwObjects 1.3.6.1.4.1.4491.2.4.2.1
OBJECT IDENTIFIER    

cabhSecFwBase 1.3.6.1.4.1.4491.2.4.2.1.1
OBJECT IDENTIFIER    

cabhSecFwLogCtl 1.3.6.1.4.1.4491.2.4.2.1.2
OBJECT IDENTIFIER    

cabhSecCertObjects 1.3.6.1.4.1.4491.2.4.2.2
OBJECT IDENTIFIER    

cabhSecKerbObjects 1.3.6.1.4.1.4491.2.4.2.5.3
OBJECT IDENTIFIER    

cabhSecKerbBase 1.3.6.1.4.1.4491.2.4.2.5.3.1
OBJECT IDENTIFIER    

cabhSec2FwObjects 1.3.6.1.4.1.4491.2.4.2.5.4
OBJECT IDENTIFIER    

cabhSec2FwBase 1.3.6.1.4.1.4491.2.4.2.5.4.1
OBJECT IDENTIFIER    

cabhSec2FwEvent 1.3.6.1.4.1.4491.2.4.2.5.4.2
OBJECT IDENTIFIER    

cabhSec2FwLog 1.3.6.1.4.1.4491.2.4.2.5.4.3
OBJECT IDENTIFIER    

cabhSec2FwFilter 1.3.6.1.4.1.4491.2.4.2.5.4.4
OBJECT IDENTIFIER    

cabhSecFwPolicyFileEnable 1.3.6.1.4.1.4491.2.4.2.1.1.1
This parameter indicates whether or not to enable the firewall functionality.
OBJECT-TYPE    
  INTEGER enable(1), disable(2)  

cabhSecFwPolicyFileURL 1.3.6.1.4.1.4491.2.4.2.1.1.2
A policy rule set file download is triggered when the value used to SET this object is different than the value in the cabhSecFwPolicySuccessfulFileURL object.
OBJECT-TYPE    
  SnmpAdminString  

cabhSecFwPolicyFileHash 1.3.6.1.4.1.4491.2.4.2.1.1.3
Hash of the contents of the rules set file, calculated and sent to the PS prior to sending the rules set file. For the SHA-1 authentication algorithm the length of the hash is 160 bits. This hash value is encoded in binary format.
OBJECT-TYPE    
  OCTET STRING Size(020)  

cabhSecFwPolicyFileOperStatus 1.3.6.1.4.1.4491.2.4.2.1.1.4
inProgress(1) indicates a firewall configuration file download is underway. complete (2) indicates the firewall configuration file downloaded and configured successfully. completeFromMgt(3) This state is deprecated. failed(4) indicates the last attempted firewall configuration file download or processing failed ordinarily due to TFTP timeout.
OBJECT-TYPE    
  INTEGER inProgress(1), complete(2), failed(4)  

cabhSecFwPolicyFileCurrentVersion 1.3.6.1.4.1.4491.2.4.2.1.1.5
The rule set version currently operating in the PS device. This object should be in the syntax used by the individual vendor to identify software versions. Any PS element MUST return a string descriptive of the current rule set file load. If this is not applicable, this object MUST contain an empty string.
OBJECT-TYPE    
  SnmpAdminString  

cabhSecFwPolicySuccessfulFileURL 1.3.6.1.4.1.4491.2.4.2.1.1.6
Contains the location of the last successful downloaded policy rule set file in the format pointed in the reference. If a successful download has never occurred, this MIB object MUST report empty string.
OBJECT-TYPE    
  SnmpAdminString  

cabhSecFwEventType1Enable 1.3.6.1.4.1.4491.2.4.2.1.2.1
This object enables or disables logging of type 1 firewall event messages. Type 1 event messages report attempts from both private and public clients to traverse the firewall that violate the Security Policy.
OBJECT-TYPE    
  INTEGER enable(1), disable(2)  

cabhSecFwEventType2Enable 1.3.6.1.4.1.4491.2.4.2.1.2.2
This object enables or disables logging of type 2 firewall event messages. Type 2 event messages report identified Denial of Service attack attempts.
OBJECT-TYPE    
  INTEGER enable(1), disable(2)  

cabhSecFwEventType3Enable 1.3.6.1.4.1.4491.2.4.2.1.2.3
Enables or disables logging of type 3 firewall event messages. Type 3 event messages report changes made to the following firewall management parameters: cabhSecFwPolicyFileURL, cabhSecFwPolicyFileCurrentVersion, cabhSecFwPolicyFileEnable
OBJECT-TYPE    
  INTEGER enable(1), disable(2)  

cabhSecFwEventAttackAlertThreshold 1.3.6.1.4.1.4491.2.4.2.1.2.4
If the number of type 1 or 2 hacker attacks exceeds this threshold in the period define by cabhSecFwEventAttackAlertPeriod, a firewall message event MUST be logged with priority level 4.
OBJECT-TYPE    
  INTEGER 0..65535  

