HM2-FW-MIB
File:
HM2-FW-MIB.mib (54777 bytes)
Imported modules
Imported symbols
Defined Types
| Hm2DynFwRuleEntry |
|
| SEQUENCE |
|
|
|
| |
hm2DynFwRuleIndex |
Integer32 |
|
| |
hm2DynFwSourceAddress |
DisplayString |
|
| |
hm2DynFwSourcePort |
DisplayString |
|
| |
hm2DynFwTargetAddress |
DisplayString |
|
| |
hm2DynFwTargetPort |
DisplayString |
|
| |
hm2DynFwProto |
INTEGER |
|
| |
hm2DynFwRuleParams |
DisplayString |
|
| |
hm2DynFwAction |
INTEGER |
|
| |
hm2DynFwLog |
TruthValue |
|
| |
hm2DynFwTrap |
TruthValue |
|
| |
hm2DynFwRowStatus |
RowStatus |
|
| |
hm2DynFwDescription |
DisplayString |
|
| Hm2DynFwRuleIfMappingEntry |
|
| SEQUENCE |
|
|
|
| |
hm2DynFwIfmRuleIndex |
Integer32 |
|
| |
hm2DynFwIfmDirection |
INTEGER |
|
| |
hm2DynFwIfmPriority |
Unsigned32 |
|
| |
hm2DynFwIfmInterface |
InterfaceIndex |
|
| |
hm2DynFwIfmRowStatus |
RowStatus |
|
| Hm2DynFwStatsRuleEntry |
|
| SEQUENCE |
|
|
|
| |
hm2DynFwStatsPacketCount |
Counter64 |
|
| |
hm2DynFwStatsPacketSize |
Counter64 |
|
| |
hm2DynFwStatsLastApplied |
HmTimeSeconds1970 |
|
| Hm2L3RuleEntry |
|
| SEQUENCE |
|
|
|
| |
hm2L3RuleIndex |
Integer32 |
|
| |
hm2L3SourceAddress |
DisplayString |
|
| |
hm2L3SourcePort |
DisplayString |
|
| |
hm2L3TargetAddress |
DisplayString |
|
| |
hm2L3TargetPort |
DisplayString |
|
| |
hm2L3Proto |
INTEGER |
|
| |
hm2L3RuleParams |
DisplayString |
|
| |
hm2L3Action |
INTEGER |
|
| |
hm2L3Log |
TruthValue |
|
| |
hm2L3Trap |
TruthValue |
|
| |
hm2L3RowStatus |
RowStatus |
|
| |
hm2L3Description |
DisplayString |
|
| |
hm2DPIProfileIndex |
Integer32 |
|
| Hm2L3RuleIfMappingEntry |
|
| SEQUENCE |
|
|
|
| |
hm2L3IfmRuleIndex |
Integer32 |
|
| |
hm2L3IfmDirection |
INTEGER |
|
| |
hm2L3IfmPriority |
Unsigned32 |
|
| |
hm2L3IfmInterface |
InterfaceIndex |
|
| |
hm2L3IfmRowStatus |
RowStatus |
|
| Hm2L3StatsRuleEntry |
|
| SEQUENCE |
|
|
|
| |
hm2L3StatsPacketCount |
Counter64 |
|
| |
hm2L3StatsPacketSize |
Counter64 |
|
| |
hm2L3StatsLastApplied |
HmTimeSeconds1970 |
|
| Hm2DPIProfileModbusEntry |
|
| SEQUENCE |
|
|
|
| |
hm2DPIProfileModbusIndex |
Integer32 |
|
| |
hm2DPIProfileModbusDescription |
DisplayString |
|
| |
hm2DPIProfileModbusFunctionType |
INTEGER |
|
| |
hm2DPIProfileModbusFunctionCodeList |
DisplayString |
|
| |
hm2DPIProfileModbusUnitIdentifierList |
DisplayString |
|
| |
hm2DPIProfileModbusSanityCheck |
TruthValue |
|
| |
hm2DPIProfileModbusException |
TruthValue |
|
| |
hm2DPIProfileModbusReset |
TruthValue |
|
| |
hm2DPIProfileModbusRowStatus |
RowStatus |
|
| Hm2DPIProfileOpcEntry |
|
| SEQUENCE |
|
|
|
| |
hm2DPIProfileOpcIndex |
Integer32 |
|
| |
hm2DPIProfileOpcDescription |
DisplayString |
|
| |
hm2DPIProfileOpcSanityCheck |
TruthValue |
|
| |
hm2DPIProfileOpcFragmentCheck |
TruthValue |
|
| |
hm2DPIProfileOpcTimeoutConnect |
Unsigned32 |
|
| |
hm2DPIProfileOpcRowStatus |
RowStatus |
|
| Hm2FLMInterfaceEntry |
|
| SEQUENCE |
|
|
|
| |
hm2FLMInterfaceIndex |
InterfaceIndex |
|
| |
hm2FLMInterfaceRowStatus |
RowStatus |
|
Defined Values
| hm2FwMib |
1.3.6.1.4.1.248.11.79 |
| SNMP interface for Hirschmann Firewall modules.