cabhSecFwEventAttackAlertPeriod 1.3.6.1.4.1.4491.2.4.2.1.2.5
Indicates the period to be used (in hours) for the cabhSecFwEventAttackAlertThreshold. This MIB variable should always keep track of the last x hours of events meaning that if the variable is set to track events for 10 hours then when the 11th hour is reached, the 1st hour of events is deleted from the tracking log. A default value is set to zero, meaning zero time, so that this MIB variable will not track any events unless configured.
OBJECT-TYPE    
  INTEGER 0..65535  

cabhSecCertPsCert 1.3.6.1.4.1.4491.2.4.2.2.1
The X509 DER-encoded PS certificate.
OBJECT-TYPE    
  X509Certificate  

cabhSec2FwEnable 1.3.6.1.4.1.4491.2.4.2.5.4.1.1
This parameter indicates whether to enable or disable the firewall.
OBJECT-TYPE    
  INTEGER enabled(1), disabled(2)  

cabhSec2FwPolicyFileURL 1.3.6.1.4.1.4491.2.4.2.5.4.1.2
A policy rule set file download is triggered when the value used to SET this object is different than the value in the cabhSec2FwPolicySuccessfulFileURL object.
OBJECT-TYPE    
  SnmpAdminString  

cabhSec2FwPolicyFileHash 1.3.6.1.4.1.4491.2.4.2.5.4.1.3
Hash of the contents of the firewall configuration file. For the SHA-1 authentication algorithm the length of the hash is 160 bits. This hash value is encoded in binary format.
OBJECT-TYPE    
  OCTET STRING Size(020)  

cabhSec2FwPolicyFileOperStatus 1.3.6.1.4.1.4491.2.4.2.5.4.1.4
InProgress(1) indicates a firewall configuration file download is underway. Complete(2) indicates the firewall configuration file was downloaded and processed successfully. Failed(3) indicates that the last attempted firewall configuration file download or processing failed.
OBJECT-TYPE    
  INTEGER inProgress(1), complete(2), failed(3)  

cabhSec2FwPolicyFileCurrentVersion 1.3.6.1.4.1.4491.2.4.2.5.4.1.5
A label set by the cable operator that can be used to track various versions of configured rulesets. Once the label is set and configured rules are changed, it may not accurately reflect the version of configured rules running on the box. If this object has never been configured, it MUST contain an empty string.
OBJECT-TYPE    
  SnmpAdminString  

cabhSec2FwClearPreviousRuleset 1.3.6.1.4.1.4491.2.4.2.5.4.1.6
If set to 'true', the PS MUST clear all entries in the docsDevFilterIpTable. Reading this value always returns false.
OBJECT-TYPE    
  TruthValue  

cabhSec2FwPolicySelection 1.3.6.1.4.1.4491.2.4.2.5.4.1.7
This object allows for selection of the filtering policy as defined by the following options: factoryDefault (1) The firewall filters against the Factory Default Ruleset in the cabhSec2FwFactoryDefaultFilterTable. configuredRulesetBoth (2) The firewall filters against the Configured Ruleset defined by both the docsDevFilterIpTable and the cabhSec2FwLocalFilterIpTable. factoryDefaultAndConfiguredRulesetBoth (3) The firewall filters against the CableHome specified Factory Default Ruleset in the cabhSec2FwFactoryDefaultFilterTable and the Configured Ruleset in the docsDevFilterIpTable and the cabhSec2FwLocalFilterIpTable. configuredRulesetDocsDevFilterIpTable(4) The firewall filters against the Configured Ruleset defined by the docsDevFilterIpTable. configuredRulesetCabhSec2FwLocalFilterIpTable (5) The firewall filters against the Configured Ruleset defined by the cabhSec2FwLocalFilterIpTable. factoryDefaultAndDocsDevFilterIpTable (6) The firewall filters against the Factory Default Ruleset and the Configured Ruleset defined by the DocsDevFilterIpTable. factoryDefaultAndCabhSec2FwLocalFilterIpTable (7) The firewall filters against the Factory Default Ruleset and the Configured Ruleset defined by the cabhSec2FwLocalFilterIpTable.
OBJECT-TYPE    
  INTEGER factoryDefault(1), configuredRulesetBoth(2), factoryDefaultAndConfiguredRulesetBoth(3), configuredRulesetDocsDevFilterIpTable(4), configuredRulesetCabhSec2FwLocalFilterIpTable(5), factoryDefaultAndDocsDevFilterIpTable(6), factoryDefaultAndCabhSec2FwLocalFilterIpTable(7)  

cabhSec2FwEventSetToFactory 1.3.6.1.4.1.4491.2.4.2.5.4.1.8
If set to 'true', entries in cabhSec2FwEventControlEntry are set to their default values. Reading this value always returns false.
OBJECT-TYPE    
  TruthValue  

cabhSec2FwEventLastSetToFactory 1.3.6.1.4.1.4491.2.4.2.5.4.1.9
The value of sysUpTime when cabhSec2FwEventSetToFactory was Last set to true. Zero if never reset.
OBJECT-TYPE    
  TimeStamp  