Copyright (C) |
| MODULE-IDENTITY |
|
|
|
| hm2DynFw |
1.3.6.1.4.1.248.11.79.1.2 |
| OBJECT IDENTIFIER |
|
|
|
| hm2L3Fw |
1.3.6.1.4.1.248.11.79.1.3 |
| OBJECT IDENTIFIER |
|
|
|
| hm2DynFwMaxRules |
1.3.6.1.4.1.248.11.79.1.1.1 |
| Maximum number of allowed rules for dynamic firewalling. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Integer32 |
|
|
| hm2L3MaxRules |
1.3.6.1.4.1.248.11.79.1.1.2 |
| Maximum number of allowed rules for L3 firewalling. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Integer32 |
|
|
| hm2ResetStatistics |
1.3.6.1.4.1.248.11.79.1.1.3 |
| Setting this value to action(2) will reset the statistics of the
whole firewall module. It will be set to noop(1) automatically
after reset. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
HmActionValue |
|
|
| hm2FlushTables |
1.3.6.1.4.1.248.11.79.1.1.4 |
| Setting this value to action(2) will flush all connection tracking states.
It will be set to noop(1) automatically after table flush. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
HmActionValue |
|
|
| hm2DefaultPolicy |
1.3.6.1.4.1.248.11.79.1.1.5 |
| The default policy for forwarding packets:
o accept(1): Packets matching this rule are accepted and will
be forwarded
o drop(2): Packets matching this rule will be silently
discarded
o reject(3): Packets matching this rule will be dropped and
the originator gets informed by an ICMP message |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
INTEGER |
accept(1), drop(2), reject(3) |
|
| hm2ConnTrackValidateCheckSum |
1.3.6.1.4.1.248.11.79.1.1.6 |
| This value describes, whether the Firewall connection tracking
in the Linux kernel shall validate the protocol checksums.
Disable this validation (false) improves routing throughput. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| hm2DynFwRuleAppliedTrap |
1.3.6.1.4.1.248.11.79.0.1 |
| A rule of the dynamic firewall was applied. The rule is
identified by the given rule index of the rule table. |
| Status: current |
Access: read-write |
| NOTIFICATION-TYPE |
|
|
|
| hm2DynFwRuleAppliedAndLoggedTrap |
1.3.6.1.4.1.248.11.79.0.2 |
| A rule of the dynamic firewall was applied and logged according to
the current logging mechanism. The rule is identified by the
given rule index of the rule table. |
| Status: current |
Access: read-write |
| NOTIFICATION-TYPE |
|
|
|
| hm2DynFwRuleCount |
1.3.6.1.4.1.248.11.79.1.2.1.1 |
| Number of current dynamic firewalls rules |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Integer32 |
|
|
| hm2DynFwRulePendingActions |
1.3.6.1.4.1.248.11.79.1.2.1.3 |
| This value describes, whether the DynFW rule table was modified
but not yet written to the firewall implementation (set to
true). After writing all modifications to the firewall, the
value switches automatically back to false. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| hm2DynFwCommitPendingActions |
1.3.6.1.4.1.248.11.79.1.2.1.4 |
| Setting this value to action(2) writes not yet committed changes
to the firewall (DynFW and Interface Mapping Table). After
writing all modifications, the value switches automatically
back to noop(1). |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
HmActionValue |
|
|
| hm2DynFwRuleTable |
1.3.6.1.4.1.248.11.79.1.2.2.1 |
| The list of rules for this dynamic firewall |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
SEQUENCE OF |
|
|
| |
|
Hm2DynFwRuleEntry |
|
| hm2DynFwRuleEntry |
1.3.6.1.4.1.248.11.79.1.2.2.1.1 |
| Dynamic firewall rule entry. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
Hm2DynFwRuleEntry |
|
|
| hm2DynFwRuleIndex |
1.3.6.1.4.1.248.11.79.1.2.2.1.1.1 |
| Rule index of this dynamic firewall rule |
| Status: current |
Access: accessible-for-notify |
| OBJECT-TYPE |
|
|
|
| |
Integer32 |
1..512 |
|
| hm2DynFwSourceAddress |
1.3.6.1.4.1.248.11.79.1.2.2.1.1.2 |
| The source address of the packet to filter. Allowed formats are:
- keyword 'any'
- single address ('10.0.0.1')
- CIDR address range ('10.0.0.0/8')
- netobject ('')
|
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(1..20) |
|
| hm2DynFwSourcePort |
1.3.6.1.4.1.248.11.79.1.2.2.1.1.3 |
| The source port of the packet to filter. Allowed formats are:
- keyword 'any'
- single port ('10')
- port range with first and last port separated by hyphen
('10-15')
- comma separated list of ports ('1235,25,123')
- combination of the points above ('10,25-30,125,1993')
The number of named ports (1 for each individual port, 2 for port
ranges) must not exceed 15.
|
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(1..50) |
|
| hm2DynFwTargetAddress |
1.3.6.1.4.1.248.11.79.1.2.2.1.1.4 |
| The destination address of the packet to filter. Allowed formats are:
- keyword 'any'
- single address ('10.0.0.1')
- CIDR address range ('10.0.0.0/8')
- netobject ('')
|
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(1..20) |
|
| hm2DynFwTargetPort |
1.3.6.1.4.1.248.11.79.1.2.2.1.1.5 |
| The destination port of the packet to filter. Allowed formats are:
- keyword 'any'
- single port ('10')
- port range with first and last port separated by hyphen
('10-15')
- comma separated list of ports ('1235,25,123')
- combination of the points above ('10,25-30,125,1993')
The number of named ports (1 for each individual port, 2 for port
ranges) must not exceed 15.
|
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(1..50) |
|
| hm2DynFwProto |
1.3.6.1.4.1.248.11.79.1.2.2.1.1.6 |
| The IP protocol (RFC 791) for protocol-independent
filtering. The following values are currently
supported:
o icmp(1): internet control message protocol (RFC 792)
o igmp(2): internet group management protocol
o ipip(3): IP in IP tunnelling (RFC 1853)
o tcp(4): transmission control protocol (RFC 793)
o udp(5): user datagram protocol (RFC 768)
o esp(6): IPsec encapsulated security payload (RFC 2406)
o ah(7): IPsec authentication header (RFC 2402)
o icmpv6(8): internet control message protocol for IPv6
o any(9): apply to all protocols |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
INTEGER |
icmp(1), igmp(2), ipip(3), tcp(4), udp(5), esp(6), ah(7), icmpv6(8), any(9) |
|
| hm2DynFwRuleParams |
1.3.6.1.4.1.248.11.79.1.2.2.1.1.7 |
| Additional parameters to this rule as string.
A parameter has the syntax:
=
Parameters are separated by a comma.
If more than one value is given for a parameter, values are
separated by a |-sign
Following paramters are defined based on the different
protocols:
o icmp: type= (specify ICMP type to filter)
code= (specify ICMP code to filter)
o tcp: frag= (apply to fragments)
flags= (apply to packets with give flags
o udp/tcp: state= (apply to packets according
current state of connection>
o general: mac= (specify source MAC address for this
rule)
|
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(0..50) |
|
| hm2DynFwAction |
1.3.6.1.4.1.248.11.79.1.2.2.1.1.8 |
| The action of the corresponding rule:
o accept(1): Packets matching this rule are accepted and will
be forwarded
o drop(2): Packets matching this rule will be silently
discarded
o reject(3): Packets matching this rule will be dropped and
the originator gets informed by an ICMP message |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
INTEGER |
accept(1), drop(2), reject(3) |
|
| hm2DynFwLog |
1.3.6.1.4.1.248.11.79.1.2.2.1.1.9 |
| Set to true if application of this rule shall be logged |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| hm2DynFwTrap |
1.3.6.1.4.1.248.11.79.1.2.2.1.1.10 |
| Set to true if application of this rule shall send a trap. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| hm2DynFwRowStatus |
1.3.6.1.4.1.248.11.79.1.2.2.1.1.11 |
| This is a standard row status value:
- active(1): The rule is active. Note that until committed, the rule
will not be applied.
- notInService(2): The rule is inactive because of user action.
- notReady(3): The rule is inactive because of agent action.
- createAndGo(4): Create the rule with default parameters
activated.
- createAndWait(5): Create the rule inactive.
- destroy(6): Delete the rule. You cannot delete a rule with
interface mappings to it. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
RowStatus |
|
|
| hm2DynFwDescription |
1.3.6.1.4.1.248.11.79.1.2.2.1.1.12 |
| User defined textual description related to this rule. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(0..32) |
|
| hm2DynFwRuleIfMappingEntry |
1.3.6.1.4.1.248.11.79.1.2.2.2.1 |
| Entry in rule interface mapping table |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
Hm2DynFwRuleIfMappingEntry |
|
|
| hm2DynFwIfmRuleIndex |
1.3.6.1.4.1.248.11.79.1.2.2.2.1.1 |
| The index of the DynFw rule this mapping entry is assigned to.
The DynFw rule must exist before creation of mapping entry. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
Integer32 |
1..2048 |
|
| hm2DynFwIfmDirection |
1.3.6.1.4.1.248.11.79.1.2.2.2.1.2 |
| Meanings:
- ingress(1): Apply this rule to packets arriving on this interface
- egress(2): Apply this rule to packets leaving from this interface
- both(3): Apply this rule to packets coming in and going out on this
interface.
If an ingress and an egress interface are given, this is taken to mean
that the rule shall apply to packets arriving on the ingress interface
AND to be leaving on the egress interface. A rule without ingress
interface matches on all packets going out to the egress interface
given, and vice versa. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
INTEGER |
ingress(1), egress(2), both(3) |
|
| hm2DynFwIfmPriority |
1.3.6.1.4.1.248.11.79.1.2.2.2.1.3 |
| The priority is the sorting key for rules in to this interface. They
don't need to be unique, but no clear order can be assumed among rules
with the same priority.