cabhSec2FwPolicySuccessfulFileURL 1.3.6.1.4.1.4491.2.4.2.5.4.1.10
Contains the location of the last successful downloaded policy rule set file in the format pointed in the reference. If a successful download has not yet occurred, this MIB object should report empty string.
OBJECT-TYPE    
  SnmpAdminString  

cabhSec2FwConfiguredRulesetPriority 1.3.6.1.4.1.4491.2.4.2.5.4.1.11
This object defines which Configured Ruleset filter rule has priority when a conflict exists between a filter rule in the docsDevFilterIpTable and a filter rule in the cabhSec2FwLocalFilterIpTable as indicated by the following options: docsDevFilterIpTable (1) - indicates that filter rules in the docsDevFilterIpTable have priority over any conflicting filters that may exist in the cabhSec2FwLocalFilterIpTable. cabhSec2FwLocalFilterIpTable (2) - indicates that filter rules in the cabhSec2FwLocalFilterIpTable have priority over any conflicting filters that may exist in the docsDevFilterIpTable.
OBJECT-TYPE    
  INTEGER docsDevFilterIpTable(1), cabhSec2FwLocalFilterIpTable(2)  

cabhSec2FwClearLocalRuleset 1.3.6.1.4.1.4491.2.4.2.5.4.1.12
If set to 'true', the PS MUST clear all entries in the cabhSec2FwLocalFilterIpTable. Reading this value always returns false.
OBJECT-TYPE    
  TruthValue  

cabhSec2FwEventControlTable 1.3.6.1.4.1.4491.2.4.2.5.4.2.1
This table controls the reporting of the Firewall Attacks events
OBJECT-TYPE    
  SEQUENCE OF  
    CabhSec2FwEventControlEntry

cabhSec2FwEventControlEntry 1.3.6.1.4.1.4491.2.4.2.5.4.2.1.1
Allows configuration of the reporting mechanisms for a particular type of attack.
OBJECT-TYPE    
  CabhSec2FwEventControlEntry  

cabhSec2FwEventType 1.3.6.1.4.1.4491.2.4.2.5.4.2.1.1.1
Classification of the different types of attacks. Type 1 logs all attempts from both LAN and WAN clients to traverse the Firewall that violate the Security Policy. Type 2 logs identified Denial of Service attack attempts. Type 3 logs all changes made to the cabhSec2FwPolicyFileURL, cabhSec2FwPolicyFileCurrentVersion or cabhSec2FwPolicyFileEnable objects. Type 4 logs all failed attempts to modify cabhSec2FwPolicyFileURL and cabhSec2FwPolicyFileEnable objects. Type 5 logs allowed inbound packets from the WAN. Type 6 logs allowed outbound packets from the LAN.
OBJECT-TYPE    
  INTEGER type1(1), type2(2), type3(3), type4(4), type5(5), type6(6)  

cabhSec2FwEventEnable 1.3.6.1.4.1.4491.2.4.2.5.4.2.1.1.2
Enables or disables counting and logging of firewall events by type as assigned by cabhSec2FwEventType.
OBJECT-TYPE    
  INTEGER enabled(1), disabled(2)  

cabhSec2FwEventThreshold 1.3.6.1.4.1.4491.2.4.2.5.4.2.1.1.3
Number of attacks to count before sending the appropriate event by type as assigned by cabhSec2FwEventType.
OBJECT-TYPE    
  Unsigned32 0..65535  

cabhSec2FwEventInterval 1.3.6.1.4.1.4491.2.4.2.5.4.2.1.1.4
Indicates the time interval in hours to count and log occurrences of a firewall event type as assigned in cabhSec2FwEventType. If this MIB has a value of zero then there is no interval assigned and the PS will not count or log events.
OBJECT-TYPE    
  Unsigned32 0..744  

cabhSec2FwEventCount 1.3.6.1.4.1.4491.2.4.2.5.4.2.1.1.5
Indicates the current count up to the cabhSec2FwEventThreshold value by type as assigned by cabhSec2FwEventType.
OBJECT-TYPE    
  ZeroBasedCounter32  

cabhSec2FwEventLogReset 1.3.6.1.4.1.4491.2.4.2.5.4.2.1.1.6
Setting this object to true clears the log table for the specified event type. Reading this object always returns false.
OBJECT-TYPE    
  TruthValue  

cabhSec2FwEventLogLastReset 1.3.6.1.4.1.4491.2.4.2.5.4.2.1.1.7
The value of sysUpTime when cabhSec2FwEventLogReset was last set to true. Zero if never reset.
OBJECT-TYPE    
  TimeStamp  