Priorities are processed in ascending order (0 highest priority). |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
Unsigned32 |
|
|
| hm2DynFwIfmInterface |
1.3.6.1.4.1.248.11.79.1.2.2.2.1.4 |
| The interface this mapping entry is applied to. This has to be either
an hm2AgentSwitchIpInterfaceIfIndex or an hm2AgentSwitchIpVlanIfIndex.
Note that for physical interfaces this only works if the corresponding
hm2AgentSwitchIpInterfaceRoutingMode is set to enable. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
InterfaceIndex |
|
|
| hm2DynFwIfmRowStatus |
1.3.6.1.4.1.248.11.79.1.2.2.2.1.5 |
| The RowStatus value for this entry with the usual meanings:
- active(1): The interface mapping is in place
- notInService(2): The interface mapping is not in place because the
user said so
- notReady(3): The interface mapping is not in place because the
agent said so
- createAndGo(4): Create this mapping with the default priority and
activate it.
- createAndWait(5): Create this mapping deactivated.
- destroy(6): Destroy this interface mapping. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
RowStatus |
|
|
| hm2DynFwStatsTtPck |
1.3.6.1.4.1.248.11.79.1.2.4.1.1 |
| Total number of packets processed by the dynamic firewall |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Counter64 |
|
|
| hm2DynFwStatsTtPckSize |
1.3.6.1.4.1.248.11.79.1.2.4.1.2 |
| Total number of bytes processed by the dynamic firewall |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Counter64 |
|
|
| hm2DynFwStatsTtPckDenDrop |
1.3.6.1.4.1.248.11.79.1.2.4.1.3 |
| Total number of packets dropped or denied by the dynamic
firewall |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Counter64 |
|
|
| hm2DynFwStatsRuleEntry |
1.3.6.1.4.1.248.11.79.1.2.4.2.1.1 |
| Statistics table entry for the dynamic firewall |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
Hm2DynFwStatsRuleEntry |
|
|
| hm2L3RuleAppliedTrap |
1.3.6.1.4.1.248.11.79.0.3 |
| A rule of the L3 firewall was applied. The rule is
identified by the given rule index of the rule table. |
| Status: current |
Access: read-only |
| NOTIFICATION-TYPE |
|
|
|
| hm2L3RuleAppliedAndLoggedTrap |
1.3.6.1.4.1.248.11.79.0.4 |
| A rule of the L3 firewall was applied and logged according
the current logging mechanism. The rule is identified by the
given rule index of the rule table. |
| Status: current |
Access: read-only |
| NOTIFICATION-TYPE |
|
|
|
| hm2L3RuleCount |
1.3.6.1.4.1.248.11.79.1.3.1.1 |
| Number of current L3 rules |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Integer32 |
|
|
| hm2L3RulePendingActions |
1.3.6.1.4.1.248.11.79.1.3.1.3 |
| This value describes, whether the L3 rule table was modified
but not yet written to the firewall implementation (set to
true). After writing all modifications to the firewall, the
value switches automatically back to false. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| hm2L3CommitPendingActions |
1.3.6.1.4.1.248.11.79.1.3.1.4 |
| Setting this value to action(2) writes not yet committed changes
to the firewall (L3 and Interface Mapping Table). After writing
all modifications, the value switches automatically back to
noop(1). |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
HmActionValue |
|
|
| hm2L3RuleTable |
1.3.6.1.4.1.248.11.79.1.3.2.1 |
| The list of L3 rules for this firewall |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
SEQUENCE OF |
|
|
| |
|
Hm2L3RuleEntry |
|
| hm2L3RuleEntry |
1.3.6.1.4.1.248.11.79.1.3.2.1.1 |
| L3 rule entry. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
Hm2L3RuleEntry |
|
|
| hm2L3RuleIndex |
1.3.6.1.4.1.248.11.79.1.3.2.1.1.1 |
| Rule index of this L3 rule |
| Status: current |
Access: accessible-for-notify |
| OBJECT-TYPE |
|
|
|
| |
Integer32 |
1..2048 |
|
| hm2L3SourceAddress |
1.3.6.1.4.1.248.11.79.1.3.2.1.1.2 |
| The source address of the packet to filter. Allowed formats are:
- keyword 'any'
- single address ('10.0.0.1')
- CIDR address range ('10.0.0.0/8')
- netobject ('')
- a prepending '!' selects the complement set
|
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(1..20) |
|
| hm2L3SourcePort |
1.3.6.1.4.1.248.11.79.1.3.2.1.1.3 |
| The source port of the packet to reroute. Allowed formats are:
- keyword 'any'
- single port ('10')
- port range with first and last port separated by hyphen
('10-15')
- comma separated list of ports ('1235,25,123')
- combination of the points above ('10,25-30,125,1993')
The number of named ports (1 for each individual port, 2 for port
ranges) must not exceed 15.