cabhSec2FwLogTable 1.3.6.1.4.1.4491.2.4.2.5.4.3.1
Contains a log of packet information as related to events enabled by the cable operator. The types are defined in the CableHome 1.1 specification and require various objects to be included in the log. The following is a description for what is expected in the log for each type Type 1, Type 2, Type 5 and Type 6 table MUST include cabhSec2FwEventType, cabhSec2FwEventPriority, cabhSec2FwEventId, cabhSec2FwLogTime, cabhSec2FwIpProtocol, cabhSec2FwIpSourceAddr, cabhSec2FwIpDestAddr, cabhSec2FwIpSourcePort, cabhSec2FwIpDestPort, cabhSec2Fw, cabhSec2FwReplayCount. The other values not used by Types 1, 2, 5 and 6 are default values. Type 3 and Type 4 MUST include cabhSec2FwEventType, cabhSec2FwEventPriority, cabhSec2FwEventId, cabhSec2FwLogTime, cabhSec2FwIpSourceAddr, cabhSec2FwLogMIBPointer. The other values not used by type 3 and 4 are default values. When applicable, Type 1, Type 5,and Type 6 MUST also include cabhSec2FwLogMatchingFilterTableName, cabhSec2FwLogMatchingFilterTableIndex, cabhSec2FwLogMatchingFilterDescr.
OBJECT-TYPE    
  SEQUENCE OF  
    CabhSec2FwLogEntry

cabhSec2FwLogEntry 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1
Each entry contains the log of firewall events
OBJECT-TYPE    
  CabhSec2FwLogEntry  

cabhSec2FwLogIndex 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1.1
A sequence number for the specific events under a cabhSec2FwEventType.
OBJECT-TYPE    
  Unsigned32 1..2147483647  

cabhSec2FwLogEventType 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1.2
Classification of the different types of attacks. Type 1 logs all attempts from both LAN and WAN clients to traverse the Firewall that violate the Security Policy. Type 2 logs identified Denial of Service attack attempts. Type 3 logs all changes made to the cabhSec2FwPolicyFileURL, cabhSec2FwPolicyFileCurrentVersion or cabhSec2FwPolicyFileEnable objects. Type 4 logs all failed attempts to modify cabhSec2FwPolicyFileURL and cabhSec2FwPolicyFileEnable objects. Type 5 logs allowed inbound packets from the WAN. Type 6 logs allowed outbound packets from the LAN.
OBJECT-TYPE    
  INTEGER type1(1), type2(2), type3(3), type4(4), type5(5), type6(6)  

cabhSec2FwLogEventPriority 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1.3
The priority level of this event as defined by CableHome Specification. If a priority is not assigned in the CableHome specification for a particular event then the vendor or cable operator may assign priorities. These are ordered from most serious (emergency)to least serious (debug).
OBJECT-TYPE    
  INTEGER emergency(1), alert(2), critical(3), error(4), warning(5), notice(6), information(7), debug(8)  

cabhSec2FwLogEventId 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1.4
The assigned event ID.
OBJECT-TYPE    
  Unsigned32  

cabhSec2FwLogTime 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1.5
The time that this entry was created by the PS.
OBJECT-TYPE    
  DateAndTime  

cabhSec2FwLogIpProtocol 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1.6
The IP Protocol.
OBJECT-TYPE    
  Unsigned32 0..256  

cabhSec2FwLogIpSourceAddr 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1.7
The Source IP Address of the packet logged.
OBJECT-TYPE    
  InetAddress  

cabhSec2FwLogIpDestAddr 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1.8
The Destination IP Address of the packet logged.
OBJECT-TYPE    
  InetAddress  

cabhSec2FwLogIpSourcePort 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1.9
The Source IP Port of the packet logged.
OBJECT-TYPE    
  InetPortNumber  

cabhSec2FwLogIpDestPort 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1.10
The Source IP Port of the packet logged.
OBJECT-TYPE    
  InetPortNumber  

cabhSec2FwLogMessageType 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1.11
The ICMP defined types.
OBJECT-TYPE    
  Unsigned32  

cabhSec2FwLogReplayCount 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1.12
The number of identical attack packets that were seen by the firewall based on cabhSec2FwLogIpProtocol, cabhSec2FwLogIpSourceAddr, cabhSec2FwLogIpDestAddr, cabhSec2FwLogIpSourcePort, cabhSec2FwLogIpDestPort and cabhSec2FwLogMessageType.
OBJECT-TYPE    
  Unsigned32  

cabhSec2FwLogMIBPointer 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1.13
Identifies if the cabhSec2FwPolicyFileURL or the cabhSec2FwEnable MIB object changed or an attempt was made to change it.
OBJECT-TYPE    
  VariablePointer  

cabhSec2FwLogMatchingFilterTableName 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1.14
When applicable, cabhSec2FwLogMatchingFilterTableName indicates the filter table name containing the last filter rule matched that caused the event to be generated.
OBJECT-TYPE    
  INTEGER cabhSec2FwFactoryDefaultFilterTable(1), docsDevFilterIpTable(2), cabhSec2FwLocalFilterIpTable(3), none(4)  

cabhSec2FwLogMatchingFilterTableIndex 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1.15
When applicable, cabhSec2FwLogMatchingFilterTableIndex indicates the filter table index if the last filter rule matched that caused the event to be generated. If the value is 0, the event was not caused by a filter rule match.
OBJECT-TYPE    
  Unsigned32 0..2147483647  