|
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(1..50) |
|
| hm2L3TargetAddress |
1.3.6.1.4.1.248.11.79.1.3.2.1.1.4 |
| The destination address of the packet to filter. Allowed formats are:
- keyword 'any'
- single address ('10.0.0.1')
- CIDR address range ('10.0.0.0/8')
- netobject ('')
|
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(1..20) |
|
| hm2L3TargetPort |
1.3.6.1.4.1.248.11.79.1.3.2.1.1.5 |
| The destination port of the packet to. Allowed formats are:
- keyword 'any'
- single port ('10')
- port range with first and last port separated by hyphen
('10-15')
- comma separated list of ports ('1235,25,123')
- combination of the points above ('10,25-30,125,1993')
The number of named ports (1 for each individual port, 2 for port
ranges) must not exceed 15.
|
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(1..50) |
|
| hm2L3Proto |
1.3.6.1.4.1.248.11.79.1.3.2.1.1.6 |
| The IP protocol (RFC 791) for protocol-independent
filtering. The following values are currently
supported:
o icmp(1): internet control message protocol (RFC 792)
o igmp(2): internet group management protocol
o ipip(3): IP in IP tunnelling (RFC 1853)
o tcp(4): transmission control protocol (RFC 793)
o udp(5): user datagram protocol (RFC 768)
o esp(6): IPsec encapsulated security payload (RFC 2406)
o ah(7): IPsec authentication header (RFC 2402)
o icmpv6(8): internet control message protocol for IPv6
o any(9): apply to all protocols |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
INTEGER |
icmp(1), igmp(2), ipip(3), tcp(4), udp(5), esp(6), ah(7), icmpv6(8), any(9) |
|
| hm2L3RuleParams |
1.3.6.1.4.1.248.11.79.1.3.2.1.1.7 |
| Additional parameters to this rule as string.
A parameter has the syntax:
=
Parameters are separated by a comma.
If more than one value is given for a parameter, values are
separated by a |-sign (pipe).
Following parameters are defined based on the different
protocols:
o icmp: type= (specify ICMP type to filter)
code= (specify ICMP code to filter)
o tcp: flags= (apply to packets with given flags)
o general: state= (apply to packets according to
current state of connection>)
mac= (specify source MAC address for this rule)
frag= (apply to fragments)
|
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(0..50) |
|
| hm2L3Action |
1.3.6.1.4.1.248.11.79.1.3.2.1.1.8 |
| The action of the corresponding rule:
o accept(1): Packets matching this rule are accepted and will
be forwarded
o drop(2): Packets matching this rule will be silently
discarded
o reject(3): Packets matching this rule will be dropped and
the originator gets informed by an ICMP message
o enforce-modbus(4): Packets matching this rule are enforced by
modbus enforcer and will be forwarded or discarded.
The selected protocol should be tcp or udp
o enforce-opc(5): Packets matching this rule are enforced by
opc enforcer and will be forwarded or discarded.
The selected protocol should be tcp |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
INTEGER |
accept(1), drop(2), reject(3), enforce-modbus(4), enforce-opc(5) |
|
| hm2L3Log |
1.3.6.1.4.1.248.11.79.1.3.2.1.1.9 |
| Set to true if application of this rule shall be logged |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| hm2L3Trap |
1.3.6.1.4.1.248.11.79.1.3.2.1.1.10 |
| Set to true if application of this rule shall send a trap. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| hm2L3RowStatus |
1.3.6.1.4.1.248.11.79.1.3.2.1.1.11 |
| This is a standard row status value:
- active(1): The rule is active. Note that until committed, the rule
will not be applied. You cannot activate the rule
if an enforcer mappings to an inactive profile.
- notInService(2): The rule is inactive because of user action.
- notReady(3): The rule is inactive because of agent action.
- createAndGo(4): Create the rule with default parameters
activated.
- createAndWait(5): Create the rule inactive.
- destroy(6): Delete the rule. You cannot delete a rule with
interface mappings to it. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
RowStatus |
|
|
| hm2L3Description |
1.3.6.1.4.1.248.11.79.1.3.2.1.1.12 |
| User defined textual description related to this rule. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(0..32) |
|
| hm2DPIProfileIndex |
1.3.6.1.4.1.248.11.79.1.3.2.1.1.13 |
| The index of the DPI profile this rule is assigned to
depending on enforcer action.
Value 0 no DPI profile this rule is assigned to.
You cannot assign the rule to an inactive profile
if an active enforcer will mapping to it. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
Integer32 |
0..32 |
|
| hm2L3RuleIfMappingEntry |
1.3.6.1.4.1.248.11.79.1.3.2.2.1 |
| Entry in rule interface mapping table |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
Hm2L3RuleIfMappingEntry |
|
|
| hm2L3IfmRuleIndex |
1.3.6.1.4.1.248.11.79.1.3.2.2.1.1 |
| The index of the L3 rule this mapping entry is assigned to.
The rule must exist before the mapping entry can be created. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
Integer32 |
1..2048 |
|
| hm2L3IfmDirection |
1.3.6.1.4.1.248.11.79.1.3.2.2.1.2 |
| Meanings:
- ingress(1): Apply this rule to packets arriving on this interface
- egress(2): Apply this rule to packets leaving from this interface
- both(3): Apply this rule to packets coming in and going out on this
interface.