cabhSec2FwLogMatchingFilterDescr 1.3.6.1.4.1.4491.2.4.2.5.4.3.1.1.16
When applicable, cabhSec2FwLogMatchingFilterDesc contains the description value found in the cabhSec2FwFilterScheduleDesc MIB object or the cabhSec2FwLocalFilterIpDesc MIB object of the last filter rule matched that caused the event to be generated.
OBJECT-TYPE    
  SnmpAdminString Size(0..32)  

cabhSec2FwFilterScheduleTable 1.3.6.1.4.1.4491.2.4.2.5.4.4.1
Extends the filtering matching parameters of docsDevFilterIpTable defined in RFC 2669 for CableHome Residential Gateways to include time day intervals and days of the week.
OBJECT-TYPE    
  SEQUENCE OF  
    CabhSec2FwFilterScheduleEntry

cabhSec2FwFilterScheduleEntry 1.3.6.1.4.1.4491.2.4.2.5.4.4.1.1
Extended values for entries of docsDevFilterIpTable. If the PS has not aqcuire ToD the entire docsDevFilterIpEntry rule set is ignored. Note: A filter time period may include two days (e.g from 10 PM to 4 AM). A filter time period that includes two days is identified by the absolute value of the cabhSec2FwFilterScheduleEndTime being less than the absolute value of the cabhSec2FwFilterScheduleStartTime. The cabhSec2FwFilterScheduleDOW setting and the cabhSec2FwFilterScheduleStartTime value indicate what day and time the filter becomes active. The cabhSec2FwFilterScheduleEndTime indicates when the filter becomes inactive on the second day. The maximum filter time period that includes two days is 24 hours. If cabhSec2FwFilterScheduleStartTime is less than or equal to the cabhSec2FwFilterScheduleEndTime the time period of the filter falls in the same day.
OBJECT-TYPE    
  CabhSec2FwFilterScheduleEntry  

cabhSec2FwFilterScheduleStartTime 1.3.6.1.4.1.4491.2.4.2.5.4.4.1.1.1
The start time for matching the filter ruleset in the specified days indicated in cabhSec2FwFilterScheduleDOW. Time is represented in Military Time, e.g., 8:30 AM is represented as 830 and 11:45 PM as 2345. An attempt to set this object to an invalid military time value, e.g., 1182, returns 'wrongValue' error.
OBJECT-TYPE    
  Unsigned32 0..2359  

cabhSec2FwFilterScheduleEndTime 1.3.6.1.4.1.4491.2.4.2.5.4.4.1.1.2
The end time for matching the filter rule for the days indicated in cabhSec2FwFilterScheduleDOW. The filter rule associated with this end time MUST not be disabled until the minute following the time indicated by this MIB object. If the time period is for two days, identified by cabhSec2FwFilterScheduleEndTime being less than cabhSec2FwFilterScheduleStartTime, then the cabhSec2FwFilterScheduleDOW settings do not apply to this MIB object. Time is represented in the same manner as in cabhSec2FwFilterScheduleStartTime. An attempt to set this object to an invalid military time value, e.g., 1182, returns 'wrongValue' error.
OBJECT-TYPE    
  Unsigned32 0..2359  

cabhSec2FwFilterScheduleDOW 1.3.6.1.4.1.4491.2.4.2.5.4.4.1.1.3
If the day of week bit associated with the PS given day is '1', this object criteria matches.
OBJECT-TYPE    
  BITS sunday(0), monday(1), tuesday(2), wednesday(3), thursday(4), friday(5), saturday(6)  

cabhSec2FwFilterScheduleDescr 1.3.6.1.4.1.4491.2.4.2.5.4.4.1.1.4
A filter rule description configured by the cable operator or subscriber.
OBJECT-TYPE    
  SnmpAdminString Size(0..32)  

cabhSec2FwFactoryDefaultFilterTable 1.3.6.1.4.1.4491.2.4.2.5.4.4.2
Contains the firewall factory default ruleset as defined by the CableLabs CableHome 1.1 Specification.
OBJECT-TYPE    
  SEQUENCE OF  
    CabhSec2FwFactoryDefaultFilterEntry

cabhSec2FwFactoryDefaultFilterEntry 1.1
Contains the firewall factory default ruleset.
OBJECT-TYPE    
  CabhSec2FwFactoryDefaultFilterEntry  

cabhSec2FwFactoryDefaultFilterIndex 1.1.1
Index used to order the application of filters. The filter with the lowest index is always applied first.
OBJECT-TYPE    
  Unsigned32 1..2147483647  

cabhSec2FwFactoryDefaultFilterControl 1.1.2
If set to deny(1), all packets matching this filter will be discarded. If set to allow(2), all packets matching this filter will be accepted. The cabhSec2FwFactoryDefaultFilterContinue object is Set to true, and therefore the PS MUST continue to scan the table for other matches to apply the match with the highest cabhSec2FwFactoryDefaultFilterIndex value.
OBJECT-TYPE    
  INTEGER deny(1), allow(2)  

cabhSec2FwFactoryDefaultFilterIfIndex 1.1.3
The index number assigned to this object MUST match to the IfIndex numbering assigned in the ifTable from the Interfaces Group MIB [RFC 2863], and as specified in CH 1.1 Spec, Table 6-16 Numbering Interfaces in the ifTable. If the value is zero, the filter applies to all interfaces. This object MUST be specified to create a row in this table.
OBJECT-TYPE    
  InterfaceIndexOrZero  

cabhSec2FwFactoryDefaultFilterDirection 1.1.4
This value represents direction in relationship to the assigned cabhSec2FwFactoryDefaultFilterIfIndex in this particular rule, meaning that the PS MUST represent traffic direction as follows: inbound(1)traffic, outbound(2) traffic, or both(3)inbound and outbound traffic.
OBJECT-TYPE    
  INTEGER inbound(1), outbound(2), both(3)  

cabhSec2FwFactoryDefaultFilterSaddr 1.1.5
The source IP address, or portion thereof, that is to be matched for this filter. The source address is first masked (and'ed) against cabhSec2FwFactoryDefaultFilterSmask before being compared to this value. A value of 0 for this object and 0 for the mask matches all IP addresses.
OBJECT-TYPE    
  InetAddress  

cabhSec2FwFactoryDefaultFilterSmask 1.1.6
A bit mask that is to be applied to the source address prior to matching. This mask is not necessarily the same as a subnet mask, but 1's bits must be leftmost and contiguous.
OBJECT-TYPE    
  InetAddress  

cabhSec2FwFactoryDefaultFilterDaddr 1.1.7
The destination IP address, or portion thereof, that is to be matched for this filter. The destination address is first masked (and'ed) against cabhSec2FwFactoryDefaultFilterDmask before being compared to this value. A value of 0 for this object and 0 for the mask matches all IP addresses.
OBJECT-TYPE    
  InetAddress  

cabhSec2FwFactoryDefaultFilterDmask 1.1.8
A bit mask that is to be applied to the destination address prior to matching. This mask is not necessarily the same as a subnet mask, but 1's bits must be leftmost and contiguous.
OBJECT-TYPE    
  InetAddress  

cabhSec2FwFactoryDefaultFilterProtocol 1.1.9
The protocol value that is to be matched. For example: icmp is 1, tcp is 6, udp is 17. A value of 65535 matches ANY protocol.
OBJECT-TYPE    
  Unsigned32 0..65535  

cabhSec2FwFactoryDefaultFilterSourcePortLow 1.1.10
If cabhSec2FwFactoryDefaultFilterProtocol is udp or tcp, this is the inclusive lower bound of the transport-layer source port range that is to be matched, otherwise it is ignored during matching.
OBJECT-TYPE    
  Unsigned32 0..65535  

cabhSec2FwFactoryDefaultFilterSourcePortHigh 1.1.11
If cabhSec2FwFactoryDefaultFilterProtocol is udp or tcp, this is the inclusive upper bound of the transport-layer source port range that is to be matched, otherwise it is ignored during matching.
OBJECT-TYPE    
  Unsigned32 0..65535  

cabhSec2FwFactoryDefaultFilterDestPortLow 1.1.12
If cabhSec2FwFactoryDefaultFilterProtocol is udp or tcp, this is the inclusive lower bound of the transport-layer destination port range that is to be matched, otherwise it is ignored during matching.
OBJECT-TYPE    
  Unsigned32 0..65535  

cabhSec2FwFactoryDefaultFilterDestPortHigh 1.1.13
If cabhSec2FwFactoryDefaultFilterProtocol is udp or tcp, this is the inclusive upper bound of the transport-layer destination port range that is to be matched, otherwise it is ignored during matching.
OBJECT-TYPE    
  Unsigned32 0..65535  

cabhSec2FwFactoryDefaultFilterContinue 1.1.14
This value is always set to true so the PS MUST continue scanning and applying rules.
OBJECT-TYPE    
  TruthValue  

cabhSec2FwLocalFilterIpTable 1.3.6.1.4.1.4491.2.4.2.5.4.4.3
Contains a configured filtering Ruleset for the PS firewall.
OBJECT-TYPE    
  SEQUENCE OF  
    CabhSec2FwLocalFilterIpEntry

cabhSec2FwLocalFilterIpEntry 2.1
Contains a configured filter rule for the PS firewall. If the PS has not aqcuired ToD, entries that do not have default time settings are ignored. Note, that a filter time period may include two days (e.g from 10 PM to 4 AM). A filter time period that includes two days is identified by the absolute value of the cabhSec2FwLocalFilterIpEndTime being less then the absolute value of the cabhSec2FwLocalFilterIpStartTime. The cabhSec2FwLocalFilterIpDOW setting and the cabhSec2FwLocalFilterIpStartTime value indicate what day and time the filter becomes active. The cabhSec2FwLocalFilterIpEndTime indicates when the filter becomes inactive on the second day. The maximum filter time period that includes two days is 24 hours. If cabhSec2FwLocalFilterIpStartTime is less than or equal to the cabhSec2FwLocalFilterIpEndTime the time period of the filter falls in the same day.
OBJECT-TYPE    
  CabhSec2FwLocalFilterIpEntry  