If an ingress and an egress interface are given, this is taken to mean
that the rule shall apply to packets arriving on the ingress interface
AND to-be leaving on the egress interface. A rule without ingress
interface matches on all packets going out to the egress interface
given, and vice versa. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
INTEGER |
ingress(1), egress(2), both(3) |
|
| hm2L3IfmPriority |
1.3.6.1.4.1.248.11.79.1.3.2.2.1.3 |
| The priority is the sorting key for rules in to this interface. They
don't need to be unique, but no clear order can be assumed among rules
with the same priority.
Priorities are processed in ascending order (0 highest
priority. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
Unsigned32 |
|
|
| hm2L3IfmInterface |
1.3.6.1.4.1.248.11.79.1.3.2.2.1.4 |
| The interface this mapping entry is assigned to. This has to be either
an hm2AgentSwitchIpInterfaceIfIndex or an hm2AgentSwitchIpVlanIfIndex.
Note that for physical interfaces this only works if the corresponding
hm2AgentSwitchIpInterfaceRoutingMode is set to enable. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
InterfaceIndex |
|
|
| hm2L3IfmRowStatus |
1.3.6.1.4.1.248.11.79.1.3.2.2.1.5 |
| The RowStatus value for this entry with the usual meanings:
- active(1): The interface mapping is in place
- notInService(2): The interface mapping is not in place because the
user said so
- notReady(3): The interface mapping is not in place because the
agent said so
- createAndGo(4): Create this mapping with the default priority and
activate it.
- createAndWait(5): Create this mapping deactivated.
- destroy(6): Destroy this interface mapping. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
RowStatus |
|
|
| hm2L3Stats |
1.3.6.1.4.1.248.11.79.1.3.4 |
| OBJECT IDENTIFIER |
|
|
|
| hm2L3StatsTotalPck |
1.3.6.1.4.1.248.11.79.1.3.4.1.1 |
| Total number of packets processed by the L3 firewall |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Counter64 |
|
|
| hm2L3StatsTotalPckSize |
1.3.6.1.4.1.248.11.79.1.3.4.1.2 |
| Total number of bytes processed by the L3 firewall |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Counter64 |
|
|
| hm2L3StatsTotalPckDenDrop |
1.3.6.1.4.1.248.11.79.1.3.4.1.3 |
| Total number of packets dropped or denied by the L3 firewall |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Counter64 |
|
|
| hm2L3StatsRuleEntry |
1.3.6.1.4.1.248.11.79.1.3.4.2.1.1 |
| Statistics table entry for the L3 firewall |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
Hm2L3StatsRuleEntry |
|
|
| hm2L3StatsPacketCount |
1.3.6.1.4.1.248.11.79.1.3.4.2.1.1.1 |
| Number of packets matched by this rule |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Counter64 |
|
|
| hm2L3StatsPacketSize |
1.3.6.1.4.1.248.11.79.1.3.4.2.1.1.2 |
| Number of bytes processed by this rule |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Counter64 |
|
|
| hm2L3StatsLastApplied |
1.3.6.1.4.1.248.11.79.1.3.4.2.1.1.3 |
| Time of last application of the rule in seconds since the Unix epoch. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
HmTimeSeconds1970 |
|
|
| hm2DPIProfileModbusPendingActions |
1.3.6.1.4.1.248.11.79.1.3.11.1 |
| This value describes, whether the DPI MODBUS profile table was modified
but not yet written to the enforcer implementation (set to
true). After writing all modifications to the enforcer, the
value switches automatically back to false. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| hm2DPIProfileModbusCommitPendingActions |
1.3.6.1.4.1.248.11.79.1.3.11.2 |
| Setting this value to action(2) writes not yet committed changes
to the enforcer (DPI MODBUS Profile Table). After writing
all modifications, the value switches automatically back to
noop(1). |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
HmActionValue |
|
|
| hm2DPIProfileOpcPendingActions |
1.3.6.1.4.1.248.11.79.1.3.12.1 |
| This value describes, whether the L3 OPC profile table was modified
but not yet written to the enforcer implementation (set to
true). After writing all modifications to the enforcer, the
value switches automatically back to false. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| hm2DPIProfileOpcCommitPendingActions |
1.3.6.1.4.1.248.11.79.1.3.12.2 |
| Setting this value to action(2) writes not yet committed changes
to the enforcer (DPI OPC Profile Table). After writing
all modifications, the value switches automatically back to
noop(1). |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
HmActionValue |
|
|
| hm2DPIProfileModbusEntry |
1.3.6.1.4.1.248.11.79.1.3.21.1.1 |
| DPI MODBUS profile entry. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
Hm2DPIProfileModbusEntry |
|
|
| hm2DPIProfileModbusIndex |
1.3.6.1.4.1.248.11.79.1.3.21.1.1.1 |
| Profile index of this DPI MODBUS profile |
| Status: current |
Access: accessible-for-notify |
| OBJECT-TYPE |
|
|
|
| |
Integer32 |
1..32 |
|
| hm2DPIProfileModbusFunctionType |
1.3.6.1.4.1.248.11.79.1.3.21.1.1.3 |
| The function types of the corresponding function codes:
o readonly(1): Selects read only function codes for the function code list.
o readwrite(2): Selects read write function codes for the function code list.
o programming(3): Selects programming function codes for the function code list.
o all(4): Selects all possible function codes for the function code list. Any function code will be allowed.
o advanced(5): Keeps the function code list from the previous selection and makes it editable by the user. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
INTEGER |
readonly(1), readwrite(2), programming(3), all(4), advanced(5) |
|
| hm2DPIProfileModbusFunctionCodeList |
1.3.6.1.4.1.248.11.79.1.3.21.1.1.4 |
| The function codes for this enforcer as string.