cabhSec2FwLocalFilterIpIndex 2.1.1
Index used to order the application of filters. The filter with the lowest index is always applied first.
OBJECT-TYPE    
  Unsigned32 1..2147483647  

cabhSec2FwLocalFilterIpStatus 2.1.2
Controls and reflects the status of rows in this table. Creation of the rows may be done via either create-and-wait or create-and-go, but the filter is not applied until this object is set to (or changes to) active. There is no restriction in changing any object in a row while this object is set to active.
OBJECT-TYPE    
  RowStatus  

cabhSec2FwLocalFilterIpControl 2.1.3
If set to deny(1), all packets matching this filter will be discarded. If set to allow(2), all packets matching this filter will be accepted. The cabhSec2FwLocalFilterIpContinue object is Set to true, and therefore the PS MUST continue to scan the table for other matches to apply the match with the highest cabhSec2FwLocalFilterIpIndex value.
OBJECT-TYPE    
  INTEGER deny(1), allow(2)  

cabhSec2FwLocalFilterIpIfIndex 2.1.4
The index number assigned to this object MUST match to the IfIndex numbering assigned in the ifTable from the Interfaces Group MIB [RFC 2863], and as specified in CH 1.1 Spec, Table 6-16 Numbering Interfaces in the ifTable.
OBJECT-TYPE    
  InterfaceIndexOrZero  

cabhSec2FwLocalFilterIpDirection 2.1.5
This value represents direction in relationship to the assigned cabhSec2FwLocalFilterIpIfIndex in this particular rule, meaning that the PS MUST represent traffic direction as follows: inbound(1)traffic, outbound(2) traffic, or both(3)inbound and outbound traffic.
OBJECT-TYPE    
  INTEGER inbound(1), outbound(2), both(3)  

cabhSec2FwLocalFilterIpSaddr 2.1.6
The source IP address, or portion thereof, that is to be matched for this filter. The source address is first masked (and'ed) against cabhSec2FwLocalFilterIpSmask before being compared to this value. A value of 0 for this object and 0 for the mask matches all IP addresses.
OBJECT-TYPE    
  InetAddress  

cabhSec2FwLocalFilterIpSmask 2.1.7
A bit mask that is to be applied to the source address prior to matching. This mask is not necessarily the same as a subnet mask, but 1's bits must be leftmost and contiguous.
OBJECT-TYPE    
  InetAddress  

cabhSec2FwLocalFilterIpDaddr 2.1.8
The destination IP address, or portion thereof, that is to be matched for this filter. The destination address is first masked (and'ed) against cabhSec2FwLocalFilterIpDmask before being compared to this value. A value of 0 for this object and 0 for the mask matches all IP addresses.
OBJECT-TYPE    
  InetAddress  

cabhSec2FwLocalFilterIpDmask 2.1.9
A bit mask that is to be applied to the destination address prior to matching. This mask is not necessarily the same as a subnet mask, but 1's bits must be leftmost and contiguous.
OBJECT-TYPE    
  InetAddress  

cabhSec2FwLocalFilterIpProtocol 2.1.10
The protocol value that is to be matched. For example: icmp is 1, tcp is 6, udp is 17. A value of 65535 matches ANY protocol.
OBJECT-TYPE    
  Unsigned32 0..65535  

cabhSec2FwLocalFilterIpSourcePortLow 2.1.11
If cabhSec2FwLocalFilterIpProtocol is udp or tcp, this is the inclusive lower bound of the transport-layer source port range that is to be matched, otherwise it is ignored during matching.
OBJECT-TYPE    
  Unsigned32 0..65535  

cabhSec2FwLocalFilterIpSourcePortHigh 2.1.12
If cabhSec2FwLocalFilterIpProtocol is udp or tcp, this is the inclusive upper bound of the transport-layer source port range that is to be matched, otherwise it is ignored during matching.
OBJECT-TYPE    
  Unsigned32 0..65535  

cabhSec2FwLocalFilterIpDestPortLow 2.1.13
If cabhSec2FwLocalFilterIpProtocol is udp or tcp, this is the inclusive lower bound of the transport-layer destination port range that is to be matched, otherwise it is ignored during matching.
OBJECT-TYPE    
  Unsigned32 0..65535  

cabhSec2FwLocalFilterIpDestPortHigh 2.1.14
If cabhSec2FwLocalFilterIpProtocol is udp or tcp, this is the inclusive upper bound of the transport-layer destination port range that is to be matched, otherwise it is ignored during matching.
OBJECT-TYPE    
  Unsigned32 0..65535  

cabhSec2FwLocalFilterIpMatches 2.1.15
Counts the number of times this filter was matched. This object is initialized to 0 at boot, or at row creation, and is reset only upon reboot.
OBJECT-TYPE    
  Counter32  