A function code has the syntax:
Function codes are separated by a comma.
If more than one value is given for a function code, values are
separated by a | -sign (pipe).
Following function codes are defined:
<1..255>|<0-65535>|<0-65535> (apply to packets with given function codes <1..255>, address range <0-65535>, address range <0-65535>)
1|<0-65535> (apply to packets with given function code read coils, coil address range <0-65535>)
2|<0-65535> (apply to packets with given function code read discrete inputs, input address range <0-65535>)
3|<0-65535> (apply to packets with given function code read holding registers, register address range <0-65535>)
4|<0-65535> (apply to packets with given function code read input registers, register address range <0-65535>)
5|<0-65535> (apply to packets with given function code write single coil, coil address range <0-65535>)
6|<0-65535> (apply to packets with given function code write single register, register address range <0-65535>)
7 (apply to packets with given function code read exception status)
8 (apply to packets with given function code diagnostic)
11 (apply to packets with given function code get com event counter)
12 (apply to packets with given function code get comm event log)
13 (apply to packets with given function code program (584/984))
14 (apply to packets with given function code poll (584/984))
15|<0-65535> (apply to packets with given function code write multiple coils, coil address range <0-65535>)
16|<0-65535> (apply to packets with given function code write multiple registers, register address range <0-65535>)
17 (apply to packets with given function code report slave id)
20 (apply to packets with given function code read file record)
21 (apply to packets with given function code write file record)
22|<0-65535> (apply to packets with given function code mask write register, register address range <0-65535>)
23|<0-65535>|<0-65535> (apply to packets with given function code read/write multiple registers, read address range <0-65535>, write address range <0-65535>)
24|<0-65535> (apply to packets with given function code read fifo queue, pointer address range <0-65535>)
40 (apply to packets with given function code program (concept))
42 (apply to packets with given function code concept symbol table)
43 (apply to packets with given function code encapsulated interface transport)
48 (apply to packets with given function code advantech co. ltd. - management functions)
66 (apply to packets with given function code scan data inc. - expanded read holding registers)
67 (apply to packets with given function code scan data inc. - expanded write holding registers)
90 (apply to packets with given function code unity programming/ofs)
100 (apply to packets with given function code scattered register read)
125 (apply to packets with given function code schneider electric - firmware replacement)
126 (apply to packets with given function code schneider electric - program) |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(1..1400) |
|
| hm2DPIProfileModbusUnitIdentifierList |
1.3.6.1.4.1.248.11.79.1.3.21.1.1.5 |
| Unit identifiers for this enforcer as string.
A unit identifier has the syntax:
To specify no options, the value 'none' must be given.
Unit identifiers are separated by a comma.
Following unit identifiers are defined:
<0..255> (apply to packets for which a
unit identifier is set) |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
DisplayString |
Size(1..1400) |
|
| hm2DPIProfileModbusSanityCheck |
1.3.6.1.4.1.248.11.79.1.3.21.1.1.6 |
| Set to true if apply to packets for which a
sanity check including format and specification shall be done |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| hm2DPIProfileModbusException |
1.3.6.1.4.1.248.11.79.1.3.21.1.1.7 |
| Set to true if apply to packets for which a
device exception message shall be sent |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| hm2DPIProfileModbusReset |
1.3.6.1.4.1.248.11.79.1.3.21.1.1.8 |
| Set to true if apply to packets for which a
reset connection message shall be sent |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| hm2DPIProfileModbusRowStatus |
1.3.6.1.4.1.248.11.79.1.3.21.1.1.9 |
| This is a standard row status value:
- active(1): The profile is active. You cannot modify it.
- notInService(2): The profile is inactive because of user action.
You cannot inactivate the profile if an active enforcer mappings to it.
- notReady(3): The profile is inactive because of agent action.
- createAndGo(4): Create the profile with default parameters
activated.
- createAndWait(5): Create the profile inactive.
- destroy(6): Delete the profile.
You cannot delete the active profile or if an enforcer mappings to it. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
RowStatus |
|
|
| hm2DPIProfileOpcEntry |
1.3.6.1.4.1.248.11.79.1.3.21.2.1 |
| DPI OPC profile entry. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
Hm2DPIProfileOpcEntry |
|
|
| hm2DPIProfileOpcIndex |
1.3.6.1.4.1.248.11.79.1.3.21.2.1.1 |
| Profile index of this DPI OPC profile |
| Status: current |
Access: accessible-for-notify |
| OBJECT-TYPE |
|
|
|
| |
Integer32 |
1..32 |
|
| hm2DPIProfileOpcSanityCheck |
1.3.6.1.4.1.248.11.79.1.3.21.2.1.3 |
| Set to true if apply to packets for which a
sanity check including format and specification shall be done |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| hm2DPIProfileOpcFragmentCheck |
1.3.6.1.4.1.248.11.79.1.3.21.2.1.4 |
| Set to true if apply to packets for which a
fragment check shall be done |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
TruthValue |
|
|
| hm2DPIProfileOpcTimeoutConnect |
1.3.6.1.4.1.248.11.79.1.3.21.2.1.5 |
| Set to nonzero if apply to packets for which a
timeout at connect in seconds shall be done.
Value 0 disables this match criteria. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
Unsigned32 |
0..60 |
|
| hm2DPIProfileOpcRowStatus |
1.3.6.1.4.1.248.11.79.1.3.21.2.1.6 |
| This is a standard row status value:
- active(1): The profile is active. You cannot modify it.
- notInService(2): The profile is inactive because of user action.
You cannot inactivate the profile if an active enforcer mappings to it.
- notReady(3): The profile is inactive because of agent action.
- createAndGo(4): Create the profile with default parameters
activated.
- createAndWait(5): Create the profile inactive.
- destroy(6): Delete the profile.
You cannot delete the active profile or if an enforcer mappings to it. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
RowStatus |
|
|
| hm2FLMAdminState |
1.3.6.1.4.1.248.11.79.1.4.1.1 |
| Enable or disable the Firewall Learning Mode. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
HmEnabledStatus |
|
|
| hm2FLMAction |
1.3.6.1.4.1.248.11.79.1.4.1.2 |
| Actions to control the Firewall Learning Mode. |
| Status: current |
Access: read-write |
| OBJECT-TYPE |
|
|
|
| |
INTEGER |
none(1), start(2), stop(3), continue(4), clear(5) |
|
| hm2FLMAppState |
1.3.6.1.4.1.248.11.79.1.4.1.3 |
| State of running FLM Application. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
INTEGER |
off(1), stopped-data-notpresent(2), stopped-data-present(3), learning(4), pending(5) |
|
| hm2FLMAppInfoEnum |
1.3.6.1.4.1.248.11.79.1.4.1.4 |
| Memory status of FLM Application. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
INTEGER |
none(1), normal(2), low-memory(3), out-of-memory(4), connection-drop(5) |
|
| hm2FLML3Entries |
1.3.6.1.4.1.248.11.79.1.4.1.6 |
| Number of Layer 3 entries in the connection table. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Unsigned32 |
|
|
| hm2FLMFreeMem |
1.3.6.1.4.1.248.11.79.1.4.1.7 |
| Free memory(%) for learning data. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Unsigned32 |
|
|
| hm2FLMMaxEntries |
1.3.6.1.4.1.248.11.79.1.4.1.8 |
| Number of maximum interface entries that can be selected. |
| Status: current |
Access: read-only |
| OBJECT-TYPE |
|
|
|
| |
Unsigned32 |
|
|
| hm2FLMInterfaceEntry |
1.3.6.1.4.1.248.11.79.1.4.2.1.1 |
| Interface selected for Firewall Learning Mode. |
| Status: current |
Access: not-accessible |
| OBJECT-TYPE |
|
|
|
| |
Hm2FLMInterfaceEntry |
|
|
| hm2FLMInterfaceRowStatus |
1.3.6.1.4.1.248.11.79.1.4.2.1.1.2 |
| This is a standard row status value:
- active(1): The interface is active.
- notInService(2): The interface is inactive because routing was disabled.
- notReady(3): The interface is inactive because of agent action.
- createAndGo(4): Create the interface with default parameters
activated.
- createAndWait(5): Create the interface inactive.
- destroy(6): Delete the interface. |
| Status: current |
Access: read-create |
| OBJECT-TYPE |
|
|
|
| |
RowStatus |
|
|
| hm2FwGroups |
1.3.6.1.4.1.248.11.79.2.2 |
| OBJECT IDENTIFIER |
|
|
|
| hm2FwCompliance |
1.3.6.1.4.1.248.11.79.2.1.1 |
| The compliance statement for an SNMP entity which
implements the Hirschmann firewall MIB. |
| Status: current |
Access: read-create |
| MODULE-COMPLIANCE |
|
|
|
| hm2FwGeneralGroup |
1.3.6.1.4.1.248.11.79.2.2.1 |
| A collection of all Hirschmann objects provided by the firewall
module. |
| Status: current |
Access: read-create |
| OBJECT-GROUP |
|
|
|
| hm2FwNotificationsGroup |
1.3.6.1.4.1.248.11.79.2.2.2 |
| A collection of all Hirschmann notifications provided by the
firewall module. |
| Status: current |
Access: read-create |
| NOTIFICATION-GROUP |
|
|
|