cabhSec2FwLocalFilterIpContinue 2.1.16
This value is always set to true so the PS MUST continue scanning and applying rules.
OBJECT-TYPE    
  TruthValue  

cabhSec2FwLocalFilterIpStartTime 2.1.17
The start time for matching the filter ruleset in the specified days indicated in cabhSec2FwLocalFilterIpDOW. Time is represented in Military Time, e.g., 8:30 AM is represented as 830 and 11:45 PM as 2345. An attempt to set this object to an invalid military time value, e.g., 1182, returns 'wrongValue' error.
OBJECT-TYPE    
  Unsigned32 0..2359  

cabhSec2FwLocalFilterIpEndTime 2.1.18
The end time for matching the filter ruleset for the days indicated in cabhSec2FwLocalFilterIpDOW. The filter rule associated with this end time MUST not be disabled until the minute following the time indicated by this MIB object. If the time period is for two days, identified by cabhSec2FwLocalFilterIpEndTime being less than cabhSec2FwLocalFilterIpStartTime, then the cabhSec2FwLocalFilterIpDOW settings do not apply to this MIB object. Time is represented in the same manner as in cabhSec2FwLocalFilterIpStartTime. An attempt to set this object to an invalid military time value, e.g., 1182, returns 'wrongValue' error.
OBJECT-TYPE    
  Unsigned32 0..2359  

cabhSec2FwLocalFilterIpDOW 2.1.19
If the day of week bit associated with the PS given day is '1', this object criteria matches.
OBJECT-TYPE    
  BITS sunday(0), monday(1), tuesday(2), wednesday(3), thursday(4), friday(5), saturday(6)  

cabhSec2FwLocalFilterIpDescr 2.1.20
A filter rule description configured by the cable operator or subscriber.
OBJECT-TYPE    
  SnmpAdminString Size(0..32)  

cabhSecKerbPKINITGracePeriod 1.3.6.1.4.1.4491.2.4.2.5.3.1.1
The PKINIT Grace Period is needed by the PS to know when it should start retrying to get a new ticket. The PS MUST obtain a new Kerberos ticket (with a PKINIT exchange)this many minutes before the old ticket expires.
OBJECT-TYPE    
  Unsigned32 15..600  

cabhSecKerbTGSGracePeriod 1.3.6.1.4.1.4491.2.4.2.5.3.1.2
The TGS Grace Period is needed by the PS to know when it should start retrying to get a new ticket. The PS MUST obtain a new Kerberos ticket (with a TGS Request) this many minutes before the old ticket expires.
OBJECT-TYPE    
  Unsigned32 1..600  

cabhSecKerbUnsolicitedKeyMaxTimeout 1.3.6.1.4.1.4491.2.4.2.5.3.1.3
This timeout applies to PS initiated AP-REQ/REP key management exchange with NMS. The maximum timeout is the value which may not be exceeded in the exponential backoff algorithm.
OBJECT-TYPE    
  Unsigned32 15..600  

cabhSecKerbUnsolicitedKeyMaxRetries 1.3.6.1.4.1.4491.2.4.2.5.3.1.4
The number of retries the PS is allowed for AP-REQ/REP key management exchange initiation with the NMS. This is the maximum number of retries before the PS gives up attempting to establish an SNMPv3 security association with NMS.
OBJECT-TYPE    
  Unsigned32 1..32  

cabhSecNotification 1.3.6.1.4.1.4491.2.4.2.3
OBJECT IDENTIFIER    

cabhSecConformance 1.3.6.1.4.1.4491.2.4.2.4
OBJECT IDENTIFIER    

cabhSecCompliances 1.3.6.1.4.1.4491.2.4.2.4.1
OBJECT IDENTIFIER    

cabhSecGroups 1.3.6.1.4.1.4491.2.4.2.4.2
OBJECT IDENTIFIER    

cabhSecCompliance 1.3.6.1.4.1.4491.2.4.2.4.1.1
The compliance statement for CableHome Security.
MODULE-COMPLIANCE    

cabhSec2Compliance 1.3.6.1.4.1.4491.2.4.2.4.1.2
The compliance statement for CableHome 1.1 Security.
MODULE-COMPLIANCE    

cabhSecGroup 1.3.6.1.4.1.4491.2.4.2.4.2.1
Group of objects in CableHome 1.0 Firewall MIB.
OBJECT-GROUP    

cabhSecCertGroup 1.3.6.1.4.1.4491.2.4.2.4.2.2
Group of objects in CableHome gateway for PS Certificate.
OBJECT-GROUP    

cabhSecKerbGroup 1.3.6.1.4.1.4491.2.4.2.4.2.3
Group of objects in CableHome gateway for Kerberos.
OBJECT-GROUP    

cabhSec2Group 1.3.6.1.4.1.4491.2.4.2.4.2.4
Group of objects in CableHome 1.1 Firewall MIB.
OBJECT-GROUP